Malware Analysis Report

2025-03-14 23:56

Sample ID 240603-ghlrlseg99
Target fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5
SHA256 fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5
Tags
upx persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5

Threat Level: Known bad

The file fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5 was found to be: Known bad.

Malicious Activity Summary

upx persistence

Modifies WinLogon for persistence

UPX packed file

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 05:48

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 05:48

Reported

2024-06-03 05:50

Platform

win7-20240221-en

Max time kernel

149s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "Explorer.exe fsb.exe" C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp259425403.exe N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\fsb.stb C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Windows\SysWOW64\fsb.tmp C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File opened for modification C:\Windows\SysWOW64\fsb.tmp C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\helper.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jre7\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\VideoLAN\VLC\uninstall.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jre7\bin\ktab.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jre7\bin\ssvagent.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jre7\bin\klist.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\Hearts.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Mozilla Firefox\updater.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\SETLANG.EXE- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2launcher.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jre7\bin\java-rmi.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\misc.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Java\jre7\bin\rmid.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe- C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1500 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe
PID 1500 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe
PID 1500 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe
PID 1500 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5.exe C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe
PID 1500 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5.exe C:\Users\Admin\AppData\Local\Temp\tmp259425403.exe
PID 1500 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5.exe C:\Users\Admin\AppData\Local\Temp\tmp259425403.exe
PID 1500 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5.exe C:\Users\Admin\AppData\Local\Temp\tmp259425403.exe
PID 1500 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5.exe C:\Users\Admin\AppData\Local\Temp\tmp259425403.exe

Processes

C:\Users\Admin\AppData\Local\Temp\fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5.exe

"C:\Users\Admin\AppData\Local\Temp\fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5.exe"

C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe

C:\Users\Admin\AppData\Local\Temp\tmp259425357.exe

C:\Users\Admin\AppData\Local\Temp\tmp259425403.exe

C:\Users\Admin\AppData\Local\Temp\tmp259425403.exe

Network

Country Destination Domain Proto
US 192.169.220.51:139 tcp
CN 111.20.143.56:139 tcp
CN 14.152.63.200:139 tcp
IT 146.241.118.200:139 tcp
JP 220.39.90.154:139 tcp
IE 57.35.64.100:139 tcp
US 74.145.121.38:139 tcp
US 19.228.202.80:139 tcp
SA 66.212.110.226:139 tcp
KR 61.253.152.89:139 tcp
US 50.124.223.191:139 tcp
CO 190.144.4.219:139 tcp
MX 189.192.229.54:139 tcp
NP 36.253.197.96:139 tcp
US 67.182.249.235:139 tcp
KR 1.229.206.196:139 tcp
US 217.143.51.239:139 tcp
CN 149.41.102.249:139 tcp
US 32.236.36.190:139 tcp
CN 42.231.207.115:139 tcp
US 173.254.164.80:139 tcp
US 144.42.26.32:139 tcp
AT 194.37.56.78:139 tcp
US 166.244.144.253:139 tcp
NL 194.13.118.35:139 tcp
GB 149.170.103.230:139 tcp
US 76.42.202.153:139 tcp
US 65.239.79.137:139 tcp
CN 124.71.96.173:139 tcp
CA 199.85.154.247:139 tcp
RU 83.237.49.159:139 tcp
FI 164.5.166.211:139 tcp
US 205.223.86.162:139 tcp
DE 83.125.154.249:139 tcp
US 29.155.173.25:139 tcp
CA 184.107.115.205:139 tcp
US 6.241.210.95:139 tcp
JP 126.125.98.4:139 tcp
US 192.183.100.39:139 tcp
US 65.91.123.11:139 tcp
US 21.112.144.98:139 tcp
CN 117.161.177.254:139 tcp
US 19.29.10.190:139 tcp
N/A 10.244.38.47:139 tcp
JP 160.20.46.180:139 tcp
US 19.29.191.40:139 tcp
US 167.226.148.30:139 tcp
ES 85.56.35.98:139 tcp
US 6.78.225.98:139 tcp
US 7.244.229.111:139 tcp
UG 102.82.236.54:139 tcp
DE 195.60.50.224:139 tcp
US 71.245.86.242:139 tcp
US 141.211.155.32:139 tcp
US 207.155.132.192:139 tcp
US 12.144.152.136:139 tcp
DE 53.156.194.105:139 tcp
US 157.224.123.138:139 tcp
SE 62.119.254.181:139 tcp
US 99.133.57.250:139 tcp
BR 135.13.26.147:139 tcp
US 71.242.103.45:139 tcp
US 184.77.91.47:139 tcp
GR 212.251.42.172:139 tcp
US 108.117.234.49:139 tcp
TW 122.122.29.109:139 tcp
US 52.207.147.157:139 tcp
US 16.139.47.253:139 tcp
MA 160.167.87.219:139 tcp
EC 181.175.245.169:139 tcp
US 67.44.75.79:139 tcp
CA 199.212.54.215:139 tcp
US 96.190.77.161:139 tcp
CA 147.189.136.254:139 tcp
AE 4.161.181.100:139 tcp
CA 24.109.146.202:139 tcp
US 75.121.96.95:139 tcp
CL 200.86.170.71:139 tcp
US 206.128.120.14:139 tcp
DE 160.70.199.46:139 tcp
NL 87.211.181.81:139 tcp
US 66.108.175.46:139 tcp
US 155.94.215.62:139 tcp
US 134.207.120.35:139 tcp
RU 185.229.9.236:139 tcp
US 68.195.202.120:139 tcp
NL 145.97.90.68:139 tcp
DE 141.67.168.175:139 tcp
N/A 146.58.212.93:139 tcp
JP 220.109.66.103:139 tcp
JP 123.224.100.192:139 tcp
US 69.218.136.172:139 tcp
HU 146.110.181.144:139 tcp
US 74.10.117.133:139 tcp
VN 203.205.31.46:139 tcp
RS 188.2.32.56:139 tcp
IN 171.78.230.22:139 tcp
US 48.223.128.142:139 tcp
NZ 155.59.253.245:139 tcp
CN 111.36.17.214:139 tcp
US 8.8.8.8:53 uk.undernet.org udp
RU 185.229.9.236:445 tcp
US 206.128.120.14:445 tcp
DE 141.22.32.244:139 tcp
CN 36.221.24.92:139 tcp
SA 66.212.110.226:445 tcp
IT 146.241.118.200:445 tcp
IE 57.35.64.100:445 tcp
US 50.124.223.191:445 tcp
US 32.236.36.190:445 tcp
CN 42.231.207.115:445 tcp
CN 124.71.96.173:445 tcp
RU 83.237.49.159:445 tcp
FI 164.5.166.211:445 tcp
DE 195.60.50.224:445 tcp
DE 83.125.154.249:445 tcp
CA 184.107.115.205:445 tcp
CN 117.161.177.254:445 tcp
DE 53.156.194.105:445 tcp
N/A 10.244.38.47:445 tcp
US 6.78.225.98:445 tcp
US 7.244.229.111:445 tcp
MX 189.192.229.54:445 tcp
US 67.182.249.235:445 tcp
US 71.242.103.45:445 tcp
KR 1.229.206.196:445 tcp
CN 149.41.102.249:445 tcp
GB 149.170.103.230:445 tcp
US 29.155.173.25:445 tcp
US 6.241.210.95:445 tcp
US 52.207.147.157:445 tcp
US 192.183.100.39:445 tcp
US 19.29.10.190:445 tcp
US 167.226.148.30:445 tcp
US 16.139.47.253:445 tcp
UG 102.82.236.54:445 tcp
MA 160.167.87.219:445 tcp
US 67.44.75.79:445 tcp
SE 62.119.254.181:445 tcp
NL 87.211.181.81:445 tcp
JP 123.224.100.192:445 tcp
N/A 146.58.212.93:445 tcp
VN 203.205.31.46:445 tcp
RS 188.2.32.56:445 tcp
CA 24.109.146.202:445 tcp
US 75.121.96.95:445 tcp
DE 160.70.199.46:445 tcp
US 155.94.215.62:445 tcp
NL 145.97.90.68:445 tcp
JP 220.109.66.103:445 tcp
HU 146.110.181.144:445 tcp
US 74.10.117.133:445 tcp
IN 171.78.230.22:445 tcp
US 48.223.128.142:445 tcp
US 207.155.132.192:445 tcp
US 192.169.220.51:445 tcp
US 12.144.152.136:445 tcp
CN 14.152.63.200:445 tcp
US 74.145.121.38:445 tcp
CO 190.144.4.219:445 tcp
US 99.133.57.250:445 tcp
US 144.42.26.32:445 tcp
AT 194.37.56.78:445 tcp
NL 194.13.118.35:445 tcp
BR 135.13.26.147:445 tcp
US 65.239.79.137:445 tcp
US 205.223.86.162:445 tcp
US 184.77.91.47:445 tcp
JP 126.125.98.4:445 tcp
US 21.112.144.98:445 tcp
GR 212.251.42.172:445 tcp
CN 111.20.143.56:445 tcp
JP 220.39.90.154:445 tcp
TW 122.122.29.109:445 tcp
US 19.228.202.80:445 tcp
KR 61.253.152.89:445 tcp
CA 147.189.136.254:445 tcp
NP 36.253.197.96:445 tcp
US 217.143.51.239:445 tcp
AE 4.161.181.100:445 tcp
US 173.254.164.80:445 tcp
US 166.244.144.253:445 tcp
US 68.195.202.120:445 tcp
US 76.42.202.153:445 tcp
CA 199.85.154.247:445 tcp
US 69.218.136.172:445 tcp
US 65.91.123.11:445 tcp
NZ 155.59.253.245:445 tcp
JP 160.20.46.180:445 tcp
US 19.29.191.40:445 tcp
US 71.245.86.242:445 tcp
ES 85.56.35.98:445 tcp
US 141.211.155.32:445 tcp
US 157.224.123.138:445 tcp
US 108.117.234.49:445 tcp
EC 181.175.245.169:445 tcp
CA 199.212.54.215:445 tcp
US 96.190.77.161:445 tcp
CL 200.86.170.71:445 tcp
US 66.108.175.46:445 tcp
US 134.207.120.35:445 tcp
DE 141.67.168.175:445 tcp
CN 111.36.17.214:445 tcp
DE 141.22.32.244:445 tcp
CN 36.221.24.92:445 tcp
US 174.21.226.110:139 tcp
BR 177.117.112.197:139 tcp
CN 221.5.110.191:139 tcp
BR 179.174.248.103:139 tcp
US 167.27.211.229:139 tcp
EG 197.161.49.54:139 tcp
US 94.36.3.113:139 tcp
US 11.239.231.127:139 tcp
CN 123.157.1.117:139 tcp
IN 49.37.139.200:139 tcp
CO 181.155.26.226:139 tcp
US 75.247.172.218:139 tcp
KR 124.56.163.239:139 tcp
US 207.159.8.104:139 tcp
CN 106.9.194.185:139 tcp
KR 165.186.173.22:139 tcp
CN 60.11.103.216:139 tcp
NG 105.114.28.49:139 tcp
US 198.115.223.201:139 tcp
US 9.59.206.51:139 tcp
CN 121.193.127.60:139 tcp
CN 60.25.244.248:139 tcp
US 68.44.16.90:139 tcp
US 4.7.103.174:139 tcp
US 207.205.9.213:139 tcp
CN 42.173.204.125:139 tcp
ES 62.82.250.135:139 tcp
US 11.65.109.157:139 tcp
CI 196.183.1.149:139 tcp
US 99.162.70.110:139 tcp
KR 39.124.224.154:139 tcp
US 40.121.204.72:139 tcp
US 99.162.247.136:139 tcp
IN 168.220.237.160:139 tcp
US 68.218.188.252:139 tcp
US 150.126.120.219:139 tcp
US 104.170.33.91:139 tcp
KR 1.249.73.131:139 tcp
DE 5.102.163.160:139 tcp
IL 31.168.50.38:139 tcp
BR 191.26.138.41:139 tcp
DE 31.186.125.86:139 tcp
IN 43.161.84.42:139 tcp
US 74.160.73.37:139 tcp
US 158.117.166.105:139 tcp
IR 2.185.218.180:139 tcp
US 21.16.89.111:139 tcp
IT 193.42.210.147:139 tcp
US 207.208.192.187:139 tcp
CH 57.237.141.226:139 tcp
US 205.51.239.173:139 tcp
HK 42.2.227.237:139 tcp
US 104.156.174.170:139 tcp
US 131.145.99.8:139 tcp
CN 27.194.43.157:139 tcp
US 71.178.164.29:139 tcp
US 94.36.151.92:139 tcp
US 45.38.16.145:139 tcp
US 169.75.194.168:139 tcp
AR 181.21.143.102:139 tcp
US 6.65.103.189:139 tcp
JP 221.133.88.234:139 tcp
ZA 105.10.230.233:139 tcp
CN 106.93.202.83:139 tcp
CN 122.9.58.190:139 tcp
US 199.218.207.59:139 tcp
US 174.15.27.58:139 tcp
EG 105.35.214.103:139 tcp
SG 192.169.38.92:139 tcp
GB 83.170.165.224:139 tcp
CH 57.30.74.71:139 tcp
CA 66.131.84.11:139 tcp
US 214.77.198.33:139 tcp
DE 109.43.190.138:139 tcp
CN 113.123.186.77:139 tcp
US 12.246.2.238:139 tcp
US 4.75.134.224:139 tcp
JP 139.162.88.54:139 tcp
US 164.199.102.125:139 tcp
US 163.184.228.162:139 tcp
US 55.38.203.153:139 tcp
US 148.33.198.206:139 tcp
JP 27.143.53.167:139 tcp
US 214.57.221.113:139 tcp
US 68.127.150.66:139 tcp
PL 83.13.21.198:139 tcp
KR 175.240.99.30:139 tcp
US 134.72.52.213:139 tcp
CA 149.26.109.124:139 tcp
BR 179.82.241.197:139 tcp
BR 135.223.42.5:139 tcp
BR 187.52.205.134:139 tcp
US 18.251.80.66:139 tcp
US 173.149.161.86:139 tcp
SG 8.186.75.186:139 tcp
US 48.148.136.108:139 tcp
US 214.173.165.150:139 tcp
JP 60.101.234.153:139 tcp
IT 193.42.210.147:445 tcp
JP 158.203.174.228:139 tcp
JP 202.35.116.251:139 tcp
ZA 197.95.48.54:139 tcp
CO 181.155.26.226:445 tcp
US 198.115.223.201:445 tcp
CN 121.193.127.60:445 tcp
US 68.218.188.252:445 tcp
US 150.126.120.219:445 tcp
IR 2.185.218.180:445 tcp
EG 197.161.49.54:445 tcp
US 205.51.239.173:445 tcp
US 12.246.2.238:445 tcp
IN 49.37.139.200:445 tcp
US 214.57.221.113:445 tcp
US 9.59.206.51:445 tcp
PL 83.13.21.198:445 tcp
KR 175.240.99.30:445 tcp
IN 168.220.237.160:445 tcp
SG 8.186.75.186:445 tcp
IL 31.168.50.38:445 tcp
US 214.173.165.150:445 tcp
US 94.36.3.113:445 tcp
IN 43.161.84.42:445 tcp
CN 123.157.1.117:445 tcp
HK 42.2.227.237:445 tcp
KR 165.186.173.22:445 tcp
CN 60.11.103.216:445 tcp
US 131.145.99.8:445 tcp
US 207.205.9.213:445 tcp
US 45.38.16.145:445 tcp
CN 42.173.204.125:445 tcp
JP 221.133.88.234:445 tcp
US 99.162.247.136:445 tcp
US 214.77.198.33:445 tcp
JP 27.143.53.167:445 tcp
US 4.75.134.224:445 tcp
BR 179.82.241.197:445 tcp
US 55.38.203.153:445 tcp
BR 187.52.205.134:445 tcp
BR 179.174.248.103:445 tcp
US 173.149.161.86:445 tcp
US 75.247.172.218:445 tcp
KR 124.56.163.239:445 tcp
CN 106.9.194.185:445 tcp
ES 62.82.250.135:445 tcp
KR 1.249.73.131:445 tcp
DE 5.102.163.160:445 tcp
CH 57.237.141.226:445 tcp
US 169.75.194.168:445 tcp
US 6.65.103.189:445 tcp
SG 192.169.38.92:445 tcp
US 148.33.198.206:445 tcp
NG 105.114.28.49:445 tcp
CN 60.25.244.248:445 tcp
US 4.7.103.174:445 tcp
DE 31.186.125.86:445 tcp
US 104.156.174.170:445 tcp
US 71.178.164.29:445 tcp
US 94.36.151.92:445 tcp
ZA 105.10.230.233:445 tcp
CN 122.9.58.190:445 tcp
US 174.15.27.58:445 tcp
GB 83.170.165.224:445 tcp
DE 109.43.190.138:445 tcp
CN 113.123.186.77:445 tcp
JP 139.162.88.54:445 tcp
US 164.199.102.125:445 tcp
BR 177.117.112.197:445 tcp
US 11.239.231.127:445 tcp
CI 196.183.1.149:445 tcp
US 40.121.204.72:445 tcp
US 104.170.33.91:445 tcp
BR 191.26.138.41:445 tcp
US 174.21.226.110:445 tcp
US 74.160.73.37:445 tcp
US 158.117.166.105:445 tcp
US 199.218.207.59:445 tcp
CH 57.30.74.71:445 tcp
CN 221.5.110.191:445 tcp
US 167.27.211.229:445 tcp
US 207.159.8.104:445 tcp
US 11.65.109.157:445 tcp
US 99.162.70.110:445 tcp
CN 27.194.43.157:445 tcp
US 68.127.150.66:445 tcp
BR 135.223.42.5:445 tcp
JP 60.101.234.153:445 tcp
US 68.44.16.90:445 tcp
KR 39.124.224.154:445 tcp
US 207.208.192.187:445 tcp
US 21.16.89.111:445 tcp
AR 181.21.143.102:445 tcp
CN 106.93.202.83:445 tcp
EG 105.35.214.103:445 tcp
CA 66.131.84.11:445 tcp
US 163.184.228.162:445 tcp
US 134.72.52.213:445 tcp
CA 149.26.109.124:445 tcp
US 18.251.80.66:445 tcp
US 48.148.136.108:445 tcp
US 198.98.10.246:139 tcp
JP 158.203.174.228:445 tcp
JP 202.35.116.251:445 tcp
ZA 197.95.48.54:445 tcp
US 54.160.224.130:139 tcp
DZ 197.115.50.144:139 tcp
US 98.244.114.205:139 tcp
PL 81.18.213.152:139 tcp
VN 115.77.52.215:139 tcp
DE 178.203.58.125:139 tcp
KR 175.253.66.104:139 tcp
RS 82.117.197.249:139 tcp
US 99.38.225.198:139 tcp
FR 195.220.20.221:139 tcp
US 69.85.49.73:139 tcp
AU 144.140.69.87:139 tcp
IR 172.80.232.228:139 tcp
US 28.188.99.207:139 tcp
US 22.218.45.75:139 tcp
RO 85.9.29.127:139 tcp
US 20.34.20.56:139 tcp
JP 49.242.254.161:139 tcp
NL 145.175.81.62:139 tcp
BY 178.126.48.161:139 tcp
DE 53.195.106.115:139 tcp
US 65.128.216.39:139 tcp
RU 95.161.200.70:139 tcp
CN 118.229.46.123:139 tcp
AU 58.162.230.227:139 tcp
TW 120.120.163.135:139 tcp
US 17.106.211.24:139 tcp
DE 109.46.129.29:139 tcp
ES 80.34.90.22:139 tcp
CN 106.91.198.99:139 tcp
JP 221.82.225.79:139 tcp
US 215.44.47.145:139 tcp
US 131.41.43.249:139 tcp
JP 220.29.245.71:139 tcp
US 68.119.157.200:139 tcp
KR 61.103.147.64:139 tcp
US 73.172.124.23:139 tcp
DE 93.252.58.8:139 tcp
US 146.7.154.18:139 tcp
US 71.109.19.90:139 tcp
US 104.247.62.78:139 tcp
BR 170.84.98.129:139 tcp
N/A 10.25.58.39:139 tcp
US 174.254.173.29:139 tcp
CA 142.112.90.235:139 tcp
CN 113.221.241.54:139 tcp
JP 202.142.230.99:139 tcp
FR 141.194.235.165:139 tcp
GB 92.30.183.89:139 tcp
SG 20.212.190.144:139 tcp
CN 112.12.51.96:139 tcp
KR 59.31.133.190:139 tcp
CA 35.203.62.60:139 tcp
KR 222.232.54.82:139 tcp
US 50.102.56.38:139 tcp
US 207.143.3.223:139 tcp
US 209.11.139.54:139 tcp
CN 101.153.5.106:139 tcp
US 214.58.124.99:139 tcp
US 55.56.37.112:139 tcp
US 104.26.55.195:139 tcp
US 50.41.70.191:139 tcp
SE 217.211.231.45:139 tcp
CN 101.153.152.75:139 tcp
FR 20.43.32.113:139 tcp
IE 52.93.2.123:139 tcp
GB 128.86.239.168:139 tcp
US 208.202.97.185:139 tcp
JP 133.148.194.159:139 tcp
JO 213.186.172.210:139 tcp
US 9.106.98.48:139 tcp
CA 74.127.212.97:139 tcp
DE 51.125.91.67:139 tcp
US 135.101.133.177:139 tcp
US 192.169.209.81:139 tcp
US 216.73.8.189:139 tcp
DK 83.95.71.30:139 tcp
US 4.45.94.206:139 tcp
JP 221.36.220.252:139 tcp
US 65.78.55.226:139 tcp
GB 185.38.45.152:139 tcp
RU 178.57.201.158:139 tcp
US 184.57.17.17:139 tcp
CN 123.116.188.46:139 tcp
NL 213.46.129.100:139 tcp
DE 141.88.15.95:139 tcp
BR 177.57.67.234:139 tcp
IN 103.157.131.157:139 tcp
US 76.197.116.99:139 tcp
US 69.71.145.98:139 tcp
US 138.110.96.235:139 tcp
US 33.251.55.80:139 tcp
CA 74.57.215.210:139 tcp
US 138.179.89.41:139 tcp
JP 128.53.27.38:139 tcp
CN 221.181.186.140:139 tcp
DZ 197.115.50.144:445 tcp
US 198.98.10.246:445 tcp
US 136.94.86.36:139 tcp
TW 61.228.127.139:139 tcp
US 160.207.176.112:139 tcp
KR 61.99.60.11:139 tcp
DE 178.203.58.125:445 tcp
NL 145.175.81.62:445 tcp
US 99.38.225.198:445 tcp
IR 172.80.232.228:445 tcp
RO 85.9.29.127:445 tcp
US 20.34.20.56:445 tcp
FR 195.220.20.221:445 tcp
AU 144.140.69.87:445 tcp
JP 49.242.254.161:445 tcp
BY 178.126.48.161:445 tcp
DE 53.195.106.115:445 tcp
CN 106.91.198.99:445 tcp
US 215.44.47.145:445 tcp
US 73.172.124.23:445 tcp
US 131.41.43.249:445 tcp
JP 220.29.245.71:445 tcp
US 68.119.157.200:445 tcp
US 54.160.224.130:445 tcp
US 98.244.114.205:445 tcp
US 69.85.49.73:445 tcp
US 65.128.216.39:445 tcp
AU 58.162.230.227:445 tcp
ES 80.34.90.22:445 tcp
PL 81.18.213.152:445 tcp
KR 175.253.66.104:445 tcp
RS 82.117.197.249:445 tcp
US 22.218.45.75:445 tcp
CN 118.229.46.123:445 tcp
TW 120.120.163.135:445 tcp
US 17.106.211.24:445 tcp
DE 109.46.129.29:445 tcp
US 28.188.99.207:445 tcp
RU 95.161.200.70:445 tcp
VN 115.77.52.215:445 tcp
JP 221.82.225.79:445 tcp
KR 61.103.147.64:445 tcp
US 146.7.154.18:445 tcp
CN 101.153.5.106:445 tcp
US 55.56.37.112:445 tcp
JO 213.186.172.210:445 tcp
JP 221.36.220.252:445 tcp
CN 112.12.51.96:445 tcp
US 207.143.3.223:445 tcp
SE 217.211.231.45:445 tcp
US 9.106.98.48:445 tcp
CA 74.127.212.97:445 tcp
US 216.73.8.189:445 tcp
US 71.109.19.90:445 tcp
BR 170.84.98.129:445 tcp
CA 142.112.90.235:445 tcp
FR 141.194.235.165:445 tcp
FR 20.43.32.113:445 tcp
US 184.57.17.17:445 tcp
NL 213.46.129.100:445 tcp
BR 177.57.67.234:445 tcp
US 76.197.116.99:445 tcp
US 33.251.55.80:445 tcp
CA 74.57.215.210:445 tcp
DE 51.125.91.67:445 tcp
DE 141.88.15.95:445 tcp
IN 103.157.131.157:445 tcp
GB 92.30.183.89:445 tcp
CA 35.203.62.60:445 tcp
GB 128.86.239.168:445 tcp
SG 20.212.190.144:445 tcp
KR 59.31.133.190:445 tcp
US 50.102.56.38:445 tcp
US 209.11.139.54:445 tcp
US 104.26.55.195:445 tcp
CN 101.153.152.75:445 tcp
IE 52.93.2.123:445 tcp
US 208.202.97.185:445 tcp
US 135.101.133.177:445 tcp
US 192.169.209.81:445 tcp
US 4.45.94.206:445 tcp
US 104.247.62.78:445 tcp
N/A 10.25.58.39:445 tcp
CN 113.221.241.54:445 tcp
KR 222.232.54.82:445 tcp
US 214.58.124.99:445 tcp
US 50.41.70.191:445 tcp
JP 133.148.194.159:445 tcp
DK 83.95.71.30:445 tcp
GB 185.38.45.152:445 tcp
CN 123.116.188.46:445 tcp
US 138.110.96.235:445 tcp
JP 128.53.27.38:445 tcp
DE 93.252.58.8:445 tcp
US 174.254.173.29:445 tcp
JP 202.142.230.99:445 tcp
US 65.78.55.226:445 tcp
RU 178.57.201.158:445 tcp
US 69.71.145.98:445 tcp
US 138.179.89.41:445 tcp
CN 221.181.186.140:445 tcp
US 22.80.224.35:139 tcp
US 136.94.86.36:445 tcp
TW 61.228.127.139:445 tcp
US 160.207.176.112:445 tcp
KR 61.99.60.11:445 tcp
BR 187.115.158.239:139 tcp
US 184.30.96.154:139 tcp
BR 20.195.159.42:139 tcp
BR 201.28.31.45:139 tcp
ZA 155.240.69.120:139 tcp
US 68.107.245.24:139 tcp
KR 61.108.218.96:139 tcp
US 208.158.98.46:139 tcp
AU 58.96.151.194:139 tcp
CN 110.116.236.10:139 tcp
SG 111.65.121.198:139 tcp
US 74.67.211.155:139 tcp
US 75.28.184.57:139 tcp
US 40.62.130.227:139 tcp
IT 195.45.56.102:139 tcp
US 198.153.100.140:139 tcp
US 65.18.78.13:139 tcp
US 24.253.44.140:139 tcp
US 55.199.7.245:139 tcp
US 162.233.214.148:139 tcp
US 108.204.87.48:139 tcp
JP 202.16.115.25:139 tcp
KR 1.247.130.158:139 tcp
US 17.122.46.107:139 tcp
CA 23.141.104.90:139 tcp
US 140.19.240.235:139 tcp
US 172.53.152.139:139 tcp
IT 37.181.189.5:139 tcp
US 3.143.208.219:139 tcp
US 153.38.123.45:139 tcp
US 151.190.157.125:139 tcp
CN 112.57.127.2:139 tcp
RU 46.251.87.27:139 tcp
US 20.236.171.10:139 tcp
ES 158.172.175.180:139 tcp
IN 4.186.83.185:139 tcp
CN 47.92.242.221:139 tcp
US 66.139.217.56:139 tcp
CN 222.54.129.7:139 tcp
ES 88.16.178.173:139 tcp
US 20.189.134.204:139 tcp
FR 176.131.133.231:139 tcp
US 215.224.242.186:139 tcp
NG 41.206.19.137:139 tcp
US 64.22.37.12:139 tcp
BR 177.156.34.236:139 tcp
VN 14.184.94.12:139 tcp
HK 20.190.164.211:139 tcp
US 33.109.118.122:139 tcp
US 107.244.111.234:139 tcp
US 171.183.19.172:139 tcp
US 40.242.114.23:139 tcp
US 26.250.113.137:139 tcp
US 9.192.153.152:139 tcp
DE 217.185.199.82:139 tcp
CN 113.106.39.3:139 tcp
CN 106.46.44.60:139 tcp
US 138.247.167.240:139 tcp
DE 192.44.14.220:139 tcp
JP 13.193.125.165:139 tcp
US 70.92.72.96:139 tcp
FI 194.188.183.145:139 tcp
GB 145.227.183.154:139 tcp
FR 90.121.104.183:139 tcp
FI 185.132.107.250:139 tcp
DE 141.13.81.64:139 tcp
KR 59.9.233.98:139 tcp
US 208.184.7.53:139 tcp
US 192.169.246.211:139 tcp
NL 83.161.228.92:139 tcp
TW 120.120.69.212:139 tcp
CN 183.9.1.228:139 tcp
JP 130.62.123.61:139 tcp
SE 147.186.179.42:139 tcp
CN 221.180.195.93:139 tcp
US 4.118.165.53:139 tcp
CN 60.13.234.218:139 tcp
JP 202.231.53.67:139 tcp
CN 220.166.226.182:139 tcp
US 169.30.231.123:139 tcp
US 209.186.72.188:139 tcp
US 148.33.211.178:139 tcp
US 63.42.6.57:139 tcp
KR 220.125.40.39:139 tcp
US 22.246.250.50:139 tcp
US 48.178.201.217:139 tcp
US 209.84.178.10:139 tcp
US 44.210.21.252:139 tcp
RU 178.65.29.121:139 tcp
US 172.93.78.223:139 tcp
CA 206.87.29.172:139 tcp
DE 88.128.248.23:139 tcp
CN 36.197.105.254:139 tcp
N/A 127.211.191.133:139 tcp
N/A 127.205.252.111:139 tcp
N/A 127.211.191.133:445 tcp
N/A 127.205.252.111:445 tcp
US 165.37.8.97:139 tcp
JP 133.138.134.210:139 tcp
US 22.80.224.35:445 tcp
CN 202.196.22.239:139 tcp
TW 175.111.197.175:139 tcp
US 24.22.188.236:139 tcp
ZA 105.221.101.192:139 tcp
FR 90.121.104.183:445 tcp
ID 221.132.238.92:139 tcp
BR 187.115.158.239:445 tcp
BR 20.195.159.42:445 tcp
US 184.30.96.154:445 tcp
US 68.107.245.24:445 tcp
KR 61.108.218.96:445 tcp
AU 58.96.151.194:445 tcp
SG 111.65.121.198:445 tcp
BR 201.28.31.45:445 tcp
IT 195.45.56.102:445 tcp
US 208.158.98.46:445 tcp
CN 110.116.236.10:445 tcp
ZA 155.240.69.120:445 tcp
US 24.253.44.140:445 tcp
US 40.62.130.227:445 tcp
US 162.233.214.148:445 tcp
BR 177.156.34.236:445 tcp
JP 202.16.115.25:445 tcp
US 140.19.240.235:445 tcp
US 20.236.171.10:445 tcp
US 171.183.19.172:445 tcp
FI 194.188.183.145:445 tcp
US 192.169.246.211:445 tcp
KR 1.247.130.158:445 tcp
US 40.242.114.23:445 tcp
US 3.143.208.219:445 tcp
US 151.190.157.125:445 tcp
DE 217.185.199.82:445 tcp
US 20.189.134.204:445 tcp
US 70.92.72.96:445 tcp
SE 147.186.179.42:445 tcp
US 63.42.6.57:445 tcp
US 64.22.37.12:445 tcp
VN 14.184.94.12:445 tcp
CN 221.180.195.93:445 tcp
CN 60.13.234.218:445 tcp
CN 220.166.226.182:445 tcp
CN 113.106.39.3:445 tcp
KR 220.125.40.39:445 tcp
US 22.246.250.50:445 tcp
US 75.28.184.57:445 tcp
US 65.18.78.13:445 tcp
US 74.67.211.155:445 tcp
US 108.204.87.48:445 tcp
US 17.122.46.107:445 tcp
CN 47.92.242.221:445 tcp
US 172.53.152.139:445 tcp
FR 176.131.133.231:445 tcp
CN 112.57.127.2:445 tcp
ES 88.16.178.173:445 tcp
US 215.224.242.186:445 tcp
GB 145.227.183.154:445 tcp
FI 185.132.107.250:445 tcp
NG 41.206.19.137:445 tcp
US 208.184.7.53:445 tcp
NL 83.161.228.92:445 tcp
US 55.199.7.245:445 tcp
US 107.244.111.234:445 tcp
CA 23.141.104.90:445 tcp
IT 37.181.189.5:445 tcp
CN 106.46.44.60:445 tcp
US 153.38.123.45:445 tcp
RU 46.251.87.27:445 tcp
DE 192.44.14.220:445 tcp
ES 158.172.175.180:445 tcp
JP 13.193.125.165:445 tcp
IN 4.186.83.185:445 tcp
US 66.139.217.56:445 tcp
US 4.118.165.53:445 tcp
CN 222.54.129.7:445 tcp
DE 141.13.81.64:445 tcp
JP 202.231.53.67:445 tcp
KR 59.9.233.98:445 tcp
TW 120.120.69.212:445 tcp
US 169.30.231.123:445 tcp
CN 183.9.1.228:445 tcp
JP 130.62.123.61:445 tcp
US 209.186.72.188:445 tcp
US 198.153.100.140:445 tcp
HK 20.190.164.211:445 tcp
US 33.109.118.122:445 tcp
US 26.250.113.137:445 tcp
US 9.192.153.152:445 tcp
US 138.247.167.240:445 tcp
US 148.33.211.178:445 tcp
US 209.84.178.10:445 tcp
RU 178.65.29.121:445 tcp
US 48.178.201.217:445 tcp
CA 206.87.29.172:445 tcp
DE 88.128.248.23:445 tcp
US 172.93.78.223:445 tcp
US 44.210.21.252:445 tcp
CN 36.197.105.254:445 tcp

Files

memory/1500-1-0x0000000000400000-0x000000000041F000-memory.dmp

\Users\Admin\AppData\Local\Temp\tmp259425357.exe

MD5 97c455f437b1110295d1a2136b2fcb25
SHA1 8175277d119de14bc106ce99f877783179c0ffb8
SHA256 a850c3e81786dda3493b9fa1b655ee886a09d2b015c126a2980f14566236bf68
SHA512 5655f1b5eee5431974135e72e6a5efbfb4d3ab28f90c8cd5dab153fd6485bbe6c96fb46f84b0672e9e7c27670e2e389c1039632562c0a6bb94b4e5659d57fed2

C:\Users\Admin\AppData\Local\Temp\tmp259425403.exe

MD5 abfa48731cde27264da847fd29aa2cf0
SHA1 554891d7f158d51c5b2d801804740569cc632c54
SHA256 52c61766c164db9453917c2ecd083b53fe4056832c9dedbd96644d22f0e26eb0
SHA512 77264b73bf396871bfe5df92b13946e0653488c4f31a947b85f006ae23b66b6caf431a66d5244d2087e8015b35eaaa1aae1c6050c70c4cb13ce50ef49831aa87

memory/1500-15-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files\7-Zip\7z.exe

MD5 1ab1bd36cce6d3f82421ea8109d0d81c
SHA1 d5c5059a10bbfda9c99cf97615ba3635a5cda6a5
SHA256 e48e22284d3901757ef7c52808e3cce6da88c7380bdbb686da4408ff85412268
SHA512 7d1486cc28b7e3f8d9eaced547f99d1258d420bc669d1d19bbde1d51c25e2d6e2c22de6891df648544134f038902abb52fef86fda8c1fb0bd4c9f3e92cf58877

memory/2748-1350-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2748-1652-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2748-1653-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2748-1654-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2748-1655-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2748-1656-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2748-1657-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2748-1659-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2748-1661-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2748-1663-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2748-1664-0x0000000000400000-0x000000000041B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 05:48

Reported

2024-06-03 05:51

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "Explorer.exe fsb.exe" C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp240644234.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\fsb.stb C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Windows\SysWOW64\fsb.tmp C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File opened for modification C:\Windows\SysWOW64\fsb.tmp C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Mozilla Firefox\private_browsing.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\cookie_exporter.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\misc.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.EXE- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javap.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\xjc.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\MicrosoftEdgeUpdateBroker.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\javaws.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\msedge.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\msedge_pwa_launcher.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\tnameserv.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\orbd.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaws.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\java.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\Installer\setup.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\orbd.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\7-Zip\7zG.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\msedge.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\pwahelper.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\keytool.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\notification_helper.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\BHO\ie_to_edge_stub.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\idlj.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\Installer\setup.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\notification_helper.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javah.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javacpl.exe- C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5.exe

"C:\Users\Admin\AppData\Local\Temp\fb6f0a8f554d4c61251788f0f2592f636af3513af751cf13df4d490f7b93cda5.exe"

C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe

C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe

C:\Users\Admin\AppData\Local\Temp\tmp240644234.exe

C:\Users\Admin\AppData\Local\Temp\tmp240644234.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4312 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 uk.undernet.org udp
US 174.226.250.205:139 tcp
US 73.234.73.32:139 tcp
US 192.169.26.91:139 tcp
JP 133.151.63.243:139 tcp
GB 63.130.119.6:139 tcp
CN 222.90.107.157:139 tcp
NO 195.159.2.251:139 tcp
JP 52.194.71.35:139 tcp
IT 80.105.111.10:139 tcp
JP 133.244.184.175:139 tcp
US 54.189.146.232:139 tcp
CN 183.250.128.160:139 tcp
US 43.212.167.78:139 tcp
GB 157.140.88.8:139 tcp
CN 175.17.31.184:139 tcp
RO 79.113.64.120:139 tcp
N/A 10.17.50.34:139 tcp
US 132.97.140.202:139 tcp
US 128.111.66.73:139 tcp
GB 51.183.250.26:139 tcp
US 38.22.80.59:139 tcp
MX 187.215.63.253:139 tcp
MY 20.17.90.101:139 tcp
US 173.81.136.240:139 tcp
US 216.243.65.56:139 tcp
US 172.117.125.189:139 tcp
US 152.184.148.131:139 tcp
CA 149.26.191.105:139 tcp
GB 160.8.89.221:139 tcp
BE 188.5.187.7:139 tcp
US 209.198.180.59:139 tcp
IT 159.149.158.127:139 tcp
GB 217.41.126.59:139 tcp
US 73.39.199.41:139 tcp
US 98.251.250.109:139 tcp
US 137.131.61.162:139 tcp
ES 212.225.210.52:139 tcp
JP 153.183.99.157:139 tcp
IT 2.231.187.114:139 tcp
CN 58.57.146.66:139 tcp
NG 196.220.236.252:139 tcp
US 144.195.83.118:139 tcp
IN 163.122.252.78:139 tcp
CA 68.144.111.248:139 tcp
EG 45.104.24.175:139 tcp
CH 85.3.65.135:139 tcp
US 35.166.212.239:139 tcp
US 96.104.169.89:139 tcp
US 97.124.6.199:139 tcp
IE 54.220.72.145:139 tcp
CN 120.229.220.137:139 tcp
CN 175.64.92.2:139 tcp
US 75.116.24.61:139 tcp
DE 82.98.225.29:139 tcp
VE 200.109.107.169:139 tcp
JP 153.144.105.164:139 tcp
IN 106.216.66.139:139 tcp
FR 212.208.226.198:139 tcp
US 135.234.65.151:139 tcp
US 205.104.161.13:139 tcp
ES 84.79.17.174:139 tcp
JP 219.18.82.178:139 tcp
DE 85.213.238.169:139 tcp
US 137.130.63.31:139 tcp
US 56.12.131.136:139 tcp
FR 89.156.112.118:139 tcp
US 149.124.218.144:139 tcp
US 162.149.200.248:139 tcp
US 143.80.158.49:139 tcp
US 66.99.7.50:139 tcp
DE 87.179.209.17:139 tcp
US 33.226.46.145:139 tcp
SG 43.2.89.148:139 tcp
US 169.15.171.152:139 tcp
US 22.175.129.82:139 tcp
JP 210.249.218.135:139 tcp
US 74.133.167.4:139 tcp
CN 115.25.240.83:139 tcp
PL 78.10.139.15:139 tcp
US 174.194.171.166:139 tcp
ID 154.223.41.15:139 tcp
CN 101.236.233.96:139 tcp
BR 45.182.35.112:139 tcp
US 16.83.54.186:139 tcp
SE 185.83.95.20:139 tcp
US 157.201.126.11:139 tcp
US 75.17.149.236:139 tcp
US 34.115.236.202:139 tcp
NZ 122.57.224.251:139 tcp
US 167.174.194.249:139 tcp
SG 43.33.105.147:139 tcp
DE 167.233.69.201:139 tcp
DE 62.26.28.233:139 tcp
US 44.54.193.155:139 tcp
AU 13.54.113.6:139 tcp
US 98.176.154.75:139 tcp
IN 117.214.70.233:139 tcp
LR 41.191.104.207:139 tcp
JP 114.18.193.38:139 tcp
CN 116.129.120.94:139 tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 192.169.26.91:445 tcp
JP 52.194.71.35:445 tcp
CN 183.250.128.160:445 tcp
GB 157.140.88.8:445 tcp
MY 20.17.90.101:445 tcp
US 209.198.180.59:445 tcp
IT 2.231.187.114:445 tcp
US 137.131.61.162:445 tcp
US 128.111.66.73:445 tcp
US 174.226.250.205:445 tcp
MX 187.215.63.253:445 tcp
US 38.22.80.59:445 tcp
US 98.251.250.109:445 tcp
US 216.243.65.56:445 tcp
NG 196.220.236.252:445 tcp
JP 153.183.99.157:445 tcp
CH 85.3.65.135:445 tcp
IN 163.122.252.78:445 tcp
US 97.124.6.199:445 tcp
US 35.166.212.239:445 tcp
CN 175.64.92.2:445 tcp
IE 54.220.72.145:445 tcp
IN 106.216.66.139:445 tcp
US 75.116.24.61:445 tcp
US 205.104.161.13:445 tcp
FR 212.208.226.198:445 tcp
US 162.149.200.248:445 tcp
ES 84.79.17.174:445 tcp
SE 185.83.95.20:445 tcp
DE 87.179.209.17:445 tcp
US 167.174.194.249:445 tcp
US 75.17.149.236:445 tcp
US 44.54.193.155:445 tcp
SG 43.33.105.147:445 tcp
IN 117.214.70.233:445 tcp
US 98.176.154.75:445 tcp
US 22.175.129.82:445 tcp
JP 114.18.193.38:445 tcp
US 174.194.171.166:445 tcp
US 74.133.167.4:445 tcp
DE 167.233.69.201:445 tcp
JP 133.151.63.243:445 tcp
GB 63.130.119.6:445 tcp
IT 80.105.111.10:445 tcp
JP 133.244.184.175:445 tcp
RO 79.113.64.120:445 tcp
CN 175.17.31.184:445 tcp
US 132.97.140.202:445 tcp
GB 51.183.250.26:445 tcp
US 173.81.136.240:445 tcp
US 152.184.148.131:445 tcp
US 172.117.125.189:445 tcp
IT 159.149.158.127:445 tcp
GB 160.8.89.221:445 tcp
ES 212.225.210.52:445 tcp
US 73.39.199.41:445 tcp
US 144.195.83.118:445 tcp
CN 58.57.146.66:445 tcp
CN 222.90.107.157:445 tcp
US 73.234.73.32:445 tcp
NO 195.159.2.251:445 tcp
US 54.189.146.232:445 tcp
N/A 10.17.50.34:445 tcp
US 43.212.167.78:445 tcp
BE 188.5.187.7:445 tcp
CA 149.26.191.105:445 tcp
CA 68.144.111.248:445 tcp
GB 217.41.126.59:445 tcp
US 96.104.169.89:445 tcp
EG 45.104.24.175:445 tcp
DE 82.98.225.29:445 tcp
CN 120.229.220.137:445 tcp
JP 153.144.105.164:445 tcp
VE 200.109.107.169:445 tcp
JP 219.18.82.178:445 tcp
US 135.234.65.151:445 tcp
US 137.130.63.31:445 tcp
DE 85.213.238.169:445 tcp
US 56.12.131.136:445 tcp
FR 89.156.112.118:445 tcp
US 149.124.218.144:445 tcp
US 143.80.158.49:445 tcp
US 33.226.46.145:445 tcp
US 169.15.171.152:445 tcp
JP 210.249.218.135:445 tcp
CN 115.25.240.83:445 tcp
PL 78.10.139.15:445 tcp
ID 154.223.41.15:445 tcp
CN 101.236.233.96:445 tcp
US 34.115.236.202:445 tcp
US 16.83.54.186:445 tcp
CN 116.129.120.94:445 tcp
DE 62.26.28.233:445 tcp
SG 43.2.89.148:445 tcp
US 66.99.7.50:445 tcp
BR 45.182.35.112:445 tcp
US 157.201.126.11:445 tcp
NZ 122.57.224.251:445 tcp
AU 13.54.113.6:445 tcp
LR 41.191.104.207:445 tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
ES 68.221.78.160:139 tcp
AU 16.27.40.42:139 tcp
DK 193.163.121.157:139 tcp
US 192.25.159.198:139 tcp
US 44.15.241.68:139 tcp
SE 128.87.203.250:139 tcp
US 184.96.122.225:139 tcp
US 130.132.112.95:139 tcp
CN 117.49.188.33:139 tcp
IT 151.87.236.227:139 tcp
CN 111.203.166.253:139 tcp
US 166.143.168.180:139 tcp
BE 78.22.246.166:139 tcp
US 173.12.106.232:139 tcp
CA 142.68.221.137:139 tcp
ID 103.168.189.142:139 tcp
JP 219.110.171.201:139 tcp
US 68.239.114.245:139 tcp
US 165.221.146.252:139 tcp
US 74.161.23.101:139 tcp
SE 83.249.156.253:139 tcp
US 48.62.114.58:139 tcp
US 107.147.187.109:139 tcp
BR 191.223.247.19:139 tcp
US 160.7.94.21:139 tcp
DE 53.202.218.173:139 tcp
US 34.122.197.47:139 tcp
BR 200.139.121.130:139 tcp
CN 114.248.237.148:139 tcp
IT 160.220.100.28:139 tcp
US 22.234.127.142:139 tcp
GB 25.192.112.98:139 tcp
IT 85.37.254.195:139 tcp
US 147.183.169.117:139 tcp
US 38.184.15.124:139 tcp
DE 80.190.99.204:139 tcp
US 75.168.186.39:139 tcp
US 75.32.69.179:139 tcp
US 29.91.218.62:139 tcp
US 44.23.121.5:139 tcp
US 6.227.131.112:139 tcp
TW 203.65.228.72:139 tcp
US 29.35.128.32:139 tcp
CN 60.222.107.24:139 tcp
ZA 41.164.233.49:139 tcp
DE 194.229.70.206:139 tcp
US 24.103.192.35:139 tcp
US 167.223.110.151:139 tcp
US 18.88.157.132:139 tcp
VN 103.161.23.185:139 tcp
US 56.181.113.171:139 tcp
PA 181.197.44.71:139 tcp
US 209.57.86.198:139 tcp
IN 27.5.242.9:139 tcp
US 98.7.107.55:139 tcp
US 8.79.171.202:139 tcp
GB 86.130.200.64:139 tcp
US 205.199.76.239:139 tcp
CH 146.228.124.4:139 tcp
AR 186.126.70.88:139 tcp
RU 195.161.152.210:139 tcp
US 3.5.93.145:139 tcp
US 99.166.86.200:139 tcp
KR 211.201.145.101:139 tcp
US 34.95.66.180:139 tcp
N/A 10.89.24.165:139 tcp
FR 77.149.126.96:139 tcp
MY 180.75.90.89:139 tcp
DO 138.36.24.46:139 tcp
US 147.21.17.20:139 tcp
CA 72.39.65.122:139 tcp
US 9.235.134.62:139 tcp
CN 221.218.12.204:139 tcp
US 161.171.142.39:139 tcp
US 47.35.155.77:139 tcp
MX 189.158.17.109:139 tcp
DE 77.184.226.26:139 tcp
SG 192.169.40.218:139 tcp
US 44.67.127.132:139 tcp
TW 210.66.233.212:139 tcp
AU 202.65.252.202:139 tcp
US 67.85.12.89:139 tcp
IE 51.171.182.36:139 tcp
IE 18.201.96.167:139 tcp
US 215.73.249.59:139 tcp
NL 85.144.238.140:139 tcp
US 98.108.38.148:139 tcp
US 57.115.77.37:139 tcp
FR 88.162.6.120:139 tcp
US 96.167.132.123:139 tcp
CA 4.174.203.180:139 tcp
US 18.187.151.240:139 tcp
US 215.219.148.51:139 tcp
US 151.195.135.118:139 tcp
KR 119.148.116.83:139 tcp
BR 200.228.239.145:139 tcp
CH 178.83.34.38:139 tcp
US 129.41.52.64:139 tcp
PA 201.224.36.99:139 tcp
US 169.160.57.152:139 tcp
IT 160.220.100.28:445 tcp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.200.10:443 chromewebstore.googleapis.com tcp
US 73.223.152.72:139 tcp
US 192.25.159.198:445 tcp
US 44.15.241.68:445 tcp
SE 128.87.203.250:445 tcp
US 184.96.122.225:445 tcp
US 130.132.112.95:445 tcp
CN 117.49.188.33:445 tcp
US 74.161.23.101:445 tcp
AU 16.27.40.42:445 tcp
ES 68.221.78.160:445 tcp
DK 193.163.121.157:445 tcp
CN 111.203.166.253:445 tcp
IT 151.87.236.227:445 tcp
BE 78.22.246.166:445 tcp
US 166.143.168.180:445 tcp
CA 142.68.221.137:445 tcp
US 173.12.106.232:445 tcp
JP 219.110.171.201:445 tcp
ID 103.168.189.142:445 tcp
US 165.221.146.252:445 tcp
US 68.239.114.245:445 tcp
US 160.7.94.21:445 tcp
US 48.62.114.58:445 tcp
US 34.122.197.47:445 tcp
DE 53.202.218.173:445 tcp
GB 25.192.112.98:445 tcp
BR 200.139.121.130:445 tcp
US 75.32.69.179:445 tcp
DE 80.190.99.204:445 tcp
DE 194.229.70.206:445 tcp
US 29.91.218.62:445 tcp
US 167.223.110.151:445 tcp
US 24.103.192.35:445 tcp
US 209.57.86.198:445 tcp
US 18.88.157.132:445 tcp
US 98.7.107.55:445 tcp
IN 27.5.242.9:445 tcp
US 3.5.93.145:445 tcp
GB 86.130.200.64:445 tcp
N/A 10.89.24.165:445 tcp
KR 211.201.145.101:445 tcp
DO 138.36.24.46:445 tcp
FR 77.149.126.96:445 tcp
US 9.235.134.62:445 tcp
US 147.21.17.20:445 tcp
AU 202.65.252.202:445 tcp
CN 221.218.12.204:445 tcp
US 67.85.12.89:445 tcp
US 215.73.249.59:445 tcp
US 98.108.38.148:445 tcp
US 57.115.77.37:445 tcp
FR 88.162.6.120:445 tcp
US 96.167.132.123:445 tcp
US 18.187.151.240:445 tcp
US 215.219.148.51:445 tcp
US 129.41.52.64:445 tcp
PA 201.224.36.99:445 tcp
US 169.160.57.152:445 tcp
SE 83.249.156.253:445 tcp
US 107.147.187.109:445 tcp
CN 114.248.237.148:445 tcp
BR 191.223.247.19:445 tcp
IT 85.37.254.195:445 tcp
US 22.234.127.142:445 tcp
US 38.184.15.124:445 tcp
US 147.183.169.117:445 tcp
US 44.23.121.5:445 tcp
US 75.168.186.39:445 tcp
TW 203.65.228.72:445 tcp
US 6.227.131.112:445 tcp
CN 60.222.107.24:445 tcp
US 29.35.128.32:445 tcp
VN 103.161.23.185:445 tcp
ZA 41.164.233.49:445 tcp
PA 181.197.44.71:445 tcp
US 56.181.113.171:445 tcp
US 205.199.76.239:445 tcp
US 8.79.171.202:445 tcp
AR 186.126.70.88:445 tcp
CH 146.228.124.4:445 tcp
US 99.166.86.200:445 tcp
RU 195.161.152.210:445 tcp
US 34.95.66.180:445 tcp
MY 180.75.90.89:445 tcp
CA 72.39.65.122:445 tcp
US 161.171.142.39:445 tcp
MX 189.158.17.109:445 tcp
US 47.35.155.77:445 tcp
DE 77.184.226.26:445 tcp
SG 192.169.40.218:445 tcp
TW 210.66.233.212:445 tcp
US 44.67.127.132:445 tcp
IE 18.201.96.167:445 tcp
IE 51.171.182.36:445 tcp
CA 4.174.203.180:445 tcp
NL 85.144.238.140:445 tcp
KR 119.148.116.83:445 tcp
US 151.195.135.118:445 tcp
CH 178.83.34.38:445 tcp
BR 200.228.239.145:445 tcp
US 73.223.152.72:445 tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
GB 168.224.178.72:139 tcp
US 66.174.136.44:139 tcp
US 44.139.199.249:139 tcp
US 74.192.253.217:139 tcp
MX 201.116.141.208:139 tcp
US 20.29.107.116:139 tcp
MX 187.234.225.149:139 tcp
US 56.55.205.60:139 tcp
US 172.144.26.40:139 tcp
BR 179.254.33.187:139 tcp
US 6.69.11.173:139 tcp
RS 93.86.143.211:139 tcp
FR 15.188.234.204:139 tcp
US 9.146.244.96:139 tcp
US 11.36.148.209:139 tcp
US 155.149.32.133:139 tcp
DE 89.13.70.171:139 tcp
FR 90.36.160.213:139 tcp
US 104.191.7.177:139 tcp
CN 14.146.54.64:139 tcp
US 54.201.138.68:139 tcp
IN 106.199.181.210:139 tcp
US 30.226.183.46:139 tcp
IR 91.133.154.78:139 tcp
US 184.40.168.223:139 tcp
US 158.8.17.129:139 tcp
CN 36.151.75.129:139 tcp
CN 110.243.155.131:139 tcp
US 28.242.140.190:139 tcp
IT 88.147.72.174:139 tcp
AR 190.216.22.123:139 tcp
GB 195.99.116.114:139 tcp
US 167.67.146.70:139 tcp
US 132.238.29.248:139 tcp
DE 141.69.148.167:139 tcp
TR 188.3.196.149:139 tcp
US 207.40.244.54:139 tcp
KR 14.36.232.6:139 tcp
JP 219.200.218.129:139 tcp
GB 81.96.1.132:139 tcp
FR 89.88.61.208:139 tcp
EG 45.111.20.170:139 tcp
GB 91.85.4.165:139 tcp
GB 2.25.218.34:139 tcp
SE 85.231.175.23:139 tcp
JP 221.246.122.35:139 tcp
US 73.137.155.252:139 tcp
BR 201.131.187.201:139 tcp
TW 111.242.194.233:139 tcp
US 208.115.232.58:139 tcp
N/A 10.104.28.240:139 tcp
NL 145.102.44.135:139 tcp
GB 161.76.136.69:139 tcp
CN 219.225.130.128:139 tcp
US 152.5.78.155:139 tcp
US 68.50.34.107:139 tcp
US 64.164.69.61:139 tcp
CN 106.57.53.123:139 tcp
CA 24.52.197.242:139 tcp
AR 45.237.38.217:139 tcp
CL 158.251.48.23:139 tcp
US 21.15.42.208:139 tcp
GB 195.58.75.1:139 tcp
US 18.113.93.137:139 tcp
BR 128.201.63.166:139 tcp
AR 170.83.52.124:139 tcp
KR 39.127.77.10:139 tcp
DE 188.136.94.225:139 tcp
US 192.169.162.247:139 tcp
US 56.248.190.60:139 tcp
US 71.195.153.107:139 tcp
US 206.20.152.4:139 tcp
RO 195.95.254.167:139 tcp
CN 171.121.215.42:139 tcp
DE 87.132.140.222:139 tcp
TH 125.27.61.204:139 tcp
US 33.62.53.110:139 tcp
ES 46.16.39.50:139 tcp
IN 115.111.241.230:139 tcp
CN 221.237.43.184:139 tcp
AU 155.205.166.112:139 tcp
FR 94.228.187.34:139 tcp
US 24.168.9.115:139 tcp
SE 129.178.221.37:139 tcp
CN 27.99.245.86:139 tcp
US 65.132.168.150:139 tcp
SE 91.130.248.16:139 tcp
CA 167.227.153.90:139 tcp
JP 59.157.117.62:139 tcp
US 69.103.119.109:139 tcp
US 207.175.202.150:139 tcp
US 96.142.86.57:139 tcp
US 205.78.28.231:139 tcp
HU 160.114.17.247:139 tcp
IN 115.116.182.235:139 tcp
CN 202.113.78.224:139 tcp
US 6.238.109.238:139 tcp
DE 53.217.177.38:139 tcp
JP 160.198.20.114:139 tcp
TH 125.27.61.204:445 tcp
JP 58.70.247.150:139 tcp
ZA 41.53.239.49:139 tcp
GB 195.99.116.114:445 tcp
GB 168.224.178.72:445 tcp
US 74.192.253.217:445 tcp
US 44.139.199.249:445 tcp
US 20.29.107.116:445 tcp
MX 201.116.141.208:445 tcp
US 172.144.26.40:445 tcp
US 56.55.205.60:445 tcp
FR 15.188.234.204:445 tcp
BR 179.254.33.187:445 tcp
DE 89.13.70.171:445 tcp
US 155.149.32.133:445 tcp
US 54.201.138.68:445 tcp
FR 90.36.160.213:445 tcp
IR 91.133.154.78:445 tcp
IN 106.199.181.210:445 tcp
MX 187.234.225.149:445 tcp
US 66.174.136.44:445 tcp
US 6.69.11.173:445 tcp
RS 93.86.143.211:445 tcp
US 9.146.244.96:445 tcp
US 11.36.148.209:445 tcp
US 104.191.7.177:445 tcp
CN 14.146.54.64:445 tcp
US 30.226.183.46:445 tcp
US 184.40.168.223:445 tcp
US 158.8.17.129:445 tcp
CN 110.243.155.131:445 tcp
AR 190.216.22.123:445 tcp
US 28.242.140.190:445 tcp
DE 141.69.148.167:445 tcp
TR 188.3.196.149:445 tcp
JP 219.200.218.129:445 tcp
FR 89.88.61.208:445 tcp
SE 85.231.175.23:445 tcp
GB 91.85.4.165:445 tcp
JP 221.246.122.35:445 tcp
US 73.137.155.252:445 tcp
BR 201.131.187.201:445 tcp
TW 111.242.194.233:445 tcp
N/A 10.104.28.240:445 tcp
US 152.5.78.155:445 tcp
CN 219.225.130.128:445 tcp
US 68.50.34.107:445 tcp
CN 36.151.75.129:445 tcp
IT 88.147.72.174:445 tcp
US 167.67.146.70:445 tcp
US 132.238.29.248:445 tcp
KR 14.36.232.6:445 tcp
GB 81.96.1.132:445 tcp
US 207.40.244.54:445 tcp
GB 2.25.218.34:445 tcp
US 208.115.232.58:445 tcp
NL 145.102.44.135:445 tcp
GB 161.76.136.69:445 tcp
EG 45.111.20.170:445 tcp
US 64.164.69.61:445 tcp
CA 24.52.197.242:445 tcp
CN 106.57.53.123:445 tcp
AR 45.237.38.217:445 tcp
CL 158.251.48.23:445 tcp
US 21.15.42.208:445 tcp
AR 170.83.52.124:445 tcp
DE 188.136.94.225:445 tcp
US 192.169.162.247:445 tcp
US 56.248.190.60:445 tcp
US 206.20.152.4:445 tcp
DE 87.132.140.222:445 tcp
ES 46.16.39.50:445 tcp
IN 115.111.241.230:445 tcp
RO 195.95.254.167:445 tcp
US 24.168.9.115:445 tcp
SE 129.178.221.37:445 tcp
CN 27.99.245.86:445 tcp
AU 155.205.166.112:445 tcp
CA 167.227.153.90:445 tcp
JP 59.157.117.62:445 tcp
US 65.132.168.150:445 tcp
US 96.142.86.57:445 tcp
CN 202.113.78.224:445 tcp
US 6.238.109.238:445 tcp
US 207.175.202.150:445 tcp
DE 53.217.177.38:445 tcp
US 18.113.93.137:445 tcp
GB 195.58.75.1:445 tcp
KR 39.127.77.10:445 tcp
US 71.195.153.107:445 tcp
BR 128.201.63.166:445 tcp
US 33.62.53.110:445 tcp
CN 221.237.43.184:445 tcp
FR 94.228.187.34:445 tcp
CN 171.121.215.42:445 tcp
SE 91.130.248.16:445 tcp
US 69.103.119.109:445 tcp
US 205.78.28.231:445 tcp
HU 160.114.17.247:445 tcp
IN 115.116.182.235:445 tcp
JP 160.198.20.114:445 tcp
FR 82.243.92.122:139 tcp
JP 58.70.247.150:445 tcp
ZA 41.53.239.49:445 tcp
US 73.160.84.45:139 tcp
US 72.87.208.189:139 tcp
BR 168.205.220.7:139 tcp
CA 142.75.19.119:139 tcp
JP 160.15.231.1:139 tcp
RU 78.36.160.96:139 tcp
CA 24.71.205.143:139 tcp
US 16.206.196.83:139 tcp
US 18.215.230.211:139 tcp
TR 79.110.51.152:139 tcp
ES 87.220.42.51:139 tcp
US 131.253.70.162:139 tcp
US 129.157.20.16:139 tcp
CN 27.40.172.75:139 tcp
CN 106.32.57.14:139 tcp
US 140.8.157.121:139 tcp
US 50.44.53.22:139 tcp
US 18.40.213.156:139 tcp
NL 77.251.69.44:139 tcp
US 72.122.34.69:139 tcp
BR 179.106.253.251:139 tcp
US 32.7.252.160:139 tcp
PH 124.107.143.182:139 tcp
FR 194.57.170.74:139 tcp
CN 218.17.235.136:139 tcp
US 18.23.170.32:139 tcp
MD 46.166.50.219:139 tcp
SE 144.57.239.237:139 tcp
NO 85.164.101.23:139 tcp
CN 27.39.248.63:139 tcp
US 135.219.22.99:139 tcp
CN 42.156.19.184:139 tcp
CA 207.96.233.123:139 tcp
GB 194.63.70.200:139 tcp
US 150.154.175.215:139 tcp
GB 25.73.212.244:139 tcp
JP 125.12.242.207:139 tcp
BR 200.163.139.152:139 tcp
ES 83.57.228.239:139 tcp
CN 221.5.107.35:139 tcp
US 192.169.43.109:139 tcp
CN 43.187.36.157:139 tcp
US 22.205.214.172:139 tcp
FR 92.160.19.149:139 tcp
DE 144.145.120.78:139 tcp
US 29.178.87.211:139 tcp
GB 217.33.128.94:139 tcp
CL 156.97.96.209:139 tcp
DE 53.35.223.247:139 tcp
CA 138.218.176.15:139 tcp
CN 118.26.30.170:139 tcp
GB 95.150.128.27:139 tcp
US 21.78.244.168:139 tcp
DE 149.40.229.115:139 tcp
US 206.100.145.39:139 tcp
US 67.62.62.88:139 tcp
US 205.216.27.82:139 tcp
US 154.45.218.190:139 tcp
NL 145.143.215.105:139 tcp
US 151.203.161.234:139 tcp
US 139.38.80.80:139 tcp
KR 42.38.166.152:139 tcp
US 29.47.47.70:139 tcp
US 161.46.217.96:139 tcp
NZ 125.237.214.156:139 tcp
CN 219.222.158.150:139 tcp
GB 194.88.120.65:139 tcp
KR 121.166.229.2:139 tcp
CN 218.108.189.26:139 tcp
US 134.38.234.88:139 tcp
DK 77.213.11.44:139 tcp
ES 176.56.113.148:139 tcp
JP 119.228.66.149:139 tcp
US 15.90.156.21:139 tcp
SD 197.209.37.88:139 tcp
US 50.84.62.240:139 tcp
US 135.79.79.138:139 tcp
VE 190.36.33.194:139 tcp
CA 142.135.91.197:139 tcp
TW 122.118.225.48:139 tcp
BR 189.29.173.79:139 tcp
US 73.32.154.89:139 tcp
CN 113.240.8.87:139 tcp
CN 120.8.142.218:139 tcp
DK 80.197.191.109:139 tcp
US 57.135.178.200:139 tcp
US 18.127.185.247:139 tcp
RU 178.214.46.31:139 tcp
US 215.143.5.120:139 tcp
CN 119.248.76.145:139 tcp
KR 175.230.120.248:139 tcp
AU 203.63.27.152:139 tcp
GB 82.14.173.143:139 tcp
US 169.18.38.154:139 tcp
US 28.25.123.4:139 tcp
N/A 127.15.141.200:139 tcp
N/A 127.190.170.217:139 tcp
FR 82.243.92.122:445 tcp
US 8.8.8.8:53 200.141.15.127.in-addr.arpa udp
US 8.8.8.8:53 217.170.190.127.in-addr.arpa udp
US 8.8.8.8:53 74.239.69.13.in-addr.arpa udp
HK 218.189.134.244:139 tcp
N/A 127.15.141.200:445 tcp
N/A 127.190.170.217:445 tcp
N/A 127.22.151.90:139 tcp
US 206.88.254.116:139 tcp
KR 124.216.5.161:139 tcp
N/A 127.22.151.90:445 tcp
US 8.8.8.8:53 90.151.22.127.in-addr.arpa udp
US 206.209.7.238:139 tcp
US 73.160.84.45:445 tcp

Files

memory/1188-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp240644156.exe

MD5 97c455f437b1110295d1a2136b2fcb25
SHA1 8175277d119de14bc106ce99f877783179c0ffb8
SHA256 a850c3e81786dda3493b9fa1b655ee886a09d2b015c126a2980f14566236bf68
SHA512 5655f1b5eee5431974135e72e6a5efbfb4d3ab28f90c8cd5dab153fd6485bbe6c96fb46f84b0672e9e7c27670e2e389c1039632562c0a6bb94b4e5659d57fed2

C:\Users\Admin\AppData\Local\Temp\tmp240644234.exe

MD5 abfa48731cde27264da847fd29aa2cf0
SHA1 554891d7f158d51c5b2d801804740569cc632c54
SHA256 52c61766c164db9453917c2ecd083b53fe4056832c9dedbd96644d22f0e26eb0
SHA512 77264b73bf396871bfe5df92b13946e0653488c4f31a947b85f006ae23b66b6caf431a66d5244d2087e8015b35eaaa1aae1c6050c70c4cb13ce50ef49831aa87

memory/1188-10-0x0000000000400000-0x000000000041F000-memory.dmp

C:\odt\office2016setup.exe

MD5 8f09e90eb7e3d342cb9e73def3248bed
SHA1 e766f16aa3bb9c1830a4423697853f514da3b32a
SHA256 d1519081d01a9ab4f50a488517223508db0ebd107a46e105041db909277d00b0
SHA512 0384e26b140b5ffdd970d3478c38cc4119f8db8b6e3f5e8e2ee82bb3d79b0051f33377542f72068f3981780c6ebe7f75fd16c0a39ff2977edcd568eed29737e2

memory/4068-145-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4068-296-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4068-1044-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4068-1050-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4068-1110-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4068-1236-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4068-1390-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4068-1681-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4068-1989-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4068-2086-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4068-2309-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4068-2318-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4068-2388-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4068-2461-0x0000000000400000-0x000000000041B000-memory.dmp