Analysis Overview
SHA256
2a68c74bf9430074297107fa0d4f1cd04b13d5a771b039a096dfbf4a9f38a50a
Threat Level: Known bad
The file RNSM00278.7z was found to be: Known bad.
Malicious Activity Summary
Troldesh, Shade, Encoder.858
Gozi
Troldesh family
Locky family
Cerber family
Cerber
Locky_osiris family
Locky
Gozi family
Locky (Osiris variant)
Blocklisted process makes network request
Contacts a large (606) amount of remote hosts
Adds policy Run key to start application
Drops startup file
Unexpected DNS network traffic destination
Executes dropped EXE
Loads dropped DLL
Indicator Removal: File Deletion
Maps connected drives based on registry
Adds Run key to start application
Suspicious use of SetThreadContext
UPX packed file
Sets desktop wallpaper using registry
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: CmdExeWriteProcessMemorySpam
Modifies Control Panel
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: MapViewOfSection
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Kills process with taskkill
Runs ping.exe
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-22 16:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-22 16:59
Reported
2024-11-22 17:01
Platform
win7-20241023-en
Max time kernel
141s
Max time network
143s
Command Line
Signatures
Cerber
Cerber family
Gozi
Gozi family
Locky
Locky (Osiris variant)
Locky family
Locky_osiris family
Troldesh family
Troldesh, Shade, Encoder.858
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Windows\SysWOW64\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Adobe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\wvedcdjf\\idjigiar.exe" | C:\Windows\SysWOW64\explorer.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
Contacts a large (606) amount of remote hosts
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\users\admin\appdata\roaming\microsoft\word\startup\ | C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.GenericCryptor.jnu-2175329f4ed46df9f13ed8b80ffbe82ae4df5c24323ab50a1c197ab51b36ae78.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 208.67.222.222 | N/A | N/A |
| Destination IP | 193.183.98.154 | N/A | N/A |
| Destination IP | 208.67.222.222 | N/A | N/A |
| Destination IP | 208.67.222.222 | N/A | N/A |
| Destination IP | 31.3.135.232 | N/A | N/A |
| Destination IP | 5.9.49.12 | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" | C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Shade.lnm-7d9380055fea5e6c7901b2ce9f1b13de67cddaa2c2823fd08ecde6d37d4f245e.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\chtbsext = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\DDAC3dlg\\bitspntw.exe" | C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Foreign.njoy-703f9eae4f2b62cc0ca7a2d0a8f34da2853121b232e5a0e220ff72f13f5ad303.exe | N/A |
Indicator Removal: File Deletion
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\Desktop\00278\Trojan-Ransom.NSIS.Xamyh.kxk-64fbaa750a20ae7cc12cb21e6e409e4d267068417925494fca7405d1cef5e65d.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\Desktop\00278\Trojan-Ransom.NSIS.Xamyh.kxk-64fbaa750a20ae7cc12cb21e6e409e4d267068417925494fca7405d1cef5e65d.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\DesktopOSIRIS.bmp" | C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Cryptor.gw-b1cb04416c7391d98166ff259bc3a33dbfe0a4e526466b5d30f54b6b78a5c22f.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\DesktopOSIRIS.bmp" | C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Locky.xfq-7e3cffc3e1b735a1ed22fda7204fdefcab0a717be43864cc395cf77f34360cd5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp8C0A.bmp" | C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.GenericCryptor.jnu-2175329f4ed46df9f13ed8b80ffbe82ae4df5c24323ab50a1c197ab51b36ae78.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\DesktopOSIRIS.bmp" | C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Locky.xey-06ba734b49a3da926c18f3434173981b012a9ecd41f1e45196140b6d41360da7.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\DesktopOSIRIS.bmp" | C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Locky.aeqw-df0072204b63b2eed626d88921a20e8bf9702b638e36971a279b8959f890a5df.exe | N/A |
Suspicious use of SetThreadContext
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\ | C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.GenericCryptor.jnu-2175329f4ed46df9f13ed8b80ffbe82ae4df5c24323ab50a1c197ab51b36ae78.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\Desktop\TileWallpaper = "0" | C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Locky.aeqw-df0072204b63b2eed626d88921a20e8bf9702b638e36971a279b8959f890a5df.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\Desktop\WallpaperStyle = "0" | C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Cryptor.gw-b1cb04416c7391d98166ff259bc3a33dbfe0a4e526466b5d30f54b6b78a5c22f.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\Desktop\TileWallpaper = "0" | C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Cryptor.gw-b1cb04416c7391d98166ff259bc3a33dbfe0a4e526466b5d30f54b6b78a5c22f.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\Desktop\WallpaperStyle = "0" | C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Locky.xfq-7e3cffc3e1b735a1ed22fda7204fdefcab0a717be43864cc395cf77f34360cd5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\Desktop\TileWallpaper = "0" | C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Locky.xfq-7e3cffc3e1b735a1ed22fda7204fdefcab0a717be43864cc395cf77f34360cd5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\Desktop\WallpaperStyle = "0" | C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Locky.xey-06ba734b49a3da926c18f3434173981b012a9ecd41f1e45196140b6d41360da7.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\Desktop\TileWallpaper = "0" | C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Locky.xey-06ba734b49a3da926c18f3434173981b012a9ecd41f1e45196140b6d41360da7.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\Desktop\WallpaperStyle = "0" | C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Locky.aeqw-df0072204b63b2eed626d88921a20e8bf9702b638e36971a279b8959f890a5df.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{678305F1-A8F3-11EF-B45F-4E45515FDA5B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{69CEF991-A8F3-11EF-B45F-4E45515FDA5B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf000000000200000000001066000000010000200000007df13c80ac138ea592b160781da47ec8fa390ded2789a44d64580b51e462227e000000000e8000000002000020000000626a10ca09f404a9e5e64371a4e750963b64a5f89d58d5445804cbdb0838a1b320000000928f5945ec7e4386d697412b787b242392b3ba6117d0099c0d45c84b82d6dc5540000000a13625ecef31ac2e4c4ecf13bca6156dee19e148910f0c49a73fd83820f3d4a4074c7e126d3b37d08c9b4e3d308231be73283621c2a06390a43d0ae6f349c1e2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4EBA5B91-A8F3-11EF-B45F-4E45515FDA5B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf00000000020000000000106600000001000020000000277fc6f314f7d5303609a7f47840be5f0a28707e9cfb3de426532ae048a10460000000000e800000000200002000000031397b939ac488186d8da8a974ab2dcbad3212b0bdd74635da73afcb2c571b0a9000000040bfe08e705af19201c78cae971346fd3921d7b6dfed54fdba404aa560e6b9e774d43323d04a59362f60e27237d61f88cff4b6d71cf2ea5bf1d260d4d110907602d2e50da1f833a4ea59ca4e6f8d774613c1c176b3170f98fae0d109e8e4e9aeb30590f6f55711c89af6c553ea0f914282ff5eb92ec67ddf0e417efbd9c42f1fb35931a6125de0cf8d9a81d197e8169d4000000093c5c4cdf34b5de00d9fa6b5078330a92af3927ed79f69535a0b1c0aef04e9f296eb50dd3bc8b2532ad17370c784cddf242ff5cc93a96accf4f9e4f338d698cf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "2" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2" | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 4c0031000000000076591a881020303032373800380008000400efbe76596a8776591a882a000000e786010000000800000000000000000000000000000030003000320037003800000014000000 | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48" | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 03010000fd0000eeebbeef00040001000000550000003153505330f125b7ef471a10a5f102608c9eebac390000000a000000001f000000130000004400650073006b0074006f00700020004200610063006b00670072006f0075006e00640000000000000000004900000031535053537def0c64fad111a2030000f81fedee2d00000005000000001f0000000e0000007000610067006500570061006c006c00700061007000650072000000000000004d000000315350538727bf5ccf480842b90eee5e5d4202943100000019000000001f000000100000007400680065006d006500630070006c002e0064006c006c002c002d0031000000000000000000000000000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "3" | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0" | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 1e00718000000000000000000000d64e83ed5a4bfe4b8f11a626dcb6a9210000 | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874385" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 0c0001008421de39010000000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000 | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369" | C:\Windows\Explorer.EXE | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00278.7z"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Users\Admin\Desktop\00278\Trojan-Ransom.NSIS.Xamyh.kxk-64fbaa750a20ae7cc12cb21e6e409e4d267068417925494fca7405d1cef5e65d.exe
Trojan-Ransom.NSIS.Xamyh.kxk-64fbaa750a20ae7cc12cb21e6e409e4d267068417925494fca7405d1cef5e65d.exe
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Blocker.hrft-83dd335bbc978eb05c4933fa3ea1301740c9d7754068b3de8facf58442171760.exe
Trojan-Ransom.Win32.Blocker.hrft-83dd335bbc978eb05c4933fa3ea1301740c9d7754068b3de8facf58442171760.exe
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Cryptor.gw-b1cb04416c7391d98166ff259bc3a33dbfe0a4e526466b5d30f54b6b78a5c22f.exe
Trojan-Ransom.Win32.Cryptor.gw-b1cb04416c7391d98166ff259bc3a33dbfe0a4e526466b5d30f54b6b78a5c22f.exe
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Foreign.njoy-703f9eae4f2b62cc0ca7a2d0a8f34da2853121b232e5a0e220ff72f13f5ad303.exe
Trojan-Ransom.Win32.Foreign.njoy-703f9eae4f2b62cc0ca7a2d0a8f34da2853121b232e5a0e220ff72f13f5ad303.exe
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.GenericCryptor.jnu-2175329f4ed46df9f13ed8b80ffbe82ae4df5c24323ab50a1c197ab51b36ae78.exe
Trojan-Ransom.Win32.GenericCryptor.jnu-2175329f4ed46df9f13ed8b80ffbe82ae4df5c24323ab50a1c197ab51b36ae78.exe
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Locky.aeqw-df0072204b63b2eed626d88921a20e8bf9702b638e36971a279b8959f890a5df.exe
Trojan-Ransom.Win32.Locky.aeqw-df0072204b63b2eed626d88921a20e8bf9702b638e36971a279b8959f890a5df.exe
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Locky.xey-06ba734b49a3da926c18f3434173981b012a9ecd41f1e45196140b6d41360da7.exe
Trojan-Ransom.Win32.Locky.xey-06ba734b49a3da926c18f3434173981b012a9ecd41f1e45196140b6d41360da7.exe
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Locky.xfq-7e3cffc3e1b735a1ed22fda7204fdefcab0a717be43864cc395cf77f34360cd5.exe
Trojan-Ransom.Win32.Locky.xfq-7e3cffc3e1b735a1ed22fda7204fdefcab0a717be43864cc395cf77f34360cd5.exe
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Shade.lnm-7d9380055fea5e6c7901b2ce9f1b13de67cddaa2c2823fd08ecde6d37d4f245e.exe
Trojan-Ransom.Win32.Shade.lnm-7d9380055fea5e6c7901b2ce9f1b13de67cddaa2c2823fd08ecde6d37d4f245e.exe
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Zerber.fdxn-3db0ccba8fb83e1f5b4511b4d5e40efb55ba2ddca785bc7a5f186c5224e8df09.exe
Trojan-Ransom.Win32.Zerber.fdxn-3db0ccba8fb83e1f5b4511b4d5e40efb55ba2ddca785bc7a5f186c5224e8df09.exe
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Locky.aeqw-df0072204b63b2eed626d88921a20e8bf9702b638e36971a279b8959f890a5df.exe
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Locky.aeqw-df0072204b63b2eed626d88921a20e8bf9702b638e36971a279b8959f890a5df.exe
C:\Users\Admin\AppData\Local\Temp\FB_4D84.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\FB_4D84.tmp.exe"
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Zerber.fdxn-3db0ccba8fb83e1f5b4511b4d5e40efb55ba2ddca785bc7a5f186c5224e8df09.exe
Trojan-Ransom.Win32.Zerber.fdxn-3db0ccba8fb83e1f5b4511b4d5e40efb55ba2ddca785bc7a5f186c5224e8df09.exe
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.GenericCryptor.jnu-2175329f4ed46df9f13ed8b80ffbe82ae4df5c24323ab50a1c197ab51b36ae78.exe
Trojan-Ransom.Win32.GenericCryptor.jnu-2175329f4ed46df9f13ed8b80ffbe82ae4df5c24323ab50a1c197ab51b36ae78.exe
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Shade.lnm-7d9380055fea5e6c7901b2ce9f1b13de67cddaa2c2823fd08ecde6d37d4f245e.exe
Trojan-Ransom.Win32.Shade.lnm-7d9380055fea5e6c7901b2ce9f1b13de67cddaa2c2823fd08ecde6d37d4f245e.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 768
C:\Users\Admin\Desktop\00278\Trojan-Ransom.NSIS.Xamyh.kxk-64fbaa750a20ae7cc12cb21e6e409e4d267068417925494fca7405d1cef5e65d.exe
Trojan-Ransom.NSIS.Xamyh.kxk-64fbaa750a20ae7cc12cb21e6e409e4d267068417925494fca7405d1cef5e65d.exe
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_HELP_HELP_HELP_LVCGITNQ.hta"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Cryptor.gw-b1cb04416c7391d98166ff259bc3a33dbfe0a4e526466b5d30f54b6b78a5c22f.exe
"C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Cryptor.gw-b1cb04416c7391d98166ff259bc3a33dbfe0a4e526466b5d30f54b6b78a5c22f.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sysC523.tmp"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\96F2\CB79.bat" "C:\Users\Admin\AppData\Roaming\MICROS~1\DDAC3dlg\bitspntw.exe" "C:\Users\Admin\Desktop\00278\TROJAN~4.EXE""
C:\Windows\SysWOW64\cmd.exe
cmd /C ""C:\Users\Admin\AppData\Roaming\MICROS~1\DDAC3dlg\bitspntw.exe" "C:\Users\Admin\Desktop\00278\TROJAN~4.EXE""
C:\Users\Admin\AppData\Roaming\MICROS~1\DDAC3dlg\bitspntw.exe
"C:\Users\Admin\AppData\Roaming\MICROS~1\DDAC3dlg\bitspntw.exe" "C:\Users\Admin\Desktop\00278\TROJAN~4.EXE"
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sys1DDD.tmp"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im "Trojan-Ransom.Win32.GenericCryptor.jnu-2175329f4ed46df9f13ed8b80ffbe82ae4df5c24323ab50a1c197ab51b36ae78.exe"
C:\Windows\system32\PING.EXE
ping -n 1 127.0.0.1
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\N159GW5N--SRMB--Q78Z--87B238B6--9764BF3CE8F3.osiris
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\N159GW5N--SRMB--Q78Z--87B238B6--9764BF3CE8F3.osiris"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\cmd.exe
cmd /C "nslookup myip.opendns.com resolver1.opendns.com > C:\Users\Admin\AppData\Local\Temp\92B1.bi1"
C:\Windows\system32\nslookup.exe
nslookup myip.opendns.com resolver1.opendns.com
C:\Windows\system32\cmd.exe
cmd /C "echo -------- >> C:\Users\Admin\AppData\Local\Temp\92B1.bi1"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sysC062.tmp"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3284 CREDAT:275457 /prefetch:2
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sysCF60.tmp"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4016 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| FR | 90.2.1.0:6892 | udp | |
| FR | 90.2.1.1:6892 | udp | |
| FR | 90.2.1.2:6892 | udp | |
| FR | 90.2.1.3:6892 | udp | |
| FR | 90.2.1.4:6892 | udp | |
| FR | 90.2.1.5:6892 | udp | |
| FR | 90.2.1.6:6892 | udp | |
| FR | 90.2.1.7:6892 | udp | |
| FR | 90.2.1.8:6892 | udp | |
| FR | 90.2.1.9:6892 | udp | |
| FR | 90.2.1.10:6892 | udp | |
| FR | 90.2.1.11:6892 | udp | |
| FR | 90.2.1.12:6892 | udp | |
| FR | 90.2.1.13:6892 | udp | |
| FR | 90.2.1.14:6892 | udp | |
| FR | 90.2.1.15:6892 | udp | |
| FR | 90.2.1.16:6892 | udp | |
| FR | 90.2.1.17:6892 | udp | |
| FR | 90.2.1.18:6892 | udp | |
| FR | 90.2.1.19:6892 | udp | |
| FR | 90.2.1.20:6892 | udp | |
| FR | 90.2.1.21:6892 | udp | |
| FR | 90.2.1.22:6892 | udp | |
| FR | 90.2.1.23:6892 | udp | |
| FR | 90.2.1.24:6892 | udp | |
| FR | 90.2.1.25:6892 | udp | |
| FR | 90.2.1.26:6892 | udp | |
| FR | 90.2.1.27:6892 | udp | |
| FR | 90.2.1.28:6892 | udp | |
| FR | 90.2.1.29:6892 | udp | |
| FR | 90.2.1.30:6892 | udp | |
| FR | 90.2.1.31:6892 | udp | |
| FR | 90.3.1.0:6892 | udp | |
| FR | 90.3.1.1:6892 | udp | |
| FR | 90.3.1.2:6892 | udp | |
| FR | 90.3.1.3:6892 | udp | |
| FR | 90.3.1.4:6892 | udp | |
| FR | 90.3.1.5:6892 | udp | |
| FR | 90.3.1.6:6892 | udp | |
| FR | 90.3.1.7:6892 | udp | |
| FR | 90.3.1.8:6892 | udp | |
| FR | 90.3.1.9:6892 | udp | |
| FR | 90.3.1.10:6892 | udp | |
| FR | 90.3.1.11:6892 | udp | |
| FR | 90.3.1.12:6892 | udp | |
| FR | 90.3.1.13:6892 | udp | |
| FR | 90.3.1.14:6892 | udp | |
| FR | 90.3.1.15:6892 | udp | |
| FR | 90.3.1.16:6892 | udp | |
| FR | 90.3.1.17:6892 | udp | |
| FR | 90.3.1.18:6892 | udp | |
| FR | 90.3.1.19:6892 | udp | |
| FR | 90.3.1.20:6892 | udp | |
| FR | 90.3.1.21:6892 | udp | |
| FR | 90.3.1.22:6892 | udp | |
| FR | 90.3.1.23:6892 | udp | |
| FR | 90.3.1.24:6892 | udp | |
| FR | 90.3.1.25:6892 | udp | |
| FR | 90.3.1.26:6892 | udp | |
| FR | 90.3.1.27:6892 | udp | |
| FR | 90.3.1.28:6892 | udp | |
| FR | 90.3.1.29:6892 | udp | |
| FR | 90.3.1.30:6892 | udp | |
| FR | 90.3.1.31:6892 | udp | |
| DE | 91.239.24.0:6892 | udp | |
| DE | 91.239.24.1:6892 | udp | |
| DE | 91.239.24.2:6892 | udp | |
| DE | 91.239.24.3:6892 | udp | |
| DE | 91.239.24.4:6892 | udp | |
| DE | 91.239.24.5:6892 | udp | |
| DE | 91.239.24.6:6892 | udp | |
| DE | 91.239.24.7:6892 | udp | |
| DE | 91.239.24.8:6892 | udp | |
| DE | 91.239.24.9:6892 | udp | |
| DE | 91.239.24.10:6892 | udp | |
| DE | 91.239.24.11:6892 | udp | |
| DE | 91.239.24.12:6892 | udp | |
| DE | 91.239.24.13:6892 | udp | |
| DE | 91.239.24.14:6892 | udp | |
| DE | 91.239.24.15:6892 | udp | |
| DE | 91.239.24.16:6892 | udp | |
| DE | 91.239.24.17:6892 | udp | |
| DE | 91.239.24.18:6892 | udp | |
| DE | 91.239.24.19:6892 | udp | |
| DE | 91.239.24.20:6892 | udp | |
| DE | 91.239.24.21:6892 | udp | |
| DE | 91.239.24.22:6892 | udp | |
| DE | 91.239.24.23:6892 | udp | |
| DE | 91.239.24.24:6892 | udp | |
| DE | 91.239.24.25:6892 | udp | |
| DE | 91.239.24.26:6892 | udp | |
| DE | 91.239.24.27:6892 | udp | |
| DE | 91.239.24.28:6892 | udp | |
| DE | 91.239.24.29:6892 | udp | |
| DE | 91.239.24.30:6892 | udp | |
| DE | 91.239.24.31:6892 | udp | |
| DE | 91.239.24.32:6892 | udp | |
| DE | 91.239.24.33:6892 | udp | |
| DE | 91.239.24.34:6892 | udp | |
| DE | 91.239.24.35:6892 | udp | |
| DE | 91.239.24.36:6892 | udp | |
| DE | 91.239.24.37:6892 | udp | |
| DE | 91.239.24.38:6892 | udp | |
| DE | 91.239.24.39:6892 | udp | |
| DE | 91.239.24.40:6892 | udp | |
| DE | 91.239.24.41:6892 | udp | |
| DE | 91.239.24.42:6892 | udp | |
| DE | 91.239.24.43:6892 | udp | |
| DE | 91.239.24.44:6892 | udp | |
| DE | 91.239.24.45:6892 | udp | |
| DE | 91.239.24.46:6892 | udp | |
| DE | 91.239.24.47:6892 | udp | |
| DE | 91.239.24.48:6892 | udp | |
| DE | 91.239.24.49:6892 | udp | |
| DE | 91.239.24.50:6892 | udp | |
| DE | 91.239.24.51:6892 | udp | |
| DE | 91.239.24.52:6892 | udp | |
| DE | 91.239.24.53:6892 | udp | |
| DE | 91.239.24.54:6892 | udp | |
| DE | 91.239.24.55:6892 | udp | |
| DE | 91.239.24.56:6892 | udp | |
| DE | 91.239.24.57:6892 | udp | |
| DE | 91.239.24.58:6892 | udp | |
| DE | 91.239.24.59:6892 | udp | |
| DE | 91.239.24.60:6892 | udp | |
| DE | 91.239.24.61:6892 | udp | |
| DE | 91.239.24.62:6892 | udp | |
| DE | 91.239.24.63:6892 | udp | |
| DE | 91.239.24.64:6892 | udp | |
| DE | 91.239.24.65:6892 | udp | |
| DE | 91.239.24.66:6892 | udp | |
| DE | 91.239.24.67:6892 | udp | |
| DE | 91.239.24.68:6892 | udp | |
| DE | 91.239.24.69:6892 | udp | |
| DE | 91.239.24.70:6892 | udp | |
| DE | 91.239.24.71:6892 | udp | |
| DE | 91.239.24.72:6892 | udp | |
| DE | 91.239.24.73:6892 | udp | |
| DE | 91.239.24.74:6892 | udp | |
| DE | 91.239.24.75:6892 | udp | |
| DE | 91.239.24.76:6892 | udp | |
| DE | 91.239.24.77:6892 | udp | |
| DE | 91.239.24.78:6892 | udp | |
| DE | 91.239.24.79:6892 | udp | |
| DE | 91.239.24.80:6892 | udp | |
| DE | 91.239.24.81:6892 | udp | |
| DE | 91.239.24.82:6892 | udp | |
| DE | 91.239.24.83:6892 | udp | |
| DE | 91.239.24.84:6892 | udp | |
| DE | 91.239.24.85:6892 | udp | |
| DE | 91.239.24.86:6892 | udp | |
| DE | 91.239.24.87:6892 | udp | |
| DE | 91.239.24.88:6892 | udp | |
| DE | 91.239.24.89:6892 | udp | |
| DE | 91.239.24.90:6892 | udp | |
| DE | 91.239.24.91:6892 | udp | |
| DE | 91.239.24.92:6892 | udp | |
| DE | 91.239.24.93:6892 | udp | |
| DE | 91.239.24.94:6892 | udp | |
| DE | 91.239.24.95:6892 | udp | |
| DE | 91.239.24.96:6892 | udp | |
| DE | 91.239.24.97:6892 | udp | |
| DE | 91.239.24.98:6892 | udp | |
| DE | 91.239.24.99:6892 | udp | |
| DE | 91.239.24.100:6892 | udp | |
| DE | 91.239.24.101:6892 | udp | |
| DE | 91.239.24.102:6892 | udp | |
| DE | 91.239.24.103:6892 | udp | |
| DE | 91.239.24.104:6892 | udp | |
| DE | 91.239.24.105:6892 | udp | |
| DE | 91.239.24.106:6892 | udp | |
| DE | 91.239.24.107:6892 | udp | |
| DE | 91.239.24.108:6892 | udp | |
| DE | 91.239.24.109:6892 | udp | |
| DE | 91.239.24.110:6892 | udp | |
| DE | 91.239.24.111:6892 | udp | |
| DE | 91.239.24.112:6892 | udp | |
| DE | 91.239.24.113:6892 | udp | |
| DE | 91.239.24.114:6892 | udp | |
| DE | 91.239.24.115:6892 | udp | |
| DE | 91.239.24.116:6892 | udp | |
| DE | 91.239.24.117:6892 | udp | |
| DE | 91.239.24.118:6892 | udp | |
| DE | 91.239.24.119:6892 | udp | |
| DE | 91.239.24.120:6892 | udp | |
| DE | 91.239.24.121:6892 | udp | |
| DE | 91.239.24.122:6892 | udp | |
| DE | 91.239.24.123:6892 | udp | |
| DE | 91.239.24.124:6892 | udp | |
| DE | 91.239.24.125:6892 | udp | |
| DE | 91.239.24.126:6892 | udp | |
| DE | 91.239.24.127:6892 | udp | |
| DE | 91.239.24.128:6892 | udp | |
| DE | 91.239.24.129:6892 | udp | |
| DE | 91.239.24.130:6892 | udp | |
| DE | 91.239.24.131:6892 | udp | |
| DE | 91.239.24.132:6892 | udp | |
| DE | 91.239.24.133:6892 | udp | |
| DE | 91.239.24.134:6892 | udp | |
| DE | 91.239.24.135:6892 | udp | |
| DE | 91.239.24.136:6892 | udp | |
| DE | 91.239.24.137:6892 | udp | |
| DE | 91.239.24.138:6892 | udp | |
| DE | 91.239.24.139:6892 | udp | |
| DE | 91.239.24.140:6892 | udp | |
| DE | 91.239.24.141:6892 | udp | |
| DE | 91.239.24.142:6892 | udp | |
| DE | 91.239.24.143:6892 | udp | |
| DE | 91.239.24.144:6892 | udp | |
| DE | 91.239.24.145:6892 | udp | |
| DE | 91.239.24.146:6892 | udp | |
| DE | 91.239.24.147:6892 | udp | |
| DE | 91.239.24.148:6892 | udp | |
| DE | 91.239.24.149:6892 | udp | |
| DE | 91.239.24.150:6892 | udp | |
| DE | 91.239.24.151:6892 | udp | |
| DE | 91.239.24.152:6892 | udp | |
| DE | 91.239.24.153:6892 | udp | |
| DE | 91.239.24.154:6892 | udp | |
| DE | 91.239.24.155:6892 | udp | |
| DE | 91.239.24.156:6892 | udp | |
| DE | 91.239.24.157:6892 | udp | |
| DE | 91.239.24.158:6892 | udp | |
| DE | 91.239.24.159:6892 | udp | |
| DE | 91.239.24.160:6892 | udp | |
| DE | 91.239.24.161:6892 | udp | |
| DE | 91.239.24.162:6892 | udp | |
| DE | 91.239.24.163:6892 | udp | |
| DE | 91.239.24.164:6892 | udp | |
| DE | 91.239.24.165:6892 | udp | |
| DE | 91.239.24.166:6892 | udp | |
| DE | 91.239.24.167:6892 | udp | |
| DE | 91.239.24.168:6892 | udp | |
| DE | 91.239.24.169:6892 | udp | |
| DE | 91.239.24.170:6892 | udp | |
| DE | 91.239.24.171:6892 | udp | |
| DE | 91.239.24.172:6892 | udp | |
| DE | 91.239.24.173:6892 | udp | |
| DE | 91.239.24.174:6892 | udp | |
| DE | 91.239.24.175:6892 | udp | |
| DE | 91.239.24.176:6892 | udp | |
| DE | 91.239.24.177:6892 | udp | |
| DE | 91.239.24.178:6892 | udp | |
| DE | 91.239.24.179:6892 | udp | |
| DE | 91.239.24.180:6892 | udp | |
| DE | 91.239.24.181:6892 | udp | |
| DE | 91.239.24.182:6892 | udp | |
| DE | 91.239.24.183:6892 | udp | |
| DE | 91.239.24.184:6892 | udp | |
| DE | 91.239.24.185:6892 | udp | |
| DE | 91.239.24.186:6892 | udp | |
| DE | 91.239.24.187:6892 | udp | |
| DE | 91.239.24.188:6892 | udp | |
| DE | 91.239.24.189:6892 | udp | |
| DE | 91.239.24.190:6892 | udp | |
| DE | 91.239.24.191:6892 | udp | |
| DE | 91.239.24.192:6892 | udp | |
| DE | 91.239.24.193:6892 | udp | |
| DE | 91.239.24.194:6892 | udp | |
| DE | 91.239.24.195:6892 | udp | |
| DE | 91.239.24.196:6892 | udp | |
| DE | 91.239.24.197:6892 | udp | |
| DE | 91.239.24.198:6892 | udp | |
| DE | 91.239.24.199:6892 | udp | |
| DE | 91.239.24.200:6892 | udp | |
| DE | 91.239.24.201:6892 | udp | |
| DE | 91.239.24.202:6892 | udp | |
| DE | 91.239.24.203:6892 | udp | |
| DE | 91.239.24.204:6892 | udp | |
| DE | 91.239.24.205:6892 | udp | |
| DE | 91.239.24.206:6892 | udp | |
| DE | 91.239.24.207:6892 | udp | |
| DE | 91.239.24.208:6892 | udp | |
| DE | 91.239.24.209:6892 | udp | |
| DE | 91.239.24.210:6892 | udp | |
| DE | 91.239.24.211:6892 | udp | |
| DE | 91.239.24.212:6892 | udp | |
| DE | 91.239.24.213:6892 | udp | |
| DE | 91.239.24.214:6892 | udp | |
| DE | 91.239.24.215:6892 | udp | |
| DE | 91.239.24.216:6892 | udp | |
| DE | 91.239.24.217:6892 | udp | |
| DE | 91.239.24.218:6892 | udp | |
| DE | 91.239.24.219:6892 | udp | |
| DE | 91.239.24.220:6892 | udp | |
| DE | 91.239.24.221:6892 | udp | |
| DE | 91.239.24.222:6892 | udp | |
| DE | 91.239.24.223:6892 | udp | |
| DE | 91.239.24.224:6892 | udp | |
| DE | 91.239.24.225:6892 | udp | |
| DE | 91.239.24.226:6892 | udp | |
| DE | 91.239.24.227:6892 | udp | |
| DE | 91.239.24.228:6892 | udp | |
| DE | 91.239.24.229:6892 | udp | |
| DE | 91.239.24.230:6892 | udp | |
| DE | 91.239.24.231:6892 | udp | |
| DE | 91.239.24.232:6892 | udp | |
| DE | 91.239.24.233:6892 | udp | |
| DE | 91.239.24.234:6892 | udp | |
| DE | 91.239.24.235:6892 | udp | |
| DE | 91.239.24.236:6892 | udp | |
| DE | 91.239.24.237:6892 | udp | |
| DE | 91.239.24.238:6892 | udp | |
| DE | 91.239.24.239:6892 | udp | |
| DE | 91.239.24.240:6892 | udp | |
| DE | 91.239.24.241:6892 | udp | |
| DE | 91.239.24.242:6892 | udp | |
| DE | 91.239.24.243:6892 | udp | |
| DE | 91.239.24.244:6892 | udp | |
| DE | 91.239.24.245:6892 | udp | |
| DE | 91.239.24.246:6892 | udp | |
| DE | 91.239.24.247:6892 | udp | |
| DE | 91.239.24.248:6892 | udp | |
| DE | 91.239.24.249:6892 | udp | |
| DE | 91.239.24.250:6892 | udp | |
| DE | 91.239.24.251:6892 | udp | |
| DE | 91.239.24.252:6892 | udp | |
| DE | 91.239.24.253:6892 | udp | |
| DE | 91.239.24.254:6892 | udp | |
| DE | 91.239.24.255:6892 | udp | |
| NO | 91.239.25.0:6892 | udp | |
| NO | 91.239.25.1:6892 | udp | |
| NO | 91.239.25.2:6892 | udp | |
| NO | 91.239.25.3:6892 | udp | |
| NO | 91.239.25.4:6892 | udp | |
| NO | 91.239.25.5:6892 | udp | |
| NO | 91.239.25.6:6892 | udp | |
| NO | 91.239.25.7:6892 | udp | |
| NO | 91.239.25.8:6892 | udp | |
| NO | 91.239.25.9:6892 | udp | |
| NO | 91.239.25.10:6892 | udp | |
| NO | 91.239.25.11:6892 | udp | |
| NO | 91.239.25.12:6892 | udp | |
| NO | 91.239.25.13:6892 | udp | |
| NO | 91.239.25.14:6892 | udp | |
| NO | 91.239.25.15:6892 | udp | |
| NO | 91.239.25.16:6892 | udp | |
| NO | 91.239.25.17:6892 | udp | |
| NO | 91.239.25.18:6892 | udp | |
| NO | 91.239.25.19:6892 | udp | |
| NO | 91.239.25.20:6892 | udp | |
| NO | 91.239.25.21:6892 | udp | |
| NO | 91.239.25.22:6892 | udp | |
| NO | 91.239.25.23:6892 | udp | |
| NO | 91.239.25.24:6892 | udp | |
| NO | 91.239.25.25:6892 | udp | |
| NO | 91.239.25.26:6892 | udp | |
| NO | 91.239.25.27:6892 | udp | |
| NO | 91.239.25.28:6892 | udp | |
| NO | 91.239.25.29:6892 | udp | |
| NO | 91.239.25.30:6892 | udp | |
| NO | 91.239.25.31:6892 | udp | |
| NO | 91.239.25.32:6892 | udp | |
| NO | 91.239.25.33:6892 | udp | |
| NO | 91.239.25.34:6892 | udp | |
| NO | 91.239.25.35:6892 | udp | |
| NO | 91.239.25.36:6892 | udp | |
| NO | 91.239.25.37:6892 | udp | |
| NO | 91.239.25.38:6892 | udp | |
| NO | 91.239.25.39:6892 | udp | |
| NO | 91.239.25.40:6892 | udp | |
| NO | 91.239.25.41:6892 | udp | |
| NO | 91.239.25.42:6892 | udp | |
| NO | 91.239.25.43:6892 | udp | |
| NO | 91.239.25.44:6892 | udp | |
| NO | 91.239.25.45:6892 | udp | |
| NO | 91.239.25.46:6892 | udp | |
| NO | 91.239.25.47:6892 | udp | |
| NO | 91.239.25.48:6892 | udp | |
| NO | 91.239.25.49:6892 | udp | |
| NO | 91.239.25.50:6892 | udp | |
| NO | 91.239.25.51:6892 | udp | |
| NO | 91.239.25.52:6892 | udp | |
| NO | 91.239.25.53:6892 | udp | |
| NO | 91.239.25.54:6892 | udp | |
| NO | 91.239.25.55:6892 | udp | |
| NO | 91.239.25.56:6892 | udp | |
| NO | 91.239.25.57:6892 | udp | |
| NO | 91.239.25.58:6892 | udp | |
| NO | 91.239.25.59:6892 | udp | |
| NO | 91.239.25.60:6892 | udp | |
| NO | 91.239.25.61:6892 | udp | |
| NO | 91.239.25.62:6892 | udp | |
| NO | 91.239.25.63:6892 | udp | |
| NO | 91.239.25.64:6892 | udp | |
| NO | 91.239.25.65:6892 | udp | |
| NO | 91.239.25.66:6892 | udp | |
| NO | 91.239.25.67:6892 | udp | |
| NO | 91.239.25.68:6892 | udp | |
| NO | 91.239.25.69:6892 | udp | |
| NO | 91.239.25.70:6892 | udp | |
| NO | 91.239.25.71:6892 | udp | |
| NO | 91.239.25.72:6892 | udp | |
| NO | 91.239.25.73:6892 | udp | |
| NO | 91.239.25.74:6892 | udp | |
| NO | 91.239.25.75:6892 | udp | |
| NO | 91.239.25.76:6892 | udp | |
| NO | 91.239.25.77:6892 | udp | |
| NO | 91.239.25.78:6892 | udp | |
| NO | 91.239.25.79:6892 | udp | |
| NO | 91.239.25.80:6892 | udp | |
| NO | 91.239.25.81:6892 | udp | |
| NO | 91.239.25.82:6892 | udp | |
| NO | 91.239.25.83:6892 | udp | |
| NO | 91.239.25.84:6892 | udp | |
| NO | 91.239.25.85:6892 | udp | |
| NO | 91.239.25.86:6892 | udp | |
| NO | 91.239.25.87:6892 | udp | |
| NO | 91.239.25.88:6892 | udp | |
| NO | 91.239.25.89:6892 | udp | |
| NO | 91.239.25.90:6892 | udp | |
| NO | 91.239.25.91:6892 | udp | |
| NO | 91.239.25.92:6892 | udp | |
| NO | 91.239.25.93:6892 | udp | |
| NO | 91.239.25.94:6892 | udp | |
| NO | 91.239.25.95:6892 | udp | |
| NO | 91.239.25.96:6892 | udp | |
| NO | 91.239.25.97:6892 | udp | |
| NO | 91.239.25.98:6892 | udp | |
| NO | 91.239.25.99:6892 | udp | |
| NO | 91.239.25.100:6892 | udp | |
| NO | 91.239.25.101:6892 | udp | |
| NO | 91.239.25.102:6892 | udp | |
| NO | 91.239.25.103:6892 | udp | |
| NO | 91.239.25.104:6892 | udp | |
| NO | 91.239.25.105:6892 | udp | |
| NO | 91.239.25.106:6892 | udp | |
| NO | 91.239.25.107:6892 | udp | |
| NO | 91.239.25.108:6892 | udp | |
| NO | 91.239.25.109:6892 | udp | |
| NO | 91.239.25.110:6892 | udp | |
| NO | 91.239.25.111:6892 | udp | |
| NO | 91.239.25.112:6892 | udp | |
| NO | 91.239.25.113:6892 | udp | |
| NO | 91.239.25.114:6892 | udp | |
| NO | 91.239.25.115:6892 | udp | |
| NO | 91.239.25.116:6892 | udp | |
| NO | 91.239.25.117:6892 | udp | |
| NO | 91.239.25.118:6892 | udp | |
| NO | 91.239.25.119:6892 | udp | |
| NO | 91.239.25.120:6892 | udp | |
| NO | 91.239.25.121:6892 | udp | |
| NO | 91.239.25.122:6892 | udp | |
| NO | 91.239.25.123:6892 | udp | |
| NO | 91.239.25.124:6892 | udp | |
| NO | 91.239.25.125:6892 | udp | |
| NO | 91.239.25.126:6892 | udp | |
| NO | 91.239.25.127:6892 | udp | |
| NO | 91.239.25.128:6892 | udp | |
| NO | 91.239.25.129:6892 | udp | |
| NO | 91.239.25.130:6892 | udp | |
| NO | 91.239.25.131:6892 | udp | |
| NO | 91.239.25.132:6892 | udp | |
| NO | 91.239.25.133:6892 | udp | |
| NO | 91.239.25.134:6892 | udp | |
| NO | 91.239.25.135:6892 | udp | |
| NO | 91.239.25.136:6892 | udp | |
| NO | 91.239.25.137:6892 | udp | |
| NO | 91.239.25.138:6892 | udp | |
| NO | 91.239.25.139:6892 | udp | |
| NO | 91.239.25.140:6892 | udp | |
| NO | 91.239.25.141:6892 | udp | |
| NO | 91.239.25.142:6892 | udp | |
| NO | 91.239.25.143:6892 | udp | |
| NO | 91.239.25.144:6892 | udp | |
| NO | 91.239.25.145:6892 | udp | |
| NO | 91.239.25.146:6892 | udp | |
| NO | 91.239.25.147:6892 | udp | |
| NO | 91.239.25.148:6892 | udp | |
| NO | 91.239.25.149:6892 | udp | |
| NO | 91.239.25.150:6892 | udp | |
| NO | 91.239.25.151:6892 | udp | |
| NO | 91.239.25.152:6892 | udp | |
| NO | 91.239.25.153:6892 | udp | |
| NO | 91.239.25.154:6892 | udp | |
| NO | 91.239.25.155:6892 | udp | |
| NO | 91.239.25.156:6892 | udp | |
| NO | 91.239.25.157:6892 | udp | |
| NO | 91.239.25.158:6892 | udp | |
| NO | 91.239.25.159:6892 | udp | |
| NO | 91.239.25.160:6892 | udp | |
| NO | 91.239.25.161:6892 | udp | |
| NO | 91.239.25.162:6892 | udp | |
| NO | 91.239.25.163:6892 | udp | |
| NO | 91.239.25.164:6892 | udp | |
| NO | 91.239.25.165:6892 | udp | |
| NO | 91.239.25.166:6892 | udp | |
| NO | 91.239.25.167:6892 | udp | |
| NO | 91.239.25.168:6892 | udp | |
| NO | 91.239.25.169:6892 | udp | |
| NO | 91.239.25.170:6892 | udp | |
| NO | 91.239.25.171:6892 | udp | |
| NO | 91.239.25.172:6892 | udp | |
| NO | 91.239.25.173:6892 | udp | |
| NO | 91.239.25.174:6892 | udp | |
| NO | 91.239.25.175:6892 | udp | |
| NO | 91.239.25.176:6892 | udp | |
| NO | 91.239.25.177:6892 | udp | |
| NO | 91.239.25.178:6892 | udp | |
| NO | 91.239.25.179:6892 | udp | |
| NO | 91.239.25.180:6892 | udp | |
| NO | 91.239.25.181:6892 | udp | |
| NO | 91.239.25.182:6892 | udp | |
| NO | 91.239.25.183:6892 | udp | |
| NO | 91.239.25.184:6892 | udp | |
| NO | 91.239.25.185:6892 | udp | |
| NO | 91.239.25.186:6892 | udp | |
| NO | 91.239.25.187:6892 | udp | |
| NO | 91.239.25.188:6892 | udp | |
| NO | 91.239.25.189:6892 | udp | |
| NO | 91.239.25.190:6892 | udp | |
| NO | 91.239.25.191:6892 | udp | |
| NO | 91.239.25.192:6892 | udp | |
| NO | 91.239.25.193:6892 | udp | |
| NO | 91.239.25.194:6892 | udp | |
| NO | 91.239.25.195:6892 | udp | |
| NO | 91.239.25.196:6892 | udp | |
| NO | 91.239.25.197:6892 | udp | |
| NO | 91.239.25.198:6892 | udp | |
| NO | 91.239.25.199:6892 | udp | |
| NO | 91.239.25.200:6892 | udp | |
| NO | 91.239.25.201:6892 | udp | |
| NO | 91.239.25.202:6892 | udp | |
| NO | 91.239.25.203:6892 | udp | |
| NO | 91.239.25.204:6892 | udp | |
| NO | 91.239.25.205:6892 | udp | |
| NO | 91.239.25.206:6892 | udp | |
| NO | 91.239.25.207:6892 | udp | |
| NO | 91.239.25.208:6892 | udp | |
| NO | 91.239.25.209:6892 | udp | |
| NO | 91.239.25.210:6892 | udp | |
| NO | 91.239.25.211:6892 | udp | |
| NO | 91.239.25.212:6892 | udp | |
| NO | 91.239.25.213:6892 | udp | |
| NO | 91.239.25.214:6892 | udp | |
| NO | 91.239.25.215:6892 | udp | |
| NO | 91.239.25.216:6892 | udp | |
| NO | 91.239.25.217:6892 | udp | |
| NO | 91.239.25.218:6892 | udp | |
| NO | 91.239.25.219:6892 | udp | |
| NO | 91.239.25.220:6892 | udp | |
| NO | 91.239.25.221:6892 | udp | |
| NO | 91.239.25.222:6892 | udp | |
| NO | 91.239.25.223:6892 | udp | |
| NO | 91.239.25.224:6892 | udp | |
| NO | 91.239.25.225:6892 | udp | |
| NO | 91.239.25.226:6892 | udp | |
| NO | 91.239.25.227:6892 | udp | |
| NO | 91.239.25.228:6892 | udp | |
| NO | 91.239.25.229:6892 | udp | |
| NO | 91.239.25.230:6892 | udp | |
| NO | 91.239.25.231:6892 | udp | |
| NO | 91.239.25.232:6892 | udp | |
| NO | 91.239.25.233:6892 | udp | |
| NO | 91.239.25.234:6892 | udp | |
| NO | 91.239.25.235:6892 | udp | |
| NO | 91.239.25.236:6892 | udp | |
| NO | 91.239.25.237:6892 | udp | |
| NO | 91.239.25.238:6892 | udp | |
| NO | 91.239.25.239:6892 | udp | |
| NO | 91.239.25.240:6892 | udp | |
| NO | 91.239.25.241:6892 | udp | |
| NO | 91.239.25.242:6892 | udp | |
| NO | 91.239.25.243:6892 | udp | |
| NO | 91.239.25.244:6892 | udp | |
| NO | 91.239.25.245:6892 | udp | |
| NO | 91.239.25.246:6892 | udp | |
| NO | 91.239.25.247:6892 | udp | |
| NO | 91.239.25.248:6892 | udp | |
| NO | 91.239.25.249:6892 | udp | |
| NO | 91.239.25.250:6892 | udp | |
| NO | 91.239.25.251:6892 | udp | |
| NO | 91.239.25.252:6892 | udp | |
| NO | 91.239.25.253:6892 | udp | |
| NO | 91.239.25.254:6892 | udp | |
| NO | 91.239.25.255:6892 | udp | |
| TR | 194.31.59.5:80 | 194.31.59.5 | tcp |
| RU | 88.214.237.45:80 | tcp | |
| DE | 131.188.40.189:443 | tcp | |
| TR | 194.31.59.5:80 | 194.31.59.5 | tcp |
| FR | 90.2.1.0:6892 | udp | |
| FR | 90.2.1.1:6892 | udp | |
| FR | 90.2.1.2:6892 | udp | |
| FR | 90.2.1.3:6892 | udp | |
| FR | 90.2.1.4:6892 | udp | |
| FR | 90.2.1.5:6892 | udp | |
| FR | 90.2.1.6:6892 | udp | |
| FR | 90.2.1.7:6892 | udp | |
| FR | 90.2.1.8:6892 | udp | |
| FR | 90.2.1.9:6892 | udp | |
| FR | 90.2.1.10:6892 | udp | |
| FR | 90.2.1.11:6892 | udp | |
| FR | 90.2.1.12:6892 | udp | |
| FR | 90.2.1.13:6892 | udp | |
| FR | 90.2.1.14:6892 | udp | |
| FR | 90.2.1.15:6892 | udp | |
| FR | 90.2.1.16:6892 | udp | |
| FR | 90.2.1.17:6892 | udp | |
| FR | 90.2.1.18:6892 | udp | |
| FR | 90.2.1.19:6892 | udp | |
| FR | 90.2.1.20:6892 | udp | |
| FR | 90.2.1.21:6892 | udp | |
| FR | 90.2.1.22:6892 | udp | |
| FR | 90.2.1.23:6892 | udp | |
| FR | 90.2.1.24:6892 | udp | |
| FR | 90.2.1.25:6892 | udp | |
| FR | 90.2.1.26:6892 | udp | |
| FR | 90.2.1.27:6892 | udp | |
| FR | 90.2.1.28:6892 | udp | |
| FR | 90.2.1.29:6892 | udp | |
| FR | 90.2.1.30:6892 | udp | |
| FR | 90.2.1.31:6892 | udp | |
| FR | 90.3.1.0:6892 | udp | |
| FR | 90.3.1.1:6892 | udp | |
| FR | 90.3.1.2:6892 | udp | |
| FR | 90.3.1.3:6892 | udp | |
| FR | 90.3.1.4:6892 | udp | |
| FR | 90.3.1.5:6892 | udp | |
| FR | 90.3.1.6:6892 | udp | |
| FR | 90.3.1.7:6892 | udp | |
| FR | 90.3.1.8:6892 | udp | |
| FR | 90.3.1.9:6892 | udp | |
| FR | 90.3.1.10:6892 | udp | |
| FR | 90.3.1.11:6892 | udp | |
| FR | 90.3.1.12:6892 | udp | |
| FR | 90.3.1.13:6892 | udp | |
| FR | 90.3.1.14:6892 | udp | |
| FR | 90.3.1.15:6892 | udp | |
| FR | 90.3.1.16:6892 | udp | |
| FR | 90.3.1.17:6892 | udp | |
| FR | 90.3.1.18:6892 | udp | |
| FR | 90.3.1.19:6892 | udp | |
| FR | 90.3.1.20:6892 | udp | |
| FR | 90.3.1.21:6892 | udp | |
| FR | 90.3.1.22:6892 | udp | |
| FR | 90.3.1.23:6892 | udp | |
| FR | 90.3.1.24:6892 | udp | |
| FR | 90.3.1.25:6892 | udp | |
| FR | 90.3.1.26:6892 | udp | |
| FR | 90.3.1.27:6892 | udp | |
| FR | 90.3.1.28:6892 | udp | |
| FR | 90.3.1.29:6892 | udp | |
| FR | 90.3.1.30:6892 | udp | |
| FR | 90.3.1.31:6892 | udp | |
| DE | 91.239.24.0:6892 | udp | |
| DE | 91.239.24.1:6892 | udp | |
| DE | 91.239.24.2:6892 | udp | |
| DE | 91.239.24.3:6892 | udp | |
| DE | 91.239.24.4:6892 | udp | |
| DE | 91.239.24.5:6892 | udp | |
| DE | 91.239.24.6:6892 | udp | |
| DE | 91.239.24.7:6892 | udp | |
| DE | 91.239.24.8:6892 | udp | |
| DE | 91.239.24.9:6892 | udp | |
| DE | 91.239.24.10:6892 | udp | |
| DE | 91.239.24.11:6892 | udp | |
| DE | 91.239.24.12:6892 | udp | |
| DE | 91.239.24.13:6892 | udp | |
| DE | 91.239.24.14:6892 | udp | |
| DE | 91.239.24.15:6892 | udp | |
| DE | 91.239.24.16:6892 | udp | |
| DE | 91.239.24.17:6892 | udp | |
| DE | 91.239.24.18:6892 | udp | |
| DE | 91.239.24.19:6892 | udp | |
| DE | 91.239.24.20:6892 | udp | |
| DE | 91.239.24.21:6892 | udp | |
| DE | 91.239.24.22:6892 | udp | |
| DE | 91.239.24.23:6892 | udp | |
| DE | 91.239.24.24:6892 | udp | |
| DE | 91.239.24.25:6892 | udp | |
| DE | 91.239.24.26:6892 | udp | |
| DE | 91.239.24.27:6892 | udp | |
| DE | 91.239.24.28:6892 | udp | |
| DE | 91.239.24.29:6892 | udp | |
| DE | 91.239.24.30:6892 | udp | |
| DE | 91.239.24.31:6892 | udp | |
| DE | 91.239.24.32:6892 | udp | |
| DE | 91.239.24.33:6892 | udp | |
| DE | 91.239.24.34:6892 | udp | |
| DE | 91.239.24.35:6892 | udp | |
| DE | 91.239.24.36:6892 | udp | |
| DE | 91.239.24.37:6892 | udp | |
| DE | 91.239.24.38:6892 | udp | |
| DE | 91.239.24.39:6892 | udp | |
| DE | 91.239.24.40:6892 | udp | |
| DE | 91.239.24.41:6892 | udp | |
| DE | 91.239.24.42:6892 | udp | |
| DE | 91.239.24.43:6892 | udp | |
| DE | 91.239.24.44:6892 | udp | |
| DE | 91.239.24.45:6892 | udp | |
| DE | 91.239.24.46:6892 | udp | |
| DE | 91.239.24.47:6892 | udp | |
| DE | 91.239.24.48:6892 | udp | |
| DE | 91.239.24.49:6892 | udp | |
| DE | 91.239.24.50:6892 | udp | |
| DE | 91.239.24.51:6892 | udp | |
| DE | 91.239.24.52:6892 | udp | |
| DE | 91.239.24.53:6892 | udp | |
| DE | 91.239.24.54:6892 | udp | |
| DE | 91.239.24.55:6892 | udp | |
| DE | 91.239.24.56:6892 | udp | |
| DE | 91.239.24.57:6892 | udp | |
| DE | 91.239.24.58:6892 | udp | |
| DE | 91.239.24.59:6892 | udp | |
| DE | 91.239.24.60:6892 | udp | |
| DE | 91.239.24.61:6892 | udp | |
| DE | 91.239.24.62:6892 | udp | |
| DE | 91.239.24.63:6892 | udp | |
| DE | 91.239.24.64:6892 | udp | |
| DE | 91.239.24.65:6892 | udp | |
| DE | 91.239.24.66:6892 | udp | |
| DE | 91.239.24.67:6892 | udp | |
| DE | 91.239.24.68:6892 | udp | |
| DE | 91.239.24.69:6892 | udp | |
| DE | 91.239.24.70:6892 | udp | |
| DE | 91.239.24.71:6892 | udp | |
| DE | 91.239.24.72:6892 | udp | |
| DE | 91.239.24.73:6892 | udp | |
| DE | 91.239.24.74:6892 | udp | |
| DE | 91.239.24.75:6892 | udp | |
| DE | 91.239.24.76:6892 | udp | |
| DE | 91.239.24.77:6892 | udp | |
| DE | 91.239.24.78:6892 | udp | |
| DE | 91.239.24.79:6892 | udp | |
| DE | 91.239.24.80:6892 | udp | |
| DE | 91.239.24.81:6892 | udp | |
| DE | 91.239.24.82:6892 | udp | |
| DE | 91.239.24.83:6892 | udp | |
| DE | 91.239.24.84:6892 | udp | |
| DE | 91.239.24.85:6892 | udp | |
| DE | 91.239.24.86:6892 | udp | |
| DE | 91.239.24.87:6892 | udp | |
| DE | 91.239.24.88:6892 | udp | |
| DE | 91.239.24.89:6892 | udp | |
| DE | 91.239.24.90:6892 | udp | |
| DE | 91.239.24.91:6892 | udp | |
| DE | 91.239.24.92:6892 | udp | |
| DE | 91.239.24.93:6892 | udp | |
| DE | 91.239.24.94:6892 | udp | |
| DE | 91.239.24.95:6892 | udp | |
| DE | 91.239.24.96:6892 | udp | |
| DE | 91.239.24.97:6892 | udp | |
| DE | 91.239.24.98:6892 | udp | |
| DE | 91.239.24.99:6892 | udp | |
| DE | 91.239.24.100:6892 | udp | |
| DE | 91.239.24.101:6892 | udp | |
| DE | 91.239.24.102:6892 | udp | |
| DE | 91.239.24.103:6892 | udp | |
| DE | 91.239.24.104:6892 | udp | |
| DE | 91.239.24.105:6892 | udp | |
| DE | 91.239.24.106:6892 | udp | |
| DE | 91.239.24.107:6892 | udp | |
| DE | 91.239.24.108:6892 | udp | |
| DE | 91.239.24.109:6892 | udp | |
| DE | 91.239.24.110:6892 | udp | |
| DE | 91.239.24.111:6892 | udp | |
| DE | 91.239.24.112:6892 | udp | |
| DE | 91.239.24.113:6892 | udp | |
| DE | 91.239.24.114:6892 | udp | |
| DE | 91.239.24.115:6892 | udp | |
| DE | 91.239.24.116:6892 | udp | |
| DE | 91.239.24.117:6892 | udp | |
| DE | 91.239.24.118:6892 | udp | |
| DE | 91.239.24.119:6892 | udp | |
| DE | 91.239.24.120:6892 | udp | |
| DE | 91.239.24.121:6892 | udp | |
| DE | 91.239.24.122:6892 | udp | |
| DE | 91.239.24.123:6892 | udp | |
| DE | 91.239.24.124:6892 | udp | |
| DE | 91.239.24.125:6892 | udp | |
| DE | 91.239.24.126:6892 | udp | |
| DE | 91.239.24.127:6892 | udp | |
| DE | 91.239.24.128:6892 | udp | |
| DE | 91.239.24.129:6892 | udp | |
| DE | 91.239.24.130:6892 | udp | |
| DE | 91.239.24.131:6892 | udp | |
| DE | 91.239.24.132:6892 | udp | |
| DE | 91.239.24.133:6892 | udp | |
| DE | 91.239.24.134:6892 | udp | |
| DE | 91.239.24.135:6892 | udp | |
| DE | 91.239.24.136:6892 | udp | |
| DE | 91.239.24.137:6892 | udp | |
| DE | 91.239.24.138:6892 | udp | |
| DE | 91.239.24.139:6892 | udp | |
| DE | 91.239.24.140:6892 | udp | |
| DE | 91.239.24.141:6892 | udp | |
| DE | 91.239.24.142:6892 | udp | |
| DE | 91.239.24.143:6892 | udp | |
| DE | 91.239.24.144:6892 | udp | |
| DE | 91.239.24.145:6892 | udp | |
| DE | 91.239.24.146:6892 | udp | |
| DE | 91.239.24.147:6892 | udp | |
| DE | 91.239.24.148:6892 | udp | |
| DE | 91.239.24.149:6892 | udp | |
| DE | 91.239.24.150:6892 | udp | |
| DE | 91.239.24.151:6892 | udp | |
| DE | 91.239.24.152:6892 | udp | |
| DE | 91.239.24.153:6892 | udp | |
| DE | 91.239.24.154:6892 | udp | |
| DE | 91.239.24.155:6892 | udp | |
| DE | 91.239.24.156:6892 | udp | |
| DE | 91.239.24.157:6892 | udp | |
| DE | 91.239.24.158:6892 | udp | |
| DE | 91.239.24.159:6892 | udp | |
| DE | 91.239.24.160:6892 | udp | |
| DE | 91.239.24.161:6892 | udp | |
| DE | 91.239.24.162:6892 | udp | |
| DE | 91.239.24.163:6892 | udp | |
| DE | 91.239.24.164:6892 | udp | |
| DE | 91.239.24.165:6892 | udp | |
| DE | 91.239.24.166:6892 | udp | |
| DE | 91.239.24.167:6892 | udp | |
| DE | 91.239.24.168:6892 | udp | |
| DE | 91.239.24.169:6892 | udp | |
| DE | 91.239.24.170:6892 | udp | |
| DE | 91.239.24.171:6892 | udp | |
| DE | 91.239.24.172:6892 | udp | |
| DE | 91.239.24.173:6892 | udp | |
| DE | 91.239.24.174:6892 | udp | |
| DE | 91.239.24.175:6892 | udp | |
| DE | 91.239.24.176:6892 | udp | |
| DE | 91.239.24.177:6892 | udp | |
| DE | 91.239.24.178:6892 | udp | |
| DE | 91.239.24.179:6892 | udp | |
| DE | 91.239.24.180:6892 | udp | |
| DE | 91.239.24.181:6892 | udp | |
| DE | 91.239.24.182:6892 | udp | |
| DE | 91.239.24.183:6892 | udp | |
| DE | 91.239.24.184:6892 | udp | |
| DE | 91.239.24.185:6892 | udp | |
| DE | 91.239.24.186:6892 | udp | |
| DE | 91.239.24.187:6892 | udp | |
| DE | 91.239.24.188:6892 | udp | |
| DE | 91.239.24.189:6892 | udp | |
| DE | 91.239.24.190:6892 | udp | |
| DE | 91.239.24.191:6892 | udp | |
| DE | 91.239.24.192:6892 | udp | |
| DE | 91.239.24.193:6892 | udp | |
| DE | 91.239.24.194:6892 | udp | |
| DE | 91.239.24.195:6892 | udp | |
| DE | 91.239.24.196:6892 | udp | |
| DE | 91.239.24.197:6892 | udp | |
| DE | 91.239.24.198:6892 | udp | |
| DE | 91.239.24.199:6892 | udp | |
| DE | 91.239.24.200:6892 | udp | |
| DE | 91.239.24.201:6892 | udp | |
| DE | 91.239.24.202:6892 | udp | |
| DE | 91.239.24.203:6892 | udp | |
| DE | 91.239.24.204:6892 | udp | |
| DE | 91.239.24.205:6892 | udp | |
| DE | 91.239.24.206:6892 | udp | |
| DE | 91.239.24.207:6892 | udp | |
| DE | 91.239.24.208:6892 | udp | |
| DE | 91.239.24.209:6892 | udp | |
| DE | 91.239.24.210:6892 | udp | |
| DE | 91.239.24.211:6892 | udp | |
| DE | 91.239.24.212:6892 | udp | |
| DE | 91.239.24.213:6892 | udp | |
| DE | 91.239.24.214:6892 | udp | |
| DE | 91.239.24.215:6892 | udp | |
| DE | 91.239.24.216:6892 | udp | |
| DE | 91.239.24.217:6892 | udp | |
| DE | 91.239.24.218:6892 | udp | |
| DE | 91.239.24.219:6892 | udp | |
| DE | 91.239.24.220:6892 | udp | |
| DE | 91.239.24.221:6892 | udp | |
| DE | 91.239.24.222:6892 | udp | |
| DE | 91.239.24.223:6892 | udp | |
| DE | 91.239.24.224:6892 | udp | |
| DE | 91.239.24.225:6892 | udp | |
| DE | 91.239.24.226:6892 | udp | |
| DE | 91.239.24.227:6892 | udp | |
| DE | 91.239.24.228:6892 | udp | |
| DE | 91.239.24.229:6892 | udp | |
| DE | 91.239.24.230:6892 | udp | |
| DE | 91.239.24.231:6892 | udp | |
| DE | 91.239.24.232:6892 | udp | |
| DE | 91.239.24.233:6892 | udp | |
| DE | 91.239.24.234:6892 | udp | |
| DE | 91.239.24.235:6892 | udp | |
| DE | 91.239.24.236:6892 | udp | |
| DE | 91.239.24.237:6892 | udp | |
| DE | 91.239.24.238:6892 | udp | |
| DE | 91.239.24.239:6892 | udp | |
| DE | 91.239.24.240:6892 | udp | |
| DE | 91.239.24.241:6892 | udp | |
| DE | 91.239.24.242:6892 | udp | |
| DE | 91.239.24.243:6892 | udp | |
| DE | 91.239.24.244:6892 | udp | |
| DE | 91.239.24.245:6892 | udp | |
| DE | 91.239.24.246:6892 | udp | |
| DE | 91.239.24.247:6892 | udp | |
| DE | 91.239.24.248:6892 | udp | |
| DE | 91.239.24.249:6892 | udp | |
| DE | 91.239.24.250:6892 | udp | |
| DE | 91.239.24.251:6892 | udp | |
| DE | 91.239.24.252:6892 | udp | |
| DE | 91.239.24.253:6892 | udp | |
| DE | 91.239.24.254:6892 | udp | |
| DE | 91.239.24.255:6892 | udp | |
| NO | 91.239.25.0:6892 | udp | |
| NO | 91.239.25.1:6892 | udp | |
| NO | 91.239.25.2:6892 | udp | |
| NO | 91.239.25.3:6892 | udp | |
| NO | 91.239.25.4:6892 | udp | |
| NO | 91.239.25.5:6892 | udp | |
| NO | 91.239.25.6:6892 | udp | |
| NO | 91.239.25.7:6892 | udp | |
| NO | 91.239.25.8:6892 | udp | |
| NO | 91.239.25.9:6892 | udp | |
| NO | 91.239.25.10:6892 | udp | |
| NO | 91.239.25.11:6892 | udp | |
| NO | 91.239.25.12:6892 | udp | |
| NO | 91.239.25.13:6892 | udp | |
| NO | 91.239.25.14:6892 | udp | |
| NO | 91.239.25.15:6892 | udp | |
| NO | 91.239.25.16:6892 | udp | |
| NO | 91.239.25.17:6892 | udp | |
| NO | 91.239.25.18:6892 | udp | |
| NO | 91.239.25.19:6892 | udp | |
| NO | 91.239.25.20:6892 | udp | |
| NO | 91.239.25.21:6892 | udp | |
| NO | 91.239.25.22:6892 | udp | |
| NO | 91.239.25.23:6892 | udp | |
| NO | 91.239.25.24:6892 | udp | |
| NO | 91.239.25.25:6892 | udp | |
| NO | 91.239.25.26:6892 | udp | |
| NO | 91.239.25.27:6892 | udp | |
| NO | 91.239.25.28:6892 | udp | |
| NO | 91.239.25.29:6892 | udp | |
| NO | 91.239.25.30:6892 | udp | |
| NO | 91.239.25.31:6892 | udp | |
| NO | 91.239.25.32:6892 | udp | |
| NO | 91.239.25.33:6892 | udp | |
| NO | 91.239.25.34:6892 | udp | |
| NO | 91.239.25.35:6892 | udp | |
| NO | 91.239.25.36:6892 | udp | |
| NO | 91.239.25.37:6892 | udp | |
| NO | 91.239.25.38:6892 | udp | |
| NO | 91.239.25.39:6892 | udp | |
| NO | 91.239.25.40:6892 | udp | |
| NO | 91.239.25.41:6892 | udp | |
| NO | 91.239.25.42:6892 | udp | |
| NO | 91.239.25.43:6892 | udp | |
| NO | 91.239.25.44:6892 | udp | |
| NO | 91.239.25.45:6892 | udp | |
| NO | 91.239.25.46:6892 | udp | |
| NO | 91.239.25.47:6892 | udp | |
| NO | 91.239.25.48:6892 | udp | |
| NO | 91.239.25.49:6892 | udp | |
| NO | 91.239.25.50:6892 | udp | |
| NO | 91.239.25.51:6892 | udp | |
| NO | 91.239.25.52:6892 | udp | |
| NO | 91.239.25.53:6892 | udp | |
| NO | 91.239.25.54:6892 | udp | |
| NO | 91.239.25.55:6892 | udp | |
| NO | 91.239.25.56:6892 | udp | |
| NO | 91.239.25.57:6892 | udp | |
| NO | 91.239.25.58:6892 | udp | |
| NO | 91.239.25.59:6892 | udp | |
| NO | 91.239.25.60:6892 | udp | |
| NO | 91.239.25.61:6892 | udp | |
| NO | 91.239.25.62:6892 | udp | |
| NO | 91.239.25.63:6892 | udp | |
| NO | 91.239.25.64:6892 | udp | |
| NO | 91.239.25.65:6892 | udp | |
| NO | 91.239.25.66:6892 | udp | |
| NO | 91.239.25.67:6892 | udp | |
| NO | 91.239.25.68:6892 | udp | |
| NO | 91.239.25.69:6892 | udp | |
| NO | 91.239.25.70:6892 | udp | |
| NO | 91.239.25.71:6892 | udp | |
| NO | 91.239.25.72:6892 | udp | |
| NO | 91.239.25.73:6892 | udp | |
| NO | 91.239.25.74:6892 | udp | |
| NO | 91.239.25.75:6892 | udp | |
| NO | 91.239.25.76:6892 | udp | |
| NO | 91.239.25.77:6892 | udp | |
| NO | 91.239.25.78:6892 | udp | |
| NO | 91.239.25.79:6892 | udp | |
| NO | 91.239.25.80:6892 | udp | |
| NO | 91.239.25.81:6892 | udp | |
| NO | 91.239.25.82:6892 | udp | |
| NO | 91.239.25.83:6892 | udp | |
| NO | 91.239.25.84:6892 | udp | |
| NO | 91.239.25.85:6892 | udp | |
| NO | 91.239.25.86:6892 | udp | |
| NO | 91.239.25.87:6892 | udp | |
| NO | 91.239.25.88:6892 | udp | |
| NO | 91.239.25.89:6892 | udp | |
| NO | 91.239.25.90:6892 | udp | |
| NO | 91.239.25.91:6892 | udp | |
| NO | 91.239.25.92:6892 | udp | |
| NO | 91.239.25.93:6892 | udp | |
| NO | 91.239.25.94:6892 | udp | |
| NO | 91.239.25.95:6892 | udp | |
| NO | 91.239.25.96:6892 | udp | |
| NO | 91.239.25.97:6892 | udp | |
| NO | 91.239.25.98:6892 | udp | |
| NO | 91.239.25.99:6892 | udp | |
| NO | 91.239.25.100:6892 | udp | |
| NO | 91.239.25.101:6892 | udp | |
| NO | 91.239.25.102:6892 | udp | |
| NO | 91.239.25.103:6892 | udp | |
| NO | 91.239.25.104:6892 | udp | |
| NO | 91.239.25.105:6892 | udp | |
| NO | 91.239.25.106:6892 | udp | |
| NO | 91.239.25.107:6892 | udp | |
| NO | 91.239.25.108:6892 | udp | |
| NO | 91.239.25.109:6892 | udp | |
| NO | 91.239.25.110:6892 | udp | |
| NO | 91.239.25.111:6892 | udp | |
| NO | 91.239.25.112:6892 | udp | |
| NO | 91.239.25.113:6892 | udp | |
| NO | 91.239.25.114:6892 | udp | |
| NO | 91.239.25.115:6892 | udp | |
| NO | 91.239.25.116:6892 | udp | |
| NO | 91.239.25.117:6892 | udp | |
| NO | 91.239.25.118:6892 | udp | |
| NO | 91.239.25.119:6892 | udp | |
| NO | 91.239.25.120:6892 | udp | |
| NO | 91.239.25.121:6892 | udp | |
| NO | 91.239.25.122:6892 | udp | |
| NO | 91.239.25.123:6892 | udp | |
| NO | 91.239.25.124:6892 | udp | |
| NO | 91.239.25.125:6892 | udp | |
| NO | 91.239.25.126:6892 | udp | |
| NO | 91.239.25.127:6892 | udp | |
| NO | 91.239.25.128:6892 | udp | |
| NO | 91.239.25.129:6892 | udp | |
| NO | 91.239.25.130:6892 | udp | |
| NO | 91.239.25.131:6892 | udp | |
| NO | 91.239.25.132:6892 | udp | |
| NO | 91.239.25.133:6892 | udp | |
| NO | 91.239.25.134:6892 | udp | |
| NO | 91.239.25.135:6892 | udp | |
| NO | 91.239.25.136:6892 | udp | |
| NO | 91.239.25.137:6892 | udp | |
| NO | 91.239.25.138:6892 | udp | |
| NO | 91.239.25.139:6892 | udp | |
| NO | 91.239.25.140:6892 | udp | |
| NO | 91.239.25.141:6892 | udp | |
| NO | 91.239.25.142:6892 | udp | |
| NO | 91.239.25.143:6892 | udp | |
| NO | 91.239.25.144:6892 | udp | |
| NO | 91.239.25.145:6892 | udp | |
| NO | 91.239.25.146:6892 | udp | |
| NO | 91.239.25.147:6892 | udp | |
| NO | 91.239.25.148:6892 | udp | |
| NO | 91.239.25.149:6892 | udp | |
| NO | 91.239.25.150:6892 | udp | |
| NO | 91.239.25.151:6892 | udp | |
| NO | 91.239.25.152:6892 | udp | |
| NO | 91.239.25.153:6892 | udp | |
| NO | 91.239.25.154:6892 | udp | |
| NO | 91.239.25.155:6892 | udp | |
| NO | 91.239.25.156:6892 | udp | |
| NO | 91.239.25.157:6892 | udp | |
| NO | 91.239.25.158:6892 | udp | |
| NO | 91.239.25.159:6892 | udp | |
| NO | 91.239.25.160:6892 | udp | |
| NO | 91.239.25.161:6892 | udp | |
| NO | 91.239.25.162:6892 | udp | |
| NO | 91.239.25.163:6892 | udp | |
| NO | 91.239.25.164:6892 | udp | |
| NO | 91.239.25.165:6892 | udp | |
| NO | 91.239.25.166:6892 | udp | |
| NO | 91.239.25.167:6892 | udp | |
| NO | 91.239.25.168:6892 | udp | |
| NO | 91.239.25.169:6892 | udp | |
| NO | 91.239.25.170:6892 | udp | |
| NO | 91.239.25.171:6892 | udp | |
| NO | 91.239.25.172:6892 | udp | |
| NO | 91.239.25.173:6892 | udp | |
| NO | 91.239.25.174:6892 | udp | |
| NO | 91.239.25.175:6892 | udp | |
| NO | 91.239.25.176:6892 | udp | |
| NO | 91.239.25.177:6892 | udp | |
| NO | 91.239.25.178:6892 | udp | |
| NO | 91.239.25.179:6892 | udp | |
| NO | 91.239.25.180:6892 | udp | |
| NO | 91.239.25.181:6892 | udp | |
| NO | 91.239.25.182:6892 | udp | |
| NO | 91.239.25.183:6892 | udp | |
| NO | 91.239.25.184:6892 | udp | |
| NO | 91.239.25.185:6892 | udp | |
| NO | 91.239.25.186:6892 | udp | |
| NO | 91.239.25.187:6892 | udp | |
| NO | 91.239.25.188:6892 | udp | |
| NO | 91.239.25.189:6892 | udp | |
| NO | 91.239.25.190:6892 | udp | |
| NO | 91.239.25.191:6892 | udp | |
| NO | 91.239.25.192:6892 | udp | |
| NO | 91.239.25.193:6892 | udp | |
| NO | 91.239.25.194:6892 | udp | |
| NO | 91.239.25.195:6892 | udp | |
| NO | 91.239.25.196:6892 | udp | |
| NO | 91.239.25.197:6892 | udp | |
| NO | 91.239.25.198:6892 | udp | |
| NO | 91.239.25.199:6892 | udp | |
| NO | 91.239.25.200:6892 | udp | |
| NO | 91.239.25.201:6892 | udp | |
| NO | 91.239.25.202:6892 | udp | |
| NO | 91.239.25.203:6892 | udp | |
| NO | 91.239.25.204:6892 | udp | |
| NO | 91.239.25.205:6892 | udp | |
| NO | 91.239.25.206:6892 | udp | |
| NO | 91.239.25.207:6892 | udp | |
| NO | 91.239.25.208:6892 | udp | |
| NO | 91.239.25.209:6892 | udp | |
| NO | 91.239.25.210:6892 | udp | |
| NO | 91.239.25.211:6892 | udp | |
| NO | 91.239.25.212:6892 | udp | |
| NO | 91.239.25.213:6892 | udp | |
| NO | 91.239.25.214:6892 | udp | |
| NO | 91.239.25.215:6892 | udp | |
| NO | 91.239.25.216:6892 | udp | |
| NO | 91.239.25.217:6892 | udp | |
| NO | 91.239.25.218:6892 | udp | |
| NO | 91.239.25.219:6892 | udp | |
| NO | 91.239.25.220:6892 | udp | |
| NO | 91.239.25.221:6892 | udp | |
| NO | 91.239.25.222:6892 | udp | |
| NO | 91.239.25.223:6892 | udp | |
| NO | 91.239.25.224:6892 | udp | |
| NO | 91.239.25.225:6892 | udp | |
| NO | 91.239.25.226:6892 | udp | |
| NO | 91.239.25.227:6892 | udp | |
| NO | 91.239.25.228:6892 | udp | |
| NO | 91.239.25.229:6892 | udp | |
| NO | 91.239.25.230:6892 | udp | |
| NO | 91.239.25.231:6892 | udp | |
| NO | 91.239.25.232:6892 | udp | |
| NO | 91.239.25.233:6892 | udp | |
| NO | 91.239.25.234:6892 | udp | |
| NO | 91.239.25.235:6892 | udp | |
| NO | 91.239.25.236:6892 | udp | |
| NO | 91.239.25.237:6892 | udp | |
| NO | 91.239.25.238:6892 | udp | |
| NO | 91.239.25.239:6892 | udp | |
| NO | 91.239.25.240:6892 | udp | |
| NO | 91.239.25.241:6892 | udp | |
| NO | 91.239.25.242:6892 | udp | |
| NO | 91.239.25.243:6892 | udp | |
| NO | 91.239.25.244:6892 | udp | |
| NO | 91.239.25.245:6892 | udp | |
| NO | 91.239.25.246:6892 | udp | |
| NO | 91.239.25.247:6892 | udp | |
| NO | 91.239.25.248:6892 | udp | |
| NO | 91.239.25.249:6892 | udp | |
| NO | 91.239.25.250:6892 | udp | |
| NO | 91.239.25.251:6892 | udp | |
| NO | 91.239.25.252:6892 | udp | |
| NO | 91.239.25.253:6892 | udp | |
| NO | 91.239.25.254:6892 | udp | |
| NO | 91.239.25.255:6892 | udp | |
| RU | 88.214.237.45:80 | tcp | |
| RU | 88.214.237.45:80 | tcp | |
| US | 8.8.8.8:53 | api.blockcypher.com | udp |
| US | 104.20.98.10:80 | api.blockcypher.com | tcp |
| US | 8.8.8.8:53 | btc.blockr.io | udp |
| RU | 88.214.237.45:80 | tcp | |
| US | 8.8.8.8:53 | bitaps.com | udp |
| NL | 178.128.255.179:443 | bitaps.com | tcp |
| US | 8.8.8.8:53 | chain.so | udp |
| US | 104.22.64.108:443 | chain.so | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | figlidelnilo.altervista.org | udp |
| US | 8.8.8.8:53 | gianninisulmona.altervista.org | udp |
| US | 8.8.8.8:53 | gdruberberlin.altervista.org | udp |
| US | 8.8.8.8:53 | omiconsulting.com | udp |
| IT | 62.149.128.154:80 | omiconsulting.com | tcp |
| US | 8.8.8.8:53 | www.omiconsulting.com | udp |
| IT | 31.11.35.107:80 | www.omiconsulting.com | tcp |
| US | 8.8.8.8:53 | artkar.it | udp |
| IT | 62.149.128.157:80 | artkar.it | tcp |
| US | 8.8.8.8:53 | www.artkar.it | udp |
| IT | 62.149.128.40:80 | www.artkar.it | tcp |
| US | 8.8.8.8:53 | ilisso.com | udp |
| IT | 89.46.109.27:80 | ilisso.com | tcp |
| US | 8.8.8.8:53 | www.ilisso.com | udp |
| IT | 89.46.109.27:443 | www.ilisso.com | tcp |
| US | 8.8.8.8:53 | madeinitalysolutions.com | udp |
| IT | 62.149.128.154:80 | madeinitalysolutions.com | tcp |
| US | 8.8.8.8:53 | www.madeinitalysolutions.com | udp |
| IT | 31.11.35.112:80 | www.madeinitalysolutions.com | tcp |
| US | 95.100.195.150:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.videolan.org | udp |
| US | 8.8.8.8:53 | lucchesecomputers.eu | udp |
| FR | 213.36.253.2:443 | www.videolan.org | tcp |
| IT | 89.46.110.70:80 | lucchesecomputers.eu | tcp |
| US | 8.8.8.8:53 | www.lucchesecomputers.eu | udp |
| IT | 89.46.110.70:80 | www.lucchesecomputers.eu | tcp |
| US | 8.8.8.8:53 | ceyanor.at | udp |
| US | 8.8.8.8:53 | visualstudio.microsoft.com | udp |
| GB | 2.22.247.97:443 | visualstudio.microsoft.com | tcp |
| GB | 2.22.247.97:443 | visualstudio.microsoft.com | tcp |
| N/A | 127.0.0.1:49370 | tcp | |
| US | 8.8.8.8:53 | java.com | udp |
| US | 95.100.195.134:80 | java.com | tcp |
| TR | 194.31.59.5:80 | 194.31.59.5 | tcp |
| RU | 88.214.237.45:80 | tcp | |
| DE | 5.9.49.12:53 | tcp | |
| TR | 194.31.59.5:80 | 194.31.59.5 | tcp |
| RU | 88.214.237.45:80 | tcp | |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 2.16.233.202:80 | www.microsoft.com | tcp |
| AT | 86.59.21.38:443 | tcp | |
| RU | 88.214.237.45:80 | tcp | |
| IT | 193.183.98.154:53 | tcp | |
| RU | 88.214.237.45:80 | tcp | |
| US | 8.8.8.8:53 | resolver1.opendns.com | udp |
| US | 208.67.222.222:53 | resolver1.opendns.com | udp |
| US | 208.67.222.222:53 | resolver1.opendns.com | udp |
| US | 208.67.222.222:53 | resolver1.opendns.com | udp |
| US | 8.8.8.8:53 | hipohook.cn | udp |
| CH | 31.3.135.232:53 | tcp | |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| US | 13.107.246.64:443 | support.microsoft.com | tcp |
| US | 13.107.246.64:443 | support.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 2.16.233.202:443 | www.microsoft.com | tcp |
| GB | 2.16.233.202:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | visualstudio.microsoft.com | udp |
| GB | 2.22.247.97:443 | visualstudio.microsoft.com | tcp |
| GB | 2.22.247.97:443 | visualstudio.microsoft.com | tcp |
Files
C:\Users\Admin\Desktop\00278\Trojan-Ransom.NSIS.Xamyh.kxk-64fbaa750a20ae7cc12cb21e6e409e4d267068417925494fca7405d1cef5e65d.exe
| MD5 | 0d3d0f893df336e1bc396e4a2e5d24a0 |
| SHA1 | 8902b36cbfdda493b9b7e6b59947b722a1daef29 |
| SHA256 | 64fbaa750a20ae7cc12cb21e6e409e4d267068417925494fca7405d1cef5e65d |
| SHA512 | e13d69329435512032a7197fdc04dbd25d2f2cde46183e3e9527724e50fbcc1e275c5350835b8f2a3a00b9f28c80adfc0f4c59bdefc9ce0cea8da0282792e0b9 |
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Blocker.hrft-83dd335bbc978eb05c4933fa3ea1301740c9d7754068b3de8facf58442171760.exe
| MD5 | 1b41019a6059d594116e633f3ac61d16 |
| SHA1 | 7b25cfb5f2e126267c9efc1dc0fa98ebb222a58a |
| SHA256 | 83dd335bbc978eb05c4933fa3ea1301740c9d7754068b3de8facf58442171760 |
| SHA512 | 8646ddd55ff8528dc86aa5443bf2a0b18ea97ecdc98231767149332ec125a8c414d4e50621e15319596fe2facb42c82c2a0dba1527a782aa688cc609707cfa76 |
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Cryptor.gw-b1cb04416c7391d98166ff259bc3a33dbfe0a4e526466b5d30f54b6b78a5c22f.exe
| MD5 | 1e508f04171bba110871927312483445 |
| SHA1 | 31e09a03960ec04daa448005d77631009dc01bf0 |
| SHA256 | b1cb04416c7391d98166ff259bc3a33dbfe0a4e526466b5d30f54b6b78a5c22f |
| SHA512 | 532aebd93ffa37afbfe62de1c9b6c0e81777519711780036d2f0cac088c6ee1fb9e44c321cdbb2d15fc6e1df01a38a0b9fb4889c46ec7f9c933d37d637cdbfca |
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Zerber.fdxn-3db0ccba8fb83e1f5b4511b4d5e40efb55ba2ddca785bc7a5f186c5224e8df09.exe
| MD5 | fe53909ad081f74af4a11c0ef0ba1222 |
| SHA1 | cfd8e95f01f82fb8301e4a006c6c23ab25836281 |
| SHA256 | 3db0ccba8fb83e1f5b4511b4d5e40efb55ba2ddca785bc7a5f186c5224e8df09 |
| SHA512 | f707e284bec9b465f7ce7dc2ccf50e427f16eb42021924a5278422707eae2c1537e5f0171b0d280617e803c4bb05b4a93a56054434700ff74ae4c03b95da054c |
memory/2948-42-0x0000000000F80000-0x0000000000FAA000-memory.dmp
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Locky.xfq-7e3cffc3e1b735a1ed22fda7204fdefcab0a717be43864cc395cf77f34360cd5.exe
| MD5 | a1313f88249614877f772764501c2faa |
| SHA1 | 375f214c676e90aa83e8c13426fc96b6d45f3ee8 |
| SHA256 | 7e3cffc3e1b735a1ed22fda7204fdefcab0a717be43864cc395cf77f34360cd5 |
| SHA512 | 1f4e15f5a146201db59dff72c836d067ba0d5ace270cbdf318508426beb56b36e41e2a34af7d7898deef29427d02e853ca95b3911d206c5188117cd2cf8b40a3 |
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Locky.aeqw-df0072204b63b2eed626d88921a20e8bf9702b638e36971a279b8959f890a5df.exe
| MD5 | 1e9bc539837b404ad18c1f1d86d78a10 |
| SHA1 | 0ed44f66164597face22bb7ae7866a916a6c96ac |
| SHA256 | df0072204b63b2eed626d88921a20e8bf9702b638e36971a279b8959f890a5df |
| SHA512 | ce2f6e93c5739d687424d4bad2ee136b59e2c6b95d45eded90e0af4c4e7d763a6c89243e4fc9283d2319362b988a14ac1e9c1f9e7b621bd10c36c14ee18a60b7 |
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Shade.lnm-7d9380055fea5e6c7901b2ce9f1b13de67cddaa2c2823fd08ecde6d37d4f245e.exe
| MD5 | f18f2e6a984a8a7e8e787f4f052c8bd9 |
| SHA1 | 72dc0821b7f510a55d8010a22161e21bbac92c96 |
| SHA256 | 7d9380055fea5e6c7901b2ce9f1b13de67cddaa2c2823fd08ecde6d37d4f245e |
| SHA512 | 858a4b745ae39b07f68c0d6877c45c6b710338cf67c96e2ee989906d548490640b9eb77878127a68b6d45fb8384abea8fe82b65a506d1f93c48266e351a38bed |
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Locky.xey-06ba734b49a3da926c18f3434173981b012a9ecd41f1e45196140b6d41360da7.exe
| MD5 | 33dfbc8708ab573b38653420aefdc95f |
| SHA1 | 2e82415d603c1cbbd317ba945b006ed4c4523de6 |
| SHA256 | 06ba734b49a3da926c18f3434173981b012a9ecd41f1e45196140b6d41360da7 |
| SHA512 | c426825a80ff89ff41aab904436036db27e571cf74d3f541d575a3025a15031e21ae3ca6d6ba9a46aaf91abeea77711a376caebd9f21a8e06ac1d391e4bdb7f0 |
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.GenericCryptor.jnu-2175329f4ed46df9f13ed8b80ffbe82ae4df5c24323ab50a1c197ab51b36ae78.exe
| MD5 | ed441acec18afa29fe57d4b9e66ba126 |
| SHA1 | ee063b1146b855dc5f276228918fe0dee35c15cc |
| SHA256 | 2175329f4ed46df9f13ed8b80ffbe82ae4df5c24323ab50a1c197ab51b36ae78 |
| SHA512 | 9c64de1d74eebc52ccde7d0cd40dc3d40c15d3c25f0852ef4959b9a42022eaab80ae91d2922cd37be80af6407889f8bb5fcab6042f7378469d4c0fa7f32bf391 |
C:\Users\Admin\Desktop\00278\Trojan-Ransom.Win32.Foreign.njoy-703f9eae4f2b62cc0ca7a2d0a8f34da2853121b232e5a0e220ff72f13f5ad303.exe
| MD5 | 6245a3be8da6a04c694b5d1f81d08b69 |
| SHA1 | a7d2d70679a5c2d70e24d84905c8c94f95520800 |
| SHA256 | 703f9eae4f2b62cc0ca7a2d0a8f34da2853121b232e5a0e220ff72f13f5ad303 |
| SHA512 | f9f583d4869ee4c228b8b0fb62a8b508501e845f9bb9e3fa0a2631ea9d3a3931f426740597634875746fb5a2747bd527a07195c7ae572cef62b2913ad9dea1e7 |
memory/2988-32-0x0000000000400000-0x0000000000638000-memory.dmp
memory/2984-59-0x0000000000300000-0x0000000000400000-memory.dmp
memory/2984-62-0x0000000000400000-0x000000000133C000-memory.dmp
memory/2984-64-0x0000000000400000-0x000000000133C000-memory.dmp
memory/2984-65-0x0000000000400000-0x000000000133C000-memory.dmp
memory/2984-68-0x0000000000400000-0x000000000133C000-memory.dmp
memory/2984-69-0x0000000000400000-0x000000000133C000-memory.dmp
memory/2984-74-0x0000000000400000-0x000000000133C000-memory.dmp
memory/2984-75-0x0000000000400000-0x000000000133C000-memory.dmp
memory/2984-78-0x0000000000400000-0x000000000133C000-memory.dmp
memory/2984-85-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2984-86-0x0000000000400000-0x000000000133C000-memory.dmp
memory/2984-88-0x0000000000400000-0x000000000133C000-memory.dmp
\Users\Admin\AppData\Local\Temp\nsy4FE5.tmp\System.dll
| MD5 | 3e6bf00b3ac976122f982ae2aadb1c51 |
| SHA1 | caab188f7fdc84d3fdcb2922edeeb5ed576bd31d |
| SHA256 | 4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe |
| SHA512 | 1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706 |
memory/2984-79-0x0000000000400000-0x000000000133C000-memory.dmp
memory/2984-81-0x0000000000400000-0x000000000133C000-memory.dmp
memory/2984-83-0x0000000000400000-0x000000000133C000-memory.dmp
\Users\Admin\AppData\Local\Temp\FB_4D84.tmp.exe
| MD5 | 4b52746c51f5f0e1e75f8e58f58b9b81 |
| SHA1 | b6925f19ec3f544c4997f568e47132833184168e |
| SHA256 | 8e0172dcfa9da2ae056a197a94bb20ca2759b872f10e5ba438ffa05a02cf0f9b |
| SHA512 | 6da3d9469f8d0c1735d0e65cd648e975d16685161efc10ca98314d1faba8c1dab945e6d589ff7a1b32064a57a7635dcf59887bb6c4e81fb0206b971de92fe9d4 |
memory/2768-109-0x00000000004A0000-0x00000000004B0000-memory.dmp
\Users\Admin\AppData\Local\Temp\Lena.dll
| MD5 | 404cc3b4c6225405d6e2e0b1ceaea1af |
| SHA1 | db12c06c8166f742232e1213310902f785430750 |
| SHA256 | 092addd70106ce015d27c665b2a9bc445ef2c5ab43c5c595e3c2f49e9f70be10 |
| SHA512 | 26d4950d353b54a84edc42efcf77e5db866837ce64f6803c6d6a2ca078f284955d23db97847eb91ea994329a7fa3b37977766001426526afe42c83aa698a78ca |
memory/2984-89-0x0000000000400000-0x000000000133C000-memory.dmp
memory/2740-113-0x00000000002E0000-0x00000000002F5000-memory.dmp
\Users\Admin\AppData\Local\Temp\isogamy.dll
| MD5 | e156b330371d62e2820b2613ca5c05ff |
| SHA1 | b91d5b78944428c1f3e9ea47cb94708a602752fe |
| SHA256 | 28d518d8ff4e62b02b31d605f7285d57d9ffae62d49141278f9b8cb9c373adbc |
| SHA512 | 84f7d48ca9e8794750edd07fe70d55e90d5261a56ecd2b75c27f7df4b7dd0d24aad94ccf4db5d8d205dcea3b00900f6eb4f53c97ff48201eda477b810954e631 |
memory/2160-145-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2288-131-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2288-130-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2288-128-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2288-126-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2288-124-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2288-122-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1616-149-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2160-157-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1616-152-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1616-153-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\9d81b961\4281.tmp
| MD5 | 28726ccd19444143b2f2022e4f2ce2a6 |
| SHA1 | 5151ab14d71086bf61fdad74c6b7ca66777002d7 |
| SHA256 | c1cbe5d6d593290169dce1ecc668371b6e55fdf264ac9383b46131acc6e7a0a4 |
| SHA512 | ebb1cbf393c0d7eaea6788be4e77d3b0dcdc2c128b8cec962e4df02ca1e078273ecdef66cc495080ef0de0a534d223b6576f05a9a9108a1e0eb5a7af83f16f34 |
memory/1616-163-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1616-164-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\9d81b961\0275.tmp
| MD5 | 8185c67ec0ecd01e984a6ca0cd583a57 |
| SHA1 | 6dcf65464bd4d7b9378494e18d1827ec060121c3 |
| SHA256 | d2bf1438877f8eb8d29b08f0b1630f96025efcd60efcc183a9a91685854f0ce9 |
| SHA512 | 870e60d06f0a43edce16d50944cf8dd762164748fac8b62daf9ce832608b6c23d89e7dc3be8cb8c74deb5988991b4b1cf6694bc47f8fef941e8fec03d218a8af |
memory/2288-169-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2948-180-0x0000000000F80000-0x0000000000FAA000-memory.dmp
memory/2832-179-0x0000000000400000-0x000000000047E000-memory.dmp
memory/2988-181-0x00000000022F0000-0x00000000022F2000-memory.dmp
memory/1040-184-0x0000000000160000-0x0000000000162000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1163522206-1469769407-485553996-1000\e9ac7873c0e427a06f7c758cb6b7941e_9d81b961-0275-4281-8321-63119951606b
| MD5 | 0de609e18ebf13a05edcc02fb4248f99 |
| SHA1 | 5887b1936a6adb47ba0be7a4cf546e26822320ec |
| SHA256 | effdf956bfb174b8a7994cdf65d8ea698c2449df6d8da56150ea11688d2a6c57 |
| SHA512 | 066be2f018d37e673f7224cdaa5bb1149482afcd4b82704c07cef9e1beeababdc0e87aaed133d7a6c3179b18413059eac20be30722b2c1f9a65d7ea8610f37d6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1163522206-1469769407-485553996-1000\e9ac7873c0e427a06f7c758cb6b7941e_9d81b961-0275-4281-8321-63119951606b
| MD5 | 3474af024a4ed8e8611e30b4956b0d44 |
| SHA1 | 37ff0b6cda2201514eeac2d6c9ab5d8010789aaa |
| SHA256 | f30768a5cc9108613f1368f6524d46d81b75cc7e16c30bbb5855d45706b7b2a4 |
| SHA512 | 937c4cb0aacb6cdf220c2a86350b18d7ef1ea8e103684afc15d9f5933e420f705379c2179705b5c893f83062f4d4e7e393711c7ed1ec3deb792441fdfd14d14a |
memory/1616-343-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/708-352-0x0000000000400000-0x0000000000404000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FB_5735.tmp.jpg
| MD5 | a170129c54dc03a8c08aeb62658ea160 |
| SHA1 | 294578290c921aeebdb890a42f539dde1503c08a |
| SHA256 | 24f743c6291c4d5be1aeb7875b1bfe7817cbf0dc06a6217f7ca4b0acee0d32b9 |
| SHA512 | 65b4463ce07cced7371a73b869846a7f40256e0775bfa761f84a14c38c39ff18b6eb0db0e7e3529b513a3c88cbd57e8de877fcac1c761e978bd5ed1ad520f7ae |
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\OSIRIS-5d36.htm
| MD5 | 8320983488033acd5a4c055b51bbd2cd |
| SHA1 | 4369f98cb04053054bc1534809c36d15a506312d |
| SHA256 | f2c5c7de6182e2985bfc3a413d40ae2f14c9b6d3b2979c1131c44e76da23f920 |
| SHA512 | 28628b94ce1796a467b9c7cffde513ce2473cfb9e435159867293bb1f68470b973a81e54a68d5e5b51ee5288c0eb1fc9a25777110cd7749fef9b190eeabf6339 |
\??\c:\Users\Admin\Documents\_HELP_HELP_HELP_J010.jpg
| MD5 | 3a5faa4d0c36935cffa22a7acb51f33f |
| SHA1 | bee380607ee3d9a2d5496d1b6bc8ca25bcbf01c6 |
| SHA256 | b3e3e017d4ab09eb9c9ba5c5c8a854df1f554a2269f70e8d926ed5809f10ecb2 |
| SHA512 | 6195e567e8fcb258f78f60ff48a6a306dacf73260f3245da5d6618d8b23b2ef4165bcdda7dd57ecb1a3951b6ac425c24b024c96cd7765dbc337ca2118e879671 |
\??\c:\Users\Admin\Desktop\_HELP_HELP_HELP_LVCGITNQ.jpg
| MD5 | 882382ece5df50dabedd18cf2eeef054 |
| SHA1 | 4acdf2f54151ca295bf16c84030275bcf4747052 |
| SHA256 | b23e02c283b01fd32a999c0ccc53eeb686f20c4815f230e373b6a6c5d4f572ed |
| SHA512 | 5f1d5ed47fe830b9ec775d6843ac58237640c9147e340f9e54de4cc326c45e54bbf05192cc2c62cf343d1399143284604caf9d3d02be5c23bea7859dc5bfa8e6 |
\??\c:\_HELP_HELP_HELP_D3P2Q65.jpg
| MD5 | 644f2488fd31c6e43bcddae93cc184b9 |
| SHA1 | 6c20adadf115631a857636f5aa4433386a3cc571 |
| SHA256 | fb959fea730bb95a370083097893850b1390ade435f32f0d9b17ae18017625b2 |
| SHA512 | a6f91d53fce85e793a21afc7d7c70c9a686d999c39925b0818edae6f45ac8e7de643530a0304a274d762e57ef1c474112904a44f0e7f9ad4325d3db1e2273633 |
C:\Users\Admin\Desktop\_HELP_HELP_HELP_LVCGITNQ.hta
| MD5 | 7491944d7a944375217823b026cc01fa |
| SHA1 | 3d6a0055e081705c138139da11a638e02e36c724 |
| SHA256 | 6fddcc78d5e23220e52326098b9ffd4dfc5dbfddca659d668ea37dc3d6b768d0 |
| SHA512 | f36bc2ac5147d944a253d173324e0d2f3ff51efe747e72b757405a2953c265b6a19448a5810ec473697ac5fc0687a8adc790648d8f107ffe0a67148caf1b1534 |
C:\Users\Admin\Desktop\_HELP_HELP_HELP_LVCGITNQ.jpg
| MD5 | ab3c95f6ad44f783b2f7981f948a8203 |
| SHA1 | 885eeb67c66de4eeb7c431ab2ce8cb7935c47cc6 |
| SHA256 | 2e5bebab9d8451381f5b6d270ae4d8b0dc800c689e5d62b1fc3caf384fd5ae91 |
| SHA512 | 4d4222e8f1cd0e5077dfd5db31ac35e1ede9759901cd507f24fcde5aa56cc17835fcd73e47cb66b2f9a6b4cadc4afb6c61fef66ded63e3600f9dc03accab9c2b |
memory/2380-712-0x0000000000F80000-0x0000000000FAA000-memory.dmp
memory/2948-706-0x0000000000F80000-0x0000000000FAA000-memory.dmp
C:\Users\Admin\DesktopOSIRIS.bmp
| MD5 | 81563542328696fd6679e2d799e86787 |
| SHA1 | 3b5ef427d9c41e4234edad86e0aa66385b6fcb4b |
| SHA256 | 1b52275d2f677a6f49ee7098ab04f635559dea8c37de0e024742e6119c46cbad |
| SHA512 | 3e39f3847d22accbb5d626eaba988ef45069a9e706e378ea4b86cea515dad165ef0d2d704699efd2d3b3342284771b3ad198b6a186803e35ac5bf5f0ac6b344b |
C:\Users\Admin\AppData\Local\Temp\96F2\CB79.bat
| MD5 | 105ef0e3860a62d96451dda65cef297c |
| SHA1 | ac2eeccf489333bd810580165ae94974e668204b |
| SHA256 | 436d0ded8c6877ab243d78480432a345648e88f09d9fbc0c7ed06f4cba1e1ac3 |
| SHA512 | dac057888d6546f425066786024ed27f927dcd3764b2322f5eaa3418e87a20081aa2ffd14d40fda81252cdcea816684bfbcbae8440345543f394212cb2ef8947 |
C:\Users\Admin\AppData\Local\Temp\CabDB82.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarDBA5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2dbdbc4fb164aa952c004884a6d05212 |
| SHA1 | 0301a2d5238952c367681adaca2ae029d0f0a5a1 |
| SHA256 | a8afdce846b004425a6aa20c4df7b893e327fce8bb09373bf46940b27a5dc125 |
| SHA512 | d204f1136ac512e5986b0ab06bc1335762fd83a99e58b098434cf41f6a940aa070200080f289815f5684fce3f98a7685d528d4d84c4b5134ccf499eb68b4d808 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38810ed3379ee77cbe6845d4a0697be0 |
| SHA1 | 4a8c12eaf004fcb8a3ec27ee4ce66c975704505b |
| SHA256 | 85cadedc56f671ac22f65425f36e0577082f20816be110291270a6d7940f4e73 |
| SHA512 | 139810d75e4b715150ebf44a9eab5ba4c22a9b9d28e6227cf207a55af1b69fd0b8f1e4698f288705364bf5f972cfecffe213dfb110d79c54cda65ba342c478b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1362de5e5c46b29c8bd3d61ec369ff4e |
| SHA1 | b378f652e90a79c7a8e7a9268def298e9edbe3a8 |
| SHA256 | 314933884af356dee52dd2fe6d5ad508b141a3e88346dfe6b29f595e93e92fdd |
| SHA512 | 4f8d99d1cae55e59ef8e469160db03f89eacc99e0d496193bdd9abf758babf2ddc7112c0ace7dd205b7aaa64f7e17fba138ef24c853e5e411f8a35d3745ee607 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fc2993923ddf98641a6ba1247f2a4c0 |
| SHA1 | 1a9b4c7b5288e4ffb49001a1516d4518f3ee1981 |
| SHA256 | 8f315850136aefba8a0bb35c656e907eab38d5bac98a715d3a0884a2cfa16761 |
| SHA512 | a61cd7b49da9ea9a78c8d0219d9b29c5988fb6564086cfbd255396c8b19779e50ac73917bcc0a0d53f712f43ad1c4d148d3095311e7090866ce4df6edd122eea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf70983ce18264bc536648a67e4d08f4 |
| SHA1 | b5b1d71db64c6d17f2c0b0c523a49e46f4f28998 |
| SHA256 | 0ad3f74944af6b0bd90f852401678e87f138959c65faada10268d94a0f2d47ea |
| SHA512 | 1de59544a6a1892aab58b96c43b1dd9a77df9b673f01a43feddeae8d0d3429bdd72a70dbe6adddf52241a7c7cc82c66c1ade3674a7ff0f751b8664be1c0f2696 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a58be3801f43e32a801a7952cb5311d9 |
| SHA1 | 4539e40e2526602161d361dff096f805070266fb |
| SHA256 | 895e5420c927a08efc09cc8a8501f374581a6778f026023b2be74db8ce899eb5 |
| SHA512 | 628fe89679af307b4248f3f00eda19c30fa581c49ad37b2c53533f4eef97e25903c8b4a7c6bc8d0b5962ba8178e13a86f3ca44858045420c0a514fbcb6090756 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ceee8ae3a8d2e4993f0a62134071f72b |
| SHA1 | b994b70cd0b370ef3c961a5e13ed5adb32bc8f02 |
| SHA256 | a0e0c3e58576b71a877b1e041be2bac778b903678608f40b48003a5c02059f67 |
| SHA512 | 95655108a971c932ce0324e78f76a95d54b1c927999766113097f51f59b58843b47440bea8aae0c643c5098fa1c5d2440c06781d1cceb765bd32643658ed98de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0133d4a4a7d9aa6c74fe9b0185e4fe42 |
| SHA1 | 0ca61155afd083488ba4e3b057060a017f35e734 |
| SHA256 | 8bea7ed9dfc1821b77498dd341f02e904848c80b1974b47882bd1e86c8d2e396 |
| SHA512 | ecaf8e7d0ff26a103db729353ff5d729d032c4cd819a302d69a01677bbf3cd8b272425c25c769c093b5c348b535cc2ca5ccc89c791e49661d54bfe0465ea2403 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7260338206074091fcd1f5dabf2b979 |
| SHA1 | fa39872477907b38100a3a5ce8586d118673e650 |
| SHA256 | e709ae81a962ad45a5a3fdac141506ecea18ae033febd1ddcfa98e5e81880db1 |
| SHA512 | 150e51b053ffdfefb2e59962367b571cae72371886554055d38fcffbb40e50a1b0db172de0f5bf9727dbc014bc00c79f523c32f66c9b834dcc88b3df76003a15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 366d131d6ffaefedf10087101c81e200 |
| SHA1 | e8c5b78cfbb84b501efc63c93f1770f554b639da |
| SHA256 | 7f2fb07a903da1da5ca8318afb26cc5e6d1d86b62250a13c306b2fe9a236d2bd |
| SHA512 | 63eb517943daff42ae5299979bb4666f6eb0f7fab414651920553839e184ff9a11bc6d5d5c23b6db7798ceca3d70aa57b5f290c67e1ae312e6e039cdd0f5c15b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5d88c4084868821480c7c64891e57b4 |
| SHA1 | d387d8858183b31ff6547e968edb4842ee404a44 |
| SHA256 | a922cd066f8be08dcc5a7e2810990bda186345c9db248be3cb79a51970e13fb7 |
| SHA512 | 800048a2947e4a33e212f65230635db230fe5e29f0bc1066b6f84ee094b7a7319e0e077e435837a84738a4b757625d5744c4123b2ae7359cf4818b6483c07bd7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce5ce193cbf5ea240bd27453493a2d93 |
| SHA1 | 30b6be91e49d6c2c79a0593975ca8f2577a6b8de |
| SHA256 | d56edd7bf8c51cd85070c11d384ab1fb54d40f42dd6af737b95856707e46a0c9 |
| SHA512 | 225a02e44e4e6f7e317aa02f5ae4d49f84b3045885c988c853b860cdee45319591abd59369ec378b1128354d300e099bad96cf958479e32a739d64fd3b340b69 |
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\OSIRIS-b468.htm
| MD5 | a4c8c115e77087781f223a40fa7f36de |
| SHA1 | b00fa1e1337f74aac72305644865633278c4014f |
| SHA256 | cde7e5ba625bb19066464b0c99208227a30346264277de11c19d3c4a21f5941a |
| SHA512 | 0007d485ec941077417cfdcde0a21c02b865b4c6a5f0634393ce4c91ffa9173160603dc107dcfae0623cb05c0e4b8e54e627b98b34712fa0fac712ce294df934 |
C:\Users\Admin\AppData\Local\Temp\~DF2C52F9A6BA2889AE.TMP
| MD5 | f6d87bc59e8ea649608e5f3498d55156 |
| SHA1 | 5f9d66f88018f5292dcafd16c1fba8174995b32d |
| SHA256 | a3b393e8a08ceb03bbf7662baf586978bba74e38188bdacc169fcf5a65197c1d |
| SHA512 | 3ecd1aebee4006e46a451e08aafa219b823561b49ec3f82d00ad5fa25e3771e0634cf8b6cfae730ca7114000b5aed79f41b332d933522627693a6f2004d2dd68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 203444118e8dd75d75efbae5bb665bd4 |
| SHA1 | 17641afd5fdb03d66c8c518742083dac20ae3553 |
| SHA256 | ed4471634d895d3da4b3e8cb86ed6f79018b1e94497dfba345403f8a6af42d7f |
| SHA512 | 2c79087b4bd9cbc75088696fb096b16d53d573b3e6f703ab99bef2100e201bbec5b7b2c9649b878f4d5d31635bb1b8e8ce4ac9454069893a0d7d912f17e31063 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 307cc4fa88e3a2eeb75358ddce736bdd |
| SHA1 | bf4192375ec448d99f24834db07a8eeb139119f0 |
| SHA256 | 27b9f0f6d1ad04e387aa8336f0257216acdd5fd086db16ab9777226f57ea4771 |
| SHA512 | a0e671d97c3c0c098f07097aed83c55e8eaaffceca1dfdf65713fe646ed65caa45fb78d27a51cc4ef964815cd2559181d219736c671e7c9dc426751fe1b509eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f55d593adab153614a1bfcf5f1c18025 |
| SHA1 | b496e85672384d536d78670e7d5874ad1ce6b727 |
| SHA256 | 296c620710af782a13726f99b7af7287fbd606792505d58387e656aa3c8fc892 |
| SHA512 | b565251143c1dfe0a351826ce2b25460a5e8084b306b5f987e5f2a9aeaee531228fb6a762520feca7e68428543ea367bda378d173cb350ce96c4f08af873f049 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1b6f7d96418ec50a79eb957e6af96ac |
| SHA1 | 92b1b0b033ac3803dfc7891f5cc55700327bc1d2 |
| SHA256 | 5917b7f666374d64b63a729b794d215e33bb549ad5d1a9082049a88771b80e28 |
| SHA512 | b11aa15945ea8ed0ec52479b2343a5b5da6d3dbfb5794e168f437a1574568595dd9c037a0a62720fe1bdf085588cc2fa0e782028581017a2e45060430164c8e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c79fbfb1d8d6cc45bf70d31d57c2778 |
| SHA1 | 898c3b72de553255d2a90bf056338113a0987552 |
| SHA256 | 6fcfc1cdcb1d3318b72061e0187e70f9e199a561040b25ba206f1836a2d6b571 |
| SHA512 | a87aa34728bbafe975a44def66d7bcfbc4c3f78e64fda50e9932324f83fdd884734200c49ec347e7dff62eff1a0431933f243625c54aa8c96cae89017c7ff308 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46abe3e383ef473af5dc110f61451d4b |
| SHA1 | 397404f17185b482232b096ae6be27b5501511b9 |
| SHA256 | a6b08dec11be1aba78ff79eab9a80f1469009e6ccd2c292328100a6934c33000 |
| SHA512 | a635ca58626f8f5cb7765288977fa9aa82453e882e75410358aba3146f505d6ac557e787f4843d80ba18abb0cc5cd35ae236616c719ed95d346fd984358ad051 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3692c9f409c81b9d1cf504ba2b7d722f |
| SHA1 | 68459ec28a2dd576b412c9cd50d7b5a9d886e60c |
| SHA256 | f6a709bd531b139e10851c14aa9a1da04b4bb29e0bd53e3e39f32ef67e96d1e9 |
| SHA512 | 78dded00709c8bca7f9102611b9311cd59a9a007a85b800e1ba1c9ced14b9ba41752ad013d048ad9ef050ac5e549a04988f98b0d274d3c7c5c67f2acb04700b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cf5e40ee4ded5aa2fe2f7c50e744459 |
| SHA1 | 9c8590343beb6d948a5c6bfbdc1e18bc5f722428 |
| SHA256 | c8ba32d25648d1fd171518ed8999e1e037853f5362df514b01c82211f17b8221 |
| SHA512 | 65396bbdd3561baf112c5173e095b42f7b0ec516046f9baf57c2ee59747e00199aac21d58f7364f012fbceeb08e7afa8b04629a02125924583c17bc07d9574d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee034901782be801743fdfbbfd6c2ebf |
| SHA1 | b00e49171ca95e3b076b8df01a12b59d110b33f2 |
| SHA256 | aa751496a034c3c3582f4b9a7c77938a85b38f9be0f96dd164d3ba1f0ddc40b0 |
| SHA512 | 088ab8c1c7fc47daee61f94c62d6e7a0a930e89b35e3dd1cc785e97a5daadcba08322fcae5e623f21e69849269bbdb8c44ff33909815cce8bbf5ab7d8b1fcd21 |
memory/2224-1968-0x000007FEF6950000-0x000007FEF699C000-memory.dmp
memory/2224-1970-0x000007FEF6950000-0x000007FEF699C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
| MD5 | 5fdd84abdc7833475907fdc4361336d2 |
| SHA1 | 4715d47ce1824e8a2a9ff524ccb5f0960e4a442b |
| SHA256 | 66a02f95fb457b2c45a62f2fd2083eb2536ef04487a28017f9d5556a601bbd35 |
| SHA512 | 2748d0c1f123ba2bc9b4a3a8484610fa237831e37086fb82110a0b61ec66d3bc47074d05cf4fb08b5fe483cfa3d28ea9f3e4bae6497f49f7fa20a154f29528d5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
| MD5 | dcd465d69e9bc0290caf07bab558a78e |
| SHA1 | 321f132493a4650328050f3269f00fb7793551f9 |
| SHA256 | f7ba29aeab66e013f2b9a8b0a1a61fdd46e48bacf62cb9e1f7bf8c57dd0863e7 |
| SHA512 | 9ae4189ad61d21b6bdc6e55fec2fecf367c3b4a2ae27046cff17d993c4c69c522a23a0d425dd05d0a30a93e4bd2cc8029b1a2f30fbde6d11f8b0756285d90297 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
| MD5 | dc922408f02788b4e3a7cc1d3c34f6d2 |
| SHA1 | 1e07a3ec9de22aabe5eff9d9840e1e90299bcc70 |
| SHA256 | 40514c76f58ddbdc20de77c8ad9faf34b17948b3105f6a7ce8afb842dfd8d3c0 |
| SHA512 | fbe1379a816e94216aa88f6f2d7ca13286a929dc5b975c2e90c406da1346e5f3d7c4ea90794d9101237fea972b94086a048c348a60cb9622b3628551d2e6d0a0 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\OSIRIS-7c2d.htm
| MD5 | 6571f205e5b112f765205ebee0a2a10c |
| SHA1 | e3faf875fe6012347e265d33163e85c2b6874866 |
| SHA256 | 010e19e7dcc3257f3b62ae26212b8aa7b0a9cf391c612fa6edf45d5c9b36b0be |
| SHA512 | 6100864da29fc1d24a13747995171d497605b4ced6d734c588113c0e82749daace15cce7aa7aa5cc62dabf9897874e70ef549fb7e119763b3c68d365714be075 |
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\OSIRIS-81f5.htm
| MD5 | 564ccaefde5b25aa4008c7659cd7eedc |
| SHA1 | 8eed6be27231bb79cce2eb8ae94e8d52adf22212 |
| SHA256 | 4b81eb2b96284165da1633262fe958e9510d537292aa87bdfaaec890a22de4d7 |
| SHA512 | 5aa67d3560a1dd326434aa7064053adfbac9d4c4f77a179109071b0767061169f5785ed1265d8f99791bf62b861714e6d485074a19d9137fd3edaf0a15ddfa84 |