Malware Analysis Report

2024-09-22 13:46

Sample ID 240526-l8wrqaeg2s
Target 7525090d624d27879a95aeb70266cc42_JaffaCakes118
SHA256 333d629de22938e646fd6ec1cb4995f0e09917e4e17412d77eb33569323fd490
Tags
cerber discovery evasion persistence ransomware spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

333d629de22938e646fd6ec1cb4995f0e09917e4e17412d77eb33569323fd490

Threat Level: Known bad

The file 7525090d624d27879a95aeb70266cc42_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

cerber discovery evasion persistence ransomware spyware stealer trojan

Cerber

Adds policy Run key to start application

Contacts a large (518) amount of remote hosts

Contacts a large (532) amount of remote hosts

Reads user/profile data of web browsers

Modifies file permissions

Loads dropped DLL

Executes dropped EXE

Drops startup file

Deletes itself

Checks whether UAC is enabled

Looks up external IP address via web service

Adds Run key to start application

Suspicious use of SetThreadContext

Sets desktop wallpaper using registry

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

NSIS installer

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies Control Panel

Kills process with taskkill

Runs ping.exe

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-05-26 10:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-26 10:12

Reported

2024-05-26 10:15

Platform

win7-20240508-en

Max time kernel

131s

Max time network

131s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe"

Signatures

Cerber

ransomware cerber

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7402466A-3EA9-2132-F626-09DE715F2421}\\shutdown.exe\"" C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7402466A-3EA9-2132-F626-09DE715F2421}\\shutdown.exe\"" C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe N/A

Contacts a large (518) amount of remote hosts

discovery

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\shutdown.lnk C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\shutdown.lnk C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Run\shutdown = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7402466A-3EA9-2132-F626-09DE715F2421}\\shutdown.exe\"" C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\shutdown = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7402466A-3EA9-2132-F626-09DE715F2421}\\shutdown.exe\"" C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Run\shutdown = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7402466A-3EA9-2132-F626-09DE715F2421}\\shutdown.exe\"" C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\shutdown = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7402466A-3EA9-2132-F626-09DE715F2421}\\shutdown.exe\"" C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpF4C.bmp" C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\-1 C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe N/A
File opened for modification C:\Windows\-1 C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A

Enumerates physical storage devices

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7402466A-3EA9-2132-F626-09DE715F2421}\\shutdown.exe\"" C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\Desktop C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7402466A-3EA9-2132-F626-09DE715F2421}\\shutdown.exe\"" C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A5D65891-1B48-11EF-91D8-D6B84878A518} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000001fe30707ddbaf9bfa98d69899a354f9314fed032eff80cbbfc685be510cb845f000000000e8000000002000020000000a0acf481a96b2b49bb5726fc88a44d61cb030f6cdc6a3b37ffb1ad860e342c8a90000000add7b901fdaa73ab45dc35a15d1ffd3b5bcbd43aa8d21fa6ed8b45a8c7de238994002cc8083c8a65c88c1fd911a76a2b59940cfe0a5a0c79e3674edd458cb19666a5f39e686bdc09a1b30d511d2c93b3e1388eafc1e2267014e16af238956db9dc4e91a819a64cadc3d122ccc444f11d82525539236bd3a43155c46a722b6679f235a227d078ccc92f51b2d96526a8fb40000000ac68ea4f3bc86db8b7600f3bc449df6eaf5547916e3de62136882fdd38538331b14fab84b046e29231897a4347408fde3d94dc65fe26cd088dc7474486fed833 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6027b66855afda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000ea1a0dccf5093f590b38963e0c876e7b12f40102855a95c12e8002de6ef88344000000000e8000000002000020000000144a0850d98192de003f3053c41cedc99bf959826667fe04b96192430756b544200000004fb61379d259e60851469fe15aecd32e8829407dcbcf272f8690148728ffb427400000006c5c1cf72c1d02be361e9961b031dbc60ef87407e39f6150708b91ebbbee0a9f430957712c05369bf6979ae9b86fb9cfe946ec9684d9f6f34552a1b9d4b364f7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422880298" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A5CA71B1-1B48-11EF-91D8-D6B84878A518} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1704 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 1704 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 1704 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 1704 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 1704 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 1704 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 1704 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 1704 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 1704 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 1704 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 1396 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe
PID 1396 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe
PID 1396 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe
PID 1396 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe
PID 1396 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1396 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1396 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1396 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2988 wrote to memory of 2604 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2988 wrote to memory of 2604 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2988 wrote to memory of 2604 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2988 wrote to memory of 2604 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2988 wrote to memory of 1964 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2988 wrote to memory of 1964 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2988 wrote to memory of 1964 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2988 wrote to memory of 1964 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2612 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe
PID 2612 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe
PID 2612 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe
PID 2612 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe
PID 2612 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe
PID 2612 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe
PID 2612 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe
PID 2612 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe
PID 2612 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe
PID 2612 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe
PID 2920 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2920 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2920 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2920 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2920 wrote to memory of 308 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Windows\system32\NOTEPAD.EXE
PID 2920 wrote to memory of 308 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Windows\system32\NOTEPAD.EXE
PID 2920 wrote to memory of 308 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Windows\system32\NOTEPAD.EXE
PID 2920 wrote to memory of 308 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Windows\system32\NOTEPAD.EXE
PID 1452 wrote to memory of 1836 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1452 wrote to memory of 1836 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1452 wrote to memory of 1836 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1452 wrote to memory of 1836 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2304 wrote to memory of 2188 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2304 wrote to memory of 2188 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2304 wrote to memory of 2188 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2304 wrote to memory of 2188 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1452 wrote to memory of 2516 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1452 wrote to memory of 2516 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1452 wrote to memory of 2516 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1452 wrote to memory of 2516 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2920 wrote to memory of 596 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Windows\System32\WScript.exe
PID 2920 wrote to memory of 596 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Windows\System32\WScript.exe
PID 2920 wrote to memory of 596 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Windows\System32\WScript.exe
PID 2920 wrote to memory of 596 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Windows\System32\WScript.exe
PID 2920 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Windows\system32\cmd.exe
PID 2920 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Windows\system32\cmd.exe
PID 2920 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Windows\system32\cmd.exe
PID 2920 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe"

C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe

"C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe"

C:\Windows\SysWOW64\cmd.exe

/d /c taskkill /t /f /im "7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe" > NUL

C:\Windows\SysWOW64\taskkill.exe

taskkill /t /f /im "7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe"

C:\Windows\SysWOW64\PING.EXE

ping -n 1 127.0.0.1

C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe

"C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1452 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2304 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1452 CREDAT:996353 /prefetch:2

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}

C:\Windows\system32\cmd.exe

/d /c taskkill /t /f /im "shutdown.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe" > NUL

C:\Windows\system32\taskkill.exe

taskkill /t /f /im "shutdown.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

C:\Windows\system32\taskeng.exe

taskeng.exe {D4764FAE-65B9-4622-9D86-9D73DD8B03BB} S-1-5-21-3691908287-3775019229-3534252667-1000:UOTHCPHQ\Admin:Interactive:[1]

Network

Country Destination Domain Proto
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:80 ipinfo.io tcp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
US 8.8.8.8:53 52uo5k3t73ypjije.b7mciu.top udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

\Users\Admin\AppData\Local\Temp\nso1FE2.tmp\System.dll

MD5 6f5257c0b8c0ef4d440f4f4fce85fb1b
SHA1 b6ac111dfb0d1fc75ad09c56bde7830232395785
SHA256 b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1
SHA512 a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8

\Users\Admin\AppData\Roaming\Services.dll

MD5 7a5614cebbfcc398138fd44171447f2e
SHA1 46d6bdae0f1e16e2aec8d385383353135ff74bc8
SHA256 80bf6edbb701778f2a8a06ada0d5e7a5eb5b121796bcf48df038c2216240a572
SHA512 f551f35160529eee35b4eeac6daf870493945ef5f0a446c788b0c907a249ad67bd090deab9468834824d62db3508db9482a1dfb77815149a745becb4ca125053

memory/1396-61-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1396-59-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/1396-57-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1396-55-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1396-53-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1396-51-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1396-49-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1396-63-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1396-65-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1396-64-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1396-66-0x0000000000400000-0x0000000000424000-memory.dmp

\Users\Admin\AppData\Roaming\{7402466A-3EA9-2132-F626-09DE715F2421}\shutdown.exe

MD5 7525090d624d27879a95aeb70266cc42
SHA1 35808ebf3743496de74e5507823bbbdcf53b23fc
SHA256 333d629de22938e646fd6ec1cb4995f0e09917e4e17412d77eb33569323fd490
SHA512 b3ed2c04030316e8468329879badff85c84cb75397c2aa00834343ba03d8cc3cd44d7758f89f657b4b0628168d9ff6e223140ed9f3e7d3b5b9f0ee7f91f3f5e3

memory/1396-79-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Roaming\generate.meta.abstract.xml

MD5 5df70341229c64119f1ccfecd521afe4
SHA1 2a1459e2e46a40d4219b103f899db74595ef91af
SHA256 f58413b52a5e58096496a0be07a26c0515b18b6bc07d7568ab97a04d326ea4ff
SHA512 797ecf22c01f4fa98ab8da266620d2eb8e5087e1944dfd9c115bcd8b437299516daae0192c9f539da3dc655f3722e7e64139b83dbe7b070cb7d2e6daf7269690

C:\Users\Admin\AppData\Roaming\Berlin

MD5 b95102fbb90fe45978bdb0b65e2895b0
SHA1 9b7202e3b0fdbcd439970e68cad2c9a5a46df243
SHA256 b83e189f3a79dbec93fff04ece68eea14ee0abcffba328296c3efa8d9e814572
SHA512 d18be9aa3a1eed8c0778735bd69653dc78eae55648f1cf5e1c45f1a4e63e930a1db0d20ed71514d362fa980d62af00e58566eba144070cab81449efeb9facf1f

C:\Users\Admin\AppData\Roaming\graphicsize.extension.xml

MD5 6ea51d8127a3bbe79e56778b4e8645b5
SHA1 ff816277b06bf018fe153c976a9b0dc643bf3bb0
SHA256 42f4602d143428abb36ee69779e054e4ddba3415e0595ba61fb0145ff3afd2c1
SHA512 84b875bfdf0c17f812cb5ffabb5c2dbb2a69e38d42b9099f00042ba1cdbb508ab47134aed2f3b436e79ff7ce9d3238c97220db397be9ef7ae6736dc391303ed5

C:\Users\Admin\AppData\Roaming\7.png

MD5 0def94f52c5e45256232320aaffeb1ce
SHA1 81508ec66d4305d2f291c666943fa19629fa67f3
SHA256 959986b33f56465e2acfe85004c168e0c0988b69ec726bf7f18f0936dacefa1f
SHA512 3400a02c438896d2a76b8e4c42e875b93d5806f9d8ebab0d9650359e89db8a891b873ec988031a08eadc3e686251cb5bfae5b59aff4e5105bb8a53e888b97f09

C:\Users\Admin\AppData\Roaming\foil.title.size.xml

MD5 de6a2fa3af8f66a4d53422f155a1a9b3
SHA1 590b89666c6e663ed20c8b812f1dbc2b6b07ba0a
SHA256 e9ad28ee50d8b7804d575e9bc048dfce1d8054fe47f2068eeabc33d7150a95a5
SHA512 51b986d52d0e2f4272d389cd9046572f21e7ea14ec0972afc384ce3d5196d60702733f8bf3fd7b0462328237a55b134bee6ef06740e4778e0ed8d8d80997fea0

C:\Users\Admin\AppData\Roaming\caution.svg

MD5 ec025716a4825430f48448c38b605e6e
SHA1 8692168ef244359ba34d4723c164be0e95ab4992
SHA256 771c91ef9c3fd1491aa2074df42ff204cdbda2ae2ad93b4ad6697ba198869072
SHA512 84dea766df18fb6aa3b69f7d43de2ae35cef4da6aab46e5c5c318e3997d5cad7cb15df1808241f172f1adb5bef3043eb177952b65b28fe38d582e6d823d0b2ec

C:\Users\Admin\AppData\Roaming\forward_long.png

MD5 52a6ccee7b61aaebdad8b0ac25d54680
SHA1 4aa90440ff85fb8eb9900f4f761e1706f8a763b7
SHA256 78dc9a077f420c64ac03126608e052f33a471191e55ac51625b5f8081e78c96e
SHA512 becce92eaa29f38b11cf2fc3b68d6feb7d2de12dac03634685a8f2f09dbfeff518d2c540830a6565d27e9e4706154fdcfb592de655ad6cb480beb5f602167fdb

C:\Users\Admin\AppData\Roaming\16ps.png

MD5 a1cbc0cf66e527e6f190fba76eb62c9c
SHA1 e58ae1da042d694e54c73c06e2c638cb80b08c35
SHA256 1db3153d2c1b66a5aa3c5c8ee0a2f0d8adf71990ffd2da63ce9c7c2908458927
SHA512 526a17742a1bea14e3da20ad077af8c47df9b6c05e081068b86a834b30d990fc904daf9fbad34ffc6804caee544c141ff39fa01efe5fb0c26d8ca586439405c9

C:\Users\Admin\AppData\Roaming\changebars.xsl

MD5 3a91f0918b78182b7a331c0b46f4dd92
SHA1 42622d7e5b49db337a98a2bdfbcecc8a3fbe83a8
SHA256 5d73d69ea322ce333a84baef7bee0b223896d220da2866fcdb9232d526a46250
SHA512 e693948383a7a142ad4276227593b11b02517aa17143a11b217b9c1a2d5e3e45b55b7754444a232f90cb1c15fbae31db83d1dffcceffddde3676c01d813505a9

C:\Users\Admin\AppData\Roaming\bn_IN.aff

MD5 6c0fb6fd9810560e7b438cdf662c2734
SHA1 26304263ffc6724e5bd5a0dc440d74f233bc2fa2
SHA256 bff0a0f00c9adb0ac7bcc8421882b4bcd0fb5b47d278ed64cd661ec7dce51cde
SHA512 d85b9b780ef0ecac44e9af6ca0c766c04dcbc22cf3bf65efd23395806042d8cdadebbe088d21a0be75b37b2c6ddeb7aa726483c9b139d4284ef6b51101ca8c8b

C:\Users\Admin\AppData\Roaming\copy.png

MD5 35cc513ff018f47876e85c705cbf1406
SHA1 b4616a4cd9651952b354782f291b667f5ee9a232
SHA256 4edd945106ec52a068241ab556a0c549c73b1bd46b2a216d6a0f82f015dec27d
SHA512 80d89352840492434ddd194881f428fe4c2175bf3e13bc9fe11e4e88af187315a3180b4897bffb96bf4922ccaae9b3b9998b63d1cfb425faba30247c2b33a948

C:\Users\Admin\AppData\Roaming\callout.graphics.xml

MD5 7c17ee2b7f023668d51e6199325c8d63
SHA1 ffacfc13b232f2187499d7c02a76ae86248a9e73
SHA256 000e761b0bdaf092ef845bb91a352cd432ee257163851d4c251db448c7e6748a
SHA512 e78dae20fc2966fdc54a40b9fa7f4f06e594eb972929d701d79738a2e01e523e3a560190e112278b80cfff75eea6026260ad56d96d6dd5062abbda0373a57625

C:\Users\Admin\AppData\Roaming\CHANGELOG.md

MD5 e6f2520cedb0df21cc115a52eb3f7758
SHA1 27d37567e0739177af8915ebfd1d3f17fe53d52d
SHA256 daf6ffb3678d5e74a87aa550af9bd34c6e049562a771b38fcc39d5f8ec1df45a
SHA512 ea91d35f654f1275dfd437ffd44ebe8b2ec5690f32ee78c2507ebb807570306f20b18b22085a4592c215458885fb9dfbff5919f93ca19fe8e0be94cd425d8060

C:\Users\Admin\AppData\Roaming\download_7.ico

MD5 722cec0ea43d0120b7b4ad66c5ae69ac
SHA1 25b058471ec87661562fdd55d87f2cd5e57cbf8c
SHA256 2893b331e98c2e0423c8d48cc4014b04468cf397dbcb4b72a179ec3d532065c7
SHA512 6496c7dd91b104e098181a58198cdf0c0f727aefc02141510e65fef09a5bdd9690cb1374974fd1e149e30f5924969051a74ba1370587869ec6aee44cc9aa5a0b

C:\Users\Admin\AppData\Roaming\button-bullet.png

MD5 f114ea82fa515b176c45506226a4a70c
SHA1 44315cdbea3138eceb98ae4f616509e8581b8483
SHA256 45b3d11c833c379644726d17bc5274cce5476de97a236adf040d9db0c2129ac0
SHA512 97288705974241b15f6dc76c60c0f4dc4815ea4f03ddb5791ffda3ecdbc4d0c8e8573d5472ce7d458a7d34bc268067dbe33bb18ea2cc3800a254cdbd173750fe

C:\Users\Admin\AppData\Roaming\admonition.title.properties.xml

MD5 66c966605830cb94d10fc95415ca9cec
SHA1 0f0bf09b6c04039cfd3c7e837ef073b48dd50f69
SHA256 f6940a3a972c99fa34d755fd91e3f733e192d591851b76a56fbc181fa0262245
SHA512 a04554662680e5cd6b5d748266e528b5fec7fb16b998c077e4f1bc06b85749716110840e01e5702dfd0fab5018d58999bb4eb02756a77bd18c1e4237544f0ae8

C:\Users\Admin\AppData\Roaming\en-GB.pak

MD5 6e25adb733c8d70ddec47a204d69eeaf
SHA1 2b45a71c2d562f6066e03f30067f44b6e6edb9f7
SHA256 42d5be12fc5b5ea73acafdb1cd013a005bd736c1c7999dc4bc4f4fc1775cf222
SHA512 a10075e3b31ee6aa5997c7b2324b2de25948f878f847eb440df0463b9f509d01efef06b8e0d02ceaee05acd7f052f6268c2ef9f2ba2f80daf866649f40e162cb

C:\Users\Admin\AppData\Roaming\10.svg

MD5 6d5f1f192e1e5dcb3feb43b9991f60ea
SHA1 0e65b9f9351483ddeb91f7a7b13584558df96616
SHA256 48dc83d59cc2968c4c80f453d6931a2ac36e7365003cfe6f07d86c211b973bd9
SHA512 87ed46419fc99f0299ac64adfa5abab5ef5a649a41249e1888b8311904b762895d50de52d65a6184c8608451a54de4b0b18552b39ab5826eba51836cd5002eec

C:\Users\Admin\AppData\Roaming\abstract.properties.xml

MD5 8796f254294168c34772b8cedbd5d3bf
SHA1 cdd3a546b2baa3908243ce204994e4bbdb397f29
SHA256 6637954bc4785a96dd87d2e7aa0e478433a5ade3917b1bd8129cb8a744ecd0f7
SHA512 552f62d83513adb5b46e97559edc4264474d53c7ba6aca0139afcb057dd3df0f7b5edfa3d948125254d6e8b64ef3e425ab07545fe34d5f20174fff193fdb93fb

C:\Users\Admin\AppData\Roaming\biblioentry.item.separator.xml

MD5 0624de35f93fa2da5c041cbe42504f6f
SHA1 fea65b58084a2b72ba5147e88264431c507aa25f
SHA256 b91715aaf83e2b9229d2f12d558415b8a67127746b64d5d29c5110803e5753b3
SHA512 8cc41098b16a42d76b2332e9a6ebd6d832857edba28f80c1bbe2c618d9f508f9b96cdcdc2fad738aea009a76ffc69dee823e8ca851f5196be035e08d39e19846

C:\Users\Admin\AppData\Roaming\article.appendix.title.properties.xml

MD5 adb1a285a2b926f98c062fbb74e1e992
SHA1 1f9799a61072673042a1a3da0fdf3fa93cf10f90
SHA256 4ba4637bffa741ba5619c3de97b6c209b5a9deb330385efc7a588492a98b7b45
SHA512 aa65628e34601645dfcdcb1f5f0347ae84555bd1a99432d4c25a50044dae932385bfa1f50551f6577d184de684f9264743facb53f4aa2e46bdfeff5c85bc6bd7

C:\Users\Admin\AppData\Roaming\column.gap.titlepage.xml

MD5 9145af4b115fdd1d075e41bd58cb07a3
SHA1 1a26bcfc1f4a9ee4cfde04aaa826545efde66550
SHA256 93b81684fa5434e54783d6664ac0d4c44ec09e7f458993d95a213c09d995e1bf
SHA512 2e81f40e4b14e5047f8096309e637e6599f22658be167c6e176c72784e9e69f62e37b603075a5d3237efe6de5ec9860f30a6b394f3e88a6832e8c857d5c565e2

C:\Users\Admin\AppData\Roaming\commons-logging.NOTICE.txt

MD5 29a862f6eff38cb86aa6b7e252658862
SHA1 107e00cfd62c91963571079a749e965bf7f1cb07
SHA256 dd38788eb8f833bca9eecd31bd31c0e73e11db3d30aa1778e9dde7717523eaf4
SHA512 6f3aba5be3e151f98111c3fd1e1a98d9cd5c0e1a989d1d50da3dc86b5ff8aa425a5c22f44b45f01661b7b03301685ef26751f03517db9905d923c3ffab80bb5c

C:\Users\Admin\AppData\Roaming\Crop and Marquee.tpl

MD5 51671b42156c794cac4e48040c449c6a
SHA1 0919f57624558a62685976634349ac8daadd105c
SHA256 345f54221bb8d8f9d85b114ce30946f4b7b36bdbbb5142112a9202b662b4872e
SHA512 3f54c35741990cd9ec0d8a67b067415901498a4012703f2611c113facef8728a97012a9c2a4cd1df3ff6f897c21fe780d2825bee0af9f62fc3d9407ad8d3bc77

C:\Users\Admin\AppData\Roaming\Bl for low con CG9 CG2.ADO

MD5 b6f1143c8ce84da8edc3a21da8dc18b6
SHA1 65213c11975ab7260ec6ea217406758671528116
SHA256 1d288ceac7533bcf9e862b4d3b4dd567027ab9632c401b002a60713439d788f8
SHA512 c803309d0dabf638cebee6317104737d7ef543a2d71a32772c2d9f35e897cfff85c6c1d69161b14cd90de40e56fa77705ad0080c2c96a89e3e8610b0073df080

C:\Users\Admin\AppData\Roaming\403-7.htm

MD5 734c37952961792b8c357983bd6e5552
SHA1 f67ad4059486a3af3e1e137c2fa84b7bb7bd9aa0
SHA256 3894905c34149fc242fa8ba66d76ca9d7b71fa8193209de8c34f96a39ceaae4f
SHA512 d833e18aa60f89ccb3db22e4d02f338d853564815e01aa509bfd5597a9c9ae309b729d34bd5dc134c4a05f2b9a38c94387777eb4c5096a6c18bc0d0104b3a6d1

C:\Users\Admin\AppData\Roaming\error_2.png

MD5 9e1f94cbefe64af5be4a3b82b5bce1e6
SHA1 c33e508e173b69328ce0426b10107eac395184c6
SHA256 738a28290b7e81322791a489e108ebc8321656601019f19310b9be58c01b9e12
SHA512 0ddccfea4c77eea1a92c02aea65b77bbc064b9628d2a919926996655a82c0a73aeb3c3820c0cf439e3c869b01195836139e6d61ec9aa206bf5c5c09423b06cd2

C:\Users\Admin\AppData\Roaming\15x15dot.png

MD5 cae411ba9a58ef39dd4971e388ef8342
SHA1 43a25f9bab3425e095912969f2417c7afc26fc4e
SHA256 b198543a2586875fe895d3e8a7fe5e0844256635b2477ac489cb29f2efe1850d
SHA512 18d75f17203459fc4a781b847214af337a0d4fa4fd72210d01450c3742137652780999099dcf780ae37dca2dc5b1aeea374f37fd4444a56fc8705a4509129aaa

C:\Users\Admin\AppData\Roaming\DAN.zdct

MD5 bfc5c224f5c267bbb9a1ea11a4d8197a
SHA1 e032709043025dc40f4021c4f55ea39503bcfb21
SHA256 21b860d7220947839e49cccbce63b1c43fb02d1a2eacce0fbf389fab35ea128a
SHA512 d85523232f4a3107608cb8968f1590aec742500053a33b8afe4139ad535ffcbd215fd8f4633ac36ad172d687fcf5b1c9b1005c6c2f6c402ca810988459ac0aa6

C:\Users\Admin\AppData\Roaming\16to9Squareframe_SelectionSubpicture.png

MD5 facf5749e3029dc9b8388bae715bc2b2
SHA1 c988bb438605857b87697635e6b21be8d8739ba6
SHA256 2317dfd3b0b369ebff95b2e9733ae2bf1da6e2fbf146881f280c473a8815599c
SHA512 aa008b74617e58f488ad30a0fcc1c00f69aa80d09e8e7d3370df4563828abb5a52857418a759ec68a89241ac9ae3080ed343dc79fd781cd60194e79206141640

C:\Users\Admin\AppData\Roaming\bibliography.collection.xml

MD5 bf4d23441fcba19d50562f24219e2d1e
SHA1 b8d9842b75cb65544cd6b8b34042bfc9a2ed153c
SHA256 0433384767d1f7f4c4ffd68008e80069f18ddfd15e31057a230d7c2ebdea81ba
SHA512 a54db2c53eb11a5abd1e909590fce4c86e3718f462eb2f4e0a18e4de2df8f94867a2fb1193382fc9e355be5a0375afef54320f39bec2dd12a419633b08b103b6

C:\Users\Admin\AppData\Roaming\401-1.htm

MD5 d05a7dbe8f8c8f02f92b74117dd07fa0
SHA1 30ec4bfbd75e0c038d8f6f9cd13061373a19cc8d
SHA256 fa94df6f2e5857be46ad138172954f7fc2cafc7a8cfd3eea9129e27ac4e73a5d
SHA512 68522461281603406a8f95d6ba8bda1454c067ff006c93b47133a8e374d3cd362c5d4f8fb6f41ddc7adf44d7e3117ea8d1e60ae40fbc0617aab53c790592bec5

C:\Users\Admin\AppData\Roaming\Adobe-CNS1-5

MD5 4e2459eb24a4714d44ae8ff7cdf04c78
SHA1 bb55dcf5cf48d8b61c2ce6b8ee60f976c3bc344a
SHA256 88c4b6d6c92c6b8c5434551982df4ee4de5d81d36a79ebb27b23dd695e4677dc
SHA512 6f01a4e94ade932a5f809cda42ea498758b400ff79b5d7d561247bd9a76952d84cf3621bc200e8eb47037efa9fd2329bd628a4ce1f04e5839fea87c032ebbdea

C:\Users\Admin\AppData\Roaming\annot-close.png

MD5 003d7d65b86e72340418fbf01c6e0be1
SHA1 86eb06e3978310f9642be499164d9ecb4d33d5fc
SHA256 f468918ff647fdc89e474a7586314687b79925a4e7e74d5bfad74ec5e4cf84a3
SHA512 2419d22bb5afe35b5454ba7f7a62bb59ce5a4ac1fef95fb3764db8f660fe7611f40db88b8fd099e52bb57167b1d976dc18c54cda64cd6ea1a916edcf33b32779

C:\Users\Admin\AppData\Roaming\Faldstool.RMJ

MD5 29769390818a9e0ce0f7043b7ec84ca5
SHA1 2775929572ab5945ea4eb29db11b6356baee4312
SHA256 34d775228e3714d51b5fce5192974e80797bb8e61ab0d0b6b1239bd71b95cd4d
SHA512 ad9f3a07f30d147d05cf5773824548a643ce698f75fea530883e74a6928ffcad4ac7e622b030a7f4f5513eec0624593d8aa3513e635de61e61ae8eb287c0bdc3

C:\Users\Admin\AppData\Roaming\Washup.rY5

MD5 9ee9a36934b00f45feddc1dec399f7c2
SHA1 65e67aa303fa2bacc61038084e6ab084fa39af25
SHA256 12d6738a8582e4d4808872262d91759cdffd203b2e111f7adf7bd2e6b7cc4d0b
SHA512 41194e97b2bbdffd451448b44a3df01308954f4b537732bb129424de09382a70f0bc9056a4ec70bb398d3c9a1086c36a465758e5d0ce990f1d3ce25f58daae92

C:\Users\Admin\AppData\Roaming\punters.vfc

MD5 757df4023605defa5bf0df77466044f5
SHA1 41e369aee012746b7fe1cfc95be311bbf1514b80
SHA256 302ec8fa881c7b983cffe8f42bcb806eca418956668bb4d667db99dc9f2a251b
SHA512 e003b8edd0ac5f8dc1fe2e7ee028d49114ce9f845c0460e8de60e5cb59fe57f3b410a4af064de20a454469ea7cd33569340a822025924bee021617c8e883ea74

C:\Users\Admin\AppData\Roaming\punters.uwz

MD5 777a3a8deb9852cbf923fd3cb63e7729
SHA1 f2378d1f866bb947f516dbefafeae890c030e9e2
SHA256 ae6ddff508e08f90baf4f78b843d93903432797436b552699cb2664df428840a
SHA512 ce1f0c7d471e180ed4b88dbf38a78805e7f4c8bf51d33f867ccb5b6d7f4472d1841701b76fcbecc8de91b870f8cde717dc8a97302ef5092b6b25cad20c71ff60

C:\Users\Admin\AppData\Roaming\Ext-V

MD5 224fcd96f6e08395a476ee13237089c6
SHA1 2a74ea5884ec120f71f93cdd1626307ec41c8ff7
SHA256 c7e3641a7801aab4fd9d05ea9ef10d2a13043707f49dffdc6418c9c525cf4ebd
SHA512 5d5d8b593d8ed5b6085b9537367840221604ba502af3a4b358e78e677a704b9ad95c9e3d2c0fd03891a64031915ee2c5585501f71f78de04e2c044ce12eb49c4

memory/2920-182-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2920-183-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2920-185-0x0000000001D00000-0x0000000001D01000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\shutdown.lnk

MD5 5b330d6d22c692b81536df23a2af935f
SHA1 e89d485c8ab6ad7761900415c8e8017df16a1e70
SHA256 f2ea215973aa0d7ebad45e3ae644a41a9318d6cf601a0dff3b3d46b4cbaf8a5a
SHA512 ded755f440327632c18d268ff74616cd5edf2de184e45aedcbb81f55419f719220f0017b0e4eaa6edaf24fe85c8a628634c33caef6d21d07e43bfc132c43e6ba

memory/2920-187-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2920-188-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2920-190-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2920-192-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2920-191-0x0000000000400000-0x0000000000424000-memory.dmp

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\# DECRYPT MY FILES #.vbs

MD5 6f84dbf74ef41dc3d861f5fb3e0f45ff
SHA1 3e5f17e9b9589f33ce6add7f2518a666ff2253a4
SHA256 df5f432d7e0d2bd1c4dddb1fabbf1e77bd1065b9020f71abaf1a45fbb950bbb8
SHA512 9f9ec25b815be7b20df26244d31848c9a4896b130241b63636d63511a290eaad78d289a9bb04592c0ba31492064671351b4c7359310f03469e27764132a20a5a

C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\# DECRYPT MY FILES #.url

MD5 7537b87d0b9683ad61c205b69bc6f3c4
SHA1 a005b8745327043b0a5f99563456eb8f608e74bb
SHA256 8dd0e39fd5b91a342ee9e3c92d55429bec960ac72219a1e5e861bd0b7f5fe87e
SHA512 4407586491e416173d946a58ee045741c6cb26eeafcb8a489be58d272402d1f899182c150352a3a4e0b5e02b11064229984f9cd88ceb9e5e41b4d99e24581d7d

C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt

MD5 7d2ab6ccf4863dc6e3e564b2f2e375ed
SHA1 6e1ee395a0925b2804399cfc89500d2c104aa02f
SHA256 d29d0fb20f21637413d613b9396b130fe424431ad3e2a132c219c9b03887be3e
SHA512 47bb1f4b975ae9366707edf72dd731d26790c1dd341baef14a61a0a9880ee17993cc9ada3d0eed42dea1e47334aa20981602d48ed62a3c79089c10cca9ce9ab6

C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\# DECRYPT MY FILES #.html

MD5 05f82d73fd9751658ac1ecb83af2c36f
SHA1 0f14710fefdbe0dd7d19d03130d69562e81feb8c
SHA256 580d6646f05a684095b8ba857ce8ecf1817be5a486d64991ef619ed1073247b5
SHA512 a3798eb46b624494ee3b32de9977b9521b421939abdb9d9740c232214e7e4f2f60a7936b6e5acb61e3c58e6c23d12e6b194f752fd806d9e3196f70218271fd6b

C:\Users\Admin\AppData\Roaming\biblioentry.item.separator.xml

MD5 85149f49456979f3b178537fb0093b78
SHA1 54229a241ba59b69dd1d5143436ba94294e2bb50
SHA256 5ec6bbc6c09baf46a1b4878a913d71ae26ea048c4d2b7c0e57ea5f37670e9b1f
SHA512 780070c3048ad96d91fcab3227d9d597a66b7d7d2a2c277f48065686255c91c4a5731d9c451d2c2db4846fa851ab7416de87bad35400741ba0eb5d1ab449921d

C:\Users\Admin\AppData\Roaming\article.appendix.title.properties.xml

MD5 e3eb83489fe40b3b5e8806d4459f490e
SHA1 81567092f4a7d8a1d8329be49c0ed1d7ac6817c8
SHA256 14e68285f3510ae57c09a920366563eadc651ec5e476404530dcbeb14b53d305
SHA512 57472e1c3c9e51a81627ab1724e7459d91900474d5c091b97a1aa00bc3521f73f84f5695dce2f4057711baaf7d4352c54918bf569b5dd47aff088cc77a16495f

C:\Users\Admin\AppData\Roaming\admonition.title.properties.xml

MD5 c17aa5502363777787a6e0ae8340761c
SHA1 8a2c9b8d857120365a05c169bc459cc254ca14cc
SHA256 01aa5d9a1f46be78010732bc3e3d7991380afa6fd49fa3d1edc7b1e01a2b8701
SHA512 be496b143be45afe7bad5445cec22883f2e7f4bc8ec20e7b390cd68428d10010463c919f3795075da002d7504d6696069cf69ba9e846e0747bbad2bd6c4c0102

C:\Users\Admin\AppData\Roaming\7.png

MD5 948b42595900fe096354330f82945cc0
SHA1 bcb0071a9039cc1d267ce513f500a1f22399e4b3
SHA256 2a31d73ae6cd9fdb33790eb91ac9e89767b8173e450e2708af0997d8e3082e54
SHA512 d050e3b74af826556626fe9b8b41c577c0aa3e01ef769ebeb8ccde34c5b1beaac29d5050445075ffb356775acd2aeb05aaa4c9858bfe90f40092a9c10c2480cd

C:\Users\Admin\AppData\Roaming\abstract.properties.xml

MD5 ac21edcd7162ea2cb707f3fea71825c1
SHA1 0983c8af39250e77f9bf3104239294233d9ad5a0
SHA256 669b56af7aa1dea321a39901d14dc52494b6030881fead5f3b6dbe364afcac0d
SHA512 03ba320f5deefcf629c4769f99f0635d869318a8fbf119131044ac50ddd6d208e5977fef5ddb56189fc63f58ac9eebc13f59b2eba2d04687cd74aecac5d5fc0a

C:\Users\Admin\AppData\Roaming\15x15dot.png

MD5 56756ef0b382f62900741cb7d0986640
SHA1 663eb8658b536c4d1ed89223529afbfcbe3d6cc4
SHA256 6570432e92d71fea1527c077a82bdf6b8f62a0c8996ab8f2b4b2283ed49e7a0b
SHA512 f6f3dc48690232c729195b564b11c8dfa95001ed0233288d5254a58c9bd47d51c697fdf5556b6693ef607615f13d799efb80637375dee652694fa38c49aaddbb

C:\Users\Admin\AppData\Roaming\16to9Squareframe_SelectionSubpicture.png

MD5 b90efb698c1321fee8be67027ed5bd0d
SHA1 e35aad8d1123dffd955364696bf7e35d4f60a750
SHA256 9d63dde125c21e004f2637937e5b146b7d40a38516298291b0d5e6df9239f870
SHA512 812ba9cfae2cb3022490034a53b79db364de9015fed3496dc8c63996dea3a9128cd1f5e4f0de43ab038f0ee5140b7c829e06a0719c65541a176496e433d642cd

C:\Users\Admin\AppData\Roaming\16ps.png

MD5 705e89d69ff9cd4285e7fbc08527bd4c
SHA1 88a28123d663ae45a7fc1a1ffd8ef2c1979dd4fe
SHA256 a812fe15061f77ab837291f9a39ba1d71d941ae2d79a7cb06a179c05f8028011
SHA512 d4c91d3c34d814288d5429cc4a00cb40653112382747ff1860dbe12a2ab8ed8f0b4a0dcf01074197b586c8ca31d0689b06232cf9d5ef66be57c0f3b7b217a93e

C:\Users\Admin\AppData\Roaming\10.svg

MD5 7530a59c06adf4422a2591a35f30c754
SHA1 9e9ff3f6983c642a8d677d0137fc624128b72602
SHA256 c470772d74c2ac47835909f5bde8ad5176caaa717f52d33ac076f236d4dbc8bb
SHA512 d8ca991b12e0adef169bab9282053b4e07cc4679f863f4b936a51416c3fb5eecd526f717c206b117e7c7da110cc0d5b6594274364b299a4306a59d6677f016ad

C:\Users\Admin\AppData\Roaming\annot-close.png

MD5 bf6b907e4e25f91878cb862ae57379f8
SHA1 d20c9f9f7170bfe0d9cd90bdb94f86ccc46b7443
SHA256 25729ba6062f47e69e0c5259370e407c6ef9d0f9708a8ed5a95a590869fefd3b
SHA512 54df27ae344566214b833b7266e293b7cd2696f03d5029b39eb94568deffa112e9f4c47247d810c65c4c280eab7311f67e6f09a699f744b0882ca6a35710e1a6

C:\Users\Admin\AppData\Roaming\caution.svg

MD5 7e5f61ba17871ffa4f4242fbacdcd35c
SHA1 2e9f80dc3ecc8e92c7d40c492a126b4c8d745c66
SHA256 9f12786e76c4ddcccdc7d5e6792a61e1719bdcaae7f19ab6a072590b368d2f48
SHA512 7142931e486427fa02e9b34bf47cb08d416b78769f9b989a3338a0097d20c1bf088687a955d63dc86b3918f37b6c384eb131f520e1144812d1bc4d5a8c1ff0fd

C:\Users\Admin\AppData\Roaming\callout.graphics.xml

MD5 1d84447f0b55d775388a887e483fd7c5
SHA1 379a92156fc8dea2a33cc313e98540379a355284
SHA256 f1ba0c97215ece1a91e97a04892e48935e5ca9147becc55c07882d90731155ee
SHA512 28619fffef5f7b19035e13b94d4cb8b2599cfa9a98381361008912e73b2c811cfa40537e7f9d0ace2904144d6cdd3ae80fb232a4e3597d5410ce7a57e04082ce

C:\Users\Admin\AppData\Roaming\bibliography.collection.xml

MD5 757509cba5d7490f8b0f07bae7630f0d
SHA1 5bde5c2ef17203571a9de6ca387881fba5eba6cc
SHA256 36c7ff5f26956e7357d9db8ef4c17b731711f28c357be158db56f2b13cff4319
SHA512 e28af0b2e9c3cbba7a46ddec532ff543bded26ec38991c3502b3f60e911c14f5844a922a4ff64808779906d59a65cde37a36b51ff200fc68f7ae663564602241

C:\Users\Admin\AppData\Roaming\CHANGELOG.md

MD5 ce0b51068ed47d3320079987f641a9eb
SHA1 7b861d05f7e7a635f1b86e1df135ec437f824173
SHA256 d782cce7103433ef23f8621f76027d115914fbe1f4f02ccc8b96c5c92fd293d6
SHA512 3bd340172d4012e8fc516bef65ffc036be8c0af0746c776d90b9bb5b50d9c0c9d0ee7dce0424d214b41f40b81814f824bcadc1d8986badc04a48da988127ccc4

memory/2920-679-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2920-682-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2920-684-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2920-693-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2920-691-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2920-689-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2920-687-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2920-685-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab2649.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar26A9.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 032cda0c24067af65f2967059bd863b6
SHA1 ea90961aacc7aec323f2957a37e3cb21b39407b4
SHA256 1958e0b11b5fcdc7443758f0e2ea3f3cb10c0fcb7f7a9a807fd482e9a236a44c
SHA512 1c95f52edfff46e1bf682b15fdf656b0592c91e78d2345021ba1a0f84a5bb9628ed1914064ede05e5e6d3a52514272225026dc4bc8a5f763456d3f7c92a95356

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35f1478bf1732add310ebdaac1cd1af7
SHA1 69725dafbd7ee47c5f9a8c2baaa60a035805da1c
SHA256 68245796570fceaef5a1dabb79a12728f886824443c85a07ef96320a3c9c2cc6
SHA512 ee69ddb25fb724f0453492dea40e4ae0c9ceac8e67f55bff519dc8a17d178bf5d947bae79b9f4ef21b7b3746429fcf58c3630a9cb0d324af99eddf1eda332d3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90b3525d92c7de9cc80f97aeef5f2db5
SHA1 273331844a6071f04f8e35a424d653726ea92073
SHA256 d0a62c33fbacc88604e2a04ffee5ef01d482afefe586f8288ef8d3389305d553
SHA512 0188b012a8b49d9784f01ddae73fccfcd490cd40c32616e29d9046a1b2a6f9fd7ace6d3544171525560d087f339cf154d30164d423c1c1c302dfc7d7b5dc001a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 964bf62ac60d5621861b6119d71675ba
SHA1 07e23c79f65cfee5deadd16f268e7a638866c43a
SHA256 d41d2a53698434108216b5956ad30a381a214e0579b431d75cfca3fa3735862a
SHA512 78f0809d12ec5332e4b2de1556be2fb826c91046b45fdb6bab82c0abdb34d4b7498dd91042e5e368bcb8c727ede68107986c7d96a490d54a433b49e8a45e9c4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5ccf7ebdbc18068bb4c3da57bda94ae
SHA1 cd51e02f6f40b6940527994123ba5a354ea018d4
SHA256 6bf3c3a962012417a5df9b2863307d3b89d1390a4bde31c32be52451e580ee7d
SHA512 e6fa80f3c80e314dc7259b8899b3b40d1b5b568338b71b47455acce0078dc796f07d180d58f138f9d157e7f0dddda4f50750ec949363a083ad1405f6bc1734f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8715fd4111cab90316f802e1cf69334d
SHA1 4e32b3fc7218f50bc3719d669bfa2e53ce14fd60
SHA256 71bb318ca2996544a0f5b89d7f2dc11d8dbe219d690f9414182d0cedd272f03c
SHA512 47d03b880bb1696a4437ed44571e0e566145b5422f9d3cb11d9f07544927cd8df85e10c3770787a2fd64b9aa3d741b313b960fecf96a2b9d3a49c732097fe44b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 143b943981dfac70eb38c60d8d6cf13e
SHA1 ed0466fab63fa2587a454a7ed06cd22087d26f3c
SHA256 c42bcb407574b1017d6e8e612a9a50df2665fce7d16a9b7674d7c56ea48fca34
SHA512 87315c9d2ba5d2a3fba7893247809e18f84bed41eecef32d1882d07d45b07df892fca6dbc5ce654daf4a4e2df7f7fba7d7d6c1755182f3877db5c177742daf00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e3ace39964170dfb3f6655064144b69
SHA1 4729602fc88d475f31b1d4701544ef8401eae38b
SHA256 5e52dc8feefc851cdac2adf0bde9685c885e803b530c102a9c6a535e52436530
SHA512 539aa0ef4ae40eddcbd83c7e087309a4de60b1e56052e4c4ee1dffd65decda098ec7cfaa1b0b6db7b2fa1f8669b94473625c175174d498717a5fe670cdd89572

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91706a053dc89648f066beb08a513533
SHA1 a2cf4bab689425c5d70a749e651538df742f2246
SHA256 548edabc7d70e31ccc498d23a321551b95965568c7f4cc689cbc1ad8b6ae66ea
SHA512 cfab576b983075dfdba1640c30bc27267cde8c38bcb4739b641014f7fb7063877ed079818367e31a866798ae0884badff2aa4dc39e5000234c4f8cd3a202ba11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b21917ae4fe52a29d6fc5fa65bde4e3d
SHA1 998f25667f8c4152dd91eb7fc2b628e0d93e5c63
SHA256 fee7d4fe85e29135d6d67c18d1755e37a2674b05ffba59b6e9552817a79b824a
SHA512 a6c253b8aeef9d7815062a4d1a7e3a6098cc0bd5592201ca18895a45c5133f5828c51b70c9f4857d0379606cfd5b6d4d8b52dd11015f5bd7e86df9c067d753fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de6ddeca33fd752e3136787d8fd79dbd
SHA1 a59fabe62fd38701740fd35ed5e178cd1d31585b
SHA256 8767a73d4bde62d7a99e25031439092379b042f4fe0ff84b491fdecbee68ecf9
SHA512 bc723fcbdbce5d09300557b405a3c5cd668ac9a41b029a6c441d569d29c205d73113d864671d4d79b68f5104a20fec10e59e469f63fedb116fee0162fb5b87c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d57f2acc48a5d78f527a805c4da2762
SHA1 f2f542f1590284e7f44ab17203ebed96f61282b1
SHA256 8c840ff2daa6c18e123522631b465741f2d51aabd9c6bc301a2290fb3d6e315a
SHA512 cdeabd500077fd1c00c89e9a45c761dec92d81351e8d4c779052f1cf1edf0dce74bea7283978fc09a1d15089e73f3a98a44e342e741bb4d9cda37f133dfd85a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b1d93325fc8b83c57eaf6d2e7f26045
SHA1 ee9a19cea5f4788aa8da0992e19a9e56b7e96894
SHA256 5d4ab5ab5437be7aabf2383a931efab3a071d054afbae38209d2461a36f4c21b
SHA512 a25f50a283660479bd0ad9ada1007d78cc497f4fdbc741252ed1ad8db897e5ad278c775fe686137822621fcd9b93d8afd0d31023bcec500a38f25bc08f1e0a79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3de831ae25f7f2f4bd0f5eed47bf8b2
SHA1 e15f450b87b9261263cfe6f9718e98783864e034
SHA256 8bc217d8b084ff20d80fc7864db47bbf107be6784531ec9eb7351d4d42fae366
SHA512 3c6d05de3b8d27da8a76b40113cec5a7f532efd49e6986f4aa2840749fc67b544482939c5d3a5bc6ba68477e7a7138af4b090a87b6da7f66b01b4bb77739ffc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b06ae0e277ace9b4e7fccf9753df4215
SHA1 5b8cda331372509aea2ff796784337b19fcb61d4
SHA256 599f5ee675bf848c640cf5c8800dbb1743465c41b91a4edff4fea66b85657d22
SHA512 112d4256ac8622b46337c4d4461ddc7f3279735d62b7641ada10f332be4bbf0616b682cc745a11d4004694f078a4fdbe2425cdf4235d8693012538f7f4cb5e7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9d33d0ae9ccaf33a2309b2960b883d9
SHA1 cd806c03e77cb5798e16407fa96c8b0f1843e3f5
SHA256 12656e12c5264703753156e5644e2d0002b4ea07cdeb6026d7dceffcb289f6e0
SHA512 8a7b7402b21364ad9fe572753b52510d8277d634b8942b86fb325f3c690a1c1126bbacba513c4e3469c9b62bce3310adc5ee2fbe0aedb054fbd30eb4ae1de34f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e190476dc78b78301d647d499243de5
SHA1 0f62780424ca7267116661064bc6f0af7ada5232
SHA256 9b2ab92b08a10a6f777867ec2f453745538c37f12424b9f24df186e236ee9e82
SHA512 ebe99eddf749700451f9df4239e2cb2104aa284a7602c6bfbafb8c633be98ac9db70c3c950bf81e65fac0b5c351e25073e79a761ca0f6168658982dc32f9ea11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df1a658662da9d1a1dd5fc0ecbc2c6eb
SHA1 f9be14f658817a42f636769e70b635b6a0c1688e
SHA256 18a1ef24eafcd9994fa774edf3e7c16fec2452e14c856347eeecb5846ef8469d
SHA512 bc8163528de88f637f377f16e8b8f112eed81bf766cd8516aeb449a4b944124a9675a20265aa37e6357f6cc06427637cc9e3e3b3baca30a5c57054b25ce9643e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bd047a6b20c86b54bd98bb2c66070a1
SHA1 3990a09c2f054e330b8994b26ac3f30a5490cde6
SHA256 a784702313a2b557c3f883e4a9f5305d1a9260d86370d6f79067f12845fe9230
SHA512 24c6891a92e41224d8fcffc724fa5e2222364398b4dfd07133ebf4760b73e1e5a342520013fbaadba4a0469a3682f281fb70b41ccfbdde7dbae159760623f29d

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-26 10:12

Reported

2024-05-26 10:15

Platform

win10v2004-20240508-en

Max time kernel

24s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe"

Signatures

Cerber

ransomware cerber

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{5B76921C-F710-0C00-7C90-036FED3C4413}\\icacls.exe\"" C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe N/A

Contacts a large (532) amount of remote hosts

discovery

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\icacls.lnk C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\{5B76921C-F710-0C00-7C90-036FED3C4413}\icacls.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\icacls = "\"C:\\Users\\Admin\\AppData\\Roaming\\{5B76921C-F710-0C00-7C90-036FED3C4413}\\icacls.exe\"" C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\icacls = "\"C:\\Users\\Admin\\AppData\\Roaming\\{5B76921C-F710-0C00-7C90-036FED3C4413}\\icacls.exe\"" C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\-1 C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe N/A
File opened for modification C:\Windows\-1 C:\Users\Admin\AppData\Roaming\{5B76921C-F710-0C00-7C90-036FED3C4413}\icacls.exe N/A

Enumerates physical storage devices

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{5B76921C-F710-0C00-7C90-036FED3C4413}\\icacls.exe\"" C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2532 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 2532 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 2532 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 2532 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 2532 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 2532 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 2532 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 2532 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 2532 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe
PID 4668 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{5B76921C-F710-0C00-7C90-036FED3C4413}\icacls.exe
PID 4668 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{5B76921C-F710-0C00-7C90-036FED3C4413}\icacls.exe
PID 4668 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{5B76921C-F710-0C00-7C90-036FED3C4413}\icacls.exe
PID 4668 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 4668 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 4668 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 4520 wrote to memory of 2352 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 4520 wrote to memory of 2352 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 4520 wrote to memory of 2352 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 4520 wrote to memory of 3532 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 4520 wrote to memory of 3532 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 4520 wrote to memory of 3532 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe"

C:\Users\Admin\AppData\Roaming\{5B76921C-F710-0C00-7C90-036FED3C4413}\icacls.exe

"C:\Users\Admin\AppData\Roaming\{5B76921C-F710-0C00-7C90-036FED3C4413}\icacls.exe"

C:\Windows\SysWOW64\cmd.exe

/d /c taskkill /t /f /im "7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe" > NUL

C:\Windows\SysWOW64\taskkill.exe

taskkill /t /f /im "7525090d624d27879a95aeb70266cc42_JaffaCakes118.exe"

C:\Windows\SysWOW64\PING.EXE

ping -n 1 127.0.0.1

C:\Users\Admin\AppData\Roaming\{5B76921C-F710-0C00-7C90-036FED3C4413}\icacls.exe

"C:\Users\Admin\AppData\Roaming\{5B76921C-F710-0C00-7C90-036FED3C4413}\icacls.exe"

C:\Users\Admin\AppData\Roaming\{5B76921C-F710-0C00-7C90-036FED3C4413}\icacls.exe

C:\Users\Admin\AppData\Roaming\{5B76921C-F710-0C00-7C90-036FED3C4413}\icacls.exe

C:\Users\Admin\AppData\Roaming\{5B76921C-F710-0C00-7C90-036FED3C4413}\icacls.exe

C:\Users\Admin\AppData\Roaming\{5B76921C-F710-0C00-7C90-036FED3C4413}\icacls.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb34346f8,0x7ffdb3434708,0x7ffdb3434718

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,5253795005972760698,17678872153348256456,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,5253795005972760698,17678872153348256456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,5253795005972760698,17678872153348256456,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5253795005972760698,17678872153348256456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5253795005972760698,17678872153348256456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://52uo5k3t73ypjije.b7mciu.top/755C-737D-5B19-006D-F11E?auto

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x48,0x108,0x7ffdb34346f8,0x7ffdb3434708,0x7ffdb3434718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5253795005972760698,17678872153348256456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5253795005972760698,17678872153348256456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x510 0x50c

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5253795005972760698,17678872153348256456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,5253795005972760698,17678872153348256456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:8

C:\Windows\system32\cmd.exe

/d /c taskkill /t /f /im "icacls.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{5B76921C-F710-0C00-7C90-036FED3C4413}\icacls.exe" > NUL

C:\Windows\system32\taskkill.exe

taskkill /t /f /im "icacls.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,5253795005972760698,17678872153348256456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5253795005972760698,17678872153348256456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5253795005972760698,17678872153348256456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5253795005972760698,17678872153348256456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5253795005972760698,17678872153348256456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 99.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:80 ipinfo.io tcp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
US 8.8.8.8:53 0.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 1.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 2.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 3.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 4.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 5.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 6.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 7.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 8.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 9.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 10.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 11.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 12.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 13.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 14.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 15.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 16.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 17.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 18.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 19.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 20.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 21.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 22.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 23.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 24.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 25.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 26.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 27.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 28.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 29.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 30.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 31.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 32.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 33.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 34.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 35.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 36.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 37.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 38.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 39.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 41.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 40.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 42.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 43.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 44.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 45.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 46.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 47.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 48.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 49.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 50.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 51.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 52.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 53.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 54.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 55.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 57.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 58.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 59.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 60.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 61.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 62.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 63.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 64.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 65.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 66.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 67.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 68.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 69.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 70.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 71.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 72.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 73.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 74.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 75.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 76.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 77.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 79.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 78.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 80.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 81.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 82.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 83.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 84.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 85.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 86.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 87.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 88.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 89.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 91.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 90.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 92.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 93.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 95.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 94.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 96.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 97.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 99.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 98.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 100.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 101.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 102.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 103.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 104.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 105.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 106.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 107.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 108.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 109.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 110.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 111.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 112.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 113.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 114.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 115.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 116.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 117.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 118.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 119.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 120.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 121.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 122.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 123.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 124.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 125.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 126.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 127.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 128.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 129.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 130.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 131.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 132.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 134.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 133.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 135.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 137.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 136.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 138.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 139.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 140.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 141.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 142.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 144.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 143.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 145.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 147.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 146.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 148.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 149.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 151.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 152.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 150.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 153.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 154.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 155.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 156.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 157.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 158.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 159.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 160.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 161.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 162.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 163.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 164.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 165.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 166.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 167.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 168.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 169.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 171.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 170.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 172.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 173.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 174.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 175.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 176.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 177.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 178.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 180.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 179.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 181.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 182.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 183.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 184.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 185.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 186.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 187.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 188.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 189.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 190.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 191.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 192.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 193.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 194.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 195.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 196.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 197.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 198.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 199.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 200.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 201.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 203.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 202.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 204.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 205.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 206.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 207.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 208.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 209.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 210.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 211.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 212.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 213.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 214.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 215.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 216.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 218.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 217.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 219.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 221.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 222.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 224.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 223.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 225.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 226.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 227.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 229.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 228.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 230.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 231.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 232.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 233.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 234.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 236.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 235.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 237.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 238.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 239.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 240.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 241.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 242.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 243.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 244.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 245.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 246.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 247.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 248.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 249.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 250.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 251.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 252.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 253.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 254.234.184.31.in-addr.arpa udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
US 8.8.8.8:53 255.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 0.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 1.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 2.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 3.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 4.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 5.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 6.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 7.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 8.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 9.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 11.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 10.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 12.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 14.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 13.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 15.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 17.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 16.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 18.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 20.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 19.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 21.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 23.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 22.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 24.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 26.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 25.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 27.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 28.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 29.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 31.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 36.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 37.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 38.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 41.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 30.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 33.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 34.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 32.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 40.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 42.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 35.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 44.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 45.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 46.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 47.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 48.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 39.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 43.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 49.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 50.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 51.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 52.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 53.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 54.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 55.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 56.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 57.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 58.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 59.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 60.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 61.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 62.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 63.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 64.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 65.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 66.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 67.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 69.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 70.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 71.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 72.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 73.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 74.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 75.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 76.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 77.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 78.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 79.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 80.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 81.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 82.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 83.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 85.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 84.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 86.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 87.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 90.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 91.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 93.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 94.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 92.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 95.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 96.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 97.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 98.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 99.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 100.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 101.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 102.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 103.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 104.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 105.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 106.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 107.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 108.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 109.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 110.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 111.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 112.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 113.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 114.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 115.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 116.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 117.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 118.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 119.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 120.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 121.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 122.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 123.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 124.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 125.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 126.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 127.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 128.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 129.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 130.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 131.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 132.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 133.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 134.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 135.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 136.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 137.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 138.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 139.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 140.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 141.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 142.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 143.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 144.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 145.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 146.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 148.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 147.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 150.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 149.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 151.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 152.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 153.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 154.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 155.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 156.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 157.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 158.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 159.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 160.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 161.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 162.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 163.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 164.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 165.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 166.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 167.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 169.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 170.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 168.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 171.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 172.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 173.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 174.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 175.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 176.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 177.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 178.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 179.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 180.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 181.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 182.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 183.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 184.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 185.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 186.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 187.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 188.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 189.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 190.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 191.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 192.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 193.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 194.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 195.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 196.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 197.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 198.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 199.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 200.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 201.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 202.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 203.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 204.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 205.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 206.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 207.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 208.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 209.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 210.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 211.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 212.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 214.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 215.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 216.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 218.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 219.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 220.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 221.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 222.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 223.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 224.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 225.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 226.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 227.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 228.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 229.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 231.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 230.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 233.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 234.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 235.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 236.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 237.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 238.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 239.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 240.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 241.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 242.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 243.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 244.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 246.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 245.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 247.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 248.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 249.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 250.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 251.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 252.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 254.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 253.235.184.31.in-addr.arpa udp
AM 31.184.235.255:6892 udp
US 8.8.8.8:53 255.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
US 8.8.8.8:53 52uo5k3t73ypjije.b7mciu.top udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
N/A 224.0.0.251:5353 udp
AM 31.184.235.255:6892 udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 52uo5k3t73ypjije.b7mciu.top udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nso6AB2.tmp\System.dll

MD5 6f5257c0b8c0ef4d440f4f4fce85fb1b
SHA1 b6ac111dfb0d1fc75ad09c56bde7830232395785
SHA256 b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1
SHA512 a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8

C:\Users\Admin\AppData\Roaming\Services.dll

MD5 7a5614cebbfcc398138fd44171447f2e
SHA1 46d6bdae0f1e16e2aec8d385383353135ff74bc8
SHA256 80bf6edbb701778f2a8a06ada0d5e7a5eb5b121796bcf48df038c2216240a572
SHA512 f551f35160529eee35b4eeac6daf870493945ef5f0a446c788b0c907a249ad67bd090deab9468834824d62db3508db9482a1dfb77815149a745becb4ca125053

memory/4668-52-0x0000000000400000-0x0000000000424000-memory.dmp

memory/4668-54-0x0000000000400000-0x0000000000424000-memory.dmp

memory/4668-56-0x0000000000400000-0x0000000000424000-memory.dmp

memory/4668-57-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Roaming\{5B76921C-F710-0C00-7C90-036FED3C4413}\icacls.exe

MD5 7525090d624d27879a95aeb70266cc42
SHA1 35808ebf3743496de74e5507823bbbdcf53b23fc
SHA256 333d629de22938e646fd6ec1cb4995f0e09917e4e17412d77eb33569323fd490
SHA512 b3ed2c04030316e8468329879badff85c84cb75397c2aa00834343ba03d8cc3cd44d7758f89f657b4b0628168d9ff6e223140ed9f3e7d3b5b9f0ee7f91f3f5e3

memory/4668-65-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Roaming\DAN.zdct

MD5 bfc5c224f5c267bbb9a1ea11a4d8197a
SHA1 e032709043025dc40f4021c4f55ea39503bcfb21
SHA256 21b860d7220947839e49cccbce63b1c43fb02d1a2eacce0fbf389fab35ea128a
SHA512 d85523232f4a3107608cb8968f1590aec742500053a33b8afe4139ad535ffcbd215fd8f4633ac36ad172d687fcf5b1c9b1005c6c2f6c402ca810988459ac0aa6

C:\Users\Admin\AppData\Roaming\Washup.rY5

MD5 9ee9a36934b00f45feddc1dec399f7c2
SHA1 65e67aa303fa2bacc61038084e6ab084fa39af25
SHA256 12d6738a8582e4d4808872262d91759cdffd203b2e111f7adf7bd2e6b7cc4d0b
SHA512 41194e97b2bbdffd451448b44a3df01308954f4b537732bb129424de09382a70f0bc9056a4ec70bb398d3c9a1086c36a465758e5d0ce990f1d3ce25f58daae92

C:\Users\Admin\AppData\Roaming\punters.vfc

MD5 757df4023605defa5bf0df77466044f5
SHA1 41e369aee012746b7fe1cfc95be311bbf1514b80
SHA256 302ec8fa881c7b983cffe8f42bcb806eca418956668bb4d667db99dc9f2a251b
SHA512 e003b8edd0ac5f8dc1fe2e7ee028d49114ce9f845c0460e8de60e5cb59fe57f3b410a4af064de20a454469ea7cd33569340a822025924bee021617c8e883ea74

C:\Users\Admin\AppData\Roaming\punters.uwz

MD5 777a3a8deb9852cbf923fd3cb63e7729
SHA1 f2378d1f866bb947f516dbefafeae890c030e9e2
SHA256 ae6ddff508e08f90baf4f78b843d93903432797436b552699cb2664df428840a
SHA512 ce1f0c7d471e180ed4b88dbf38a78805e7f4c8bf51d33f867ccb5b6d7f4472d1841701b76fcbecc8de91b870f8cde717dc8a97302ef5092b6b25cad20c71ff60

C:\Users\Admin\AppData\Roaming\Ext-V

MD5 224fcd96f6e08395a476ee13237089c6
SHA1 2a74ea5884ec120f71f93cdd1626307ec41c8ff7
SHA256 c7e3641a7801aab4fd9d05ea9ef10d2a13043707f49dffdc6418c9c525cf4ebd
SHA512 5d5d8b593d8ed5b6085b9537367840221604ba502af3a4b358e78e677a704b9ad95c9e3d2c0fd03891a64031915ee2c5585501f71f78de04e2c044ce12eb49c4

C:\Users\Admin\AppData\Roaming\generate.meta.abstract.xml

MD5 5df70341229c64119f1ccfecd521afe4
SHA1 2a1459e2e46a40d4219b103f899db74595ef91af
SHA256 f58413b52a5e58096496a0be07a26c0515b18b6bc07d7568ab97a04d326ea4ff
SHA512 797ecf22c01f4fa98ab8da266620d2eb8e5087e1944dfd9c115bcd8b437299516daae0192c9f539da3dc655f3722e7e64139b83dbe7b070cb7d2e6daf7269690

C:\Users\Admin\AppData\Roaming\Berlin

MD5 b95102fbb90fe45978bdb0b65e2895b0
SHA1 9b7202e3b0fdbcd439970e68cad2c9a5a46df243
SHA256 b83e189f3a79dbec93fff04ece68eea14ee0abcffba328296c3efa8d9e814572
SHA512 d18be9aa3a1eed8c0778735bd69653dc78eae55648f1cf5e1c45f1a4e63e930a1db0d20ed71514d362fa980d62af00e58566eba144070cab81449efeb9facf1f

C:\Users\Admin\AppData\Roaming\graphicsize.extension.xml

MD5 6ea51d8127a3bbe79e56778b4e8645b5
SHA1 ff816277b06bf018fe153c976a9b0dc643bf3bb0
SHA256 42f4602d143428abb36ee69779e054e4ddba3415e0595ba61fb0145ff3afd2c1
SHA512 84b875bfdf0c17f812cb5ffabb5c2dbb2a69e38d42b9099f00042ba1cdbb508ab47134aed2f3b436e79ff7ce9d3238c97220db397be9ef7ae6736dc391303ed5

C:\Users\Admin\AppData\Roaming\7.png

MD5 0def94f52c5e45256232320aaffeb1ce
SHA1 81508ec66d4305d2f291c666943fa19629fa67f3
SHA256 959986b33f56465e2acfe85004c168e0c0988b69ec726bf7f18f0936dacefa1f
SHA512 3400a02c438896d2a76b8e4c42e875b93d5806f9d8ebab0d9650359e89db8a891b873ec988031a08eadc3e686251cb5bfae5b59aff4e5105bb8a53e888b97f09

C:\Users\Admin\AppData\Roaming\foil.title.size.xml

MD5 de6a2fa3af8f66a4d53422f155a1a9b3
SHA1 590b89666c6e663ed20c8b812f1dbc2b6b07ba0a
SHA256 e9ad28ee50d8b7804d575e9bc048dfce1d8054fe47f2068eeabc33d7150a95a5
SHA512 51b986d52d0e2f4272d389cd9046572f21e7ea14ec0972afc384ce3d5196d60702733f8bf3fd7b0462328237a55b134bee6ef06740e4778e0ed8d8d80997fea0

C:\Users\Admin\AppData\Roaming\caution.svg

MD5 ec025716a4825430f48448c38b605e6e
SHA1 8692168ef244359ba34d4723c164be0e95ab4992
SHA256 771c91ef9c3fd1491aa2074df42ff204cdbda2ae2ad93b4ad6697ba198869072
SHA512 84dea766df18fb6aa3b69f7d43de2ae35cef4da6aab46e5c5c318e3997d5cad7cb15df1808241f172f1adb5bef3043eb177952b65b28fe38d582e6d823d0b2ec

C:\Users\Admin\AppData\Roaming\forward_long.png

MD5 52a6ccee7b61aaebdad8b0ac25d54680
SHA1 4aa90440ff85fb8eb9900f4f761e1706f8a763b7
SHA256 78dc9a077f420c64ac03126608e052f33a471191e55ac51625b5f8081e78c96e
SHA512 becce92eaa29f38b11cf2fc3b68d6feb7d2de12dac03634685a8f2f09dbfeff518d2c540830a6565d27e9e4706154fdcfb592de655ad6cb480beb5f602167fdb

C:\Users\Admin\AppData\Roaming\16ps.png

MD5 a1cbc0cf66e527e6f190fba76eb62c9c
SHA1 e58ae1da042d694e54c73c06e2c638cb80b08c35
SHA256 1db3153d2c1b66a5aa3c5c8ee0a2f0d8adf71990ffd2da63ce9c7c2908458927
SHA512 526a17742a1bea14e3da20ad077af8c47df9b6c05e081068b86a834b30d990fc904daf9fbad34ffc6804caee544c141ff39fa01efe5fb0c26d8ca586439405c9

C:\Users\Admin\AppData\Roaming\changebars.xsl

MD5 3a91f0918b78182b7a331c0b46f4dd92
SHA1 42622d7e5b49db337a98a2bdfbcecc8a3fbe83a8
SHA256 5d73d69ea322ce333a84baef7bee0b223896d220da2866fcdb9232d526a46250
SHA512 e693948383a7a142ad4276227593b11b02517aa17143a11b217b9c1a2d5e3e45b55b7754444a232f90cb1c15fbae31db83d1dffcceffddde3676c01d813505a9

C:\Users\Admin\AppData\Roaming\bn_IN.aff

MD5 6c0fb6fd9810560e7b438cdf662c2734
SHA1 26304263ffc6724e5bd5a0dc440d74f233bc2fa2
SHA256 bff0a0f00c9adb0ac7bcc8421882b4bcd0fb5b47d278ed64cd661ec7dce51cde
SHA512 d85b9b780ef0ecac44e9af6ca0c766c04dcbc22cf3bf65efd23395806042d8cdadebbe088d21a0be75b37b2c6ddeb7aa726483c9b139d4284ef6b51101ca8c8b

C:\Users\Admin\AppData\Roaming\copy.png

MD5 35cc513ff018f47876e85c705cbf1406
SHA1 b4616a4cd9651952b354782f291b667f5ee9a232
SHA256 4edd945106ec52a068241ab556a0c549c73b1bd46b2a216d6a0f82f015dec27d
SHA512 80d89352840492434ddd194881f428fe4c2175bf3e13bc9fe11e4e88af187315a3180b4897bffb96bf4922ccaae9b3b9998b63d1cfb425faba30247c2b33a948

C:\Users\Admin\AppData\Roaming\callout.graphics.xml

MD5 7c17ee2b7f023668d51e6199325c8d63
SHA1 ffacfc13b232f2187499d7c02a76ae86248a9e73
SHA256 000e761b0bdaf092ef845bb91a352cd432ee257163851d4c251db448c7e6748a
SHA512 e78dae20fc2966fdc54a40b9fa7f4f06e594eb972929d701d79738a2e01e523e3a560190e112278b80cfff75eea6026260ad56d96d6dd5062abbda0373a57625

C:\Users\Admin\AppData\Roaming\CHANGELOG.md

MD5 e6f2520cedb0df21cc115a52eb3f7758
SHA1 27d37567e0739177af8915ebfd1d3f17fe53d52d
SHA256 daf6ffb3678d5e74a87aa550af9bd34c6e049562a771b38fcc39d5f8ec1df45a
SHA512 ea91d35f654f1275dfd437ffd44ebe8b2ec5690f32ee78c2507ebb807570306f20b18b22085a4592c215458885fb9dfbff5919f93ca19fe8e0be94cd425d8060

C:\Users\Admin\AppData\Roaming\download_7.ico

MD5 722cec0ea43d0120b7b4ad66c5ae69ac
SHA1 25b058471ec87661562fdd55d87f2cd5e57cbf8c
SHA256 2893b331e98c2e0423c8d48cc4014b04468cf397dbcb4b72a179ec3d532065c7
SHA512 6496c7dd91b104e098181a58198cdf0c0f727aefc02141510e65fef09a5bdd9690cb1374974fd1e149e30f5924969051a74ba1370587869ec6aee44cc9aa5a0b

C:\Users\Admin\AppData\Roaming\button-bullet.png

MD5 f114ea82fa515b176c45506226a4a70c
SHA1 44315cdbea3138eceb98ae4f616509e8581b8483
SHA256 45b3d11c833c379644726d17bc5274cce5476de97a236adf040d9db0c2129ac0
SHA512 97288705974241b15f6dc76c60c0f4dc4815ea4f03ddb5791ffda3ecdbc4d0c8e8573d5472ce7d458a7d34bc268067dbe33bb18ea2cc3800a254cdbd173750fe

C:\Users\Admin\AppData\Roaming\admonition.title.properties.xml

MD5 66c966605830cb94d10fc95415ca9cec
SHA1 0f0bf09b6c04039cfd3c7e837ef073b48dd50f69
SHA256 f6940a3a972c99fa34d755fd91e3f733e192d591851b76a56fbc181fa0262245
SHA512 a04554662680e5cd6b5d748266e528b5fec7fb16b998c077e4f1bc06b85749716110840e01e5702dfd0fab5018d58999bb4eb02756a77bd18c1e4237544f0ae8

C:\Users\Admin\AppData\Roaming\en-GB.pak

MD5 6e25adb733c8d70ddec47a204d69eeaf
SHA1 2b45a71c2d562f6066e03f30067f44b6e6edb9f7
SHA256 42d5be12fc5b5ea73acafdb1cd013a005bd736c1c7999dc4bc4f4fc1775cf222
SHA512 a10075e3b31ee6aa5997c7b2324b2de25948f878f847eb440df0463b9f509d01efef06b8e0d02ceaee05acd7f052f6268c2ef9f2ba2f80daf866649f40e162cb

C:\Users\Admin\AppData\Roaming\10.svg

MD5 6d5f1f192e1e5dcb3feb43b9991f60ea
SHA1 0e65b9f9351483ddeb91f7a7b13584558df96616
SHA256 48dc83d59cc2968c4c80f453d6931a2ac36e7365003cfe6f07d86c211b973bd9
SHA512 87ed46419fc99f0299ac64adfa5abab5ef5a649a41249e1888b8311904b762895d50de52d65a6184c8608451a54de4b0b18552b39ab5826eba51836cd5002eec

C:\Users\Admin\AppData\Roaming\abstract.properties.xml

MD5 8796f254294168c34772b8cedbd5d3bf
SHA1 cdd3a546b2baa3908243ce204994e4bbdb397f29
SHA256 6637954bc4785a96dd87d2e7aa0e478433a5ade3917b1bd8129cb8a744ecd0f7
SHA512 552f62d83513adb5b46e97559edc4264474d53c7ba6aca0139afcb057dd3df0f7b5edfa3d948125254d6e8b64ef3e425ab07545fe34d5f20174fff193fdb93fb

C:\Users\Admin\AppData\Roaming\biblioentry.item.separator.xml

MD5 0624de35f93fa2da5c041cbe42504f6f
SHA1 fea65b58084a2b72ba5147e88264431c507aa25f
SHA256 b91715aaf83e2b9229d2f12d558415b8a67127746b64d5d29c5110803e5753b3
SHA512 8cc41098b16a42d76b2332e9a6ebd6d832857edba28f80c1bbe2c618d9f508f9b96cdcdc2fad738aea009a76ffc69dee823e8ca851f5196be035e08d39e19846

C:\Users\Admin\AppData\Roaming\article.appendix.title.properties.xml

MD5 adb1a285a2b926f98c062fbb74e1e992
SHA1 1f9799a61072673042a1a3da0fdf3fa93cf10f90
SHA256 4ba4637bffa741ba5619c3de97b6c209b5a9deb330385efc7a588492a98b7b45
SHA512 aa65628e34601645dfcdcb1f5f0347ae84555bd1a99432d4c25a50044dae932385bfa1f50551f6577d184de684f9264743facb53f4aa2e46bdfeff5c85bc6bd7

C:\Users\Admin\AppData\Roaming\column.gap.titlepage.xml

MD5 9145af4b115fdd1d075e41bd58cb07a3
SHA1 1a26bcfc1f4a9ee4cfde04aaa826545efde66550
SHA256 93b81684fa5434e54783d6664ac0d4c44ec09e7f458993d95a213c09d995e1bf
SHA512 2e81f40e4b14e5047f8096309e637e6599f22658be167c6e176c72784e9e69f62e37b603075a5d3237efe6de5ec9860f30a6b394f3e88a6832e8c857d5c565e2

C:\Users\Admin\AppData\Roaming\commons-logging.NOTICE.txt

MD5 29a862f6eff38cb86aa6b7e252658862
SHA1 107e00cfd62c91963571079a749e965bf7f1cb07
SHA256 dd38788eb8f833bca9eecd31bd31c0e73e11db3d30aa1778e9dde7717523eaf4
SHA512 6f3aba5be3e151f98111c3fd1e1a98d9cd5c0e1a989d1d50da3dc86b5ff8aa425a5c22f44b45f01661b7b03301685ef26751f03517db9905d923c3ffab80bb5c

C:\Users\Admin\AppData\Roaming\Crop and Marquee.tpl

MD5 51671b42156c794cac4e48040c449c6a
SHA1 0919f57624558a62685976634349ac8daadd105c
SHA256 345f54221bb8d8f9d85b114ce30946f4b7b36bdbbb5142112a9202b662b4872e
SHA512 3f54c35741990cd9ec0d8a67b067415901498a4012703f2611c113facef8728a97012a9c2a4cd1df3ff6f897c21fe780d2825bee0af9f62fc3d9407ad8d3bc77

C:\Users\Admin\AppData\Roaming\Bl for low con CG9 CG2.ADO

MD5 b6f1143c8ce84da8edc3a21da8dc18b6
SHA1 65213c11975ab7260ec6ea217406758671528116
SHA256 1d288ceac7533bcf9e862b4d3b4dd567027ab9632c401b002a60713439d788f8
SHA512 c803309d0dabf638cebee6317104737d7ef543a2d71a32772c2d9f35e897cfff85c6c1d69161b14cd90de40e56fa77705ad0080c2c96a89e3e8610b0073df080

C:\Users\Admin\AppData\Roaming\403-7.htm

MD5 734c37952961792b8c357983bd6e5552
SHA1 f67ad4059486a3af3e1e137c2fa84b7bb7bd9aa0
SHA256 3894905c34149fc242fa8ba66d76ca9d7b71fa8193209de8c34f96a39ceaae4f
SHA512 d833e18aa60f89ccb3db22e4d02f338d853564815e01aa509bfd5597a9c9ae309b729d34bd5dc134c4a05f2b9a38c94387777eb4c5096a6c18bc0d0104b3a6d1

C:\Users\Admin\AppData\Roaming\error_2.png

MD5 9e1f94cbefe64af5be4a3b82b5bce1e6
SHA1 c33e508e173b69328ce0426b10107eac395184c6
SHA256 738a28290b7e81322791a489e108ebc8321656601019f19310b9be58c01b9e12
SHA512 0ddccfea4c77eea1a92c02aea65b77bbc064b9628d2a919926996655a82c0a73aeb3c3820c0cf439e3c869b01195836139e6d61ec9aa206bf5c5c09423b06cd2

C:\Users\Admin\AppData\Roaming\15x15dot.png

MD5 cae411ba9a58ef39dd4971e388ef8342
SHA1 43a25f9bab3425e095912969f2417c7afc26fc4e
SHA256 b198543a2586875fe895d3e8a7fe5e0844256635b2477ac489cb29f2efe1850d
SHA512 18d75f17203459fc4a781b847214af337a0d4fa4fd72210d01450c3742137652780999099dcf780ae37dca2dc5b1aeea374f37fd4444a56fc8705a4509129aaa

C:\Users\Admin\AppData\Roaming\16to9Squareframe_SelectionSubpicture.png

MD5 facf5749e3029dc9b8388bae715bc2b2
SHA1 c988bb438605857b87697635e6b21be8d8739ba6
SHA256 2317dfd3b0b369ebff95b2e9733ae2bf1da6e2fbf146881f280c473a8815599c
SHA512 aa008b74617e58f488ad30a0fcc1c00f69aa80d09e8e7d3370df4563828abb5a52857418a759ec68a89241ac9ae3080ed343dc79fd781cd60194e79206141640

C:\Users\Admin\AppData\Roaming\bibliography.collection.xml

MD5 bf4d23441fcba19d50562f24219e2d1e
SHA1 b8d9842b75cb65544cd6b8b34042bfc9a2ed153c
SHA256 0433384767d1f7f4c4ffd68008e80069f18ddfd15e31057a230d7c2ebdea81ba
SHA512 a54db2c53eb11a5abd1e909590fce4c86e3718f462eb2f4e0a18e4de2df8f94867a2fb1193382fc9e355be5a0375afef54320f39bec2dd12a419633b08b103b6

C:\Users\Admin\AppData\Roaming\401-1.htm

MD5 d05a7dbe8f8c8f02f92b74117dd07fa0
SHA1 30ec4bfbd75e0c038d8f6f9cd13061373a19cc8d
SHA256 fa94df6f2e5857be46ad138172954f7fc2cafc7a8cfd3eea9129e27ac4e73a5d
SHA512 68522461281603406a8f95d6ba8bda1454c067ff006c93b47133a8e374d3cd362c5d4f8fb6f41ddc7adf44d7e3117ea8d1e60ae40fbc0617aab53c790592bec5

C:\Users\Admin\AppData\Roaming\Adobe-CNS1-5

MD5 4e2459eb24a4714d44ae8ff7cdf04c78
SHA1 bb55dcf5cf48d8b61c2ce6b8ee60f976c3bc344a
SHA256 88c4b6d6c92c6b8c5434551982df4ee4de5d81d36a79ebb27b23dd695e4677dc
SHA512 6f01a4e94ade932a5f809cda42ea498758b400ff79b5d7d561247bd9a76952d84cf3621bc200e8eb47037efa9fd2329bd628a4ce1f04e5839fea87c032ebbdea

C:\Users\Admin\AppData\Roaming\annot-close.png

MD5 003d7d65b86e72340418fbf01c6e0be1
SHA1 86eb06e3978310f9642be499164d9ecb4d33d5fc
SHA256 f468918ff647fdc89e474a7586314687b79925a4e7e74d5bfad74ec5e4cf84a3
SHA512 2419d22bb5afe35b5454ba7f7a62bb59ce5a4ac1fef95fb3764db8f660fe7611f40db88b8fd099e52bb57167b1d976dc18c54cda64cd6ea1a916edcf33b32779

C:\Users\Admin\AppData\Roaming\Faldstool.RMJ

MD5 29769390818a9e0ce0f7043b7ec84ca5
SHA1 2775929572ab5945ea4eb29db11b6356baee4312
SHA256 34d775228e3714d51b5fce5192974e80797bb8e61ab0d0b6b1239bd71b95cd4d
SHA512 ad9f3a07f30d147d05cf5773824548a643ce698f75fea530883e74a6928ffcad4ac7e622b030a7f4f5513eec0624593d8aa3513e635de61e61ae8eb287c0bdc3

memory/2028-162-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-163-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\icacls.lnk

MD5 2c361af5904478392d74a28655954d83
SHA1 cd528c22aecd226110609b67d6e4b7b6286e23c5
SHA256 64b4598de60a7813888a1d3a3ea8f4dd85de6f13e0130b2853e9634ca7794fd2
SHA512 ca6f776deca11d1a6dd236c6723229c24a6f760f03a33272dd9141807c35a685ecebb2480490d24dc6a2b50f5c9a60a241e2e414993c57e502b7233a3e84589e

memory/2028-165-0x0000000003780000-0x0000000003781000-memory.dmp

memory/2028-167-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-168-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-169-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Roaming\Adobe-CNS1-5

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2028-236-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2620-238-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2620-239-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-243-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Recovery\WindowsRE\# DECRYPT MY FILES #.vbs

MD5 6f84dbf74ef41dc3d861f5fb3e0f45ff
SHA1 3e5f17e9b9589f33ce6add7f2518a666ff2253a4
SHA256 df5f432d7e0d2bd1c4dddb1fabbf1e77bd1065b9020f71abaf1a45fbb950bbb8
SHA512 9f9ec25b815be7b20df26244d31848c9a4896b130241b63636d63511a290eaad78d289a9bb04592c0ba31492064671351b4c7359310f03469e27764132a20a5a

C:\Recovery\WindowsRE\# DECRYPT MY FILES #.url

MD5 7522782dd3c3fbc37f519210941e1551
SHA1 b11869dc4c43d5b1d4abb1571a7e3a7017df61de
SHA256 4cdd8061ea15a79e4b006e59e956ef9edcc4346d3ba21aaf49aa3462f32905c7
SHA512 5bf7e358f5a04b5d19ca81c6de3e9f6d80600956ab699eba86d3dabeb22813c208ba5154fd24670125ca095f9bba763abecdd3c306b91f27776a9791276fe71d

C:\Recovery\WindowsRE\# DECRYPT MY FILES #.txt

MD5 61a40ad261850eef44d654b1de8b4528
SHA1 96ccd8b5c688d6a936dd0833e31063e2d03bd745
SHA256 d3ff8ef6825e47a4af6fff0dcf8860489d7ee6f1d17cab8dc2cd05b11bdc4d0b
SHA512 b22e7b6ec521f13a0b63aebe286f3cdd4caeb164f1ef88db62ca3d50024849514b3cda2c79ce15648846e5bdf08726c3392503a2f5e6564ca0e78d989a961fb5

C:\Recovery\WindowsRE\# DECRYPT MY FILES #.html

MD5 ae0c7f70fc0721202a5b054e57f6af31
SHA1 cb12a0faf9c525eb6e51db7442dc00bfb1d3a1f2
SHA256 0ceff67b13556e240b8f1ba7e4053aebdd22e3ab483c426ef44ff671df2acc55
SHA512 c559759cff6983c326a9ff0712eb1431d861adf073ba9fd629bc0f4731394667b12c1e5d862f7f5b52a8a1e3e696ef132b02678d85e8f8fb3472f9278b15a70b

memory/2028-242-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-571-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-574-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-580-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-595-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-598-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-611-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-614-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-604-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-608-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-601-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-592-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-589-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-586-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-583-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-577-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-616-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-619-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 928c1e681f7c998dfaaf2f929a02a835
SHA1 26593968adf70ee9499b830e594dba684ca85eba
SHA256 11d05875f148a963aacb78a1916751636a0bbecafcd43706747c09d0935857be
SHA512 aacba83c2ce7466713be8e9388982ef73800dd12e8f609235144664d0cc29ab00de5cbad8d4ca15507ad3b1a035c37200a55dbc6456d8d49a4e89c7f6f48f6f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

memory/2028-681-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-682-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2028-683-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\42904db7-5415-4c95-9a38-5e4367a8fb7c.tmp

MD5 1630c38e7200f4997ec0e225391c11fa
SHA1 496f95a78c8a42e5e8efcfb27be4822133de17d3
SHA256 3873b2146c2266cc68e7694607d415c45546cac303d141fddebb6024a5ced73f
SHA512 f1f5690c2fccb7cfc760e0ca4ade48ce7328823d5d3e18f8621a3fc482f58ac67f2d159bd3ad480ce9d61028528f8202c79318d9c4358302acba06448af814e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b27a6d3f1d3cf10dddc5fcaab60da89b
SHA1 2ff0c97f01bb6fcf2eb8755a4960ad4a06b1bf94
SHA256 e8fa426ec8dbbe851ecac8209cc65431d6a06df3977bdf54c5b7ae53a9cfffa4
SHA512 eb964c7998dce762ce1a57f49e61f2293fe29bb96947e31017b4783d7bf4138bdc68e5d0b381a142e3d1da903bb2049f4d49017e97e0325aa0c1e6fdb34e8b2c