Overview

overview

10

Static

static

3

f7b1bd2aa9...18.dll

windows7-x64

10

f7b1bd2aa9...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/09/2024, 05:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f7b1bd2aa9ce09a273243560db7bad8a_JaffaCakes118.dll

  • Size

    5.0MB

  • MD5

    f7b1bd2aa9ce09a273243560db7bad8a

  • SHA1

    2d682b3a9bf4d09d8d2fa3986cae4a194764a273

  • SHA256

    67e6c96d995da1cf7052d9c27ac740c5b42fc5982b79f53ceb201b0a8f894663

  • SHA512

    ab4127003fddd41abb8b50f1737b3a1552f7932724bab6d9d1c30ac1aec500b801a72873f4160c421abe7da60e60d4275dffdcf68aa583ec73abb57df082bee1

  • SSDEEP

    49152:RnpEKUvxcBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:1pyvOBhz1aRxcSUDk36SAEdhv

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Contacts a large (3293) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 3 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f7b1bd2aa9ce09a273243560db7bad8a_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1556
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\f7b1bd2aa9ce09a273243560db7bad8a_JaffaCakes118.dll,#1
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1408
      • C:\WINDOWS\mssecsvr.exe
        C:\WINDOWS\mssecsvr.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4348
        • C:\WINDOWS\tasksche.exe
          C:\WINDOWS\tasksche.exe /i
          4⤵
          • Executes dropped EXE
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          PID:4472
  • C:\WINDOWS\mssecsvr.exe
    C:\WINDOWS\mssecsvr.exe -m security
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:4932

Network

  • flag-us
    DNS
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
    mssecsvr.exe
    Remote address:
    8.8.8.8:53
    Request
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
    IN A
    Response
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
    IN A
    103.224.212.215
  • flag-us
    GET
    http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
    mssecsvr.exe
    Remote address:
    103.224.212.215:80
    Request
    GET / HTTP/1.1
    Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 302 Found
    date: Thu, 26 Sep 2024 05:43:43 GMT
    server: Apache
    set-cookie: __tad=1727329423.8588173; expires=Sun, 24-Sep-2034 05:43:43 GMT; Max-Age=315360000
    location: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20240926-1543-43f6-9985-e0e7b4b2af9e
    content-length: 2
    content-type: text/html; charset=UTF-8
    connection: close
  • flag-us
    DNS
    ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
    mssecsvr.exe
    Remote address:
    8.8.8.8:53
    Request
    ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
    IN A
    Response
    ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
    IN CNAME
    77026.bodis.com
    77026.bodis.com
    IN A
    199.59.243.227
  • flag-us
    GET
    http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20240926-1543-43f6-9985-e0e7b4b2af9e
    mssecsvr.exe
    Remote address:
    199.59.243.227:80
    Request
    GET /?subid1=20240926-1543-43f6-9985-e0e7b4b2af9e HTTP/1.1
    Cache-Control: no-cache
    Host: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    date: Thu, 26 Sep 2024 05:43:42 GMT
    content-type: text/html; charset=utf-8
    content-length: 1262
    x-request-id: 8c882803-2bbd-4b7a-a494-39e19e0d0cb5
    cache-control: no-store, max-age=0
    accept-ch: sec-ch-prefers-color-scheme
    critical-ch: sec-ch-prefers-color-scheme
    vary: sec-ch-prefers-color-scheme
    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_WGhE6H9puE971mXisN9PvPUpHkKRwKQs7lk8Wu4/h7MRF96ZqpyaEWzWhpMRm1MEpfyylMev7RZnZS/M9cVqMQ==
    set-cookie: parking_session=8c882803-2bbd-4b7a-a494-39e19e0d0cb5; expires=Thu, 26 Sep 2024 05:58:43 GMT; path=/
  • flag-us
    GET
    http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
    mssecsvr.exe
    Remote address:
    103.224.212.215:80
    Request
    GET / HTTP/1.1
    Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 302 Found
    date: Thu, 26 Sep 2024 05:43:44 GMT
    server: Apache
    set-cookie: __tad=1727329424.7143630; expires=Sun, 24-Sep-2034 05:43:44 GMT; Max-Age=315360000
    location: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20240926-1543-44d0-9e4e-8910ae121287
    content-length: 2
    content-type: text/html; charset=UTF-8
    connection: close
  • flag-us
    GET
    http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20240926-1543-44d0-9e4e-8910ae121287
    mssecsvr.exe
    Remote address:
    199.59.243.227:80
    Request
    GET /?subid1=20240926-1543-44d0-9e4e-8910ae121287 HTTP/1.1
    Cache-Control: no-cache
    Host: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    date: Thu, 26 Sep 2024 05:43:43 GMT
    content-type: text/html; charset=utf-8
    content-length: 1262
    x-request-id: b8032182-9b24-4860-b974-9663776c5712
    cache-control: no-store, max-age=0
    accept-ch: sec-ch-prefers-color-scheme
    critical-ch: sec-ch-prefers-color-scheme
    vary: sec-ch-prefers-color-scheme
    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_poJIMonZ7wAsjO9rnVVrwbsJbr/zcsze8IVYt98FadVaZCFUqVFFFO9ncFSgkT4uR6HEVqPxNYYRLSKdMg+MMg==
    set-cookie: parking_session=b8032182-9b24-4860-b974-9663776c5712; expires=Thu, 26 Sep 2024 05:58:44 GMT; path=/
  • flag-us
    DNS
    215.212.224.103.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    215.212.224.103.in-addr.arpa
    IN PTR
    Response
    215.212.224.103.in-addr.arpa
    IN PTR
    lb-212-215abovecom
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    227.243.59.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    227.243.59.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    74.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    74.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    133.211.185.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.211.185.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • DNS
    183.59.114.20.in-addr.arpa
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • DNS
    15.164.165.52.in-addr.arpa
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • DNS
    228.37.211.130.in-addr.arpa
    Request
    228.37.211.130.in-addr.arpa
    IN PTR
    Response
    228.37.211.130.in-addr.arpa
    IN PTR
    22837211130bcgoogleusercontentcom
  • DNS
    7.37.211.130.in-addr.arpa
    Request
    7.37.211.130.in-addr.arpa
    IN PTR
    Response
    7.37.211.130.in-addr.arpa
    IN PTR
    737211130bcgoogleusercontentcom
  • DNS
    8.37.211.130.in-addr.arpa
    Request
    8.37.211.130.in-addr.arpa
    IN PTR
    Response
    8.37.211.130.in-addr.arpa
    IN PTR
    837211130bcgoogleusercontentcom
  • DNS
    10.37.211.130.in-addr.arpa
    Request
    10.37.211.130.in-addr.arpa
    IN PTR
    Response
    10.37.211.130.in-addr.arpa
    IN PTR
    1037211130bcgoogleusercontentcom
  • DNS
    14.37.211.130.in-addr.arpa
    Request
    14.37.211.130.in-addr.arpa
    IN PTR
    Response
    14.37.211.130.in-addr.arpa
    IN PTR
    1437211130bcgoogleusercontentcom
  • DNS
    0.204.248.87.in-addr.arpa
    Request
    0.204.248.87.in-addr.arpa
    IN PTR
    Response
    0.204.248.87.in-addr.arpa
    IN PTR
    https-87-248-204-0lhrllnwnet
  • DNS
    17.37.211.130.in-addr.arpa
    Request
    17.37.211.130.in-addr.arpa
    IN PTR
    Response
    17.37.211.130.in-addr.arpa
    IN PTR
    1737211130bcgoogleusercontentcom
  • DNS
    21.236.111.52.in-addr.arpa
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
  • DNS
    18.37.211.130.in-addr.arpa
    Request
    18.37.211.130.in-addr.arpa
    IN PTR
    Response
    18.37.211.130.in-addr.arpa
    IN PTR
    1837211130bcgoogleusercontentcom
  • DNS
    19.37.211.130.in-addr.arpa
    Request
    19.37.211.130.in-addr.arpa
    IN PTR
    Response
    19.37.211.130.in-addr.arpa
    IN PTR
    1937211130bcgoogleusercontentcom
  • DNS
    20.37.211.130.in-addr.arpa
    Request
    20.37.211.130.in-addr.arpa
    IN PTR
    Response
    20.37.211.130.in-addr.arpa
    IN PTR
    2037211130bcgoogleusercontentcom
  • DNS
    21.37.211.130.in-addr.arpa
    Request
    21.37.211.130.in-addr.arpa
    IN PTR
    Response
    21.37.211.130.in-addr.arpa
    IN PTR
    2137211130bcgoogleusercontentcom
  • DNS
    25.37.211.130.in-addr.arpa
    Request
    25.37.211.130.in-addr.arpa
    IN PTR
    Response
    25.37.211.130.in-addr.arpa
    IN PTR
    2537211130bcgoogleusercontentcom
  • DNS
    29.37.211.130.in-addr.arpa
    Request
    29.37.211.130.in-addr.arpa
    IN PTR
    Response
    29.37.211.130.in-addr.arpa
    IN PTR
    2937211130bcgoogleusercontentcom
  • DNS
    30.37.211.130.in-addr.arpa
    Request
    30.37.211.130.in-addr.arpa
    IN PTR
    Response
    30.37.211.130.in-addr.arpa
    IN PTR
    3037211130bcgoogleusercontentcom
  • DNS
    32.37.211.130.in-addr.arpa
    Request
    32.37.211.130.in-addr.arpa
    IN PTR
    Response
    32.37.211.130.in-addr.arpa
    IN PTR
    3237211130bcgoogleusercontentcom
  • DNS
    35.37.211.130.in-addr.arpa
    Request
    35.37.211.130.in-addr.arpa
    IN PTR
    Response
    35.37.211.130.in-addr.arpa
    IN PTR
    3537211130bcgoogleusercontentcom
  • DNS
    36.37.211.130.in-addr.arpa
    Request
    36.37.211.130.in-addr.arpa
    IN PTR
    Response
    36.37.211.130.in-addr.arpa
    IN PTR
    3637211130bcgoogleusercontentcom
  • DNS
    1.118.29.62.in-addr.arpa
    Request
    1.118.29.62.in-addr.arpa
    IN PTR
    Response
  • DNS
    225.118.29.62.in-addr.arpa
    Request
    225.118.29.62.in-addr.arpa
    IN PTR
    Response
  • DNS
    44.37.211.130.in-addr.arpa
    Request
    44.37.211.130.in-addr.arpa
    IN PTR
    Response
    44.37.211.130.in-addr.arpa
    IN PTR
    4437211130bcgoogleusercontentcom
  • DNS
    44.37.211.130.in-addr.arpa
    Request
    44.37.211.130.in-addr.arpa
    IN PTR
    Response
    44.37.211.130.in-addr.arpa
    IN PTR
    4437211130bcgoogleusercontentcom
  • DNS
    45.37.211.130.in-addr.arpa
    Request
    45.37.211.130.in-addr.arpa
    IN PTR
    Response
    45.37.211.130.in-addr.arpa
    IN PTR
    4537211130bcgoogleusercontentcom
  • DNS
    45.37.211.130.in-addr.arpa
    Request
    45.37.211.130.in-addr.arpa
    IN PTR
    Response
    45.37.211.130.in-addr.arpa
    IN PTR
    4537211130bcgoogleusercontentcom
  • 103.224.212.215:80
    http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
    http
    mssecsvr.exe
    376 B
     537 B
     6
    4

    HTTP Request

    GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/

    HTTP Response

    302
  • 199.59.243.227:80
    http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20240926-1543-43f6-9985-e0e7b4b2af9e
    http
    mssecsvr.exe
    537 B
     2.1kB
     8
    5

    HTTP Request

    GET http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20240926-1543-43f6-9985-e0e7b4b2af9e

    HTTP Response

    200
  • 103.224.212.215:80
    http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
    http
    mssecsvr.exe
    376 B
     537 B
     6
    4

    HTTP Request

    GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/

    HTTP Response

    302
  • 199.59.243.227:80
    http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20240926-1543-44d0-9e4e-8910ae121287
    http
    mssecsvr.exe
    537 B
     2.1kB
     8
    5

    HTTP Request

    GET http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20240926-1543-44d0-9e4e-8910ae121287

    HTTP Response

    200
  • 197.24.145.112:445
    mssecsvr.exe
    52 B
     1
  • 10.127.0.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.2.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.3.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.7.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.5.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.4.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.1.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.8.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.10.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.6.1:445
    mssecsvr.exe
    104 B
     2
  • 13.114.140.11:445
    mssecsvr.exe
    52 B
     1
  • 10.127.9.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.11.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.12.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.13.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.14.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.15.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.16.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.17.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.18.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.19.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.20.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.21.1:445
    mssecsvr.exe
    104 B
     2
  • 14.46.55.51:445
    mssecsvr.exe
    104 B
     2
  • 11.177.192.207:445
    mssecsvr.exe
    52 B
     1
  • 10.127.22.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.26.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.25.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.24.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.23.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.28.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.31.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.32.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.27.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.30.1:445
    mssecsvr.exe
    104 B
     2
  • 121.169.74.126:445
    mssecsvr.exe
    104 B
     2
  • 10.127.29.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.33.1:445
    mssecsvr.exe
    52 B
     1
  • 217.201.48.121:445
    mssecsvr.exe
    52 B
     1
  • 10.127.34.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.35.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.36.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.37.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.38.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.40.1:445
    mssecsvr.exe
    104 B
     2
  • 82.130.16.75:445
    mssecsvr.exe
    104 B
     2
  • 10.127.39.1:445
    mssecsvr.exe
    52 B
     1
  • 98.144.88.172:445
    mssecsvr.exe
    104 B
     2
  • 10.212.158.119:445
    mssecsvr.exe
    104 B
     2
  • 10.127.41.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.44.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.45.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.49.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.43.1:445
    mssecsvr.exe
    104 B
     2
  • 152.69.7.44:445
    mssecsvr.exe
    52 B
     1
  • 10.127.50.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.42.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.54.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.52.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.47.1:445
    mssecsvr.exe
    104 B
     2
  • 107.6.194.169:445
    mssecsvr.exe
    104 B
     2
  • 10.127.46.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.48.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.51.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.53.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.55.1:445
    mssecsvr.exe
    104 B
     2
  • 204.162.44.246:445
    mssecsvr.exe
    104 B
     2
  • 10.127.56.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.57.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.58.1:445
    mssecsvr.exe
    52 B
     1
  • 122.226.254.197:445
    mssecsvr.exe
    104 B
     2
  • 10.127.59.1:445
    mssecsvr.exe
    52 B
     1
  • 158.225.127.162:445
    mssecsvr.exe
    104 B
     2
  • 10.127.61.1:445
    mssecsvr.exe
    104 B
     2
  • 95.60.111.95:445
    mssecsvr.exe
    52 B
     1
  • 10.127.62.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.60.1:445
    mssecsvr.exe
    104 B
     2
  • 204.23.6.244:445
    mssecsvr.exe
    104 B
     2
  • 10.127.65.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.66.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.63.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.64.1:445
    mssecsvr.exe
    104 B
     2
  • 163.190.239.115:445
    mssecsvr.exe
    104 B
     2
  • 10.127.73.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.67.1:445
    mssecsvr.exe
    104 B
     2
  • 68.219.24.50:445
    mssecsvr.exe
    104 B
     2
  • 10.127.74.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.68.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.69.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.70.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.71.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.72.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.75.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.76.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.77.1:445
    mssecsvr.exe
    104 B
     2
  • 65.31.213.29:445
    mssecsvr.exe
    104 B
     2
  • 63.234.242.127:445
    mssecsvr.exe
    52 B
     1
  • 84.25.51.20:445
    mssecsvr.exe
    104 B
     2
  • 10.127.79.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.81.1:445
    mssecsvr.exe
    104 B
     2
  • 152.51.208.109:445
    mssecsvr.exe
    104 B
     2
  • 10.127.78.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.83.1:445
    mssecsvr.exe
    52 B
     1
  • 177.107.32.109:445
    mssecsvr.exe
    52 B
     1
  • 10.127.84.1:445
    mssecsvr.exe
    104 B
     2
  • 96.72.168.195:445
    mssecsvr.exe
    52 B
     1
  • 10.127.82.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.86.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.85.1:445
    mssecsvr.exe
    52 B
     1
  • 159.184.9.19:445
    mssecsvr.exe
    104 B
     2
  • 10.127.80.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.88.1:445
    mssecsvr.exe
    104 B
     2
  • 149.140.246.230:445
    mssecsvr.exe
    104 B
     2
  • 10.127.90.1:445
    mssecsvr.exe
    52 B
     1
  • 51.100.90.253:445
    mssecsvr.exe
    104 B
     2
  • 10.127.93.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.87.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.89.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.91.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.92.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.94.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.95.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.96.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.97.1:445
    mssecsvr.exe
    104 B
     2
  • 33.164.1.114:445
    mssecsvr.exe
    104 B
     2
  • 10.127.98.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.99.1:445
    mssecsvr.exe
    52 B
     1
  • 187.231.22.51:445
    mssecsvr.exe
    104 B
     2
  • 16.170.155.26:445
    mssecsvr.exe
    104 B
     2
  • 48.9.202.129:445
    mssecsvr.exe
    104 B
     2
  • 10.127.100.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.101.1:445
    mssecsvr.exe
    104 B
     2
  • 50.120.69.23:445
    mssecsvr.exe
    104 B
     2
  • 10.127.102.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.103.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.104.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.105.1:445
    mssecsvr.exe
    104 B
     2
  • 155.9.10.208:445
    mssecsvr.exe
    104 B
     2
  • 10.127.106.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.107.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.108.1:445
    mssecsvr.exe
    104 B
     2
  • 187.80.194.224:445
    mssecsvr.exe
    104 B
     2
  • 10.127.109.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.110.1:445
    mssecsvr.exe
    104 B
     2
  • 149.226.165.82:445
    mssecsvr.exe
    52 B
     1
  • 170.62.157.192:445
    mssecsvr.exe
    104 B
     2
  • 3.107.79.216:445
    mssecsvr.exe
    52 B
     1
  • 10.127.111.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.112.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.113.1:445
    mssecsvr.exe
    52 B
     1
  • 144.148.224.204:445
    mssecsvr.exe
    52 B
     1
  • 10.127.114.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.115.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.116.1:445
    mssecsvr.exe
    52 B
     1
  • 61.15.181.172:445
    mssecsvr.exe
    52 B
     1
  • 10.127.117.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.118.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.119.1:445
    mssecsvr.exe
    52 B
     1
  • 62.201.70.202:445
    mssecsvr.exe
    104 B
     2
  • 10.127.120.1:445
    mssecsvr.exe
    104 B
     2
  • 47.87.55.183:445
    mssecsvr.exe
    104 B
     2
  • 150.110.46.211:445
    mssecsvr.exe
    104 B
     2
  • 3.73.27.39:445
    mssecsvr.exe
    104 B
     2
  • 56.128.174.150:445
    mssecsvr.exe
    104 B
     2
  • 10.127.121.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.122.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.123.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.124.1:445
    mssecsvr.exe
    104 B
     2
  • 145.121.154.162:445
    mssecsvr.exe
    104 B
     2
  • 37.220.88.67:445
    mssecsvr.exe
    104 B
     2
  • 10.127.129.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.126.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.130.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.127.1:445
    mssecsvr.exe
    52 B
     1
  • 134.143.206.215:445
    mssecsvr.exe
    104 B
     2
  • 139.215.51.43:445
    mssecsvr.exe
    104 B
     2
  • 10.127.132.1:445
    mssecsvr.exe
    104 B
     2
  • 44.66.223.227:445
    mssecsvr.exe
    104 B
     2
  • 10.127.125.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.128.1:445
    mssecsvr.exe
    104 B
     2
  • 149.218.46.23:445
    mssecsvr.exe
    104 B
     2
  • 10.127.133.1:445
    mssecsvr.exe
    104 B
     2
  • 27.89.13.137:445
    mssecsvr.exe
    104 B
     2
  • 10.127.131.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.134.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.135.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.136.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.137.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.138.1:445
    mssecsvr.exe
    104 B
     2
  • 135.81.23.90:445
    mssecsvr.exe
    52 B
     1
  • 10.127.139.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.140.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.141.1:445
    mssecsvr.exe
    104 B
     2
  • 69.64.154.55:445
    mssecsvr.exe
    104 B
     2
  • 35.142.190.35:445
    mssecsvr.exe
    104 B
     2
  • 95.185.219.144:445
    mssecsvr.exe
    104 B
     2
  • 10.127.142.1:445
    mssecsvr.exe
    52 B
     1
  • 16.30.224.247:445
    mssecsvr.exe
    104 B
     2
  • 180.0.69.175:445
    mssecsvr.exe
    104 B
     2
  • 10.127.143.1:445
    mssecsvr.exe
    104 B
     2
  • 214.221.116.16:445
    mssecsvr.exe
    52 B
     1
  • 10.127.144.1:445
    mssecsvr.exe
    104 B
     2
  • 184.67.71.125:445
    mssecsvr.exe
    104 B
     2
  • 10.127.145.1:445
    mssecsvr.exe
    104 B
     2
  • 184.243.244.250:445
    mssecsvr.exe
    104 B
     2
  • 10.127.146.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.151.1:445
    mssecsvr.exe
    104 B
     2
  • 204.198.231.45:445
    mssecsvr.exe
    104 B
     2
  • 10.127.153.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.147.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.148.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.152.1:445
    mssecsvr.exe
    104 B
     2
  • 5.215.49.42:445
    mssecsvr.exe
    104 B
     2
  • 86.191.103.30:445
    mssecsvr.exe
    104 B
     2
  • 10.127.149.1:445
    mssecsvr.exe
    104 B
     2
  • 208.175.50.34:445
    mssecsvr.exe
    104 B
     2
  • 10.127.150.1:445
    mssecsvr.exe
    104 B
     2
  • 223.85.153.69:445
    mssecsvr.exe
    52 B
     1
  • 18.4.112.11:445
    mssecsvr.exe
    104 B
     2
  • 10.127.154.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.155.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.156.1:445
    mssecsvr.exe
    104 B
     2
  • 89.207.192.46:445
    mssecsvr.exe
    104 B
     2
  • 10.127.157.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.158.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.159.1:445
    mssecsvr.exe
    104 B
     2
  • 222.90.94.31:445
    mssecsvr.exe
    104 B
     2
  • 64.187.174.108:445
    mssecsvr.exe
    104 B
     2
  • 129.16.27.94:445
    mssecsvr.exe
    104 B
     2
  • 68.242.115.240:445
    mssecsvr.exe
    104 B
     2
  • 208.98.119.100:445
    mssecsvr.exe
    104 B
     2
  • 108.67.176.202:445
    mssecsvr.exe
    104 B
     2
  • 17.36.152.133:445
    mssecsvr.exe
    104 B
     2
  • 10.127.165.1:445
    mssecsvr.exe
    104 B
     2
  • 137.200.210.16:445
    mssecsvr.exe
    52 B
     1
  • 146.7.189.101:445
    mssecsvr.exe
    104 B
     2
  • 10.127.160.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.170.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.162.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.168.1:445
    mssecsvr.exe
    52 B
     1
  • 87.129.49.251:445
    mssecsvr.exe
    104 B
     2
  • 10.127.169.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.161.1:445
    mssecsvr.exe
    52 B
     1
  • 150.158.174.14:445
    mssecsvr.exe
    52 B
     1
  • 86.233.138.0:445
    mssecsvr.exe
    104 B
     2
  • 10.127.167.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.163.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.166.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.175.1:445
    mssecsvr.exe
    52 B
     1
  • 151.239.42.227:445
    mssecsvr.exe
    104 B
     2
  • 169.36.25.189:445
    mssecsvr.exe
    104 B
     2
  • 10.127.176.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.172.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.171.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.173.1:445
    mssecsvr.exe
    104 B
     2
  • 26.199.183.250:445
    mssecsvr.exe
    104 B
     2
  • 10.127.164.1:445
    mssecsvr.exe
    52 B
     1
  • 99.134.230.253:445
    mssecsvr.exe
    104 B
     2
  • 10.127.174.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.177.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.178.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.179.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.180.1:445
    mssecsvr.exe
    104 B
     2
  • 219.126.40.193:445
    mssecsvr.exe
    104 B
     2
  • 15.122.172.176:445
    mssecsvr.exe
    104 B
     2
  • 10.127.181.1:445
    mssecsvr.exe
    104 B
     2
  • 24.242.48.87:445
    mssecsvr.exe
    104 B
     2
  • 117.239.248.94:445
    mssecsvr.exe
    104 B
     2
  • 10.127.183.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.182.1:445
    mssecsvr.exe
    104 B
     2
  • 107.88.95.58:445
    mssecsvr.exe
    104 B
     2
  • 179.138.22.38:445
    mssecsvr.exe
    104 B
     2
  • 10.127.185.1:445
    mssecsvr.exe
    52 B
     1
  • 78.109.122.11:445
    mssecsvr.exe
    104 B
     2
  • 221.78.111.172:445
    mssecsvr.exe
    104 B
     2
  • 152.192.253.86:445
    mssecsvr.exe
    104 B
     2
  • 10.127.189.1:445
    mssecsvr.exe
    52 B
     1
  • 123.108.6.206:445
    mssecsvr.exe
    104 B
     2
  • 10.127.187.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.184.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.188.1:445
    mssecsvr.exe
    52 B
     1
  • 20.134.103.147:445
    mssecsvr.exe
    104 B
     2
  • 60.59.11.118:445
    mssecsvr.exe
    52 B
     1
  • 10.127.186.1:445
    mssecsvr.exe
    104 B
     2
  • 88.81.179.165:445
    mssecsvr.exe
    104 B
     2
  • 42.154.30.57:445
    mssecsvr.exe
    104 B
     2
  • 10.127.191.1:445
    mssecsvr.exe
    104 B
     2
  • 61.199.116.112:445
    mssecsvr.exe
    52 B
     1
  • 27.34.59.145:445
    mssecsvr.exe
    52 B
     1
  • 10.127.190.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.193.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.192.1:445
    mssecsvr.exe
    52 B
     1
  • 50.63.38.230:445
    mssecsvr.exe
    104 B
     2
  • 191.98.130.140:445
    mssecsvr.exe
    104 B
     2
  • 10.127.194.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.195.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.196.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.197.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.198.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.199.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.200.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.201.1:445
    mssecsvr.exe
    52 B
     1
  • 93.147.142.31:445
    mssecsvr.exe
    104 B
     80 B
     2
    2
  • 85.20.150.79:445
    mssecsvr.exe
    52 B
     1
  • 90.177.111.222:445
    mssecsvr.exe
    52 B
     1
  • 10.127.203.1:445
    mssecsvr.exe
    52 B
     1
  • 32.86.156.217:445
    mssecsvr.exe
    104 B
     2
  • 90.111.126.118:445
    mssecsvr.exe
    104 B
     2
  • 10.127.202.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.205.1:445
    mssecsvr.exe
    104 B
     2
  • 187.248.102.145:445
    mssecsvr.exe
    104 B
     2
  • 164.49.196.202:445
    mssecsvr.exe
    104 B
     2
  • 218.33.94.85:445
    mssecsvr.exe
    104 B
     2
  • 117.159.1.120:445
    mssecsvr.exe
    52 B
     1
  • 10.127.206.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.204.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.207.1:445
    mssecsvr.exe
    52 B
     1
  • 163.20.16.145:445
    mssecsvr.exe
    52 B
     1
  • 145.186.173.125:445
    mssecsvr.exe
    52 B
     1
  • 10.127.208.1:445
    mssecsvr.exe
    52 B
     1
  • 99.223.53.202:445
    mssecsvr.exe
    104 B
     2
  • 10.127.211.1:445
    mssecsvr.exe
    104 B
     2
  • 192.41.157.218:445
    mssecsvr.exe
    52 B
     1
  • 10.127.210.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.209.1:445
    mssecsvr.exe
    104 B
     2
  • 162.193.88.143:445
    mssecsvr.exe
    104 B
     2
  • 10.127.213.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.215.1:445
    mssecsvr.exe
    104 B
     2
  • 23.49.5.231:445
    mssecsvr.exe
    104 B
     2
  • 189.87.237.105:445
    mssecsvr.exe
    104 B
     2
  • 211.41.46.203:445
    mssecsvr.exe
    104 B
     2
  • 145.162.73.239:445
    mssecsvr.exe
    104 B
     2
  • 10.127.212.1:445
    mssecsvr.exe
    52 B
     1
  • 19.95.189.0:445
    mssecsvr.exe
    104 B
     2
  • 18.238.228.9:445
    mssecsvr.exe
    104 B
     2
  • 10.127.214.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.216.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.217.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.218.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.219.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.220.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.221.1:445
    mssecsvr.exe
    104 B
     2
  • 65.45.44.184:445
    mssecsvr.exe
    104 B
     2
  • 52.169.60.186:445
    mssecsvr.exe
    104 B
     2
  • 10.127.222.1:445
    mssecsvr.exe
    104 B
     2
  • 135.131.79.14:445
    mssecsvr.exe
    104 B
     2
  • 116.94.245.200:445
    mssecsvr.exe
    104 B
     2
  • 131.111.14.85:445
    mssecsvr.exe
    104 B
     2
  • 10.127.224.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.223.1:445
    mssecsvr.exe
    104 B
     2
  • 149.186.125.236:445
    mssecsvr.exe
    104 B
     2
  • 176.20.73.50:445
    mssecsvr.exe
    104 B
     2
  • 12.71.3.202:445
    mssecsvr.exe
    52 B
     1
  • 92.192.207.12:445
    mssecsvr.exe
    104 B
     2
  • 222.251.181.3:445
    mssecsvr.exe
    52 B
     1
  • 10.127.226.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.225.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.227.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.228.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.229.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.230.1:445
    mssecsvr.exe
    52 B
     1
  • 46.123.215.212:445
    mssecsvr.exe
    104 B
     2
  • 140.109.119.140:445
    mssecsvr.exe
    104 B
     2
  • 10.127.231.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.232.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.233.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.234.1:445
    mssecsvr.exe
    104 B
     2
  • 52.220.178.195:445
    mssecsvr.exe
    52 B
     1
  • 207.115.70.187:445
    mssecsvr.exe
    52 B
     1
  • 10.127.235.1:445
    mssecsvr.exe
    104 B
     2
  • 135.234.231.133:445
    mssecsvr.exe
    52 B
     1
  • 28.123.164.103:445
    mssecsvr.exe
    104 B
     2
  • 77.198.52.230:445
    mssecsvr.exe
    104 B
     2
  • 10.127.236.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.237.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.238.1:445
    mssecsvr.exe
    104 B
     2
  • 124.234.158.8:445
    mssecsvr.exe
    104 B
     2
  • 160.30.3.141:445
    mssecsvr.exe
    52 B
     1
  • 151.176.50.223:445
    mssecsvr.exe
    52 B
     1
  • 10.127.239.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.240.1:445
    mssecsvr.exe
    104 B
     2
  • 47.231.10.110:445
    mssecsvr.exe
    104 B
     2
  • 121.29.78.45:445
    mssecsvr.exe
    104 B
     2
  • 10.127.241.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.242.1:445
    mssecsvr.exe
    104 B
     2
  • 47.30.236.54:445
    mssecsvr.exe
    104 B
     2
  • 42.147.109.50:445
    mssecsvr.exe
    104 B
     2
  • 131.190.172.180:445
    mssecsvr.exe
    104 B
     2
  • 128.230.195.152:445
    mssecsvr.exe
    104 B
     2
  • 2.155.91.8:445
    mssecsvr.exe
    104 B
     2
  • 1.118.150.98:445
    mssecsvr.exe
    104 B
     2
  • 10.127.243.1:445
    mssecsvr.exe
    104 B
     2
  • 152.76.202.20:445
    mssecsvr.exe
    52 B
     1
  • 98.87.161.68:445
    mssecsvr.exe
    104 B
     2
  • 10.127.246.1:445
    mssecsvr.exe
    52 B
     1
  • 27.229.85.127:445
    mssecsvr.exe
    104 B
     2
  • 51.137.43.77:445
    mssecsvr.exe
    52 B
     1
  • 222.81.211.154:445
    mssecsvr.exe
    52 B
     1
  • 10.127.245.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.244.1:445
    mssecsvr.exe
    104 B
     2
  • 105.145.80.178:445
    mssecsvr.exe
    104 B
     2
  • 4.227.4.209:445
    mssecsvr.exe
    104 B
     2
  • 10.127.250.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.247.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.248.1:445
    mssecsvr.exe
    104 B
     2
  • 10.127.249.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.251.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.252.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.253.1:445
    mssecsvr.exe
    104 B
     2
  • 120.11.59.223:445
    mssecsvr.exe
    52 B
     1
  • 217.192.90.232:445
    mssecsvr.exe
    52 B
     1
  • 10.127.254.1:445
    mssecsvr.exe
    52 B
     1
  • 10.127.255.1:445
    mssecsvr.exe
    52 B
     1
  • 138.170.126.189:445
    mssecsvr.exe
    52 B
     1
  • 85.33.13.194:445
    mssecsvr.exe
    104 B
     2
  • 8.32.20.75:445
    mssecsvr.exe
    104 B
     2
  • 10.127.0.2:445
    mssecsvr.exe
    104 B
     2
  • 10.127.1.2:445
    mssecsvr.exe
    104 B
     2
  • 10.127.2.2:445
    mssecsvr.exe
    52 B
     1
  • 125.236.222.148:445
    mssecsvr.exe
    104 B
     2
  • 38.142.175.94:445
    mssecsvr.exe
    104 B
     2
  • 10.127.3.2:445
    mssecsvr.exe
    104 B
     2
  • 113.133.11.252:445
    mssecsvr.exe
    104 B
     2
  • 10.127.4.2:445
    mssecsvr.exe
    104 B
     2
  • 10.127.5.2:445
    mssecsvr.exe
    104 B
     2
  • 214.76.191.252:445
    mssecsvr.exe
    104 B
     2
  • 61.160.5.7:445
    mssecsvr.exe
    104 B
     2
  • 88.88.142.111:445
    mssecsvr.exe
    52 B
     1
  • 10.127.6.2:445
    mssecsvr.exe
    104 B
     2
  • 10.127.7.2:445
    mssecsvr.exe
    52 B
     1
  • 40.251.179.95:445
    mssecsvr.exe
    52 B
     1
  • 164.71.114.201:445
    mssecsvr.exe
    52 B
     1
  • 10.127.8.2:445
    mssecsvr.exe
    52 B
     1
  • 82.50.18.166:445
    mssecsvr.exe
    104 B
     2
  • 62.241.24.221:445
    mssecsvr.exe
    104 B
     2
  • 104.150.224.134:445
    mssecsvr.exe
    104 B
     2
  • 172.66.200.180:445
    mssecsvr.exe
    104 B
     2
  • 185.1.14.68:445
    mssecsvr.exe
    52 B
     1
  • 184.173.248.155:445
    mssecsvr.exe
    52 B
     1
  • 10.127.12.2:445
    mssecsvr.exe
    52 B
     1
  • 10.127.11.2:445
    mssecsvr.exe
    52 B
     1
  • 22.111.238.141:445
    mssecsvr.exe
    104 B
     2
  • 184.193.185.33:445
    mssecsvr.exe
    52 B
     1
  • 215.65.209.70:445
    mssecsvr.exe
    104 B
     2
  • 10.127.9.2:445
    mssecsvr.exe
    52 B
     1
  • 215.121.100.69:445
    mssecsvr.exe
    104 B
     2
  • 137.167.239.136:445
    mssecsvr.exe
    104 B
     2
  • 119.22.38.227:445
    mssecsvr.exe
    52 B
     1
  • 10.127.10.2:445
    mssecsvr.exe
    104 B
     2
  • 10.127.14.2:445
    mssecsvr.exe
    104 B
     2
  • 10.127.13.2:445
    mssecsvr.exe
    52 B
     1
  • 10.127.15.2:445
    mssecsvr.exe
    52 B
     1
  • 10.127.16.2:445
    mssecsvr.exe
    104 B
     2
  • 10.127.17.2:445
    mssecsvr.exe
    104 B
     2
  • 10.127.18.2:445
    mssecsvr.exe
    104 B
     2
  • 10.127.19.2:445
    mssecsvr.exe
    52 B
     1
  • 74.211.133.64:445
    mssecsvr.exe
    104 B
     2
  • 105.176.214.205:445
    mssecsvr.exe
    52 B
     1
  • 10.127.20.2:445
    mssecsvr.exe
    104 B
     2
  • 10.127.21.2:445
    mssecsvr.exe
    104 B
     2
  • 14.71.44.160:445
    mssecsvr.exe
    52 B
     1
  • 94.125.110.82:445
    mssecsvr.exe
    52 B
     1
  • 173.123.29.116:445
    mssecsvr.exe
    104 B
     2
  • 10.127.22.2:445
    mssecsvr.exe
    52 B
     1
  • 10.127.23.2:445
    mssecsvr.exe
    104 B
     2
  • 20.222.16.90:445
    mssecsvr.exe
    104 B
     2
  • 68.97.14.150:445
    mssecsvr.exe
    104 B
     2
  • 15.135.165.100:445
    mssecsvr.exe
    104 B
     2
  • 10.127.24.2:445
    mssecsvr.exe
    104 B
     2
  • 10.127.25.2:445
    mssecsvr.exe
    104 B
     2
  • 195.60.134.206:445
    mssecsvr.exe
    104 B
     2
  • 10.127.26.2:445
    mssecsvr.exe
    104 B
     2
  • 31.178.138.127:445
    mssecsvr.exe
    104 B
     2
  • 10.127.27.2:445
    mssecsvr.exe
    104 B
     2
  • 197.129.2.87:445
    mssecsvr.exe
    104 B
     2
  • 145.202.221.244:445
    mssecsvr.exe
    104 B
     2
  • 137.18.159.31:445
    mssecsvr.exe
    104 B
     2
  • 180.55.48.242:445
    mssecsvr.exe
    104 B
     2
  • 153.210.71.118:445
    mssecsvr.exe
    52 B
     1
  • 221.213.83.215:445
    mssecsvr.exe
    52 B
     1
  • 149.223.209.58:445
    mssecsvr.exe
    104 B
     2
  • 10.127.29.2:445
    mssecsvr.exe
    104 B
     2
  • 84.243.78.1:445
    mssecsvr.exe
    104 B
     2
  • 192.8.162.197:445
    mssecsvr.exe
    52 B
     1
  • 8.8.8.8:53
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
    dns
    mssecsvr.exe
    95 B
     111 B
     1
    1

    DNS Request

    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com

    DNS Response

    103.224.212.215

  • 8.8.8.8:53
    ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
    dns
    mssecsvr.exe
    96 B
     138 B
     1
    1

    DNS Request

    ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com

    DNS Response

    199.59.243.227

  • 8.8.8.8:53
    215.212.224.103.in-addr.arpa
    dns
    74 B
     108 B
     1
    1

    DNS Request

    215.212.224.103.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    227.243.59.199.in-addr.arpa
    dns
    73 B
     131 B
     1
    1

    DNS Request

    227.243.59.199.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    74.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    74.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    133.211.185.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    133.211.185.52.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\mssecsvr.exe
    Filesize

    2.2MB

    MD5

    d61fdd87eaac262a8a77080ee54edb46

    SHA1

    121b1edae817d516515080d8c06225f34b1fce04

    SHA256

    2777e4e00f60f7fc101c3181c782a83ec306425ce7d9e72c6e42fde2a4247168

    SHA512

    6c520701fb7eb28e9417507f9426f2dabbd624009df8dcfab8b624b13b8041a5b88ed62fb99321ebeb2fe8c35746e541d1b88f10597d384e58f4f1811dbb05ba

    Download Submit

  • C:\Windows\tasksche.exe
    Filesize

    2.0MB

    MD5

    c4640e5a8a68c8aa313e8127a1d797ed

    SHA1

    3fa7396d3bf4a070f426a5ac2d3928cff2dc3eaf

    SHA256

    3d5891d7cd3c675aa40d8671866375750385ad58bf75bfc386954c3aab4ea241

    SHA512

    0a1b1057ff7dcdfee7f86142617b2ef230f53c964c9423c48e347dcf21c8a4186ed10d1dfe1a90cbde321adf4da51865205e47800d9e59d0c1dc8db76bd3ef1c

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.