Malware Analysis Report

2024-09-22 14:26

Sample ID 240603-bcw3haeg47
Target 90098301184813417bfc22e015a92ad5_JaffaCakes118
SHA256 899774c335ba267e8c4d27a01973d9e69d8007bd885c87a12cc517460f051aa9
Tags
cerber defense_evasion discovery execution impact ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

899774c335ba267e8c4d27a01973d9e69d8007bd885c87a12cc517460f051aa9

Threat Level: Known bad

The file 90098301184813417bfc22e015a92ad5_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

cerber defense_evasion discovery execution impact ransomware spyware stealer

Cerber

Deletes shadow copies

Contacts a large (527) amount of remote hosts

Contacts a large (517) amount of remote hosts

Blocklisted process makes network request

Loads dropped DLL

Deletes itself

Reads user/profile data of web browsers

Checks computer location settings

Sets desktop wallpaper using registry

Suspicious use of SetThreadContext

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Program crash

Enumerates physical storage devices

NSIS installer

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Kills process with taskkill

Runs ping.exe

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Uses Volume Shadow Copy service COM API

Modifies registry class

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-03 01:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-03 01:00

Reported

2024-06-03 01:03

Platform

win7-20240508-en

Max time kernel

119s

Max time network

121s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 224

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-03 01:00

Reported

2024-06-03 01:03

Platform

win7-20240220-en

Max time kernel

120s

Max time network

121s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 244

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-03 01:00

Reported

2024-06-03 01:03

Platform

win7-20240419-en

Max time kernel

120s

Max time network

123s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Aero.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Aero.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Aero.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-03 01:00

Reported

2024-06-03 01:03

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Aero.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1712 wrote to memory of 3960 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1712 wrote to memory of 3960 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1712 wrote to memory of 3960 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Aero.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Aero.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3960 -ip 3960

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 556

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 94.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 01:00

Reported

2024-06-03 01:03

Platform

win7-20240508-en

Max time kernel

127s

Max time network

129s

Command Line

"C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe"

Signatures

Cerber

ransomware cerber

Deletes shadow copies

ransomware defense_evasion impact execution

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A

Contacts a large (517) amount of remote hosts

discovery

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A

Reads user/profile data of web browsers

spyware stealer

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpDF5.bmp" C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\PLANNERS.ONE C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\README.hta C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BLANK.ONE C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BUSINESS.ONE C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\DESIGNER.ONE C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Brueghel C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
File opened for modification C:\Windows\chilblain C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A

Enumerates physical storage devices

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SysWOW64\mshta.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2576 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 2576 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 2576 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 2576 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 2576 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 2576 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 2576 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 2576 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 2576 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 2576 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 2628 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2628 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2628 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2628 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2248 wrote to memory of 2180 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 2248 wrote to memory of 2180 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 2248 wrote to memory of 2180 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 2628 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 2628 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 2628 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 2628 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 2628 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2628 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2628 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2628 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 1636 wrote to memory of 2348 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1636 wrote to memory of 2348 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1636 wrote to memory of 2348 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1636 wrote to memory of 1596 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 1636 wrote to memory of 1596 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 1636 wrote to memory of 1596 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\README.hta"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "90098301184813417bfc22e015a92ad5_JaffaCakes118.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

Network

Country Destination Domain Proto
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
US 8.8.8.8:53 lfdachijzuwx4bc4.zreknv.bid udp
US 8.8.8.8:53 btc.blockr.io udp
US 8.8.8.8:53 api.blockcypher.com udp
US 104.20.99.10:80 api.blockcypher.com tcp
US 8.8.8.8:53 chain.so udp
US 104.22.64.108:443 chain.so tcp

Files

\Users\Admin\AppData\Local\Temp\nsi3479.tmp\System.dll

MD5 a436db0c473a087eb61ff5c53c34ba27
SHA1 65ea67e424e75f5065132b539c8b2eda88aa0506
SHA256 75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
SHA512 908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d

\Users\Admin\AppData\Roaming\Aero.dll

MD5 6bd6b1721e31a23e167e0d62ea53fa1e
SHA1 29d1908f58aff5def4b30f3436b2c6faba741133
SHA256 b307cbd10279de1a31fa4dc4639a216cef4d767b04ce71af8207ef598b2c83fc
SHA512 089690bcbe728ef1bcc8ff6dbed766c7a237f445361753d20a33f84d25c6091f11c123c2e062b3d5ba5d79d10f783b56e0b29ea53ae720fdd43f4fdf31a00456

memory/2628-20-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-32-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-30-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2628-28-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-26-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-24-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-22-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2576-33-0x0000000001BE0000-0x0000000001BEC000-memory.dmp

memory/2628-36-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-38-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-43-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-44-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-48-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-47-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\README.hta

MD5 271b348610886a1db28a4c2717f3c793
SHA1 639a9e0b7b20cd418b2207477178d7bf0f8d1c62
SHA256 26a56dcbc1a9d2e067b6e25995fcb5b98f5eff6df4a2d8dc4b7ed5a37ad45c49
SHA512 ee0a3eae977f57293874ca7e2f3a9768c3e0ea15a5dba05c25309d3176e267e7cf3143aeb7b0dfb5673ab9eb44e17b281cf49e38d72ea25d470d82b6edefdca3

C:\Users\Admin\AppData\Roaming\default.units.xml

MD5 2b453e710181d743a12170c84b01fec1
SHA1 d1cac5d9cb41ec5561ef5ce9bf39bfafb51ab29a
SHA256 6d062d16f310fbdebbac7ad2f6611d56aef033f2f7eabea42dcfe52df7e0198a
SHA512 85cbb19efccbbca13c094c11373c5cb96fe60f7a1218b0ceec20fe7c35956edc51b71686f90af71ea689bbeafda43d83a0029c8ade14079efc4fb37ada41bdff

memory/2628-295-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-349-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-352-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-355-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-358-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-361-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-364-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-367-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-370-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-373-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-376-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-379-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-382-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-385-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-391-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-388-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-394-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-401-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2628-413-0x0000000000400000-0x0000000000431000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 01:00

Reported

2024-06-03 01:03

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe"

Signatures

Cerber

ransomware cerber

Deletes shadow copies

ransomware defense_evasion impact execution

Contacts a large (527) amount of remote hosts

discovery

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpAC1A.bmp" C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\DESIGNER.ONE C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\README.hta C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\PLANNERS.ONE C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BUSINESS.ONE C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BLANK.ONE C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\ACADEMIC.ONE C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Brueghel C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
File opened for modification C:\Windows\chilblain C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A

Enumerates physical storage devices

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5092 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 5092 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 5092 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 5092 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 5092 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 5092 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 5092 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 5092 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 5092 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 5092 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe
PID 4188 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 4188 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2360 wrote to memory of 4316 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 2360 wrote to memory of 4316 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 4188 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 4188 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 4188 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 4188 wrote to memory of 212 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 4188 wrote to memory of 212 N/A C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 212 wrote to memory of 4304 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 212 wrote to memory of 4304 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 212 wrote to memory of 884 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 212 wrote to memory of 884 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\90098301184813417bfc22e015a92ad5_JaffaCakes118.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4c4 0x3d4

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\README.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "90098301184813417bfc22e015a92ad5_JaffaCakes118.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
US 8.8.8.8:53 0.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 1.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 2.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 3.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 4.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 5.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 6.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 7.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 8.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 9.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 10.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 11.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 12.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 13.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 14.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 15.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 16.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 17.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 18.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 19.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 20.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 21.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 23.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 24.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 22.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 25.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 26.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 27.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 28.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 29.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 30.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 31.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 32.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 33.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 34.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 35.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 36.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 37.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 38.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 39.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 41.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 40.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 43.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 42.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 45.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 44.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 46.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 47.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 48.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 49.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 50.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 52.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 51.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 54.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 53.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 55.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 56.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 57.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 58.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 59.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 60.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 61.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 62.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 63.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 64.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 65.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 66.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 67.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 68.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 69.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 70.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 71.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 72.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 73.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 74.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 75.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 76.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 77.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 78.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 79.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 80.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 81.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 82.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 83.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 84.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 85.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 86.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 87.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 89.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 88.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 90.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 91.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 93.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 92.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 94.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 96.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 95.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 98.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 97.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 99.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 100.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 101.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 102.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 103.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 104.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 105.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 106.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 107.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 108.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 110.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 109.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 111.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 112.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 113.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 114.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 116.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 115.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 117.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 118.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 119.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 120.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 121.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 122.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 123.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 124.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 125.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 126.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 127.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 128.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 129.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 131.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 130.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 132.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 133.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 134.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 136.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 135.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 137.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 138.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 139.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 140.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 141.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 142.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 143.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 144.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 146.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 145.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 147.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 148.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 149.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 150.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 151.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 152.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 154.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 153.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 155.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 156.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 157.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 158.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 159.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 160.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 161.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 162.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 164.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 163.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 165.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 166.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 167.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 168.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 169.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 170.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 171.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 172.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 173.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 174.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 175.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 176.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 177.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 178.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 179.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 180.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 181.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 182.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 183.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 184.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 185.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 186.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 187.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 188.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 189.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 190.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 191.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 192.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 193.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 194.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 195.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 196.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 197.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 198.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 199.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 200.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 201.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 202.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 203.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 204.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 205.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 206.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 207.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 208.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 209.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 210.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 211.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 212.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 213.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 214.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 215.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 216.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 217.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 218.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 219.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 220.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 221.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 222.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 223.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 224.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 225.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 227.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 226.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 228.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 229.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 230.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 231.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 232.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 233.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 234.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 235.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 236.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 238.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 237.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 239.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 240.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 241.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 242.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 243.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 244.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 245.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 246.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 247.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 248.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 249.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 250.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 252.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 251.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 254.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 253.234.184.31.in-addr.arpa udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 255.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 0.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 1.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 2.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 3.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 4.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 6.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 5.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 7.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 8.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 9.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 11.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 13.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 12.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 15.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 14.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 16.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 18.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 17.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 20.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 21.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 22.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 23.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 24.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 26.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 25.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 28.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 27.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 29.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 30.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 31.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 32.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 33.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 34.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 35.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 36.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 37.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 38.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 39.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 40.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 41.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 42.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 43.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 45.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 44.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 46.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 48.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 49.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 50.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 51.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 52.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 53.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 54.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 55.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 56.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 57.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 58.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 59.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 60.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 61.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 62.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 63.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 64.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 65.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 66.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 67.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 68.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 69.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 70.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 71.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 72.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 73.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 74.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 75.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 76.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 77.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 78.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 79.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 80.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 81.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 83.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 84.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 86.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 85.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 87.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 89.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 88.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 90.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 91.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 92.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 93.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 94.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 95.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 96.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 97.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 98.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 99.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 100.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 101.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 102.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 103.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 104.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 105.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 106.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 108.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 109.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 110.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 111.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 112.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 113.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 115.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 114.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 116.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 117.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 118.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 119.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 120.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 121.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 122.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 123.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 124.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 125.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 126.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 127.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 128.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 129.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 130.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 131.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 133.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 132.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 134.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 135.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 136.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 137.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 138.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 140.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 139.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 141.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 142.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 143.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 145.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 144.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 146.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 147.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 149.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 150.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 151.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 152.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 154.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 153.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 156.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 158.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 159.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 160.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 161.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 162.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 163.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 164.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 165.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 166.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 168.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 167.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 169.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 170.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 171.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 172.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 173.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 174.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 175.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 176.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 177.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 178.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 179.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 180.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 182.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 183.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 181.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 184.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 185.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 186.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 187.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 188.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 189.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 191.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 190.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 192.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 193.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 194.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 195.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 196.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 197.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 198.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 199.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 200.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 201.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 202.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 203.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 204.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 205.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 206.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 207.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 208.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 210.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 211.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 212.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 213.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 214.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 216.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 215.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 217.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 218.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 220.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 222.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 221.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 223.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 225.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 226.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 227.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 228.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 229.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 230.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 231.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 232.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 233.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 234.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 235.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 236.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 238.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 239.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 240.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 241.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 242.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 243.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 244.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 245.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 246.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 247.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 248.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 249.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 250.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 251.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 252.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 253.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 254.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
AM 31.184.235.255:6892 udp
US 8.8.8.8:53 255.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 107.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 lfdachijzuwx4bc4.zreknv.bid udp
US 8.8.8.8:53 131.109.69.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsb56BC.tmp\System.dll

MD5 a436db0c473a087eb61ff5c53c34ba27
SHA1 65ea67e424e75f5065132b539c8b2eda88aa0506
SHA256 75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
SHA512 908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d

C:\Users\Admin\AppData\Roaming\Aero.dll

MD5 6bd6b1721e31a23e167e0d62ea53fa1e
SHA1 29d1908f58aff5def4b30f3436b2c6faba741133
SHA256 b307cbd10279de1a31fa4dc4639a216cef4d767b04ce71af8207ef598b2c83fc
SHA512 089690bcbe728ef1bcc8ff6dbed766c7a237f445361753d20a33f84d25c6091f11c123c2e062b3d5ba5d79d10f783b56e0b29ea53ae720fdd43f4fdf31a00456

memory/4188-23-0x0000000000400000-0x0000000000431000-memory.dmp

memory/5092-24-0x0000000002130000-0x000000000213C000-memory.dmp

memory/4188-27-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-28-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-29-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-34-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-35-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-36-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-42-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-41-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\Downloads\README.hta

MD5 eaf5fa25933db553608498b0afdef319
SHA1 a695707883effa6e30d41ba0ed00a6d7c290f35a
SHA256 f0a78969350278d6ab257e1844443a6da8bdb646402f6fad0129c50d95d4a897
SHA512 b5746fb1d2d53185636387de6c0c822f270f842cb00a2517293336904f93ba8759f703270e42512259c63bad7e503b56fc67e843a26ffa1a87b625c94e6c757f

C:\Users\Admin\AppData\Roaming\default.units.xml

MD5 2b453e710181d743a12170c84b01fec1
SHA1 d1cac5d9cb41ec5561ef5ce9bf39bfafb51ab29a
SHA256 6d062d16f310fbdebbac7ad2f6611d56aef033f2f7eabea42dcfe52df7e0198a
SHA512 85cbb19efccbbca13c094c11373c5cb96fe60f7a1218b0ceec20fe7c35956edc51b71686f90af71ea689bbeafda43d83a0029c8ade14079efc4fb37ada41bdff

memory/4188-310-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-677-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-680-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-683-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-686-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-689-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-692-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-695-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-698-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-701-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-704-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-707-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-710-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-713-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-716-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-719-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-722-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-729-0x0000000000400000-0x0000000000431000-memory.dmp

memory/4188-734-0x0000000000400000-0x0000000000431000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-03 01:00

Reported

2024-06-03 01:03

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3876 wrote to memory of 3088 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3876 wrote to memory of 3088 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3876 wrote to memory of 3088 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3088 -ip 3088

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 131.109.69.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-03 01:00

Reported

2024-06-03 01:03

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

150s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2428 wrote to memory of 4068 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2428 wrote to memory of 4068 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2428 wrote to memory of 4068 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4068 -ip 4068

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 636

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 52.111.227.14:443 tcp

Files

N/A