Malware Analysis Report

2024-09-22 14:20

Sample ID 240518-dgjzvahb28
Target 52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118
SHA256 210dab383dabe37ce47658719ec8866cca4fe1ba0eac2d308c96c36293f1da4c
Tags
cerber discovery evasion persistence ransomware spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

210dab383dabe37ce47658719ec8866cca4fe1ba0eac2d308c96c36293f1da4c

Threat Level: Known bad

The file 52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

cerber discovery evasion persistence ransomware spyware stealer trojan

Cerber

Contacts a large (523) amount of remote hosts

Adds policy Run key to start application

Contacts a large (529) amount of remote hosts

Executes dropped EXE

Loads dropped DLL

Deletes itself

Reads user/profile data of web browsers

Drops startup file

Checks computer location settings

Adds Run key to start application

Checks whether UAC is enabled

Looks up external IP address via web service

Suspicious use of SetThreadContext

Sets desktop wallpaper using registry

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

NSIS installer

Modifies Control Panel

Suspicious use of SetWindowsHookEx

Runs ping.exe

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Kills process with taskkill

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-05-18 02:58

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 02:58

Reported

2024-05-18 03:01

Platform

win7-20240221-en

Max time kernel

143s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe"

Signatures

Cerber

ransomware cerber

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\\mfpmp.exe\"" C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\\mfpmp.exe\"" C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A

Contacts a large (523) amount of remote hosts

discovery

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\mfpmp.lnk C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\mfpmp.lnk C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\mfpmp = "\"C:\\Users\\Admin\\AppData\\Roaming\\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\\mfpmp.exe\"" C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\mfpmp = "\"C:\\Users\\Admin\\AppData\\Roaming\\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\\mfpmp.exe\"" C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\mfpmp = "\"C:\\Users\\Admin\\AppData\\Roaming\\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\\mfpmp.exe\"" C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\mfpmp = "\"C:\\Users\\Admin\\AppData\\Roaming\\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\\mfpmp.exe\"" C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp2E22.bmp" C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.html C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\# DECRYPT MY FILES #.url C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\DESIGNER.ONE C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BUSINESS.ONE C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.vbs C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OneNote\SendToOneNote.ini C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\# DECRYPT MY FILES #.vbs C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.txt C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.url C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\PLANNERS.ONE C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BLANK.ONE C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OneNote\SendToOneNote-PipelineConfig.xml C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\# DECRYPT MY FILES #.html C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\# DECRYPT MY FILES #.txt C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\ C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A

Enumerates physical storage devices

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\\mfpmp.exe\"" C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\Desktop C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\\mfpmp.exe\"" C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0ee9a77cfa8da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B4DBCF51-14C2-11EF-B804-569FD5A164C1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422163068" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000011a0d979904fa5366f3a94a712481cabda36e8df2bc44712f2e6cbf1aff97bb000000000e8000000002000020000000612cb8b31e4fca068d007ef6036a54dbdf4d22129b4a519023fe27db857ff5322000000039aeb7cf855f6f6d9ea13dbd47de07d22740fb02875fe6a7fe26212603838c254000000091128a60ab1c01a91ec024283b0ed6b9fe955944466f16c14ec217ba8f955c143955b04f20d46b2d347589c0c996ca9f533f6ede8669432ce9be568ea27cb868 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B4EA1791-14C2-11EF-B804-569FD5A164C1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000008fd6903cdee6adcfa0eb8e6ed5d6a312cb16c10b8e8977edfd171ae1608c34dc000000000e8000000002000020000000cff837215ce422ef67cdca6784587d103442f4050eced9f1a285c9dcf764677a9000000074fb71637d57925320ccc5d61a1911a0153b15b5d9141cc4bff2ce8beae747659218cae607df53a188e4d08abe7c59a2fe6c9f0cb537d549731f1a3d2221a023be477e863bc778bb79f07759e90aed8d07fa0db9b6a38dcba4713d2a1c0565d9609e7048b1c789090abbf580ab0e3b6c89384df0645509a8bcfe41c25b98d7f8f4e267d16e86dc44b1794e8dfc2d825a4000000094f0833d926fdc1963d9f93bf8424e31cdb6e0e0360c10e94df8c71f5422cda1cf508773717fe52881d7619f49106584d44f783e1707322e8a9c77939d26ea99 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2844 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 2844 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 2844 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 2844 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 2844 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 2844 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 2844 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 2844 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 2844 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 2844 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 2844 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 2644 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe
PID 2644 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe
PID 2644 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe
PID 2644 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe
PID 2644 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2644 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2644 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2644 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2488 wrote to memory of 1068 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2488 wrote to memory of 1068 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2488 wrote to memory of 1068 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2488 wrote to memory of 1068 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2488 wrote to memory of 2820 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2488 wrote to memory of 2820 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2488 wrote to memory of 2820 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2488 wrote to memory of 2820 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2496 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe
PID 2496 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe
PID 2496 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe
PID 2496 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe
PID 2496 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe
PID 2496 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe
PID 2496 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe
PID 2496 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe
PID 2496 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe
PID 2496 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe
PID 2496 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe
PID 1752 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1752 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1752 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1752 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1752 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Windows\system32\NOTEPAD.EXE
PID 1752 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Windows\system32\NOTEPAD.EXE
PID 1752 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Windows\system32\NOTEPAD.EXE
PID 1752 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Windows\system32\NOTEPAD.EXE
PID 2452 wrote to memory of 1080 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2452 wrote to memory of 1080 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2452 wrote to memory of 1080 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2452 wrote to memory of 1080 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2452 wrote to memory of 2416 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2452 wrote to memory of 2416 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2452 wrote to memory of 2416 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2452 wrote to memory of 2416 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2488 wrote to memory of 1520 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2488 wrote to memory of 1520 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2488 wrote to memory of 1520 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2488 wrote to memory of 1520 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1752 wrote to memory of 860 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Windows\System32\WScript.exe
PID 1752 wrote to memory of 860 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Windows\System32\WScript.exe
PID 1752 wrote to memory of 860 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Windows\System32\WScript.exe
PID 1752 wrote to memory of 860 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Windows\System32\WScript.exe
PID 1752 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Windows\system32\cmd.exe
PID 1752 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe"

C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe

"C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe"

C:\Windows\SysWOW64\cmd.exe

/d /c taskkill /t /f /im "52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe" > NUL

C:\Windows\SysWOW64\taskkill.exe

taskkill /t /f /im "52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe"

C:\Windows\SysWOW64\PING.EXE

ping -n 1 127.0.0.1

C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe

"C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2452 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2452 CREDAT:472065 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}

C:\Windows\system32\cmd.exe

/d /c taskkill /t /f /im "mfpmp.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe" > NUL

C:\Windows\system32\taskkill.exe

taskkill /t /f /im "mfpmp.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

C:\Windows\system32\taskeng.exe

taskeng.exe {D5B5E997-B22D-49E9-B71B-5F0626CA8FE4} S-1-5-21-3452737119-3959686427-228443150-1000:QGTQZTRE\Admin:Interactive:[1]

Network

Country Destination Domain Proto
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
US 8.8.8.8:53 52uo5k3t73ypjije.3odvfb.top udp
US 8.8.8.8:53 btc.blockr.io udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
US 8.8.8.8:53 api.blockcypher.com udp
US 104.20.99.10:80 api.blockcypher.com tcp
US 104.20.99.10:80 api.blockcypher.com tcp
US 8.8.8.8:53 chain.so udp
US 172.67.40.90:443 chain.so tcp
US 172.67.40.90:443 chain.so tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

\Users\Admin\AppData\Local\Temp\nso2E34.tmp\System.dll

MD5 6f5257c0b8c0ef4d440f4f4fce85fb1b
SHA1 b6ac111dfb0d1fc75ad09c56bde7830232395785
SHA256 b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1
SHA512 a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8

\Users\Admin\AppData\Local\Temp\AnimGif.dll

MD5 db143770b3cabb64c32477bc5890ea30
SHA1 b9d580ff68c53ba0b7298d09c4b0472958876319
SHA256 4d5f0c40375b84835bc93494bbf4f73a94d7843a319125a840c34e0c9bdf6c8d
SHA512 56842d9e000d1fd13d24044351ebf01ca8a8ced5a08c7ee314244697e69c7a563e26c53c78f473bed121ede6186bcae14da69a66f8be915a2c59891fbdb49cc4

memory/2844-31-0x0000000000370000-0x0000000000380000-memory.dmp

memory/2644-35-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2644-47-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2644-43-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2644-41-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2644-39-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2644-37-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2644-45-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2644-33-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2644-49-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2644-50-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2644-51-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2644-52-0x0000000000400000-0x000000000042B000-memory.dmp

\Users\Admin\AppData\Roaming\{8F76CA93-6AF5-FCB8-1751-35093594ADFC}\mfpmp.exe

MD5 52c00107ca21cc4b75039a98ad4cae18
SHA1 ab35e8bc718fd02cec888afb22dc520d05234dce
SHA256 210dab383dabe37ce47658719ec8866cca4fe1ba0eac2d308c96c36293f1da4c
SHA512 bc2ae0ca6fd52d1190bcd0c006b4eacb1db7243b9b434cd59a4e095bfc854e5e7c4cc56cfda989d3285d8f6c2fec4e2e00ba5cc383304efcb5cfbd1c248f1703

memory/2644-65-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\honks.rjw

MD5 9db5213cc2837c33400e32cf1fede797
SHA1 661b7156351c07d7597e1583786e7016a6dcbd0b
SHA256 29aed442d93386108d48f758c26f074f86161acc513892ea366a8df433ad2aff
SHA512 20b28dbcecd11f74089ba2bd8f0cd35602c8c30448a1af77fbbb35c4a3d1cdca32bb992c352b47b095d2a019c647db60bbd953ec57745de1e92a16dd422053a6

C:\Users\Admin\AppData\Local\Temp\telophase.ttm

MD5 2bb7db4cf25f693a1e26119e8fc1afda
SHA1 7fa83832984e582a06ec31111a3685d7b90e6a54
SHA256 a17c3b5a3833649b93059bbdee15af3a35db602a21fe5151769d1d2d6c34cf81
SHA512 d57723cfff15d0cc60249749cf9b8d800a53cb8333ad6316a04e0eea7ee46ad4597c41a389376566884356a0e9716476bb8ac8758365533fb15ac8da7cf51f3f

C:\Users\Admin\AppData\Local\Temp\LodeEucaryote.zaw

MD5 7ee7c1a5386b3898b787f52a7863e46e
SHA1 cf692dad8b81b61c9db39b45fd443ae8a73cef13
SHA256 f926c082b5eb24f9cb597e2be152e7a7fde4a96351a3fdec9d1ab0fdba67215f
SHA512 2e79e6db4b5ec4a53fe2422b576c7b4a0362ad0312bae98c50806d8a56889b643e982c6ed546ac58ffdad806b4c02f44403135e3e2f9687d631f67068de607c3

C:\Users\Admin\AppData\Local\Temp\embedding.xml

MD5 7246ded2719a2ed3a5d325dbe15e4226
SHA1 d6f781dd2f3d9e3c4388ec7a07b20c9c490f9cef
SHA256 44db2977e5bb2422e73c63d4bd1a727779313c1acfe124b205325db391076f3c
SHA512 76855b922d4ecfd2caf708dd94a424853f03470f1d13a4ebccb3e56e8068dd36855ae529381f80817be576bd6d43f55e64ce8c1bec12e525a2ea16c090fe97ec

C:\Users\Admin\AppData\Local\Temp\BadBits.mm

MD5 45ed0fb06f0ce6c9ba9613926d1cb1e6
SHA1 a19206ff3bb1f5f2109e3c2233aefd2a6285d05f
SHA256 aee530dc1e94d53130035d2ace33d0147b96aa970c764eb4e86fb6b5d07200f4
SHA512 d989bee283acef837ecb3b2995be8098e6d4f886456972a42ab5ef5a98ae48ba3a88a71193a7aa4dba179d57ed0912a0203e0a1aa46e9873f97399f0238c9128

C:\Users\Admin\AppData\Local\Temp\Budapest

MD5 c275950acffcd3a57996966067c5a21c
SHA1 fa08f0e03f74f5d0e9fc90df73fe5b00c797367b
SHA256 427bb97ce4f246e7f809bb14a5b9191aecd8a2d8854d0493ff718e7830086ea5
SHA512 4512adb2ea30202de146c1252ab7f52a467611b0b33999b8b9b875dbe78d18f1adde8e1ade1b7787245708c12f343fc649aa8f75a71bebb73178fe0039e89412

C:\Users\Admin\AppData\Local\Temp\callout.graphics.xml

MD5 7c17ee2b7f023668d51e6199325c8d63
SHA1 ffacfc13b232f2187499d7c02a76ae86248a9e73
SHA256 000e761b0bdaf092ef845bb91a352cd432ee257163851d4c251db448c7e6748a
SHA512 e78dae20fc2966fdc54a40b9fa7f4f06e594eb972929d701d79738a2e01e523e3a560190e112278b80cfff75eea6026260ad56d96d6dd5062abbda0373a57625

C:\Users\Admin\AppData\Local\Temp\currency.data

MD5 34825d08fddf008a6c670ed506dcb880
SHA1 6705d775600261d9ed3d5bc05705746e96311e46
SHA256 29071f93c8af7ed0a5ee3966c531c8182e86eeb2237793e6a680a926005d1742
SHA512 bf18d6566609c503efbac1d8ab615b87ec6f6e75f18a0e0faa58d38a755dd84a6b40de5e07d3c579272d158c06dd7727f630138694d96e55f9a13f45a6b06784

C:\Users\Admin\AppData\Local\Temp\defaultProfilerFilter_restorepoints.xml

MD5 b14872001828a70ca9f8cb55f37d8e7f
SHA1 ceec1f59f82ef6991eeb3f931707716f76ae4c38
SHA256 9ca7847addfc688efad2575b3c949fd296890731b3865cd7aeef3166a3a9b900
SHA512 21a5d902d045ce1eb73c8f8e5183152445bb95eaf2b24b76a21f32e39be801f2ab19e7b90743de2926afc12334fe168230effe24d622ca2816ed039f30080f79

C:\Users\Admin\AppData\Local\Temp\Cape_Verde

MD5 739bc3be601fc4c312fca262597514eb
SHA1 c14ae4cd4e2ce75b7ea4ed39a835bc8d207f2486
SHA256 b645b5d403881ac66ce4171af4aced39c0a17237fb78443fae623b1f4367345f
SHA512 c0092979146f54dd885d4b12b0f7e37285b4116aecf4a793eb524d0b33c8ed2e7a336f97ec6d2504203d51207205f192895c1850fd6dd5f30f9848d86ef4c5fd

C:\Users\Admin\AppData\Local\Temp\CoreTemp.ini

MD5 4318900d48f4b420b3f14cf9d3efc812
SHA1 399f9bd94316658d2da143367e8ae2e200f67a78
SHA256 d95c522b113e468fe3e0cc92579148c53d8c1eaed13bb89e07130ca4c2fd0c6c
SHA512 5f7c4ff8375fa9c995ac0d4cddd8974c7f5bc893759ae2c17de5f29cb9fe8f2d888a44b3b1d23d6a5106304a523719fe87cb1dafe0922eae80de05289e96c526

C:\Users\Admin\AppData\Local\Temp\Adobe-Japan1-4

MD5 5a23e712d699f48cff3190caee581f79
SHA1 5caac471f05c5934c4c07af3d690f0ce3402f081
SHA256 7cd11d1b862b16aebbe2042d45b4d7a331994acd5c8457f6f4fbc1c8956a5355
SHA512 ff5c2ad7959984d903023a58a4b81f160c0dc020fa33ce3f7e582c91613f1d9b5e39ff4660a02ac28e369524d42f1adc2eebfba5dc448c97389b973d7894cefa

C:\Users\Admin\AppData\Local\Temp\f24.png

MD5 a16e322bba363c21afc35515bbd59138
SHA1 b93bf5fa9c44a2d2ee8d69cd6357c2ebe12162c9
SHA256 021ea003666ec9a2279a3069f3fdd8b5c71b106851bc8051d88747eb7a142dfc
SHA512 f39f845f1950849e753873fe2f0252201e929ca389960afe9bf055d910d19bcc2ff57f9df5c8d905522f0ca424ac4403638d5f6daa52bfac259974020701d3ea

C:\Users\Admin\AppData\Local\Temp\circle_glass_Thumbnail.bmp

MD5 7d005a7a687c9f4d56272fe7522e7dce
SHA1 d66cbd3ebc892a2c7b305181b465cf592c2c4990
SHA256 c3bca0815951a454ec15dc23b1d135d42537d9fecba6577e03f46bd6807da135
SHA512 3cef4c6a8c0507556a0983b72913233fda3b2a9311a0fa5e652bb46955ebf3113fece823721048c3188174daddec1e17c608044000bcc90c7ad02fab49237f05

C:\Users\Admin\AppData\Local\Temp\Fiji

MD5 03eeedd6926392057b761444ea01871a
SHA1 e3cc8ce79e0625854e1f922ebbe4ba2f44d0248c
SHA256 ba6662dd53b64810a0449f9ff4a9ca3a46f2d5ad63ba66507d00988b64bc043e
SHA512 c8516e29e3b8a2b9d9f8e43d472cd4d4af6393f5be2cbe59ee6422f7238a3bfb7523c821d9ed1de25136f58905af54b724528e80562f20e2f250927851b17968

C:\Users\Admin\AppData\Local\Temp\errorReport.png

MD5 599fb9441ade1302ec22d4420ad6dbfa
SHA1 376de11c0fd54d2828ca06d861393f0ab1d57b31
SHA256 594a955ba1060a795d8760e5df316b091149f10b72ff5032d2dd588f79547535
SHA512 7fc1811abd69f26c77b901b17ceed11c46e345da75f3a26b495d1aadd4601a4aa20c4154d93cb6c688165dbbe9a439813097186d194945c094af6235be5c6936

C:\Users\Admin\AppData\Local\Temp\30-urw-aliases.conf

MD5 c6c33cfde9f637e1d2b8cad9353df6dc
SHA1 75cfd127ec1fe9a140c78bc84164bd35214ced1f
SHA256 c28770c5d1ec815ce63a33cfec8aabadd21aed84d60f000ebaa2d13e2bcbb0ac
SHA512 66bf5248914ce0e6371a8e0cb12f9a3cc573928488f67dc714d5a6605ad61d01aa5b308f13ab7f3ecaec0ae502a4c279e1bbf1280d4dd41874ad2614e132080c

C:\Users\Admin\AppData\Local\Temp\GMT+3

MD5 834630bcae89f566789c6e3abb9cde0a
SHA1 1937e7784e79fd9a6adbc2b4a227a6bf9455dc86
SHA256 5d9e7b18a4cf92f1d47164f438ed6515657d4ff8f3d2c8bb5a1f7b605d79cd61
SHA512 835b29bd2acb63abd813ded66df8f9d895c83cce8e38cec1f21c266a6d6992965efb6fbec8e87bb74f24e3321588ac94d16be5fe0eacdf9dc80e6ca26dbf0061

C:\Users\Admin\AppData\Local\Temp\component.xml

MD5 137d64c837e42916568685e05be6ca27
SHA1 3cc124359aa623bc4ca2511805e8f8e1f9fe5ff5
SHA256 f9aa7c2759c4fc6b67add7710d6fa40750c2cf131fb576bad7c8f7fb008fa78a
SHA512 8a8144c82b27163e3aba9fa5400f7eb7a4088c3822aa010bc6a8869ab1daf9a98d2ad483ff0f32727d8251ee23bd062a56f616b1f7cac98f79c0190b6abfdfa6

C:\Users\Admin\AppData\Local\Temp\EnteronFrotteur.y

MD5 bbcf57deef6803e937ed345163f4c75c
SHA1 fe0c1e88d6fc1eb92f80440b814f619399ebf6e6
SHA256 ef6eba2550e9b85953ea1158ba2d471da4557becd3744d1df714c344f8e87d53
SHA512 7d560e8fd60c3e383253f9ccf7de3d422763eed9a534f7c3057541685ee0145416b81fda51840b1b01d75cdbec781ecc5ac7c06fe7aaa4d51d6fa8e70253a075

memory/2496-118-0x0000000000640000-0x0000000000650000-memory.dmp

memory/1752-135-0x0000000000400000-0x000000000042B000-memory.dmp

memory/1752-136-0x0000000000400000-0x000000000042B000-memory.dmp

memory/1752-138-0x0000000000590000-0x0000000000591000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\mfpmp.lnk

MD5 4c4cb612d9be70af6a5b4fe2624fe20c
SHA1 2b3f34f9cb5735bc8af49e9c0f19111db089f5fa
SHA256 bb336ef99e1916e9c147c852a2dcc76f2d8eb4b8cb723d366bfb4d6c254081f0
SHA512 89984e51ba3d857e04db1b9d7a77eca948064acee808480b747e737803311afa5fd2dfa647c5a6a279b190c3eaf6c706ae1bf81c6e99daf5e79c759a2102108e

memory/1752-140-0x0000000000400000-0x000000000042B000-memory.dmp

memory/1752-141-0x0000000000400000-0x000000000042B000-memory.dmp

memory/1752-143-0x0000000000400000-0x000000000042B000-memory.dmp

memory/1752-144-0x0000000000400000-0x000000000042B000-memory.dmp

memory/1752-145-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\Music\# DECRYPT MY FILES #.html

MD5 ec1d4c01f20729ba4051f17653e6dd75
SHA1 394bc7206816307a1a4ab3e177b8883442083a8f
SHA256 9e7aee0bce3c189e4463f7839ab69d317b185191597256eb2a3f203be43b39dd
SHA512 0c17599759cd5ef5c64b53aac74c69b27d6b5208f4d97c1037b63edfc7b5831cad1820c6b38fd1ddf5563b5300d5a9dee61223111633c1ce7d1925a38e9c2e48

C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.vbs

MD5 1c2a24505278e661eca32666d4311ce5
SHA1 d1deb57023bbe38a33f0894b6a9a7bbffbfdeeee
SHA256 3f0dc6126cf33e7aa725df926a1b7d434eaf62a69f42e1b8ae4c110fd3572628
SHA512 ce866f2c4b96c6c7c090f4bf1708bfebdfcd58ce65a23bdc124a13402ef4941377c7e286e6156a28bd229e422685454052382f1f532545bc2edf07be4861b36c

C:\# DECRYPT MY FILES #.txt

MD5 3c7e24807995249389ebc7392130d256
SHA1 d0f302126fb9964af8d121a906e1685302790d8c
SHA256 20e04f4d671ced100f5859fc9f24b84074362e13156985d75ab551214f773c8b
SHA512 04183d2a3df0289bfa1677b865a3cee1a1703c0210f2d5a4588e122e93f625c3fd060c87c2200875e5b8d0d6347295055283826ecfddbf9d1fcfd995724f1492

C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.url

MD5 028bf2f28f0a5f83a0c11941780384ec
SHA1 6ee97f17c3c9cafa6ba2b472df7a5fad148c0dde
SHA256 3bbf1a7d79b83209808b5fb2c3b9427dc4865c4363867ebb9b64c24d6982cecd
SHA512 14ad09dc8afe1fc90379e8af2d6ce5455d4d61b33f88fdd7eb1d116dd765fc9323c17376e05f08240e4c7ef321a9c1c10c6f466d69b725f8e42c1abe5aa8302f

memory/1752-601-0x0000000000400000-0x000000000042B000-memory.dmp

memory/1752-619-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B4DBCF51-14C2-11EF-B804-569FD5A164C1}.dat

MD5 03bb9c4ac8ebc2a2564e8f15b3d8a68c
SHA1 900ee7d1a0cca241130404fad29c4c98d6e571af
SHA256 ec43abe441cde90c7bbc8d22ed17b11710a9dac759fe88e200718395d91586c1
SHA512 656e6ffe6d1626db4d2582ee4ad238cde668aeade78dfd2e978ffa4659b6337b813268607ef986fd770d22aaba22599af3d6d60a57d26f1c40d3b4cc16944eec

C:\Users\Admin\AppData\Local\Temp\Cab44DF.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Cab459D.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89ca70861f7e298f107b90f08dbf1f03
SHA1 73e81e760b8ca20fd72bbce563b3ba44626dd163
SHA256 447c10caf20ea810c136b12cff5c6ce54140f871a83011d2598cf0d58bc7cde3
SHA512 165d7d4dd1f0d87236673cf14b9303376fee8deb8dc485b65135649f21771795af5934c81fafb1984c082bb6e893aceaf0b38256551be8bd76e21c933bf1d41f

C:\Users\Admin\AppData\Local\Temp\Tar45B2.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17e26c2e96602cf310f3601e491e0ae2
SHA1 4853f520bf66661c2c14fcff7c2e6a969f0c1b49
SHA256 b6ff11a4d0425c9b29a1f01956bbb227e11d023ceac7cefb2c19cdb9bf34e9e5
SHA512 bc05fc6297d7ccc8fa74e799c956d90d3c3c9d465b0ab1871023859fae9c5b58232b915b31557e830e81c827ea4de57cd2cf7c8d7054cb4b1e953f0b73712503

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc41ea837c5b2eafdd35a1b16331371a
SHA1 0a3ee0199797bae6a8108b56dc6fdd66c986413e
SHA256 3099592758a128aaa2af57b6e3adda7b8d34e2a04468a71fa98dfd77bb6fbd86
SHA512 f120f0a0093f17864637a004edf76cb05c62918c43f10b2ee58a4a0153d776fa9e2c8b3d97fb8930d93a4ac1c06606a4e20487ab7b1c8a0d5abbe67b6d82cee4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a88118be25aa88f54df9a43e36e7e213
SHA1 35ecb8aa330bd36c5a86196897db9f4c9814c07a
SHA256 7bd06b90b45be951f402d5a11f86b09f554ad21229c47af50fe94abe6f0c8d5f
SHA512 241555ef311afe7debc6bd0374091e958afe8bd664b6a60d35acc65bbcb8928d3986d34801b1872bdae544f8763c72552d3c370a3bc957a0fbee25820b2cc0ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa9cdd45569493cebce7c0bef06823ea
SHA1 dbe6fe02edc642f125cd924949c1d883c814fc02
SHA256 f4c5930e4bfd8dfca25349873f4983d80174e6c8eba9e5183b067fe3a3dee688
SHA512 9d8ac03e34ee4b325556b01441defd315e591baad7a4cf3b0207a86541304591c6cb3c11b60fa2e5ecffe370a73d26f4ae1483bd9e3caca3cf5675b7399ee45f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b61a92486417f2f6ca4ea95a190e32c
SHA1 9aa0dcffa75da4c9bc1a00375c9813fd6379f78f
SHA256 3a3003df6b7e419db65123b6109adb94dcdd213abb31a2b9ee2c1ca810020513
SHA512 b4b5870209e406f82a332e4f01ef82993ac2df7d8a1be3dd46c7f8f1a91bcbd7f5f0fad7ca585a3c5839574cc61b16cb4b04b11767869df7944ec45e92442e7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eae9fab2ab464a783a728e394f3524f9
SHA1 becb655acb492f76c9d02dd5c912ecd36c5a77b1
SHA256 b542fe44a991e91ce866e76f76dfed7599730c3710b4c6d61d2ce50b9e235390
SHA512 c3a53a3581c818c87a3addc3705bd289ad54fb346b879a430a8dbfc28158ddafd8d65b6fb20ad2594cd40264fe69b25726d3b2aab58ee01025b16184cdd8f6cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da538c6edc22f5e82b3f46d96a48ae20
SHA1 217e4a3a13a30273f0e7cee37c2d4b4da8fa52c9
SHA256 a0f0b2fe7bc4f8c628dae2a033e0b1e2baebddf41a5067a3e06d86c329ca2e09
SHA512 c82f7454a5855444a1fbcf44aa8dc924f4c3e7f4d6c89de2d1c7998e57f11d47213baa3c55702dd4a0e9b120853e512477ff3bd1b05367e9d78fbfd9ce2942fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acb90deb411e50cb6ef7446d5b065dd2
SHA1 a6698cbfaeb9903baf99dc9c4fb8bede3dc26610
SHA256 ec780a0b83daf2cf6e126900b13e427065e62a07021250fedb2e91eede97703d
SHA512 bec9443db8c094bf91e0b3ea81537720111d12c4c718d7f32b988fd6b295359731e1bdeb4ee34c8710929b104e9dc99c8e184e96034a66933ae6ce2af2568402

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abea69a2b95df6c31b7c9ef6c88ea5cd
SHA1 f91281550d7e05ebfa6754fc9a4cfbb94db58503
SHA256 d38b3b70314fa5a7f7119254da108d4e985d866556d450808567216e3a0c3b52
SHA512 4f0d3fdd79b8cd260fc4a1da00f0e895b6375376b7ec0979762e042023482a557bc61b2f8583aa7c220fb58f74d6f2c8a0b18c465fc5fb1e76a19fc5ec240028

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 67a24c333142fe4774275ba1dfa2c8a1
SHA1 0b3e8817f8f450f8391f9a921c921e2dbd5717ed
SHA256 b7459ee6acd99f235632fd2e41c2e3f49df57b9bcbd19c9ffdc2409e3f841302
SHA512 10c6368d897077386b1fd98bec44d2442b4e9c1d43b9461dd2991fda41c77749d73b1a0bde5ef49a2d431aaf15da4d9545519b00ec77fa9c4c8d92703dfda39f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 613dc7116e360dc9e8670666e21b5025
SHA1 1fda0072ff493d4291f2a32458908ea6e7d455a1
SHA256 8f3b01977ffe93b373a6059b7341073be76680267c15d2f5226311fb576052a1
SHA512 d130854dfed0a25965c8bcab3f6d150097cb8c37a80713e7f73460e12eb6bebc423c6a1bb95e85e22f5e5d7ae0543af8c7e1d962ac885b4a227239238575b32f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-18 02:58

Reported

2024-05-18 03:01

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe"

Signatures

Cerber

ransomware cerber

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\\poqexec.exe\"" C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\\poqexec.exe\"" C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A

Contacts a large (529) amount of remote hosts

discovery

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\poqexec.lnk C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\poqexec.lnk C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poqexec = "\"C:\\Users\\Admin\\AppData\\Roaming\\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\\poqexec.exe\"" C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\poqexec = "\"C:\\Users\\Admin\\AppData\\Roaming\\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\\poqexec.exe\"" C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poqexec = "\"C:\\Users\\Admin\\AppData\\Roaming\\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\\poqexec.exe\"" C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\poqexec = "\"C:\\Users\\Admin\\AppData\\Roaming\\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\\poqexec.exe\"" C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp1FE2.bmp" C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.ini C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\# DECRYPT MY FILES #.vbs C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-PipelineConfig.xml C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\# DECRYPT MY FILES #.url C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\# DECRYPT MY FILES #.vbs C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\# DECRYPT MY FILES #.html C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\# DECRYPT MY FILES #.url C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-manifest.ini C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\ACADEMIC.ONE C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BLANK.ONE C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\# DECRYPT MY FILES #.txt C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\# DECRYPT MY FILES #.html C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\DESIGNER.ONE C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BUSINESS.ONE C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\PLANNERS.ONE C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\# DECRYPT MY FILES #.txt C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\ C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe N/A
File opened for modification C:\Windows\ C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
File opened for modification C:\Windows\ C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A

Enumerates physical storage devices

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\\poqexec.exe\"" C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\\poqexec.exe\"" C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4480 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 4480 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 4480 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 4480 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 4480 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 4480 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 4480 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 4480 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 4480 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 4480 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 4480 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe
PID 1600 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 1600 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 1600 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 1600 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1600 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1600 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 4748 wrote to memory of 4464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 4748 wrote to memory of 4464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 4748 wrote to memory of 4464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 4748 wrote to memory of 2280 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 4748 wrote to memory of 2280 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 4748 wrote to memory of 2280 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2832 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 2832 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 2832 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 2832 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 2832 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 2832 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 2832 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 2832 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 2832 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 2832 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 2832 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 4340 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 4340 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 4340 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 4340 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 4340 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 4340 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 4340 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 4340 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 4340 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 4340 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 4340 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe
PID 2252 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2252 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 2736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 2736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2252 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Windows\system32\NOTEPAD.EXE
PID 2252 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe C:\Windows\system32\NOTEPAD.EXE
PID 4300 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe"

C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe

"C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe"

C:\Windows\SysWOW64\cmd.exe

/d /c taskkill /t /f /im "52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe" > NUL

C:\Windows\SysWOW64\taskkill.exe

taskkill /t /f /im "52c00107ca21cc4b75039a98ad4cae18_JaffaCakes118.exe"

C:\Windows\SysWOW64\PING.EXE

ping -n 1 127.0.0.1

C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe

"C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe"

C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe

C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe

C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe

C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8420446f8,0x7ff842044708,0x7ff842044718

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16849744559732772097,16181985642989583006,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,16849744559732772097,16181985642989583006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,16849744559732772097,16181985642989583006,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://52uo5k3t73ypjije.3odvfb.top/9636-A23A-4EE4-006D-F2BD?auto

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff8420446f8,0x7ff842044708,0x7ff842044718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16849744559732772097,16181985642989583006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16849744559732772097,16181985642989583006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16849744559732772097,16181985642989583006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16849744559732772097,16181985642989583006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4e8 0x4a0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16849744559732772097,16181985642989583006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16849744559732772097,16181985642989583006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8

C:\Windows\system32\cmd.exe

/d /c taskkill /t /f /im "poqexec.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe" > NUL

C:\Windows\system32\taskkill.exe

taskkill /t /f /im "poqexec.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16849744559732772097,16181985642989583006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16849744559732772097,16181985642989583006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16849744559732772097,16181985642989583006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16849744559732772097,16181985642989583006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16849744559732772097,16181985642989583006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
US 8.8.8.8:53 0.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 1.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 2.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 3.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 4.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 5.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 7.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 6.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 8.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 10.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 9.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 12.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 11.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 13.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 14.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 15.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 17.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 16.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 18.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 19.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 20.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 21.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 22.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 24.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 23.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 25.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 27.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 26.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 29.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 30.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 28.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 31.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 33.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 32.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 34.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 35.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 36.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 37.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 38.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 39.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 40.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 41.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 42.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 43.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 44.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 45.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 47.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 46.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 48.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 49.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 51.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 50.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 52.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 53.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 54.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 55.234.184.31.in-addr.arpa udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
US 8.8.8.8:53 56.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 57.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 58.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 59.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 60.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 61.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 62.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 63.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 64.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 65.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 66.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 67.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 68.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 69.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 70.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 71.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 72.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 73.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 74.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 76.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 75.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 77.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 78.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 79.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 80.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 82.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 81.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 83.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 84.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 85.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 86.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 87.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 88.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 89.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 90.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 91.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 92.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 93.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 94.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 95.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 96.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 97.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 98.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 99.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 100.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 101.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 102.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 103.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 104.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 105.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 106.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 108.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 107.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 109.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 110.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 111.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 112.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 113.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 115.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 114.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 117.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 116.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 118.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 120.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 119.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 121.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 122.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 123.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 124.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 126.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 125.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 127.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 128.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 129.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 130.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 131.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 132.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 133.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 134.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 135.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 136.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 137.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 138.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 139.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 140.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 141.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 142.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 143.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 144.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 145.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 146.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 147.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 148.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 149.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 150.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 151.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 153.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 152.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 154.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 155.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 156.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 157.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 158.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 159.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 160.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 161.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 162.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 163.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 164.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 165.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 166.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 167.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 168.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 169.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 170.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 171.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 172.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 173.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 174.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 175.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 176.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 177.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 178.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 179.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 180.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 181.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 182.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 183.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 184.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 186.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 187.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 188.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 189.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 190.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 191.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 192.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 193.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 194.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 195.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 196.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 197.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 198.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 199.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 200.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 201.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 202.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 203.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 204.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 205.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 206.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 207.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 208.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 209.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 210.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 212.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 213.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 214.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 215.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 216.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 217.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 218.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 219.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 220.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 221.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 222.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 223.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 224.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 225.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 226.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 227.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 228.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 229.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 230.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 231.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 232.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 233.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 234.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 235.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 237.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 236.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 238.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 239.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 240.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 241.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 242.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 243.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 244.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 245.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 246.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 247.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 249.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 248.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 250.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 252.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 251.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 254.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 253.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 255.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 0.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 1.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 3.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 4.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 5.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 6.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 7.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 8.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 9.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 10.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 11.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 12.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 13.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 14.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 15.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 17.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 19.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 18.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 20.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 21.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 22.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 23.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 24.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 26.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 25.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 27.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 28.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 29.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 30.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 31.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 32.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 33.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 34.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 35.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 37.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 39.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 38.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 40.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 41.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 42.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 43.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 44.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 45.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 46.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 47.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 48.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 16.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 49.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 50.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 51.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 52.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 53.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 54.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 55.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 56.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 57.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 58.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 59.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 60.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 61.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 62.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 63.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 64.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 65.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 66.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 68.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 67.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 69.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 70.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 71.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 72.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 73.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 74.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 75.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 76.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 77.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 78.235.184.31.in-addr.arpa udp
AM 31.184.235.255:6892 udp
US 8.8.8.8:53 79.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 80.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 81.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 82.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 83.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 85.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 86.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 87.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 88.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 89.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 90.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 91.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 92.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 93.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 94.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 95.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 96.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 97.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 98.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 99.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 100.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 101.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 102.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 103.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 104.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 105.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 106.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 107.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 108.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 109.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 110.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 111.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 112.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 113.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 114.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 115.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 116.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 117.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 118.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 119.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 120.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 121.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 122.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 123.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 124.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 125.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 126.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 127.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 129.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 130.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 131.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 132.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 133.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 134.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 135.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 136.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 137.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 138.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 139.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 140.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 141.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 142.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 143.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 144.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 145.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 146.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 147.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 148.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 149.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 150.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 152.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 153.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 154.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 155.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 156.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 157.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 158.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 159.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 160.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 161.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 162.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 163.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 164.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 165.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 166.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 167.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 168.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 169.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 170.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 171.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 172.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 173.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 174.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 175.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 177.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 178.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 179.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 180.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 181.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 182.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 183.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 184.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 186.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 187.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 188.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 189.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 190.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 191.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 192.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 193.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 194.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 195.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 196.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 197.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 198.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 199.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 200.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 201.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 202.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 203.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 204.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 205.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 206.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 207.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 208.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 209.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 210.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 211.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 212.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 213.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 214.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 215.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 216.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 217.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 218.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 219.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 220.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 221.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 222.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 223.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 224.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 225.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 226.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 227.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 228.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 229.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 230.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 231.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 232.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 233.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 234.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 235.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 236.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 237.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 238.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 239.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 240.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 241.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 242.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 243.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 244.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 245.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 246.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 247.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 248.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 249.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 250.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 251.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 252.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 253.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 254.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 255.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
US 8.8.8.8:53 52uo5k3t73ypjije.3odvfb.top udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
N/A 224.0.0.251:5353 udp
AM 31.184.235.255:6892 udp
US 8.8.8.8:53 btc.blockr.io udp
US 8.8.8.8:53 api.blockcypher.com udp
US 172.67.17.223:80 api.blockcypher.com tcp
US 8.8.8.8:53 chain.so udp
US 172.67.40.90:443 chain.so tcp
US 8.8.8.8:53 223.17.67.172.in-addr.arpa udp
US 8.8.8.8:53 90.40.67.172.in-addr.arpa udp
US 8.8.8.8:53 52uo5k3t73ypjije.3odvfb.top udp

Files

C:\Users\Admin\AppData\Local\Temp\nsc662E.tmp\System.dll

MD5 6f5257c0b8c0ef4d440f4f4fce85fb1b
SHA1 b6ac111dfb0d1fc75ad09c56bde7830232395785
SHA256 b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1
SHA512 a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8

C:\Users\Admin\AppData\Local\Temp\AnimGif.dll

MD5 db143770b3cabb64c32477bc5890ea30
SHA1 b9d580ff68c53ba0b7298d09c4b0472958876319
SHA256 4d5f0c40375b84835bc93494bbf4f73a94d7843a319125a840c34e0c9bdf6c8d
SHA512 56842d9e000d1fd13d24044351ebf01ca8a8ced5a08c7ee314244697e69c7a563e26c53c78f473bed121ede6186bcae14da69a66f8be915a2c59891fbdb49cc4

memory/4480-32-0x00000000006A0000-0x00000000006B0000-memory.dmp

memory/1600-35-0x0000000000400000-0x000000000042B000-memory.dmp

memory/1600-37-0x0000000000400000-0x000000000042B000-memory.dmp

memory/1600-38-0x0000000000400000-0x000000000042B000-memory.dmp

memory/1600-39-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Roaming\{2A62359E-001A-DB50-37C5-75EE5DF583A7}\poqexec.exe

MD5 52c00107ca21cc4b75039a98ad4cae18
SHA1 ab35e8bc718fd02cec888afb22dc520d05234dce
SHA256 210dab383dabe37ce47658719ec8866cca4fe1ba0eac2d308c96c36293f1da4c
SHA512 bc2ae0ca6fd52d1190bcd0c006b4eacb1db7243b9b434cd59a4e095bfc854e5e7c4cc56cfda989d3285d8f6c2fec4e2e00ba5cc383304efcb5cfbd1c248f1703

memory/1600-47-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\EnteronFrotteur.y

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\component.xml

MD5 137d64c837e42916568685e05be6ca27
SHA1 3cc124359aa623bc4ca2511805e8f8e1f9fe5ff5
SHA256 f9aa7c2759c4fc6b67add7710d6fa40750c2cf131fb576bad7c8f7fb008fa78a
SHA512 8a8144c82b27163e3aba9fa5400f7eb7a4088c3822aa010bc6a8869ab1daf9a98d2ad483ff0f32727d8251ee23bd062a56f616b1f7cac98f79c0190b6abfdfa6

C:\Users\Admin\AppData\Local\Temp\defaultProfilerFilter_restorepoints.xml

MD5 b14872001828a70ca9f8cb55f37d8e7f
SHA1 ceec1f59f82ef6991eeb3f931707716f76ae4c38
SHA256 9ca7847addfc688efad2575b3c949fd296890731b3865cd7aeef3166a3a9b900
SHA512 21a5d902d045ce1eb73c8f8e5183152445bb95eaf2b24b76a21f32e39be801f2ab19e7b90743de2926afc12334fe168230effe24d622ca2816ed039f30080f79

C:\Users\Admin\AppData\Local\Temp\Cape_Verde

MD5 739bc3be601fc4c312fca262597514eb
SHA1 c14ae4cd4e2ce75b7ea4ed39a835bc8d207f2486
SHA256 b645b5d403881ac66ce4171af4aced39c0a17237fb78443fae623b1f4367345f
SHA512 c0092979146f54dd885d4b12b0f7e37285b4116aecf4a793eb524d0b33c8ed2e7a336f97ec6d2504203d51207205f192895c1850fd6dd5f30f9848d86ef4c5fd

C:\Users\Admin\AppData\Local\Temp\CoreTemp.ini

MD5 4318900d48f4b420b3f14cf9d3efc812
SHA1 399f9bd94316658d2da143367e8ae2e200f67a78
SHA256 d95c522b113e468fe3e0cc92579148c53d8c1eaed13bb89e07130ca4c2fd0c6c
SHA512 5f7c4ff8375fa9c995ac0d4cddd8974c7f5bc893759ae2c17de5f29cb9fe8f2d888a44b3b1d23d6a5106304a523719fe87cb1dafe0922eae80de05289e96c526

C:\Users\Admin\AppData\Local\Temp\Adobe-Japan1-4

MD5 5a23e712d699f48cff3190caee581f79
SHA1 5caac471f05c5934c4c07af3d690f0ce3402f081
SHA256 7cd11d1b862b16aebbe2042d45b4d7a331994acd5c8457f6f4fbc1c8956a5355
SHA512 ff5c2ad7959984d903023a58a4b81f160c0dc020fa33ce3f7e582c91613f1d9b5e39ff4660a02ac28e369524d42f1adc2eebfba5dc448c97389b973d7894cefa

C:\Users\Admin\AppData\Local\Temp\f24.png

MD5 a16e322bba363c21afc35515bbd59138
SHA1 b93bf5fa9c44a2d2ee8d69cd6357c2ebe12162c9
SHA256 021ea003666ec9a2279a3069f3fdd8b5c71b106851bc8051d88747eb7a142dfc
SHA512 f39f845f1950849e753873fe2f0252201e929ca389960afe9bf055d910d19bcc2ff57f9df5c8d905522f0ca424ac4403638d5f6daa52bfac259974020701d3ea

C:\Users\Admin\AppData\Local\Temp\circle_glass_Thumbnail.bmp

MD5 7d005a7a687c9f4d56272fe7522e7dce
SHA1 d66cbd3ebc892a2c7b305181b465cf592c2c4990
SHA256 c3bca0815951a454ec15dc23b1d135d42537d9fecba6577e03f46bd6807da135
SHA512 3cef4c6a8c0507556a0983b72913233fda3b2a9311a0fa5e652bb46955ebf3113fece823721048c3188174daddec1e17c608044000bcc90c7ad02fab49237f05

C:\Users\Admin\AppData\Local\Temp\Fiji

MD5 03eeedd6926392057b761444ea01871a
SHA1 e3cc8ce79e0625854e1f922ebbe4ba2f44d0248c
SHA256 ba6662dd53b64810a0449f9ff4a9ca3a46f2d5ad63ba66507d00988b64bc043e
SHA512 c8516e29e3b8a2b9d9f8e43d472cd4d4af6393f5be2cbe59ee6422f7238a3bfb7523c821d9ed1de25136f58905af54b724528e80562f20e2f250927851b17968

C:\Users\Admin\AppData\Local\Temp\errorReport.png

MD5 599fb9441ade1302ec22d4420ad6dbfa
SHA1 376de11c0fd54d2828ca06d861393f0ab1d57b31
SHA256 594a955ba1060a795d8760e5df316b091149f10b72ff5032d2dd588f79547535
SHA512 7fc1811abd69f26c77b901b17ceed11c46e345da75f3a26b495d1aadd4601a4aa20c4154d93cb6c688165dbbe9a439813097186d194945c094af6235be5c6936

C:\Users\Admin\AppData\Local\Temp\30-urw-aliases.conf

MD5 c6c33cfde9f637e1d2b8cad9353df6dc
SHA1 75cfd127ec1fe9a140c78bc84164bd35214ced1f
SHA256 c28770c5d1ec815ce63a33cfec8aabadd21aed84d60f000ebaa2d13e2bcbb0ac
SHA512 66bf5248914ce0e6371a8e0cb12f9a3cc573928488f67dc714d5a6605ad61d01aa5b308f13ab7f3ecaec0ae502a4c279e1bbf1280d4dd41874ad2614e132080c

C:\Users\Admin\AppData\Local\Temp\GMT+3

MD5 834630bcae89f566789c6e3abb9cde0a
SHA1 1937e7784e79fd9a6adbc2b4a227a6bf9455dc86
SHA256 5d9e7b18a4cf92f1d47164f438ed6515657d4ff8f3d2c8bb5a1f7b605d79cd61
SHA512 835b29bd2acb63abd813ded66df8f9d895c83cce8e38cec1f21c266a6d6992965efb6fbec8e87bb74f24e3321588ac94d16be5fe0eacdf9dc80e6ca26dbf0061

C:\Users\Admin\AppData\Local\Temp\LodeEucaryote.zaw

MD5 7ee7c1a5386b3898b787f52a7863e46e
SHA1 cf692dad8b81b61c9db39b45fd443ae8a73cef13
SHA256 f926c082b5eb24f9cb597e2be152e7a7fde4a96351a3fdec9d1ab0fdba67215f
SHA512 2e79e6db4b5ec4a53fe2422b576c7b4a0362ad0312bae98c50806d8a56889b643e982c6ed546ac58ffdad806b4c02f44403135e3e2f9687d631f67068de607c3

C:\Users\Admin\AppData\Local\Temp\telophase.ttm

MD5 2bb7db4cf25f693a1e26119e8fc1afda
SHA1 7fa83832984e582a06ec31111a3685d7b90e6a54
SHA256 a17c3b5a3833649b93059bbdee15af3a35db602a21fe5151769d1d2d6c34cf81
SHA512 d57723cfff15d0cc60249749cf9b8d800a53cb8333ad6316a04e0eea7ee46ad4597c41a389376566884356a0e9716476bb8ac8758365533fb15ac8da7cf51f3f

C:\Users\Admin\AppData\Local\Temp\honks.rjw

MD5 9db5213cc2837c33400e32cf1fede797
SHA1 661b7156351c07d7597e1583786e7016a6dcbd0b
SHA256 29aed442d93386108d48f758c26f074f86161acc513892ea366a8df433ad2aff
SHA512 20b28dbcecd11f74089ba2bd8f0cd35602c8c30448a1af77fbbb35c4a3d1cdca32bb992c352b47b095d2a019c647db60bbd953ec57745de1e92a16dd422053a6

C:\Users\Admin\AppData\Local\Temp\embedding.xml

MD5 7246ded2719a2ed3a5d325dbe15e4226
SHA1 d6f781dd2f3d9e3c4388ec7a07b20c9c490f9cef
SHA256 44db2977e5bb2422e73c63d4bd1a727779313c1acfe124b205325db391076f3c
SHA512 76855b922d4ecfd2caf708dd94a424853f03470f1d13a4ebccb3e56e8068dd36855ae529381f80817be576bd6d43f55e64ce8c1bec12e525a2ea16c090fe97ec

C:\Users\Admin\AppData\Local\Temp\BadBits.mm

MD5 45ed0fb06f0ce6c9ba9613926d1cb1e6
SHA1 a19206ff3bb1f5f2109e3c2233aefd2a6285d05f
SHA256 aee530dc1e94d53130035d2ace33d0147b96aa970c764eb4e86fb6b5d07200f4
SHA512 d989bee283acef837ecb3b2995be8098e6d4f886456972a42ab5ef5a98ae48ba3a88a71193a7aa4dba179d57ed0912a0203e0a1aa46e9873f97399f0238c9128

C:\Users\Admin\AppData\Local\Temp\Budapest

MD5 c275950acffcd3a57996966067c5a21c
SHA1 fa08f0e03f74f5d0e9fc90df73fe5b00c797367b
SHA256 427bb97ce4f246e7f809bb14a5b9191aecd8a2d8854d0493ff718e7830086ea5
SHA512 4512adb2ea30202de146c1252ab7f52a467611b0b33999b8b9b875dbe78d18f1adde8e1ade1b7787245708c12f343fc649aa8f75a71bebb73178fe0039e89412

C:\Users\Admin\AppData\Local\Temp\callout.graphics.xml

MD5 7c17ee2b7f023668d51e6199325c8d63
SHA1 ffacfc13b232f2187499d7c02a76ae86248a9e73
SHA256 000e761b0bdaf092ef845bb91a352cd432ee257163851d4c251db448c7e6748a
SHA512 e78dae20fc2966fdc54a40b9fa7f4f06e594eb972929d701d79738a2e01e523e3a560190e112278b80cfff75eea6026260ad56d96d6dd5062abbda0373a57625

C:\Users\Admin\AppData\Local\Temp\currency.data

MD5 34825d08fddf008a6c670ed506dcb880
SHA1 6705d775600261d9ed3d5bc05705746e96311e46
SHA256 29071f93c8af7ed0a5ee3966c531c8182e86eeb2237793e6a680a926005d1742
SHA512 bf18d6566609c503efbac1d8ab615b87ec6f6e75f18a0e0faa58d38a755dd84a6b40de5e07d3c579272d158c06dd7727f630138694d96e55f9a13f45a6b06784

memory/2832-103-0x0000000000800000-0x0000000000810000-memory.dmp

memory/2252-109-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-108-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\poqexec.lnk

MD5 06cd72256e0031991dc5129a37940446
SHA1 741a03a00fc632fb3f2a30b7b71323713538a355
SHA256 1180252e41aa6b3e743c37b8d3c348f183630ff68fa4f350848ccdbab8982096
SHA512 95a05be932e3c385bfb14119c50344e8b996f425b90d9b61adc145e5f8bc5f2fe48cc46dbf9cdc04f54371fb3d3f2ad1b682995a105a3c3f4f9b5fc447e53f12

memory/2252-113-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-114-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-115-0x0000000000400000-0x000000000042B000-memory.dmp

memory/4340-171-0x0000000002270000-0x0000000002280000-memory.dmp

memory/2252-174-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2832-177-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2832-178-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-183-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-182-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\# DECRYPT MY FILES #.url

MD5 16ea266209db7916eec7cdfa9cd12fe6
SHA1 df1b67130fc15eac2d3e6aa8be1a868dac39072c
SHA256 51bede437330f06c0bd7849700b4a11550c689d895d35ad32ccd745cd09b0265
SHA512 7a13550dd48938d6ac1603605a006f86452d280c57dc50a758799b6634c1e97aab0c86c9d06c1d0b1cd9c5b3da7e7f47a4352f1ff788111368b87bade6c13a8e

C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\# DECRYPT MY FILES #.vbs

MD5 1c2a24505278e661eca32666d4311ce5
SHA1 d1deb57023bbe38a33f0894b6a9a7bbffbfdeeee
SHA256 3f0dc6126cf33e7aa725df926a1b7d434eaf62a69f42e1b8ae4c110fd3572628
SHA512 ce866f2c4b96c6c7c090f4bf1708bfebdfcd58ce65a23bdc124a13402ef4941377c7e286e6156a28bd229e422685454052382f1f532545bc2edf07be4861b36c

C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\# DECRYPT MY FILES #.txt

MD5 425a5d1dc02e88f5a93ca1e007afa114
SHA1 7c290a1e4ce00a542aa1b70246f54c1c32db384b
SHA256 53920d3455413247e313d856887dfdce1172c1a50016325c374b2d8c6bfb437a
SHA512 29024957bec738954b81c97737de0adfa78fdfc67f324ff8dad11dc6e686e2876b501460fe1744894d8d33b98f6ba447013a45b5ae932ef6c3e30095221fdf6a

C:\Users\Admin\Downloads\# DECRYPT MY FILES #.html

MD5 1d0320ea8d2a4d4f30dbc6647675c9e4
SHA1 49aa9f19ac1546a0e48138846264f7ca12d0774e
SHA256 a21916423880d5a8445156569ad65a140d14b399ee65cd3bf24872649b1b90e8
SHA512 eb5d6950831d2e17c1cfaa9b5da7d87db2a9300b623e77869b477b9f5b2ac23619329879dc8c9132a9af2346f2bb12269f5e02cce8ae6659988eb78b0bb91ba5

memory/2252-994-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-1002-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-1014-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-1026-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-1029-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-1032-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-1020-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-1008-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-1017-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-1005-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-999-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-996-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-1011-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-992-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-990-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 307952165506091a091012ff98437c8d
SHA1 296c5c1f4383b291ebc55599dce66be20783e14b
SHA256 594b98ffeedaac4e501dfc409cfb9190ab1bfd0d46927bdedb41150ff65c1da7
SHA512 a3c13f3332979b0c93bae78669d986a4e63d30e4785c81b8d49db9a0e71a0740dbd3a109f6fbf5f12720f64d5ed8f1cefb4e1e4fc8516653b89ed43d903873f3

memory/2252-1074-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

memory/2252-1101-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2252-1102-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 803463799894165c63f5086a39491b00
SHA1 58b9def2394d0d57de93639aabd0e105364c1b5b
SHA256 eb4f123d6eb43bf4dcf9d0512e616355a4b3bb29411ec26f9cbc3c1ce86e167d
SHA512 416c840d344dc38a5c22acab0984801ebf326ddc332ec4ad6b590c267d545b97b60bbd665ec1c57938f720172bee47a62ba30c30a3e3316ba6c4651f1ac18315

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e9b02afa624e62923707161409e355e2
SHA1 9aa32ac1975b273fedd74550acad5b123f679570
SHA256 68d882ded3ff30c1bc019d19010b4e55054873c6b6727d9032fa58f1a74de41a
SHA512 65a857f1b5326c85a579055e29d83ffee3642cc51ad2a3ba812dbeeb381a55a2825de6a3eca8818d67318d1553fd21f9a4b7624676b6a67f4d687448ef9a5c88