Analysis Overview
SHA256
470d82dec3c67b3d319ac7774f4276de82a5c853c8c39bb626df0fe81d6a1859
Threat Level: Known bad
The file 83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Cerber
Deletes shadow copies
Blocklisted process makes network request
Contacts a large (517) amount of remote hosts
Deletes itself
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Suspicious use of SetThreadContext
Sets desktop wallpaper using registry
Drops file in Program Files directory
Program crash
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Runs ping.exe
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-30 10:36
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-30 10:36
Reported
2024-05-30 10:38
Platform
win10v2004-20240226-en
Max time kernel
137s
Max time network
147s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3136 wrote to memory of 4764 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3136 wrote to memory of 4764 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3136 wrote to memory of 4764 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StartMenu.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StartMenu.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4764 -ip 4764
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 612
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5164 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-30 10:36
Reported
2024-05-30 10:38
Platform
win10v2004-20240426-en
Max time kernel
115s
Max time network
116s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3888 wrote to memory of 3904 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3888 wrote to memory of 3904 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3888 wrote to memory of 3904 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3904 -ip 3904
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-05-30 10:36
Reported
2024-05-30 10:38
Platform
win10v2004-20240426-en
Max time kernel
94s
Max time network
97s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1960 wrote to memory of 4160 | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 1960 wrote to memory of 4160 | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 1960 wrote to memory of 4160 | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
| MD5 | 8fa298cda497c00f7fc3f66c5b833c18 |
| SHA1 | 5ec6abbd95d5e6e11a88bf58da75588dc62356e4 |
| SHA256 | 58e900d7fd20ec0e308d68cdeb6e45de9ee0ec5b25fe5853f854cfc6c12df6fb |
| SHA512 | 3845dff86122ccb1932db0abed4daf202d750938f1a46eb971851897deb79ab055bc0c86ca9c30a61d1f201d672fc6b247650e5c3cb3511e4d62c2c8a36f1f08 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-05-30 10:36
Reported
2024-05-30 10:38
Platform
win7-20240221-en
Max time kernel
142s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000932c808b3e379c43aade047b3c5a684a00000000020000000000106600000001000020000000284d67135e9603562e43a065240616df26dd1dcad2c50b6c64250dbf134ccd35000000000e80000000020000200000002a22e093201206992c9a3b86dedff98caf1a2bbffc76c4bd8e78966840b60c939000000045e7e516447ddde0680fdac3e5f52fdd32cee9e8452ce3be484a6e6b3ce1ffc723b469cc3609eff20af5f0685db40727bad26ff7bbe4f8e3f34268679184015c972cfcb81fad3751458cb5c94400cf684e5b43daf925abc8d93ceab2c251f6b646b376dd8835cc9b4a580641901173921d99975729cab55fc31b82384fa02f377c2f9abb82e4e6d528bb600c6175fbf240000000512b96c8a1fec74fe11da6c9fed117553e0183efd1e00201d3a9124edc585c0a1c7494b32bb334563406d8d3276df791fd4c5c17a8b048dfd6564759515b49e8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7240AB91-1E70-11EF-873B-52ADCDCA366E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000932c808b3e379c43aade047b3c5a684a00000000020000000000106600000001000020000000e09a597f31c51ec231c6b93f3002c47b30a9cfd84eb7b36f00e82526b6ed7d2f000000000e8000000002000020000000270177e76e14f95fa381f899315ae715f0a68ae21deb222ee0c9f13f5f93087920000000bf5347071caed12b7486f106707c5a38966970c866f1997869fc2c601fb705c84000000051bff888d18915bcf20210b8a85c2181baeb69b12949cd68446255bacedd85856495b805fe7e1d29a054a6d1b3fd65ec53a765cdccf2d74f374b42c08619bd5d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423227245" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7059ae497db2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2856 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2856 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2856 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2856 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\store.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | rcm.amazon.com | udp |
| US | 8.8.8.8:53 | www.jjtc.com | udp |
| US | 67.20.76.247:80 | www.jjtc.com | tcp |
| US | 67.20.76.247:80 | www.jjtc.com | tcp |
| US | 8.8.8.8:53 | astore.amazon.com | udp |
| US | 176.32.98.40:80 | astore.amazon.com | tcp |
| US | 176.32.98.40:80 | astore.amazon.com | tcp |
| US | 8.8.8.8:53 | g-ecx.images-amazon.com | udp |
| US | 67.20.76.247:443 | www.jjtc.com | tcp |
| FR | 18.155.131.54:80 | g-ecx.images-amazon.com | tcp |
| FR | 18.155.131.54:80 | g-ecx.images-amazon.com | tcp |
| US | 67.20.76.247:443 | www.jjtc.com | tcp |
| US | 67.20.76.247:443 | www.jjtc.com | tcp |
| US | 67.20.76.247:443 | www.jjtc.com | tcp |
| US | 8.8.8.8:53 | rcm.amazon.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab46E1.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dea6978cc672f19bd22d36e739852ded |
| SHA1 | f3361dc979d6be95d31a2ab91e81bd040d327454 |
| SHA256 | 1659e850f4fbe9a2054622b7c990f17d6b33bac71e295a7eca82d59e8c2ac683 |
| SHA512 | 9406ed8216233d8aa0af4e37beda472dc3839bbf8dd7d88640b9b23a8e310c9e3520c8db65ee442bd838d7d64f642f304c609b6e1ed7d73a0156bc54bfcd47d3 |
C:\Users\Admin\AppData\Local\Temp\Tar47E3.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e054ba2c43f083ad8a784b0fac585189 |
| SHA1 | 4aea24058568cdd317e8211ca6ae31fab35a5678 |
| SHA256 | 0dd935cbc69d1aa3ffc9d2152783cb468a7dfd0d047e2e374030f42f11835f26 |
| SHA512 | 319a9dd7dee7f6eb2b0442906723cadf06dc414bc0fc25aa18f9fecf534f97d3001c6ea99597c02c6fea027662b43efb56a7e487f1aacee876f905501882d4fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1c25a0eb82beff88f5683cfd76fabfa |
| SHA1 | 89adc9831eba1f7672bb24b65b46ff054dc598a9 |
| SHA256 | d7cda2dd5937b9048bbee5eebe51c74f4cf4040d1f9406210a608164c711f35b |
| SHA512 | 4a82e973704802bb66e82311e87a45f6408797420a356c4b21f918cff85f3fb600772967315d636b494c1473f3352fb7de69c2852de61fa59671d8747f662594 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd1e0e571000666aa87430fe2fa91b17 |
| SHA1 | 0959d40be7ed1ead061be066681c160489a60bbe |
| SHA256 | 8b3de990714892e7c9c89b74d42c2ba1fb3499944a557cb3e1ac635737dc1fe9 |
| SHA512 | 38fb29c468dfa7b4aba52d50a7b3ac6dedd1e1d8808ab4cb5ba905c1766b6a009789e3faec509c2c23ede5e6be7b84ebc618f8043f11fbeebcb9f303f2352fe6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79b2eb864ed245f0e14ed55d64870404 |
| SHA1 | b8cb7b8991e7b4e9a5473d791536ee0167211964 |
| SHA256 | 633ff8fe6928b587c4f2d682d9be06ae3f734735415b923823aa0327d9f7dc07 |
| SHA512 | c9da5c8265aeec7b88f5c56c43e47d816603367ebcc000938ddd8e7322e4e62ae03218fdc3a519225e30637bd72385c666583355a4a39c6ce49888f7166cf92b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33326f99fe237d41ce221478a9a7abbe |
| SHA1 | 5dd9c9dc97b52eeb1a44fe670eeaf1ca185db909 |
| SHA256 | 5085c0b95710946ab7d6e724002fc90a9143ceba15ba3d2a06447b540359d689 |
| SHA512 | 69a59dc0c5b5943a51c69bdc6e203447cb6fa69bd2b831e74c301a2f4ab59a0a5cd7b8c3b14c929733f66e1ad196af11255cf811113e1f4517413ff37e513078 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0976f52e32f18026825b8cf6ebe5caf |
| SHA1 | 62218701e4e5ecf09e2b2045240508132cc722b8 |
| SHA256 | 5949d2f2636717423ca98bb1ffa863535275312d87506213e82cb57f6cb6a39e |
| SHA512 | 10218d8619eb284063c18c184afcf7a898df5472f24be8ad09eef69ff674549e25ca38eac3bd2cf8159efedafec90f404ca212ea9897ecf5d0c837aecf81bd2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84a1ce9baf2d47000e8d8e9623dae778 |
| SHA1 | 8dce310f5356bbde6a71c98559a48f936f4d7247 |
| SHA256 | 870eb850ae2c0974d7cc342f8f10849f3e3799bfc98819811e72e804d7550e5e |
| SHA512 | a27e211768a8b15a24848a3e43af30e9f3163aca0148c2b253cf435138ac03a883dd7dca3cd1910c4b0bf833a09678e3cbe4e460b19714045593f30009bcc3d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 263a954ebedaca3a61ccaaf2560d91ec |
| SHA1 | 2d572a85096bc10451943504bc9229771373efa7 |
| SHA256 | bed94959956c14a4b96c2c043455f27a353370fe6105593b2680518544d13524 |
| SHA512 | d2899300199a4498af79dfd3345504bec3a8e39aeadeb7ce3e7020c8d7feae45260ae071e713595cab9a1b339aba5d31c9cf5952eb4f7c1e848af1b0652248ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 398a2e71c86b8548873aa31903a5f359 |
| SHA1 | d822bf12277ac211955c679fd6937d914c21e0f5 |
| SHA256 | b8ee134dcc69ecb8aa18561a1d80f13f36a10f0123e97dad09ae1f7641e53536 |
| SHA512 | 0873ffe4979f24b379f66ec056ac0bfde7503032e5d1316b2b958cc01da82d617ccc3d537737104376e8610b846fa41136a48af44f2cab972ad946e3f15536a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10ba9d3ff0a1391db826e45e28c066e5 |
| SHA1 | 614022fe8d0d6150b2ae9e12f5dcb73208912b2e |
| SHA256 | 855f5a577d0fa6d858170a98d22375c7b3990014c7325108cee5b7173b8590c6 |
| SHA512 | 216f625d62cea15ac9d78977b89ae99a1413f1af402f073c6f6ab431cf34fb6468cc4f7c40e60183bfcbafc85a826b9fdd46d48621cc4bc01a2a1ecea32f9992 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 562923ee03a4f46d17c4f346db280569 |
| SHA1 | 7d044fcc0eaa2cc9d79fd2ad61cdad9a18ad1df0 |
| SHA256 | 9f76d984886c8d28b3e4d31f831785270e9e95a84ec515ed38f83824823e7e12 |
| SHA512 | bdecb090f6df0af13063a8ba1423baf424da122956356e72caf407e5b723456cad6f4799a01898c829e2af76891df2ec528c69b421203e22c3e766053158fe49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc8308d83e619cbb4a271e4230819b35 |
| SHA1 | c45216b790dcb7bd58eea6d9895f0ec572069e6e |
| SHA256 | 146d4b0a9275e243f24fd786ab600cb61aed6b5366831ef9ebeaa91f617a92b6 |
| SHA512 | 7e808e0c363610d19e6384641efcc3abc7bfc614dc296b4f27daabdef8a1c860707f16aa74e674f128a4ef0b7f24e32f00e15b3801a4abaeb12a47c049038318 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42cc4d19b1a557ed51630cf9170f4cc8 |
| SHA1 | 2083b89b46da737e126dbb47747dd6a2ac309fc9 |
| SHA256 | 4cf7d7adca35cfbd3e2e8042c28de639d5da6ce4bcd434f46e5c3ba6dd8955ea |
| SHA512 | a543055a8da9ae4b32af182e3a64be40c81b85d529a568bd93cb8b65fc37660843bc6723cea428e9783a393c1b57c7b1c46c3225561aa7ef4d772195567457f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39da335edf65ec64f50ac76f26de2ee3 |
| SHA1 | ef427e9afa0422fa546ef3c4a464398274637ab0 |
| SHA256 | cc2203f0ff75b205816c242ae3710ea86a7bcdbf62fb3f6a79fc746bfe64cac9 |
| SHA512 | 2b2237faf7f00b9ee1e2e7381ea0a8f7aa3e5ec53ac1a7fe344572c1f83838f7a81709459d1914743f14a1ebd3d04a2e95325657cda0bee814ee54ed41064389 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7c1f8a4c0161b8095b08a045d40d801 |
| SHA1 | 8f3a07343358cb7c74a07f41a10707d5bcd66ce8 |
| SHA256 | d02f75a3acc1677ab8b844f610cbd6d56c997b979b3372272435b6ccd72209b1 |
| SHA512 | 2f7043a9123dced19455dc7af888c11c695b731b79fcc7885e04268bf18a71687aedb62c3cc77c7e71730403b1cb62a79e7798cf61d2e9dc97f6f873af918cb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64242011403d26f7a0e2a9aaca6cf275 |
| SHA1 | 200bd2900e08d6238f6952d538f42449e0ea075a |
| SHA256 | 470314357e79ccbb67e64af9855acc0f2c403435a0ff04e1fb22f61ab2644f08 |
| SHA512 | ff204b4e47a38406794592134356e16b7a2001ea2445fe141eb9592a4d5a3c4f1f344368bd1a92c0ce8b26fbc5d6bc4a81aef93d6fca9f9e43fa4f22e40dc445 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a53a42f976f645408c67229c5a2a190b |
| SHA1 | 18ed248bf02dddd4295c6f7d595ca87124724633 |
| SHA256 | e5e78210063f1a54d14eda633adea2ae9ab736764a6b7a7cda064c0e2034c8d8 |
| SHA512 | 06af7f58cd6254983a970c2ee936c2e405554ed33b0dd191927ca5ce810d0b515a7228d536a850c45c72eec661344f281af27889c3bd9370917a04ed03ba3f5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 149d58ce9d5ec08a9cc3c01af46d45aa |
| SHA1 | f69e0025cf1b65d93fd490711a54203e606c5f41 |
| SHA256 | 4e7803a45933727817dba78703ec78cceb1faa3472e93b930a3d665352cfcef9 |
| SHA512 | 7b1f8dd697cca3de06627ec35972200859381fac5c175eb0713670f9ff5d7004c496d8af8626238fd3f3c31587c66b9546af792640c3a328dcad7f508afe9642 |
Analysis: behavioral10
Detonation Overview
Submitted
2024-05-30 10:36
Reported
2024-05-30 10:38
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\store.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe401546f8,0x7ffe40154708,0x7ffe40154718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,8727594493783197795,16114384887369121517,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,8727594493783197795,16114384887369121517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,8727594493783197795,16114384887369121517,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8727594493783197795,16114384887369121517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8727594493783197795,16114384887369121517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8727594493783197795,16114384887369121517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,8727594493783197795,16114384887369121517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,8727594493783197795,16114384887369121517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8727594493783197795,16114384887369121517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8727594493783197795,16114384887369121517,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8727594493783197795,16114384887369121517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8727594493783197795,16114384887369121517,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,8727594493783197795,16114384887369121517,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | astore.amazon.com | udp |
| US | 52.46.143.153:80 | astore.amazon.com | tcp |
| US | 8.8.8.8:53 | rcm.amazon.com | udp |
| US | 8.8.8.8:53 | www.jjtc.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 67.20.76.247:80 | www.jjtc.com | tcp |
| US | 8.8.8.8:53 | g-ecx.images-amazon.com | udp |
| FR | 18.155.131.54:80 | g-ecx.images-amazon.com | tcp |
| US | 67.20.76.247:80 | www.jjtc.com | tcp |
| US | 67.20.76.247:443 | www.jjtc.com | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.143.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.131.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.76.20.67.in-addr.arpa | udp |
| NL | 23.62.61.162:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 162.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 89.16.208.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_8_VURGEWJEOFJKDVNB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f4fdf3976922dff29ba17eb259b68100 |
| SHA1 | 8625666d8889d22b349482f32834a15e9129aa21 |
| SHA256 | 31408c76be6332627ddadf1e22ed70d92830ca8ffdc77d59a8f5cfb997a31a3b |
| SHA512 | f042259c34b9991b938230b6aa09a79c843406dfb8cc6e589dddad665db29963223faabcf9a95375e98849ae239f831521e2f8b4b6eab2a3d4bc04304bba3d6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d48b3f17b02649061198b5ef33989259 |
| SHA1 | 3c21c8d3da4a689187cc158f87425d6c2e13e167 |
| SHA256 | 5c5295752878181cefbfbad83903d46090061861432b6835f290f5306446a07e |
| SHA512 | 2483f4dea546b3116bffee9753711650025114eab335722948d68f4da63d0e44f098365ed9a0266956b1df22f8f900561dc2d86dc4a3817adef1ec8d9e27ad6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c0215481bf32bf7964559ac96685b42e |
| SHA1 | 9894f055a7a55c81fb1792a1538dab31f5408639 |
| SHA256 | 945d5aba63fc8141b6a6ffede81f8d633200fa7311119e66e264b9e33f8c9b19 |
| SHA512 | dca5a8ec4f00d64ba5531f6d57cfe2f7677602f8a3ef9a7a0721cbcc426e6a059eecd7a6bdb53c43fbe85a585d67c054c27f6214d2c4c5aeb03af401f84ef1e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f6e27ae0105ed938030a86cbb63dcf9f |
| SHA1 | b09031c9302aae9d07e8b0e26a5e44d8282eea00 |
| SHA256 | a4d22ac691997ea027162ab50218756a92b56efd39014c15b9c5057bee37d2c7 |
| SHA512 | 5edb56842d5122675ba62c76a90edc685b63744ef2fb51adcf2e0d400dc9250d87fe9deabfd7fadd81067d9f347713e9718d196d696bc1a7f7222b9e47dd84b3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-30 10:36
Reported
2024-05-30 10:38
Platform
win10v2004-20240426-en
Max time kernel
94s
Max time network
144s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4920 wrote to memory of 780 | N/A | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe |
| PID 4920 wrote to memory of 780 | N/A | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe |
| PID 4920 wrote to memory of 780 | N/A | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4920 -ip 4920
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 864
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsq2FCB.tmp\System.dll
| MD5 | ca332bb753b0775d5e806e236ddcec55 |
| SHA1 | f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f |
| SHA256 | df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d |
| SHA512 | 2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00 |
memory/4920-9-0x0000000002710000-0x000000000273E000-memory.dmp
memory/4920-11-0x0000000002710000-0x000000000273E000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-30 10:36
Reported
2024-05-30 10:38
Platform
win7-20240221-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StartMenu.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StartMenu.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 224
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-30 10:36
Reported
2024-05-30 10:38
Platform
win7-20240221-en
Max time kernel
119s
Max time network
125s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 228
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-30 10:36
Reported
2024-05-30 10:38
Platform
win7-20240508-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1284 wrote to memory of 1148 | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 1284 wrote to memory of 1148 | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 1284 wrote to memory of 1148 | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 1284 wrote to memory of 1148 | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
Network
Files
\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
| MD5 | 8fa298cda497c00f7fc3f66c5b833c18 |
| SHA1 | 5ec6abbd95d5e6e11a88bf58da75588dc62356e4 |
| SHA256 | 58e900d7fd20ec0e308d68cdeb6e45de9ee0ec5b25fe5853f854cfc6c12df6fb |
| SHA512 | 3845dff86122ccb1932db0abed4daf202d750938f1a46eb971851897deb79ab055bc0c86ca9c30a61d1f201d672fc6b247650e5c3cb3511e4d62c2c8a36f1f08 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 10:36
Reported
2024-05-30 10:38
Platform
win7-20240508-en
Max time kernel
119s
Max time network
145s
Command Line
Signatures
Cerber
Deletes shadow copies
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
Contacts a large (517) amount of remote hosts
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe | N/A |
Reads user/profile data of web browsers
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpD74C.bmp" | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2140 set thread context of 2960 | N/A | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\DESIGNER.ONE | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\PLANNERS.ONE | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\_README_.hta | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BLANK.ONE | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BUSINESS.ONE | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\wbem\WMIC.exe
C:\Windows\system32\wbem\wmic.exe shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\_README_.hta"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im "83ed601d78668f82bdd449f82d9f51c5_JaffaCakes118.exe"
C:\Windows\system32\PING.EXE
ping -n 1 127.0.0.1
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.0.0:6892 | udp | |
| N/A | 192.168.0.1:6892 | udp | |
| N/A | 192.168.0.2:6892 | udp | |
| N/A | 192.168.0.3:6892 | udp | |
| N/A | 192.168.0.4:6892 | udp | |
| N/A | 192.168.0.5:6892 | udp | |
| N/A | 192.168.0.6:6892 | udp | |
| N/A | 192.168.0.7:6892 | udp | |
| N/A | 192.168.0.8:6892 | udp | |
| N/A | 192.168.0.9:6892 | udp | |
| N/A | 192.168.0.10:6892 | udp | |
| N/A | 192.168.0.11:6892 | udp | |
| N/A | 192.168.0.12:6892 | udp | |
| N/A | 192.168.0.13:6892 | udp | |
| N/A | 192.168.0.14:6892 | udp | |
| N/A | 192.168.0.15:6892 | udp | |
| N/A | 192.168.0.16:6892 | udp | |
| N/A | 192.168.0.17:6892 | udp | |
| N/A | 192.168.0.18:6892 | udp | |
| N/A | 192.168.0.19:6892 | udp | |
| N/A | 192.168.0.20:6892 | udp | |
| N/A | 192.168.0.21:6892 | udp | |
| N/A | 192.168.0.22:6892 | udp | |
| N/A | 192.168.0.23:6892 | udp | |
| N/A | 192.168.0.24:6892 | udp | |
| N/A | 192.168.0.25:6892 | udp | |
| N/A | 192.168.0.26:6892 | udp | |
| N/A | 192.168.0.27:6892 | udp | |
| N/A | 192.168.0.28:6892 | udp | |
| N/A | 192.168.0.29:6892 | udp | |
| N/A | 192.168.0.30:6892 | udp | |
| N/A | 192.168.0.31:6892 | udp | |
| LT | 194.165.16.0:6892 | udp | |
| LT | 194.165.16.1:6892 | udp | |
| LT | 194.165.16.2:6892 | udp | |
| LT | 194.165.16.3:6892 | udp | |
| LT | 194.165.16.4:6892 | udp | |
| LT | 194.165.16.5:6892 | udp | |
| LT | 194.165.16.6:6892 | udp | |
| LT | 194.165.16.7:6892 | udp | |
| LT | 194.165.16.8:6892 | udp | |
| LT | 194.165.16.9:6892 | udp | |
| LT | 194.165.16.10:6892 | udp | |
| LT | 194.165.16.11:6892 | udp | |
| LT | 194.165.16.12:6892 | udp | |
| LT | 194.165.16.13:6892 | udp | |
| LT | 194.165.16.14:6892 | udp | |
| LT | 194.165.16.15:6892 | udp | |
| LT | 194.165.16.16:6892 | udp | |
| LT | 194.165.16.17:6892 | udp | |
| LT | 194.165.16.18:6892 | udp | |
| LT | 194.165.16.19:6892 | udp | |
| LT | 194.165.16.20:6892 | udp | |
| LT | 194.165.16.21:6892 | udp | |
| LT | 194.165.16.22:6892 | udp | |
| LT | 194.165.16.23:6892 | udp | |
| LT | 194.165.16.24:6892 | udp | |
| LT | 194.165.16.25:6892 | udp | |
| LT | 194.165.16.26:6892 | udp | |
| LT | 194.165.16.27:6892 | udp | |
| LT | 194.165.16.28:6892 | udp | |
| LT | 194.165.16.29:6892 | udp | |
| LT | 194.165.16.30:6892 | udp | |
| LT | 194.165.16.31:6892 | udp | |
| LT | 194.165.16.32:6892 | udp | |
| LT | 194.165.16.33:6892 | udp | |
| LT | 194.165.16.34:6892 | udp | |
| LT | 194.165.16.35:6892 | udp | |
| LT | 194.165.16.36:6892 | udp | |
| LT | 194.165.16.37:6892 | udp | |
| LT | 194.165.16.38:6892 | udp | |
| LT | 194.165.16.39:6892 | udp | |
| LT | 194.165.16.40:6892 | udp | |
| LT | 194.165.16.41:6892 | udp | |
| LT | 194.165.16.42:6892 | udp | |
| LT | 194.165.16.43:6892 | udp | |
| LT | 194.165.16.44:6892 | udp | |
| LT | 194.165.16.45:6892 | udp | |
| LT | 194.165.16.46:6892 | udp | |
| LT | 194.165.16.47:6892 | udp | |
| LT | 194.165.16.48:6892 | udp | |
| LT | 194.165.16.49:6892 | udp | |
| LT | 194.165.16.50:6892 | udp | |
| LT | 194.165.16.51:6892 | udp | |
| LT | 194.165.16.52:6892 | udp | |
| LT | 194.165.16.53:6892 | udp | |
| LT | 194.165.16.54:6892 | udp | |
| LT | 194.165.16.55:6892 | udp | |
| LT | 194.165.16.56:6892 | udp | |
| LT | 194.165.16.57:6892 | udp | |
| LT | 194.165.16.58:6892 | udp | |
| LT | 194.165.16.59:6892 | udp | |
| LT | 194.165.16.60:6892 | udp | |
| LT | 194.165.16.61:6892 | udp | |
| LT | 194.165.16.62:6892 | udp | |
| LT | 194.165.16.63:6892 | udp | |
| LT | 194.165.16.64:6892 | udp | |
| LT | 194.165.16.65:6892 | udp | |
| LT | 194.165.16.66:6892 | udp | |
| LT | 194.165.16.67:6892 | udp | |
| LT | 194.165.16.68:6892 | udp | |
| LT | 194.165.16.69:6892 | udp | |
| LT | 194.165.16.70:6892 | udp | |
| LT | 194.165.16.71:6892 | udp | |
| LT | 194.165.16.72:6892 | udp | |
| LT | 194.165.16.73:6892 | udp | |
| LT | 194.165.16.74:6892 | udp | |
| LT | 194.165.16.75:6892 | udp | |
| LT | 194.165.16.76:6892 | udp | |
| LT | 194.165.16.77:6892 | udp | |
| LT | 194.165.16.78:6892 | udp | |
| LT | 194.165.16.79:6892 | udp | |
| LT | 194.165.16.80:6892 | udp | |
| LT | 194.165.16.81:6892 | udp | |
| LT | 194.165.16.82:6892 | udp | |
| LT | 194.165.16.83:6892 | udp | |
| LT | 194.165.16.84:6892 | udp | |
| LT | 194.165.16.85:6892 | udp | |
| LT | 194.165.16.86:6892 | udp | |
| LT | 194.165.16.87:6892 | udp | |
| LT | 194.165.16.88:6892 | udp | |
| LT | 194.165.16.89:6892 | udp | |
| LT | 194.165.16.90:6892 | udp | |
| LT | 194.165.16.91:6892 | udp | |
| LT | 194.165.16.92:6892 | udp | |
| LT | 194.165.16.93:6892 | udp | |
| LT | 194.165.16.94:6892 | udp | |
| LT | 194.165.16.95:6892 | udp | |
| LT | 194.165.16.96:6892 | udp | |
| LT | 194.165.16.97:6892 | udp | |
| LT | 194.165.16.98:6892 | udp | |
| LT | 194.165.16.99:6892 | udp | |
| LT | 194.165.16.100:6892 | udp | |
| LT | 194.165.16.101:6892 | udp | |
| LT | 194.165.16.102:6892 | udp | |
| LT | 194.165.16.103:6892 | udp | |
| LT | 194.165.16.104:6892 | udp | |
| LT | 194.165.16.105:6892 | udp | |
| LT | 194.165.16.106:6892 | udp | |
| LT | 194.165.16.107:6892 | udp | |
| LT | 194.165.16.108:6892 | udp | |
| LT | 194.165.16.109:6892 | udp | |
| LT | 194.165.16.110:6892 | udp | |
| LT | 194.165.16.111:6892 | udp | |
| LT | 194.165.16.112:6892 | udp | |
| LT | 194.165.16.113:6892 | udp | |
| LT | 194.165.16.114:6892 | udp | |
| LT | 194.165.16.115:6892 | udp | |
| LT | 194.165.16.116:6892 | udp | |
| LT | 194.165.16.117:6892 | udp | |
| LT | 194.165.16.118:6892 | udp | |
| LT | 194.165.16.119:6892 | udp | |
| LT | 194.165.16.120:6892 | udp | |
| LT | 194.165.16.121:6892 | udp | |
| LT | 194.165.16.122:6892 | udp | |
| LT | 194.165.16.123:6892 | udp | |
| LT | 194.165.16.124:6892 | udp | |
| LT | 194.165.16.125:6892 | udp | |
| LT | 194.165.16.126:6892 | udp | |
| LT | 194.165.16.127:6892 | udp | |
| LT | 194.165.16.128:6892 | udp | |
| LT | 194.165.16.129:6892 | udp | |
| LT | 194.165.16.130:6892 | udp | |
| LT | 194.165.16.131:6892 | udp | |
| LT | 194.165.16.132:6892 | udp | |
| LT | 194.165.16.133:6892 | udp | |
| LT | 194.165.16.134:6892 | udp | |
| LT | 194.165.16.135:6892 | udp | |
| LT | 194.165.16.136:6892 | udp | |
| LT | 194.165.16.137:6892 | udp | |
| LT | 194.165.16.138:6892 | udp | |
| LT | 194.165.16.139:6892 | udp | |
| LT | 194.165.16.140:6892 | udp | |
| LT | 194.165.16.141:6892 | udp | |
| LT | 194.165.16.142:6892 | udp | |
| LT | 194.165.16.143:6892 | udp | |
| LT | 194.165.16.144:6892 | udp | |
| LT | 194.165.16.145:6892 | udp | |
| LT | 194.165.16.146:6892 | udp | |
| LT | 194.165.16.147:6892 | udp | |
| LT | 194.165.16.148:6892 | udp | |
| LT | 194.165.16.149:6892 | udp | |
| LT | 194.165.16.150:6892 | udp | |
| LT | 194.165.16.151:6892 | udp | |
| LT | 194.165.16.152:6892 | udp | |
| LT | 194.165.16.153:6892 | udp | |
| LT | 194.165.16.154:6892 | udp | |
| LT | 194.165.16.155:6892 | udp | |
| LT | 194.165.16.156:6892 | udp | |
| LT | 194.165.16.157:6892 | udp | |
| LT | 194.165.16.158:6892 | udp | |
| LT | 194.165.16.159:6892 | udp | |
| LT | 194.165.16.160:6892 | udp | |
| LT | 194.165.16.161:6892 | udp | |
| LT | 194.165.16.162:6892 | udp | |
| LT | 194.165.16.163:6892 | udp | |
| LT | 194.165.16.164:6892 | udp | |
| LT | 194.165.16.165:6892 | udp | |
| LT | 194.165.16.166:6892 | udp | |
| LT | 194.165.16.167:6892 | udp | |
| LT | 194.165.16.168:6892 | udp | |
| LT | 194.165.16.169:6892 | udp | |
| LT | 194.165.16.170:6892 | udp | |
| LT | 194.165.16.171:6892 | udp | |
| LT | 194.165.16.172:6892 | udp | |
| LT | 194.165.16.173:6892 | udp | |
| LT | 194.165.16.174:6892 | udp | |
| LT | 194.165.16.175:6892 | udp | |
| LT | 194.165.16.176:6892 | udp | |
| LT | 194.165.16.177:6892 | udp | |
| LT | 194.165.16.178:6892 | udp | |
| LT | 194.165.16.179:6892 | udp | |
| LT | 194.165.16.180:6892 | udp | |
| LT | 194.165.16.181:6892 | udp | |
| LT | 194.165.16.182:6892 | udp | |
| LT | 194.165.16.183:6892 | udp | |
| LT | 194.165.16.184:6892 | udp | |
| LT | 194.165.16.185:6892 | udp | |
| LT | 194.165.16.186:6892 | udp | |
| LT | 194.165.16.187:6892 | udp | |
| LT | 194.165.16.188:6892 | udp | |
| LT | 194.165.16.189:6892 | udp | |
| LT | 194.165.16.190:6892 | udp | |
| LT | 194.165.16.191:6892 | udp | |
| LT | 194.165.16.192:6892 | udp | |
| LT | 194.165.16.193:6892 | udp | |
| LT | 194.165.16.194:6892 | udp | |
| LT | 194.165.16.195:6892 | udp | |
| LT | 194.165.16.196:6892 | udp | |
| LT | 194.165.16.197:6892 | udp | |
| LT | 194.165.16.198:6892 | udp | |
| LT | 194.165.16.199:6892 | udp | |
| LT | 194.165.16.200:6892 | udp | |
| LT | 194.165.16.201:6892 | udp | |
| LT | 194.165.16.202:6892 | udp | |
| LT | 194.165.16.203:6892 | udp | |
| LT | 194.165.16.204:6892 | udp | |
| LT | 194.165.16.205:6892 | udp | |
| LT | 194.165.16.206:6892 | udp | |
| LT | 194.165.16.207:6892 | udp | |
| LT | 194.165.16.208:6892 | udp | |
| LT | 194.165.16.209:6892 | udp | |
| LT | 194.165.16.210:6892 | udp | |
| LT | 194.165.16.211:6892 | udp | |
| LT | 194.165.16.212:6892 | udp | |
| LT | 194.165.16.213:6892 | udp | |
| LT | 194.165.16.214:6892 | udp | |
| LT | 194.165.16.215:6892 | udp | |
| LT | 194.165.16.216:6892 | udp | |
| LT | 194.165.16.217:6892 | udp | |
| LT | 194.165.16.218:6892 | udp | |
| LT | 194.165.16.219:6892 | udp | |
| LT | 194.165.16.220:6892 | udp | |
| LT | 194.165.16.221:6892 | udp | |
| LT | 194.165.16.222:6892 | udp | |
| LT | 194.165.16.223:6892 | udp | |
| LT | 194.165.16.224:6892 | udp | |
| LT | 194.165.16.225:6892 | udp | |
| LT | 194.165.16.226:6892 | udp | |
| LT | 194.165.16.227:6892 | udp | |
| LT | 194.165.16.228:6892 | udp | |
| LT | 194.165.16.229:6892 | udp | |
| LT | 194.165.16.230:6892 | udp | |
| LT | 194.165.16.231:6892 | udp | |
| LT | 194.165.16.232:6892 | udp | |
| LT | 194.165.16.233:6892 | udp | |
| LT | 194.165.16.234:6892 | udp | |
| LT | 194.165.16.235:6892 | udp | |
| LT | 194.165.16.236:6892 | udp | |
| LT | 194.165.16.237:6892 | udp | |
| LT | 194.165.16.238:6892 | udp | |
| LT | 194.165.16.239:6892 | udp | |
| LT | 194.165.16.240:6892 | udp | |
| LT | 194.165.16.241:6892 | udp | |
| LT | 194.165.16.242:6892 | udp | |
| LT | 194.165.16.243:6892 | udp | |
| LT | 194.165.16.244:6892 | udp | |
| LT | 194.165.16.245:6892 | udp | |
| LT | 194.165.16.246:6892 | udp | |
| LT | 194.165.16.247:6892 | udp | |
| LT | 194.165.16.248:6892 | udp | |
| LT | 194.165.16.249:6892 | udp | |
| LT | 194.165.16.250:6892 | udp | |
| LT | 194.165.16.251:6892 | udp | |
| LT | 194.165.16.252:6892 | udp | |
| LT | 194.165.16.253:6892 | udp | |
| LT | 194.165.16.254:6892 | udp | |
| N/A | 127.0.0.0:6892 | udp | |
| N/A | 127.0.0.1:6892 | udp | |
| N/A | 127.0.0.2:6892 | udp | |
| N/A | 127.0.0.3:6892 | udp | |
| N/A | 127.0.0.4:6892 | udp | |
| N/A | 127.0.0.5:6892 | udp | |
| N/A | 127.0.0.6:6892 | udp | |
| N/A | 127.0.0.7:6892 | udp | |
| N/A | 127.0.0.8:6892 | udp | |
| N/A | 127.0.0.9:6892 | udp | |
| N/A | 127.0.0.10:6892 | udp | |
| N/A | 127.0.0.11:6892 | udp | |
| N/A | 127.0.0.12:6892 | udp | |
| N/A | 127.0.0.13:6892 | udp | |
| N/A | 127.0.0.14:6892 | udp | |
| N/A | 127.0.0.15:6892 | udp | |
| N/A | 127.0.0.16:6892 | udp | |
| N/A | 127.0.0.17:6892 | udp | |
| N/A | 127.0.0.18:6892 | udp | |
| N/A | 127.0.0.19:6892 | udp | |
| N/A | 127.0.0.20:6892 | udp | |
| N/A | 127.0.0.21:6892 | udp | |
| N/A | 127.0.0.22:6892 | udp | |
| N/A | 127.0.0.23:6892 | udp | |
| N/A | 127.0.0.24:6892 | udp | |
| N/A | 127.0.0.25:6892 | udp | |
| N/A | 127.0.0.26:6892 | udp | |
| N/A | 127.0.0.27:6892 | udp | |
| N/A | 127.0.0.28:6892 | udp | |
| N/A | 127.0.0.29:6892 | udp | |
| N/A | 127.0.0.30:6892 | udp | |
| N/A | 127.0.0.31:6892 | udp | |
| LT | 194.165.16.255:6892 | udp | |
| LT | 194.165.17.0:6892 | udp | |
| LT | 194.165.17.1:6892 | udp | |
| LT | 194.165.17.2:6892 | udp | |
| LT | 194.165.17.3:6892 | udp | |
| LT | 194.165.17.4:6892 | udp | |
| LT | 194.165.17.5:6892 | udp | |
| LT | 194.165.17.6:6892 | udp | |
| LT | 194.165.17.7:6892 | udp | |
| LT | 194.165.17.8:6892 | udp | |
| LT | 194.165.17.9:6892 | udp | |
| LT | 194.165.17.10:6892 | udp | |
| LT | 194.165.17.11:6892 | udp | |
| LT | 194.165.17.12:6892 | udp | |
| LT | 194.165.17.13:6892 | udp | |
| LT | 194.165.17.14:6892 | udp | |
| LT | 194.165.17.15:6892 | udp | |
| LT | 194.165.17.16:6892 | udp | |
| LT | 194.165.17.17:6892 | udp | |
| LT | 194.165.17.18:6892 | udp | |
| LT | 194.165.17.19:6892 | udp | |
| LT | 194.165.17.20:6892 | udp | |
| LT | 194.165.17.21:6892 | udp | |
| LT | 194.165.17.22:6892 | udp | |
| LT | 194.165.17.23:6892 | udp | |
| LT | 194.165.17.24:6892 | udp | |
| LT | 194.165.17.25:6892 | udp | |
| LT | 194.165.17.26:6892 | udp | |
| LT | 194.165.17.27:6892 | udp | |
| LT | 194.165.17.28:6892 | udp | |
| LT | 194.165.17.29:6892 | udp | |
| LT | 194.165.17.30:6892 | udp | |
| LT | 194.165.17.31:6892 | udp | |
| LT | 194.165.17.32:6892 | udp | |
| LT | 194.165.17.33:6892 | udp | |
| LT | 194.165.17.34:6892 | udp | |
| LT | 194.165.17.35:6892 | udp | |
| LT | 194.165.17.36:6892 | udp | |
| LT | 194.165.17.37:6892 | udp | |
| LT | 194.165.17.38:6892 | udp | |
| LT | 194.165.17.39:6892 | udp | |
| LT | 194.165.17.40:6892 | udp | |
| LT | 194.165.17.41:6892 | udp | |
| LT | 194.165.17.42:6892 | udp | |
| LT | 194.165.17.43:6892 | udp | |
| LT | 194.165.17.44:6892 | udp | |
| LT | 194.165.17.45:6892 | udp | |
| LT | 194.165.17.46:6892 | udp | |
| LT | 194.165.17.47:6892 | udp | |
| LT | 194.165.17.48:6892 | udp | |
| LT | 194.165.17.49:6892 | udp | |
| LT | 194.165.17.50:6892 | udp | |
| LT | 194.165.17.51:6892 | udp | |
| LT | 194.165.17.52:6892 | udp | |
| LT | 194.165.17.53:6892 | udp | |
| LT | 194.165.17.54:6892 | udp | |
| LT | 194.165.17.55:6892 | udp | |
| LT | 194.165.17.56:6892 | udp | |
| LT | 194.165.17.57:6892 | udp | |
| LT | 194.165.17.58:6892 | udp | |
| LT | 194.165.17.59:6892 | udp | |
| LT | 194.165.17.60:6892 | udp | |
| LT | 194.165.17.61:6892 | udp | |
| LT | 194.165.17.62:6892 | udp | |
| LT | 194.165.17.63:6892 | udp | |
| LT | 194.165.17.64:6892 | udp | |
| LT | 194.165.17.65:6892 | udp | |
| LT | 194.165.17.66:6892 | udp | |
| LT | 194.165.17.67:6892 | udp | |
| LT | 194.165.17.68:6892 | udp | |
| LT | 194.165.17.69:6892 | udp | |
| LT | 194.165.17.70:6892 | udp | |
| LT | 194.165.17.71:6892 | udp | |
| LT | 194.165.17.72:6892 | udp | |
| LT | 194.165.17.73:6892 | udp | |
| LT | 194.165.17.74:6892 | udp | |
| LT | 194.165.17.75:6892 | udp | |
| LT | 194.165.17.76:6892 | udp | |
| LT | 194.165.17.77:6892 | udp | |
| LT | 194.165.17.78:6892 | udp | |
| LT | 194.165.17.79:6892 | udp | |
| LT | 194.165.17.80:6892 | udp | |
| LT | 194.165.17.81:6892 | udp | |
| LT | 194.165.17.82:6892 | udp | |
| LT | 194.165.17.83:6892 | udp | |
| LT | 194.165.17.84:6892 | udp | |
| LT | 194.165.17.85:6892 | udp | |
| LT | 194.165.17.86:6892 | udp | |
| LT | 194.165.17.87:6892 | udp | |
| LT | 194.165.17.88:6892 | udp | |
| LT | 194.165.17.89:6892 | udp | |
| LT | 194.165.17.90:6892 | udp | |
| LT | 194.165.17.91:6892 | udp | |
| LT | 194.165.17.92:6892 | udp | |
| LT | 194.165.17.93:6892 | udp | |
| LT | 194.165.17.94:6892 | udp | |
| LT | 194.165.17.95:6892 | udp | |
| LT | 194.165.17.96:6892 | udp | |
| LT | 194.165.17.97:6892 | udp | |
| LT | 194.165.17.98:6892 | udp | |
| LT | 194.165.17.99:6892 | udp | |
| LT | 194.165.17.100:6892 | udp | |
| LT | 194.165.17.101:6892 | udp | |
| LT | 194.165.17.102:6892 | udp | |
| LT | 194.165.17.103:6892 | udp | |
| LT | 194.165.17.104:6892 | udp | |
| LT | 194.165.17.105:6892 | udp | |
| LT | 194.165.17.106:6892 | udp | |
| LT | 194.165.17.107:6892 | udp | |
| LT | 194.165.17.108:6892 | udp | |
| LT | 194.165.17.109:6892 | udp | |
| LT | 194.165.17.110:6892 | udp | |
| LT | 194.165.17.111:6892 | udp | |
| LT | 194.165.17.112:6892 | udp | |
| LT | 194.165.17.113:6892 | udp | |
| LT | 194.165.17.114:6892 | udp | |
| LT | 194.165.17.115:6892 | udp | |
| LT | 194.165.17.116:6892 | udp | |
| LT | 194.165.17.117:6892 | udp | |
| LT | 194.165.17.118:6892 | udp | |
| LT | 194.165.17.119:6892 | udp | |
| LT | 194.165.17.120:6892 | udp | |
| LT | 194.165.17.121:6892 | udp | |
| LT | 194.165.17.122:6892 | udp | |
| LT | 194.165.17.123:6892 | udp | |
| LT | 194.165.17.124:6892 | udp | |
| LT | 194.165.17.125:6892 | udp | |
| LT | 194.165.17.126:6892 | udp | |
| LT | 194.165.17.127:6892 | udp | |
| LT | 194.165.17.128:6892 | udp | |
| LT | 194.165.17.129:6892 | udp | |
| LT | 194.165.17.130:6892 | udp | |
| LT | 194.165.17.131:6892 | udp | |
| LT | 194.165.17.132:6892 | udp | |
| LT | 194.165.17.133:6892 | udp | |
| LT | 194.165.17.134:6892 | udp | |
| LT | 194.165.17.135:6892 | udp | |
| LT | 194.165.17.136:6892 | udp | |
| LT | 194.165.17.137:6892 | udp | |
| LT | 194.165.17.138:6892 | udp | |
| LT | 194.165.17.139:6892 | udp | |
| LT | 194.165.17.140:6892 | udp | |
| LT | 194.165.17.141:6892 | udp | |
| LT | 194.165.17.142:6892 | udp | |
| LT | 194.165.17.143:6892 | udp | |
| LT | 194.165.17.144:6892 | udp | |
| LT | 194.165.17.145:6892 | udp | |
| LT | 194.165.17.146:6892 | udp | |
| LT | 194.165.17.147:6892 | udp | |
| LT | 194.165.17.148:6892 | udp | |
| LT | 194.165.17.149:6892 | udp | |
| LT | 194.165.17.150:6892 | udp | |
| LT | 194.165.17.151:6892 | udp | |
| LT | 194.165.17.152:6892 | udp | |
| LT | 194.165.17.153:6892 | udp | |
| LT | 194.165.17.154:6892 | udp | |
| LT | 194.165.17.155:6892 | udp | |
| LT | 194.165.17.156:6892 | udp | |
| LT | 194.165.17.157:6892 | udp | |
| LT | 194.165.17.158:6892 | udp | |
| LT | 194.165.17.159:6892 | udp | |
| LT | 194.165.17.160:6892 | udp | |
| LT | 194.165.17.161:6892 | udp | |
| LT | 194.165.17.162:6892 | udp | |
| LT | 194.165.17.163:6892 | udp | |
| LT | 194.165.17.164:6892 | udp | |
| LT | 194.165.17.165:6892 | udp | |
| LT | 194.165.17.166:6892 | udp | |
| LT | 194.165.17.167:6892 | udp | |
| LT | 194.165.17.168:6892 | udp | |
| LT | 194.165.17.169:6892 | udp | |
| LT | 194.165.17.170:6892 | udp | |
| LT | 194.165.17.171:6892 | udp | |
| LT | 194.165.17.172:6892 | udp | |
| LT | 194.165.17.173:6892 | udp | |
| LT | 194.165.17.174:6892 | udp | |
| LT | 194.165.17.175:6892 | udp | |
| LT | 194.165.17.176:6892 | udp | |
| LT | 194.165.17.177:6892 | udp | |
| LT | 194.165.17.178:6892 | udp | |
| LT | 194.165.17.179:6892 | udp | |
| LT | 194.165.17.180:6892 | udp | |
| LT | 194.165.17.181:6892 | udp | |
| LT | 194.165.17.182:6892 | udp | |
| LT | 194.165.17.183:6892 | udp | |
| LT | 194.165.17.184:6892 | udp | |
| LT | 194.165.17.185:6892 | udp | |
| LT | 194.165.17.186:6892 | udp | |
| LT | 194.165.17.187:6892 | udp | |
| LT | 194.165.17.188:6892 | udp | |
| LT | 194.165.17.189:6892 | udp | |
| LT | 194.165.17.190:6892 | udp | |
| LT | 194.165.17.191:6892 | udp | |
| LT | 194.165.17.192:6892 | udp | |
| LT | 194.165.17.193:6892 | udp | |
| LT | 194.165.17.194:6892 | udp | |
| LT | 194.165.17.195:6892 | udp | |
| LT | 194.165.17.196:6892 | udp | |
| LT | 194.165.17.197:6892 | udp | |
| LT | 194.165.17.198:6892 | udp | |
| LT | 194.165.17.199:6892 | udp | |
| LT | 194.165.17.200:6892 | udp | |
| LT | 194.165.17.201:6892 | udp | |
| LT | 194.165.17.202:6892 | udp | |
| LT | 194.165.17.203:6892 | udp | |
| LT | 194.165.17.204:6892 | udp | |
| LT | 194.165.17.205:6892 | udp | |
| LT | 194.165.17.206:6892 | udp | |
| LT | 194.165.17.207:6892 | udp | |
| LT | 194.165.17.208:6892 | udp | |
| LT | 194.165.17.209:6892 | udp | |
| LT | 194.165.17.210:6892 | udp | |
| LT | 194.165.17.211:6892 | udp | |
| LT | 194.165.17.212:6892 | udp | |
| LT | 194.165.17.213:6892 | udp | |
| LT | 194.165.17.214:6892 | udp | |
| LT | 194.165.17.215:6892 | udp | |
| LT | 194.165.17.216:6892 | udp | |
| LT | 194.165.17.217:6892 | udp | |
| LT | 194.165.17.218:6892 | udp | |
| LT | 194.165.17.219:6892 | udp | |
| LT | 194.165.17.220:6892 | udp | |
| LT | 194.165.17.221:6892 | udp | |
| LT | 194.165.17.222:6892 | udp | |
| LT | 194.165.17.223:6892 | udp | |
| LT | 194.165.17.224:6892 | udp | |
| LT | 194.165.17.225:6892 | udp | |
| LT | 194.165.17.226:6892 | udp | |
| LT | 194.165.17.227:6892 | udp | |
| LT | 194.165.17.228:6892 | udp | |
| LT | 194.165.17.229:6892 | udp | |
| LT | 194.165.17.230:6892 | udp | |
| LT | 194.165.17.231:6892 | udp | |
| LT | 194.165.17.232:6892 | udp | |
| LT | 194.165.17.233:6892 | udp | |
| LT | 194.165.17.234:6892 | udp | |
| LT | 194.165.17.235:6892 | udp | |
| LT | 194.165.17.236:6892 | udp | |
| LT | 194.165.17.237:6892 | udp | |
| LT | 194.165.17.238:6892 | udp | |
| LT | 194.165.17.239:6892 | udp | |
| LT | 194.165.17.240:6892 | udp | |
| LT | 194.165.17.241:6892 | udp | |
| LT | 194.165.17.242:6892 | udp | |
| LT | 194.165.17.243:6892 | udp | |
| LT | 194.165.17.244:6892 | udp | |
| LT | 194.165.17.245:6892 | udp | |
| LT | 194.165.17.246:6892 | udp | |
| LT | 194.165.17.247:6892 | udp | |
| LT | 194.165.17.248:6892 | udp | |
| LT | 194.165.17.249:6892 | udp | |
| LT | 194.165.17.250:6892 | udp | |
| LT | 194.165.17.251:6892 | udp | |
| LT | 194.165.17.252:6892 | udp | |
| LT | 194.165.17.253:6892 | udp | |
| LT | 194.165.17.254:6892 | udp | |
| LT | 194.165.17.255:6892 | udp | |
| N/A | 127.0.0.0:6892 | udp | |
| N/A | 127.0.0.1:6892 | udp | |
| N/A | 127.0.0.2:6892 | udp | |
| N/A | 127.0.0.3:6892 | udp | |
| N/A | 127.0.0.4:6892 | udp | |
| N/A | 127.0.0.5:6892 | udp | |
| N/A | 127.0.0.6:6892 | udp | |
| N/A | 127.0.0.7:6892 | udp | |
| N/A | 127.0.0.8:6892 | udp | |
| N/A | 127.0.0.9:6892 | udp | |
| N/A | 127.0.0.10:6892 | udp | |
| N/A | 127.0.0.11:6892 | udp | |
| N/A | 127.0.0.12:6892 | udp | |
| N/A | 127.0.0.13:6892 | udp | |
| N/A | 127.0.0.14:6892 | udp | |
| N/A | 127.0.0.15:6892 | udp | |
| N/A | 127.0.0.16:6892 | udp | |
| N/A | 127.0.0.17:6892 | udp | |
| N/A | 127.0.0.18:6892 | udp | |
| N/A | 127.0.0.19:6892 | udp | |
| N/A | 127.0.0.20:6892 | udp | |
| N/A | 127.0.0.21:6892 | udp | |
| N/A | 127.0.0.22:6892 | udp | |
| N/A | 127.0.0.23:6892 | udp | |
| N/A | 127.0.0.24:6892 | udp | |
| N/A | 127.0.0.25:6892 | udp | |
| N/A | 127.0.0.26:6892 | udp | |
| N/A | 127.0.0.27:6892 | udp | |
| N/A | 127.0.0.28:6892 | udp | |
| N/A | 127.0.0.29:6892 | udp | |
| N/A | 127.0.0.30:6892 | udp | |
| N/A | 127.0.0.31:6892 | udp | |
| N/A | 192.168.0.0:6892 | udp | |
| N/A | 192.168.0.1:6892 | udp | |
| N/A | 192.168.0.2:6892 | udp | |
| N/A | 192.168.0.3:6892 | udp | |
| N/A | 192.168.0.4:6892 | udp | |
| N/A | 192.168.0.5:6892 | udp | |
| N/A | 192.168.0.6:6892 | udp | |
| N/A | 192.168.0.7:6892 | udp | |
| N/A | 192.168.0.8:6892 | udp | |
| N/A | 192.168.0.9:6892 | udp | |
| N/A | 192.168.0.10:6892 | udp | |
| N/A | 192.168.0.11:6892 | udp | |
| N/A | 192.168.0.12:6892 | udp | |
| N/A | 192.168.0.13:6892 | udp | |
| N/A | 192.168.0.14:6892 | udp | |
| N/A | 192.168.0.15:6892 | udp | |
| N/A | 192.168.0.16:6892 | udp | |
| N/A | 192.168.0.17:6892 | udp | |
| N/A | 192.168.0.18:6892 | udp | |
| N/A | 192.168.0.19:6892 | udp | |
| N/A | 192.168.0.20:6892 | udp | |
| N/A | 192.168.0.21:6892 | udp | |
| N/A | 192.168.0.22:6892 | udp | |
| N/A | 192.168.0.23:6892 | udp | |
| N/A | 192.168.0.24:6892 | udp | |
| N/A | 192.168.0.25:6892 | udp | |
| N/A | 192.168.0.26:6892 | udp | |
| N/A | 192.168.0.27:6892 | udp | |
| N/A | 192.168.0.28:6892 | udp | |
| N/A | 192.168.0.29:6892 | udp | |
| N/A | 192.168.0.30:6892 | udp | |
| N/A | 192.168.0.31:6892 | udp | |
| LT | 194.165.16.0:6892 | udp | |
| LT | 194.165.16.1:6892 | udp | |
| LT | 194.165.16.2:6892 | udp | |
| LT | 194.165.16.3:6892 | udp | |
| LT | 194.165.16.4:6892 | udp | |
| LT | 194.165.16.5:6892 | udp | |
| LT | 194.165.16.6:6892 | udp | |
| LT | 194.165.16.7:6892 | udp | |
| LT | 194.165.16.8:6892 | udp | |
| LT | 194.165.16.9:6892 | udp | |
| LT | 194.165.16.10:6892 | udp | |
| LT | 194.165.16.11:6892 | udp | |
| LT | 194.165.16.12:6892 | udp | |
| LT | 194.165.16.13:6892 | udp | |
| LT | 194.165.16.14:6892 | udp | |
| LT | 194.165.16.15:6892 | udp | |
| LT | 194.165.16.16:6892 | udp | |
| LT | 194.165.16.17:6892 | udp | |
| LT | 194.165.16.18:6892 | udp | |
| LT | 194.165.16.19:6892 | udp | |
| LT | 194.165.16.20:6892 | udp | |
| LT | 194.165.16.21:6892 | udp | |
| LT | 194.165.16.22:6892 | udp | |
| LT | 194.165.16.23:6892 | udp | |
| LT | 194.165.16.24:6892 | udp | |
| LT | 194.165.16.25:6892 | udp | |
| LT | 194.165.16.26:6892 | udp | |
| LT | 194.165.16.27:6892 | udp | |
| LT | 194.165.16.28:6892 | udp | |
| LT | 194.165.16.29:6892 | udp | |
| LT | 194.165.16.30:6892 | udp | |
| LT | 194.165.16.31:6892 | udp | |
| LT | 194.165.16.32:6892 | udp | |
| LT | 194.165.16.33:6892 | udp | |
| LT | 194.165.16.34:6892 | udp | |
| LT | 194.165.16.35:6892 | udp | |
| LT | 194.165.16.36:6892 | udp | |
| LT | 194.165.16.37:6892 | udp | |
| LT | 194.165.16.38:6892 | udp | |
| LT | 194.165.16.39:6892 | udp | |
| LT | 194.165.16.40:6892 | udp | |
| LT | 194.165.16.41:6892 | udp | |
| LT | 194.165.16.42:6892 | udp | |
| LT | 194.165.16.43:6892 | udp | |
| LT | 194.165.16.44:6892 | udp | |
| LT | 194.165.16.45:6892 | udp | |
| LT | 194.165.16.46:6892 | udp | |
| LT | 194.165.16.47:6892 | udp | |
| LT | 194.165.16.48:6892 | udp | |
| LT | 194.165.16.49:6892 | udp | |
| LT | 194.165.16.50:6892 | udp | |
| LT | 194.165.16.51:6892 | udp | |
| LT | 194.165.16.52:6892 | udp | |
| LT | 194.165.16.53:6892 | udp | |
| LT | 194.165.16.54:6892 | udp | |
| LT | 194.165.16.55:6892 | udp | |
| LT | 194.165.16.56:6892 | udp | |
| LT | 194.165.16.57:6892 | udp | |
| LT | 194.165.16.58:6892 | udp | |
| LT | 194.165.16.59:6892 | udp | |
| LT | 194.165.16.60:6892 | udp | |
| LT | 194.165.16.61:6892 | udp | |
| LT | 194.165.16.62:6892 | udp | |
| LT | 194.165.16.63:6892 | udp | |
| LT | 194.165.16.64:6892 | udp | |
| LT | 194.165.16.65:6892 | udp | |
| LT | 194.165.16.66:6892 | udp | |
| LT | 194.165.16.67:6892 | udp | |
| LT | 194.165.16.68:6892 | udp | |
| LT | 194.165.16.69:6892 | udp | |
| LT | 194.165.16.70:6892 | udp | |
| LT | 194.165.16.71:6892 | udp | |
| LT | 194.165.16.72:6892 | udp | |
| LT | 194.165.16.73:6892 | udp | |
| LT | 194.165.16.74:6892 | udp | |
| LT | 194.165.16.75:6892 | udp | |
| LT | 194.165.16.76:6892 | udp | |
| LT | 194.165.16.77:6892 | udp | |
| LT | 194.165.16.78:6892 | udp | |
| LT | 194.165.16.79:6892 | udp | |
| LT | 194.165.16.80:6892 | udp | |
| LT | 194.165.16.81:6892 | udp | |
| LT | 194.165.16.82:6892 | udp | |
| LT | 194.165.16.83:6892 | udp | |
| LT | 194.165.16.84:6892 | udp | |
| LT | 194.165.16.85:6892 | udp | |
| LT | 194.165.16.86:6892 | udp | |
| LT | 194.165.16.87:6892 | udp | |
| LT | 194.165.16.88:6892 | udp | |
| LT | 194.165.16.89:6892 | udp | |
| LT | 194.165.16.90:6892 | udp | |
| LT | 194.165.16.91:6892 | udp | |
| LT | 194.165.16.92:6892 | udp | |
| LT | 194.165.16.93:6892 | udp | |
| LT | 194.165.16.94:6892 | udp | |
| LT | 194.165.16.95:6892 | udp | |
| LT | 194.165.16.96:6892 | udp | |
| LT | 194.165.16.97:6892 | udp | |
| LT | 194.165.16.98:6892 | udp | |
| LT | 194.165.16.99:6892 | udp | |
| LT | 194.165.16.100:6892 | udp | |
| LT | 194.165.16.101:6892 | udp | |
| LT | 194.165.16.102:6892 | udp | |
| LT | 194.165.16.103:6892 | udp | |
| LT | 194.165.16.104:6892 | udp | |
| LT | 194.165.16.105:6892 | udp | |
| LT | 194.165.16.106:6892 | udp | |
| LT | 194.165.16.107:6892 | udp | |
| LT | 194.165.16.108:6892 | udp | |
| LT | 194.165.16.109:6892 | udp | |
| LT | 194.165.16.110:6892 | udp | |
| LT | 194.165.16.111:6892 | udp | |
| LT | 194.165.16.112:6892 | udp | |
| LT | 194.165.16.113:6892 | udp | |
| LT | 194.165.16.114:6892 | udp | |
| LT | 194.165.16.115:6892 | udp | |
| LT | 194.165.16.116:6892 | udp | |
| LT | 194.165.16.117:6892 | udp | |
| LT | 194.165.16.118:6892 | udp | |
| LT | 194.165.16.119:6892 | udp | |
| LT | 194.165.16.120:6892 | udp | |
| LT | 194.165.16.121:6892 | udp | |
| LT | 194.165.16.122:6892 | udp | |
| LT | 194.165.16.123:6892 | udp | |
| LT | 194.165.16.124:6892 | udp | |
| LT | 194.165.16.125:6892 | udp | |
| LT | 194.165.16.126:6892 | udp | |
| LT | 194.165.16.127:6892 | udp | |
| LT | 194.165.16.128:6892 | udp | |
| LT | 194.165.16.129:6892 | udp | |
| LT | 194.165.16.130:6892 | udp | |
| LT | 194.165.16.131:6892 | udp | |
| LT | 194.165.16.132:6892 | udp | |
| LT | 194.165.16.133:6892 | udp | |
| LT | 194.165.16.134:6892 | udp | |
| LT | 194.165.16.135:6892 | udp | |
| LT | 194.165.16.136:6892 | udp | |
| LT | 194.165.16.137:6892 | udp | |
| LT | 194.165.16.138:6892 | udp | |
| LT | 194.165.16.139:6892 | udp | |
| LT | 194.165.16.140:6892 | udp | |
| LT | 194.165.16.141:6892 | udp | |
| LT | 194.165.16.142:6892 | udp | |
| LT | 194.165.16.143:6892 | udp | |
| LT | 194.165.16.144:6892 | udp | |
| LT | 194.165.16.145:6892 | udp | |
| LT | 194.165.16.146:6892 | udp | |
| LT | 194.165.16.147:6892 | udp | |
| LT | 194.165.16.148:6892 | udp | |
| LT | 194.165.16.149:6892 | udp | |
| LT | 194.165.16.150:6892 | udp | |
| LT | 194.165.16.151:6892 | udp | |
| LT | 194.165.16.152:6892 | udp | |
| LT | 194.165.16.153:6892 | udp | |
| LT | 194.165.16.154:6892 | udp | |
| LT | 194.165.16.155:6892 | udp | |
| LT | 194.165.16.156:6892 | udp | |
| LT | 194.165.16.157:6892 | udp | |
| LT | 194.165.16.158:6892 | udp | |
| LT | 194.165.16.159:6892 | udp | |
| LT | 194.165.16.160:6892 | udp | |
| LT | 194.165.16.161:6892 | udp | |
| LT | 194.165.16.162:6892 | udp | |
| LT | 194.165.16.163:6892 | udp | |
| LT | 194.165.16.164:6892 | udp | |
| LT | 194.165.16.165:6892 | udp | |
| LT | 194.165.16.166:6892 | udp | |
| LT | 194.165.16.167:6892 | udp | |
| LT | 194.165.16.168:6892 | udp | |
| LT | 194.165.16.169:6892 | udp | |
| LT | 194.165.16.170:6892 | udp | |
| LT | 194.165.16.171:6892 | udp | |
| LT | 194.165.16.172:6892 | udp | |
| LT | 194.165.16.173:6892 | udp | |
| LT | 194.165.16.174:6892 | udp | |
| LT | 194.165.16.175:6892 | udp | |
| LT | 194.165.16.176:6892 | udp | |
| LT | 194.165.16.177:6892 | udp | |
| LT | 194.165.16.178:6892 | udp | |
| LT | 194.165.16.179:6892 | udp | |
| LT | 194.165.16.180:6892 | udp | |
| LT | 194.165.16.181:6892 | udp | |
| LT | 194.165.16.182:6892 | udp | |
| LT | 194.165.16.183:6892 | udp | |
| LT | 194.165.16.184:6892 | udp | |
| LT | 194.165.16.185:6892 | udp | |
| LT | 194.165.16.186:6892 | udp | |
| LT | 194.165.16.187:6892 | udp | |
| LT | 194.165.16.188:6892 | udp | |
| LT | 194.165.16.189:6892 | udp | |
| LT | 194.165.16.190:6892 | udp | |
| LT | 194.165.16.191:6892 | udp | |
| LT | 194.165.16.192:6892 | udp | |
| LT | 194.165.16.193:6892 | udp | |
| LT | 194.165.16.194:6892 | udp | |
| LT | 194.165.16.195:6892 | udp | |
| LT | 194.165.16.196:6892 | udp | |
| LT | 194.165.16.197:6892 | udp | |
| LT | 194.165.16.198:6892 | udp | |
| LT | 194.165.16.199:6892 | udp | |
| LT | 194.165.16.200:6892 | udp | |
| LT | 194.165.16.201:6892 | udp | |
| LT | 194.165.16.202:6892 | udp | |
| LT | 194.165.16.203:6892 | udp | |
| LT | 194.165.16.204:6892 | udp | |
| LT | 194.165.16.205:6892 | udp | |
| LT | 194.165.16.206:6892 | udp | |
| LT | 194.165.16.207:6892 | udp | |
| LT | 194.165.16.208:6892 | udp | |
| LT | 194.165.16.209:6892 | udp | |
| LT | 194.165.16.210:6892 | udp | |
| LT | 194.165.16.211:6892 | udp | |
| LT | 194.165.16.212:6892 | udp | |
| LT | 194.165.16.213:6892 | udp | |
| LT | 194.165.16.214:6892 | udp | |
| LT | 194.165.16.215:6892 | udp | |
| LT | 194.165.16.216:6892 | udp | |
| LT | 194.165.16.217:6892 | udp | |
| LT | 194.165.16.218:6892 | udp | |
| LT | 194.165.16.219:6892 | udp | |
| LT | 194.165.16.220:6892 | udp | |
| LT | 194.165.16.221:6892 | udp | |
| LT | 194.165.16.222:6892 | udp | |
| LT | 194.165.16.223:6892 | udp | |
| LT | 194.165.16.224:6892 | udp | |
| LT | 194.165.16.225:6892 | udp | |
| LT | 194.165.16.226:6892 | udp | |
| LT | 194.165.16.227:6892 | udp | |
| LT | 194.165.16.228:6892 | udp | |
| LT | 194.165.16.229:6892 | udp | |
| LT | 194.165.16.230:6892 | udp | |
| LT | 194.165.16.231:6892 | udp | |
| LT | 194.165.16.232:6892 | udp | |
| LT | 194.165.16.233:6892 | udp | |
| LT | 194.165.16.234:6892 | udp | |
| LT | 194.165.16.235:6892 | udp | |
| LT | 194.165.16.236:6892 | udp | |
| LT | 194.165.16.237:6892 | udp | |
| LT | 194.165.16.238:6892 | udp | |
| LT | 194.165.16.239:6892 | udp | |
| LT | 194.165.16.240:6892 | udp | |
| LT | 194.165.16.241:6892 | udp | |
| LT | 194.165.16.242:6892 | udp | |
| LT | 194.165.16.243:6892 | udp | |
| LT | 194.165.16.244:6892 | udp | |
| LT | 194.165.16.245:6892 | udp | |
| LT | 194.165.16.246:6892 | udp | |
| LT | 194.165.16.247:6892 | udp | |
| LT | 194.165.16.248:6892 | udp | |
| LT | 194.165.16.249:6892 | udp | |
| LT | 194.165.16.250:6892 | udp | |
| LT | 194.165.16.251:6892 | udp | |
| LT | 194.165.16.252:6892 | udp | |
| LT | 194.165.16.253:6892 | udp | |
| LT | 194.165.16.254:6892 | udp | |
| LT | 194.165.16.255:6892 | udp | |
| LT | 194.165.17.0:6892 | udp | |
| LT | 194.165.17.1:6892 | udp | |
| LT | 194.165.17.2:6892 | udp | |
| LT | 194.165.17.3:6892 | udp | |
| LT | 194.165.17.4:6892 | udp | |
| LT | 194.165.17.5:6892 | udp | |
| LT | 194.165.17.6:6892 | udp | |
| LT | 194.165.17.7:6892 | udp | |
| LT | 194.165.17.8:6892 | udp | |
| LT | 194.165.17.9:6892 | udp | |
| LT | 194.165.17.10:6892 | udp | |
| LT | 194.165.17.11:6892 | udp | |
| LT | 194.165.17.12:6892 | udp | |
| LT | 194.165.17.13:6892 | udp | |
| LT | 194.165.17.14:6892 | udp | |
| LT | 194.165.17.15:6892 | udp | |
| LT | 194.165.17.16:6892 | udp | |
| LT | 194.165.17.17:6892 | udp | |
| LT | 194.165.17.18:6892 | udp | |
| LT | 194.165.17.19:6892 | udp | |
| LT | 194.165.17.20:6892 | udp | |
| LT | 194.165.17.21:6892 | udp | |
| LT | 194.165.17.22:6892 | udp | |
| LT | 194.165.17.23:6892 | udp | |
| LT | 194.165.17.24:6892 | udp | |
| LT | 194.165.17.25:6892 | udp | |
| LT | 194.165.17.26:6892 | udp | |
| LT | 194.165.17.27:6892 | udp | |
| LT | 194.165.17.28:6892 | udp | |
| LT | 194.165.17.29:6892 | udp | |
| LT | 194.165.17.30:6892 | udp | |
| LT | 194.165.17.31:6892 | udp | |
| LT | 194.165.17.32:6892 | udp | |
| LT | 194.165.17.33:6892 | udp | |
| LT | 194.165.17.34:6892 | udp | |
| LT | 194.165.17.35:6892 | udp | |
| LT | 194.165.17.36:6892 | udp | |
| LT | 194.165.17.37:6892 | udp | |
| LT | 194.165.17.38:6892 | udp | |
| LT | 194.165.17.39:6892 | udp | |
| LT | 194.165.17.40:6892 | udp | |
| LT | 194.165.17.41:6892 | udp | |
| LT | 194.165.17.42:6892 | udp | |
| LT | 194.165.17.43:6892 | udp | |
| LT | 194.165.17.44:6892 | udp | |
| LT | 194.165.17.45:6892 | udp | |
| LT | 194.165.17.46:6892 | udp | |
| LT | 194.165.17.47:6892 | udp | |
| LT | 194.165.17.48:6892 | udp | |
| LT | 194.165.17.49:6892 | udp | |
| LT | 194.165.17.50:6892 | udp | |
| LT | 194.165.17.51:6892 | udp | |
| LT | 194.165.17.52:6892 | udp | |
| LT | 194.165.17.53:6892 | udp | |
| LT | 194.165.17.54:6892 | udp | |
| LT | 194.165.17.55:6892 | udp | |
| LT | 194.165.17.56:6892 | udp | |
| LT | 194.165.17.57:6892 | udp | |
| LT | 194.165.17.58:6892 | udp | |
| LT | 194.165.17.59:6892 | udp | |
| LT | 194.165.17.60:6892 | udp | |
| LT | 194.165.17.61:6892 | udp | |
| LT | 194.165.17.62:6892 | udp | |
| LT | 194.165.17.63:6892 | udp | |
| LT | 194.165.17.64:6892 | udp | |
| LT | 194.165.17.65:6892 | udp | |
| LT | 194.165.17.66:6892 | udp | |
| LT | 194.165.17.67:6892 | udp | |
| LT | 194.165.17.68:6892 | udp | |
| LT | 194.165.17.69:6892 | udp | |
| LT | 194.165.17.70:6892 | udp | |
| LT | 194.165.17.71:6892 | udp | |
| LT | 194.165.17.72:6892 | udp | |
| LT | 194.165.17.73:6892 | udp | |
| LT | 194.165.17.74:6892 | udp | |
| LT | 194.165.17.75:6892 | udp | |
| LT | 194.165.17.76:6892 | udp | |
| LT | 194.165.17.77:6892 | udp | |
| LT | 194.165.17.78:6892 | udp | |
| LT | 194.165.17.79:6892 | udp | |
| LT | 194.165.17.80:6892 | udp | |
| LT | 194.165.17.81:6892 | udp | |
| LT | 194.165.17.82:6892 | udp | |
| LT | 194.165.17.83:6892 | udp | |
| LT | 194.165.17.84:6892 | udp | |
| LT | 194.165.17.85:6892 | udp | |
| LT | 194.165.17.86:6892 | udp | |
| LT | 194.165.17.87:6892 | udp | |
| LT | 194.165.17.88:6892 | udp | |
| LT | 194.165.17.89:6892 | udp | |
| LT | 194.165.17.90:6892 | udp | |
| LT | 194.165.17.91:6892 | udp | |
| LT | 194.165.17.92:6892 | udp | |
| LT | 194.165.17.93:6892 | udp | |
| LT | 194.165.17.94:6892 | udp | |
| LT | 194.165.17.95:6892 | udp | |
| LT | 194.165.17.96:6892 | udp | |
| LT | 194.165.17.97:6892 | udp | |
| LT | 194.165.17.98:6892 | udp | |
| LT | 194.165.17.99:6892 | udp | |
| LT | 194.165.17.100:6892 | udp | |
| LT | 194.165.17.101:6892 | udp | |
| LT | 194.165.17.102:6892 | udp | |
| LT | 194.165.17.103:6892 | udp | |
| LT | 194.165.17.104:6892 | udp | |
| LT | 194.165.17.105:6892 | udp | |
| LT | 194.165.17.106:6892 | udp | |
| LT | 194.165.17.107:6892 | udp | |
| LT | 194.165.17.108:6892 | udp | |
| LT | 194.165.17.109:6892 | udp | |
| LT | 194.165.17.110:6892 | udp | |
| LT | 194.165.17.111:6892 | udp | |
| LT | 194.165.17.112:6892 | udp | |
| LT | 194.165.17.113:6892 | udp | |
| LT | 194.165.17.114:6892 | udp | |
| LT | 194.165.17.115:6892 | udp | |
| LT | 194.165.17.116:6892 | udp | |
| LT | 194.165.17.117:6892 | udp | |
| LT | 194.165.17.118:6892 | udp | |
| LT | 194.165.17.119:6892 | udp | |
| LT | 194.165.17.120:6892 | udp | |
| LT | 194.165.17.121:6892 | udp | |
| LT | 194.165.17.122:6892 | udp | |
| LT | 194.165.17.123:6892 | udp | |
| LT | 194.165.17.124:6892 | udp | |
| LT | 194.165.17.125:6892 | udp | |
| LT | 194.165.17.126:6892 | udp | |
| LT | 194.165.17.127:6892 | udp | |
| LT | 194.165.17.128:6892 | udp | |
| LT | 194.165.17.129:6892 | udp | |
| LT | 194.165.17.130:6892 | udp | |
| LT | 194.165.17.131:6892 | udp | |
| LT | 194.165.17.132:6892 | udp | |
| LT | 194.165.17.133:6892 | udp | |
| LT | 194.165.17.134:6892 | udp | |
| LT | 194.165.17.135:6892 | udp | |
| LT | 194.165.17.136:6892 | udp | |
| LT | 194.165.17.137:6892 | udp | |
| LT | 194.165.17.138:6892 | udp | |
| LT | 194.165.17.139:6892 | udp | |
| LT | 194.165.17.140:6892 | udp | |
| LT | 194.165.17.141:6892 | udp | |
| LT | 194.165.17.142:6892 | udp | |
| LT | 194.165.17.143:6892 | udp | |
| LT | 194.165.17.144:6892 | udp | |
| LT | 194.165.17.145:6892 | udp | |
| LT | 194.165.17.146:6892 | udp | |
| LT | 194.165.17.147:6892 | udp | |
| LT | 194.165.17.148:6892 | udp | |
| LT | 194.165.17.149:6892 | udp | |
| LT | 194.165.17.150:6892 | udp | |
| LT | 194.165.17.151:6892 | udp | |
| LT | 194.165.17.152:6892 | udp | |
| LT | 194.165.17.153:6892 | udp | |
| LT | 194.165.17.154:6892 | udp | |
| LT | 194.165.17.155:6892 | udp | |
| LT | 194.165.17.156:6892 | udp | |
| LT | 194.165.17.157:6892 | udp | |
| LT | 194.165.17.158:6892 | udp | |
| LT | 194.165.17.159:6892 | udp | |
| LT | 194.165.17.160:6892 | udp | |
| LT | 194.165.17.161:6892 | udp | |
| LT | 194.165.17.162:6892 | udp | |
| LT | 194.165.17.163:6892 | udp | |
| LT | 194.165.17.164:6892 | udp | |
| LT | 194.165.17.165:6892 | udp | |
| LT | 194.165.17.166:6892 | udp | |
| LT | 194.165.17.167:6892 | udp | |
| LT | 194.165.17.168:6892 | udp | |
| LT | 194.165.17.169:6892 | udp | |
| LT | 194.165.17.170:6892 | udp | |
| LT | 194.165.17.171:6892 | udp | |
| LT | 194.165.17.172:6892 | udp | |
| LT | 194.165.17.173:6892 | udp | |
| LT | 194.165.17.174:6892 | udp | |
| LT | 194.165.17.175:6892 | udp | |
| LT | 194.165.17.176:6892 | udp | |
| LT | 194.165.17.177:6892 | udp | |
| LT | 194.165.17.178:6892 | udp | |
| LT | 194.165.17.179:6892 | udp | |
| LT | 194.165.17.180:6892 | udp | |
| LT | 194.165.17.181:6892 | udp | |
| LT | 194.165.17.182:6892 | udp | |
| LT | 194.165.17.183:6892 | udp | |
| LT | 194.165.17.184:6892 | udp | |
| LT | 194.165.17.185:6892 | udp | |
| LT | 194.165.17.186:6892 | udp | |
| LT | 194.165.17.187:6892 | udp | |
| LT | 194.165.17.188:6892 | udp | |
| LT | 194.165.17.189:6892 | udp | |
| LT | 194.165.17.190:6892 | udp | |
| LT | 194.165.17.191:6892 | udp | |
| LT | 194.165.17.192:6892 | udp | |
| LT | 194.165.17.193:6892 | udp | |
| LT | 194.165.17.194:6892 | udp | |
| LT | 194.165.17.195:6892 | udp | |
| LT | 194.165.17.196:6892 | udp | |
| LT | 194.165.17.197:6892 | udp | |
| LT | 194.165.17.198:6892 | udp | |
| LT | 194.165.17.199:6892 | udp | |
| LT | 194.165.17.200:6892 | udp | |
| LT | 194.165.17.201:6892 | udp | |
| LT | 194.165.17.202:6892 | udp | |
| LT | 194.165.17.203:6892 | udp | |
| LT | 194.165.17.204:6892 | udp | |
| LT | 194.165.17.205:6892 | udp | |
| LT | 194.165.17.206:6892 | udp | |
| LT | 194.165.17.207:6892 | udp | |
| LT | 194.165.17.208:6892 | udp | |
| LT | 194.165.17.209:6892 | udp | |
| LT | 194.165.17.210:6892 | udp | |
| LT | 194.165.17.211:6892 | udp | |
| LT | 194.165.17.212:6892 | udp | |
| LT | 194.165.17.213:6892 | udp | |
| LT | 194.165.17.214:6892 | udp | |
| LT | 194.165.17.215:6892 | udp | |
| LT | 194.165.17.216:6892 | udp | |
| LT | 194.165.17.217:6892 | udp | |
| LT | 194.165.17.218:6892 | udp | |
| LT | 194.165.17.219:6892 | udp | |
| LT | 194.165.17.220:6892 | udp | |
| LT | 194.165.17.221:6892 | udp | |
| LT | 194.165.17.222:6892 | udp | |
| LT | 194.165.17.223:6892 | udp | |
| LT | 194.165.17.224:6892 | udp | |
| LT | 194.165.17.225:6892 | udp | |
| LT | 194.165.17.226:6892 | udp | |
| LT | 194.165.17.227:6892 | udp | |
| LT | 194.165.17.228:6892 | udp | |
| LT | 194.165.17.229:6892 | udp | |
| LT | 194.165.17.230:6892 | udp | |
| LT | 194.165.17.231:6892 | udp | |
| LT | 194.165.17.232:6892 | udp | |
| LT | 194.165.17.233:6892 | udp | |
| LT | 194.165.17.234:6892 | udp | |
| LT | 194.165.17.235:6892 | udp | |
| LT | 194.165.17.236:6892 | udp | |
| LT | 194.165.17.237:6892 | udp | |
| LT | 194.165.17.238:6892 | udp | |
| LT | 194.165.17.239:6892 | udp | |
| LT | 194.165.17.240:6892 | udp | |
| LT | 194.165.17.241:6892 | udp | |
| LT | 194.165.17.242:6892 | udp | |
| LT | 194.165.17.243:6892 | udp | |
| LT | 194.165.17.244:6892 | udp | |
| LT | 194.165.17.245:6892 | udp | |
| LT | 194.165.17.246:6892 | udp | |
| LT | 194.165.17.247:6892 | udp | |
| LT | 194.165.17.248:6892 | udp | |
| LT | 194.165.17.249:6892 | udp | |
| LT | 194.165.17.250:6892 | udp | |
| LT | 194.165.17.251:6892 | udp | |
| LT | 194.165.17.252:6892 | udp | |
| LT | 194.165.17.253:6892 | udp | |
| LT | 194.165.17.254:6892 | udp | |
| LT | 194.165.17.255:6892 | udp | |
| N/A | 192.168.0.0:6892 | udp | |
| N/A | 192.168.0.1:6892 | udp | |
| N/A | 192.168.0.2:6892 | udp | |
| N/A | 192.168.0.3:6892 | udp | |
| N/A | 192.168.0.4:6892 | udp | |
| N/A | 192.168.0.5:6892 | udp | |
| N/A | 192.168.0.6:6892 | udp | |
| N/A | 192.168.0.7:6892 | udp | |
| N/A | 192.168.0.8:6892 | udp | |
| N/A | 192.168.0.9:6892 | udp | |
| N/A | 192.168.0.10:6892 | udp | |
| N/A | 192.168.0.11:6892 | udp | |
| N/A | 192.168.0.12:6892 | udp | |
| N/A | 192.168.0.13:6892 | udp | |
| N/A | 192.168.0.14:6892 | udp | |
| N/A | 192.168.0.15:6892 | udp | |
| N/A | 192.168.0.16:6892 | udp | |
| N/A | 192.168.0.17:6892 | udp | |
| N/A | 192.168.0.18:6892 | udp | |
| N/A | 192.168.0.19:6892 | udp | |
| N/A | 192.168.0.20:6892 | udp | |
| N/A | 192.168.0.21:6892 | udp | |
| N/A | 192.168.0.22:6892 | udp | |
| N/A | 192.168.0.23:6892 | udp | |
| N/A | 192.168.0.24:6892 | udp | |
| N/A | 192.168.0.25:6892 | udp | |
| N/A | 192.168.0.26:6892 | udp | |
| N/A | 192.168.0.27:6892 | udp | |
| N/A | 192.168.0.28:6892 | udp | |
| N/A | 192.168.0.29:6892 | udp | |
| N/A | 192.168.0.30:6892 | udp | |
| N/A | 192.168.0.31:6892 | udp | |
| LT | 194.165.16.0:6892 | udp | |
| LT | 194.165.16.1:6892 | udp | |
| LT | 194.165.16.2:6892 | udp | |
| LT | 194.165.16.3:6892 | udp | |
| LT | 194.165.16.4:6892 | udp | |
| LT | 194.165.16.5:6892 | udp | |
| LT | 194.165.16.6:6892 | udp | |
| LT | 194.165.16.7:6892 | udp | |
| LT | 194.165.16.8:6892 | udp | |
| LT | 194.165.16.9:6892 | udp | |
| LT | 194.165.16.10:6892 | udp | |
| LT | 194.165.16.11:6892 | udp | |
| LT | 194.165.16.12:6892 | udp | |
| LT | 194.165.16.13:6892 | udp | |
| LT | 194.165.16.14:6892 | udp | |
| LT | 194.165.16.15:6892 | udp | |
| LT | 194.165.16.16:6892 | udp | |
| LT | 194.165.16.17:6892 | udp | |
| LT | 194.165.16.18:6892 | udp | |
| LT | 194.165.16.19:6892 | udp | |
| LT | 194.165.16.20:6892 | udp | |
| LT | 194.165.16.21:6892 | udp | |
| LT | 194.165.16.22:6892 | udp | |
| LT | 194.165.16.23:6892 | udp | |
| LT | 194.165.16.24:6892 | udp | |
| LT | 194.165.16.25:6892 | udp | |
| LT | 194.165.16.26:6892 | udp | |
| LT | 194.165.16.27:6892 | udp | |
| LT | 194.165.16.28:6892 | udp | |
| LT | 194.165.16.29:6892 | udp | |
| LT | 194.165.16.30:6892 | udp | |
| LT | 194.165.16.31:6892 | udp | |
| LT | 194.165.16.32:6892 | udp | |
| LT | 194.165.16.33:6892 | udp | |
| LT | 194.165.16.34:6892 | udp | |
| LT | 194.165.16.35:6892 | udp | |
| LT | 194.165.16.36:6892 | udp | |
| LT | 194.165.16.37:6892 | udp | |
| LT | 194.165.16.38:6892 | udp | |
| LT | 194.165.16.39:6892 | udp | |
| LT | 194.165.16.40:6892 | udp | |
| LT | 194.165.16.41:6892 | udp | |
| LT | 194.165.16.42:6892 | udp | |
| LT | 194.165.16.43:6892 | udp | |
| LT | 194.165.16.44:6892 | udp | |
| LT | 194.165.16.45:6892 | udp | |
| LT | 194.165.16.46:6892 | udp | |
| LT | 194.165.16.47:6892 | udp | |
| LT | 194.165.16.48:6892 | udp | |
| LT | 194.165.16.49:6892 | udp | |
| LT | 194.165.16.50:6892 | udp | |
| LT | 194.165.16.51:6892 | udp | |
| LT | 194.165.16.52:6892 | udp | |
| LT | 194.165.16.53:6892 | udp | |
| LT | 194.165.16.54:6892 | udp | |
| LT | 194.165.16.55:6892 | udp | |
| LT | 194.165.16.56:6892 | udp | |
| LT | 194.165.16.57:6892 | udp | |
| LT | 194.165.16.58:6892 | udp | |
| LT | 194.165.16.59:6892 | udp | |
| LT | 194.165.16.60:6892 | udp | |
| LT | 194.165.16.61:6892 | udp | |
| LT | 194.165.16.62:6892 | udp | |
| LT | 194.165.16.63:6892 | udp | |
| LT | 194.165.16.64:6892 | udp | |
| LT | 194.165.16.65:6892 | udp | |
| LT | 194.165.16.66:6892 | udp | |
| LT | 194.165.16.67:6892 | udp | |
| LT | 194.165.16.68:6892 | udp | |
| LT | 194.165.16.69:6892 | udp | |
| LT | 194.165.16.70:6892 | udp | |
| LT | 194.165.16.71:6892 | udp | |
| LT | 194.165.16.72:6892 | udp | |
| LT | 194.165.16.73:6892 | udp | |
| LT | 194.165.16.74:6892 | udp | |
| LT | 194.165.16.75:6892 | udp | |
| LT | 194.165.16.76:6892 | udp | |
| LT | 194.165.16.77:6892 | udp | |
| LT | 194.165.16.78:6892 | udp | |
| LT | 194.165.16.79:6892 | udp | |
| LT | 194.165.16.80:6892 | udp | |
| LT | 194.165.16.81:6892 | udp | |
| LT | 194.165.16.82:6892 | udp | |
| LT | 194.165.16.83:6892 | udp | |
| LT | 194.165.16.84:6892 | udp | |
| LT | 194.165.16.85:6892 | udp | |
| LT | 194.165.16.86:6892 | udp | |
| LT | 194.165.16.87:6892 | udp | |
| LT | 194.165.16.88:6892 | udp | |
| LT | 194.165.16.89:6892 | udp | |
| LT | 194.165.16.90:6892 | udp | |
| LT | 194.165.16.91:6892 | udp | |
| LT | 194.165.16.92:6892 | udp | |
| LT | 194.165.16.93:6892 | udp | |
| LT | 194.165.16.94:6892 | udp | |
| LT | 194.165.16.95:6892 | udp | |
| LT | 194.165.16.96:6892 | udp | |
| LT | 194.165.16.97:6892 | udp | |
| LT | 194.165.16.98:6892 | udp | |
| LT | 194.165.16.99:6892 | udp | |
| LT | 194.165.16.100:6892 | udp | |
| LT | 194.165.16.101:6892 | udp | |
| LT | 194.165.16.102:6892 | udp | |
| LT | 194.165.16.103:6892 | udp | |
| LT | 194.165.16.104:6892 | udp | |
| LT | 194.165.16.105:6892 | udp | |
| LT | 194.165.16.106:6892 | udp | |
| LT | 194.165.16.107:6892 | udp | |
| LT | 194.165.16.108:6892 | udp | |
| LT | 194.165.16.109:6892 | udp | |
| LT | 194.165.16.110:6892 | udp | |
| LT | 194.165.16.111:6892 | udp | |
| LT | 194.165.16.112:6892 | udp | |
| LT | 194.165.16.113:6892 | udp | |
| LT | 194.165.16.114:6892 | udp | |
| LT | 194.165.16.115:6892 | udp | |
| LT | 194.165.16.116:6892 | udp | |
| LT | 194.165.16.117:6892 | udp | |
| LT | 194.165.16.118:6892 | udp | |
| LT | 194.165.16.119:6892 | udp | |
| LT | 194.165.16.120:6892 | udp | |
| LT | 194.165.16.121:6892 | udp | |
| LT | 194.165.16.122:6892 | udp | |
| LT | 194.165.16.123:6892 | udp | |
| LT | 194.165.16.124:6892 | udp | |
| LT | 194.165.16.125:6892 | udp | |
| LT | 194.165.16.126:6892 | udp | |
| LT | 194.165.16.127:6892 | udp | |
| LT | 194.165.16.128:6892 | udp | |
| LT | 194.165.16.129:6892 | udp | |
| LT | 194.165.16.130:6892 | udp | |
| LT | 194.165.16.131:6892 | udp | |
| LT | 194.165.16.132:6892 | udp | |
| LT | 194.165.16.133:6892 | udp | |
| LT | 194.165.16.134:6892 | udp | |
| LT | 194.165.16.135:6892 | udp | |
| LT | 194.165.16.136:6892 | udp | |
| LT | 194.165.16.137:6892 | udp | |
| LT | 194.165.16.138:6892 | udp | |
| LT | 194.165.16.139:6892 | udp | |
| LT | 194.165.16.140:6892 | udp | |
| LT | 194.165.16.141:6892 | udp | |
| LT | 194.165.16.142:6892 | udp | |
| LT | 194.165.16.143:6892 | udp | |
| LT | 194.165.16.144:6892 | udp | |
| LT | 194.165.16.145:6892 | udp | |
| LT | 194.165.16.146:6892 | udp | |
| LT | 194.165.16.147:6892 | udp | |
| LT | 194.165.16.148:6892 | udp | |
| LT | 194.165.16.149:6892 | udp | |
| LT | 194.165.16.150:6892 | udp | |
| LT | 194.165.16.151:6892 | udp | |
| LT | 194.165.16.152:6892 | udp | |
| LT | 194.165.16.153:6892 | udp | |
| LT | 194.165.16.154:6892 | udp | |
| LT | 194.165.16.155:6892 | udp | |
| LT | 194.165.16.156:6892 | udp | |
| LT | 194.165.16.157:6892 | udp | |
| LT | 194.165.16.158:6892 | udp | |
| LT | 194.165.16.159:6892 | udp | |
| LT | 194.165.16.160:6892 | udp | |
| LT | 194.165.16.161:6892 | udp | |
| LT | 194.165.16.162:6892 | udp | |
| LT | 194.165.16.163:6892 | udp | |
| LT | 194.165.16.164:6892 | udp | |
| LT | 194.165.16.165:6892 | udp | |
| LT | 194.165.16.166:6892 | udp | |
| LT | 194.165.16.167:6892 | udp | |
| LT | 194.165.16.168:6892 | udp | |
| LT | 194.165.16.169:6892 | udp | |
| LT | 194.165.16.170:6892 | udp | |
| LT | 194.165.16.171:6892 | udp | |
| LT | 194.165.16.172:6892 | udp | |
| LT | 194.165.16.173:6892 | udp | |
| LT | 194.165.16.174:6892 | udp | |
| LT | 194.165.16.175:6892 | udp | |
| LT | 194.165.16.176:6892 | udp | |
| LT | 194.165.16.177:6892 | udp | |
| LT | 194.165.16.178:6892 | udp | |
| LT | 194.165.16.179:6892 | udp | |
| LT | 194.165.16.180:6892 | udp | |
| LT | 194.165.16.181:6892 | udp | |
| LT | 194.165.16.182:6892 | udp | |
| LT | 194.165.16.183:6892 | udp | |
| LT | 194.165.16.184:6892 | udp | |
| LT | 194.165.16.185:6892 | udp | |
| LT | 194.165.16.186:6892 | udp | |
| LT | 194.165.16.187:6892 | udp | |
| LT | 194.165.16.188:6892 | udp | |
| LT | 194.165.16.189:6892 | udp | |
| LT | 194.165.16.190:6892 | udp | |
| LT | 194.165.16.191:6892 | udp | |
| LT | 194.165.16.192:6892 | udp | |
| LT | 194.165.16.193:6892 | udp | |
| LT | 194.165.16.194:6892 | udp | |
| LT | 194.165.16.195:6892 | udp | |
| LT | 194.165.16.196:6892 | udp | |
| LT | 194.165.16.197:6892 | udp | |
| LT | 194.165.16.198:6892 | udp | |
| LT | 194.165.16.199:6892 | udp | |
| LT | 194.165.16.200:6892 | udp | |
| LT | 194.165.16.201:6892 | udp | |
| LT | 194.165.16.202:6892 | udp | |
| LT | 194.165.16.203:6892 | udp | |
| LT | 194.165.16.204:6892 | udp | |
| LT | 194.165.16.205:6892 | udp | |
| LT | 194.165.16.206:6892 | udp | |
| LT | 194.165.16.207:6892 | udp | |
| LT | 194.165.16.208:6892 | udp | |
| LT | 194.165.16.209:6892 | udp | |
| LT | 194.165.16.210:6892 | udp | |
| LT | 194.165.16.211:6892 | udp | |
| LT | 194.165.16.212:6892 | udp | |
| LT | 194.165.16.213:6892 | udp | |
| LT | 194.165.16.214:6892 | udp | |
| LT | 194.165.16.215:6892 | udp | |
| LT | 194.165.16.216:6892 | udp | |
| LT | 194.165.16.217:6892 | udp | |
| LT | 194.165.16.218:6892 | udp | |
| LT | 194.165.16.219:6892 | udp | |
| LT | 194.165.16.220:6892 | udp | |
| LT | 194.165.16.221:6892 | udp | |
| LT | 194.165.16.222:6892 | udp | |
| LT | 194.165.16.223:6892 | udp | |
| LT | 194.165.16.224:6892 | udp | |
| LT | 194.165.16.225:6892 | udp | |
| LT | 194.165.16.226:6892 | udp | |
| LT | 194.165.16.227:6892 | udp | |
| LT | 194.165.16.228:6892 | udp | |
| LT | 194.165.16.229:6892 | udp | |
| LT | 194.165.16.230:6892 | udp | |
| LT | 194.165.16.231:6892 | udp | |
| LT | 194.165.16.232:6892 | udp | |
| LT | 194.165.16.233:6892 | udp | |
| LT | 194.165.16.234:6892 | udp | |
| LT | 194.165.16.235:6892 | udp | |
| LT | 194.165.16.236:6892 | udp | |
| LT | 194.165.16.237:6892 | udp | |
| LT | 194.165.16.238:6892 | udp | |
| LT | 194.165.16.239:6892 | udp | |
| LT | 194.165.16.240:6892 | udp | |
| LT | 194.165.16.241:6892 | udp | |
| LT | 194.165.16.242:6892 | udp | |
| LT | 194.165.16.243:6892 | udp | |
| LT | 194.165.16.244:6892 | udp | |
| LT | 194.165.16.245:6892 | udp | |
| LT | 194.165.16.246:6892 | udp | |
| LT | 194.165.16.247:6892 | udp | |
| LT | 194.165.16.248:6892 | udp | |
| LT | 194.165.16.249:6892 | udp | |
| LT | 194.165.16.250:6892 | udp | |
| LT | 194.165.16.251:6892 | udp | |
| LT | 194.165.16.252:6892 | udp | |
| LT | 194.165.16.253:6892 | udp | |
| LT | 194.165.16.254:6892 | udp | |
| N/A | 127.0.0.0:6892 | udp | |
| N/A | 127.0.0.1:6892 | udp | |
| N/A | 127.0.0.2:6892 | udp | |
| N/A | 127.0.0.3:6892 | udp | |
| N/A | 127.0.0.4:6892 | udp | |
| N/A | 127.0.0.5:6892 | udp | |
| N/A | 127.0.0.6:6892 | udp | |
| N/A | 127.0.0.7:6892 | udp | |
| N/A | 127.0.0.8:6892 | udp | |
| N/A | 127.0.0.9:6892 | udp | |
| N/A | 127.0.0.10:6892 | udp | |
| N/A | 127.0.0.11:6892 | udp | |
| N/A | 127.0.0.12:6892 | udp | |
| N/A | 127.0.0.13:6892 | udp | |
| N/A | 127.0.0.14:6892 | udp | |
| N/A | 127.0.0.15:6892 | udp | |
| N/A | 127.0.0.16:6892 | udp | |
| N/A | 127.0.0.17:6892 | udp | |
| N/A | 127.0.0.18:6892 | udp | |
| N/A | 127.0.0.19:6892 | udp | |
| N/A | 127.0.0.20:6892 | udp | |
| N/A | 127.0.0.21:6892 | udp | |
| N/A | 127.0.0.22:6892 | udp | |
| N/A | 127.0.0.23:6892 | udp | |
| N/A | 127.0.0.24:6892 | udp | |
| N/A | 127.0.0.25:6892 | udp | |
| N/A | 127.0.0.26:6892 | udp | |
| N/A | 127.0.0.27:6892 | udp | |
| N/A | 127.0.0.28:6892 | udp | |
| N/A | 127.0.0.29:6892 | udp | |
| N/A | 127.0.0.30:6892 | udp | |
| N/A | 127.0.0.31:6892 | udp | |
| LT | 194.165.16.255:6892 | udp | |
| LT | 194.165.17.0:6892 | udp | |
| LT | 194.165.17.1:6892 | udp | |
| LT | 194.165.17.2:6892 | udp | |
| LT | 194.165.17.3:6892 | udp | |
| LT | 194.165.17.4:6892 | udp | |
| LT | 194.165.17.5:6892 | udp | |
| LT | 194.165.17.6:6892 | udp | |
| LT | 194.165.17.7:6892 | udp | |
| LT | 194.165.17.8:6892 | udp | |
| LT | 194.165.17.9:6892 | udp | |
| LT | 194.165.17.10:6892 | udp | |
| LT | 194.165.17.11:6892 | udp | |
| LT | 194.165.17.12:6892 | udp | |
| LT | 194.165.17.13:6892 | udp | |
| LT | 194.165.17.14:6892 | udp | |
| LT | 194.165.17.15:6892 | udp | |
| LT | 194.165.17.16:6892 | udp | |
| LT | 194.165.17.17:6892 | udp | |
| LT | 194.165.17.18:6892 | udp | |
| LT | 194.165.17.19:6892 | udp | |
| LT | 194.165.17.20:6892 | udp | |
| LT | 194.165.17.21:6892 | udp | |
| LT | 194.165.17.22:6892 | udp | |
| LT | 194.165.17.23:6892 | udp | |
| LT | 194.165.17.24:6892 | udp | |
| LT | 194.165.17.25:6892 | udp | |
| LT | 194.165.17.26:6892 | udp | |
| LT | 194.165.17.27:6892 | udp | |
| LT | 194.165.17.28:6892 | udp | |
| LT | 194.165.17.29:6892 | udp | |
| LT | 194.165.17.30:6892 | udp | |
| LT | 194.165.17.31:6892 | udp | |
| LT | 194.165.17.32:6892 | udp | |
| LT | 194.165.17.33:6892 | udp | |
| LT | 194.165.17.34:6892 | udp | |
| LT | 194.165.17.35:6892 | udp | |
| LT | 194.165.17.36:6892 | udp | |
| LT | 194.165.17.37:6892 | udp | |
| LT | 194.165.17.38:6892 | udp | |
| LT | 194.165.17.39:6892 | udp | |
| LT | 194.165.17.40:6892 | udp | |
| LT | 194.165.17.41:6892 | udp | |
| LT | 194.165.17.42:6892 | udp | |
| LT | 194.165.17.43:6892 | udp | |
| LT | 194.165.17.44:6892 | udp | |
| LT | 194.165.17.45:6892 | udp | |
| LT | 194.165.17.46:6892 | udp | |
| LT | 194.165.17.47:6892 | udp | |
| LT | 194.165.17.48:6892 | udp | |
| LT | 194.165.17.49:6892 | udp | |
| LT | 194.165.17.50:6892 | udp | |
| LT | 194.165.17.51:6892 | udp | |
| LT | 194.165.17.52:6892 | udp | |
| LT | 194.165.17.53:6892 | udp | |
| LT | 194.165.17.54:6892 | udp | |
| LT | 194.165.17.55:6892 | udp | |
| LT | 194.165.17.56:6892 | udp | |
| LT | 194.165.17.57:6892 | udp | |
| LT | 194.165.17.58:6892 | udp | |
| LT | 194.165.17.59:6892 | udp | |
| LT | 194.165.17.60:6892 | udp | |
| LT | 194.165.17.61:6892 | udp | |
| LT | 194.165.17.62:6892 | udp | |
| LT | 194.165.17.63:6892 | udp | |
| LT | 194.165.17.64:6892 | udp | |
| LT | 194.165.17.65:6892 | udp | |
| LT | 194.165.17.66:6892 | udp | |
| LT | 194.165.17.67:6892 | udp | |
| LT | 194.165.17.68:6892 | udp | |
| LT | 194.165.17.69:6892 | udp | |
| LT | 194.165.17.70:6892 | udp | |
| LT | 194.165.17.71:6892 | udp | |
| LT | 194.165.17.72:6892 | udp | |
| LT | 194.165.17.73:6892 | udp | |
| LT | 194.165.17.74:6892 | udp | |
| LT | 194.165.17.75:6892 | udp | |
| LT | 194.165.17.76:6892 | udp | |
| LT | 194.165.17.77:6892 | udp | |
| LT | 194.165.17.78:6892 | udp | |
| LT | 194.165.17.79:6892 | udp | |
| LT | 194.165.17.80:6892 | udp | |
| LT | 194.165.17.81:6892 | udp | |
| LT | 194.165.17.82:6892 | udp | |
| LT | 194.165.17.83:6892 | udp | |
| LT | 194.165.17.84:6892 | udp | |
| LT | 194.165.17.85:6892 | udp | |
| LT | 194.165.17.86:6892 | udp | |
| LT | 194.165.17.87:6892 | udp | |
| LT | 194.165.17.88:6892 | udp | |
| LT | 194.165.17.89:6892 | udp | |
| LT | 194.165.17.90:6892 | udp | |
| LT | 194.165.17.91:6892 | udp | |
| LT | 194.165.17.92:6892 | udp | |
| LT | 194.165.17.93:6892 | udp | |
| LT | 194.165.17.94:6892 | udp | |
| LT | 194.165.17.95:6892 | udp | |
| LT | 194.165.17.96:6892 | udp | |
| LT | 194.165.17.97:6892 | udp | |
| LT | 194.165.17.98:6892 | udp | |
| LT | 194.165.17.99:6892 | udp | |
| LT | 194.165.17.100:6892 | udp | |
| LT | 194.165.17.101:6892 | udp | |
| LT | 194.165.17.102:6892 | udp | |
| LT | 194.165.17.103:6892 | udp | |
| LT | 194.165.17.104:6892 | udp | |
| LT | 194.165.17.105:6892 | udp | |
| LT | 194.165.17.106:6892 | udp | |
| LT | 194.165.17.107:6892 | udp | |
| LT | 194.165.17.108:6892 | udp | |
| LT | 194.165.17.109:6892 | udp | |
| LT | 194.165.17.110:6892 | udp | |
| LT | 194.165.17.111:6892 | udp | |
| LT | 194.165.17.112:6892 | udp | |
| LT | 194.165.17.113:6892 | udp | |
| LT | 194.165.17.114:6892 | udp | |
| LT | 194.165.17.115:6892 | udp | |
| LT | 194.165.17.116:6892 | udp | |
| LT | 194.165.17.117:6892 | udp | |
| LT | 194.165.17.118:6892 | udp | |
| LT | 194.165.17.119:6892 | udp | |
| LT | 194.165.17.120:6892 | udp | |
| LT | 194.165.17.121:6892 | udp | |
| LT | 194.165.17.122:6892 | udp | |
| LT | 194.165.17.123:6892 | udp | |
| LT | 194.165.17.124:6892 | udp | |
| LT | 194.165.17.125:6892 | udp | |
| LT | 194.165.17.126:6892 | udp | |
| LT | 194.165.17.127:6892 | udp | |
| LT | 194.165.17.128:6892 | udp | |
| LT | 194.165.17.129:6892 | udp | |
| LT | 194.165.17.130:6892 | udp | |
| LT | 194.165.17.131:6892 | udp | |
| LT | 194.165.17.132:6892 | udp | |
| LT | 194.165.17.133:6892 | udp | |
| LT | 194.165.17.134:6892 | udp | |
| LT | 194.165.17.135:6892 | udp | |
| LT | 194.165.17.136:6892 | udp | |
| LT | 194.165.17.137:6892 | udp | |
| LT | 194.165.17.138:6892 | udp | |
| LT | 194.165.17.139:6892 | udp | |
| LT | 194.165.17.140:6892 | udp | |
| LT | 194.165.17.141:6892 | udp | |
| LT | 194.165.17.142:6892 | udp | |
| LT | 194.165.17.143:6892 | udp | |
| LT | 194.165.17.144:6892 | udp | |
| LT | 194.165.17.145:6892 | udp | |
| LT | 194.165.17.146:6892 | udp | |
| LT | 194.165.17.147:6892 | udp | |
| LT | 194.165.17.148:6892 | udp | |
| LT | 194.165.17.149:6892 | udp | |
| LT | 194.165.17.150:6892 | udp | |
| LT | 194.165.17.151:6892 | udp | |
| LT | 194.165.17.152:6892 | udp | |
| LT | 194.165.17.153:6892 | udp | |
| LT | 194.165.17.154:6892 | udp | |
| LT | 194.165.17.155:6892 | udp | |
| LT | 194.165.17.156:6892 | udp | |
| LT | 194.165.17.157:6892 | udp | |
| LT | 194.165.17.158:6892 | udp | |
| LT | 194.165.17.159:6892 | udp | |
| LT | 194.165.17.160:6892 | udp | |
| LT | 194.165.17.161:6892 | udp | |
| LT | 194.165.17.162:6892 | udp | |
| LT | 194.165.17.163:6892 | udp | |
| LT | 194.165.17.164:6892 | udp | |
| LT | 194.165.17.165:6892 | udp | |
| LT | 194.165.17.166:6892 | udp | |
| LT | 194.165.17.167:6892 | udp | |
| LT | 194.165.17.168:6892 | udp | |
| LT | 194.165.17.169:6892 | udp | |
| LT | 194.165.17.170:6892 | udp | |
| LT | 194.165.17.171:6892 | udp | |
| LT | 194.165.17.172:6892 | udp | |
| LT | 194.165.17.173:6892 | udp | |
| LT | 194.165.17.174:6892 | udp | |
| LT | 194.165.17.175:6892 | udp | |
| LT | 194.165.17.176:6892 | udp | |
| LT | 194.165.17.177:6892 | udp | |
| LT | 194.165.17.178:6892 | udp | |
| LT | 194.165.17.179:6892 | udp | |
| LT | 194.165.17.180:6892 | udp | |
| LT | 194.165.17.181:6892 | udp | |
| LT | 194.165.17.182:6892 | udp | |
| LT | 194.165.17.183:6892 | udp | |
| LT | 194.165.17.184:6892 | udp | |
| LT | 194.165.17.185:6892 | udp | |
| LT | 194.165.17.186:6892 | udp | |
| LT | 194.165.17.187:6892 | udp | |
| LT | 194.165.17.188:6892 | udp | |
| LT | 194.165.17.189:6892 | udp | |
| LT | 194.165.17.190:6892 | udp | |
| LT | 194.165.17.191:6892 | udp | |
| LT | 194.165.17.192:6892 | udp | |
| LT | 194.165.17.193:6892 | udp | |
| LT | 194.165.17.194:6892 | udp | |
| LT | 194.165.17.195:6892 | udp | |
| LT | 194.165.17.196:6892 | udp | |
| LT | 194.165.17.197:6892 | udp | |
| LT | 194.165.17.198:6892 | udp | |
| LT | 194.165.17.199:6892 | udp | |
| LT | 194.165.17.200:6892 | udp | |
| LT | 194.165.17.201:6892 | udp | |
| LT | 194.165.17.202:6892 | udp | |
| LT | 194.165.17.203:6892 | udp | |
| LT | 194.165.17.204:6892 | udp | |
| LT | 194.165.17.205:6892 | udp | |
| LT | 194.165.17.206:6892 | udp | |
| LT | 194.165.17.207:6892 | udp | |
| LT | 194.165.17.208:6892 | udp | |
| LT | 194.165.17.209:6892 | udp | |
| LT | 194.165.17.210:6892 | udp | |
| LT | 194.165.17.211:6892 | udp | |
| LT | 194.165.17.212:6892 | udp | |
| LT | 194.165.17.213:6892 | udp | |
| LT | 194.165.17.214:6892 | udp | |
| LT | 194.165.17.215:6892 | udp | |
| LT | 194.165.17.216:6892 | udp | |
| LT | 194.165.17.217:6892 | udp | |
| LT | 194.165.17.218:6892 | udp | |
| LT | 194.165.17.219:6892 | udp | |
| LT | 194.165.17.220:6892 | udp | |
| LT | 194.165.17.221:6892 | udp | |
| LT | 194.165.17.222:6892 | udp | |
| LT | 194.165.17.223:6892 | udp | |
| LT | 194.165.17.224:6892 | udp | |
| LT | 194.165.17.225:6892 | udp | |
| LT | 194.165.17.226:6892 | udp | |
| LT | 194.165.17.227:6892 | udp | |
| LT | 194.165.17.228:6892 | udp | |
| LT | 194.165.17.229:6892 | udp | |
| LT | 194.165.17.230:6892 | udp | |
| LT | 194.165.17.231:6892 | udp | |
| LT | 194.165.17.232:6892 | udp | |
| LT | 194.165.17.233:6892 | udp | |
| LT | 194.165.17.234:6892 | udp | |
| LT | 194.165.17.235:6892 | udp | |
| LT | 194.165.17.236:6892 | udp | |
| LT | 194.165.17.237:6892 | udp | |
| LT | 194.165.17.238:6892 | udp | |
| LT | 194.165.17.239:6892 | udp | |
| LT | 194.165.17.240:6892 | udp | |
| LT | 194.165.17.241:6892 | udp | |
| LT | 194.165.17.242:6892 | udp | |
| LT | 194.165.17.243:6892 | udp | |
| LT | 194.165.17.244:6892 | udp | |
| LT | 194.165.17.245:6892 | udp | |
| LT | 194.165.17.246:6892 | udp | |
| LT | 194.165.17.247:6892 | udp | |
| LT | 194.165.17.248:6892 | udp | |
| LT | 194.165.17.249:6892 | udp | |
| LT | 194.165.17.250:6892 | udp | |
| LT | 194.165.17.251:6892 | udp | |
| LT | 194.165.17.252:6892 | udp | |
| LT | 194.165.17.253:6892 | udp | |
| LT | 194.165.17.254:6892 | udp | |
| LT | 194.165.17.255:6892 | udp | |
| US | 8.8.8.8:53 | ftoxmpdipwobp4qy.ewfp5y.bid | udp |
| US | 8.8.8.8:53 | btc.blockr.io | udp |
| US | 8.8.8.8:53 | api.blockcypher.com | udp |
| US | 172.67.17.223:80 | api.blockcypher.com | tcp |
| US | 8.8.8.8:53 | chain.so | udp |
| US | 104.22.64.108:443 | chain.so | tcp |
Files
memory/2140-10-0x0000000000500000-0x000000000052E000-memory.dmp
\Users\Admin\AppData\Local\Temp\nsy16FB.tmp\System.dll
| MD5 | ca332bb753b0775d5e806e236ddcec55 |
| SHA1 | f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f |
| SHA256 | df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d |
| SHA512 | 2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00 |
memory/2960-12-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2140-15-0x0000000000500000-0x000000000052E000-memory.dmp
memory/2960-16-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2960-14-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2960-21-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2960-22-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2960-25-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2960-26-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\Downloads\_README_.hta
| MD5 | 1896455e8e7d46caa2d44949629cef4f |
| SHA1 | 898edb7b319e7c4789e9f706136a1560210c4388 |
| SHA256 | 4ceb7ff65ce2cab4c0795e8c6698df909d5ba72564673f38fb8ba5bf4846241a |
| SHA512 | 9f4afc04c4ef3817877d445f402e8ebcaf610c4dcaaefb53607922a0a689f0898dfa69d38c250ae14eb580441f3d8a8eaed2a66045514871292c5d81bc996be1 |
memory/2960-289-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2960-291-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2960-297-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2960-309-0x0000000000400000-0x0000000000432000-memory.dmp