Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/08/2024, 07:25 UTC

General

  • Target

    c86e15085144ad16a9a62bb67c4d4042_JaffaCakes118.dll

  • Size

    5.0MB

  • MD5

    c86e15085144ad16a9a62bb67c4d4042

  • SHA1

    15d3174e8b8f3dd171ef5fbc463fbcf6b588f60d

  • SHA256

    6a3f3dbadb3325deed042ff9f91ccc369e84d82a32c48bf2ecae3f2973adaa1c

  • SHA512

    89c34c1fb3671f03a1d9e7dc86cce920bece27243abaf15f12acabe95cdaa3e25dae16aa04dab8b581667668e8f426f3998fa75e1449e35e88c7f28a70a56e13

  • SSDEEP

    12288:yvbLgPlu+QhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7zw+K+D:SbLgddQhfdmMSirYbcMNgef0

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

  • Contacts a large (3303) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Executes dropped EXE 3 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c86e15085144ad16a9a62bb67c4d4042_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4308
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c86e15085144ad16a9a62bb67c4d4042_JaffaCakes118.dll,#1
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:396
      • C:\WINDOWS\mssecsvc.exe
        C:\WINDOWS\mssecsvc.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        PID:4440
        • C:\WINDOWS\tasksche.exe
          C:\WINDOWS\tasksche.exe /i
          4⤵
          • Executes dropped EXE
          PID:4944
  • C:\WINDOWS\mssecsvc.exe
    C:\WINDOWS\mssecsvc.exe -m security
    1⤵
    • Executes dropped EXE
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:4972

Network

  • flag-us
    DNS
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    mssecsvc.exe
    Remote address:
    8.8.8.8:53
    Request
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    IN A
    Response
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    IN A
    104.16.167.228
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    IN A
    104.16.166.228
  • flag-us
    GET
    http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/
    mssecsvc.exe
    Remote address:
    104.16.167.228:80
    Request
    GET / HTTP/1.1
    Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Date: Thu, 29 Aug 2024 07:25:51 GMT
    Content-Type: text/html
    Content-Length: 607
    Connection: close
    Server: cloudflare
    CF-RAY: 8baacf3cfb7094e7-LHR
  • flag-us
    GET
    http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/
    mssecsvc.exe
    Remote address:
    104.16.167.228:80
    Request
    GET / HTTP/1.1
    Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Date: Thu, 29 Aug 2024 07:25:51 GMT
    Content-Type: text/html
    Content-Length: 607
    Connection: close
    Server: cloudflare
    CF-RAY: 8baacf3dfa5a9455-LHR
  • flag-us
    DNS
    228.167.16.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.167.16.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    81.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.144.22.2.in-addr.arpa
    IN PTR
    Response
    81.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-81deploystaticakamaitechnologiescom
  • flag-us
    DNS
    68.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • DNS
    86.23.85.13.in-addr.arpa
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • DNS
    56.126.166.20.in-addr.arpa
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • DNS
    24.139.73.23.in-addr.arpa
    Request
    24.139.73.23.in-addr.arpa
    IN PTR
    Response
    24.139.73.23.in-addr.arpa
    IN PTR
    a23-73-139-24deploystaticakamaitechnologiescom
  • DNS
    73.144.22.2.in-addr.arpa
    Request
    73.144.22.2.in-addr.arpa
    IN PTR
    Response
    73.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-73deploystaticakamaitechnologiescom
  • DNS
    26.35.223.20.in-addr.arpa
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • DNS
    40.16.46.147.in-addr.arpa
    Request
    40.16.46.147.in-addr.arpa
    IN PTR
    Response
  • DNS
    1.94.61.191.in-addr.arpa
    Request
    1.94.61.191.in-addr.arpa
    IN PTR
    Response
  • DNS
    205.94.61.191.in-addr.arpa
    Request
    205.94.61.191.in-addr.arpa
    IN PTR
    Response
  • DNS
    tse1.mm.bing.net
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301233_1DW93FPGEP2PWMOD7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Request
    GET /th?id=OADD2.10239317301233_1DW93FPGEP2PWMOD7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 435187
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7800F3FC74C04D259F9D686BF9461045 Ref B: LON04EDGE0919 Ref C: 2024-08-29T07:27:31Z
    date: Thu, 29 Aug 2024 07:27:30 GMT
  • GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388105_129PTMAYKOFOO14GZ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Request
    GET /th?id=OADD2.10239339388105_129PTMAYKOFOO14GZ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 518597
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 636F0C34D9AD480489C167856610A454 Ref B: LON04EDGE0919 Ref C: 2024-08-29T07:27:31Z
    date: Thu, 29 Aug 2024 07:27:30 GMT
  • GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360432411_13QPWJ00JGY7I4CI1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Request
    GET /th?id=OADD2.10239360432411_13QPWJ00JGY7I4CI1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 754419
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 09B6ED727E084F80A373A8F08BB918D0 Ref B: LON04EDGE0919 Ref C: 2024-08-29T07:27:31Z
    date: Thu, 29 Aug 2024 07:27:30 GMT
  • GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360432410_1ZT9L3WG863INPZDE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Request
    GET /th?id=OADD2.10239360432410_1ZT9L3WG863INPZDE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 490098
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 6750A5CC08F049C8AF82E7FEA90C7648 Ref B: LON04EDGE0919 Ref C: 2024-08-29T07:27:31Z
    date: Thu, 29 Aug 2024 07:27:30 GMT
  • GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388106_1F0ISFAHTJZF5WFN1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Request
    GET /th?id=OADD2.10239339388106_1F0ISFAHTJZF5WFN1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 610666
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: CF4B265F28F7421D907E2488FF0104F1 Ref B: LON04EDGE0919 Ref C: 2024-08-29T07:27:31Z
    date: Thu, 29 Aug 2024 07:27:30 GMT
  • GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301642_146AN3TCLR6376QGX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Request
    GET /th?id=OADD2.10239317301642_146AN3TCLR6376QGX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 500661
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C1CAF737FF0D44259DB59BFDAB0BA4E7 Ref B: LON04EDGE0919 Ref C: 2024-08-29T07:27:32Z
    date: Thu, 29 Aug 2024 07:27:31 GMT
  • DNS
    10.28.171.150.in-addr.arpa
    Request
    10.28.171.150.in-addr.arpa
    IN PTR
    Response
  • DNS
    83.252.187.178.in-addr.arpa
    Request
    83.252.187.178.in-addr.arpa
    IN PTR
    Response
  • DNS
    2.94.61.191.in-addr.arpa
    Request
    2.94.61.191.in-addr.arpa
    IN PTR
    Response
  • DNS
    2.94.61.191.in-addr.arpa
    Request
    2.94.61.191.in-addr.arpa
    IN PTR
  • DNS
    2.94.61.191.in-addr.arpa
    Request
    2.94.61.191.in-addr.arpa
    IN PTR
  • DNS
    3.94.61.191.in-addr.arpa
    Request
    3.94.61.191.in-addr.arpa
    IN PTR
    Response
  • DNS
    4.94.61.191.in-addr.arpa
    Request
    4.94.61.191.in-addr.arpa
    IN PTR
    Response
  • DNS
    147.31.16.37.in-addr.arpa
    Request
    147.31.16.37.in-addr.arpa
    IN PTR
    Response
  • DNS
    1.31.16.37.in-addr.arpa
    Request
    1.31.16.37.in-addr.arpa
    IN PTR
    Response
  • DNS
    2.31.16.37.in-addr.arpa
    Request
    2.31.16.37.in-addr.arpa
    IN PTR
    Response
  • DNS
    5.94.61.191.in-addr.arpa
    Request
    5.94.61.191.in-addr.arpa
    IN PTR
    Response
  • DNS
    6.94.61.191.in-addr.arpa
    Request
    6.94.61.191.in-addr.arpa
    IN PTR
    Response
  • DNS
    3.31.16.37.in-addr.arpa
    Request
    3.31.16.37.in-addr.arpa
    IN PTR
  • 104.16.167.228:80
    http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/
    http
    mssecsvc.exe
    376 B
    990 B
    6
    5

    HTTP Request

    GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/

    HTTP Response

    200
  • 104.16.167.228:80
    http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/
    http
    mssecsvc.exe
    376 B
    990 B
    6
    5

    HTTP Request

    GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/

    HTTP Response

    200
  • 178.190.62.182:445
    mssecsvc.exe
    52 B
    1
  • 10.127.0.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.2.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.6.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.1.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.3.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.7.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.4.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.8.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.9.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.5.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.10.1:445
    mssecsvc.exe
    104 B
    2
  • 71.13.168.229:445
    mssecsvc.exe
    52 B
    1
  • 10.127.11.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.12.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.13.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.14.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.15.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.16.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.17.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.18.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.19.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.20.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.21.1:445
    mssecsvc.exe
    104 B
    2
  • 170.35.223.147:445
    mssecsvc.exe
    52 B
    1
  • 10.127.22.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.23.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.24.1:445
    mssecsvc.exe
    104 B
    2
  • 84.247.25.253:445
    mssecsvc.exe
    104 B
    2
  • 10.127.25.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.29.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.26.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.27.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.31.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.30.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.28.1:445
    mssecsvc.exe
    104 B
    2
  • 59.141.138.65:445
    mssecsvc.exe
    52 B
    1
  • 10.127.32.1:445
    mssecsvc.exe
    104 B
    2
  • 183.163.18.197:445
    mssecsvc.exe
    104 B
    2
  • 10.127.33.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.34.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.35.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.36.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.37.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.38.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.39.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.40.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.41.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.42.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.43.1:445
    mssecsvc.exe
    104 B
    2
  • 219.106.252.32:445
    mssecsvc.exe
    104 B
    2
  • 144.49.195.161:445
    mssecsvc.exe
    104 B
    2
  • 173.156.149.198:445
    mssecsvc.exe
    104 B
    2
  • 10.127.48.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.47.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.46.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.45.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.50.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.44.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.52.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.49.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.54.1:445
    mssecsvc.exe
    104 B
    2
  • 86.118.142.164:445
    mssecsvc.exe
    52 B
    1
  • 10.127.51.1:445
    mssecsvc.exe
    52 B
    1
  • 52.135.215.205:445
    mssecsvc.exe
    104 B
    2
  • 10.127.53.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.55.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.56.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.57.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.58.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.59.1:445
    mssecsvc.exe
    104 B
    2
  • 183.87.148.56:445
    mssecsvc.exe
    104 B
    2
  • 10.127.60.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.61.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.62.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.63.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.64.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.65.1:445
    mssecsvc.exe
    104 B
    2
  • 196.138.234.118:445
    mssecsvc.exe
    104 B
    2
  • 191.179.125.240:445
    mssecsvc.exe
    104 B
    2
  • 185.28.56.55:445
    mssecsvc.exe
    52 B
    1
  • 126.16.46.33:445
    mssecsvc.exe
    104 B
    2
  • 10.127.66.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.67.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.70.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.73.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.68.1:445
    mssecsvc.exe
    52 B
    1
  • 1.164.73.205:445
    mssecsvc.exe
    104 B
    2
  • 10.127.71.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.69.1:445
    mssecsvc.exe
    104 B
    2
  • 157.142.238.176:445
    mssecsvc.exe
    52 B
    1
  • 10.127.74.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.76.1:445
    mssecsvc.exe
    52 B
    1
  • 99.212.4.179:445
    mssecsvc.exe
    104 B
    2
  • 10.127.72.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.75.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.77.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.78.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.79.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.80.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.81.1:445
    mssecsvc.exe
    104 B
    2
  • 59.37.75.136:445
    mssecsvc.exe
    104 B
    2
  • 10.127.82.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.83.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.84.1:445
    mssecsvc.exe
    52 B
    1
  • 103.110.190.219:445
    mssecsvc.exe
    52 B
    1
  • 10.127.85.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.86.1:445
    mssecsvc.exe
    52 B
    1
  • 70.51.216.113:445
    mssecsvc.exe
    52 B
    1
  • 76.13.241.86:445
    mssecsvc.exe
    52 B
    1
  • 166.225.182.203:445
    mssecsvc.exe
    104 B
    2
  • 10.127.89.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.87.1:445
    mssecsvc.exe
    104 B
    2
  • 223.10.145.186:445
    mssecsvc.exe
    52 B
    1
  • 10.127.88.1:445
    mssecsvc.exe
    104 B
    2
  • 217.53.242.3:445
    mssecsvc.exe
    104 B
    2
  • 10.127.90.1:445
    mssecsvc.exe
    104 B
    2
  • 114.119.14.174:445
    mssecsvc.exe
    104 B
    2
  • 10.127.91.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.94.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.97.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.92.1:445
    mssecsvc.exe
    104 B
    2
  • 74.30.129.135:445
    mssecsvc.exe
    104 B
    2
  • 10.127.96.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.93.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.95.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.98.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.99.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.100.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.101.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.102.1:445
    mssecsvc.exe
    52 B
    1
  • 44.59.41.241:445
    mssecsvc.exe
    104 B
    2
  • 10.127.103.1:445
    mssecsvc.exe
    104 B
    2
  • 74.174.75.40:445
    mssecsvc.exe
    104 B
    2
  • 182.140.89.127:445
    mssecsvc.exe
    52 B
    1
  • 105.152.77.94:445
    mssecsvc.exe
    104 B
    2
  • 10.127.106.1:445
    mssecsvc.exe
    104 B
    2
  • 156.1.149.135:445
    mssecsvc.exe
    104 B
    2
  • 10.127.104.1:445
    mssecsvc.exe
    104 B
    2
  • 179.122.111.18:445
    mssecsvc.exe
    52 B
    1
  • 102.242.108.7:445
    mssecsvc.exe
    104 B
    2
  • 10.127.114.1:445
    mssecsvc.exe
    104 B
    2
  • 14.191.92.178:445
    mssecsvc.exe
    52 B
    1
  • 174.254.236.240:445
    mssecsvc.exe
    104 B
    2
  • 10.127.111.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.112.1:445
    mssecsvc.exe
    52 B
    1
  • 37.138.43.65:445
    mssecsvc.exe
    104 B
    2
  • 10.127.109.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.108.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.115.1:445
    mssecsvc.exe
    104 B
    2
  • 90.1.77.86:445
    mssecsvc.exe
    52 B
    1
  • 10.127.105.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.107.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.110.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.113.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.116.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.117.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.118.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.119.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.120.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.121.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.122.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.123.1:445
    mssecsvc.exe
    104 B
    2
  • 94.62.69.123:445
    mssecsvc.exe
    104 B
    2
  • 10.127.124.1:445
    mssecsvc.exe
    104 B
    2
  • 157.100.80.39:445
    mssecsvc.exe
    104 B
    2
  • 7.217.215.182:445
    mssecsvc.exe
    104 B
    2
  • 73.166.96.14:445
    mssecsvc.exe
    52 B
    1
  • 99.9.202.228:445
    mssecsvc.exe
    52 B
    1
  • 10.127.125.1:445
    mssecsvc.exe
    104 B
    2
  • 155.54.22.249:445
    mssecsvc.exe
    104 B
    2
  • 61.210.79.102:445
    mssecsvc.exe
    104 B
    2
  • 10.127.127.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.129.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.133.1:445
    mssecsvc.exe
    104 B
    2
  • 195.251.46.224:445
    mssecsvc.exe
    104 B
    2
  • 10.127.126.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.134.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.128.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.130.1:445
    mssecsvc.exe
    104 B
    2
  • 75.32.113.166:445
    mssecsvc.exe
    104 B
    2
  • 186.139.17.252:445
    mssecsvc.exe
    104 B
    2
  • 10.127.132.1:445
    mssecsvc.exe
    104 B
    2
  • 172.190.64.71:445
    mssecsvc.exe
    104 B
    2
  • 190.92.93.114:445
    mssecsvc.exe
    104 B
    2
  • 10.127.136.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.131.1:445
    mssecsvc.exe
    104 B
    2
  • 124.46.137.43:445
    mssecsvc.exe
    104 B
    2
  • 10.127.135.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.137.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.138.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.139.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.140.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.141.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.142.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.143.1:445
    mssecsvc.exe
    52 B
    1
  • 195.102.147.54:445
    mssecsvc.exe
    104 B
    2
  • 10.127.144.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.145.1:445
    mssecsvc.exe
    104 B
    2
  • 155.138.94.176:445
    mssecsvc.exe
    52 B
    1
  • 167.18.28.61:445
    mssecsvc.exe
    52 B
    1
  • 154.103.39.32:445
    mssecsvc.exe
    52 B
    1
  • 37.13.9.32:445
    mssecsvc.exe
    52 B
    1
  • 133.14.169.214:445
    mssecsvc.exe
    52 B
    1
  • 206.19.206.87:445
    mssecsvc.exe
    52 B
    1
  • 10.127.146.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.148.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.149.1:445
    mssecsvc.exe
    104 B
    2
  • 50.46.27.26:445
    mssecsvc.exe
    104 B
    2
  • 10.174.250.4:445
    mssecsvc.exe
    52 B
    1
  • 18.145.150.13:445
    mssecsvc.exe
    104 B
    2
  • 24.163.60.233:445
    mssecsvc.exe
    104 B
    2
  • 10.127.156.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.154.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.151.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.153.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.147.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.158.1:445
    mssecsvc.exe
    104 B
    2
  • 165.100.34.170:445
    mssecsvc.exe
    104 B
    2
  • 112.75.177.37:445
    mssecsvc.exe
    104 B
    2
  • 10.127.155.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.157.1:445
    mssecsvc.exe
    104 B
    2
  • 90.56.5.179:445
    mssecsvc.exe
    104 B
    2
  • 161.225.70.82:445
    mssecsvc.exe
    104 B
    2
  • 10.127.152.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.161.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.150.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.159.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.160.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.162.1:445
    mssecsvc.exe
    104 B
    2
  • 98.64.113.84:445
    mssecsvc.exe
    52 B
    1
  • 10.127.163.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.164.1:445
    mssecsvc.exe
    104 B
    2
  • 24.75.192.60:445
    mssecsvc.exe
    52 B
    1
  • 89.223.169.82:445
    mssecsvc.exe
    52 B
    1
  • 95.240.118.52:445
    mssecsvc.exe
    104 B
    2
  • 73.81.121.228:445
    mssecsvc.exe
    104 B
    2
  • 10.127.165.1:445
    mssecsvc.exe
    104 B
    2
  • 111.44.191.215:445
    mssecsvc.exe
    104 B
    2
  • 23.246.60.46:445
    mssecsvc.exe
    52 B
    1
  • 10.127.169.1:445
    mssecsvc.exe
    52 B
    1
  • 100.219.220.217:445
    mssecsvc.exe
    104 B
    2
  • 165.109.113.66:445
    mssecsvc.exe
    104 B
    2
  • 10.127.166.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.171.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.167.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.168.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.173.1:445
    mssecsvc.exe
    104 B
    2
  • 86.172.92.52:445
    mssecsvc.exe
    104 B
    2
  • 10.127.170.1:445
    mssecsvc.exe
    52 B
    1
  • 35.83.111.113:445
    mssecsvc.exe
    104 B
    2
  • 10.127.172.1:445
    mssecsvc.exe
    104 B
    2
  • 16.28.97.197:445
    mssecsvc.exe
    104 B
    2
  • 10.127.176.1:445
    mssecsvc.exe
    104 B
    2
  • 223.46.213.0:445
    mssecsvc.exe
    104 B
    2
  • 128.203.40.34:445
    mssecsvc.exe
    104 B
    2
  • 10.127.175.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.179.1:445
    mssecsvc.exe
    104 B
    2
  • 222.156.169.172:445
    mssecsvc.exe
    104 B
    2
  • 156.253.158.178:445
    mssecsvc.exe
    104 B
    2
  • 10.127.177.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.178.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.180.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.174.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.181.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.182.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.183.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.184.1:445
    mssecsvc.exe
    52 B
    1
  • 48.167.163.5:445
    mssecsvc.exe
    52 B
    1
  • 56.110.38.156:445
    mssecsvc.exe
    52 B
    1
  • 10.127.185.1:445
    mssecsvc.exe
    104 B
    2
  • 71.46.245.148:445
    mssecsvc.exe
    52 B
    1
  • 143.62.86.166:445
    mssecsvc.exe
    104 B
    2
  • 10.127.186.1:445
    mssecsvc.exe
    52 B
    1
  • 82.108.105.209:445
    mssecsvc.exe
    104 B
    2
  • 169.91.241.57:445
    mssecsvc.exe
    52 B
    1
  • 10.127.187.1:445
    mssecsvc.exe
    52 B
    1
  • 205.59.158.192:445
    mssecsvc.exe
    104 B
    2
  • 171.168.247.142:445
    mssecsvc.exe
    104 B
    2
  • 10.127.188.1:445
    mssecsvc.exe
    52 B
    1
  • 141.39.171.21:445
    mssecsvc.exe
    104 B
    2
  • 147.213.140.121:445
    mssecsvc.exe
    104 B
    2
  • 10.127.192.1:445
    mssecsvc.exe
    104 B
    2
  • 12.105.194.31:445
    mssecsvc.exe
    104 B
    2
  • 209.177.27.247:445
    mssecsvc.exe
    104 B
    2
  • 149.207.44.200:445
    mssecsvc.exe
    104 B
    2
  • 10.127.196.1:445
    mssecsvc.exe
    52 B
    1
  • 139.180.123.215:445
    mssecsvc.exe
    104 B
    2
  • 82.185.227.165:445
    mssecsvc.exe
    104 B
    2
  • 10.127.200.1:445
    mssecsvc.exe
    104 B
    2
  • 16.144.46.36:445
    mssecsvc.exe
    104 B
    2
  • 104.246.184.220:445
    mssecsvc.exe
    104 B
    2
  • 10.127.197.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.191.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.199.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.189.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.190.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.193.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.194.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.195.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.198.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.201.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.202.1:445
    mssecsvc.exe
    104 B
    2
  • 51.46.247.132:445
    mssecsvc.exe
    104 B
    2
  • 213.6.166.154:445
    mssecsvc.exe
    104 B
    2
  • 10.127.203.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.204.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.205.1:445
    mssecsvc.exe
    104 B
    2
  • 79.28.177.27:445
    mssecsvc.exe
    52 B
    1
  • 208.64.16.129:445
    mssecsvc.exe
    104 B
    2
  • 29.37.58.154:445
    mssecsvc.exe
    104 B
    2
  • 10.127.206.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.207.1:445
    mssecsvc.exe
    104 B
    2
  • 40.124.5.163:445
    mssecsvc.exe
    52 B
    1
  • 36.189.48.12:445
    mssecsvc.exe
    104 B
    2
  • 10.127.208.1:445
    mssecsvc.exe
    104 B
    2
  • 83.111.79.251:445
    mssecsvc.exe
    52 B
    1
  • 179.202.150.228:445
    mssecsvc.exe
    104 B
    2
  • 10.127.209.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.210.1:445
    mssecsvc.exe
    52 B
    1
  • 7.80.1.132:445
    mssecsvc.exe
    52 B
    1
  • 221.150.196.2:445
    mssecsvc.exe
    52 B
    1
  • 166.206.193.134:445
    mssecsvc.exe
    104 B
    2
  • 211.86.114.42:445
    mssecsvc.exe
    104 B
    2
  • 10.127.213.1:445
    mssecsvc.exe
    104 B
    2
  • 117.40.120.2:445
    mssecsvc.exe
    104 B
    2
  • 48.105.189.242:445
    mssecsvc.exe
    104 B
    2
  • 10.127.211.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.212.1:445
    mssecsvc.exe
    104 B
    2
  • 156.234.115.135:445
    mssecsvc.exe
    104 B
    80 B
    2
    2
  • 10.127.215.1:445
    mssecsvc.exe
    52 B
    1
  • 202.208.3.94:445
    mssecsvc.exe
    104 B
    2
  • 62.251.17.254:445
    mssecsvc.exe
    104 B
    2
  • 10.127.216.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.214.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.220.1:445
    mssecsvc.exe
    104 B
    2
  • 211.234.54.16:445
    mssecsvc.exe
    104 B
    2
  • 52.181.174.163:445
    mssecsvc.exe
    104 B
    2
  • 10.127.222.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.218.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.217.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.223.1:445
    mssecsvc.exe
    104 B
    2
  • 182.196.244.227:445
    mssecsvc.exe
    104 B
    2
  • 10.127.219.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.221.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.224.1:445
    mssecsvc.exe
    104 B
    2
  • 30.91.184.162:445
    mssecsvc.exe
    104 B
    2
  • 10.127.225.1:445
    mssecsvc.exe
    104 B
    2
  • 187.51.200.200:445
    mssecsvc.exe
    104 B
    2
  • 63.161.47.128:445
    mssecsvc.exe
    52 B
    1
  • 115.42.238.180:445
    mssecsvc.exe
    104 B
    2
  • 166.212.44.184:445
    mssecsvc.exe
    104 B
    2
  • 86.2.79.191:445
    mssecsvc.exe
    104 B
    2
  • 93.184.147.135:445
    mssecsvc.exe
    104 B
    2
  • 10.127.229.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.226.1:445
    mssecsvc.exe
    104 B
    2
  • 195.75.163.220:445
    mssecsvc.exe
    104 B
    2
  • 78.30.61.126:445
    mssecsvc.exe
    104 B
    2
  • 10.127.231.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.230.1:445
    mssecsvc.exe
    52 B
    1
  • 89.221.206.222:445
    mssecsvc.exe
    104 B
    80 B
    2
    2
  • 100.194.152.168:445
    mssecsvc.exe
    104 B
    2
  • 10.127.227.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.228.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.233.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.232.1:445
    mssecsvc.exe
    104 B
    2
  • 144.121.139.117:445
    mssecsvc.exe
    52 B
    1
  • 175.164.148.24:445
    mssecsvc.exe
    52 B
    1
  • 10.127.235.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.234.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.237.1:445
    mssecsvc.exe
    104 B
    2
  • 214.42.36.161:445
    mssecsvc.exe
    52 B
    1
  • 72.109.135.51:445
    mssecsvc.exe
    104 B
    2
  • 180.169.230.96:445
    mssecsvc.exe
    104 B
    2
  • 166.183.195.1:445
    mssecsvc.exe
    104 B
    2
  • 57.115.107.151:445
    mssecsvc.exe
    104 B
    2
  • 62.40.40.163:445
    mssecsvc.exe
    104 B
    2
  • 10.127.241.1:445
    mssecsvc.exe
    104 B
    2
  • 56.138.60.243:445
    mssecsvc.exe
    104 B
    2
  • 10.127.238.1:445
    mssecsvc.exe
    52 B
    1
  • 27.81.241.149:445
    mssecsvc.exe
    104 B
    2
  • 10.127.239.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.236.1:445
    mssecsvc.exe
    52 B
    1
  • 108.233.163.144:445
    mssecsvc.exe
    104 B
    2
  • 138.213.253.181:445
    mssecsvc.exe
    104 B
    2
  • 10.127.240.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.242.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.243.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.244.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.245.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.246.1:445
    mssecsvc.exe
    104 B
    2
  • 135.182.126.241:445
    mssecsvc.exe
    52 B
    1
  • 29.246.67.70:445
    mssecsvc.exe
    104 B
    2
  • 120.207.63.226:445
    mssecsvc.exe
    104 B
    2
  • 67.160.220.141:445
    mssecsvc.exe
    104 B
    2
  • 107.194.6.150:445
    mssecsvc.exe
    52 B
    1
  • 152.52.22.220:445
    mssecsvc.exe
    104 B
    2
  • 10.127.249.1:445
    mssecsvc.exe
    104 B
    2
  • 55.216.228.140:445
    mssecsvc.exe
    104 B
    2
  • 92.148.179.145:445
    mssecsvc.exe
    104 B
    2
  • 192.143.44.54:445
    mssecsvc.exe
    104 B
    80 B
    2
    2
  • 10.127.247.1:445
    mssecsvc.exe
    104 B
    2
  • 24.224.144.252:445
    mssecsvc.exe
    104 B
    2
  • 1.58.157.159:445
    mssecsvc.exe
    104 B
    2
  • 10.127.248.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.253.1:445
    mssecsvc.exe
    52 B
    1
  • 10.127.254.1:445
    mssecsvc.exe
    104 B
    2
  • 10.127.250.1:445
    mssecsvc.exe
    104 B
    2
  • 93.203.126.188:445
    mssecsvc.exe
    52 B
    1
  • 129.103.76.105:445
    mssecsvc.exe
    52 B
    1
  • 20.56.31.113:445
    mssecsvc.exe
    104 B
    2
  • 10.127.1.2:445
    mssecsvc.exe
    52 B
    1
  • 168.114.72.102:445
    mssecsvc.exe
    104 B
    2
  • 10.127.251.1:445
    mssecsvc.exe
    104 B
    2
  • 26.193.150.159:445
    mssecsvc.exe
    104 B
    2
  • 10.127.252.1:445
    mssecsvc.exe
    104 B
    2
  • 34.147.117.249:445
    mssecsvc.exe
    52 B
    1
  • 137.169.130.96:445
    mssecsvc.exe
    104 B
    2
  • 99.243.19.109:445
    mssecsvc.exe
    104 B
    2
  • 10.127.0.2:445
    mssecsvc.exe
    104 B
    2
  • 10.127.255.1:445
    mssecsvc.exe
    52 B
    1
  • 3.221.34.190:445
    mssecsvc.exe
    52 B
    1
  • 171.96.117.74:445
    mssecsvc.exe
    52 B
    1
  • 10.127.2.2:445
    mssecsvc.exe
    104 B
    2
  • 89.93.44.152:445
    mssecsvc.exe
    104 B
    2
  • 10.127.3.2:445
    mssecsvc.exe
    104 B
    2
  • 10.127.6.2:445
    mssecsvc.exe
    104 B
    2
  • 26.35.181.82:445
    mssecsvc.exe
    104 B
    2
  • 164.139.213.126:445
    mssecsvc.exe
    104 B
    2
  • 10.127.4.2:445
    mssecsvc.exe
    104 B
    2
  • 10.127.5.2:445
    mssecsvc.exe
    104 B
    2
  • 10.127.7.2:445
    mssecsvc.exe
    104 B
    2
  • 10.127.8.2:445
    mssecsvc.exe
    52 B
    1
  • 10.127.9.2:445
    mssecsvc.exe
    104 B
    2
  • 10.127.10.2:445
    mssecsvc.exe
    104 B
    2
  • 10.127.11.2:445
    mssecsvc.exe
    52 B
    1
  • 23.16.225.88:445
    mssecsvc.exe
    104 B
    2
  • 163.204.154.88:445
    mssecsvc.exe
    104 B
    2
  • 74.185.89.253:445
    mssecsvc.exe
    52 B
    1
  • 10.127.12.2:445
    mssecsvc.exe
    104 B
    2
  • 182.70.194.95:445
    mssecsvc.exe
    104 B
    2
  • 29.182.75.200:445
    mssecsvc.exe
    52 B
    1
  • 7.48.115.67:445
    mssecsvc.exe
    52 B
    1
  • 10.127.13.2:445
    mssecsvc.exe
    52 B
    1
  • 205.167.208.34:445
    mssecsvc.exe
    104 B
    2
  • 197.77.144.199:445
    mssecsvc.exe
    104 B
    2
  • 43.137.103.10:445
    mssecsvc.exe
    104 B
    2
  • 42.157.79.216:445
    mssecsvc.exe
    104 B
    2
  • 87.135.100.85:445
    mssecsvc.exe
    104 B
    2
  • 24.237.74.158:445
    mssecsvc.exe
    104 B
    2
  • 10.127.14.2:445
    mssecsvc.exe
    104 B
    2
  • 10.127.15.2:445
    mssecsvc.exe
    104 B
    2
  • 10.127.16.2:445
    mssecsvc.exe
    104 B
    2
  • 10.127.17.2:445
    mssecsvc.exe
    104 B
    2
  • 10.127.18.2:445
    mssecsvc.exe
    52 B
    1
  • 10.127.19.2:445
    mssecsvc.exe
    52 B
    1
  • 103.232.124.159:445
    mssecsvc.exe
    104 B
    2
  • 141.17.207.40:445
    mssecsvc.exe
    104 B
    2
  • 10.127.20.2:445
    mssecsvc.exe
    104 B
    2
  • 10.127.21.2:445
    mssecsvc.exe
    52 B
    1
  • 10.127.22.2:445
    mssecsvc.exe
    104 B
    2
  • 152.249.212.91:445
    mssecsvc.exe
    104 B
    2
  • 135.4.75.219:445
    mssecsvc.exe
    104 B
    2
  • 10.127.23.2:445
    mssecsvc.exe
    52 B
    1
  • 99.79.246.236:445
    mssecsvc.exe
    104 B
    2
  • 10.127.24.2:445
    mssecsvc.exe
    52 B
    1
  • 110.118.249.159:445
    mssecsvc.exe
    104 B
    2
  • 8.25.223.102:445
    mssecsvc.exe
    104 B
    2
  • 10.127.25.2:445
    mssecsvc.exe
    104 B
    2
  • 81.125.177.243:445
    mssecsvc.exe
    52 B
    1
  • 10.127.26.2:445
    mssecsvc.exe
    104 B
    2
  • 193.77.204.81:445
    mssecsvc.exe
    104 B
    2
  • 163.173.178.112:445
    mssecsvc.exe
    104 B
    2
  • 10.127.27.2:445
    mssecsvc.exe
    104 B
    2
  • 42.245.98.184:445
    mssecsvc.exe
    104 B
    2
  • 10.127.28.2:445
    mssecsvc.exe
    52 B
    1
  • 101.92.109.92:445
    mssecsvc.exe
    104 B
    2
  • 94.149.232.237:445
    mssecsvc.exe
    104 B
    2
  • 90.171.165.107:445
    mssecsvc.exe
    104 B
    2
  • 10.127.29.2:445
    mssecsvc.exe
    104 B
    2
  • 10.127.30.2:445
    mssecsvc.exe
    52 B
    1
  • 10.127.31.2:445
    mssecsvc.exe
    52 B
    1
  • 71.75.71.133:445
    mssecsvc.exe
    104 B
    2
  • 183.240.171.227:445
    mssecsvc.exe
    104 B
    2
  • 217.193.92.200:445
    mssecsvc.exe
    104 B
    2
  • 134.166.188.161:445
    mssecsvc.exe
    52 B
    1
  • 19.173.118.129:445
    mssecsvc.exe
    52 B
    1
  • 10.127.32.2:445
    mssecsvc.exe
    52 B
    1
  • 94.24.223.251:445
    mssecsvc.exe
    104 B
    2
  • 52.169.46.170:445
    mssecsvc.exe
    52 B
    1
  • 158.64.50.226:445
    mssecsvc.exe
    104 B
    2
  • 8.8.8.8:53
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    dns
    mssecsvc.exe
    95 B
    127 B
    1
    1

    DNS Request

    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

    DNS Response

    104.16.167.228
    104.16.166.228

  • 8.8.8.8:53
    228.167.16.104.in-addr.arpa
    dns
    73 B
    135 B
    1
    1

    DNS Request

    228.167.16.104.in-addr.arpa

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    81.144.22.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    81.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    68.159.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    68.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\mssecsvc.exe

    Filesize

    3.6MB

    MD5

    2dd2f810f4a7a89c3488d7be73169d12

    SHA1

    36635df9fe5148f6e11c2b4021c70b4dd204e2a7

    SHA256

    05cdee7b2e4c71f6adc2676a29ad3b8b164bb8a29f8e36c046e2502290649f84

    SHA512

    d1dccc472c0c0aedff58403d7e08c65f62414b53695282dc8b9f59c593ab6fbfbd3b77726e87c5258ca4700686fb27a270677f2e2b4384555dfc5bfb34e590ad

  • C:\Windows\tasksche.exe

    Filesize

    3.4MB

    MD5

    7f51e2c3f9cd8c9561e549d58508668f

    SHA1

    c7e69712737307515a3d56c5d25d43e968130d46

    SHA256

    8a5c69817d0b09acfc0ae921969b0607d6937ade6898f6364bced0341843cd52

    SHA512

    fcea49a0b7596e0bab3289b3b68c23b681f952ba8cc8432fe85393fbc5acffe4bb10d7425aa7e3dd510fb73903945e8e978023d2ee090e26206d91975cf6b39a

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.