wannacry | 8c1d52bacdb4a0b154f15d7e7cca74509dd4ca7114a287ba09aa8443c130caba

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 17:10 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6790d429b43c5912d3e01dad0b713c7_JaffaCakes118.dll
Size

5.0MB
MD5

f6790d429b43c5912d3e01dad0b713c7
SHA1

e50155b4108acdf6979a1b7972a111190f696875
SHA256

8c1d52bacdb4a0b154f15d7e7cca74509dd4ca7114a287ba09aa8443c130caba
SHA512

3963526f6f382618add9c886821eb6927a5c17595039ce32bf512a24a766e5a326dbe8386e771ac2a29e93c62bafa2f4cd6bebcc43a626a0398b916e472625ab
SSDEEP

24576:SbLgdqQhfdmMSirYbcMNgeMEcpcL7nEaut/8uME7A4kqAH1pNZtA0p+9XEk:SnvQqMSPbcB/EcaEau3R8yAH1plAH

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Contacts a large (3234) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Executes dropped EXE 2 IoCs

pid	Process
860	mssecsvc.exe
4036	mssecsvc.exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies	mssecsvc.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5	mssecsvc.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5	mssecsvc.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE	mssecsvc.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\mssecsvc.exe	rundll32.exe
File created	C:\WINDOWS\tasksche.exe	mssecsvc.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvc.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	mssecsvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	mssecsvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P	mssecsvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	mssecsvc.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 1220	1496	rundll32.exe	89
PID 1496 wrote to memory of 1220	1496	rundll32.exe	89
PID 1496 wrote to memory of 1220	1496	rundll32.exe	89
PID 1220 wrote to memory of 860	1220	rundll32.exe	90
PID 1220 wrote to memory of 860	1220	rundll32.exe	90
PID 1220 wrote to memory of 860	1220	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f6790d429b43c5912d3e01dad0b713c7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f6790d429b43c5912d3e01dad0b713c7_JaffaCakes118.dll,#1
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1220
- - C:\WINDOWS\mssecsvc.exe
    C:\WINDOWS\mssecsvc.exe
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:860

C:\WINDOWS\mssecsvc.exe
C:\WINDOWS\mssecsvc.exe -m security
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4336,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=3776 /prefetch:8
1⤵
PID:5008

Network

DNS

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com

mssecsvc.exe

Remote address:

8.8.8.8:53

Request

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com

IN A

Response

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com

IN A

103.224.212.215
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
GET

http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/

mssecsvc.exe

Remote address:

103.224.212.215:80

Request

GET / HTTP/1.1
Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
Cache-Control: no-cache

Response

HTTP/1.1 302 Found

date: Wed, 25 Sep 2024 17:10:27 GMT
server: Apache
set-cookie: __tad=1727284227.6091711; expires=Sat, 23-Sep-2034 17:10:27 GMT; Max-Age=315360000
location: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20240926-0310-270c-bdf3-a8976671ae34
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
DNS

ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com

mssecsvc.exe

Remote address:

8.8.8.8:53

Request

ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com

IN A

Response

ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com

IN CNAME

77026.bodis.com

77026.bodis.com

IN A

199.59.243.227
GET

http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20240926-0310-270c-bdf3-a8976671ae34

mssecsvc.exe

Remote address:

199.59.243.227:80

Request

GET /?subid1=20240926-0310-270c-bdf3-a8976671ae34 HTTP/1.1
Cache-Control: no-cache
Host: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

date: Wed, 25 Sep 2024 17:10:27 GMT
content-type: text/html; charset=utf-8
content-length: 1262
x-request-id: 10f9a4dd-7441-4fbd-a35a-f246711ca901
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_wql22YViousGYypFxQAb4G1G9wLBJO1XQBOQ2LUjeKZZ6DJKpQEWEYKiYz2HVUoNxpnTRoFWh50UVxN0JBEd+Q==
set-cookie: parking_session=10f9a4dd-7441-4fbd-a35a-f246711ca901; expires=Wed, 25 Sep 2024 17:25:27 GMT; path=/
GET

http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/

mssecsvc.exe

Remote address:

103.224.212.215:80

Request

GET / HTTP/1.1
Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
Cache-Control: no-cache

Response

HTTP/1.1 302 Found

date: Wed, 25 Sep 2024 17:10:28 GMT
server: Apache
set-cookie: __tad=1727284228.2765127; expires=Sat, 23-Sep-2034 17:10:28 GMT; Max-Age=315360000
location: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20240926-0310-28b0-a2b3-fe34eda536b4
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

215.212.224.103.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.212.224.103.in-addr.arpa

IN PTR

Response

215.212.224.103.in-addr.arpa

IN PTR

lb-212-215abovecom
DNS

227.243.59.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.243.59.199.in-addr.arpa

IN PTR

Response
GET

http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20240926-0310-28b0-a2b3-fe34eda536b4

mssecsvc.exe

Remote address:

199.59.243.227:80

Request

GET /?subid1=20240926-0310-28b0-a2b3-fe34eda536b4 HTTP/1.1
Cache-Control: no-cache
Host: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

date: Wed, 25 Sep 2024 17:10:28 GMT
content-type: text/html; charset=utf-8
content-length: 1262
x-request-id: 18ab5414-a0fe-403e-9c5b-ff12e8ab16cc
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_oMboOJi+bVcGV/vfZg2qK9U709BnK7JbNZI7XGe+QGWRGdNKc2sBxynvTXIp5ozUXw2IxtYUIvg0eVY8ELB66Q==
set-cookie: parking_session=18ab5414-a0fe-403e-9c5b-ff12e8ab16cc; expires=Wed, 25 Sep 2024 17:25:28 GMT; path=/
DNS

133.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Request

171.39.242.20.in-addr.arpa

IN PTR
DNS

99.209.201.84.in-addr.arpa

Request

99.209.201.84.in-addr.arpa

IN PTR

Response
DNS

99.209.201.84.in-addr.arpa

Request

99.209.201.84.in-addr.arpa

IN PTR
DNS

14.227.111.52.in-addr.arpa

Request

14.227.111.52.in-addr.arpa

IN PTR

Response
DNS

69.209.201.84.in-addr.arpa

Request

69.209.201.84.in-addr.arpa

IN PTR

Response
DNS

1.154.121.94.in-addr.arpa

Request

1.154.121.94.in-addr.arpa

IN PTR

Response
DNS

186.154.121.94.in-addr.arpa

Request

186.154.121.94.in-addr.arpa

IN PTR

Response
DNS

67.209.201.84.in-addr.arpa

Request

67.209.201.84.in-addr.arpa

IN PTR

Response
DNS

2.154.121.94.in-addr.arpa

Request

2.154.121.94.in-addr.arpa

IN PTR

Response

103.224.212.215:80

http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/

http

mssecsvc.exe

376 B
537 B
6
4

HTTP Request

GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/

HTTP Response

302
199.59.243.227:80

http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20240926-0310-270c-bdf3-a8976671ae34

http

mssecsvc.exe

491 B
2.1kB
7
4

HTTP Request

GET http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20240926-0310-270c-bdf3-a8976671ae34

HTTP Response

200
103.224.212.215:80

http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/

http

mssecsvc.exe

376 B
537 B
6
4

HTTP Request

GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/

HTTP Response

302
199.59.243.227:80

http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20240926-0310-28b0-a2b3-fe34eda536b4

http

mssecsvc.exe

537 B
2.1kB
8
5

HTTP Request

GET http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20240926-0310-28b0-a2b3-fe34eda536b4

HTTP Response

200
54.212.58.228:445

mssecsvc.exe

104 B
2
10.127.0.1:445

mssecsvc.exe

104 B
2
10.127.2.1:445

mssecsvc.exe

52 B
1
10.127.5.1:445

mssecsvc.exe

52 B
1
10.127.1.1:445

mssecsvc.exe

52 B
1
10.127.7.1:445

mssecsvc.exe

104 B
2
10.127.4.1:445

mssecsvc.exe

52 B
1
10.127.3.1:445

mssecsvc.exe

104 B
2
10.127.9.1:445

mssecsvc.exe

104 B
2
10.127.6.1:445

mssecsvc.exe

52 B
1
106.7.244.61:445

mssecsvc.exe

104 B
2
10.127.8.1:445

mssecsvc.exe

104 B
2
10.127.10.1:445

mssecsvc.exe

52 B
1
10.127.11.1:445

mssecsvc.exe

104 B
2
10.127.12.1:445

mssecsvc.exe

104 B
2
10.127.13.1:445

mssecsvc.exe

104 B
2
10.127.14.1:445

mssecsvc.exe

104 B
2
10.127.15.1:445

mssecsvc.exe

104 B
2
10.127.16.1:445

mssecsvc.exe

104 B
2
10.127.17.1:445

mssecsvc.exe

104 B
2
10.127.18.1:445

mssecsvc.exe

104 B
2
10.127.19.1:445

mssecsvc.exe

104 B
2
10.127.20.1:445

mssecsvc.exe

52 B
1
111.23.10.233:445

mssecsvc.exe

52 B
1
187.0.45.16:445

mssecsvc.exe

52 B
1
10.127.21.1:445

mssecsvc.exe

104 B
2
10.127.22.1:445

mssecsvc.exe

104 B
2
10.127.27.1:445

mssecsvc.exe

104 B
2
10.127.24.1:445

mssecsvc.exe

52 B
1
10.127.28.1:445

mssecsvc.exe

104 B
2
10.127.25.1:445

mssecsvc.exe

104 B
2
10.127.26.1:445

mssecsvc.exe

104 B
2
10.127.31.1:445

mssecsvc.exe

104 B
2
10.127.23.1:445

mssecsvc.exe

104 B
2
10.127.29.1:445

mssecsvc.exe

104 B
2
183.209.249.230:445

mssecsvc.exe

104 B
2
10.127.30.1:445

mssecsvc.exe

52 B
1
10.127.32.1:445

mssecsvc.exe

104 B
2
10.127.33.1:445

mssecsvc.exe

104 B
2
16.173.64.199:445

mssecsvc.exe

104 B
2
10.127.34.1:445

mssecsvc.exe

52 B
1
10.127.35.1:445

mssecsvc.exe

104 B
2
10.127.36.1:445

mssecsvc.exe

52 B
1
10.127.37.1:445

mssecsvc.exe

52 B
1
10.127.38.1:445

mssecsvc.exe

52 B
1
10.127.39.1:445

mssecsvc.exe

52 B
1
10.127.40.1:445

mssecsvc.exe

104 B
2
10.127.41.1:445

mssecsvc.exe

104 B
2
141.160.79.180:445

mssecsvc.exe

104 B
2
167.246.20.112:445

mssecsvc.exe

104 B
2
10.127.43.1:445

mssecsvc.exe

52 B
1
129.211.153.134:445

mssecsvc.exe

52 B
1
10.127.45.1:445

mssecsvc.exe

104 B
2
10.127.42.1:445

mssecsvc.exe

104 B
2
10.127.49.1:445

mssecsvc.exe

104 B
2
10.127.48.1:445

mssecsvc.exe

104 B
2
10.127.46.1:445

mssecsvc.exe

104 B
2
10.127.47.1:445

mssecsvc.exe

104 B
2
10.127.44.1:445

mssecsvc.exe

104 B
2
48.120.130.225:445

mssecsvc.exe

104 B
2
10.127.50.1:445

mssecsvc.exe

52 B
1
10.127.51.1:445

mssecsvc.exe

104 B
2
10.127.52.1:445

mssecsvc.exe

52 B
1
10.127.53.1:445

mssecsvc.exe

52 B
1
10.127.54.1:445

mssecsvc.exe

52 B
1
217.220.7.174:445

mssecsvc.exe

104 B
2
10.127.55.1:445

mssecsvc.exe

104 B
2
10.127.56.1:445

mssecsvc.exe

104 B
2
62.47.244.123:445

mssecsvc.exe

104 B
2
10.127.57.1:445

mssecsvc.exe

52 B
1
10.127.58.1:445

mssecsvc.exe

104 B
2
10.127.59.1:445

mssecsvc.exe

104 B
2
10.127.60.1:445

mssecsvc.exe

104 B
2
161.236.225.58:445

mssecsvc.exe

104 B
2
10.127.61.1:445

mssecsvc.exe

104 B
2
10.127.62.1:445

mssecsvc.exe

104 B
2
206.194.152.249:445

mssecsvc.exe

104 B
2
10.127.64.1:445

mssecsvc.exe

104 B
2
10.127.63.1:445

mssecsvc.exe

104 B
2
80.123.4.82:445

mssecsvc.exe

52 B
1
10.127.65.1:445

mssecsvc.exe

52 B
1
223.18.125.54:445

mssecsvc.exe

52 B
1
10.127.69.1:445

mssecsvc.exe

52 B
1
10.127.66.1:445

mssecsvc.exe

52 B
1
10.127.68.1:445

mssecsvc.exe

104 B
2
10.127.67.1:445

mssecsvc.exe

52 B
1
192.150.184.43:445

mssecsvc.exe

104 B
2
10.127.71.1:445

mssecsvc.exe

104 B
2
10.127.72.1:445

mssecsvc.exe

104 B
2
10.127.73.1:445

mssecsvc.exe

52 B
1
10.127.75.1:445

mssecsvc.exe

104 B
2
10.127.70.1:445

mssecsvc.exe

104 B
2
10.127.74.1:445

mssecsvc.exe

52 B
1
10.127.76.1:445

mssecsvc.exe

52 B
1
143.38.224.55:445

mssecsvc.exe

104 B
2
10.127.77.1:445

mssecsvc.exe

104 B
2
10.127.78.1:445

mssecsvc.exe

104 B
2
109.55.117.115:445

mssecsvc.exe

104 B
2
10.127.79.1:445

mssecsvc.exe

104 B
2
123.62.171.163:445

mssecsvc.exe

104 B
2
10.127.80.1:445

mssecsvc.exe

104 B
2
213.185.227.202:445

mssecsvc.exe

104 B
2
10.127.83.1:445

mssecsvc.exe

104 B
2
10.127.86.1:445

mssecsvc.exe

104 B
2
10.127.82.1:445

mssecsvc.exe

52 B
1
154.221.159.12:445

mssecsvc.exe

104 B
2
52.237.160.211:445

mssecsvc.exe

52 B
1
10.127.81.1:445

mssecsvc.exe

104 B
2
10.127.84.1:445

mssecsvc.exe

104 B
2
197.192.126.144:445

mssecsvc.exe

52 B
1
10.127.85.1:445

mssecsvc.exe

104 B
2
10.127.87.1:445

mssecsvc.exe

52 B
1
39.218.61.84:445

mssecsvc.exe

104 B
2
10.127.92.1:445

mssecsvc.exe

52 B
1
10.127.88.1:445

mssecsvc.exe

52 B
1
115.81.237.74:445

mssecsvc.exe

104 B
2
10.127.89.1:445

mssecsvc.exe

52 B
1
86.96.88.227:445

mssecsvc.exe

104 B
2
10.127.90.1:445

mssecsvc.exe

104 B
2
10.127.91.1:445

mssecsvc.exe

52 B
1
10.127.93.1:445

mssecsvc.exe

104 B
2
10.127.94.1:445

mssecsvc.exe

104 B
2
10.127.95.1:445

mssecsvc.exe

104 B
2
10.127.96.1:445

mssecsvc.exe

104 B
2
10.127.97.1:445

mssecsvc.exe

104 B
2
10.127.98.1:445

mssecsvc.exe

104 B
2
10.127.99.1:445

mssecsvc.exe

104 B
2
62.221.131.39:445

mssecsvc.exe

52 B
1
10.127.100.1:445

mssecsvc.exe

104 B
2
10.127.101.1:445

mssecsvc.exe

52 B
1
11.208.186.9:445

mssecsvc.exe

104 B
2
151.116.209.246:445

mssecsvc.exe

104 B
2
18.104.175.150:445

mssecsvc.exe

52 B
1
104.221.94.219:445

mssecsvc.exe

104 B
2
10.127.106.1:445

mssecsvc.exe

104 B
2
10.127.102.1:445

mssecsvc.exe

52 B
1
10.127.108.1:445

mssecsvc.exe

104 B
2
10.127.107.1:445

mssecsvc.exe

104 B
2
10.127.110.1:445

mssecsvc.exe

52 B
1
10.127.103.1:445

mssecsvc.exe

104 B
2
1.246.85.85:445

mssecsvc.exe

104 B
2
10.127.109.1:445

mssecsvc.exe

104 B
2
10.127.104.1:445

mssecsvc.exe

104 B
2
10.127.105.1:445

mssecsvc.exe

52 B
1
131.242.117.243:445

mssecsvc.exe

104 B
2
10.127.111.1:445

mssecsvc.exe

104 B
2
126.90.216.73:445

mssecsvc.exe

104 B
2
197.222.2.217:445

mssecsvc.exe

52 B
1
10.127.116.1:445

mssecsvc.exe

104 B
2
6.136.228.35:445

mssecsvc.exe

104 B
2
10.127.117.1:445

mssecsvc.exe

104 B
2
10.127.112.1:445

mssecsvc.exe

52 B
1
10.127.113.1:445

mssecsvc.exe

52 B
1
10.127.114.1:445

mssecsvc.exe

52 B
1
10.127.115.1:445

mssecsvc.exe

52 B
1
10.127.118.1:445

mssecsvc.exe

104 B
2
10.127.119.1:445

mssecsvc.exe

104 B
2
152.228.137.201:445

mssecsvc.exe

52 B
1
10.127.120.1:445

mssecsvc.exe

52 B
1
10.127.121.1:445

mssecsvc.exe

52 B
1
10.127.122.1:445

mssecsvc.exe

52 B
1
205.205.226.100:445

mssecsvc.exe

104 B
2
184.48.121.116:445

mssecsvc.exe

104 B
2
10.127.123.1:445

mssecsvc.exe

104 B
2
21.151.177.94:445

mssecsvc.exe

104 B
2
10.127.125.1:445

mssecsvc.exe

104 B
2
98.27.58.195:445

mssecsvc.exe

104 B
2
79.206.94.214:445

mssecsvc.exe

52 B
1
10.127.124.1:445

mssecsvc.exe

52 B
1
10.127.128.1:445

mssecsvc.exe

104 B
2
143.32.189.164:445

mssecsvc.exe

104 B
2
10.127.126.1:445

mssecsvc.exe

104 B
2
10.127.130.1:445

mssecsvc.exe

104 B
2
20.5.226.214:445

mssecsvc.exe

104 B
2
118.29.237.63:445

mssecsvc.exe

52 B
1
10.127.127.1:445

mssecsvc.exe

104 B
2
10.127.129.1:445

mssecsvc.exe

52 B
1
10.91.191.101:445

mssecsvc.exe

52 B
1
115.144.107.15:445

mssecsvc.exe

52 B
1
10.127.136.1:445

mssecsvc.exe

52 B
1
10.127.132.1:445

mssecsvc.exe

104 B
2
10.127.133.1:445

mssecsvc.exe

104 B
2
10.127.134.1:445

mssecsvc.exe

104 B
2
57.161.171.211:445

mssecsvc.exe

52 B
1
10.127.131.1:445

mssecsvc.exe

104 B
2
16.115.124.231:445

mssecsvc.exe

104 B
2
10.127.135.1:445

mssecsvc.exe

52 B
1
10.127.137.1:445

mssecsvc.exe

52 B
1
10.127.138.1:445

mssecsvc.exe

104 B
2
10.127.139.1:445

mssecsvc.exe

104 B
2
10.127.140.1:445

mssecsvc.exe

104 B
2
71.0.37.78:445

mssecsvc.exe

104 B
2
139.205.40.158:445

mssecsvc.exe

104 B
2
128.235.7.157:445

mssecsvc.exe

104 B
2
58.44.66.170:445

mssecsvc.exe

104 B
2
10.127.141.1:445

mssecsvc.exe

52 B
1
10.127.145.1:445

mssecsvc.exe

104 B
2
64.222.47.184:445

mssecsvc.exe

104 B
2
5.40.58.181:445

mssecsvc.exe

104 B
2
10.127.148.1:445

mssecsvc.exe

104 B
2
67.172.73.78:445

mssecsvc.exe

104 B
2
158.98.176.247:445

mssecsvc.exe

52 B
1
10.127.150.1:445

mssecsvc.exe

52 B
1
202.66.16.189:445

mssecsvc.exe

104 B
2
10.127.143.1:445

mssecsvc.exe

104 B
2
10.127.142.1:445

mssecsvc.exe

52 B
1
10.127.146.1:445

mssecsvc.exe

104 B
2
28.62.71.40:445

mssecsvc.exe

104 B
2
10.127.151.1:445

mssecsvc.exe

52 B
1
10.127.153.1:445

mssecsvc.exe

52 B
1
10.127.152.1:445

mssecsvc.exe

52 B
1
10.127.155.1:445

mssecsvc.exe

104 B
2
130.91.113.160:445

mssecsvc.exe

104 B
2
15.54.118.48:445

mssecsvc.exe

104 B
2
10.127.156.1:445

mssecsvc.exe

104 B
2
10.127.154.1:445

mssecsvc.exe

104 B
2
33.183.4.136:445

mssecsvc.exe

104 B
2
117.46.129.162:445

mssecsvc.exe

104 B
2
10.127.149.1:445

mssecsvc.exe

52 B
1
10.127.144.1:445

mssecsvc.exe

52 B
1
10.127.147.1:445

mssecsvc.exe

52 B
1
10.127.157.1:445

mssecsvc.exe

104 B
2
10.127.158.1:445

mssecsvc.exe

104 B
2
10.127.159.1:445

mssecsvc.exe

104 B
2
10.127.160.1:445

mssecsvc.exe

52 B
1
163.76.92.198:445

mssecsvc.exe

52 B
1
10.127.161.1:445

mssecsvc.exe

52 B
1
161.201.140.166:445

mssecsvc.exe

104 B
2
10.127.162.1:445

mssecsvc.exe

104 B
2
97.149.9.29:445

mssecsvc.exe

104 B
2
222.212.188.109:445

mssecsvc.exe

52 B
1
117.40.89.240:445

mssecsvc.exe

52 B
1
10.127.163.1:445

mssecsvc.exe

104 B
2
122.165.246.122:445

mssecsvc.exe

104 B
2
95.197.222.103:445

mssecsvc.exe

104 B
2
10.127.166.1:445

mssecsvc.exe

104 B
2
10.127.169.1:445

mssecsvc.exe

104 B
2
121.118.58.146:445

mssecsvc.exe

104 B
2
148.85.237.254:445

mssecsvc.exe

104 B
2
10.127.164.1:445

mssecsvc.exe

104 B
2
21.121.47.109:445

mssecsvc.exe

52 B
1
158.41.17.76:445

mssecsvc.exe

104 B
2
10.127.170.1:445

mssecsvc.exe

104 B
2
10.127.168.1:445

mssecsvc.exe

104 B
2
10.127.167.1:445

mssecsvc.exe

52 B
1
10.127.165.1:445

mssecsvc.exe

104 B
2
10.127.171.1:445

mssecsvc.exe

104 B
2
184.56.35.114:445

mssecsvc.exe

104 B
2
10.127.173.1:445

mssecsvc.exe

104 B
2
86.174.23.71:445

mssecsvc.exe

104 B
2
61.108.206.64:445

mssecsvc.exe

104 B
2
10.127.176.1:445

mssecsvc.exe

104 B
2
129.46.178.150:445

mssecsvc.exe

104 B
2
43.233.184.45:445

mssecsvc.exe

104 B
2
10.127.172.1:445

mssecsvc.exe

52 B
1
10.127.174.1:445

mssecsvc.exe

52 B
1
10.127.175.1:445

mssecsvc.exe

52 B
1
10.127.177.1:445

mssecsvc.exe

52 B
1
10.127.178.1:445

mssecsvc.exe

52 B
1
10.127.179.1:445

mssecsvc.exe

104 B
2
10.127.180.1:445

mssecsvc.exe

52 B
1
131.244.4.42:445

mssecsvc.exe

104 B
2
71.31.91.115:445

mssecsvc.exe

104 B
2
10.127.181.1:445

mssecsvc.exe

52 B
1
10.127.182.1:445

mssecsvc.exe

104 B
2
211.247.248.203:445

mssecsvc.exe

104 B
2
85.67.116.234:445

mssecsvc.exe

104 B
2
10.127.184.1:445

mssecsvc.exe

104 B
2
219.173.6.124:445

mssecsvc.exe

52 B
1
149.229.157.114:445

mssecsvc.exe

104 B
2
132.195.152.32:445

mssecsvc.exe

52 B
1
10.127.187.1:445

mssecsvc.exe

52 B
1
82.216.181.8:445

mssecsvc.exe

52 B
1
131.17.15.96:445

mssecsvc.exe

104 B
2
10.127.185.1:445

mssecsvc.exe

52 B
1
10.127.183.1:445

mssecsvc.exe

104 B
2
10.127.186.1:445

mssecsvc.exe

104 B
2
76.114.126.26:445

mssecsvc.exe

104 B
2
18.156.176.59:445

mssecsvc.exe

104 B
2
10.127.189.1:445

mssecsvc.exe

52 B
1
113.141.182.180:445

mssecsvc.exe

52 B
1
51.162.218.121:445

mssecsvc.exe

104 B
2
10.127.191.1:445

mssecsvc.exe

104 B
2
10.127.188.1:445

mssecsvc.exe

104 B
2
10.127.193.1:445

mssecsvc.exe

104 B
2
136.202.235.177:445

mssecsvc.exe

104 B
2
41.186.101.33:445

mssecsvc.exe

104 B
2
10.127.190.1:445

mssecsvc.exe

104 B
2
10.127.196.1:445

mssecsvc.exe

104 B
2
10.127.195.1:445

mssecsvc.exe

104 B
2
169.240.46.242:445

mssecsvc.exe

52 B
1
217.223.31.214:445

mssecsvc.exe

104 B
2
10.127.197.1:445

mssecsvc.exe

104 B
2
10.127.192.1:445

mssecsvc.exe

104 B
2
10.127.194.1:445

mssecsvc.exe

52 B
1
10.127.198.1:445

mssecsvc.exe

52 B
1
10.127.199.1:445

mssecsvc.exe

52 B
1
10.127.200.1:445

mssecsvc.exe

52 B
1
135.79.209.235:445

mssecsvc.exe

104 B
2
150.180.116.226:445

mssecsvc.exe

104 B
2
10.127.201.1:445

mssecsvc.exe

104 B
2
27.131.54.166:445

mssecsvc.exe

104 B
2
168.105.21.125:445

mssecsvc.exe

104 B
2
10.127.202.1:445

mssecsvc.exe

104 B
2
158.2.222.170:445

mssecsvc.exe

52 B
1
160.234.250.64:445

mssecsvc.exe

104 B
2
140.72.127.56:445

mssecsvc.exe

104 B
2
44.80.96.242:445

mssecsvc.exe

104 B
2
178.155.81.76:445

mssecsvc.exe

104 B
2
10.127.206.1:445

mssecsvc.exe

104 B
2
10.127.205.1:445

mssecsvc.exe

104 B
2
10.127.207.1:445

mssecsvc.exe

104 B
2
181.231.170.53:445

mssecsvc.exe

104 B
2
221.33.247.128:445

mssecsvc.exe

104 B
2
10.127.209.1:445

mssecsvc.exe

104 B
2
90.115.120.130:445

mssecsvc.exe

104 B
2
102.150.182.233:445

mssecsvc.exe

104 B
2
10.127.204.1:445

mssecsvc.exe

104 B
2
10.127.213.1:445

mssecsvc.exe

104 B
2
196.9.123.46:445

mssecsvc.exe

104 B
2
113.247.201.162:445

mssecsvc.exe

52 B
1
10.127.208.1:445

mssecsvc.exe

104 B
2
10.127.211.1:445

mssecsvc.exe

52 B
1
83.214.205.68:445

mssecsvc.exe

52 B
1
10.127.218.1:445

mssecsvc.exe

104 B
2
164.214.94.51:445

mssecsvc.exe

104 B
2
196.216.206.19:445

mssecsvc.exe

52 B
1
10.127.217.1:445

mssecsvc.exe

104 B
2
10.127.210.1:445

mssecsvc.exe

52 B
1
10.127.212.1:445

mssecsvc.exe

104 B
2
115.202.26.207:445

mssecsvc.exe

52 B
1
10.127.203.1:445

mssecsvc.exe

52 B
1
98.153.30.243:445

mssecsvc.exe

52 B
1
10.127.215.1:445

mssecsvc.exe

104 B
2
10.127.214.1:445

mssecsvc.exe

104 B
2
77.200.193.52:445

mssecsvc.exe

104 B
2
53.29.1.175:445

mssecsvc.exe

104 B
2
10.127.216.1:445

mssecsvc.exe

104 B
2
10.127.219.1:445

mssecsvc.exe

52 B
1
10.127.220.1:445

mssecsvc.exe

104 B
2
10.127.221.1:445

mssecsvc.exe

104 B
2
10.127.222.1:445

mssecsvc.exe

104 B
2
147.109.250.144:445

mssecsvc.exe

52 B
1
203.227.180.117:445

mssecsvc.exe

104 B
2
37.31.79.213:445

mssecsvc.exe

52 B
1
150.222.140.235:445

mssecsvc.exe

104 B
2
83.191.254.90:445

mssecsvc.exe

104 B
2
59.218.169.82:445

mssecsvc.exe

104 B
2
10.127.226.1:445

mssecsvc.exe

104 B
2
162.24.189.110:445

mssecsvc.exe

104 B
2
78.109.13.75:445

mssecsvc.exe

104 B
2
10.127.223.1:445

mssecsvc.exe

104 B
2
10.127.225.1:445

mssecsvc.exe

104 B
2
10.127.229.1:445

mssecsvc.exe

104 B
2
46.24.64.234:445

mssecsvc.exe

52 B
1
10.127.224.1:445

mssecsvc.exe

104 B
2
160.87.8.59:445

mssecsvc.exe

52 B
1
10.127.227.1:445

mssecsvc.exe

104 B
2
191.208.93.52:445

mssecsvc.exe

52 B
1
181.173.104.211:445

mssecsvc.exe

52 B
1
10.127.230.1:445

mssecsvc.exe

104 B
2
10.127.233.1:445

mssecsvc.exe

52 B
1
10.127.228.1:445

mssecsvc.exe

52 B
1
135.227.217.12:445

mssecsvc.exe

104 B
2
44.237.65.115:445

mssecsvc.exe

104 B
2
10.127.231.1:445

mssecsvc.exe

52 B
1
84.9.251.131:445

mssecsvc.exe

52 B
1
76.6.226.194:445

mssecsvc.exe

52 B
1
159.57.109.200:445

mssecsvc.exe

52 B
1
10.127.235.1:445

mssecsvc.exe

52 B
1
10.127.232.1:445

mssecsvc.exe

52 B
1
10.127.237.1:445

mssecsvc.exe

104 B
2
113.240.115.172:445

mssecsvc.exe

104 B
2
81.203.41.87:445

mssecsvc.exe

104 B
2
208.244.158.113:445

mssecsvc.exe

104 B
2
21.159.144.169:445

mssecsvc.exe

104 B
2
10.127.234.1:445

mssecsvc.exe

52 B
1
10.127.236.1:445

mssecsvc.exe

104 B
2
10.127.238.1:445

mssecsvc.exe

52 B
1
10.127.239.1:445

mssecsvc.exe

52 B
1
10.127.240.1:445

mssecsvc.exe

52 B
1
10.127.241.1:445

mssecsvc.exe

52 B
1
10.127.242.1:445

mssecsvc.exe

104 B
2
204.54.48.109:445

mssecsvc.exe

52 B
1
89.253.153.117:445

mssecsvc.exe

52 B
1
10.127.244.1:445

mssecsvc.exe

104 B
2
36.131.82.238:445

mssecsvc.exe

52 B
1
46.117.157.70:445

mssecsvc.exe

104 B
2
14.159.17.87:445

mssecsvc.exe

104 B
2
10.127.245.1:445

mssecsvc.exe

104 B
2
10.127.246.1:445

mssecsvc.exe

104 B
2
10.127.247.1:445

mssecsvc.exe

104 B
2
135.123.79.14:445

mssecsvc.exe

52 B
1
34.47.247.151:445

mssecsvc.exe

104 B
2
114.11.86.99:445

mssecsvc.exe

52 B
1
115.54.184.131:445

mssecsvc.exe

104 B
2
10.127.243.1:445

mssecsvc.exe

104 B
2
158.187.103.171:445

mssecsvc.exe

52 B
1
166.92.152.89:445

mssecsvc.exe

52 B
1
10.127.251.1:445

mssecsvc.exe

104 B
2
10.127.253.1:445

mssecsvc.exe

104 B
2
10.127.248.1:445

mssecsvc.exe

52 B
1
210.30.142.65:445

mssecsvc.exe

52 B
1
7.233.144.155:445

mssecsvc.exe

104 B
2
10.127.250.1:445

mssecsvc.exe

52 B
1
10.127.254.1:445

mssecsvc.exe

104 B
2
81.234.61.88:445

mssecsvc.exe

104 B
2
176.241.185.78:445

mssecsvc.exe

104 B
2
10.127.249.1:445

mssecsvc.exe

104 B
2
32.169.63.20:445

mssecsvc.exe

104 B
2
80.110.170.8:445

mssecsvc.exe

52 B
1
142.184.79.204:445

mssecsvc.exe

52 B
1
10.127.252.1:445

mssecsvc.exe

52 B
1
72.90.150.68:445

mssecsvc.exe

52 B
1
44.251.2.81:445

mssecsvc.exe

52 B
1
207.53.114.153:445

mssecsvc.exe

104 B
2
10.127.255.1:445

mssecsvc.exe

104 B
2
154.129.11.148:445

mssecsvc.exe

104 B
2
10.127.1.2:445

mssecsvc.exe

104 B
2
10.127.0.2:445

mssecsvc.exe

104 B
2
54.60.195.132:445

mssecsvc.exe

52 B
1
202.252.91.95:445

mssecsvc.exe

52 B
1
10.127.2.2:445

mssecsvc.exe

104 B
2
10.127.3.2:445

mssecsvc.exe

104 B
2
10.127.4.2:445

mssecsvc.exe

104 B
2
10.127.5.2:445

mssecsvc.exe

104 B
2
10.127.6.2:445

mssecsvc.exe

104 B
2
181.190.217.234:445

mssecsvc.exe

52 B
1
10.127.8.2:445

mssecsvc.exe

104 B
2
2.96.229.99:445

mssecsvc.exe

52 B
1
10.127.7.2:445

mssecsvc.exe

52 B
1
16.59.68.239:445

mssecsvc.exe

52 B
1
169.211.128.16:445

mssecsvc.exe

52 B
1
109.197.45.65:445

mssecsvc.exe

52 B
1
10.127.9.2:445

mssecsvc.exe

52 B
1
10.127.10.2:445

mssecsvc.exe

52 B
1
217.17.50.112:445

mssecsvc.exe

52 B
1
207.125.77.115:445

mssecsvc.exe

104 B
2
59.229.151.151:445

mssecsvc.exe

104 B
2
64.123.83.22:445

mssecsvc.exe

104 B
2
111.250.202.54:445

mssecsvc.exe

104 B
2
51.138.132.132:445

mssecsvc.exe

104 B
2
101.119.23.250:445

mssecsvc.exe

104 B
2
10.127.12.2:445

mssecsvc.exe

52 B
1
10.127.11.2:445

mssecsvc.exe

104 B
2
10.127.13.2:445

mssecsvc.exe

104 B
2
10.127.14.2:445

mssecsvc.exe

104 B
2
10.127.15.2:445

mssecsvc.exe

104 B
2
10.127.16.2:445

mssecsvc.exe

52 B
1
115.242.161.166:445

mssecsvc.exe

104 B
2
206.232.229.176:445

mssecsvc.exe

104 B
2
10.127.17.2:445

mssecsvc.exe

52 B
1
10.127.18.2:445

mssecsvc.exe

104 B
2
10.127.19.2:445

mssecsvc.exe

104 B
2
185.62.2.5:445

mssecsvc.exe

104 B
2
182.57.191.131:445

mssecsvc.exe

104 B
2
10.127.20.2:445

mssecsvc.exe

52 B
1
10.127.21.2:445

mssecsvc.exe

104 B
2
68.5.205.245:445

mssecsvc.exe

104 B
2
73.7.191.204:445

mssecsvc.exe

104 B
2
154.37.121.220:445

mssecsvc.exe

104 B
2
10.127.22.2:445

mssecsvc.exe

104 B
2
113.221.52.126:445

mssecsvc.exe

104 B
2
10.127.23.2:445

mssecsvc.exe

104 B
2
104.197.43.141:445

mssecsvc.exe

104 B
2
46.96.75.77:445

mssecsvc.exe

104 B
2
10.127.24.2:445

mssecsvc.exe

104 B
2
10.127.25.2:445

mssecsvc.exe

104 B
2
205.27.15.68:445

mssecsvc.exe

104 B
2
128.191.64.145:445

mssecsvc.exe

104 B
2
59.143.197.146:445

mssecsvc.exe

104 B
2
10.127.26.2:445

mssecsvc.exe

104 B
2
211.13.209.227:445

mssecsvc.exe

52 B
1
10.127.27.2:445

mssecsvc.exe

104 B
2
194.150.97.93:445

mssecsvc.exe

104 B
2
166.235.124.158:445

mssecsvc.exe

104 B
2
10.127.28.2:445

mssecsvc.exe

52 B
1
143.218.172.70:445

mssecsvc.exe

104 B
2
10.127.29.2:445

mssecsvc.exe

52 B
1
113.22.155.69:445

mssecsvc.exe

104 B
2
10.127.30.2:445

mssecsvc.exe

104 B
2
195.197.29.69:445

mssecsvc.exe

52 B
1
10.127.31.2:445

mssecsvc.exe

104 B
2
10.127.32.2:445

mssecsvc.exe

104 B
2

8.8.8.8:53

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com

dns

mssecsvc.exe

95 B
111 B
1
1

DNS Request

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com

DNS Response

103.224.212.215
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com

dns

mssecsvc.exe

96 B
138 B
1
1

DNS Request

ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com

DNS Response

199.59.243.227
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

215.212.224.103.in-addr.arpa

dns

74 B
108 B
1
1

DNS Request

215.212.224.103.in-addr.arpa
8.8.8.8:53

227.243.59.199.in-addr.arpa

dns

73 B
131 B
1
1

DNS Request

227.243.59.199.in-addr.arpa
8.8.8.8:53

133.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

133.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\mssecsvc.exe

Filesize
3.6MB

MD5
fa28c909581905530f16f18bb4c162d7

SHA1
30fe7ff2e71a6eb984e07da2da9183f6e2e926a0

SHA256
9ec7384bdcc34d89697a990d17755f7a9124fd388915a1a4d2b48533d16a92ac

SHA512
c4c5340812df8ef9235112b5419ae98f4830da850f07d71f0a17125e4a2c7ae375218ceade0d20fb430357206d1249d05d6c67b7636ae361b0e17e8d8ddd1283

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.