Malware Analysis Report

2024-09-22 13:19

Sample ID 240617-qfq3zsscje
Target b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118
SHA256 7a6dea9a1f132fb60fda6b9ab1c821189881d093a64dc62f7903c2a819cb7adb
Tags
cerber discovery evasion persistence ransomware spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7a6dea9a1f132fb60fda6b9ab1c821189881d093a64dc62f7903c2a819cb7adb

Threat Level: Known bad

The file b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

cerber discovery evasion persistence ransomware spyware stealer trojan

Cerber

Adds policy Run key to start application

Contacts a large (518) amount of remote hosts

Contacts a large (532) amount of remote hosts

Loads dropped DLL

Deletes itself

Executes dropped EXE

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Looks up external IP address via web service

Checks whether UAC is enabled

Sets desktop wallpaper using registry

Suspicious use of SetThreadContext

Unsigned PE

Enumerates physical storage devices

NSIS installer

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Kills process with taskkill

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies Control Panel

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-17 13:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 13:12

Reported

2024-06-17 13:15

Platform

win7-20240221-en

Max time kernel

138s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe"

Signatures

Cerber

ransomware cerber

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{04E11A53-556B-582E-C494-323BC9541A7E}\\MRINFO.EXE\"" C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{04E11A53-556B-582E-C494-323BC9541A7E}\\MRINFO.EXE\"" C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A

Contacts a large (518) amount of remote hosts

discovery

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\MRINFO.lnk C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\MRINFO.lnk C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\MRINFO = "\"C:\\Users\\Admin\\AppData\\Roaming\\{04E11A53-556B-582E-C494-323BC9541A7E}\\MRINFO.EXE\"" C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\MRINFO = "\"C:\\Users\\Admin\\AppData\\Roaming\\{04E11A53-556B-582E-C494-323BC9541A7E}\\MRINFO.EXE\"" C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\MRINFO = "\"C:\\Users\\Admin\\AppData\\Roaming\\{04E11A53-556B-582E-C494-323BC9541A7E}\\MRINFO.EXE\"" C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\MRINFO = "\"C:\\Users\\Admin\\AppData\\Roaming\\{04E11A53-556B-582E-C494-323BC9541A7E}\\MRINFO.EXE\"" C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp2C9C.bmp" C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A

Enumerates physical storage devices

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{04E11A53-556B-582E-C494-323BC9541A7E}\\MRINFO.EXE\"" C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{04E11A53-556B-582E-C494-323BC9541A7E}\\MRINFO.EXE\"" C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d8cc7bf0365ae542b3373a451c4069aa000000000200000000001066000000010000200000007df66f4c8bb09ca52be4ad6c7ac8f2f718a449b63032cedd3cdf7bda6392023f000000000e80000000020000200000007e2977a2c22f8a1cc89db010a4d8167d6c8ab690c0f26049046b2f3eb4ccca5f9000000011ac37c6fd295df2aae9b2b81ca66101af69ba7db80cd621d4c643400c12fd8a1d46a76d89b9d2206ab4988db1b9f0bf63e53cba426bb285af6575c7653a8c8336004ee7657e7c2f5b0f4f9d30fa4c22c980397d6a92b51810f437cded8fd4390845fe9e26ffc7b77e64c27cb612c7725d67a9c66f0623f97a85b80d4f00d3bc23df77be6932b84b65a01664494675b9400000000f10a412c1356a84d10a82a0182311e2b67c2440607ba7814c4fae752a5c557ec79fb1898421f9f462573803ca4eb048b8b555aafa51434a33ea0d898b8a4228 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424791889" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6A74CCE1-2CAB-11EF-87C3-6E6327E9C5D7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d8cc7bf0365ae542b3373a451c4069aa000000000200000000001066000000010000200000006e83d3d919fc0a16022501ecb651160bf8e212749b31f7c3b0367c93507e4c79000000000e80000000020000200000002548a48f0c8d7cd8348bacfc44e3acf038bc378fb37dbf1df5c05d5e42e19a5320000000e0cb34c7321ee2a4cadbf7e15cbf031509d862115ce35c97b6b2b8f6de29c8f740000000bb9038315d2741933a445868e2845bd692eed5a5e63ab252632429ecc82974dba3d676f9c334f50ccc13c991df3e638a659185b200ec447fb1ee912385cbcb16 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6A8EFC01-2CAB-11EF-87C3-6E6327E9C5D7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0b1352db8c0da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2512 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 2512 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 2512 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 2512 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 2512 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 2512 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 2512 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 2512 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 2512 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 2512 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 1044 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE
PID 1044 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE
PID 1044 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE
PID 1044 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE
PID 1044 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1044 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1044 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1044 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2452 wrote to memory of 2480 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2452 wrote to memory of 2480 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2452 wrote to memory of 2480 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2452 wrote to memory of 2480 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2452 wrote to memory of 2756 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2452 wrote to memory of 2756 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2452 wrote to memory of 2756 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2452 wrote to memory of 2756 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1800 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE
PID 1800 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE
PID 1800 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE
PID 1800 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE
PID 1800 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE
PID 1800 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE
PID 1800 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE
PID 1800 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE
PID 1800 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE
PID 1800 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE
PID 1780 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Program Files\Internet Explorer\iexplore.exe
PID 1780 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Program Files\Internet Explorer\iexplore.exe
PID 1780 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Program Files\Internet Explorer\iexplore.exe
PID 1780 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Program Files\Internet Explorer\iexplore.exe
PID 1780 wrote to memory of 344 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Windows\system32\NOTEPAD.EXE
PID 1780 wrote to memory of 344 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Windows\system32\NOTEPAD.EXE
PID 1780 wrote to memory of 344 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Windows\system32\NOTEPAD.EXE
PID 1780 wrote to memory of 344 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Windows\system32\NOTEPAD.EXE
PID 1628 wrote to memory of 584 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1628 wrote to memory of 584 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1628 wrote to memory of 584 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1628 wrote to memory of 584 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2576 wrote to memory of 2900 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2576 wrote to memory of 2900 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2576 wrote to memory of 2900 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2576 wrote to memory of 2900 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1780 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Windows\System32\WScript.exe
PID 1780 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Windows\System32\WScript.exe
PID 1780 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Windows\System32\WScript.exe
PID 1780 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Windows\System32\WScript.exe
PID 1780 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Windows\system32\cmd.exe
PID 1780 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Windows\system32\cmd.exe
PID 1780 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Windows\system32\cmd.exe
PID 1780 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE C:\Windows\system32\cmd.exe
PID 3016 wrote to memory of 1820 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3016 wrote to memory of 1820 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3016 wrote to memory of 1820 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3016 wrote to memory of 540 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe"

C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE

"C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE"

C:\Windows\SysWOW64\cmd.exe

/d /c taskkill /t /f /im "b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe" > NUL

C:\Windows\SysWOW64\taskkill.exe

taskkill /t /f /im "b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe"

C:\Windows\SysWOW64\PING.EXE

ping -n 1 127.0.0.1

C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE

"C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2576 CREDAT:275457 /prefetch:2

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}

C:\Windows\system32\cmd.exe

/d /c taskkill /t /f /im "MRINFO.EXE" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE" > NUL

C:\Windows\system32\taskkill.exe

taskkill /t /f /im "MRINFO.EXE"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

C:\Windows\system32\taskeng.exe

taskeng.exe {CE52C8EA-63D0-44C3-ABDC-EE0F1B87719A} S-1-5-21-1298544033-3225604241-2703760938-1000:IZKCKOTP\Admin:Interactive:[1]

Network

Country Destination Domain Proto
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:80 ipinfo.io tcp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
US 8.8.8.8:53 52uo5k3t73ypjije.xmfru5.top udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

\Users\Admin\AppData\Local\Temp\nsi2897.tmp\System.dll

MD5 a436db0c473a087eb61ff5c53c34ba27
SHA1 65ea67e424e75f5065132b539c8b2eda88aa0506
SHA256 75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
SHA512 908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d

\Users\Admin\AppData\Roaming\Pwgen.dll

MD5 623fe81e0b18bd06f69e1cf75feaf479
SHA1 80227605564679e2e4ccc6d751d1a963c456b8b8
SHA256 8a13c3648c759b83870969e25bee41af6c2253c6b48514b97b37e621fdad1d61
SHA512 4f7b9a3924f75091414463e5b138a38b667aea036ab9792e1b9509dec91033a820727a263e59b029a7b8fafbff86aa551d97000b2ce619f4e1f977930bee859b

memory/2512-31-0x0000000000340000-0x000000000034A000-memory.dmp

memory/1044-34-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1044-46-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1044-44-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/1044-40-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1044-38-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1044-36-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1044-42-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1044-48-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1044-50-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1044-49-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1044-51-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Roaming\{04E11A53-556B-582E-C494-323BC9541A7E}\MRINFO.EXE

MD5 b8ca0108f4ae400ebb7169e7cee05f4c
SHA1 710b305e72129ad1ff69f9434f27f64298060292
SHA256 7a6dea9a1f132fb60fda6b9ab1c821189881d093a64dc62f7903c2a819cb7adb
SHA512 e1836c66940f82c95b5f9d97a511b0b3910b89416bd59523ad4bc442c016cfad00e58789d2a0cb52ccaf127d46073574c9e68f2790880832b541969f57cbf7af

memory/1044-63-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Roaming\SildCrosswort.d8u

MD5 cf5b996326404d95e56e56c6095fbf8f
SHA1 c3a1cad85e50dd01ad358e5233cc656fd7781395
SHA256 feda19c2b46dcd7cb8d33bd10e6aba57085cd679c1eb22081a2d03a141925840
SHA512 cba18ee5588a007272673099faf9f7b515ef4b962994823ea986df341af8559ea4868981ff4469c008a6407e5197584449d619dc2d017d8aaf149df59ae06621

C:\Users\Admin\AppData\Roaming\Graph2.mpl

MD5 f9ae5583a287146f0d87eeb7c35af94c
SHA1 88ce5650c88cfd3143757448a33ab480001c831a
SHA256 da8d05e61efa2f72434ce673c8e80778a7dc0f5f8edaa66d0d4df45392e6b4df
SHA512 2166532e0b911aa9d662356859cff6ab3e427901230b4650d1373d9a85edeaa16bce86cd44e310ba205838060bc6f66698734c310b51a3d6ae7f6796e508967a

C:\Users\Admin\AppData\Roaming\poofs.nex

MD5 0385931abab9197608516aae98f1981f
SHA1 ede99d3521c822ace97a6ed01f29d20fe094dd9b
SHA256 8a22796214b9f883c55e0cce3b4af2c7008761289d9a1bb132161863d8b2654b
SHA512 01f41a224832d2455ec81bd3c141eb152d07c7835d13d660ab7a2650d7ff32afcf62fcf2fcf1d266fcc6a2b5cbec1c98ada3b4959efbbe91ca6a10a4db76344b

C:\Users\Admin\AppData\Roaming\404-5.htm

MD5 b32ee0da29e26569bd038838f1928528
SHA1 8d50ef0a8ed90ea61ff3393009e795b3cea4b590
SHA256 b560e11a6bb6d7585b216bf2139ab01f36636f9054d26a4179a5b6ca8080ccfc
SHA512 f1ef5377936a193465117ccce25e6c4b90628a32eeca1f2a40ae5ebe170389bd41462bca9684916d8809e74da3c208a5a5902e2908982fc52bdbca6618ac6679

C:\Users\Admin\AppData\Roaming\Bamako

MD5 313a92eb9dc6f52cf9368d7bdb49f636
SHA1 119974836f996a58a14584497d853e3f24b68057
SHA256 cde9b6a758da6349dc02027cc178ff4dd2b51676844935d134456bc814b74bdc
SHA512 15a851200cea62c693f3ceb03d56e77147aaea7d1019da66ea8cafca627a1316115a523c8f4f2aba9f4869d7e2cceb1e72bd328b7cdb7a11aa3f3f9a7b336d21

C:\Users\Admin\AppData\Roaming\Ceramics - Eggshell Blue.3PP

MD5 e83ab70fbbe4313da354090b019c93d5
SHA1 a3706e0604ba7d341646a383017c6dc259c4e29c
SHA256 15565a7fb183a4d86ad3d32e01544d01b99cf9feeea31476620317dfd993b01c
SHA512 f95b4302c06491b56077d77566752f6a700d95752118c2cb9ae6b50b48a95f6ef8abb2c0b96dbb3ff9bf1ec2a830db66b2c26d9b6124224b6bc93a21d38344fb

C:\Users\Admin\AppData\Roaming\fnp_registrations.xml

MD5 cca42bd5b580bbc9a4a9dd1528b3cb40
SHA1 990b6bfee988f5a48fbdde374a24c8e9879c45ab
SHA256 e4808967f2b21eb05a3454b4cd13d8387da753e367177241eb4639614d83b64b
SHA512 c14c3afcc9334f8c521142f8414ae26c8572b1b402922d7ae61f07f1505711c95c14e7b4df4770df4fde9d06083b3531d3460f70f3cb5f48b099b55737cd811c

C:\Users\Admin\AppData\Roaming\backgroundmon.xml

MD5 395c2be15da5e47505ce16f2b3dfeae3
SHA1 f26d6f1b523c6f58bcdae82c99abd83ebdb6dd7c
SHA256 97ffd445a849672e57a3a674af7e86472698f07a319e9354617081eed8ae1e40
SHA512 749ca3415332f623c59a21a29342aa6d93e2c1e6979d22e7ebf3ba88e51180e2f3d09edb6270c23a2cc251c76abbfe6b4676f10617e887914b2361251751d12f

C:\Users\Admin\AppData\Roaming\BCY green 1.ADO

MD5 0e8a98e6bb6fb3ad5448e3d38bafdca1
SHA1 b7ceec34c6f19f4496cd8e3377466803f4e137ac
SHA256 dde41f23d522f9a24e972c51c91903649199885a196ea90080ffe7811fdb8708
SHA512 ef94207b068b891e17b18226a5e7250275fa8376d30b7f4d7dfa0f66e1698a0ff97b268562754b84a8f0bf3ef01aef7501bdc915f5fd3be20dbb42a027af0868

C:\Users\Admin\AppData\Roaming\dsc_health_alert_tile.png

MD5 715352b867b82894ee1e3dcb857b8d9e
SHA1 e1e14f1298f5c0817b6bcfd12a2495e9595b5f10
SHA256 c88fc5d7260ddc763e0146ab6ae64ca31a92edc9efff181ffe84b9305e2e8fe7
SHA512 284e47d2c7f7031cd2b1e3a13b231968236777b3fe97f052cb9cf4bbfb69676f2f1f17ae269bf274b71d27e2dfb89d9642f4d815f96eba9d9450ff3f9706727f

C:\Users\Admin\AppData\Roaming\CMYK very cool.ADO

MD5 f4c42aaf38232ca3e7047113845d54e7
SHA1 2ba20b769905bae855a109949ef926945c95aa7d
SHA256 55dce613e49d0b7b29883109c38ef4f5db7f1b0a4473b9d5326f73b5e5a18160
SHA512 54165d17ebfa2224e7faabcd02c83d6c5ed6c0aee687f4ec6e8c87a4877e3eec50f57ccfb0812c31f17ddda176b592ac0409bacb5c6b8873247c2489d50c2c20

C:\Users\Admin\AppData\Roaming\defaults.ini

MD5 0a8dc502c9c3ed9ad092da7363e7bbb5
SHA1 36150206df0c1054a7cfe034d4bb1d9a7aeeae68
SHA256 df768994da3713682658fc9c5f635a981f1566adfa4554f06555cf658b490dc4
SHA512 6d2c333748130ffcbdc3e9895c057885ba833d31dc5e43752dd3efa84cd0c2640bcab290252059bb9f63ee75822479b7179c2c6e0bff5179109ff0f8e41d9a80

C:\Users\Admin\AppData\Roaming\administration.config

MD5 ea8786a9e8c53d4136b57da721d3a530
SHA1 ee83b68c4c9f40b3d3eb4a04f61d9952d7513a0e
SHA256 85835a7c2f33dd24fd15d48f288ef0a8e07745611a08bfe6dcb9b8f547321f2c
SHA512 b7e4095ed87a7dd922a6a5afbb02acd7e4761c03645819a6c8690b56296f8839db2e355a1bb83d243a42fad4e5400a6f873f8d6caf9a1eee9c6fd86951511016

C:\Users\Admin\AppData\Roaming\159 dk orange bl 1.ADO

MD5 c1499bab3b267f3cae9da5c2bb1d0852
SHA1 b3d22f0f91ab2f48797fa87729b1ea62739251c8
SHA256 5b0f22c90efa9627d7e16179e0ca713cf596aac5850d776a9c619ae6cc6baaa2
SHA512 10bef0c4bdfafc2bf98c6cacea3a3bdc652e028df268111caf42961ac1f89b78c958b6f781d8cd8063e4bf90a231d0efacb2f5ffc2859e71101991d1c23211d9

C:\Users\Admin\AppData\Roaming\externalcall.jar

MD5 b730ea0c54af71df0fe2367b746b378f
SHA1 d37fa9b16c8d43360807129a48fdd67537f4d323
SHA256 0a4a717dcd9cc0d3f7259c237210ee8cae8e3a2368d09f4d4f2d3fb42cca43a8
SHA512 437ede4346b3d7f36e0eeca265aead1c8bbf7d92bc65aed05311e0545009073f9ca42f47d3b8426b3305402e0ed8a028494ed02f251bc105bb6642cbd2f8c128

C:\Users\Admin\AppData\Roaming\Efate

MD5 a1e91923c47567f6a6e8b4759efbdce8
SHA1 96472c46cc0d85901b0612b27e6ed1b927310534
SHA256 3947884f27876aba39f268da374a8aadffe79eb7068e85c1d244487294e132ec
SHA512 26cf0f0e925b4da8f49fea549c95d171e2c771057c52948679efd17ec821bc1e7774cf78ca08dcc60adf2cb449da67526f6077f0b0f582ab5126f5a743729e13

C:\Users\Admin\AppData\Roaming\poofs.taf

MD5 f09d52bb228b40fc77eb02ed341152e2
SHA1 d27b4b33090f0adce6eccc20a2c246e05949d61e
SHA256 1b405cba59d89a25f111b5251ad4c5953c5fcef92c13f5c212df0f81a3d019ad
SHA512 4ad95d4e4d0afa39a798bddf5ad98eae594c0b155ba60a324073df808f3bf5f01e7469770641c9cb84d8572e06031f6ef221850469b2292d0922af495bc5ac8d

C:\Users\Admin\AppData\Roaming\benchmark.png

MD5 66774a13c8f3917bd188d164749e9637
SHA1 505452afdc8c064bd36d520e38f98a6c2b854348
SHA256 27fd5c0dff36fdceb96f8dceab5230010c86e94e295625e46f6ab12ba4b7e69f
SHA512 fc43cd5f3aaacdf5ee9749f467b9a86fb661340d3e4a47b8b5096b3dd0a69a4f43a7ccd751f451491b66b29bdf787578f6d29bc5a06aaaeff5a4cf862feede9b

C:\Users\Admin\AppData\Roaming\Dublin

MD5 d712a8597afa11cf28d0388c48970397
SHA1 0f8460d523dc7efa13c25d2f0d4bd72dd7dbdc6a
SHA256 0e588c35ad9344cd2bed21c95732cb94fd252ba77b36fb5ff49eaab3fec2762d
SHA512 051642d3cfa09d8b8af5b10bc22837ad98826452fc97fbb8da64efe784746603588df3431c3a905d3bd30daa86258879a4ab54f51b620b97be4d0ce629d9a074

C:\Users\Admin\AppData\Roaming\Escudo.U

MD5 30815aa3f29a08a5789be3d1ed5c7075
SHA1 4537969a7de49d0eeefd538d82a4328891911966
SHA256 884bc6651ff7ad799a12fd2c94d2761b20c5a4bc92ed3f159274c123db4abe54
SHA512 cc5292b15b6d078ab7cf4d2acf8b02b8f7890d485fdfb9036b714aaf2ef10da55e219d98cab5eb1489cd72f869a70fa0b68e6d5c5b11b301a1ca4924d9374bf3

memory/1800-117-0x00000000003F0000-0x00000000003FA000-memory.dmp

memory/1780-133-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1780-134-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1780-136-0x0000000001F00000-0x0000000001F01000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\MRINFO.lnk

MD5 e1c31b05c013384503d81ea2ad64a0ff
SHA1 e419b033f6ae8b3034f8e80ed026963b6b6631c3
SHA256 f0f1d0f23f9cbcddece90d313c4aef00fae6b0abc73986caf40b3f591cc19d0b
SHA512 a60f2c8ec1df872a7bd543267879bc6d3d3d242fce0f56dd4a67d3a40fb2be1cc3ce9ca7a92c057f29d817c3c8b4a0cc59b3b25d4c4aabe5cb4f1505d6da8f24

memory/1780-138-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1780-139-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1780-141-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1780-142-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1780-143-0x0000000000400000-0x0000000000424000-memory.dmp

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\# DECRYPT MY FILES #.vbs

MD5 6f84dbf74ef41dc3d861f5fb3e0f45ff
SHA1 3e5f17e9b9589f33ce6add7f2518a666ff2253a4
SHA256 df5f432d7e0d2bd1c4dddb1fabbf1e77bd1065b9020f71abaf1a45fbb950bbb8
SHA512 9f9ec25b815be7b20df26244d31848c9a4896b130241b63636d63511a290eaad78d289a9bb04592c0ba31492064671351b4c7359310f03469e27764132a20a5a

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\# DECRYPT MY FILES #.url

MD5 020272bf91f447b8a6d1a0bf839f9d3e
SHA1 844fa019009f601902ccd17e11728ad87b627168
SHA256 e1729294afbaa357c35873fe384e9be0ccb70a8f1d5f4f85910d8310864c8db0
SHA512 ab9bc11fe4ea887b5323bad05925f843d06e81a2b81f037ea2c824f36c10ff0e193019d877aa44cea5db8f030217354aa766dc4c826600d3e652ee6ea04fa3f2

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt

MD5 5e762a202184f84b44bcf817c61d486a
SHA1 f1b9d2331195974b09d22e05586046d2882e054a
SHA256 97d44d319fb25beb6f1fd6442684eede802446ae8a5bee1b93eecd30966f3194
SHA512 5d4dc4656fa117934928b40fa9e7cc020152b08350b3312dd42124bdbb3e8cfd14d17946a10f3a14d43b88c346c907cc422273cbc10793c25e37ad360f246eb7

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\# DECRYPT MY FILES #.html

MD5 a960756cfe3f9e4dcbbc4aa25a3c4c9f
SHA1 451955dfea3a1064a25cc2c19e4aa5f8371b028a
SHA256 ca5672f3b48c5bf471d81e957f3765a8f5a45f91bc201c293e4211346b862d9f
SHA512 c1931d5d75847932ad2607619027d618b6abbe2185d55ff3d4b039e537afdb6295f44fc14b608fa70250000be5fe24c461cc7445fc8b8fac685829e0fcf00ef8

memory/1780-559-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1780-557-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1780-563-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1780-561-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1780-565-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1780-568-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6A74CCE1-2CAB-11EF-87C3-6E6327E9C5D7}.dat

MD5 893aefbab57c346a4e7ca8595e607aa4
SHA1 beb07843aa6a4c5342d6ed3bc8d505fefa28a2fc
SHA256 dbeb27e8395552cacbaa340dbd84fce6672391a57221d79404634376c4b6825f
SHA512 4ba0273e6522636db4d36aed74841ddf6e5fc357f828b45307352dc2bd79584a13a018b6f91f9a493af480919ddc3a05d0e690fba25ccfc51ef5ee4158500793

C:\Users\Admin\AppData\Local\Temp\Cab4424.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar4506.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be7799ba14c7e010b60527ec84aee3bc
SHA1 a3555fbc4f4d9fcae7f24529b965447fff48e2eb
SHA256 89bd22bf86ee5668435e4de7383647eb48885e8982eee2d0bc1e100dd68d6420
SHA512 9c86f5c3b968552ddc88213c41f28f500615b0d374e711213995d2fd8b1f2d54c82472c510688418371300e4dd251d75b5deddfa5ad2d806c158b8947c6f7f83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e62de312731f622eb7c78a8ee22c59e7
SHA1 1976813ae8e5449c250573ae5c83c95c09e9cd9b
SHA256 0938a23e6b94112b879539e2c28109183cf55f3bc00d0e2098129348b132e820
SHA512 8690b7bf7e0c38260f641a7fc760bc0c1793c6c2a59810c7c0e3328552d0f4ea751616b4b35dedb16487bec2f108dfd8a427799aa107cacb5b1a5923ce1f0771

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc55fc0b3001c5fda913dc838549fa60
SHA1 a00be62dfbd668262bff0189f77b14085b83244d
SHA256 0fc85d33730d11286e1fc900566cd1e2de877f9a319ba1fcf763e4e1628c3d25
SHA512 c8236930d67c171c38861eb37f017073664b5773c898e4a689e9d34e7098888f84509615af030af3e007a8c938edef5d28647a198b3e8f6d8aa61293059129dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed13950f406a5e25e097f49bb204f311
SHA1 56f22f2f458838de4bc7f31d496b2d4d1ed2a735
SHA256 04076505fc7bdb9413214f5b50a7c0e23caa92a276dacd31b158031e2478ff58
SHA512 fa84a6bb18be4cbc1b742721780a83cabb2503872088ff2fa56984c9dcc3af68c172673d611cc05c499fa0e35ab2080172eec7c840c55e2d0a66ac35ef170a67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3ba0262b13e3fc8a5e6dfbb3781bb9e
SHA1 475de174cbb9800e37d853f92f0a3ca5e1b2f96f
SHA256 cc32d73c0dd3ff8ad84472ce1f9315e9fe057a8ab94d164ba06614bb4c6f559f
SHA512 a8dc15fb28d8fad394d36929555ac4841769698cff5875d35699074c2a063aae7fb122f9f0756fd4870d39691f6e9a05e9b6cb7677afb2fd101748dc6c703a79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1aeb8d9a888bee928fda6a21fa08a51
SHA1 89b64cb2c8d29e4dab48fe2df0020c1985620c79
SHA256 eb3e6dd5e0fdb1a72da064d953d7948fe0ac1adde6911f776858aa67d50ffd26
SHA512 763ebe42c8f45d84bf6dd9c4b03a3c260fcb52f95bf28df3f1e631483055dfa5794fefa8abef5fdeff8391f0842871456ee1deaae3fa15a58977a9b7ac944344

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 431a66bbf7f906cf6b372c5441183816
SHA1 afd570c47013053bee8b2ca1a14bff48d5bb0f42
SHA256 1496a13fcb9a7ebee22bfc137c8c03bb19eb20df3ce8649dc564ec06c98eab24
SHA512 9319e541db9f3ebe15d1ecdf97583c9c3ba889b83dbd96bef1c951faad0968a4ff48f48c601b59ff5e5c52229f7731dfbdf12832a5e059e950d6a6106d63479e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8f45944f4a367e4552bdcbb36ffc512
SHA1 1d499c4c4ae71eeae2b6972ce83fb044330214a3
SHA256 b17da44a03f0e7dd9d6cff368b7ecf83e23e3e7842bade4c768de96e8190ddc4
SHA512 99ff3d9d9107e6a59d152c6c236bb918106e501447d580bb1f7683de2e58c42421daf68af08f17996dcd0bad764a1cf49a9ba613b7d5d6e633eafe3fdd0cf682

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c161dbe5b4de1b2ee801e740d5a946fe
SHA1 d5f262237569d934e3f099c295bb83833c4a8fd8
SHA256 7af8bb1ac7d11d841e46a886c667b918025f2a048b23efb6ee9136c70e191fa6
SHA512 755bb1659f4b29ec1a5248d6cf02d7861cb83d8a98b5d8d5b735146cbb14557365f47aa0b45a0ba6f2f36a9aded55116fde17f60e0c63f1540ea22d1850b89c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56433ce9761768f1c3fcfb4230eac630
SHA1 f2e1a30376e8aec62b317dd93410c56a51982837
SHA256 dddb7d0faa30f17e98282b112367621893cdd1da2a9213ea3cefa425bb854e48
SHA512 d257ee9f979f3a48795a03c0180631bd10d2b5438f834adc4e1dc2bf89dd36c9e81c5da4cbdc6f10ad89563eecfb39e4476c2572ff03fb9196523aee3e71328c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 432d36d098728ff828112dcf05b492b7
SHA1 a26ec290f2ec892e9b8b8b67bc54f5e7f279410d
SHA256 48db0ea2e75727ba85179814f8afa74b5cadcbfbdff09cffd8c08c88ea15afbe
SHA512 6e9878cee4948d7d91fe8fc1b2bae245d0c588744ddc468ee70bbe3aecad8a72bc4c4464001b9d8eb5a8b366618a83160f74c8cfc6a06b8fb7f770d28e363223

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a396f013bfbd0e0444b05e6dda276312
SHA1 f5c3983efbe9cfe30344c0e466a32d42ccede1dc
SHA256 202846dd2e9c03ac240ad0de632cbd62072bd04dbfd1aaf37556fcf8ddc11e8c
SHA512 9fb1c93a2ab34f7f96017d0e71363909c609e27b3b5353265edc8cfd08b7821d48d3c5c63b7c98debb4b0f001797cb8aaf5ca1221fa1436f8fb89b609501f601

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52a51ef4ad97dd87158d9fe7f1cb02a9
SHA1 dd3f3b8ea80376182f8cf1cf6262911705a4f13c
SHA256 d07789347d48afdb7de60a0baa480a92f1110aca0ef4e939df05233428fc9fbc
SHA512 8fc2aefaa018c629f185e19d28e6fe9da2431a41b3d1d41d95d71f5eb40a8df0816b650fb3d421cd02fe7094998d62c3e7bc72a3cbcbbb6ef1c5f55549b4a7b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 378212d601c0f69393c9974279a446a0
SHA1 9baef8e305d4e0c4afb895f99e023804bd83296f
SHA256 90029bee8b62cb54228affa9ddfc258fbd5e13c192413b1d04fc5cc5c86b6118
SHA512 bf4a5a927bab583fd16d152e46339bf00ea83b378137541a0523a6f6587f8613a32fc7014da58e7dd70c1ff5b6e513e88b271a93d6179243f2b927554f472497

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7f206d803a0cb4444a15d683058e5ab
SHA1 227105802c5d4c10b2bad94ae152aadc7d03bd54
SHA256 c39e87001cdbc015d086c2d5037d27e84e0bd16745716a63e5c499a40e233683
SHA512 4baf5a315a471ecb3e2d270602da64da0cf5f7e364a15f23491479196c088589715fa4f966bdfbd7bb1a520bac624312ca6d02c0caccd8a4bc37090f93bd34a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64908be65d048d5d3a149b5bb4ac0ddc
SHA1 efcda550f5d4bf05c52ccd6edf19dd23d96e1d1c
SHA256 e459be65a1c6a2563964bebc07b3ef22897c73e544cb5a9080ae05adbdf53f4b
SHA512 2206a203542c73464476f2abbb1828d62e6c5b23f402a059b3737bb2f015231cb71c380e3024cbe4b555fbb32b23a1f2a58f49b30b229aca9306b9194c759310

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a16b5916e7044f035c2fc3df27d9fe8
SHA1 d80a47535be4ccd6d8a197838e252e8de767cdd3
SHA256 3698d416a58a6126476a4f636bcf7efdf4332f892613b654845e3c032289e330
SHA512 58491095b6c199dd2276ab03722c4dd442f4a337b36632cf0e91b6f077c77e4dcfa7f2a0b5480b192a3f8b0bd026882d10ff6b060b24db4d1264557bccc74a3a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 13:12

Reported

2024-06-17 13:15

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe"

Signatures

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\\InputSwitchToastHandler.exe\"" C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\\InputSwitchToastHandler.exe\"" C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe N/A

Contacts a large (532) amount of remote hosts

discovery

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\InputSwitchToastHandler.lnk C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\InputSwitchToastHandler = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\\InputSwitchToastHandler.exe\"" C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\InputSwitchToastHandler = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\\InputSwitchToastHandler.exe\"" C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\InputSwitchToastHandler = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\\InputSwitchToastHandler.exe\"" C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\InputSwitchToastHandler = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\\InputSwitchToastHandler.exe\"" C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\\InputSwitchToastHandler.exe\"" C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\Desktop C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\\InputSwitchToastHandler.exe\"" C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1108 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 1108 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 1108 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 1108 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 1108 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 1108 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 1108 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 1108 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 1108 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 1108 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe
PID 3980 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 3980 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 3980 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 3980 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 3980 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 3980 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 3252 wrote to memory of 3708 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 3252 wrote to memory of 3708 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 3252 wrote to memory of 3708 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 3252 wrote to memory of 4508 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 3252 wrote to memory of 4508 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 3252 wrote to memory of 4508 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 4752 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 4752 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 4752 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 4752 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 4752 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 4752 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 4752 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 4752 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 4752 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 4752 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 3500 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 3500 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 3500 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 3500 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 3500 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 3500 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 3500 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 3500 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 3500 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe
PID 3500 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe"

C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe

"C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe"

C:\Windows\SysWOW64\cmd.exe

/d /c taskkill /t /f /im "b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe" > NUL

C:\Windows\SysWOW64\taskkill.exe

taskkill /t /f /im "b8ca0108f4ae400ebb7169e7cee05f4c_JaffaCakes118.exe"

C:\Windows\SysWOW64\PING.EXE

ping -n 1 127.0.0.1

C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe

"C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe

C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe

C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe

C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe

C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe

C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:80 ipinfo.io tcp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
US 8.8.8.8:53 0.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 1.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 3.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 2.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 5.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 6.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 9.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 7.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 10.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 12.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 11.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 14.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 15.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 16.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 17.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 8.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 13.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 19.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 21.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 26.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 22.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 20.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 23.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 25.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 28.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 34.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 18.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 27.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 29.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 30.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 31.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 32.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 33.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 35.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 4.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 36.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 37.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 38.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 24.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 40.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 39.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 41.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 46.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 44.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 45.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 42.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 47.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 48.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 49.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 43.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 50.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 51.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 52.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 53.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 54.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 56.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 55.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 57.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 58.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 59.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 60.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 61.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 62.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 63.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 64.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 65.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 66.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 67.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 68.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 69.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 70.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 71.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 72.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 73.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 74.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 75.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 77.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 78.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 79.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 80.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 81.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 76.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 82.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 83.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 84.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 86.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 87.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 85.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 88.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 89.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 90.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 91.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 92.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 93.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 94.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 96.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 95.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 97.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 98.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 99.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 100.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 101.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 102.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 103.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 104.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 105.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 106.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 107.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 108.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 109.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 110.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 111.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 112.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 113.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 114.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 115.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 116.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 117.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 118.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 119.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 120.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 121.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 122.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 123.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 124.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 125.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 126.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 127.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 128.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 129.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 130.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 131.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 132.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 133.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 134.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 135.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 136.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 137.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 138.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 139.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 140.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 141.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 142.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 143.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 144.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 145.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 146.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 147.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 148.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 149.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 150.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 151.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 152.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 153.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 155.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 154.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 156.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 157.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 158.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 160.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 159.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 161.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 162.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 163.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 164.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 165.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 166.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 167.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 168.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 169.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 170.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 171.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 172.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 173.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 174.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 175.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 176.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 177.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 178.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 179.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 180.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 181.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 182.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 183.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 184.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 185.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 186.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 187.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 188.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 189.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 190.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 191.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 192.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 193.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 194.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 195.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 196.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 197.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 198.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 199.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 200.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 201.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 202.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 204.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 203.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 205.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 206.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 207.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 208.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 209.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 210.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 211.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 213.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 212.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 215.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 214.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 216.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 217.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 218.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 219.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 220.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 221.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 222.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 223.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 224.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 225.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 226.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 227.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 229.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 228.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 230.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 231.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 232.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 233.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 234.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 235.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 236.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 237.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 238.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 239.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 240.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 241.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 242.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 243.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 244.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 245.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 246.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 247.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 248.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 249.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 250.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 251.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 252.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 253.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 254.234.184.31.in-addr.arpa udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
US 8.8.8.8:53 255.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 0.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 1.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 2.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 3.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 4.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 5.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 6.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 7.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 9.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 8.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 10.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 11.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 12.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 13.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 15.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 16.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 17.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 18.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 14.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 19.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 20.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 22.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 21.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 23.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 24.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 25.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 26.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 27.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 28.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 29.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 30.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 31.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 32.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 33.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 34.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 35.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 36.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 37.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 38.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 39.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 40.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 42.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 43.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 44.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 45.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 46.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 48.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 47.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 49.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 50.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 51.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 52.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 53.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 54.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 55.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 56.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 57.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 58.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 59.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 60.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 61.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 62.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 63.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 64.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 65.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 66.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 67.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 69.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 68.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 70.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 71.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 72.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 73.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 74.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 75.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 76.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 77.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 78.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 79.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 80.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 81.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 82.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 83.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 84.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 85.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 86.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 87.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 88.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 89.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 91.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 90.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 93.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 92.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 94.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 95.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 96.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 97.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 98.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 99.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 100.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 101.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 102.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 103.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 104.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 105.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 106.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 107.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 108.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 109.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 110.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 111.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 112.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 113.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 114.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 115.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 116.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 117.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 119.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 118.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 120.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 121.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 122.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 123.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 124.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 125.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 126.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 127.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 128.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 129.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 130.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 131.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 132.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 133.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 134.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 135.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 136.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 137.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 138.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 139.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 141.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 140.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 143.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 142.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 144.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 145.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 146.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 147.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 148.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 149.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 150.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 151.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 152.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 153.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 154.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 155.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 157.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 156.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 158.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 159.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 160.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 161.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 162.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 163.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 164.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 165.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 166.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 167.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 168.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 169.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 170.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 172.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 171.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 173.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 174.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 175.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 176.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 177.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 178.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 179.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 180.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 181.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 182.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 183.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 184.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 185.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 186.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 187.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 188.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 189.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 190.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 191.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 193.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 194.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 195.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 196.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 197.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 198.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 199.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 200.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 201.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 202.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 203.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 204.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 205.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 206.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 207.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 208.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 209.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 210.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 211.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 212.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 213.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 216.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 217.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 218.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 219.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 220.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 221.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 222.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 223.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 224.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 225.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 226.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 227.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 228.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 229.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 230.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 231.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 232.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 233.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 234.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 236.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 237.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 238.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 239.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 240.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 241.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 243.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 242.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 244.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 245.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 246.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 247.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 248.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 249.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 250.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 251.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 252.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 253.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 254.235.184.31.in-addr.arpa udp
AM 31.184.235.255:6892 udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 255.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsm3DEF.tmp\System.dll

MD5 a436db0c473a087eb61ff5c53c34ba27
SHA1 65ea67e424e75f5065132b539c8b2eda88aa0506
SHA256 75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
SHA512 908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d

C:\Users\Admin\AppData\Roaming\Pwgen.dll

MD5 623fe81e0b18bd06f69e1cf75feaf479
SHA1 80227605564679e2e4ccc6d751d1a963c456b8b8
SHA256 8a13c3648c759b83870969e25bee41af6c2253c6b48514b97b37e621fdad1d61
SHA512 4f7b9a3924f75091414463e5b138a38b667aea036ab9792e1b9509dec91033a820727a263e59b029a7b8fafbff86aa551d97000b2ce619f4e1f977930bee859b

memory/1108-33-0x0000000003010000-0x000000000301A000-memory.dmp

memory/3980-37-0x0000000000400000-0x0000000000424000-memory.dmp

memory/3980-39-0x0000000000400000-0x0000000000424000-memory.dmp

memory/3980-40-0x0000000000400000-0x0000000000424000-memory.dmp

memory/3980-41-0x0000000000400000-0x0000000000424000-memory.dmp

memory/3980-42-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\InputSwitchToastHandler.exe

MD5 b8ca0108f4ae400ebb7169e7cee05f4c
SHA1 710b305e72129ad1ff69f9434f27f64298060292
SHA256 7a6dea9a1f132fb60fda6b9ab1c821189881d093a64dc62f7903c2a819cb7adb
SHA512 e1836c66940f82c95b5f9d97a511b0b3910b89416bd59523ad4bc442c016cfad00e58789d2a0cb52ccaf127d46073574c9e68f2790880832b541969f57cbf7af

memory/3980-50-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Roaming\SildCrosswort.d8u

MD5 cf5b996326404d95e56e56c6095fbf8f
SHA1 c3a1cad85e50dd01ad358e5233cc656fd7781395
SHA256 feda19c2b46dcd7cb8d33bd10e6aba57085cd679c1eb22081a2d03a141925840
SHA512 cba18ee5588a007272673099faf9f7b515ef4b962994823ea986df341af8559ea4868981ff4469c008a6407e5197584449d619dc2d017d8aaf149df59ae06621

C:\Users\Admin\AppData\Roaming\benchmark.png

MD5 66774a13c8f3917bd188d164749e9637
SHA1 505452afdc8c064bd36d520e38f98a6c2b854348
SHA256 27fd5c0dff36fdceb96f8dceab5230010c86e94e295625e46f6ab12ba4b7e69f
SHA512 fc43cd5f3aaacdf5ee9749f467b9a86fb661340d3e4a47b8b5096b3dd0a69a4f43a7ccd751f451491b66b29bdf787578f6d29bc5a06aaaeff5a4cf862feede9b

C:\Users\Admin\AppData\Roaming\Efate

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Dublin

MD5 d712a8597afa11cf28d0388c48970397
SHA1 0f8460d523dc7efa13c25d2f0d4bd72dd7dbdc6a
SHA256 0e588c35ad9344cd2bed21c95732cb94fd252ba77b36fb5ff49eaab3fec2762d
SHA512 051642d3cfa09d8b8af5b10bc22837ad98826452fc97fbb8da64efe784746603588df3431c3a905d3bd30daa86258879a4ab54f51b620b97be4d0ce629d9a074

C:\Users\Admin\AppData\Roaming\externalcall.jar

MD5 b730ea0c54af71df0fe2367b746b378f
SHA1 d37fa9b16c8d43360807129a48fdd67537f4d323
SHA256 0a4a717dcd9cc0d3f7259c237210ee8cae8e3a2368d09f4d4f2d3fb42cca43a8
SHA512 437ede4346b3d7f36e0eeca265aead1c8bbf7d92bc65aed05311e0545009073f9ca42f47d3b8426b3305402e0ed8a028494ed02f251bc105bb6642cbd2f8c128

C:\Users\Admin\AppData\Roaming\159 dk orange bl 1.ADO

MD5 c1499bab3b267f3cae9da5c2bb1d0852
SHA1 b3d22f0f91ab2f48797fa87729b1ea62739251c8
SHA256 5b0f22c90efa9627d7e16179e0ca713cf596aac5850d776a9c619ae6cc6baaa2
SHA512 10bef0c4bdfafc2bf98c6cacea3a3bdc652e028df268111caf42961ac1f89b78c958b6f781d8cd8063e4bf90a231d0efacb2f5ffc2859e71101991d1c23211d9

C:\Users\Admin\AppData\Roaming\administration.config

MD5 ea8786a9e8c53d4136b57da721d3a530
SHA1 ee83b68c4c9f40b3d3eb4a04f61d9952d7513a0e
SHA256 85835a7c2f33dd24fd15d48f288ef0a8e07745611a08bfe6dcb9b8f547321f2c
SHA512 b7e4095ed87a7dd922a6a5afbb02acd7e4761c03645819a6c8690b56296f8839db2e355a1bb83d243a42fad4e5400a6f873f8d6caf9a1eee9c6fd86951511016

C:\Users\Admin\AppData\Roaming\CMYK very cool.ADO

MD5 f4c42aaf38232ca3e7047113845d54e7
SHA1 2ba20b769905bae855a109949ef926945c95aa7d
SHA256 55dce613e49d0b7b29883109c38ef4f5db7f1b0a4473b9d5326f73b5e5a18160
SHA512 54165d17ebfa2224e7faabcd02c83d6c5ed6c0aee687f4ec6e8c87a4877e3eec50f57ccfb0812c31f17ddda176b592ac0409bacb5c6b8873247c2489d50c2c20

C:\Users\Admin\AppData\Roaming\Ceramics - Eggshell Blue.3PP

MD5 e83ab70fbbe4313da354090b019c93d5
SHA1 a3706e0604ba7d341646a383017c6dc259c4e29c
SHA256 15565a7fb183a4d86ad3d32e01544d01b99cf9feeea31476620317dfd993b01c
SHA512 f95b4302c06491b56077d77566752f6a700d95752118c2cb9ae6b50b48a95f6ef8abb2c0b96dbb3ff9bf1ec2a830db66b2c26d9b6124224b6bc93a21d38344fb

C:\Users\Admin\AppData\Roaming\poofs.nex

MD5 0385931abab9197608516aae98f1981f
SHA1 ede99d3521c822ace97a6ed01f29d20fe094dd9b
SHA256 8a22796214b9f883c55e0cce3b4af2c7008761289d9a1bb132161863d8b2654b
SHA512 01f41a224832d2455ec81bd3c141eb152d07c7835d13d660ab7a2650d7ff32afcf62fcf2fcf1d266fcc6a2b5cbec1c98ada3b4959efbbe91ca6a10a4db76344b

C:\Users\Admin\AppData\Roaming\poofs.taf

MD5 3490b854f5746440e6b4aa0cb84d6949
SHA1 071c1c7cc5ed0d637157b64d03295f1333b9b3b2
SHA256 7e38a43791b2c18218f69613b8fbff009e3cfdb3d1841ba84cfe530cbf8397db
SHA512 8676b3eb28491f65f1c4955485dae948fe87ba65829cd13ff3be04b8868065dad7de72aa7daf658587cd488f4c6624be7735f51c3ff3ec04229784d5d9bbbcf3

C:\Users\Admin\AppData\Roaming\404-5.htm

MD5 b32ee0da29e26569bd038838f1928528
SHA1 8d50ef0a8ed90ea61ff3393009e795b3cea4b590
SHA256 b560e11a6bb6d7585b216bf2139ab01f36636f9054d26a4179a5b6ca8080ccfc
SHA512 f1ef5377936a193465117ccce25e6c4b90628a32eeca1f2a40ae5ebe170389bd41462bca9684916d8809e74da3c208a5a5902e2908982fc52bdbca6618ac6679

C:\Users\Admin\AppData\Roaming\Graph2.mpl

MD5 f9ae5583a287146f0d87eeb7c35af94c
SHA1 88ce5650c88cfd3143757448a33ab480001c831a
SHA256 da8d05e61efa2f72434ce673c8e80778a7dc0f5f8edaa66d0d4df45392e6b4df
SHA512 2166532e0b911aa9d662356859cff6ab3e427901230b4650d1373d9a85edeaa16bce86cd44e310ba205838060bc6f66698734c310b51a3d6ae7f6796e508967a

C:\Users\Admin\AppData\Roaming\Bamako

MD5 313a92eb9dc6f52cf9368d7bdb49f636
SHA1 119974836f996a58a14584497d853e3f24b68057
SHA256 cde9b6a758da6349dc02027cc178ff4dd2b51676844935d134456bc814b74bdc
SHA512 15a851200cea62c693f3ceb03d56e77147aaea7d1019da66ea8cafca627a1316115a523c8f4f2aba9f4869d7e2cceb1e72bd328b7cdb7a11aa3f3f9a7b336d21

C:\Users\Admin\AppData\Roaming\Escudo.U

MD5 30815aa3f29a08a5789be3d1ed5c7075
SHA1 4537969a7de49d0eeefd538d82a4328891911966
SHA256 884bc6651ff7ad799a12fd2c94d2761b20c5a4bc92ed3f159274c123db4abe54
SHA512 cc5292b15b6d078ab7cf4d2acf8b02b8f7890d485fdfb9036b714aaf2ef10da55e219d98cab5eb1489cd72f869a70fa0b68e6d5c5b11b301a1ca4924d9374bf3

memory/4752-107-0x0000000002270000-0x000000000227A000-memory.dmp

memory/1748-113-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1748-114-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1748-115-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\InputSwitchToastHandler.lnk

MD5 33ba78f83e699c3774113d0ddd33c442
SHA1 92fdc9f1ebb581f034b7f7c0c0c52a3a186f1bdf
SHA256 6d127246db711d7578a99d1d5250cc1a2583ca2c3b9a17c5e2c4b26163ebd391
SHA512 ceda9c96c80f5b7d6bd092cf12e5382134c7cd67ba9eb7b5f20215ac8b6ef2c1b0da84b9264fd0b4ed188085708ae578d055886a8ba27313001020428ae6815d

memory/1748-119-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1748-120-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Roaming\Efate

MD5 a1e91923c47567f6a6e8b4759efbdce8
SHA1 96472c46cc0d85901b0612b27e6ed1b927310534
SHA256 3947884f27876aba39f268da374a8aadffe79eb7068e85c1d244487294e132ec
SHA512 26cf0f0e925b4da8f49fea549c95d171e2c771057c52948679efd17ec821bc1e7774cf78ca08dcc60adf2cb449da67526f6077f0b0f582ab5126f5a743729e13

C:\Users\Admin\AppData\Roaming\defaults.ini

MD5 0a8dc502c9c3ed9ad092da7363e7bbb5
SHA1 36150206df0c1054a7cfe034d4bb1d9a7aeeae68
SHA256 df768994da3713682658fc9c5f635a981f1566adfa4554f06555cf658b490dc4
SHA512 6d2c333748130ffcbdc3e9895c057885ba833d31dc5e43752dd3efa84cd0c2640bcab290252059bb9f63ee75822479b7179c2c6e0bff5179109ff0f8e41d9a80

C:\Users\Admin\AppData\Roaming\backgroundmon.xml

MD5 395c2be15da5e47505ce16f2b3dfeae3
SHA1 f26d6f1b523c6f58bcdae82c99abd83ebdb6dd7c
SHA256 97ffd445a849672e57a3a674af7e86472698f07a319e9354617081eed8ae1e40
SHA512 749ca3415332f623c59a21a29342aa6d93e2c1e6979d22e7ebf3ba88e51180e2f3d09edb6270c23a2cc251c76abbfe6b4676f10617e887914b2361251751d12f

C:\Users\Admin\AppData\Roaming\fnp_registrations.xml

MD5 cca42bd5b580bbc9a4a9dd1528b3cb40
SHA1 990b6bfee988f5a48fbdde374a24c8e9879c45ab
SHA256 e4808967f2b21eb05a3454b4cd13d8387da753e367177241eb4639614d83b64b
SHA512 c14c3afcc9334f8c521142f8414ae26c8572b1b402922d7ae61f07f1505711c95c14e7b4df4770df4fde9d06083b3531d3460f70f3cb5f48b099b55737cd811c

memory/1748-181-0x0000000000400000-0x0000000000424000-memory.dmp

memory/4976-184-0x0000000000400000-0x0000000000424000-memory.dmp

memory/4976-185-0x0000000000400000-0x0000000000424000-memory.dmp