wannacry | bdeae3c6294bd25dbc5b5f2788548634346af58e55722bb04db997e5ad056bd8

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/08/2024, 10:40 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

caac065b2034b4bcecfdfebb6280b749_JaffaCakes118.dll
Size

5.0MB
MD5

caac065b2034b4bcecfdfebb6280b749
SHA1

f80d8648c5229a135bc4e1c6ef89c793510663f1
SHA256

bdeae3c6294bd25dbc5b5f2788548634346af58e55722bb04db997e5ad056bd8
SHA512

1c687bd44618f201fb18e1571695052eef806eb252a63dfd7228c672d996b99aa35b3036530f7432555c0f48a0923c78522c1fd4478d5ce21c933898e1407b2a
SSDEEP

24576:SbLgddQhfdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLKz6626lX6SASk+RdhAlO6b:SnAQqMSPbcBVQej/1INRM6SAARdhc

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Contacts a large (3332) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Executes dropped EXE 3 IoCs

pid	Process
1560	mssecsvc.exe
1544	mssecsvc.exe
4948	tasksche.exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\tasksche.exe	mssecsvc.exe
File created	C:\WINDOWS\mssecsvc.exe	rundll32.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	mssecsvc.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 4824	2784	rundll32.exe	84
PID 2784 wrote to memory of 4824	2784	rundll32.exe	84
PID 2784 wrote to memory of 4824	2784	rundll32.exe	84
PID 4824 wrote to memory of 1560	4824	rundll32.exe	85
PID 4824 wrote to memory of 1560	4824	rundll32.exe	85
PID 4824 wrote to memory of 1560	4824	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\caac065b2034b4bcecfdfebb6280b749_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\caac065b2034b4bcecfdfebb6280b749_JaffaCakes118.dll,#1
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4824
- - C:\WINDOWS\mssecsvc.exe
    C:\WINDOWS\mssecsvc.exe
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:1560
  - - C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      4⤵
      Executes dropped EXE
      PID:4948

C:\WINDOWS\mssecsvc.exe
C:\WINDOWS\mssecsvc.exe -m security
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:1544

Network

DNS

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

mssecsvc.exe

Remote address:

8.8.8.8:53

Request

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

IN A

Response

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

IN A

104.16.167.228

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

IN A

104.16.166.228
GET

http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/

mssecsvc.exe

Remote address:

104.16.167.228:80

Request

GET / HTTP/1.1
Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 30 Aug 2024 10:40:45 GMT
Content-Type: text/html
Content-Length: 607
Connection: close
Server: cloudflare
CF-RAY: 8bb42a1a98c5651e-LHR
GET

http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/

mssecsvc.exe

Remote address:

104.16.167.228:80

Request

GET / HTTP/1.1
Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 30 Aug 2024 10:40:45 GMT
Content-Type: text/html
Content-Length: 607
Connection: close
Server: cloudflare
CF-RAY: 8bb42a1b9b38417d-LHR
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

228.167.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.167.16.104.in-addr.arpa

IN PTR

Response
DNS

73.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.144.22.2.in-addr.arpa

IN PTR

Response

73.144.22.2.in-addr.arpa

IN PTR

a2-22-144-73deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

65.139.73.23.in-addr.arpa

Request

65.139.73.23.in-addr.arpa

IN PTR

Response

65.139.73.23.in-addr.arpa

IN PTR

a23-73-139-65deploystaticakamaitechnologiescom
DNS

205.47.74.20.in-addr.arpa

Request

205.47.74.20.in-addr.arpa

IN PTR

Response
DNS

216.215.183.182.in-addr.arpa

Request

216.215.183.182.in-addr.arpa

IN PTR

Response
DNS

5.215.183.182.in-addr.arpa

Request

5.215.183.182.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360607763_1FO0BOSDEQ7YV4Y6R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Request

GET /th?id=OADD2.10239360607763_1FO0BOSDEQ7YV4Y6R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 759603
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 883AF5B6D2224048A42D2D5A716011E8 Ref B: LON04EDGE0619 Ref C: 2024-08-30T10:42:25Z
date: Fri, 30 Aug 2024 10:42:24 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360607761_1X7SCS2IJANBBPHGW&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Request

GET /th?id=OADD2.10239360607761_1X7SCS2IJANBBPHGW&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 928899
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E39F582D64F842289C800917D4A4B688 Ref B: LON04EDGE0619 Ref C: 2024-08-30T10:42:25Z
date: Fri, 30 Aug 2024 10:42:24 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418587_1WAY0EU9WVN81W6N5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Request

GET /th?id=OADD2.10239340418587_1WAY0EU9WVN81W6N5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 706074
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C01C83A3969E48739A64F7F10EFEA0FE Ref B: LON04EDGE0619 Ref C: 2024-08-30T10:42:25Z
date: Fri, 30 Aug 2024 10:42:24 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301323_1AVULELNRKG9EH3DR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Request

GET /th?id=OADD2.10239317301323_1AVULELNRKG9EH3DR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 675761
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8F6EB04761564A8E9FA4D8D3BEF21586 Ref B: LON04EDGE0619 Ref C: 2024-08-30T10:42:25Z
date: Fri, 30 Aug 2024 10:42:24 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301732_1XU9VS499YTY2RBMB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Request

GET /th?id=OADD2.10239317301732_1XU9VS499YTY2RBMB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 552873
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B7DA09E55A9B445589FBAA4D6E49CA2C Ref B: LON04EDGE0619 Ref C: 2024-08-30T10:42:25Z
date: Fri, 30 Aug 2024 10:42:24 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418588_1PJ4HLSB51V9JOSDD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Request

GET /th?id=OADD2.10239340418588_1PJ4HLSB51V9JOSDD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 780589
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 46FD038FF74042CBBEC752B45EFCE7AB Ref B: LON04EDGE0619 Ref C: 2024-08-30T10:42:26Z
date: Fri, 30 Aug 2024 10:42:25 GMT
DNS

10.28.171.150.in-addr.arpa

Request

10.28.171.150.in-addr.arpa

IN PTR

Response
DNS

9.215.183.182.in-addr.arpa

Request

9.215.183.182.in-addr.arpa

IN PTR

Response
DNS

14.215.183.182.in-addr.arpa

Request

14.215.183.182.in-addr.arpa

IN PTR

Response
DNS

28.215.183.182.in-addr.arpa

Request

28.215.183.182.in-addr.arpa

IN PTR

Response
DNS

28.215.183.182.in-addr.arpa

Request

28.215.183.182.in-addr.arpa

IN PTR
DNS

30.215.183.182.in-addr.arpa

Request

30.215.183.182.in-addr.arpa

IN PTR

Response

104.16.167.228:80

http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/

http

mssecsvc.exe

376 B
990 B
6
5

HTTP Request

GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/

HTTP Response

200
104.16.167.228:80

http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/

http

mssecsvc.exe

468 B
990 B
8
5

HTTP Request

GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/

HTTP Response

200
162.150.35.204:445

mssecsvc.exe

52 B
1
10.127.0.1:445

mssecsvc.exe

52 B
1
10.127.2.1:445

mssecsvc.exe

52 B
1
10.127.1.1:445

mssecsvc.exe

52 B
1
10.127.3.1:445

mssecsvc.exe

52 B
1
10.127.4.1:445

mssecsvc.exe

104 B
2
10.127.5.1:445

mssecsvc.exe

104 B
2
10.127.6.1:445

mssecsvc.exe

104 B
2
10.127.7.1:445

mssecsvc.exe

52 B
1
10.127.8.1:445

mssecsvc.exe

104 B
2
10.127.9.1:445

mssecsvc.exe

52 B
1
10.127.10.1:445

mssecsvc.exe

52 B
1
10.127.11.1:445

mssecsvc.exe

104 B
2
10.127.12.1:445

mssecsvc.exe

52 B
1
82.196.71.25:445

mssecsvc.exe

104 B
2
10.127.13.1:445

mssecsvc.exe

52 B
1
10.127.14.1:445

mssecsvc.exe

52 B
1
10.127.15.1:445

mssecsvc.exe

52 B
1
10.127.16.1:445

mssecsvc.exe

52 B
1
10.127.17.1:445

mssecsvc.exe

52 B
1
10.127.18.1:445

mssecsvc.exe

52 B
1
10.127.19.1:445

mssecsvc.exe

104 B
2
10.127.20.1:445

mssecsvc.exe

104 B
2
10.127.21.1:445

mssecsvc.exe

104 B
2
66.221.146.125:445

mssecsvc.exe

104 B
2
10.127.22.1:445

mssecsvc.exe

104 B
2
10.127.23.1:445

mssecsvc.exe

104 B
2
154.72.13.48:445

mssecsvc.exe

104 B
2
10.127.26.1:445

mssecsvc.exe

104 B
2
10.127.24.1:445

mssecsvc.exe

104 B
2
10.127.25.1:445

mssecsvc.exe

104 B
2
10.127.27.1:445

mssecsvc.exe

104 B
2
10.127.28.1:445

mssecsvc.exe

104 B
2
10.127.29.1:445

mssecsvc.exe

104 B
2
10.127.30.1:445

mssecsvc.exe

52 B
1
10.127.31.1:445

mssecsvc.exe

52 B
1
10.127.32.1:445

mssecsvc.exe

104 B
2
10.127.33.1:445

mssecsvc.exe

52 B
1
132.94.162.136:445

mssecsvc.exe

52 B
1
179.46.61.250:445

mssecsvc.exe

104 B
2
10.127.37.1:445

mssecsvc.exe

52 B
1
10.127.38.1:445

mssecsvc.exe

52 B
1
10.127.34.1:445

mssecsvc.exe

52 B
1
10.127.40.1:445

mssecsvc.exe

52 B
1
10.127.35.1:445

mssecsvc.exe

52 B
1
149.231.47.178:445

mssecsvc.exe

52 B
1
10.127.36.1:445

mssecsvc.exe

104 B
2
10.127.39.1:445

mssecsvc.exe

104 B
2
10.127.41.1:445

mssecsvc.exe

104 B
2
172.1.197.145:445

mssecsvc.exe

52 B
1
10.127.43.1:445

mssecsvc.exe

104 B
2
10.127.46.1:445

mssecsvc.exe

52 B
1
165.208.137.225:445

mssecsvc.exe

104 B
2
10.127.42.1:445

mssecsvc.exe

52 B
1
10.127.47.1:445

mssecsvc.exe

104 B
2
10.127.44.1:445

mssecsvc.exe

52 B
1
10.127.45.1:445

mssecsvc.exe

104 B
2
10.127.48.1:445

mssecsvc.exe

104 B
2
10.127.49.1:445

mssecsvc.exe

52 B
1
10.127.50.1:445

mssecsvc.exe

104 B
2
10.127.51.1:445

mssecsvc.exe

52 B
1
10.127.52.1:445

mssecsvc.exe

52 B
1
10.127.53.1:445

mssecsvc.exe

52 B
1
10.127.54.1:445

mssecsvc.exe

52 B
1
186.205.213.161:445

mssecsvc.exe

52 B
1
192.135.22.236:445

mssecsvc.exe

52 B
1
10.127.55.1:445

mssecsvc.exe

104 B
2
124.219.128.18:445

mssecsvc.exe

104 B
80 B
2
2
10.127.57.1:445

mssecsvc.exe

52 B
1
10.127.58.1:445

mssecsvc.exe

104 B
2
10.127.60.1:445

mssecsvc.exe

104 B
2
10.127.56.1:445

mssecsvc.exe

104 B
2
161.86.11.253:445

mssecsvc.exe

52 B
1
10.127.61.1:445

mssecsvc.exe

104 B
2
10.127.64.1:445

mssecsvc.exe

52 B
1
10.127.62.1:445

mssecsvc.exe

52 B
1
10.127.65.1:445

mssecsvc.exe

104 B
2
10.127.66.1:445

mssecsvc.exe

104 B
2
93.240.10.129:445

mssecsvc.exe

104 B
80 B
2
2
10.127.59.1:445

mssecsvc.exe

104 B
2
193.99.237.167:445

mssecsvc.exe

52 B
1
10.127.63.1:445

mssecsvc.exe

104 B
2
10.127.67.1:445

mssecsvc.exe

104 B
2
10.127.68.1:445

mssecsvc.exe

104 B
2
10.127.69.1:445

mssecsvc.exe

104 B
2
10.127.70.1:445

mssecsvc.exe

104 B
2
222.106.28.115:445

mssecsvc.exe

52 B
1
10.127.71.1:445

mssecsvc.exe

104 B
2
10.127.72.1:445

mssecsvc.exe

52 B
1
10.127.73.1:445

mssecsvc.exe

52 B
1
10.127.74.1:445

mssecsvc.exe

104 B
2
10.127.75.1:445

mssecsvc.exe

104 B
2
10.127.76.1:445

mssecsvc.exe

104 B
2
50.233.63.243:445

mssecsvc.exe

104 B
2
36.4.16.51:445

mssecsvc.exe

52 B
1
10.127.78.1:445

mssecsvc.exe

52 B
1
38.223.217.112:445

mssecsvc.exe

52 B
1
222.23.165.39:445

mssecsvc.exe

104 B
2
10.127.79.1:445

mssecsvc.exe

104 B
2
10.127.83.1:445

mssecsvc.exe

104 B
2
10.127.77.1:445

mssecsvc.exe

52 B
1
81.229.63.73:445

mssecsvc.exe

104 B
2
10.127.84.1:445

mssecsvc.exe

104 B
2
10.127.81.1:445

mssecsvc.exe

104 B
2
10.127.80.1:445

mssecsvc.exe

52 B
1
10.127.82.1:445

mssecsvc.exe

52 B
1
154.58.78.2:445

mssecsvc.exe

104 B
2
10.127.86.1:445

mssecsvc.exe

104 B
2
10.127.87.1:445

mssecsvc.exe

104 B
2
184.246.188.95:445

mssecsvc.exe

104 B
2
10.127.85.1:445

mssecsvc.exe

104 B
2
10.127.88.1:445

mssecsvc.exe

52 B
1
10.127.89.1:445

mssecsvc.exe

52 B
1
10.127.90.1:445

mssecsvc.exe

52 B
1
222.4.147.185:445

mssecsvc.exe

104 B
2
10.127.91.1:445

mssecsvc.exe

52 B
1
10.127.92.1:445

mssecsvc.exe

104 B
2
10.127.93.1:445

mssecsvc.exe

104 B
2
29.88.221.55:445

mssecsvc.exe

52 B
1
10.127.94.1:445

mssecsvc.exe

52 B
1
10.127.95.1:445

mssecsvc.exe

52 B
1
10.127.96.1:445

mssecsvc.exe

104 B
2
15.180.99.124:445

mssecsvc.exe

104 B
2
16.220.86.8:445

mssecsvc.exe

104 B
2
10.127.97.1:445

mssecsvc.exe

52 B
1
10.127.98.1:445

mssecsvc.exe

104 B
2
37.59.16.38:445

mssecsvc.exe

104 B
2
10.127.102.1:445

mssecsvc.exe

104 B
2
10.127.99.1:445

mssecsvc.exe

52 B
1
10.127.103.1:445

mssecsvc.exe

104 B
2
201.53.243.3:445

mssecsvc.exe

104 B
2
55.179.145.76:445

mssecsvc.exe

104 B
2
10.127.105.1:445

mssecsvc.exe

104 B
2
10.127.100.1:445

mssecsvc.exe

104 B
2
10.127.107.1:445

mssecsvc.exe

104 B
2
3.186.60.91:445

mssecsvc.exe

104 B
2
10.127.101.1:445

mssecsvc.exe

104 B
2
10.127.104.1:445

mssecsvc.exe

104 B
2
10.127.106.1:445

mssecsvc.exe

104 B
2
10.127.108.1:445

mssecsvc.exe

52 B
1
118.226.5.34:445

mssecsvc.exe

104 B
2
10.127.109.1:445

mssecsvc.exe

52 B
1
10.127.110.1:445

mssecsvc.exe

104 B
2
115.49.250.39:445

mssecsvc.exe

104 B
2
10.127.111.1:445

mssecsvc.exe

104 B
2
10.127.112.1:445

mssecsvc.exe

104 B
2
10.127.113.1:445

mssecsvc.exe

104 B
2
134.230.114.218:445

mssecsvc.exe

104 B
2
10.127.114.1:445

mssecsvc.exe

104 B
2
10.127.115.1:445

mssecsvc.exe

104 B
2
160.17.125.188:445

mssecsvc.exe

104 B
2
84.85.24.102:445

mssecsvc.exe

104 B
2
10.127.116.1:445

mssecsvc.exe

52 B
1
10.127.119.1:445

mssecsvc.exe

52 B
1
10.127.120.1:445

mssecsvc.exe

104 B
2
109.73.14.106:445

mssecsvc.exe

52 B
1
10.127.117.1:445

mssecsvc.exe

104 B
2
180.49.238.162:445

mssecsvc.exe

52 B
1
217.163.250.216:445

mssecsvc.exe

52 B
1
10.127.118.1:445

mssecsvc.exe

52 B
1
10.127.122.1:445

mssecsvc.exe

52 B
1
24.27.144.103:445

mssecsvc.exe

52 B
1
188.62.219.111:445

mssecsvc.exe

104 B
2
10.127.121.1:445

mssecsvc.exe

104 B
2
93.73.54.124:445

mssecsvc.exe

104 B
2
87.213.69.27:445

mssecsvc.exe

104 B
2
10.127.130.1:445

mssecsvc.exe

52 B
1
134.232.47.69:445

mssecsvc.exe

52 B
1
166.176.242.4:445

mssecsvc.exe

52 B
1
10.127.123.1:445

mssecsvc.exe

52 B
1
10.127.124.1:445

mssecsvc.exe

52 B
1
10.127.125.1:445

mssecsvc.exe

52 B
1
10.127.126.1:445

mssecsvc.exe

52 B
1
10.127.127.1:445

mssecsvc.exe

52 B
1
10.127.128.1:445

mssecsvc.exe

52 B
1
10.127.129.1:445

mssecsvc.exe

104 B
2
10.127.131.1:445

mssecsvc.exe

104 B
2
10.127.132.1:445

mssecsvc.exe

52 B
1
10.127.133.1:445

mssecsvc.exe

104 B
2
138.112.124.231:445

mssecsvc.exe

104 B
2
24.233.147.207:445

mssecsvc.exe

104 B
2
11.199.225.51:445

mssecsvc.exe

104 B
2
211.20.180.92:445

mssecsvc.exe

104 B
2
205.227.203.168:445

mssecsvc.exe

104 B
2
10.127.134.1:445

mssecsvc.exe

104 B
2
152.219.52.214:445

mssecsvc.exe

104 B
2
10.127.135.1:445

mssecsvc.exe

104 B
2
10.127.137.1:445

mssecsvc.exe

104 B
2
10.127.139.1:445

mssecsvc.exe

104 B
2
200.148.239.228:445

mssecsvc.exe

52 B
1
10.127.138.1:445

mssecsvc.exe

104 B
2
10.127.140.1:445

mssecsvc.exe

104 B
2
10.127.136.1:445

mssecsvc.exe

104 B
2
10.127.144.1:445

mssecsvc.exe

52 B
1
83.83.252.183:445

mssecsvc.exe

104 B
2
1.210.50.11:445

mssecsvc.exe

104 B
2
10.127.143.1:445

mssecsvc.exe

104 B
2
10.127.141.1:445

mssecsvc.exe

104 B
2
119.240.41.186:445

mssecsvc.exe

104 B
2
33.175.173.180:445

mssecsvc.exe

52 B
1
10.127.142.1:445

mssecsvc.exe

104 B
2
10.127.146.1:445

mssecsvc.exe

104 B
2
30.180.216.242:445

mssecsvc.exe

104 B
2
145.156.176.220:445

mssecsvc.exe

104 B
2
10.127.145.1:445

mssecsvc.exe

52 B
1
10.127.148.1:445

mssecsvc.exe

104 B
2
10.127.150.1:445

mssecsvc.exe

104 B
2
10.127.147.1:445

mssecsvc.exe

52 B
1
10.127.151.1:445

mssecsvc.exe

104 B
2
10.127.149.1:445

mssecsvc.exe

104 B
2
10.127.153.1:445

mssecsvc.exe

104 B
2
51.35.68.122:445

mssecsvc.exe

104 B
2
10.127.152.1:445

mssecsvc.exe

52 B
1
10.127.154.1:445

mssecsvc.exe

104 B
2
10.127.155.1:445

mssecsvc.exe

104 B
2
96.210.109.158:445

mssecsvc.exe

104 B
2
88.47.242.175:445

mssecsvc.exe

104 B
2
146.87.105.237:445

mssecsvc.exe

104 B
2
10.127.157.1:445

mssecsvc.exe

104 B
2
102.135.215.4:445

mssecsvc.exe

104 B
2
77.122.251.94:445

mssecsvc.exe

52 B
1
78.23.84.87:445

mssecsvc.exe

52 B
1
22.219.60.108:445

mssecsvc.exe

52 B
1
10.127.159.1:445

mssecsvc.exe

52 B
1
72.240.106.191:445

mssecsvc.exe

104 B
2
10.127.156.1:445

mssecsvc.exe

52 B
1
175.93.195.27:445

mssecsvc.exe

104 B
2
166.196.0.15:445

mssecsvc.exe

52 B
1
10.127.158.1:445

mssecsvc.exe

104 B
2
10.127.161.1:445

mssecsvc.exe

52 B
1
10.127.162.1:445

mssecsvc.exe

104 B
2
10.127.166.1:445

mssecsvc.exe

104 B
2
222.236.16.202:445

mssecsvc.exe

104 B
2
10.127.160.1:445

mssecsvc.exe

52 B
1
158.132.28.134:445

mssecsvc.exe

104 B
2
10.127.163.1:445

mssecsvc.exe

52 B
1
10.127.167.1:445

mssecsvc.exe

52 B
1
10.127.165.1:445

mssecsvc.exe

104 B
2
157.118.198.3:445

mssecsvc.exe

104 B
2
148.217.31.138:445

mssecsvc.exe

104 B
2
10.127.164.1:445

mssecsvc.exe

52 B
1
10.127.170.1:445

mssecsvc.exe

52 B
1
68.224.20.158:445

mssecsvc.exe

104 B
2
60.104.83.151:445

mssecsvc.exe

104 B
2
10.127.173.1:445

mssecsvc.exe

104 B
2
10.127.168.1:445

mssecsvc.exe

104 B
2
10.127.169.1:445

mssecsvc.exe

104 B
2
10.127.171.1:445

mssecsvc.exe

52 B
1
10.127.172.1:445

mssecsvc.exe

104 B
2
10.127.174.1:445

mssecsvc.exe

104 B
2
10.127.175.1:445

mssecsvc.exe

104 B
2
79.30.226.126:445

mssecsvc.exe

52 B
1
10.127.176.1:445

mssecsvc.exe

104 B
2
142.137.176.167:445

mssecsvc.exe

52 B
1
153.235.129.112:445

mssecsvc.exe

104 B
2
7.95.147.184:445

mssecsvc.exe

52 B
1
75.137.15.127:445

mssecsvc.exe

52 B
1
105.247.250.22:445

mssecsvc.exe

104 B
80 B
2
2
66.110.107.107:445

mssecsvc.exe

104 B
2
10.127.182.1:445

mssecsvc.exe

52 B
1
10.127.179.1:445

mssecsvc.exe

52 B
1
10.127.177.1:445

mssecsvc.exe

104 B
2
10.127.178.1:445

mssecsvc.exe

52 B
1
184.165.61.221:445

mssecsvc.exe

104 B
2
134.34.117.98:445

mssecsvc.exe

104 B
2
10.127.180.1:445

mssecsvc.exe

52 B
1
10.127.184.1:445

mssecsvc.exe

52 B
1
27.214.157.31:445

mssecsvc.exe

104 B
2
57.158.205.251:445

mssecsvc.exe

52 B
1
10.127.181.1:445

mssecsvc.exe

104 B
2
10.127.186.1:445

mssecsvc.exe

104 B
2
10.127.187.1:445

mssecsvc.exe

104 B
2
190.215.89.28:445

mssecsvc.exe

104 B
80 B
2
2
33.5.239.17:445

mssecsvc.exe

104 B
2
29.43.124.154:445

mssecsvc.exe

104 B
2
10.127.183.1:445

mssecsvc.exe

52 B
1
10.127.188.1:445

mssecsvc.exe

104 B
2
10.127.189.1:445

mssecsvc.exe

104 B
2
136.181.188.82:445

mssecsvc.exe

104 B
2
10.127.191.1:445

mssecsvc.exe

52 B
1
10.127.185.1:445

mssecsvc.exe

52 B
1
59.2.92.54:445

mssecsvc.exe

52 B
1
94.33.236.232:445

mssecsvc.exe

104 B
2
10.127.190.1:445

mssecsvc.exe

104 B
2
10.127.192.1:445

mssecsvc.exe

104 B
2
10.127.193.1:445

mssecsvc.exe

104 B
2
10.127.194.1:445

mssecsvc.exe

104 B
2
10.127.195.1:445

mssecsvc.exe

104 B
2
174.172.123.208:445

mssecsvc.exe

104 B
2
37.17.57.254:445

mssecsvc.exe

104 B
2
10.127.196.1:445

mssecsvc.exe

52 B
1
16.70.25.1:445

mssecsvc.exe

104 B
2
10.152.15.104:445

mssecsvc.exe

104 B
2
182.214.138.174:445

mssecsvc.exe

104 B
2
21.19.49.239:445

mssecsvc.exe

104 B
2
10.127.199.1:445

mssecsvc.exe

104 B
2
10.127.198.1:445

mssecsvc.exe

104 B
2
137.117.150.40:445

mssecsvc.exe

104 B
2
4.236.131.219:445

mssecsvc.exe

104 B
2
10.127.197.1:445

mssecsvc.exe

104 B
2
187.120.188.139:445

mssecsvc.exe

104 B
2
72.159.17.215:445

mssecsvc.exe

104 B
2
10.127.200.1:445

mssecsvc.exe

104 B
2
10.127.204.1:445

mssecsvc.exe

52 B
1
214.238.155.188:445

mssecsvc.exe

104 B
2
179.127.163.80:445

mssecsvc.exe

104 B
2
184.188.37.142:445

mssecsvc.exe

104 B
2
10.127.201.1:445

mssecsvc.exe

104 B
2
10.127.203.1:445

mssecsvc.exe

52 B
1
10.127.202.1:445

mssecsvc.exe

52 B
1
18.149.34.197:445

mssecsvc.exe

104 B
2
54.21.156.230:445

mssecsvc.exe

104 B
2
24.191.2.58:445

mssecsvc.exe

52 B
1
10.127.207.1:445

mssecsvc.exe

52 B
1
85.54.112.190:445

mssecsvc.exe

104 B
2
10.127.208.1:445

mssecsvc.exe

52 B
1
10.127.205.1:445

mssecsvc.exe

52 B
1
10.127.206.1:445

mssecsvc.exe

52 B
1
99.94.85.106:445

mssecsvc.exe

104 B
2
86.30.70.99:445

mssecsvc.exe

104 B
2
10.127.209.1:445

mssecsvc.exe

104 B
2
10.127.210.1:445

mssecsvc.exe

52 B
1
10.127.211.1:445

mssecsvc.exe

104 B
2
10.127.212.1:445

mssecsvc.exe

104 B
2
10.127.213.1:445

mssecsvc.exe

52 B
1
10.127.214.1:445

mssecsvc.exe

104 B
2
211.215.11.177:445

mssecsvc.exe

52 B
1
129.86.118.43:445

mssecsvc.exe

52 B
1
10.127.215.1:445

mssecsvc.exe

52 B
1
10.127.216.1:445

mssecsvc.exe

52 B
1
34.34.140.211:445

mssecsvc.exe

104 B
2
172.113.197.64:445

mssecsvc.exe

104 B
2
23.159.157.10:445

mssecsvc.exe

52 B
1
10.127.217.1:445

mssecsvc.exe

52 B
1
10.127.218.1:445

mssecsvc.exe

104 B
2
78.61.89.188:445

mssecsvc.exe

52 B
1
211.70.152.225:445

mssecsvc.exe

52 B
1
17.245.184.181:445

mssecsvc.exe

52 B
1
153.97.48.191:445

mssecsvc.exe

104 B
2
10.127.220.1:445

mssecsvc.exe

52 B
1
10.127.221.1:445

mssecsvc.exe

104 B
2
207.191.106.135:445

mssecsvc.exe

104 B
2
10.127.219.1:445

mssecsvc.exe

104 B
2
142.63.219.60:445

mssecsvc.exe

52 B
1
195.45.18.65:445

mssecsvc.exe

104 B
2
159.164.127.37:445

mssecsvc.exe

104 B
2
220.211.211.83:445

mssecsvc.exe

104 B
2
10.127.222.1:445

mssecsvc.exe

52 B
1
10.127.223.1:445

mssecsvc.exe

104 B
2
42.29.250.228:445

mssecsvc.exe

52 B
1
175.120.132.161:445

mssecsvc.exe

52 B
1
175.226.219.205:445

mssecsvc.exe

52 B
1
220.136.5.22:445

mssecsvc.exe

104 B
80 B
2
2
11.240.63.92:445

mssecsvc.exe

104 B
2
140.66.31.73:445

mssecsvc.exe

104 B
2
15.85.241.101:445

mssecsvc.exe

104 B
2
10.127.233.1:445

mssecsvc.exe

104 B
2
10.127.226.1:445

mssecsvc.exe

104 B
2
187.245.84.202:445

mssecsvc.exe

104 B
2
10.127.224.1:445

mssecsvc.exe

52 B
1
10.127.225.1:445

mssecsvc.exe

52 B
1
10.127.227.1:445

mssecsvc.exe

52 B
1
10.127.228.1:445

mssecsvc.exe

52 B
1
10.127.229.1:445

mssecsvc.exe

104 B
2
10.127.230.1:445

mssecsvc.exe

52 B
1
10.127.231.1:445

mssecsvc.exe

104 B
2
10.127.232.1:445

mssecsvc.exe

104 B
2
10.127.234.1:445

mssecsvc.exe

104 B
2
10.127.235.1:445

mssecsvc.exe

52 B
1
42.120.7.226:445

mssecsvc.exe

52 B
1
10.127.236.1:445

mssecsvc.exe

52 B
1
187.135.13.120:445

mssecsvc.exe

104 B
2
53.65.110.251:445

mssecsvc.exe

104 B
2
152.155.244.245:445

mssecsvc.exe

104 B
2
10.127.237.1:445

mssecsvc.exe

104 B
2
6.147.246.116:445

mssecsvc.exe

104 B
2
130.77.185.30:445

mssecsvc.exe

104 B
2
187.242.123.216:445

mssecsvc.exe

52 B
1
10.127.238.1:445

mssecsvc.exe

104 B
2
10.127.240.1:445

mssecsvc.exe

52 B
1
55.165.78.162:445

mssecsvc.exe

52 B
1
200.13.144.58:445

mssecsvc.exe

52 B
1
10.127.241.1:445

mssecsvc.exe

104 B
2
10.127.242.1:445

mssecsvc.exe

104 B
2
147.195.99.85:445

mssecsvc.exe

52 B
1
10.127.239.1:445

mssecsvc.exe

104 B
2
119.249.156.162:445

mssecsvc.exe

104 B
2
138.209.130.95:445

mssecsvc.exe

52 B
1
105.108.198.224:445

mssecsvc.exe

104 B
2
207.151.6.172:445

mssecsvc.exe

52 B
1
10.127.247.1:445

mssecsvc.exe

104 B
2
10.127.244.1:445

mssecsvc.exe

52 B
1
150.16.121.228:445

mssecsvc.exe

104 B
2
57.201.35.210:445

mssecsvc.exe

104 B
2
10.127.243.1:445

mssecsvc.exe

104 B
2
5.86.162.13:445

mssecsvc.exe

104 B
2
10.127.245.1:445

mssecsvc.exe

104 B
2
10.127.251.1:445

mssecsvc.exe

104 B
2
16.154.206.169:445

mssecsvc.exe

104 B
2
46.162.132.76:445

mssecsvc.exe

104 B
2
134.3.74.80:445

mssecsvc.exe

104 B
2
10.127.248.1:445

mssecsvc.exe

52 B
1
10.127.249.1:445

mssecsvc.exe

104 B
2
10.127.246.1:445

mssecsvc.exe

52 B
1
40.254.51.179:445

mssecsvc.exe

104 B
2
53.1.26.148:445

mssecsvc.exe

104 B
2
31.149.144.96:445

mssecsvc.exe

52 B
1
10.127.253.1:445

mssecsvc.exe

104 B
2
153.108.230.218:445

mssecsvc.exe

104 B
2
10.127.250.1:445

mssecsvc.exe

104 B
2
10.127.252.1:445

mssecsvc.exe

104 B
2
10.127.254.1:445

mssecsvc.exe

104 B
2
10.127.255.1:445

mssecsvc.exe

52 B
1
195.223.66.161:445

mssecsvc.exe

52 B
1
118.164.20.212:445

mssecsvc.exe

52 B
1
205.119.223.244:445

mssecsvc.exe

104 B
2
10.127.0.2:445

mssecsvc.exe

104 B
2
10.127.2.2:445

mssecsvc.exe

104 B
2
10.127.3.2:445

mssecsvc.exe

104 B
2
164.162.221.201:445

mssecsvc.exe

104 B
2
141.84.137.51:445

mssecsvc.exe

52 B
1
193.150.50.93:445

mssecsvc.exe

104 B
2
10.127.6.2:445

mssecsvc.exe

104 B
2
188.128.116.254:445

mssecsvc.exe

104 B
2
121.61.20.51:445

mssecsvc.exe

104 B
2
69.79.29.77:445

mssecsvc.exe

104 B
2
10.127.4.2:445

mssecsvc.exe

104 B
2
163.1.36.50:445

mssecsvc.exe

104 B
2
179.66.127.77:445

mssecsvc.exe

52 B
1
10.127.1.2:445

mssecsvc.exe

104 B
2
10.127.5.2:445

mssecsvc.exe

52 B
1
10.127.7.2:445

mssecsvc.exe

104 B
2
10.127.8.2:445

mssecsvc.exe

104 B
2
10.127.9.2:445

mssecsvc.exe

104 B
2
10.127.10.2:445

mssecsvc.exe

52 B
1
169.87.60.66:445

mssecsvc.exe

104 B
2
207.254.134.25:445

mssecsvc.exe

104 B
2
8.48.36.69:445

mssecsvc.exe

104 B
2
10.127.11.2:445

mssecsvc.exe

104 B
2
153.125.113.244:445

mssecsvc.exe

52 B
1
25.163.174.218:445

mssecsvc.exe

104 B
2
10.127.12.2:445

mssecsvc.exe

104 B
2
202.216.199.79:445

mssecsvc.exe

104 B
2
10.127.13.2:445

mssecsvc.exe

52 B
1
10.127.14.2:445

mssecsvc.exe

104 B
2
10.127.15.2:445

mssecsvc.exe

104 B
2
208.134.43.123:445

mssecsvc.exe

104 B
2
45.172.176.203:445

mssecsvc.exe

104 B
80 B
2
2
82.228.107.164:445

mssecsvc.exe

52 B
1
10.127.16.2:445

mssecsvc.exe

52 B
1
10.127.17.2:445

mssecsvc.exe

104 B
2
10.127.18.2:445

mssecsvc.exe

104 B
2
109.128.147.207:445

mssecsvc.exe

104 B
2
207.162.80.129:445

mssecsvc.exe

104 B
2
84.59.229.111:445

mssecsvc.exe

104 B
2
10.127.19.2:445

mssecsvc.exe

104 B
2
10.127.20.2:445

mssecsvc.exe

104 B
2
58.6.31.211:445

mssecsvc.exe

52 B
1
133.171.177.174:445

mssecsvc.exe

52 B
1
10.127.21.2:445

mssecsvc.exe

104 B
2
60.25.74.220:445

mssecsvc.exe

104 B
2
185.219.17.102:445

mssecsvc.exe

104 B
2
60.48.119.37:445

mssecsvc.exe

52 B
1
183.27.132.70:445

mssecsvc.exe

104 B
2
119.80.129.190:445

mssecsvc.exe

104 B
2
74.213.86.232:445

mssecsvc.exe

104 B
2
216.163.225.217:445

mssecsvc.exe

104 B
2
19.40.1.224:445

mssecsvc.exe

104 B
2
10.127.26.2:445

mssecsvc.exe

104 B
2
26.221.203.59:445

mssecsvc.exe

104 B
2
10.127.27.2:445

mssecsvc.exe

104 B
2
10.127.22.2:445

mssecsvc.exe

104 B
2
10.127.25.2:445

mssecsvc.exe

52 B
1
10.127.23.2:445

mssecsvc.exe

52 B
1
22.161.237.9:445

mssecsvc.exe

104 B
2
99.245.84.181:445

mssecsvc.exe

104 B
2
133.254.184.136:445

mssecsvc.exe

104 B
2
10.127.24.2:445

mssecsvc.exe

52 B
1
10.127.28.2:445

mssecsvc.exe

52 B
1
10.127.29.2:445

mssecsvc.exe

104 B
2
10.127.30.2:445

mssecsvc.exe

104 B
2
10.127.31.2:445

mssecsvc.exe

52 B
1
14.120.124.66:445

mssecsvc.exe

104 B
2
154.159.179.68:445

mssecsvc.exe

104 B
2
10.127.32.2:445

mssecsvc.exe

104 B
2
222.121.188.168:445

mssecsvc.exe

104 B
2
66.86.184.247:445

mssecsvc.exe

52 B
1
10.127.33.2:445

mssecsvc.exe

104 B
2
49.81.199.254:445

mssecsvc.exe

104 B
2
47.155.71.180:445

mssecsvc.exe

104 B
2
10.127.34.2:445

mssecsvc.exe

104 B
2

8.8.8.8:53

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

dns

mssecsvc.exe

95 B
127 B
1
1

DNS Request

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

DNS Response

104.16.167.228

104.16.166.228
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

228.167.16.104.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

228.167.16.104.in-addr.arpa
8.8.8.8:53

73.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

73.144.22.2.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\mssecsvc.exe

Filesize
3.6MB

MD5
eaed8d1bb2de1ce03b6b7269627285e6

SHA1
6d4a62ab6295c889e21b71fd94e0cc710f09b0fc

SHA256
13c3ae01b1170870fe615c81b7933eddb2a8b281aaee02edcce6aa65e0daf4e1

SHA512
f83abf4dee4f5bf26a9b39db91028426bb165ed733f4d0fd303e122c24a5c8af865310c515069becc8bcaca996ad525f402c2088109d928a859d41556e80edbc

Download Submit
C:\Windows\tasksche.exe

Filesize
3.4MB

MD5
141bb1a0ef73a2e7d1af1d8c077e4253

SHA1
26d34abdd79bc22f6b36d5de4638256296553e4f

SHA256
6ac581fa78af25515b9e1e02f0f6fc4761116e1ac19288e345be4578f2e72efd

SHA512
e54ef20f4027798e8f2d27f02b0bc542ab86e4fa6bbbb095e43c7743441699600bd1804d1472d01abf5d890fbbfe6ed224ec8856c003df4ccf7f4b32c232fc4b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.