Malware Analysis Report

2024-11-15 08:41

Sample ID 241110-vmjdya1fpg
Target RNSM00342.7z
SHA256 601558763a1331f16d0194f29c90d6e301df0d143ad915cf9b760c28e767a947
Tags
azorult hawkeye mimikatz troldesh zgrat collection credential_access defense_evasion discovery evasion execution impact infostealer keylogger persistence privilege_escalation ransomware rat spyware stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

601558763a1331f16d0194f29c90d6e301df0d143ad915cf9b760c28e767a947

Threat Level: Known bad

The file RNSM00342.7z was found to be: Known bad.

Malicious Activity Summary

azorult hawkeye mimikatz troldesh zgrat collection credential_access defense_evasion discovery evasion execution impact infostealer keylogger persistence privilege_escalation ransomware rat spyware stealer trojan upx

Mimikatz

Troldesh, Shade, Encoder.858

Azorult

ZGRat

Mimikatz family

Azorult family

Zgrat family

Modifies visibility of file extensions in Explorer

Modifies WinLogon for persistence

Modifies visiblity of hidden/system files in Explorer

Detect ZGRat V2

Hawkeye family

HawkEye

Troldesh family

NirSoft MailPassView

mimikatz is an open source tool to dump credentials on Windows

Renames multiple (87) files with added filename extension

Renames multiple (251) files with added filename extension

Detected Nirsoft tools

Modifies boot configuration data using bcdedit

Renames multiple (9965) files with added filename extension

Deletes shadow copies

NirSoft WebBrowserPassView

Boot or Logon Autostart Execution: Active Setup

Disables use of System Restore points

Disables RegEdit via registry modification

Loads dropped DLL

Modifies system executable filetype association

Reads data files stored by FTP clients

Reads WinSCP keys stored on the system

Drops startup file

Unsecured Credentials: Credentials In Files

Checks computer location settings

Executes dropped EXE

Reads user/profile data of local email clients

Uses the VBS compiler for execution

Credentials from Password Stores: Windows Credential Manager

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Adds Run key to start application

Enumerates connected drives

Creates a large amount of network flows

Accesses Microsoft Outlook profiles

Accesses Microsoft Outlook accounts

Drops desktop.ini file(s)

Looks up external IP address via web service

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

UPX packed file

Drops file in Program Files directory

Drops file in Windows directory

Program crash

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Event Triggered Execution: Accessibility Features

Suspicious behavior: AddClipboardFormatListener

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

outlook_office_path

System policy modification

Uses Task Scheduler COM API

Modifies Control Panel

Uses Volume Shadow Copy service COM API

Suspicious behavior: MapViewOfSection

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Suspicious behavior: CmdExeWriteProcessMemorySpam

Interacts with shadow copies

Suspicious behavior: RenamesItself

Suspicious use of SendNotifyMessage

Suspicious use of UnmapMainImage

Suspicious behavior: GetForegroundWindowSpam

NTFS ADS

outlook_win_path

Suspicious behavior: SetClipboardViewer

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Modifies registry class

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Reported

2024-11-10 17:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 17:06

Reported

2024-11-10 17:10

Platform

win7-20240903-en

Max time kernel

215s

Max time network

216s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00342.7z"

Signatures

Azorult

trojan infostealer azorult

Azorult family

azorult

Detect ZGRat V2

Description Indicator Process Target
N/A N/A N/A N/A

HawkEye

keylogger trojan stealer spyware hawkeye

Hawkeye family

hawkeye

Mimikatz

mimikatz

Mimikatz family

mimikatz

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe \"C:\\Windows\\system32\\IExplorer.exe\"" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\IExplorer.exe" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "explorer.exe, C:\\Users\\Admin\\AppData\\Roaming\\bedsit.exe" C:\Windows\SysWOW64\msiexec.exe N/A

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A

Modifies visiblity of hidden/system files in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A

Troldesh family

troldesh

Troldesh, Shade, Encoder.858

ransomware trojan troldesh

ZGRat

rat zgrat

Zgrat family

zgrat

Deletes shadow copies

ransomware defense_evasion impact execution

Detected Nirsoft tools

Description Indicator Process Target
N/A N/A N/A N/A

Modifies boot configuration data using bcdedit

ransomware evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\bcdedit.exe N/A
N/A N/A C:\Windows\system32\bcdedit.exe N/A
N/A N/A C:\Windows\system32\bcdedit.exe N/A
N/A N/A C:\Windows\system32\bcdedit.exe N/A

NirSoft MailPassView

Description Indicator Process Target
N/A N/A N/A N/A

NirSoft WebBrowserPassView

Description Indicator Process Target
N/A N/A N/A N/A

Renames multiple (251) files with added filename extension

ransomware

Renames multiple (87) files with added filename extension

ransomware

Renames multiple (9965) files with added filename extension

ransomware

mimikatz is an open source tool to dump credentials on Windows

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\Explorer.EXE N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A

Disables use of System Restore points

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryptXXX.asdgay-2539ffb7dbf707e0d4031bfcda075ca7bf06007fc558457ca74432a90579c071.exe N/A

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\!!!DECRYPTION__KEYPASS__INFO!!!.txt C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\!!!DECRYPTION__KEYPASS__INFO!!!.txt C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Blocker.gen-2073b0ed73c39354551642459c4ce70c3747d622ca3dc16ea6c8c16f1389976f.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypren.gen-f9e38f82b51d7898ef9569f51b1a9ed58281417e548343098fed5114c6abcbca.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Generic-bee964f8b61d10dc2c34b4b6f5a01213e811a35c8e3df6eb73b7fd754440bf05.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.ldar-35ad66a94dd28ef478a84ecc5fb98fc509e9fd0e4097b5b17e3e9cb71e8b39fc.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lkaa-664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryFile.zzl-daff68b6fa20239505d252f3a5d6c07219d2a0ffdcb782633645a864b334fe77.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryptXXX.asdgay-2539ffb7dbf707e0d4031bfcda075ca7bf06007fc558457ca74432a90579c071.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.obfr-3d561c3b90d639500373124149828d7f8e8e7550d113b071d5dbdb1eb7faa52d.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Shade.oxu-ea8772f373c29b2b731e4926a4c96facf93226dbeff5f9513387351cc0dc7e74.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Wanna.zbu-04f468bec220fa9dfd4897adf86f28f8ceb04a72806c473cd22e366f716389a3.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.MSIL.Agent.ggz-4cea9dbc941756f7298521104001bc20cb73cfdda06a60a9e90760188661f5e4.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.levy-4a972d009561ea1960c7e866665979d74506c2d84eb0ad594540366873ab0441.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.meia-f275e43433e98d1fc3f6c868f93460e975e3b737e052cce8037abdd518ea8e77.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Crypmodadv.xrx-951150abf88603c73afef53326bded068d0f87b45e01dee3d268eca4eedbe9dd.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.ldqm-e1936dd3f073c4b959dda43b660bf048b435bbcd0de3747bf53f04b6125272f6.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Purga.mp-24ed6ee6c21b01723299773311912048f6a4a782de9496c6e479c22d6fceb085.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Swed.a-fbaa0b9fe6f035b1c466a75f768c6c86da669af72b363de043b4e5339bbbc4de.exe N/A
N/A N/A C:\Users\All Users\mmkt.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lkaa-664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0.exe N/A
N/A N/A C:\Windows\xk.exe N/A
N/A N/A C:\Windows\SysWOW64\IExplorer.exe N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE N/A
N/A N/A C:\ProgramData\ctfmon.exe N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Windows Update.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Windows Update.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Windows\xk.exe N/A
N/A N/A C:\Windows\SysWOW64\IExplorer.exe N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryFile.zzl-daff68b6fa20239505d252f3a5d6c07219d2a0ffdcb782633645a864b334fe77.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\installutil.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\installutil.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.levy-4a972d009561ea1960c7e866665979d74506c2d84eb0ad594540366873ab0441.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.levy-4a972d009561ea1960c7e866665979d74506c2d84eb0ad594540366873ab0441.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.ldqm-e1936dd3f073c4b959dda43b660bf048b435bbcd0de3747bf53f04b6125272f6.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\ProgramData\ctfmon.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lkaa-664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Windows Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Windows Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Windows Update.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "\"C:\\Windows\\system32\\shell.exe\" \"%1\" %*" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shell\open\command C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shell C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell\open\command\ = "\"C:\\Windows\\system32\\shell.exe\" \"%1\" %*" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shell\open C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shell\open\command\ = "\"C:\\Windows\\system32\\shell.exe\" \"%1\" %*" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell\open\command C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell\open\command\ = "\"C:\\Windows\\system32\\shell.exe\" \"%1\" %*" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\open\command C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\open\command\ = "\"C:\\Windows\\system32\\shell.exe\" \"%1\" %*" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell\open\command C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\ = "File Folder" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A

Reads WinSCP keys stored on the system

spyware stealer

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Unsecured Credentials: Credentials In Files

credential_access stealer

Uses the VBS compiler for execution

Accesses Microsoft Outlook accounts

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key queried \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key enumerated \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key enumerated \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe N/A
Key enumerated \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PremiumOs3 = "C:\\ProgramData\\Microsoft\\Windows\\PremiumOs3.exe" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.obfr-3d561c3b90d639500373124149828d7f8e8e7550d113b071d5dbdb1eb7faa52d.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\DirtyDecrypt = "\"C:\\Users\\Admin\\Desktop\\00342\\Trojan-Ransom.Win32.Swed.a-fbaa0b9fe6f035b1c466a75f768c6c86da669af72b363de043b4e5339bbbc4de.exe\" /hide" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Swed.a-fbaa0b9fe6f035b1c466a75f768c6c86da669af72b363de043b4e5339bbbc4de.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gaudox = "C:\\Users\\Admin\\AppData\\Roaming\\fP7BcvkX7A5q3F8E4ojMGpIGunVq.exe" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.meia-f275e43433e98d1fc3f6c868f93460e975e3b737e052cce8037abdd518ea8e77.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe = "C:\\ProgramData\\ctfmon.exe -a" C:\ProgramData\ctfmon.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\System Monitoring = "C:\\Users\\Admin\\Local Settings\\Application Data\\WINDOWS\\LSASS.EXE" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS = "C:\\Users\\Admin\\Local Settings\\Application Data\\WINDOWS\\WINLOGON.EXE" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\ServiceAdmin = "C:\\Users\\Admin\\Local Settings\\Application Data\\WINDOWS\\SERVICES.EXE" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\xk = "C:\\Windows\\xk.exe" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Shade.oxu-ea8772f373c29b2b731e4926a4c96facf93226dbeff5f9513387351cc0dc7e74.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\{42B16986-B6F0-83FD-F620-9DF2B2002767} = "C:\\Users\\Admin\\AppData\\Roaming\\Macromedia\\winMacromedia.exe" C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\LogonAdmin = "C:\\Users\\Admin\\Local Settings\\Application Data\\WINDOWS\\CSRSS.EXE" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\My Inbox Helper = "\"C:\\Users\\Admin\\AppData\\Local\\My Inbox Helper\\My Inbox Helper.exe\" /delay 0" C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe N/A

Checks installed software on the system

discovery

Creates a large amount of network flows

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Games\Desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini C:\Windows\Explorer.EXE N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\VSUVY3HP\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1J27TKW\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
File opened for modification C:\Users\Public\Pictures\Sample Pictures\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
File opened for modification C:\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INNMDE1C\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Public\Recorded TV\Sample Media\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Mahjong\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\U9KKHJMH\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
File opened for modification C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Purble Place\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Ringtones\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File created F:\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links for United States\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Hearts\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK3MU41S\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\TN6BGAW3\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8BOMT1Q\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini C:\Windows\Explorer.EXE N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
File opened for modification F:\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\$RECYCLE.BIN\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini C:\Windows\Explorer.EXE N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A checkip.dyndns.org N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Mig2.scr C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File created C:\Windows\SysWOW64\IExplorer.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File opened for modification C:\Windows\SysWOW64\IExplorer.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File created C:\Windows\system32\perfc007.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh009.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh00A.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\SysWOW64\shell.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File created C:\Windows\system32\perfh011.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\SysWOW64\PerfStringBackup.TMP C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File opened for modification C:\Windows\SysWOW64\PerfStringBackup.INI C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh007.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc009.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc00A.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc00C.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File opened for modification C:\Windows\SysWOW64\msvbvm60.dll C:\Windows\SysWOW64\shell.exe N/A
File opened for modification C:\Windows\SysWOW64\Mig2.scr C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File created C:\Windows\system32\perfh00C.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc010.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh010.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc011.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\SysWOW64\msvbvm60.dll C:\Windows\SysWOW64\shell.exe N/A
File opened for modification C:\Windows\SysWOW64\shell.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypren.gen-f9e38f82b51d7898ef9569f51b1a9ed58281417e548343098fed5114c6abcbca.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1144 set thread context of 3028 N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.meia-f275e43433e98d1fc3f6c868f93460e975e3b737e052cce8037abdd518ea8e77.exe C:\Windows\SysWOW64\explorer.exe
PID 1172 set thread context of 2804 N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe
PID 2040 set thread context of 876 N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lkaa-664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lkaa-664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0.exe
PID 7320 set thread context of 2952 N/A C:\Windows\SysWOW64\WScript.exe C:\Users\Admin\Desktop\00342\TRC38A~1.EXE
PID 4100 set thread context of 5744 N/A C:\Users\Admin\AppData\Roaming\Windows Update.exe C:\Users\Admin\AppData\Roaming\Windows Update.exe
PID 2952 set thread context of 6140 N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE C:\Windows\SysWOW64\cmd.exe
PID 6140 set thread context of 7108 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cacls.exe
PID 6140 set thread context of 5440 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WScript.exe
PID 5440 set thread context of 8140 N/A C:\Windows\SysWOW64\WScript.exe C:\Users\Admin\Desktop\00342\TRC38A~1.EXE
PID 8140 set thread context of 6436 N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE C:\Windows\SysWOW64\cmd.exe
PID 6436 set thread context of 5396 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cacls.exe
PID 6436 set thread context of 8476 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WScript.exe
PID 8476 set thread context of 6128 N/A C:\Windows\SysWOW64\WScript.exe C:\Users\Admin\Desktop\00342\TRC38A~1.EXE
PID 6128 set thread context of 8472 N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE C:\Windows\SysWOW64\cmd.exe
PID 8472 set thread context of 8496 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cacls.exe
PID 8472 set thread context of 8768 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WScript.exe
PID 8768 set thread context of 6336 N/A C:\Windows\SysWOW64\WScript.exe C:\Users\Admin\Desktop\00342\TRC38A~1.EXE
PID 6336 set thread context of 8924 N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE C:\Windows\SysWOW64\cmd.exe
PID 8924 set thread context of 8916 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cacls.exe
PID 8924 set thread context of 4348 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WScript.exe
PID 4348 set thread context of 8300 N/A C:\Windows\SysWOW64\WScript.exe C:\Users\Admin\Desktop\00342\TRC38A~1.EXE
PID 8300 set thread context of 5188 N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE
PID 5188 set thread context of 8788 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cacls.exe
PID 5188 set thread context of 7792 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WScript.exe
PID 7792 set thread context of 6268 N/A C:\Windows\SysWOW64\WScript.exe C:\Users\Admin\Desktop\00342\TRC38A~1.EXE
PID 6268 set thread context of 8656 N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE C:\Windows\SysWOW64\cmd.exe
PID 380 set thread context of 8416 N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe C:\Windows\xk.exe
PID 380 set thread context of 9112 N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe C:\Windows\SysWOW64\IExplorer.exe
PID 380 set thread context of 5188 N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE
PID 380 set thread context of 8204 N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE
PID 380 set thread context of 6052 N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE
PID 380 set thread context of 9144 N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE
PID 380 set thread context of 8356 N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE
PID 5744 set thread context of 9028 N/A C:\Users\Admin\AppData\Roaming\Windows Update.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
PID 5744 set thread context of 9028 N/A C:\Users\Admin\AppData\Roaming\Windows Update.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
PID 2428 set thread context of 7484 N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Purga.mp-24ed6ee6c21b01723299773311912048f6a4a782de9496c6e479c22d6fceb085.exe C:\Windows\SysWOW64\cmd.exe
PID 1904 set thread context of 10156 N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe C:\Users\Admin\AppData\Local\My Inbox Helper\My Inbox Helper.exe
PID 10156 set thread context of 5384 N/A C:\Users\Admin\AppData\Local\My Inbox Helper\My Inbox Helper.exe C:\Windows\SysWOW64\shell.exe
PID 5384 set thread context of 10612 N/A C:\Windows\SysWOW64\shell.exe C:\Windows\SysWOW64\WerFault.exe
PID 796 set thread context of 11112 N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
PID 796 set thread context of 11120 N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
PID 11112 set thread context of 10928 N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
PID 2712 set thread context of 11192 N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\installutil.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\installutil.exe
PID 5744 set thread context of 10428 N/A C:\Users\Admin\AppData\Roaming\Windows Update.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
PID 5744 set thread context of 10428 N/A C:\Users\Admin\AppData\Roaming\Windows Update.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
PID 1732 set thread context of 10444 N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe
PID 1732 set thread context of 10444 N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe
PID 2064 set thread context of 15612 N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypren.gen-f9e38f82b51d7898ef9569f51b1a9ed58281417e548343098fed5114c6abcbca.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
PID 2064 set thread context of 15612 N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypren.gen-f9e38f82b51d7898ef9569f51b1a9ed58281417e548343098fed5114c6abcbca.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
PID 796 set thread context of 18424 N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe C:\Windows\SysWOW64\cmd.exe

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107746.WMF C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\background.gif C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\RSSFeeds.js C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Thatch.thmx C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR9B.GIF C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_SlateBlue.gif C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\MOFL.DLL C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00050_.WMF C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\Form_StatusImageMask.bmp C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mk\!!!DECRYPTION__KEYPASS__INFO!!!.txt C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21398_.GIF C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR49B.GIF C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORM.DLL C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0335112.WMF C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\VideoLAN Website.url C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlcecompact35.dll C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\!!!DECRYPTION__KEYPASS__INFO!!!.txt C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\background.gif C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\fr-FR\!!!DECRYPTION__KEYPASS__INFO!!!.txt C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.ServiceModel.Resources.dll C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\!!!DECRYPTION__KEYPASS__INFO!!!.txt C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationBuildTasks.resources.dll C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02384_.WMF C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\settings.js C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Chess\desktop.ini C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SecStoreFile.ico C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\gadget.xml C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\!!!DECRYPTION__KEYPASS__INFO!!!.txt C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\SPACER.GIF C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_pressed.gif C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\flyout.css C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE.MANIFEST C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_right.png C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\xk.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File created C:\Windows\xk.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
File created C:\Windows\inf\Outlook\outlperf.h C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File opened for modification C:\Windows\inf\Outlook\outlperf.h C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\inf\Outlook\0009\outlperf.ini C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\msvbvm60.dll C:\Windows\SysWOW64\shell.exe N/A
File opened for modification C:\Windows\msvbvm60.dll C:\Windows\SysWOW64\shell.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Accessibility Features

persistence privilege_escalation

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\shell.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\Trojan-Ransom.MSIL.Agent.ggz-4cea9dbc941756f7298521104001bc20cb73cfdda06a60a9e90760188661f5e4.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.meia-f275e43433e98d1fc3f6c868f93460e975e3b737e052cce8037abdd518ea8e77.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lkaa-664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Swed.a-fbaa0b9fe6f035b1c466a75f768c6c86da669af72b363de043b4e5339bbbc4de.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Crypmodadv.xrx-951150abf88603c73afef53326bded068d0f87b45e01dee3d268eca4eedbe9dd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Shell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.ldqm-e1936dd3f073c4b959dda43b660bf048b435bbcd0de3747bf53f04b6125272f6.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Windows Update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.levy-4a972d009561ea1960c7e866665979d74506c2d84eb0ad594540366873ab0441.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Generic-bee964f8b61d10dc2c34b4b6f5a01213e811a35c8e3df6eb73b7fd754440bf05.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Shade.oxu-ea8772f373c29b2b731e4926a4c96facf93226dbeff5f9513387351cc0dc7e74.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\shell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryptXXX.asdgay-2539ffb7dbf707e0d4031bfcda075ca7bf06007fc558457ca74432a90579c071.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\My Inbox Helper\My Inbox Helper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.obfr-3d561c3b90d639500373124149828d7f8e8e7550d113b071d5dbdb1eb7faa52d.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\vssadmin.exe N/A
N/A N/A C:\Windows\system32\vssadmin.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Control Panel\Desktop\ C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Control Panel\Desktop\SCRNSAVE.EXE = "C:\\Windows\\system32\\Mig~mig.SCR" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Control Panel\Desktop\ScreenSaverIsSecure = "0" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Control Panel\Desktop\ScreenSaveTimeOut = "600" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\My Inbox Helper\My Inbox Helper.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\My Inbox Helper\My Inbox Helper.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea220000000002000000000010660000000100002000000025ebca568ac947592af4e78c72ec9ce124bcd9b47c8bfeb6c3e6e08450cddc31000000000e80000000020000200000008b10ca23f43207dd75134b603c3c0c5fa03d9afefb5efcbd56a42d0c04c455bd20000000b8469a33c97bbdd2a6aea97c878d65795493522b6a80003f589106c25433efa8400000006bd0351f926cf361a197ae78ed66f615348240b74d947c41ae0517bcad598c0fc17f291546ff5ef895a2ce46af7d7ab9f479fd4c734788bb5b9a290a2cb971c8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000e93328155f3b3157e082df6e13d56b74ae53e32d2c5f41180a0298e01de89e09000000000e80000000020000200000006b0c89a0b4e2a5ac4d0e7a875a9cbb32b15c2077ceb16bc03be6864717486c96900000009e137d53a71c3d08055ccabdbdc510fa9bbbfc2fdfa3806872cfb372d7ca3ae9e1869f71c60470d7240484f2480ab5cbc34eecb5cf8c8367a06b33fe0caa4813b77887fedc13536ec5919c2e1a58fe6274771f1d2a52f98f284ed8a989266708625bd675eae54a5c11d1cd26042be7ed768e0cbbe3ffd3928af9dfdf1ec82aff27a23aff1b5e7df9861b0f545e71391f400000004f079bfb4eaff16f4042c42c0625806df7bbec6aed908aee13f6d197f7422aa60e83b12e09608d521a4abeca4bf6128702ba6abf0913301e093001b0fb48cb83 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl C:\Users\Admin\AppData\Local\My Inbox Helper\My Inbox Helper.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\My Inbox Helper.exe = "9999" C:\Users\Admin\AppData\Local\My Inbox Helper\My Inbox Helper.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a084c71f9333db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437420328" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{49AAA951-9F86-11EF-AD39-C6DA928D33CD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630E6-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630DE-0000-0000-C000-000000000046} C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630E3-0000-0000-C000-000000000046}\TypeLib C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063034-0000-0000-C000-000000000046}\TypeLib C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063080-0000-0000-C000-000000000046} C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063077-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063093-0000-0000-C000-000000000046}\TypeLib C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000672EE-0000-0000-C000-000000000046} C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063035-0000-0000-C000-000000000046}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630E9-0000-0000-C000-000000000046}\TypeLib\Version = "9.4" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000672DD-0000-0000-C000-000000000046}\TypeLib\Version = "9.4" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00067356-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063003-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063079-0000-0000-C000-000000000046}\TypeLib\Version = "9.4" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00067366-0000-0000-C000-000000000046}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630D8-0000-0000-C000-000000000046} C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630D8-0000-0000-C000-000000000046}\TypeLib C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630E5-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063075-0000-0000-C000-000000000046}\TypeLib C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006307B-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006300E-0000-0000-C000-000000000046}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630B2-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006F026-0000-0000-C000-000000000046} C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063026-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006305C-0000-0000-C000-000000000046} C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630C9-0000-0000-C000-000000000046}\TypeLib C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063078-0000-0000-C000-000000000046}\TypeLib\Version = "9.4" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630EA-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063022-0000-0000-C000-000000000046}\TypeLib C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063107-0000-0000-C000-000000000046}\TypeLib C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000672EB-0000-0000-C000-000000000046} C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000672EC-0000-0000-C000-000000000046}\TypeLib C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006304B-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630CE-0000-0000-C000-000000000046}\ = "_RuleActions" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630DF-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630CB-0000-0000-C000-000000000046}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630C3-0000-0000-C000-000000000046}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006307D-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00067366-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006309A-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630A2-0000-0000-C000-000000000046}\ = "_BusinessCardView" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006304E-0000-0000-C000-000000000046}\TypeLib\Version = "9.4" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630B1-0000-0000-C000-000000000046}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630B0-0000-0000-C000-000000000046}\TypeLib\Version = "9.4" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630A2-0000-0000-C000-000000000046}\TypeLib C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063039-0000-0000-C000-000000000046} C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000672F4-0000-0000-C000-000000000046}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000672ED-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006304A-0000-0000-C000-000000000046} C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063046-0000-0000-C000-000000000046} C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630CA-0000-0000-C000-000000000046}\TypeLib\Version = "9.4" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063104-0000-0000-C000-000000000046}\ = "AccountSelectorEvents" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00062FFF-0000-0000-C000-000000000046}\9.4\0\win32\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msoutl.olb" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006303D-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630D3-0000-0000-C000-000000000046} C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630B1-0000-0000-C000-000000000046}\TypeLib C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063073-0000-0000-C000-000000000046}\TypeLib C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630A2-0000-0000-C000-000000000046}\TypeLib\Version = "9.4" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063024-0000-0000-C000-000000000046}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D87E7E17-6897-11CE-A6C0-00AA00608FAA}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630DE-0000-0000-C000-000000000046}\ = "_ToOrFromRuleCondition" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630E5-0000-0000-C000-000000000046}\TypeLib C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006302B-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\ProgramData\ctfmon.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\ProgramData\ctfmon.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\ProgramData\ctfmon.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.obfr-3d561c3b90d639500373124149828d7f8e8e7550d113b071d5dbdb1eb7faa52d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.obfr-3d561c3b90d639500373124149828d7f8e8e7550d113b071d5dbdb1eb7faa52d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\ProgramData\ctfmon.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.obfr-3d561c3b90d639500373124149828d7f8e8e7550d113b071d5dbdb1eb7faa52d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.obfr-3d561c3b90d639500373124149828d7f8e8e7550d113b071d5dbdb1eb7faa52d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.obfr-3d561c3b90d639500373124149828d7f8e8e7550d113b071d5dbdb1eb7faa52d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.obfr-3d561c3b90d639500373124149828d7f8e8e7550d113b071d5dbdb1eb7faa52d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.obfr-3d561c3b90d639500373124149828d7f8e8e7550d113b071d5dbdb1eb7faa52d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.obfr-3d561c3b90d639500373124149828d7f8e8e7550d113b071d5dbdb1eb7faa52d.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\1AA33736-00000001.eml:OECustomProperty C:\Program Files\Windows Mail\WinMail.exe N/A
File opened for modification C:\Program Files\Internet Explorer\IEXPLORE.EXE" http:\results.hdownloadmyinboxhelper.com\s?uid=5e116465-c3e2-451a-847c-6b15ad57e829&uc=20181101&source=d-ccc3-lp0-bb8-sbe&i_id=email_&ap=appfocu C:\Windows\SysWOW64\shell.exe N/A
File created C:\Program Files\Internet Explorer\IEXPLORE.EXE" http:\results.hdownloadmyinboxhelper.com\s?uid=5e116465-c3e2-451a-847c-6b15ad57e829&uc=20181101&source=d-ccc3-lp0-bb8-sbe&i_id=email_&ap=app .exe C:\Windows\SysWOW64\shell.exe N/A
File opened for modification C:\Program Files\Internet Explorer\IEXPLORE.EXE" http:\results.hdownloadmyinboxhelper.com\s?uid=5e116465-c3e2-451a-847c-6b15ad57e829&uc=20181101&source=d-ccc3-lp0-bb8-sbe&i_id=email_&ap=app .exe C:\Windows\SysWOW64\shell.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A

Suspicious behavior: CmdExeWriteProcessMemorySpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Blocker.gen-2073b0ed73c39354551642459c4ce70c3747d622ca3dc16ea6c8c16f1389976f.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypren.gen-f9e38f82b51d7898ef9569f51b1a9ed58281417e548343098fed5114c6abcbca.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Generic-bee964f8b61d10dc2c34b4b6f5a01213e811a35c8e3df6eb73b7fd754440bf05.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.MSIL.Agent.ggz-4cea9dbc941756f7298521104001bc20cb73cfdda06a60a9e90760188661f5e4.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.ldar-35ad66a94dd28ef478a84ecc5fb98fc509e9fd0e4097b5b17e3e9cb71e8b39fc.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.levy-4a972d009561ea1960c7e866665979d74506c2d84eb0ad594540366873ab0441.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lkaa-664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.meia-f275e43433e98d1fc3f6c868f93460e975e3b737e052cce8037abdd518ea8e77.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryFile.zzl-daff68b6fa20239505d252f3a5d6c07219d2a0ffdcb782633645a864b334fe77.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Crypmodadv.xrx-951150abf88603c73afef53326bded068d0f87b45e01dee3d268eca4eedbe9dd.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryptXXX.asdgay-2539ffb7dbf707e0d4031bfcda075ca7bf06007fc558457ca74432a90579c071.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.ldqm-e1936dd3f073c4b959dda43b660bf048b435bbcd0de3747bf53f04b6125272f6.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.obfr-3d561c3b90d639500373124149828d7f8e8e7550d113b071d5dbdb1eb7faa52d.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Purga.mp-24ed6ee6c21b01723299773311912048f6a4a782de9496c6e479c22d6fceb085.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Shade.oxu-ea8772f373c29b2b731e4926a4c96facf93226dbeff5f9513387351cc0dc7e74.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Swed.a-fbaa0b9fe6f035b1c466a75f768c6c86da669af72b363de043b4e5339bbbc4de.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryptXXX.asdgay-2539ffb7dbf707e0d4031bfcda075ca7bf06007fc558457ca74432a90579c071.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.meia-f275e43433e98d1fc3f6c868f93460e975e3b737e052cce8037abdd518ea8e77.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\WScript.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\TRC38A~1.EXE N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Windows Update.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Purga.mp-24ed6ee6c21b01723299773311912048f6a4a782de9496c6e479c22d6fceb085.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\My Inbox Helper\My Inbox Helper.exe N/A
N/A N/A C:\Windows\SysWOW64\shell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Windows Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypren.gen-f9e38f82b51d7898ef9569f51b1a9ed58281417e548343098fed5114c6abcbca.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypren.gen-f9e38f82b51d7898ef9569f51b1a9ed58281417e548343098fed5114c6abcbca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Swed.a-fbaa0b9fe6f035b1c466a75f768c6c86da669af72b363de043b4e5339bbbc4de.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Swed.a-fbaa0b9fe6f035b1c466a75f768c6c86da669af72b363de043b4e5339bbbc4de.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Swed.a-fbaa0b9fe6f035b1c466a75f768c6c86da669af72b363de043b4e5339bbbc4de.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\explorer.exe N/A
Token: SeDebugPrivilege N/A C:\Users\All Users\mmkt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypren.gen-f9e38f82b51d7898ef9569f51b1a9ed58281417e548343098fed5114c6abcbca.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\installutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Shade.oxu-ea8772f373c29b2b731e4926a4c96facf93226dbeff5f9513387351cc0dc7e74.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Shade.oxu-ea8772f373c29b2b731e4926a4c96facf93226dbeff5f9513387351cc0dc7e74.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lkaa-664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Shade.oxu-ea8772f373c29b2b731e4926a4c96facf93226dbeff5f9513387351cc0dc7e74.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Purga.mp-24ed6ee6c21b01723299773311912048f6a4a782de9496c6e479c22d6fceb085.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Windows\xk.exe N/A
N/A N/A C:\Windows\SysWOW64\IExplorer.exe N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Windows Update.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files\Windows Mail\WinMail.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Windows Update.exe N/A
N/A N/A C:\Windows\xk.exe N/A
N/A N/A C:\Windows\SysWOW64\IExplorer.exe N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE N/A
N/A N/A C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\My Inbox Helper\My Inbox Helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\My Inbox Helper\My Inbox Helper.exe N/A
N/A N/A C:\Windows\SysWOW64\shell.exe N/A
N/A N/A C:\Windows\SysWOW64\Shell.exe N/A
N/A N/A C:\Windows\SysWOW64\Shell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe N/A
N/A N/A C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 664 wrote to memory of 1592 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Blocker.gen-2073b0ed73c39354551642459c4ce70c3747d622ca3dc16ea6c8c16f1389976f.exe
PID 664 wrote to memory of 1592 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Blocker.gen-2073b0ed73c39354551642459c4ce70c3747d622ca3dc16ea6c8c16f1389976f.exe
PID 664 wrote to memory of 1592 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Blocker.gen-2073b0ed73c39354551642459c4ce70c3747d622ca3dc16ea6c8c16f1389976f.exe
PID 664 wrote to memory of 1592 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Blocker.gen-2073b0ed73c39354551642459c4ce70c3747d622ca3dc16ea6c8c16f1389976f.exe
PID 664 wrote to memory of 1732 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe
PID 664 wrote to memory of 1732 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe
PID 664 wrote to memory of 1732 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe
PID 664 wrote to memory of 1732 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe
PID 664 wrote to memory of 2064 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypren.gen-f9e38f82b51d7898ef9569f51b1a9ed58281417e548343098fed5114c6abcbca.exe
PID 664 wrote to memory of 2064 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypren.gen-f9e38f82b51d7898ef9569f51b1a9ed58281417e548343098fed5114c6abcbca.exe
PID 664 wrote to memory of 2064 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypren.gen-f9e38f82b51d7898ef9569f51b1a9ed58281417e548343098fed5114c6abcbca.exe
PID 664 wrote to memory of 2064 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypren.gen-f9e38f82b51d7898ef9569f51b1a9ed58281417e548343098fed5114c6abcbca.exe
PID 664 wrote to memory of 1904 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe
PID 664 wrote to memory of 1904 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe
PID 664 wrote to memory of 1904 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe
PID 664 wrote to memory of 1904 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe
PID 664 wrote to memory of 1904 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe
PID 664 wrote to memory of 1904 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe
PID 664 wrote to memory of 1904 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe
PID 664 wrote to memory of 2044 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Generic-bee964f8b61d10dc2c34b4b6f5a01213e811a35c8e3df6eb73b7fd754440bf05.exe
PID 664 wrote to memory of 2044 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Generic-bee964f8b61d10dc2c34b4b6f5a01213e811a35c8e3df6eb73b7fd754440bf05.exe
PID 664 wrote to memory of 2044 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Generic-bee964f8b61d10dc2c34b4b6f5a01213e811a35c8e3df6eb73b7fd754440bf05.exe
PID 664 wrote to memory of 2044 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Generic-bee964f8b61d10dc2c34b4b6f5a01213e811a35c8e3df6eb73b7fd754440bf05.exe
PID 664 wrote to memory of 1620 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.MSIL.Agent.ggz-4cea9dbc941756f7298521104001bc20cb73cfdda06a60a9e90760188661f5e4.exe
PID 664 wrote to memory of 1620 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.MSIL.Agent.ggz-4cea9dbc941756f7298521104001bc20cb73cfdda06a60a9e90760188661f5e4.exe
PID 664 wrote to memory of 1620 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.MSIL.Agent.ggz-4cea9dbc941756f7298521104001bc20cb73cfdda06a60a9e90760188661f5e4.exe
PID 664 wrote to memory of 1620 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.MSIL.Agent.ggz-4cea9dbc941756f7298521104001bc20cb73cfdda06a60a9e90760188661f5e4.exe
PID 664 wrote to memory of 380 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe
PID 664 wrote to memory of 380 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe
PID 664 wrote to memory of 380 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe
PID 664 wrote to memory of 380 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe
PID 664 wrote to memory of 1172 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe
PID 664 wrote to memory of 1172 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe
PID 664 wrote to memory of 1172 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe
PID 664 wrote to memory of 1172 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe
PID 664 wrote to memory of 644 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.ldar-35ad66a94dd28ef478a84ecc5fb98fc509e9fd0e4097b5b17e3e9cb71e8b39fc.exe
PID 664 wrote to memory of 644 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.ldar-35ad66a94dd28ef478a84ecc5fb98fc509e9fd0e4097b5b17e3e9cb71e8b39fc.exe
PID 664 wrote to memory of 644 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.ldar-35ad66a94dd28ef478a84ecc5fb98fc509e9fd0e4097b5b17e3e9cb71e8b39fc.exe
PID 664 wrote to memory of 644 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.ldar-35ad66a94dd28ef478a84ecc5fb98fc509e9fd0e4097b5b17e3e9cb71e8b39fc.exe
PID 664 wrote to memory of 1520 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.levy-4a972d009561ea1960c7e866665979d74506c2d84eb0ad594540366873ab0441.exe
PID 664 wrote to memory of 1520 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.levy-4a972d009561ea1960c7e866665979d74506c2d84eb0ad594540366873ab0441.exe
PID 664 wrote to memory of 1520 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.levy-4a972d009561ea1960c7e866665979d74506c2d84eb0ad594540366873ab0441.exe
PID 664 wrote to memory of 1520 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.levy-4a972d009561ea1960c7e866665979d74506c2d84eb0ad594540366873ab0441.exe
PID 664 wrote to memory of 2040 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lkaa-664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0.exe
PID 664 wrote to memory of 2040 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lkaa-664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0.exe
PID 664 wrote to memory of 2040 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lkaa-664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0.exe
PID 664 wrote to memory of 2040 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lkaa-664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0.exe
PID 664 wrote to memory of 1144 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.meia-f275e43433e98d1fc3f6c868f93460e975e3b737e052cce8037abdd518ea8e77.exe
PID 664 wrote to memory of 1144 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.meia-f275e43433e98d1fc3f6c868f93460e975e3b737e052cce8037abdd518ea8e77.exe
PID 664 wrote to memory of 1144 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.meia-f275e43433e98d1fc3f6c868f93460e975e3b737e052cce8037abdd518ea8e77.exe
PID 664 wrote to memory of 1144 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.meia-f275e43433e98d1fc3f6c868f93460e975e3b737e052cce8037abdd518ea8e77.exe
PID 664 wrote to memory of 1608 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryFile.zzl-daff68b6fa20239505d252f3a5d6c07219d2a0ffdcb782633645a864b334fe77.exe
PID 664 wrote to memory of 1608 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryFile.zzl-daff68b6fa20239505d252f3a5d6c07219d2a0ffdcb782633645a864b334fe77.exe
PID 664 wrote to memory of 1608 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryFile.zzl-daff68b6fa20239505d252f3a5d6c07219d2a0ffdcb782633645a864b334fe77.exe
PID 664 wrote to memory of 1608 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryFile.zzl-daff68b6fa20239505d252f3a5d6c07219d2a0ffdcb782633645a864b334fe77.exe
PID 664 wrote to memory of 1136 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Crypmodadv.xrx-951150abf88603c73afef53326bded068d0f87b45e01dee3d268eca4eedbe9dd.exe
PID 664 wrote to memory of 1136 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Crypmodadv.xrx-951150abf88603c73afef53326bded068d0f87b45e01dee3d268eca4eedbe9dd.exe
PID 664 wrote to memory of 1136 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Crypmodadv.xrx-951150abf88603c73afef53326bded068d0f87b45e01dee3d268eca4eedbe9dd.exe
PID 664 wrote to memory of 1136 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Crypmodadv.xrx-951150abf88603c73afef53326bded068d0f87b45e01dee3d268eca4eedbe9dd.exe
PID 664 wrote to memory of 1972 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryptXXX.asdgay-2539ffb7dbf707e0d4031bfcda075ca7bf06007fc558457ca74432a90579c071.exe
PID 664 wrote to memory of 1972 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryptXXX.asdgay-2539ffb7dbf707e0d4031bfcda075ca7bf06007fc558457ca74432a90579c071.exe
PID 664 wrote to memory of 1972 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryptXXX.asdgay-2539ffb7dbf707e0d4031bfcda075ca7bf06007fc558457ca74432a90579c071.exe
PID 664 wrote to memory of 1972 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryptXXX.asdgay-2539ffb7dbf707e0d4031bfcda075ca7bf06007fc558457ca74432a90579c071.exe
PID 664 wrote to memory of 2000 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe N/A

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe N/A

outlook_win_path

Description Indicator Process Target
Key queried \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe N/A

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00342.7z"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Blocker.gen-2073b0ed73c39354551642459c4ce70c3747d622ca3dc16ea6c8c16f1389976f.exe

HEUR-Trojan-Ransom.MSIL.Blocker.gen-2073b0ed73c39354551642459c4ce70c3747d622ca3dc16ea6c8c16f1389976f.exe

C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe

HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe

C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypren.gen-f9e38f82b51d7898ef9569f51b1a9ed58281417e548343098fed5114c6abcbca.exe

HEUR-Trojan-Ransom.MSIL.Crypren.gen-f9e38f82b51d7898ef9569f51b1a9ed58281417e548343098fed5114c6abcbca.exe

C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe

HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe

C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Generic-bee964f8b61d10dc2c34b4b6f5a01213e811a35c8e3df6eb73b7fd754440bf05.exe

HEUR-Trojan-Ransom.Win32.Generic-bee964f8b61d10dc2c34b4b6f5a01213e811a35c8e3df6eb73b7fd754440bf05.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.MSIL.Agent.ggz-4cea9dbc941756f7298521104001bc20cb73cfdda06a60a9e90760188661f5e4.exe

Trojan-Ransom.MSIL.Agent.ggz-4cea9dbc941756f7298521104001bc20cb73cfdda06a60a9e90760188661f5e4.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe

Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe

Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.ldar-35ad66a94dd28ef478a84ecc5fb98fc509e9fd0e4097b5b17e3e9cb71e8b39fc.exe

Trojan-Ransom.Win32.Blocker.ldar-35ad66a94dd28ef478a84ecc5fb98fc509e9fd0e4097b5b17e3e9cb71e8b39fc.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.levy-4a972d009561ea1960c7e866665979d74506c2d84eb0ad594540366873ab0441.exe

Trojan-Ransom.Win32.Blocker.levy-4a972d009561ea1960c7e866665979d74506c2d84eb0ad594540366873ab0441.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lkaa-664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0.exe

Trojan-Ransom.Win32.Blocker.lkaa-664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.meia-f275e43433e98d1fc3f6c868f93460e975e3b737e052cce8037abdd518ea8e77.exe

Trojan-Ransom.Win32.Blocker.meia-f275e43433e98d1fc3f6c868f93460e975e3b737e052cce8037abdd518ea8e77.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryFile.zzl-daff68b6fa20239505d252f3a5d6c07219d2a0ffdcb782633645a864b334fe77.exe

Trojan-Ransom.Win32.CryFile.zzl-daff68b6fa20239505d252f3a5d6c07219d2a0ffdcb782633645a864b334fe77.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Crypmodadv.xrx-951150abf88603c73afef53326bded068d0f87b45e01dee3d268eca4eedbe9dd.exe

Trojan-Ransom.Win32.Crypmodadv.xrx-951150abf88603c73afef53326bded068d0f87b45e01dee3d268eca4eedbe9dd.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryptXXX.asdgay-2539ffb7dbf707e0d4031bfcda075ca7bf06007fc558457ca74432a90579c071.exe

Trojan-Ransom.Win32.CryptXXX.asdgay-2539ffb7dbf707e0d4031bfcda075ca7bf06007fc558457ca74432a90579c071.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe

Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.ldqm-e1936dd3f073c4b959dda43b660bf048b435bbcd0de3747bf53f04b6125272f6.exe

Trojan-Ransom.Win32.Foreign.ldqm-e1936dd3f073c4b959dda43b660bf048b435bbcd0de3747bf53f04b6125272f6.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.obfr-3d561c3b90d639500373124149828d7f8e8e7550d113b071d5dbdb1eb7faa52d.exe

Trojan-Ransom.Win32.Foreign.obfr-3d561c3b90d639500373124149828d7f8e8e7550d113b071d5dbdb1eb7faa52d.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Purga.mp-24ed6ee6c21b01723299773311912048f6a4a782de9496c6e479c22d6fceb085.exe

Trojan-Ransom.Win32.Purga.mp-24ed6ee6c21b01723299773311912048f6a4a782de9496c6e479c22d6fceb085.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Shade.oxu-ea8772f373c29b2b731e4926a4c96facf93226dbeff5f9513387351cc0dc7e74.exe

Trojan-Ransom.Win32.Shade.oxu-ea8772f373c29b2b731e4926a4c96facf93226dbeff5f9513387351cc0dc7e74.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Swed.a-fbaa0b9fe6f035b1c466a75f768c6c86da669af72b363de043b4e5339bbbc4de.exe

Trojan-Ransom.Win32.Swed.a-fbaa0b9fe6f035b1c466a75f768c6c86da669af72b363de043b4e5339bbbc4de.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Wanna.zbu-04f468bec220fa9dfd4897adf86f28f8ceb04a72806c473cd22e366f716389a3.exe

Trojan-Ransom.Win32.Wanna.zbu-04f468bec220fa9dfd4897adf86f28f8ceb04a72806c473cd22e366f716389a3.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\0P0JC783.bat" Trojan-Ransom.Win32.Crypmodadv.xrx-951150abf88603c73afef53326bded068d0f87b45e01dee3d268eca4eedbe9dd.exe "

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\system32\explorer.exe"

C:\Users\All Users\mmkt.exe

"C:\Users\All Users\mmkt.exe"

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\SysWOW64\msiexec.exe

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe

Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe

C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

"C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\delself.bat""

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

"C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe" --Admin

C:\Windows\Microsoft.NET\Framework\v2.0.50727\installutil.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\installutil.exe" /logtoconsole=false /logfile= /u "C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Blocker.gen-2073b0ed73c39354551642459c4ce70c3747d622ca3dc16ea6c8c16f1389976f.exe"

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lkaa-664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0.exe

rojan-Ransom.Win32.Blocker.lkaa-664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0.exe

C:\Windows\xk.exe

C:\Windows\xk.exe

C:\Windows\SysWOW64\IExplorer.exe

C:\Windows\system32\IExplorer.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\ProgramData\ctfmon.exe

C:\ProgramData\ctfmon.exe -a

C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE

"C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"

C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE

"C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe

"C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe"

C:\Windows\system32\cmd.exe

/C wmic shadowcopy delete

C:\Windows\system32\cmd.exe

/C vssadmin delete shadows /all /quiet

C:\Windows\system32\cmd.exe

/C bcdedit /set {default} recoveryenabled no

C:\Windows\system32\cmd.exe

/C bcdedit /set {default} bootstatuspolicy ignoreallfailures

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CUR42U24.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\System32\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\bcdedit.exe

bcdedit /set {default} recoveryenabled no

C:\Windows\system32\bcdedit.exe

bcdedit /set {default} bootstatuspolicy ignoreallfailures

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\system32\cmd.exe

/C wmic shadowcopy delete

C:\Windows\system32\cmd.exe

/C vssadmin delete shadows /all /quiet

C:\Windows\system32\cmd.exe

/C bcdedit /set {default} recoveryenabled no

C:\Windows\system32\cmd.exe

/C bcdedit /set {default} bootstatuspolicy ignoreallfailures

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpa485238f.bat"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ReadMe-w3c.html

C:\Windows\system32\bcdedit.exe

bcdedit /set {default} bootstatuspolicy ignoreallfailures

C:\Windows\System32\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\bcdedit.exe

bcdedit /set {default} recoveryenabled no

C:\Windows\system32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CWFAVR72.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE

"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4000 CREDAT:275457 /prefetch:2

C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE

"C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE

"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"

C:\Users\Admin\AppData\Roaming\Windows Update.exe

"C:\Users\Admin\AppData\Roaming\Windows Update.exe"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8P7PHA6K.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" -Embedding

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\0EFMM50M.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\0MJEQVKQ.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\40E2R842.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CNFTAYQV.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CIB5SIB0.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\80YFTXX9.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\0PVDY7DN.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8278MYDT.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Program Files\Windows Mail\WinMail.exe

"C:\Program Files\Windows Mail\WinMail.exe" -Embedding

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\0H40YDXB.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\41T1LAQG.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8W0JBJQU.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-119220802929929831535698211511898166331162668440242453893982256658-504155174"

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Users\Admin\AppData\Roaming\Windows Update.exe

C:\Users\Admin\AppData\Roaming\Windows Update.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\89EGGBTG.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CEMT8S8Q.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\0AMGFW3F.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\0E576V8P.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CYIFKM6C.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\SysWOW64\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\getadmin.vbs"

C:\Users\Admin\Desktop\00342\TRC38A~1.EXE

"C:\Users\Admin\Desktop\00342\TRC38A~1.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CFD7SF1W.bat" "C:\Users\Admin\Desktop\00342\TRC38A~1.EXE" "

C:\Windows\xk.exe

C:\Windows\xk.exe

C:\Windows\SysWOW64\IExplorer.exe

C:\Windows\system32\IExplorer.exe

C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE

"C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"

C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE

"C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"

C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE

"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"

C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE

"C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"

C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE

"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\Admin\AppData\Local\Temp\holdermail.txt"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c copy /y "C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Purga.mp-24ed6ee6c21b01723299773311912048f6a4a782de9496c6e479c22d6fceb085.exe" "C:\Users\Admin\AppData\Roaming\osk.exe"

C:\Users\Admin\AppData\Local\My Inbox Helper\My Inbox Helper.exe

"C:\Users\Admin\AppData\Local\My Inbox Helper\My Inbox Helper.exe" /firstrun

C:\Windows\SysWOW64\shell.exe

"C:\Windows\system32\shell.exe" "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://results.hdownloadmyinboxhelper.com/s?uid=5e116465-c3e2-451a-847c-6b15ad57e829&uc=20181101&source=d-ccc3-lp0-bb8-sbe&i_id=email_&ap=appfocus1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 484

C:\Windows\SysWOW64\Shell.exe

"C:\Windows\system32\Shell.exe"

C:\Windows\SysWOW64\Shell.exe

"C:\Windows\system32\Shell.exe"

C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

"C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe" --ForNetRes x5I74v4h003xJ0iyhUfHQ8W6o0RDSicmSfg72KVA 6se9RaIxXF9m70zWmx7nL3bVRp691w4SNY8UCir0

C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

"C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe" --Service 796 x5I74v4h003xJ0iyhUfHQ8W6o0RDSicmSfg72KVA 6se9RaIxXF9m70zWmx7nL3bVRp691w4SNY8UCir0

C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

"C:\Users\Admin\AppData\Local\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe" --Service 11112 x5I74v4h003xJ0iyhUfHQ8W6o0RDSicmSfg72KVA 6se9RaIxXF9m70zWmx7nL3bVRp691w4SNY8UCir0

C:\Windows\Microsoft.NET\Framework\v2.0.50727\installutil.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\installutil.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\Admin\AppData\Local\Temp\holderwb.txt"

C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe

"HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

C:\Windows\SysWOW64\Wbem\wmic.exe

"wmic" os get Caption /format:list

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\delself.bat""

C:\Windows\Explorer.EXE

"C:\Windows\Explorer.EXE"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x5c0

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\!!!DECRYPTION__KEYPASS__INFO!!!.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 kosovo.duckdns.org udp
US 8.8.8.8:53 s3.amazonaws.com udp
US 52.216.76.126:443 s3.amazonaws.com tcp
US 8.8.8.8:53 admin.svapofit.com udp
US 8.8.8.8:53 admin.svapofit.com udp
US 192.169.69.25:80 kosovo.duckdns.org tcp
N/A 10.127.0.1:445 tcp
N/A 10.127.0.0:82 tcp
N/A 10.127.0.0:83 tcp
N/A 10.127.0.0:84 tcp
N/A 10.127.0.0:88 tcp
N/A 10.127.0.0:89 tcp
N/A 10.127.0.0:90 tcp
N/A 10.127.0.0:99 tcp
N/A 10.127.0.6:445 tcp
N/A 10.127.0.0:102 tcp
N/A 10.127.0.4:445 tcp
N/A 10.127.0.0:104 tcp
N/A 10.127.0.0:113 tcp
N/A 10.127.0.0:175 tcp
N/A 10.127.0.0:179 tcp
N/A 10.127.0.9:445 tcp
N/A 10.127.0.0:195 tcp
CN 106.9.67.0:80 tcp
CN 106.9.67.0:81 tcp
N/A 10.127.0.0:264 tcp
CN 106.9.67.0:82 tcp
N/A 10.127.0.0:311 tcp
N/A 10.127.0.0:389 tcp
CN 106.9.67.0:83 tcp
N/A 10.127.0.0:443 tcp
N/A 10.127.0.7:445 tcp
N/A 10.127.0.8:445 tcp
CN 106.9.67.0:84 tcp
N/A 10.127.0.3:445 tcp
N/A 10.127.0.2:445 tcp
N/A 10.127.0.0:444 tcp
CN 106.9.67.0:88 tcp
N/A 10.127.0.15:445 tcp
CN 106.9.67.0:89 tcp
N/A 10.127.0.0:515 tcp
N/A 10.127.0.0:554 tcp
CN 106.9.67.0:90 tcp
N/A 10.127.0.0:631 tcp
CN 106.9.67.0:99 tcp
N/A 10.127.0.5:445 tcp
N/A 10.127.0.13:445 tcp
N/A 10.127.0.16:445 tcp
N/A 10.127.0.0:1010 tcp
N/A 10.127.0.0:1010 tcp
CN 106.9.67.0:102 tcp
CN 106.9.67.0:104 tcp
N/A 10.127.0.10:445 tcp
N/A 10.127.0.0:1099 tcp
N/A 10.127.0.11:445 tcp
N/A 10.127.0.18:445 tcp
CN 106.9.67.0:113 tcp
N/A 10.127.0.0:1111 tcp
N/A 10.127.0.0:1177 tcp
CN 106.9.67.0:175 tcp
N/A 10.127.0.17:445 tcp
N/A 10.127.0.14:445 tcp
CN 106.9.67.0:179 tcp
N/A 10.127.0.12:445 tcp
N/A 10.127.0.0:1200 tcp
N/A 10.127.0.21:445 tcp
N/A 10.127.0.0:1234 tcp
CN 106.9.67.0:195 tcp
N/A 10.127.0.0:1311 tcp
CN 106.9.67.0:264 tcp
CN 106.9.67.0:311 tcp
N/A 10.127.0.0:1400 tcp
N/A 10.127.0.0:1471 tcp
CN 106.9.67.0:389 tcp
N/A 10.127.0.25:445 tcp
US 8.8.8.8:53 kronus.pp.ua udp
N/A 10.127.0.0:1515 tcp
CN 106.9.67.0:443 tcp
N/A 10.127.0.0:1521 tcp
N/A 10.127.0.24:445 tcp
CN 106.9.67.0:444 tcp
N/A 10.127.0.0:1599 tcp
CN 106.9.67.0:515 tcp
N/A 10.127.0.0:1723 tcp
CN 106.9.67.0:554 tcp
N/A 10.127.0.0:1741 tcp
N/A 10.127.0.0:1777 tcp
CN 106.9.67.0:631 tcp
N/A 10.127.0.20:445 tcp
N/A 10.127.0.0:1911 tcp
CN 106.9.67.0:789 tcp
N/A 10.127.0.22:445 tcp
N/A 10.127.0.0:1962 tcp
CN 106.9.67.0:1010 tcp
N/A 10.127.0.0:1991 tcp
N/A 10.127.0.27:445 tcp
N/A 10.127.0.0:2000 tcp
N/A 10.127.0.28:445 tcp
CN 106.9.67.0:1099 tcp
N/A 10.127.0.23:445 tcp
N/A 10.127.0.0:2081 tcp
CN 106.9.67.0:1177 tcp
N/A 10.127.0.0:2082 tcp
CN 106.9.67.0:1177 tcp
N/A 10.127.0.0:2083 tcp
N/A 10.127.0.35:445 tcp
CN 106.9.67.0:1200 tcp
N/A 10.127.0.0:2086 tcp
CN 106.9.67.0:1234 tcp
N/A 10.127.0.33:445 tcp
N/A 10.127.0.0:2087 tcp
N/A 10.127.0.26:445 tcp
CN 106.9.67.0:1311 tcp
N/A 10.127.0.0:2181 tcp
N/A 10.127.0.29:445 tcp
N/A 10.127.0.0:2222 tcp
CN 106.9.67.0:1400 tcp
N/A 10.127.0.32:445 tcp
N/A 10.127.0.40:445 tcp
CN 106.9.67.0:1471 tcp
N/A 10.127.0.0:2375 tcp
N/A 10.127.0.34:445 tcp
N/A 10.127.0.0:2376 tcp
CN 106.9.67.0:1515 tcp
N/A 10.127.0.36:445 tcp
CN 106.9.67.0:1521 tcp
N/A 10.127.0.0:2404 tcp
N/A 10.127.0.30:445 tcp
CN 106.9.67.0:1599 tcp
N/A 10.127.0.0:2455 tcp
N/A 10.127.0.0:2480 tcp
CN 106.9.67.0:1723 tcp
N/A 10.127.0.31:445 tcp
N/A 10.127.0.41:445 tcp
N/A 10.127.0.37:445 tcp
N/A 10.127.0.0:2628 tcp
CN 106.9.67.0:1777 tcp
N/A 10.127.0.39:445 tcp
CN 106.9.67.0:1777 tcp
N/A 10.127.0.0:3000 tcp
CN 106.9.67.0:1911 tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
CN 106.9.67.0:1962 tcp
DE 18.66.240.120:80 ocsp.r2m01.amazontrust.com tcp
N/A 10.127.0.0:3001 tcp
N/A 10.127.0.0:3128 tcp
N/A 10.127.0.0:445 tcp
N/A 10.127.0.0:80 tcp
CN 106.9.67.0:1991 tcp
N/A 10.127.0.0:3260 tcp
CN 106.9.67.0:2000 tcp
N/A 10.127.0.38:445 tcp
N/A 10.127.0.46:445 tcp
N/A 10.127.0.0:3299 tcp
CN 106.9.67.0:2081 tcp
N/A 10.127.0.0:81 tcp
CN 106.9.67.0:2082 tcp
CN 106.9.67.0:2083 tcp
N/A 10.127.0.0:3310 tcp
N/A 10.127.0.0:3388 tcp
N/A 10.127.0.43:445 tcp
N/A 10.127.0.45:445 tcp
CN 106.9.67.0:2086 tcp
N/A 10.127.0.44:445 tcp
CN 106.9.67.0:2087 tcp
N/A 10.127.0.0:3389 tcp
N/A 10.127.0.0:3460 tcp
N/A 10.127.0.42:445 tcp
N/A 10.127.0.56:445 tcp
CN 106.9.67.0:2181 tcp
N/A 10.127.0.0:3541 tcp
CN 106.9.67.0:2222 tcp
N/A 10.127.0.0:3542 tcp
CN 106.9.67.0:2375 tcp
N/A 10.127.0.51:445 tcp
N/A 10.127.0.58:445 tcp
N/A 10.127.0.49:445 tcp
N/A 10.127.0.47:445 tcp
N/A 10.127.0.48:445 tcp
CN 106.9.67.0:2455 tcp
CN 106.9.67.0:2455 tcp
N/A 10.127.0.0:3689 tcp
N/A 10.127.0.52:445 tcp
N/A 10.127.0.61:445 tcp
N/A 10.127.0.0:3749 tcp
CN 106.9.67.0:2455 tcp
CN 106.9.67.0:2480 tcp
N/A 10.127.0.50:445 tcp
CN 106.9.67.0:2628 tcp
CN 106.9.67.0:3000 tcp
N/A 10.127.0.54:445 tcp
N/A 10.127.0.62:445 tcp
N/A 10.127.0.0:3780 tcp
N/A 10.127.0.0:3790 tcp
CN 106.9.67.0:3001 tcp
N/A 10.127.0.53:445 tcp
N/A 10.127.0.59:445 tcp
CN 106.9.67.0:3128 tcp
N/A 10.127.0.0:4000 tcp
N/A 10.127.0.67:445 tcp
CN 106.9.67.0:3260 tcp
N/A 10.127.0.0:4022 tcp
CN 106.9.67.0:3299 tcp
N/A 10.127.0.69:445 tcp
N/A 10.127.0.57:445 tcp
N/A 10.127.0.0:4040 tcp
CN 106.9.67.0:3310 tcp
N/A 10.127.0.0:4157 tcp
CN 106.9.67.0:3388 tcp
N/A 10.127.0.0:4443 tcp
CN 106.9.67.0:3389 tcp
CN 106.9.67.0:3460 tcp
N/A 10.127.0.0:4444 tcp
N/A 10.127.0.64:445 tcp
N/A 10.127.0.60:445 tcp
CN 106.9.67.0:3541 tcp
N/A 10.127.0.0:4567 tcp
N/A 10.127.0.63:445 tcp
CN 106.9.67.0:3542 tcp
N/A 10.127.0.0:4664 tcp
N/A 10.127.0.73:445 tcp
N/A 10.127.0.72:445 tcp
N/A 10.127.0.71:445 tcp
CN 106.9.67.0:3689 tcp
N/A 10.127.0.0:4782 tcp
CN 106.9.67.0:3749 tcp
N/A 10.127.0.0:4786 tcp
N/A 10.127.0.20:445 tcp
CN 106.9.67.0:3780 tcp
N/A 10.127.0.0:4848 tcp
CN 106.9.67.0:3790 tcp
N/A 10.127.0.0:4911 tcp
N/A 10.127.0.79:445 tcp
N/A 10.127.0.65:445 tcp
N/A 10.127.0.68:445 tcp
CN 106.9.67.0:4000 tcp
N/A 10.127.0.0:5000 tcp
CN 106.9.67.0:4022 tcp
N/A 10.127.0.80:445 tcp
N/A 10.127.0.0:5001 tcp
N/A 10.127.0.74:445 tcp
AT 86.59.21.38:443 tcp
CN 106.9.67.0:4040 tcp
CN 106.9.67.0:4157 tcp
N/A 10.127.0.0:5007 tcp
N/A 10.127.0.0:5009 tcp
CN 106.9.67.0:4443 tcp
N/A 10.127.0.78:445 tcp
N/A 10.127.0.76:445 tcp
N/A 10.127.0.0:5055 tcp
CN 106.9.67.0:4444 tcp
N/A 10.127.0.75:445 tcp
N/A 10.127.0.0:5222 tcp
CN 106.9.67.0:4567 tcp
N/A 10.127.0.70:445 tcp
N/A 10.127.0.81:445 tcp
N/A 10.127.0.0:5269 tcp
CN 106.9.67.0:4664 tcp
N/A 10.127.0.0:5357 tcp
CN 106.9.67.0:4782 tcp
N/A 10.127.0.56:445 tcp
N/A 10.127.0.84:445 tcp
CN 106.9.67.0:4786 tcp
N/A 10.127.0.77:445 tcp
CN 106.9.67.0:4911 tcp
CN 106.9.67.0:4911 tcp
N/A 10.127.0.83:445 tcp
N/A 10.127.0.86:445 tcp
N/A 10.127.0.0:5555 tcp
N/A 10.127.0.0:5560 tcp
CN 106.9.67.0:5001 tcp
CN 106.9.67.0:5001 tcp
N/A 10.127.0.85:445 tcp
N/A 10.127.0.0:5601 tcp
CN 106.9.67.0:5007 tcp
CN 106.9.67.0:5009 tcp
N/A 10.127.0.0:5672 tcp
CN 106.9.67.0:5055 tcp
N/A 10.127.0.0:5800 tcp
N/A 10.127.0.82:445 tcp
N/A 10.127.0.87:445 tcp
N/A 10.127.0.0:5801 tcp
CN 106.9.67.0:5222 tcp
N/A 10.127.0.97:445 tcp
CN 106.9.67.0:5269 tcp
N/A 10.127.0.0:5900 tcp
N/A 10.127.0.0:5901 tcp
CN 106.9.67.0:5357 tcp
N/A 10.127.0.88:445 tcp
N/A 10.127.0.95:445 tcp
N/A 10.127.0.0:5938 tcp
CN 106.9.67.0:5555 tcp
N/A 10.127.0.0:5984 tcp
CN 106.9.67.0:5560 tcp
CN 106.9.67.0:5601 tcp
N/A 10.127.0.93:445 tcp
N/A 10.127.0.96:445 tcp
N/A 10.127.0.90:445 tcp
N/A 10.127.0.0:5985 tcp
N/A 10.127.0.0:5986 tcp
CN 106.9.67.0:5672 tcp
N/A 10.127.0.92:445 tcp
CN 106.9.67.0:5800 tcp
N/A 10.127.0.100:445 tcp
CN 106.9.67.0:5801 tcp
CN 106.9.67.0:5900 tcp
N/A 10.127.0.0:6000 tcp
N/A 10.127.0.98:445 tcp
N/A 10.127.0.106:445 tcp
N/A 10.127.0.104:445 tcp
CN 106.9.67.0:5901 tcp
N/A 10.127.0.0:6001 tcp
N/A 10.127.0.94:445 tcp
CN 106.9.67.0:5938 tcp
N/A 10.127.0.103:445 tcp
N/A 127.0.0.1:50352 tcp
N/A 10.127.0.67:445 tcp
N/A 10.127.0.0:6060 tcp
N/A 10.127.0.0:6664 tcp
N/A 10.127.0.0:6666 tcp
CN 106.9.67.0:5984 tcp
CN 106.9.67.0:5985 tcp
N/A 10.127.0.99:445 tcp
N/A 10.127.0.0:6668 tcp
N/A 10.127.0.101:445 tcp
CN 106.9.67.0:6000 tcp
CN 106.9.67.0:6000 tcp
N/A 10.127.0.0:7001 tcp
N/A 10.127.0.111:445 tcp
CN 106.9.67.0:6060 tcp
CN 106.9.67.0:6060 tcp
N/A 10.127.0.0:7070 tcp
CN 106.9.67.0:6664 tcp
N/A 10.127.0.0:7071 tcp
CN 106.9.67.0:6666 tcp
N/A 10.127.0.0:7080 tcp
CN 106.9.67.0:7001 tcp
CN 106.9.67.0:7001 tcp
US 8.8.8.8:53 s3.us-east-2.amazonaws.com udp
US 8.8.8.8:53 m.facebook.com udp
N/A 10.127.0.0:7415 tcp
CN 106.9.67.0:7070 tcp
CN 106.9.67.0:7071 tcp
US 52.219.106.97:443 s3.us-east-2.amazonaws.com tcp
N/A 10.127.0.107:445 tcp
N/A 10.127.0.0:7474 tcp
CN 106.9.67.0:7080 tcp
GB 163.70.151.35:443 m.facebook.com tcp
N/A 10.127.0.108:445 tcp
N/A 10.127.0.0:7547 tcp
CN 106.9.67.0:7415 tcp
N/A 10.127.0.121:445 tcp
N/A 10.127.0.117:445 tcp
N/A 10.127.0.0:7657 tcp
N/A 10.127.0.0:7657 tcp
CN 106.9.67.0:7474 tcp
N/A 10.127.0.110:445 tcp
N/A 10.127.0.109:445 tcp
N/A 10.127.0.0:7777 tcp
CN 106.9.67.0:7547 tcp
N/A 10.127.0.113:445 tcp
N/A 10.127.0.0:7779 tcp
CN 106.9.67.0:7548 tcp
N/A 10.127.0.115:445 tcp
N/A 10.127.0.0:7890 tcp
CN 106.9.67.0:7657 tcp
US 8.8.8.8:53 domenzona.su udp
CN 106.9.67.0:7777 tcp
N/A 10.127.0.112:445 tcp
N/A 10.127.0.0:8000 tcp
CN 106.9.67.0:7779 tcp
N/A 10.127.0.119:445 tcp
N/A 10.127.0.127:445 tcp
N/A 10.127.0.0:8001 tcp
CN 106.9.67.0:7890 tcp
N/A 10.127.0.120:445 tcp
N/A 10.127.0.0:8002 tcp
CN 106.9.67.0:8000 tcp
N/A 10.127.0.114:445 tcp
N/A 10.127.0.122:445 tcp
N/A 10.127.0.128:445 tcp
N/A 10.127.0.118:445 tcp
CN 106.9.67.0:8001 tcp
N/A 10.127.0.0:8008 tcp
CN 106.9.67.0:8002 tcp
N/A 10.127.0.123:445 tcp
N/A 10.127.0.0:8009 tcp
CN 106.9.67.0:8008 tcp
N/A 10.127.0.0:8010 tcp
CN 106.9.67.0:8009 tcp
CN 106.9.67.0:8010 tcp
N/A 10.127.0.0:8012 tcp
N/A 10.127.0.134:445 tcp
N/A 10.127.0.133:445 tcp
N/A 10.127.0.0:8020 tcp
CN 106.9.67.0:8012 tcp
N/A 10.127.0.124:445 tcp
CN 106.9.67.0:8020 tcp
N/A 10.127.0.125:445 tcp
CN 106.9.67.0:8030 tcp
N/A 10.127.0.131:445 tcp
N/A 10.127.0.0:8030 tcp
N/A 10.127.0.135:445 tcp
N/A 10.127.0.136:445 tcp
N/A 10.127.0.126:445 tcp
N/A 10.127.0.0:8040 tcp
N/A 10.127.0.129:445 tcp
CN 106.9.67.0:8040 tcp
N/A 10.127.0.137:445 tcp
N/A 10.127.0.138:445 tcp
CN 106.9.67.0:8050 tcp
N/A 10.127.0.0:8050 tcp
CN 106.9.67.0:8060 tcp
N/A 10.127.0.132:445 tcp
CN 106.9.67.0:8069 tcp
N/A 10.127.0.140:445 tcp
N/A 10.127.0.0:8069 tcp
N/A 10.127.0.0:8069 tcp
CN 106.9.67.0:8070 tcp
N/A 10.127.0.0:8070 tcp
CN 106.9.67.0:8080 tcp
CN 106.9.67.0:8081 tcp
N/A 10.127.0.0:8080 tcp
N/A 10.127.0.0:8081 tcp
N/A 10.127.0.90:445 tcp
N/A 10.127.0.92:445 tcp
N/A 10.127.0.103:445 tcp
N/A 10.127.0.106:445 tcp
N/A 10.127.0.142:445 tcp
CN 106.9.67.0:8082 tcp
N/A 10.127.0.144:445 tcp
CN 106.9.67.0:8083 tcp
CN 106.9.67.0:8084 tcp
N/A 10.127.0.0:8082 tcp
CN 106.9.67.0:8085 tcp
N/A 10.127.0.139:445 tcp
N/A 10.127.0.141:445 tcp
N/A 10.127.0.0:8083 tcp
CN 106.9.67.0:8086 tcp
N/A 10.127.0.0:8084 tcp
CN 106.9.67.0:8087 tcp
N/A 10.127.0.150:445 tcp
CN 106.9.67.0:8088 tcp
N/A 10.127.0.0:8085 tcp
US 8.8.8.8:53 www.facebook.com udp
CN 106.9.67.0:8089 tcp
GB 163.70.151.35:443 www.facebook.com tcp
N/A 10.127.0.0:8086 tcp
N/A 10.127.0.0:8087 tcp
CN 106.9.67.0:8090 tcp
N/A 10.127.0.145:445 tcp
N/A 10.127.0.151:445 tcp
N/A 10.127.0.0:8088 tcp
N/A 10.127.0.148:445 tcp
N/A 10.127.0.152:445 tcp
CN 106.9.67.0:8098 tcp
N/A 10.127.0.146:445 tcp
N/A 10.127.0.0:8089 tcp
CN 106.9.67.0:8099 tcp
N/A 10.127.0.149:445 tcp
CN 106.9.67.0:8101 tcp
N/A 10.127.0.0:8090 tcp
N/A 10.127.0.143:445 tcp
N/A 10.127.0.0:8098 tcp
CN 106.9.67.0:8112 tcp
N/A 10.127.0.0:8099 tcp
CN 106.9.67.0:8123 tcp
N/A 10.127.0.0:8101 tcp
N/A 10.127.0.156:445 tcp
N/A 10.127.0.0:8112 tcp
CN 106.9.67.0:8126 tcp
N/A 10.127.0.0:8123 tcp
CN 106.9.67.0:8139 tcp
N/A 10.127.0.0:8126 tcp
CN 106.9.67.0:8140 tcp
N/A 10.127.0.0:8139 tcp
CN 106.9.67.0:8181 tcp
N/A 10.127.0.155:445 tcp
N/A 10.127.0.0:8140 tcp
CN 106.9.67.0:8334 tcp
N/A 10.127.0.0:8181 tcp
N/A 10.127.0.154:445 tcp
CN 106.9.67.0:8443 tcp
N/A 10.127.0.153:445 tcp
N/A 10.127.0.0:8334 tcp
CN 106.9.67.0:8554 tcp
N/A 10.127.0.0:8443 tcp
N/A 10.127.0.159:445 tcp
N/A 10.127.0.160:445 tcp
CN 106.9.67.0:8686 tcp
N/A 10.127.0.158:445 tcp
N/A 10.127.0.0:8554 tcp
N/A 10.127.0.157:445 tcp
N/A 10.127.0.161:445 tcp
CN 106.9.67.0:8800 tcp
N/A 10.127.0.0:8686 tcp
CN 106.9.67.0:8834 tcp
N/A 10.127.0.0:8800 tcp
N/A 10.127.0.167:445 tcp
CN 106.9.67.0:8866 tcp
N/A 10.127.0.162:445 tcp
CN 106.9.67.0:8880 tcp
N/A 10.127.0.0:8834 tcp
CN 106.9.67.0:8883 tcp
N/A 10.127.0.165:445 tcp
N/A 10.127.0.168:445 tcp
CN 106.9.67.0:8888 tcp
N/A 10.127.0.118:445 tcp
CN 106.9.67.0:8889 tcp
N/A 10.127.0.0:8866 tcp
N/A 10.127.0.0:8880 tcp
CN 106.9.67.0:9000 tcp
N/A 10.127.0.163:445 tcp
N/A 10.127.0.0:8883 tcp
CN 106.9.67.0:9001 tcp
CN 106.9.67.0:9002 tcp
N/A 10.127.0.172:445 tcp
N/A 10.127.0.166:445 tcp
N/A 10.127.0.0:8888 tcp
CN 106.9.67.0:9008 tcp
N/A 10.127.0.0:8889 tcp
N/A 10.127.0.174:445 tcp
N/A 10.127.0.170:445 tcp
CN 106.9.67.0:9009 tcp
CN 106.9.67.0:9051 tcp
N/A 10.127.0.0:9000 tcp
N/A 10.127.0.0:9001 tcp
CN 106.9.67.0:9080 tcp
CN 106.9.67.0:9081 tcp
N/A 10.127.0.169:445 tcp
N/A 10.127.0.171:445 tcp
N/A 10.127.0.0:9002 tcp
CN 106.9.67.0:9090 tcp
N/A 10.127.0.0:9008 tcp
N/A 10.127.0.177:445 tcp
CN 106.9.67.0:9091 tcp
N/A 10.127.0.179:445 tcp
N/A 10.127.0.0:9009 tcp
N/A 10.127.0.0:9051 tcp
CN 106.9.67.0:9100 tcp
N/A 10.127.0.184:445 tcp
CN 106.9.67.0:9151 tcp
N/A 10.127.0.131:445 tcp
N/A 10.127.0.0:9080 tcp
N/A 10.127.0.178:445 tcp
CN 106.9.67.0:9180 tcp
N/A 10.127.0.181:445 tcp
N/A 10.127.0.182:445 tcp
N/A 10.127.0.0:9081 tcp
CN 106.9.67.0:9191 tcp
N/A 10.127.0.176:445 tcp
N/A 10.127.0.0:9090 tcp
CN 106.9.67.0:9200 tcp
N/A 10.127.0.190:445 tcp
N/A 10.127.0.0:9091 tcp
CN 106.9.67.0:9418 tcp
US 8.8.8.8:53 secure.facebook.com udp
N/A 10.127.0.175:445 tcp
CN 106.9.67.0:9418 tcp
CN 106.9.67.0:9443 tcp
N/A 10.127.0.180:445 tcp
GB 163.70.151.14:443 secure.facebook.com tcp
N/A 10.127.0.0:9100 tcp
CN 106.9.67.0:9595 tcp
N/A 10.127.0.186:445 tcp
N/A 10.127.0.0:9151 tcp
CN 106.9.67.0:9600 tcp
N/A 10.127.0.0:9180 tcp
N/A 10.127.0.185:445 tcp
N/A 10.127.0.192:445 tcp
CN 106.9.67.0:9633 tcp
N/A 10.127.0.0:9191 tcp
N/A 10.127.0.0:9200 tcp
N/A 10.127.0.183:445 tcp
CN 106.9.67.0:9869 tcp
N/A 10.127.0.191:445 tcp
N/A 10.127.0.0:9295 tcp
N/A 10.127.0.193:445 tcp
N/A 10.127.0.187:445 tcp
CN 106.9.67.0:9943 tcp
N/A 10.127.0.194:445 tcp
N/A 10.127.0.0:9418 tcp
CN 106.9.67.0:9944 tcp
N/A 10.127.0.195:445 tcp
N/A 10.127.0.0:9443 tcp
CN 106.9.67.0:9981 tcp
N/A 10.127.0.196:445 tcp
N/A 10.127.0.199:445 tcp
CN 106.9.67.0:9999 tcp
US 8.8.8.8:53 count.homepagetools.online udp
N/A 10.127.0.199:445 tcp
N/A 10.127.0.189:445 tcp
CN 106.9.67.0:10000 tcp
N/A 10.127.0.0:9595 tcp
N/A 10.127.0.188:445 tcp
N/A 10.127.0.0:9600 tcp
CN 106.9.67.0:10080 tcp
N/A 10.127.0.0:9633 tcp
N/A 10.127.0.0:9869 tcp
CN 106.9.67.0:10081 tcp
CN 106.9.67.0:10134 tcp
N/A 10.127.0.0:9943 tcp
N/A 10.127.0.148:445 tcp
N/A 10.127.0.0:9981 tcp
N/A 10.127.0.202:445 tcp
N/A 10.127.0.0:9981 tcp
N/A 10.127.0.201:445 tcp
CN 106.9.67.0:10243 tcp
N/A 10.127.0.0:9999 tcp
CN 106.9.67.0:10554 tcp
N/A 10.127.0.0:10000 tcp
CN 106.9.67.0:11211 tcp
N/A 10.127.0.0:10080 tcp
N/A 10.127.0.0:10081 tcp
N/A 10.127.0.197:445 tcp
N/A 10.127.0.206:445 tcp
CN 106.9.67.0:12345 tcp
N/A 10.127.0.0:10134 tcp
N/A 10.127.0.0:10243 tcp
CN 106.9.67.0:13579 tcp
N/A 10.127.0.0:10554 tcp
CN 106.9.67.0:16010 tcp
N/A 10.127.0.0:11211 tcp
N/A 10.127.0.208:445 tcp
CN 106.9.67.0:16992 tcp
N/A 10.127.0.0:12345 tcp
CN 106.9.67.0:16993 tcp
N/A 10.127.0.205:445 tcp
N/A 10.127.0.200:445 tcp
N/A 10.127.0.0:13579 tcp
CN 106.9.67.0:18245 tcp
N/A 10.127.0.203:445 tcp
N/A 10.127.0.0:16010 tcp
N/A 10.127.0.0:16992 tcp
CN 106.9.67.0:20000 tcp
N/A 10.127.0.207:445 tcp
N/A 10.127.0.204:445 tcp
CN 106.9.67.0:20547 tcp
N/A 10.127.0.0:16993 tcp
N/A 10.127.0.0:18245 tcp
CN 106.9.67.0:21379 tcp
N/A 10.127.0.0:20000 tcp
N/A 10.127.0.0:20547 tcp
CN 106.9.67.0:23424 tcp
N/A 10.127.0.209:445 tcp
CN 106.9.67.0:25105 tcp
N/A 10.127.0.210:445 tcp
N/A 10.127.0.0:23424 tcp
N/A 10.127.0.0:23424 tcp
N/A 10.127.0.211:445 tcp
N/A 10.127.0.166:445 tcp
N/A 10.127.0.0:25105 tcp
CN 106.9.67.0:28017 tcp
N/A 10.127.0.214:445 tcp
CN 106.9.67.0:32400 tcp
N/A 10.127.0.0:28017 tcp
CN 106.9.67.0:33338 tcp
N/A 10.127.0.0:32400 tcp
N/A 10.127.0.0:33338 tcp
CN 106.9.67.0:33550 tcp
N/A 10.127.0.217:445 tcp
N/A 10.127.0.0:37215 tcp
N/A 10.127.0.0:37215 tcp
N/A 10.127.0.215:445 tcp
N/A 10.127.0.216:445 tcp
N/A 10.127.0.212:445 tcp
N/A 10.127.0.0:44818 tcp
N/A 10.127.0.174:445 tcp
N/A 10.127.0.213:445 tcp
CN 106.9.67.0:37215 tcp
CN 106.9.67.0:37777 tcp
N/A 10.127.0.0:49152 tcp
N/A 10.127.0.0:49152 tcp
CN 106.9.67.0:44818 tcp
N/A 10.127.0.221:445 tcp
CN 106.9.67.0:49152 tcp
N/A 10.127.0.224:445 tcp
N/A 10.127.0.0:49153 tcp
CN 106.9.67.0:49153 tcp
N/A 10.127.0.0:50070 tcp
N/A 10.127.0.226:445 tcp
CN 106.9.67.0:50070 tcp
N/A 10.127.0.0:51106 tcp
N/A 10.127.0.222:445 tcp
CN 106.9.67.0:51106 tcp
N/A 10.127.0.220:445 tcp
CN 106.9.67.0:54138 tcp
N/A 10.127.0.0:54138 tcp
N/A 10.127.0.0:54984 tcp
CN 106.9.67.0:54984 tcp
N/A 10.127.0.219:445 tcp
CN 106.9.67.0:55443 tcp
N/A 10.127.0.0:55553 tcp
N/A 10.127.0.223:445 tcp
N/A 10.127.0.0:55553 tcp
CN 106.9.67.0:55553 tcp
N/A 10.127.0.0:60129 tcp
N/A 10.127.0.0:62078 tcp
N/A 10.127.0.227:445 tcp
CN 106.9.67.0:60129 tcp
CN 106.9.67.0:62078 tcp
N/A 10.127.0.1:80 tcp
CN 106.9.67.1:80 tcp
N/A 10.127.0.1:81 tcp
N/A 10.127.0.232:445 tcp
N/A 10.127.0.1:82 tcp
CN 106.9.67.1:81 tcp
N/A 10.127.0.231:445 tcp
N/A 10.127.0.1:83 tcp
N/A 10.127.0.229:445 tcp
CN 106.9.67.1:82 tcp
N/A 10.127.0.235:445 tcp
CN 106.9.67.1:83 tcp
N/A 10.127.0.1:84 tcp
CN 106.9.67.1:84 tcp
N/A 10.127.0.1:88 tcp
N/A 10.127.0.1:89 tcp
CN 106.9.67.1:89 tcp
CN 106.9.67.1:89 tcp
N/A 10.127.0.1:90 tcp
CN 106.9.67.1:99 tcp
CN 106.9.67.1:99 tcp
N/A 10.127.0.1:99 tcp
N/A 10.127.0.1:102 tcp
CN 106.9.67.1:102 tcp
N/A 10.127.0.234:445 tcp
N/A 10.127.0.1:175 tcp
N/A 10.127.0.1:175 tcp
N/A 10.127.0.1:175 tcp
CN 106.9.67.1:104 tcp
N/A 10.127.0.1:179 tcp
CN 106.9.67.1:113 tcp
N/A 10.127.0.1:195 tcp
CN 106.9.67.1:175 tcp
N/A 10.127.0.1:264 tcp
N/A 10.127.0.248:445 tcp
CN 106.9.67.1:179 tcp
N/A 10.127.0.245:445 tcp
CN 106.9.67.1:195 tcp
N/A 10.127.0.1:311 tcp
N/A 10.127.0.246:445 tcp
CN 106.9.67.1:264 tcp
N/A 10.127.0.230:445 tcp
N/A 10.127.0.1:443 tcp
N/A 10.127.0.233:445 tcp
N/A 10.127.0.239:445 tcp
N/A 10.127.0.1:443 tcp
N/A 10.127.0.1:444 tcp
CN 106.9.67.1:311 tcp
N/A 10.127.0.247:445 tcp
N/A 10.127.0.237:445 tcp
N/A 10.127.0.242:445 tcp
CN 106.9.67.1:443 tcp
N/A 10.127.0.244:445 tcp
CN 106.9.67.1:443 tcp
N/A 10.127.0.1:515 tcp
N/A 10.127.0.243:445 tcp
N/A 10.127.0.1:554 tcp
CN 106.9.67.1:444 tcp
CN 106.9.67.1:554 tcp
CN 106.9.67.1:554 tcp
N/A 10.127.0.1:631 tcp
N/A 10.127.0.1:789 tcp
CN 106.9.67.1:789 tcp
CN 106.9.67.1:789 tcp
N/A 10.127.0.1:1010 tcp
CN 106.9.67.1:1010 tcp
N/A 10.127.0.251:445 tcp
N/A 10.127.0.252:445 tcp
N/A 10.127.0.240:445 tcp
N/A 10.127.0.249:445 tcp
N/A 10.127.0.236:445 tcp
N/A 10.127.0.254:445 tcp
N/A 10.127.0.250:445 tcp
N/A 10.127.1.2:445 tcp
N/A 10.127.0.1:1111 tcp
N/A 10.127.0.1:1111 tcp
CN 106.9.67.1:1099 tcp
N/A 10.127.0.1:1177 tcp
CN 106.9.67.1:1111 tcp
N/A 10.127.0.1:1200 tcp
N/A 10.127.1.1:445 tcp
CN 106.9.67.1:1177 tcp
N/A 10.127.0.1:1234 tcp
CN 106.9.67.1:1200 tcp
N/A 10.127.0.1:1311 tcp
N/A 10.127.1.4:445 tcp
CN 106.9.67.1:1234 tcp
N/A 10.127.1.0:445 tcp
N/A 10.127.0.1:1400 tcp
N/A 10.127.1.3:445 tcp
CN 106.9.67.1:1311 tcp
N/A 10.127.0.1:1471 tcp
N/A 10.127.0.219:445 tcp
CN 106.9.67.1:1400 tcp
N/A 10.127.1.7:445 tcp
N/A 10.127.0.1:1515 tcp
N/A 10.127.0.253:445 tcp
CN 106.9.67.1:1471 tcp
N/A 10.127.0.1:1521 tcp
N/A 10.127.1.9:445 tcp
CN 106.9.67.1:1515 tcp
N/A 10.127.0.1:1599 tcp
CN 106.9.67.1:1521 tcp
N/A 10.127.1.6:445 tcp
N/A 10.127.1.11:445 tcp
N/A 10.127.0.1:1723 tcp
N/A 10.127.1.5:445 tcp
CN 106.9.67.1:1599 tcp
N/A 10.127.0.1:1741 tcp
N/A 10.127.1.13:445 tcp
N/A 10.127.1.12:445 tcp
CN 106.9.67.1:1723 tcp
N/A 10.127.0.1:1777 tcp
CN 106.9.67.1:1741 tcp
N/A 10.127.1.14:445 tcp
N/A 10.127.0.1:1911 tcp
N/A 10.127.1.8:445 tcp
CN 106.9.67.1:1777 tcp
N/A 10.127.1.15:445 tcp
N/A 10.127.0.1:1991 tcp
N/A 10.127.0.1:2000 tcp
N/A 10.127.0.1:2000 tcp
CN 106.9.67.1:1911 tcp
N/A 10.127.0.1:2081 tcp
N/A 10.127.1.19:445 tcp
CN 106.9.67.1:1962 tcp
N/A 10.127.1.17:445 tcp
N/A 10.127.1.20:445 tcp
N/A 10.127.0.226:445 tcp
N/A 10.127.0.1:2082 tcp
N/A 10.127.0.1:2083 tcp
CN 106.9.67.1:1991 tcp
N/A 10.127.1.10:445 tcp
N/A 10.127.1.18:445 tcp
CN 106.9.67.1:2000 tcp
N/A 10.127.0.1:2086 tcp
N/A 10.127.0.1:2087 tcp
N/A 10.127.0.229:445 tcp
N/A 10.127.1.16:445 tcp
CN 106.9.67.1:2081 tcp
N/A 10.127.0.1:2181 tcp
CN 106.9.67.1:2082 tcp
N/A 10.127.1.23:445 tcp
N/A 10.127.0.1:2222 tcp
CN 106.9.67.1:2083 tcp
N/A 10.127.0.1:2375 tcp
N/A 10.127.1.26:445 tcp
N/A 10.127.1.22:445 tcp
N/A 10.127.0.1:2376 tcp
CN 106.9.67.1:2086 tcp
N/A 10.127.0.1:2404 tcp
N/A 10.127.1.21:445 tcp
CN 106.9.67.1:2087 tcp
N/A 10.127.0.1:2455 tcp
CN 106.9.67.1:2181 tcp
N/A 10.127.0.1:2480 tcp
N/A 10.127.0.1:2628 tcp
CN 106.9.67.1:2222 tcp
N/A 10.127.0.1:3000 tcp
CN 106.9.67.1:2375 tcp
N/A 10.127.0.1:3001 tcp
CN 106.9.67.1:2376 tcp
N/A 10.127.0.1:3128 tcp
N/A 10.127.1.31:445 tcp
CN 106.9.67.1:2404 tcp
N/A 10.127.1.24:445 tcp
N/A 10.127.0.1:3260 tcp
CN 106.9.67.1:2455 tcp
N/A 10.127.1.28:445 tcp
N/A 10.127.0.1:3299 tcp
N/A 10.127.0.1:3310 tcp
CN 106.9.67.1:2480 tcp
N/A 10.127.1.29:445 tcp
N/A 10.127.0.239:445 tcp
CN 106.9.67.1:2628 tcp
N/A 10.127.0.1:3388 tcp
N/A 10.127.0.1:3389 tcp
N/A 10.127.1.36:445 tcp
N/A 10.127.1.25:445 tcp
CN 106.9.67.1:3000 tcp
N/A 10.127.0.1:3460 tcp
CN 106.9.67.1:3001 tcp
N/A 10.127.1.38:445 tcp
N/A 10.127.0.1:3541 tcp
N/A 10.127.1.33:445 tcp
CN 106.9.67.1:3128 tcp
N/A 10.127.0.242:445 tcp
N/A 10.127.0.1:3542 tcp
N/A 10.127.1.27:445 tcp
N/A 10.127.0.1:3689 tcp
CN 106.9.67.1:3260 tcp
N/A 10.127.1.32:445 tcp
N/A 10.127.1.35:445 tcp
N/A 10.127.1.40:445 tcp
N/A 10.127.0.1:3749 tcp
CN 106.9.67.1:3299 tcp
N/A 10.127.0.1:3780 tcp
CN 106.9.67.1:3310 tcp
N/A 10.127.1.30:445 tcp
N/A 10.127.0.1:3790 tcp
CN 106.9.67.1:3388 tcp
N/A 10.127.1.39:445 tcp
N/A 10.127.0.1:4000 tcp
CN 106.9.67.1:3389 tcp
N/A 10.127.1.43:445 tcp
N/A 10.127.0.1:4022 tcp
N/A 10.127.1.37:445 tcp
CN 106.9.67.1:3460 tcp
N/A 10.127.1.34:445 tcp
N/A 10.127.0.1:4040 tcp
CN 106.9.67.1:3541 tcp
N/A 10.127.0.1:4157 tcp
CN 106.9.67.1:3542 tcp
N/A 10.127.0.1:4443 tcp
CN 106.9.67.1:3689 tcp
N/A 10.127.0.1:4444 tcp
CN 106.9.67.1:3749 tcp
N/A 10.127.1.45:445 tcp
N/A 10.127.0.1:4567 tcp
N/A 10.127.1.50:445 tcp
CN 106.9.67.1:3780 tcp
N/A 10.127.0.1:4664 tcp
N/A 10.127.1.44:445 tcp
CN 106.9.67.1:3790 tcp
N/A 10.127.0.1:4782 tcp
N/A 10.127.1.42:445 tcp
CN 106.9.67.1:4000 tcp
N/A 10.127.1.48:445 tcp
N/A 10.127.0.1:4786 tcp
N/A 10.127.1.41:445 tcp
N/A 10.127.1.46:445 tcp
CN 106.9.67.1:4022 tcp
N/A 10.127.0.1:4848 tcp
CN 106.9.67.1:4040 tcp
N/A 10.127.0.1:4911 tcp
CN 106.9.67.1:4157 tcp
N/A 10.127.0.1:5000 tcp
N/A 10.127.1.47:445 tcp
N/A 10.127.1.54:445 tcp
CN 106.9.67.1:4443 tcp
N/A 10.127.1.57:445 tcp
N/A 10.127.0.1:5001 tcp
CN 106.9.67.1:4444 tcp
N/A 10.127.0.1:5007 tcp
CN 106.9.67.1:4567 tcp
N/A 10.127.0.1:5009 tcp
CN 106.9.67.1:4664 tcp
N/A 10.127.0.1:5055 tcp
CN 106.9.67.1:4782 tcp
N/A 10.127.1.49:445 tcp
N/A 10.127.0.1:5222 tcp
N/A 10.127.0.1:5269 tcp
CN 106.9.67.1:4786 tcp
N/A 10.127.1.59:445 tcp
N/A 10.127.0.1:5357 tcp
CN 106.9.67.1:4848 tcp
N/A 10.127.0.1:5555 tcp
N/A 10.127.1.52:445 tcp
CN 106.9.67.1:4911 tcp
N/A 10.127.1.53:445 tcp
N/A 10.127.1.51:445 tcp
N/A 10.127.0.1:5560 tcp
N/A 10.127.1.55:445 tcp
CN 106.9.67.1:5000 tcp
N/A 10.127.1.58:445 tcp
N/A 10.127.1.64:445 tcp
N/A 10.127.1.56:445 tcp
N/A 10.127.0.1:5601 tcp
CN 106.9.67.1:5001 tcp
N/A 10.127.0.1:5672 tcp
CN 106.9.67.1:5007 tcp
N/A 10.127.0.1:5800 tcp
CN 106.9.67.1:5009 tcp
N/A 10.127.0.1:5801 tcp
CN 106.9.67.1:5055 tcp
N/A 10.127.1.68:445 tcp
N/A 10.127.0.1:5900 tcp
N/A 10.127.1.61:445 tcp
CN 106.9.67.1:5222 tcp
N/A 10.127.0.1:5901 tcp
CN 106.9.67.1:5269 tcp
N/A 10.127.0.1:5938 tcp
CN 106.9.67.1:5357 tcp
N/A 10.127.1.72:445 tcp
N/A 10.127.0.1:5984 tcp
CN 106.9.67.1:5555 tcp
N/A 10.127.1.66:445 tcp
N/A 10.127.0.1:5985 tcp
N/A 10.127.1.60:445 tcp
CN 106.9.67.1:5560 tcp
N/A 10.127.1.67:445 tcp
N/A 10.127.0.1:5986 tcp
CN 106.9.67.1:5601 tcp
N/A 10.127.1.63:445 tcp
N/A 10.127.0.1:6000 tcp
CN 106.9.67.1:5672 tcp
N/A 10.127.0.1:6001 tcp
N/A 10.127.1.62:445 tcp
N/A 10.127.1.70:445 tcp
CN 106.9.67.1:5800 tcp
N/A 10.127.1.74:445 tcp
N/A 10.127.0.1:6060 tcp
CN 106.9.67.1:5801 tcp
N/A 10.127.1.69:445 tcp
N/A 10.127.0.1:6664 tcp
CN 106.9.67.1:5900 tcp
N/A 10.127.0.1:6666 tcp
CN 106.9.67.1:5901 tcp
N/A 10.127.1.65:445 tcp
N/A 10.127.0.1:6668 tcp
CN 106.9.67.1:5938 tcp
N/A 10.127.0.1:7001 tcp
CN 106.9.67.1:5984 tcp
N/A 10.127.1.71:445 tcp
N/A 10.127.0.1:7070 tcp
N/A 10.127.1.77:445 tcp
CN 106.9.67.1:5985 tcp
N/A 10.127.1.76:445 tcp
N/A 10.127.0.1:7071 tcp
CN 106.9.67.1:5986 tcp
N/A 10.127.1.73:445 tcp
N/A 10.127.1.75:445 tcp
N/A 10.127.0.1:7080 tcp
N/A 10.127.1.78:445 tcp
N/A 10.127.1.80:445 tcp
CN 106.9.67.1:6000 tcp
N/A 10.127.0.1:7415 tcp
CN 106.9.67.1:6001 tcp
N/A 10.127.0.1:7474 tcp
CN 106.9.67.1:6060 tcp
N/A 10.127.0.1:7547 tcp
N/A 10.127.1.85:445 tcp
CN 106.9.67.1:6664 tcp
N/A 10.127.0.1:7548 tcp
CN 106.9.67.1:6666 tcp
N/A 10.127.1.79:445 tcp
N/A 10.127.0.1:7657 tcp
CN 106.9.67.1:6668 tcp
N/A 10.127.1.87:445 tcp
N/A 10.127.0.1:7777 tcp
CN 106.9.67.1:7001 tcp
N/A 10.127.1.81:445 tcp
N/A 10.127.1.88:445 tcp
N/A 10.127.0.1:7779 tcp
N/A 10.127.0.1:7890 tcp
CN 106.9.67.1:7070 tcp
CN 106.9.67.1:7071 tcp
N/A 10.127.0.1:8001 tcp
CN 106.9.67.1:7080 tcp
N/A 10.127.1.82:445 tcp
CN 106.9.67.1:7415 tcp
N/A 10.127.0.1:8002 tcp
N/A 10.127.1.95:445 tcp
N/A 10.127.1.84:445 tcp
N/A 10.127.1.83:445 tcp
CN 106.9.67.1:7474 tcp
N/A 10.127.0.1:8008 tcp
CN 106.9.67.1:7547 tcp
N/A 10.127.0.1:8009 tcp
CN 106.9.67.1:7548 tcp
N/A 10.127.0.1:8010 tcp
US 8.8.8.8:53 crl.microsoft.com udp
CN 106.9.67.1:7657 tcp
N/A 10.127.0.1:8012 tcp
GB 2.19.117.22:80 crl.microsoft.com tcp
CN 106.9.67.1:7777 tcp
N/A 10.127.1.97:445 tcp
N/A 10.127.1.91:445 tcp
N/A 10.127.1.100:445 tcp
N/A 10.127.0.1:8030 tcp
N/A 10.127.1.86:445 tcp
N/A 10.127.0.1:8030 tcp
CN 106.9.67.1:7779 tcp
N/A 10.127.0.1:8040 tcp
CN 106.9.67.1:7890 tcp
N/A 10.127.0.1:8050 tcp
N/A 10.127.1.96:445 tcp
N/A 10.127.1.89:445 tcp
N/A 10.127.0.1:8060 tcp
CN 106.9.67.1:8000 tcp
N/A 10.127.1.90:445 tcp
N/A 10.127.0.1:8069 tcp
CN 106.9.67.1:8001 tcp
N/A 10.127.0.1:8070 tcp
CN 106.9.67.1:8002 tcp
N/A 10.127.1.92:445 tcp
N/A 10.127.1.93:445 tcp
N/A 10.127.1.94:445 tcp
CN 106.9.67.1:8008 tcp
N/A 10.127.0.1:8080 tcp
N/A 10.127.1.99:445 tcp
CN 106.9.67.1:8009 tcp
N/A 10.127.0.1:8081 tcp
US 8.8.8.8:53 whatismyipaddress.com udp
CN 106.9.67.1:8010 tcp
N/A 10.127.0.1:8082 tcp
N/A 10.127.1.105:445 tcp
N/A 10.127.0.1:8083 tcp
CN 106.9.67.1:8012 tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
N/A 10.127.0.1:8084 tcp
CN 106.9.67.1:8020 tcp
N/A 10.127.0.1:8085 tcp
CN 106.9.67.1:8030 tcp
N/A 10.127.1.98:445 tcp
N/A 10.127.1.107:445 tcp
US 104.19.223.79:443 whatismyipaddress.com tcp
N/A 10.127.1.103:445 tcp
N/A 10.127.0.1:8086 tcp
CN 106.9.67.1:8040 tcp
N/A 10.127.1.102:445 tcp
CN 106.9.67.1:8050 tcp
US 104.19.223.79:443 whatismyipaddress.com tcp
N/A 10.127.0.1:8088 tcp
N/A 10.127.1.101:445 tcp
N/A 10.127.0.1:8088 tcp
CN 106.9.67.1:8060 tcp
N/A 10.127.0.1:8089 tcp
CN 106.9.67.1:8069 tcp
N/A 10.127.1.106:445 tcp
N/A 10.127.0.1:8090 tcp
N/A 10.127.1.104:445 tcp
CN 106.9.67.1:8070 tcp
CN 106.9.67.1:8080 tcp
N/A 10.127.0.1:8098 tcp
N/A 10.127.1.117:445 tcp
CN 106.9.67.1:8081 tcp
CN 106.9.67.1:8082 tcp
N/A 10.127.1.108:445 tcp
N/A 10.127.1.114:445 tcp
N/A 10.127.0.1:8099 tcp
N/A 10.127.1.109:445 tcp
N/A 10.127.1.113:445 tcp
N/A 10.127.0.1:8112 tcp
N/A 10.127.0.1:8112 tcp
CN 106.9.67.1:8083 tcp
N/A 10.127.0.1:8123 tcp
CN 106.9.67.1:8084 tcp
N/A 10.127.0.1:8126 tcp
CN 106.9.67.1:8085 tcp
N/A 10.127.1.111:445 tcp
CN 106.9.67.1:8087 tcp
CN 106.9.67.1:8087 tcp
N/A 10.127.0.1:8139 tcp
N/A 10.127.1.115:445 tcp
N/A 10.127.0.1:8140 tcp
N/A 10.127.1.119:445 tcp
CN 106.9.67.1:8088 tcp
N/A 10.127.0.1:8181 tcp
N/A 10.127.1.112:445 tcp
N/A 10.127.1.124:445 tcp
N/A 10.127.1.122:445 tcp
N/A 10.127.0.1:8334 tcp
CN 106.9.67.1:8089 tcp
N/A 10.127.0.1:8443 tcp
CN 106.9.67.1:8090 tcp
N/A 10.127.1.120:445 tcp
N/A 10.127.1.121:445 tcp
N/A 10.127.1.125:445 tcp
N/A 10.127.0.1:8554 tcp
CN 106.9.67.1:8098 tcp
N/A 10.127.0.1:8686 tcp
CN 106.9.67.1:8099 tcp
N/A 10.127.1.128:445 tcp
N/A 10.127.0.1:8800 tcp
CN 106.9.67.1:8101 tcp
CN 106.9.67.1:8112 tcp
N/A 10.127.0.1:8834 tcp
N/A 10.127.1.126:445 tcp
N/A 10.127.1.130:445 tcp
CN 106.9.67.1:8123 tcp
N/A 10.127.0.1:8866 tcp
N/A 10.127.1.123:445 tcp
N/A 10.127.0.1:8880 tcp
N/A 10.127.0.1:8883 tcp
CN 106.9.67.1:8126 tcp
CN 106.9.67.1:8139 tcp
N/A 10.127.0.1:8888 tcp
CN 106.9.67.1:8140 tcp
CN 106.9.67.1:8181 tcp
N/A 10.127.0.1:8889 tcp
N/A 10.127.1.134:445 tcp
CN 106.9.67.1:8334 tcp
N/A 10.127.0.1:9000 tcp
CN 106.9.67.1:8443 tcp
CN 106.9.67.1:8554 tcp
N/A 10.127.1.135:445 tcp
N/A 10.127.0.1:9001 tcp
N/A 10.127.1.139:445 tcp
N/A 10.127.0.1:9002 tcp
CN 106.9.67.1:8686 tcp
N/A 10.127.0.1:9008 tcp
CN 106.9.67.1:8800 tcp
N/A 10.127.0.1:9009 tcp
CN 106.9.67.1:8834 tcp
N/A 10.127.0.1:9051 tcp
CN 106.9.67.1:8866 tcp
N/A 10.127.1.138:445 tcp
N/A 10.127.0.1:9080 tcp
CN 106.9.67.1:8880 tcp
N/A 10.127.0.1:9081 tcp
N/A 10.127.1.136:445 tcp
CN 106.9.67.1:8883 tcp
N/A 10.127.1.132:445 tcp
N/A 10.127.0.1:9090 tcp
N/A 10.127.1.142:445 tcp
CN 106.9.67.1:8888 tcp
N/A 10.127.1.144:445 tcp
N/A 10.127.1.146:445 tcp
N/A 10.127.0.1:9100 tcp
N/A 10.127.1.127:445 tcp
N/A 10.127.0.1:9100 tcp
N/A 10.127.0.1:9151 tcp
CN 106.9.67.1:8889 tcp
N/A 10.127.1.129:445 tcp
CN 106.9.67.1:9000 tcp
N/A 10.127.0.1:9180 tcp
N/A 10.127.1.141:445 tcp
N/A 10.127.0.1:9200 tcp
N/A 10.127.0.1:9200 tcp
CN 106.9.67.1:9001 tcp
N/A 10.127.1.137:445 tcp
CN 106.9.67.1:9002 tcp
N/A 10.127.1.140:445 tcp
N/A 10.127.1.147:445 tcp
N/A 10.127.0.1:9295 tcp
CN 106.9.67.1:9008 tcp
N/A 10.127.1.151:445 tcp
CN 106.9.67.1:9009 tcp
N/A 10.127.0.1:9418 tcp
N/A 10.127.1.149:445 tcp
N/A 10.127.0.1:9595 tcp
N/A 10.127.1.133:445 tcp
N/A 10.127.0.1:9595 tcp
CN 106.9.67.1:9051 tcp
N/A 10.127.1.145:445 tcp
N/A 10.127.0.1:9600 tcp
CN 106.9.67.1:9080 tcp
N/A 10.127.0.1:9633 tcp
N/A 10.127.1.148:445 tcp
N/A 10.127.1.152:445 tcp
N/A 10.127.1.153:445 tcp
CN 106.9.67.1:9090 tcp
CN 106.9.67.1:9090 tcp
N/A 10.127.0.1:9869 tcp
N/A 10.127.1.131:445 tcp
CN 106.9.67.1:9091 tcp
N/A 10.127.0.1:9943 tcp
CN 106.9.67.1:9100 tcp
N/A 10.127.0.1:9944 tcp
N/A 10.127.1.154:445 tcp
CN 106.9.67.1:9151 tcp
N/A 10.127.1.155:445 tcp
N/A 10.127.0.1:9981 tcp
CN 106.9.67.1:9180 tcp
N/A 10.127.0.1:10000 tcp
N/A 10.127.1.159:445 tcp
N/A 10.127.1.111:445 tcp
N/A 10.127.0.1:10000 tcp
CN 106.9.67.1:9191 tcp
N/A 10.127.0.1:10080 tcp
N/A 10.127.1.161:445 tcp
CN 106.9.67.1:9200 tcp
N/A 10.127.0.1:10081 tcp
N/A 10.127.0.1:10134 tcp
N/A 10.127.0.1:10243 tcp
CN 106.9.67.1:9295 tcp
N/A 10.127.1.160:445 tcp
CN 106.9.67.1:9418 tcp
N/A 10.127.0.1:10554 tcp
N/A 10.127.1.117:445 tcp
CN 106.9.67.1:9595 tcp
N/A 10.127.0.1:11211 tcp
CN 106.9.67.1:9595 tcp
N/A 10.127.1.157:445 tcp
N/A 10.127.0.1:12345 tcp
N/A 10.127.1.167:445 tcp
N/A 10.127.1.119:445 tcp
N/A 10.127.0.1:13579 tcp
CN 106.9.67.1:9600 tcp
CN 106.9.67.1:9633 tcp
N/A 10.127.0.1:16010 tcp
N/A 10.127.1.156:445 tcp
N/A 10.127.1.165:445 tcp
CN 106.9.67.1:9869 tcp
N/A 10.127.1.168:445 tcp
N/A 10.127.0.1:16992 tcp
CN 106.9.67.1:9943 tcp
N/A 10.127.0.1:16993 tcp
N/A 10.127.1.162:445 tcp
N/A 10.127.0.1:18245 tcp
CN 106.9.67.1:9944 tcp
N/A 10.127.0.1:20000 tcp
CN 106.9.67.1:9981 tcp
N/A 10.127.0.1:20547 tcp
CN 106.9.67.1:9999 tcp
N/A 10.127.0.1:21379 tcp
N/A 10.127.1.172:445 tcp
CN 106.9.67.1:10000 tcp
N/A 10.127.0.1:23424 tcp
CN 106.9.67.1:10080 tcp
N/A 10.127.0.1:25105 tcp
N/A 10.127.1.163:445 tcp
CN 106.9.67.1:10081 tcp
N/A 10.127.1.176:445 tcp
N/A 10.127.0.1:28017 tcp
N/A 10.127.1.171:445 tcp
CN 106.9.67.1:10134 tcp
N/A 10.127.0.1:32400 tcp
N/A 10.127.1.174:445 tcp
N/A 10.127.1.164:445 tcp
CN 106.9.67.1:10243 tcp
N/A 10.127.0.1:33338 tcp
N/A 10.127.1.169:445 tcp
CN 106.9.67.1:10554 tcp
N/A 10.127.0.1:33550 tcp
N/A 10.127.1.166:445 tcp
CN 106.9.67.1:11211 tcp
N/A 10.127.0.1:37215 tcp
CN 106.9.67.1:12345 tcp
N/A 10.127.0.1:37777 tcp
N/A 10.127.1.175:445 tcp
CN 106.9.67.1:13579 tcp
N/A 10.127.1.178:445 tcp
N/A 10.127.0.1:44818 tcp
CN 106.9.67.1:16010 tcp
N/A 10.127.1.177:445 tcp
N/A 10.127.0.1:49152 tcp
N/A 10.127.1.173:445 tcp
N/A 10.127.1.179:445 tcp
N/A 10.127.1.184:445 tcp
CN 106.9.67.1:16992 tcp
N/A 10.127.0.1:49153 tcp
CN 106.9.67.1:16993 tcp
N/A 10.127.1.185:445 tcp
N/A 10.127.0.1:50070 tcp
CN 106.9.67.1:18245 tcp
N/A 10.127.1.180:445 tcp
N/A 10.127.0.1:51106 tcp
N/A 10.127.1.186:445 tcp
CN 106.9.67.1:20000 tcp
N/A 10.127.0.1:54138 tcp
CN 106.9.67.1:20547 tcp
N/A 10.127.0.1:54984 tcp
CN 106.9.67.1:21379 tcp
N/A 10.127.0.1:55443 tcp
CN 106.9.67.1:23424 tcp
N/A 10.127.0.1:55553 tcp
CN 106.9.67.1:25105 tcp
N/A 10.127.0.1:60129 tcp
N/A 10.127.1.182:445 tcp
CN 106.9.67.1:28017 tcp
N/A 10.127.1.188:445 tcp
N/A 10.127.0.1:62078 tcp
CN 106.9.67.1:32400 tcp
N/A 10.127.0.2:80 tcp
CN 106.9.67.1:33338 tcp
N/A 10.127.0.2:81 tcp
N/A 10.127.1.181:445 tcp
CN 106.9.67.1:33550 tcp
N/A 10.127.1.193:445 tcp
N/A 10.127.1.195:445 tcp
N/A 10.127.0.2:82 tcp
N/A 10.127.1.183:445 tcp
N/A 10.127.0.2:83 tcp
CN 106.9.67.1:37215 tcp
CN 106.9.67.1:37777 tcp
N/A 10.127.0.2:84 tcp
N/A 10.127.1.144:445 tcp
CN 106.9.67.1:44818 tcp
N/A 10.127.0.2:88 tcp
N/A 10.127.1.190:445 tcp
N/A 10.127.0.2:89 tcp
CN 106.9.67.1:49152 tcp
N/A 10.127.1.187:445 tcp
N/A 10.127.0.2:90 tcp
CN 106.9.67.1:49153 tcp
N/A 10.127.0.2:99 tcp
CN 106.9.67.1:50070 tcp
N/A 10.127.1.194:445 tcp
N/A 10.127.1.191:445 tcp
N/A 10.127.0.2:102 tcp
N/A 10.127.0.2:104 tcp
CN 106.9.67.1:51106 tcp
N/A 10.127.1.189:445 tcp
N/A 10.127.1.196:445 tcp
N/A 10.127.1.204:445 tcp
N/A 10.127.1.198:445 tcp
N/A 10.127.1.201:445 tcp
CN 106.9.67.1:54138 tcp
N/A 10.127.0.2:113 tcp
CN 106.9.67.1:54984 tcp
N/A 10.127.0.2:175 tcp
N/A 10.127.0.2:179 tcp
CN 106.9.67.1:55443 tcp
N/A 10.127.1.197:445 tcp
N/A 10.127.1.192:445 tcp
N/A 10.127.1.203:445 tcp
N/A 10.127.0.2:195 tcp
CN 106.9.67.1:55553 tcp
N/A 10.127.0.2:264 tcp
CN 106.9.67.1:60129 tcp
N/A 10.127.1.151:445 tcp
US 208.83.223.34:80 tcp
CN 106.9.67.1:62078 tcp
N/A 10.127.0.2:311 tcp
CN 106.9.67.2:80 tcp
N/A 10.127.0.2:389 tcp
CN 106.9.67.2:81 tcp
N/A 10.127.1.202:445 tcp
N/A 10.127.0.2:443 tcp
CN 106.9.67.2:82 tcp
N/A 10.127.0.2:444 tcp
N/A 10.127.1.200:445 tcp
CN 106.9.67.2:83 tcp
N/A 10.127.0.2:515 tcp
CN 106.9.67.2:84 tcp
N/A 10.127.0.2:554 tcp
N/A 10.127.1.205:445 tcp
N/A 10.127.1.206:445 tcp
N/A 10.127.1.199:445 tcp
N/A 10.127.1.209:445 tcp
N/A 10.127.1.214:445 tcp
N/A 10.127.1.208:445 tcp
N/A 10.127.0.2:631 tcp
CN 106.9.67.2:88 tcp
N/A 10.127.1.159:445 tcp
N/A 10.127.0.2:789 tcp
CN 106.9.67.2:89 tcp
N/A 10.127.0.2:1010 tcp
CN 106.9.67.2:90 tcp
N/A 10.127.0.2:1099 tcp
N/A 10.127.1.216:445 tcp
CN 106.9.67.2:99 tcp
N/A 10.127.0.2:1111 tcp
CN 106.9.67.2:102 tcp
N/A 10.127.0.2:1177 tcp
CN 106.9.67.2:104 tcp
N/A 10.127.0.2:1200 tcp
CN 106.9.67.2:113 tcp
N/A 10.127.0.2:1234 tcp
N/A 10.127.1.207:445 tcp
CN 106.9.67.2:175 tcp
N/A 10.127.1.218:445 tcp
N/A 10.127.0.2:1311 tcp
CN 106.9.67.2:179 tcp
N/A 10.127.1.212:445 tcp
N/A 10.127.0.2:1400 tcp
N/A 10.127.1.221:445 tcp
CN 106.9.67.2:195 tcp
N/A 10.127.0.2:1471 tcp
N/A 10.127.1.213:445 tcp
CN 106.9.67.2:264 tcp
N/A 10.127.0.2:1515 tcp
N/A 10.127.1.210:445 tcp
CN 106.9.67.2:311 tcp
N/A 10.127.0.2:1521 tcp
N/A 10.127.1.211:445 tcp
N/A 10.127.1.222:445 tcp
CN 106.9.67.2:389 tcp
N/A 10.127.0.2:1599 tcp
N/A 10.127.1.220:445 tcp
CN 106.9.67.2:443 tcp
N/A 10.127.1.215:445 tcp
N/A 10.127.0.2:1723 tcp
CN 106.9.67.2:444 tcp
N/A 10.127.0.2:1741 tcp
CN 106.9.67.2:515 tcp
N/A 10.127.1.228:445 tcp
N/A 10.127.0.2:1777 tcp
N/A 10.127.1.217:445 tcp
CN 106.9.67.2:554 tcp
N/A 10.127.0.2:1911 tcp
N/A 10.127.1.171:445 tcp
CN 106.9.67.2:631 tcp
N/A 10.127.0.2:1962 tcp
N/A 10.127.1.219:445 tcp
N/A 10.127.1.226:445 tcp
CN 106.9.67.2:789 tcp
N/A 10.127.1.223:445 tcp
N/A 10.127.1.227:445 tcp
N/A 10.127.0.2:1991 tcp
N/A 10.127.1.229:445 tcp
CN 106.9.67.2:1010 tcp
N/A 10.127.0.2:2000 tcp
CN 106.9.67.2:1099 tcp
N/A 10.127.0.2:2081 tcp
N/A 10.127.1.225:445 tcp
CN 106.9.67.2:1111 tcp
N/A 10.127.0.2:2082 tcp
CN 106.9.67.2:1177 tcp
N/A 10.127.0.2:2083 tcp
CN 106.9.67.2:1200 tcp
N/A 10.127.1.224:445 tcp
N/A 10.127.0.2:2086 tcp
N/A 10.127.1.235:445 tcp
CN 106.9.67.2:1234 tcp
N/A 10.127.0.2:2087 tcp
CN 106.9.67.2:1311 tcp
N/A 10.127.0.2:2181 tcp
CN 106.9.67.2:1400 tcp
N/A 10.127.0.2:2222 tcp
N/A 10.127.1.232:445 tcp
CN 106.9.67.2:1471 tcp
N/A 10.127.1.230:445 tcp
N/A 10.127.1.237:445 tcp
N/A 10.127.0.2:2375 tcp
CN 106.9.67.2:1515 tcp
N/A 10.127.0.2:2376 tcp
CN 106.9.67.2:1521 tcp
N/A 10.127.0.2:2404 tcp
CN 106.9.67.2:1599 tcp
N/A 10.127.0.2:2455 tcp
CN 106.9.67.2:1723 tcp
N/A 10.127.1.231:445 tcp
N/A 10.127.0.2:2480 tcp
N/A 10.127.1.240:445 tcp
CN 106.9.67.2:1741 tcp
N/A 10.127.0.2:2628 tcp
N/A 10.127.1.246:445 tcp
CN 106.9.67.2:1777 tcp
N/A 10.127.0.2:3000 tcp
CN 106.9.67.2:1911 tcp
N/A 10.127.1.233:445 tcp
N/A 10.127.1.242:445 tcp
N/A 10.127.0.2:3001 tcp
N/A 10.127.1.238:445 tcp
CN 106.9.67.2:1962 tcp
N/A 10.127.1.247:445 tcp
N/A 10.127.0.2:3128 tcp
CN 106.9.67.2:1991 tcp
N/A 10.127.1.234:445 tcp
N/A 10.127.0.2:3260 tcp
N/A 10.127.1.244:445 tcp
CN 106.9.67.2:2000 tcp
N/A 10.127.0.2:3299 tcp
N/A 10.127.1.241:445 tcp
N/A 10.127.1.245:445 tcp
N/A 10.127.1.243:445 tcp
CN 106.9.67.2:2081 tcp
N/A 10.127.1.236:445 tcp
N/A 10.127.0.2:3310 tcp
N/A 10.127.0.2:3388 tcp
CN 106.9.67.2:2082 tcp
CN 106.9.67.2:2083 tcp
N/A 10.127.0.2:3389 tcp
N/A 10.127.1.239:445 tcp
N/A 10.127.0.2:3460 tcp
CN 106.9.67.2:2086 tcp
N/A 10.127.2.0:445 tcp
N/A 10.127.1.253:445 tcp
CN 106.9.67.2:2087 tcp
N/A 10.127.0.2:3541 tcp
N/A 10.127.1.252:445 tcp
CN 106.9.67.2:2181 tcp
N/A 10.127.0.2:3542 tcp
N/A 10.127.1.248:445 tcp
N/A 10.127.2.1:445 tcp
CN 106.9.67.2:2222 tcp
N/A 10.127.0.2:3689 tcp
N/A 10.127.1.251:445 tcp
CN 106.9.67.2:2375 tcp
N/A 10.127.0.2:3749 tcp
CN 106.9.67.2:2376 tcp
N/A 10.127.0.2:3780 tcp
N/A 10.127.0.2:3790 tcp
CN 106.9.67.2:2404 tcp
N/A 10.127.1.249:445 tcp
CN 106.9.67.2:2455 tcp
N/A 10.127.0.2:4000 tcp
CN 106.9.67.2:2480 tcp
N/A 10.127.0.2:4022 tcp
CN 106.9.67.2:2628 tcp
N/A 10.127.0.2:4040 tcp
N/A 10.127.2.3:445 tcp
N/A 10.127.2.5:445 tcp
N/A 10.127.0.2:4157 tcp
CN 106.9.67.2:3000 tcp
N/A 10.127.1.250:445 tcp
N/A 10.127.2.9:445 tcp
CN 106.9.67.2:3001 tcp
N/A 10.127.0.2:4443 tcp
N/A 10.127.2.10:445 tcp
N/A 10.127.0.2:4444 tcp
CN 106.9.67.2:3128 tcp
N/A 10.127.2.2:445 tcp
CN 106.9.67.2:3260 tcp
N/A 10.127.0.2:4567 tcp
N/A 10.127.0.2:4664 tcp
CN 106.9.67.2:3299 tcp
N/A 10.127.1.254:445 tcp
CN 106.9.67.2:3310 tcp
N/A 10.127.0.2:4782 tcp
N/A 10.127.2.4:445 tcp
N/A 10.127.0.2:4786 tcp
CN 106.9.67.2:3388 tcp
N/A 10.127.2.7:445 tcp
CN 106.9.67.2:3389 tcp
N/A 10.127.0.2:4911 tcp
N/A 10.127.0.2:4911 tcp
N/A 10.127.2.8:445 tcp
CN 106.9.67.2:3460 tcp
N/A 10.127.0.2:5000 tcp
N/A 10.127.2.6:445 tcp
CN 106.9.67.2:3541 tcp
N/A 10.127.0.2:5001 tcp
CN 106.9.67.2:3542 tcp
N/A 10.127.0.2:5007 tcp
N/A 10.127.2.20:445 tcp
N/A 10.127.2.17:445 tcp
N/A 10.127.2.22:445 tcp
CN 106.9.67.2:3749 tcp
N/A 10.127.2.11:445 tcp
CN 106.9.67.2:3749 tcp
N/A 10.127.0.2:5009 tcp
N/A 10.127.2.14:445 tcp
CN 106.9.67.2:3780 tcp
N/A 10.127.0.2:5055 tcp
N/A 10.127.2.16:445 tcp
CN 106.9.67.2:3790 tcp
N/A 10.127.0.2:5222 tcp
N/A 10.127.2.21:445 tcp
CN 106.9.67.2:4000 tcp
N/A 10.127.0.2:5269 tcp
N/A 10.127.2.13:445 tcp
CN 106.9.67.2:4022 tcp
N/A 10.127.0.2:5357 tcp
N/A 10.127.2.12:445 tcp
CN 106.9.67.2:4040 tcp
N/A 10.127.2.26:445 tcp
N/A 10.127.2.15:445 tcp
N/A 10.127.0.2:5555 tcp
CN 106.9.67.2:4157 tcp
N/A 10.127.0.2:5560 tcp
CN 106.9.67.2:4443 tcp
N/A 10.127.0.2:5601 tcp
CN 106.9.67.2:4444 tcp
N/A 10.127.0.2:5672 tcp
N/A 10.127.2.19:445 tcp
CN 106.9.67.2:4567 tcp
N/A 10.127.0.2:5800 tcp
CN 106.9.67.2:4664 tcp
N/A 10.127.2.29:445 tcp
N/A 10.127.0.2:5801 tcp
N/A 10.127.2.28:445 tcp
CN 106.9.67.2:4782 tcp
N/A 10.127.0.2:5900 tcp
CN 106.9.67.2:4786 tcp
N/A 10.127.2.18:445 tcp
N/A 10.127.0.2:5901 tcp
N/A 10.127.2.23:445 tcp
CN 106.9.67.2:4848 tcp
N/A 10.127.0.2:5938 tcp
CN 106.9.67.2:4911 tcp
N/A 10.127.2.31:445 tcp
US 8.8.8.8:53 getsearchbar.com udp
US 8.8.8.8:53 imp.hdownloadmyinboxhelper.com udp
N/A 10.127.0.2:5984 tcp
N/A 10.127.2.27:445 tcp
N/A 10.127.2.25:445 tcp
CN 106.9.67.2:5000 tcp
US 23.22.214.86:80 imp.hdownloadmyinboxhelper.com tcp
N/A 10.127.0.2:5985 tcp
US 3.136.68.185:80 getsearchbar.com tcp
CN 106.9.67.2:5001 tcp
N/A 10.127.2.24:445 tcp
N/A 10.127.0.2:5986 tcp
CN 106.9.67.2:5007 tcp
N/A 10.127.0.2:6001 tcp
CN 106.9.67.2:5009 tcp
N/A 10.127.0.2:6001 tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
CN 106.9.67.2:5055 tcp
N/A 10.127.0.2:6060 tcp
N/A 10.127.2.41:445 tcp
N/A 10.127.2.30:445 tcp
GB 142.250.200.34:80 pagead2.googlesyndication.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
N/A 10.127.0.2:6664 tcp
CN 106.9.67.2:5222 tcp
N/A 10.127.2.33:445 tcp
CN 106.9.67.2:5269 tcp
N/A 10.127.0.2:6666 tcp
N/A 10.127.2.36:445 tcp
CN 106.9.67.2:5357 tcp
N/A 10.127.0.2:6668 tcp
N/A 10.127.2.40:445 tcp
N/A 10.127.2.38:445 tcp
CN 106.9.67.2:5555 tcp
N/A 10.127.0.2:7001 tcp
N/A 10.127.2.42:445 tcp
N/A 10.127.0.2:7070 tcp
CN 106.9.67.2:5560 tcp
N/A 10.127.2.32:445 tcp
CN 106.9.67.2:5601 tcp
N/A 10.127.0.2:7071 tcp
CN 106.9.67.2:5672 tcp
N/A 10.127.0.2:7080 tcp
N/A 10.127.2.48:445 tcp
CN 106.9.67.2:5800 tcp
N/A 10.127.2.34:445 tcp
N/A 10.127.2.35:445 tcp
N/A 10.127.2.37:445 tcp
N/A 10.127.2.46:445 tcp
CN 106.9.67.2:5801 tcp
N/A 10.127.0.2:7415 tcp
CN 106.9.67.2:5900 tcp
N/A 10.127.0.2:7474 tcp
N/A 10.127.0.2:7547 tcp
CN 106.9.67.2:5901 tcp
N/A 10.127.2.39:445 tcp
CN 106.9.67.2:5938 tcp
US 8.8.8.8:53 c.pki.goog udp
N/A 10.127.0.2:7548 tcp
N/A 10.127.2.50:445 tcp
N/A 10.127.2.44:445 tcp
N/A 10.127.2.52:445 tcp
CN 106.9.67.2:5984 tcp
N/A 10.127.0.2:7657 tcp
GB 142.250.187.227:80 c.pki.goog tcp
N/A 10.127.2.47:445 tcp
N/A 10.127.0.2:7777 tcp
CN 106.9.67.2:5985 tcp
CN 106.9.67.2:5986 tcp
N/A 10.127.0.2:7779 tcp
N/A 10.127.2.51:445 tcp
N/A 10.127.2.54:445 tcp
N/A 10.127.2.45:445 tcp
N/A 10.127.2.56:445 tcp
N/A 10.127.0.2:8000 tcp
N/A 10.127.2.43:445 tcp
N/A 10.127.0.2:8000 tcp
CN 106.9.67.2:6000 tcp
US 8.8.8.8:53 o.pki.goog udp
N/A 10.127.0.2:8001 tcp
N/A 10.127.0.2:8002 tcp
CN 106.9.67.2:6001 tcp
GB 142.250.187.227:80 o.pki.goog tcp
N/A 10.127.0.2:8008 tcp
CN 106.9.67.2:6060 tcp
CN 106.9.67.2:6664 tcp
N/A 10.127.0.2:8009 tcp
N/A 10.127.0.2:8010 tcp
CN 106.9.67.2:6666 tcp
N/A 10.127.2.53:445 tcp
CN 106.9.67.2:6668 tcp
N/A 10.127.0.2:8012 tcp
N/A 10.127.0.2:8020 tcp
CN 106.9.67.2:7001 tcp
CN 106.9.67.2:7070 tcp
N/A 10.127.2.55:445 tcp
N/A 10.127.0.2:8030 tcp
N/A 10.127.2.59:445 tcp
N/A 10.127.2.62:445 tcp
CN 106.9.67.2:7071 tcp
N/A 10.127.0.2:8040 tcp
CN 106.9.67.2:7080 tcp
N/A 10.127.0.2:8050 tcp
N/A 10.127.2.65:445 tcp
CN 106.9.67.2:7415 tcp
N/A 10.127.2.60:445 tcp
N/A 10.127.2.64:445 tcp
N/A 10.127.0.2:8060 tcp
CN 106.9.67.2:7474 tcp
CN 106.9.67.2:7547 tcp
N/A 10.127.0.2:8069 tcp
CN 106.9.67.2:7548 tcp
N/A 10.127.2.69:445 tcp
CN 106.9.67.2:7657 tcp
N/A 10.127.0.2:8070 tcp
N/A 10.127.0.2:8080 tcp
N/A 10.127.2.58:445 tcp
CN 106.9.67.2:7777 tcp
N/A 10.127.2.61:445 tcp
N/A 10.127.2.57:445 tcp
N/A 10.127.0.2:8081 tcp
N/A 10.127.2.72:445 tcp
N/A 10.127.0.2:8082 tcp
CN 106.9.67.2:7779 tcp
N/A 10.127.2.63:445 tcp
N/A 10.127.0.2:8083 tcp
CN 106.9.67.2:7890 tcp
CN 106.9.67.2:8000 tcp
N/A 10.127.0.2:8084 tcp
CN 106.9.67.2:8001 tcp
N/A 10.127.0.2:8085 tcp
CN 106.9.67.2:8002 tcp
N/A 10.127.2.74:445 tcp
N/A 10.127.0.2:8086 tcp
N/A 10.127.2.76:445 tcp
CN 106.9.67.2:8008 tcp
N/A 10.127.0.2:8087 tcp
CN 106.9.67.2:8009 tcp
N/A 10.127.0.2:8088 tcp
N/A 10.127.2.75:445 tcp
CN 106.9.67.2:8010 tcp
N/A 10.127.0.2:8089 tcp
CN 106.9.67.2:8012 tcp
N/A 10.127.0.2:8090 tcp
CN 106.9.67.2:8020 tcp
CN 106.9.67.2:8030 tcp
N/A 10.127.0.2:8098 tcp
CN 106.9.67.2:8040 tcp
CN 106.9.67.2:8050 tcp
N/A 10.127.0.2:8099 tcp
CN 106.9.67.2:8060 tcp
N/A 10.127.0.2:8101 tcp
N/A 10.127.2.83:445 tcp
CN 106.9.67.2:8069 tcp
N/A 10.127.0.2:8112 tcp
N/A 10.127.2.81:445 tcp
N/A 10.127.2.71:445 tcp
CN 106.9.67.2:8070 tcp
N/A 10.127.0.2:8123 tcp
CN 106.9.67.2:8080 tcp
N/A 10.127.2.67:445 tcp
N/A 10.127.0.2:8126 tcp
N/A 10.127.2.77:445 tcp
N/A 10.127.2.78:445 tcp
CN 106.9.67.2:8081 tcp
N/A 10.127.0.2:8139 tcp
N/A 10.127.2.80:445 tcp
N/A 10.127.2.79:445 tcp
N/A 10.127.2.85:445 tcp
CN 106.9.67.2:8082 tcp
N/A 10.127.0.2:8140 tcp
N/A 10.127.2.82:445 tcp
CN 106.9.67.2:8083 tcp
N/A 10.127.0.2:8181 tcp
CN 106.9.67.2:8084 tcp
N/A 10.127.2.68:445 tcp
N/A 10.127.0.2:8334 tcp
N/A 10.127.2.70:445 tcp
N/A 10.127.2.88:445 tcp
CN 106.9.67.2:8085 tcp
N/A 10.127.0.2:8443 tcp
N/A 10.127.2.86:445 tcp
CN 106.9.67.2:8086 tcp
N/A 10.127.2.90:445 tcp
N/A 10.127.2.91:445 tcp
N/A 10.127.0.2:8554 tcp
CN 106.9.67.2:8087 tcp
N/A 10.127.0.2:8686 tcp
CN 106.9.67.2:8088 tcp
N/A 10.127.0.2:8800 tcp
N/A 10.127.2.93:445 tcp
CN 106.9.67.2:8089 tcp
N/A 10.127.2.66:445 tcp
N/A 10.127.0.2:8834 tcp
N/A 10.127.2.92:445 tcp
CN 106.9.67.2:8090 tcp
N/A 10.127.0.2:8866 tcp
CN 106.9.67.2:8098 tcp
N/A 10.127.0.2:8880 tcp
N/A 10.127.2.96:445 tcp
N/A 10.127.2.73:445 tcp
N/A 10.127.2.89:445 tcp
CN 106.9.67.2:8099 tcp
N/A 10.127.2.87:445 tcp
N/A 10.127.0.2:8883 tcp
CN 106.9.67.2:8101 tcp
N/A 10.127.0.2:8888 tcp
CN 106.9.67.2:8112 tcp
N/A 10.127.2.99:445 tcp
N/A 10.127.0.2:8889 tcp
N/A 10.127.2.95:445 tcp
CN 106.9.67.2:8123 tcp
N/A 10.127.0.2:9000 tcp
CN 106.9.67.2:8126 tcp
N/A 10.127.0.2:9001 tcp
N/A 10.127.2.105:445 tcp
CN 106.9.67.2:8139 tcp
N/A 10.127.2.94:445 tcp
N/A 10.127.2.100:445 tcp
N/A 10.127.0.2:9002 tcp
CN 106.9.67.2:8140 tcp
N/A 10.127.2.98:445 tcp
N/A 10.127.2.107:445 tcp
N/A 10.127.0.2:9008 tcp
CN 106.9.67.2:8181 tcp
N/A 10.127.0.2:9009 tcp
N/A 10.127.2.101:445 tcp
CN 106.9.67.2:8334 tcp
N/A 10.127.2.102:445 tcp
N/A 10.127.0.2:9051 tcp
CN 106.9.67.2:8443 tcp
N/A 10.127.0.2:9080 tcp
N/A 10.127.2.97:445 tcp
N/A 10.127.2.50:445 tcp
CN 106.9.67.2:8554 tcp
N/A 10.127.2.110:445 tcp
N/A 10.127.0.2:9081 tcp
CN 106.9.67.2:8686 tcp
N/A 10.127.0.2:9090 tcp
CN 106.9.67.2:8800 tcp
N/A 10.127.0.2:9091 tcp
N/A 10.127.2.104:445 tcp
CN 106.9.67.2:8834 tcp
N/A 10.127.2.103:445 tcp
N/A 10.127.2.106:445 tcp
N/A 10.127.2.114:445 tcp
N/A 10.127.0.2:9100 tcp
N/A 10.127.0.2:9151 tcp
CN 106.9.67.2:8866 tcp
CN 106.9.67.2:8880 tcp
N/A 10.127.0.2:9180 tcp
N/A 10.127.0.2:9191 tcp
CN 106.9.67.2:8883 tcp
N/A 10.127.0.2:9200 tcp
CN 106.9.67.2:8888 tcp
N/A 10.127.0.2:9295 tcp
N/A 10.127.2.117:445 tcp
CN 106.9.67.2:8889 tcp
N/A 10.127.0.2:9418 tcp
N/A 10.127.2.108:445 tcp
CN 106.9.67.2:9000 tcp
N/A 10.127.0.2:9443 tcp
CN 106.9.67.2:9001 tcp
N/A 10.127.2.118:445 tcp
N/A 10.127.0.2:9595 tcp
N/A 10.127.0.2:9600 tcp
N/A 10.127.2.109:445 tcp
N/A 10.127.2.111:445 tcp
N/A 10.127.2.116:445 tcp
CN 106.9.67.2:9002 tcp
N/A 10.127.0.2:9633 tcp
N/A 10.127.2.113:445 tcp
CN 106.9.67.2:9008 tcp
N/A 10.127.0.2:9869 tcp
N/A 10.127.2.119:445 tcp
N/A 10.127.2.112:445 tcp
N/A 10.127.0.2:9944 tcp
N/A 10.127.2.122:445 tcp
CN 106.9.67.2:9009 tcp
N/A 10.127.2.115:445 tcp
N/A 10.127.0.2:9944 tcp
N/A 10.127.0.2:9981 tcp
CN 106.9.67.2:9080 tcp
N/A 10.127.2.120:445 tcp
CN 106.9.67.2:9080 tcp
N/A 10.127.0.2:9999 tcp
CN 106.9.67.2:9081 tcp
N/A 10.127.2.127:445 tcp
N/A 10.127.0.2:10000 tcp
N/A 10.127.0.1:8000 tcp
CN 106.9.67.2:9090 tcp
N/A 10.127.0.2:10080 tcp
N/A 10.127.2.121:445 tcp
CN 106.9.67.2:9091 tcp
N/A 10.127.0.2:10081 tcp
CN 106.9.67.2:9100 tcp
N/A 10.127.0.2:10134 tcp
N/A 10.127.2.124:445 tcp
CN 106.9.67.2:9151 tcp
N/A 10.127.2.126:445 tcp
N/A 10.127.0.2:10243 tcp
N/A 10.127.2.129:445 tcp
CN 106.9.67.2:9180 tcp
N/A 10.127.2.132:445 tcp
N/A 10.127.0.2:10554 tcp
N/A 10.127.0.2:11211 tcp
N/A 10.127.0.2:12345 tcp
N/A 10.127.2.125:445 tcp
CN 106.9.67.2:9191 tcp
N/A 10.127.0.2:13579 tcp
N/A 10.127.2.123:445 tcp
N/A 10.127.2.134:445 tcp
N/A 10.127.0.2:16010 tcp
CN 106.9.67.2:9200 tcp
N/A 10.127.0.2:16992 tcp
N/A 10.127.2.128:445 tcp
CN 106.9.67.2:9295 tcp
N/A 10.127.2.133:445 tcp
N/A 10.127.0.2:16993 tcp
CN 106.9.67.2:9418 tcp
N/A 10.127.0.2:18245 tcp
CN 106.9.67.2:9443 tcp
N/A 10.127.0.2:20000 tcp
CN 106.9.67.2:9595 tcp
N/A 10.127.2.130:445 tcp
N/A 10.127.2.136:445 tcp
N/A 10.127.2.85:445 tcp
N/A 10.127.0.2:20547 tcp
CN 106.9.67.2:9600 tcp
US 8.8.8.8:53 zrkls.pw udp
N/A 10.127.2.131:445 tcp
N/A 10.127.0.2:21379 tcp
CN 106.9.67.2:9633 tcp
CN 106.9.67.2:9869 tcp
N/A 10.127.0.2:23424 tcp
N/A 10.127.2.138:445 tcp
CN 106.9.67.2:9943 tcp
N/A 10.127.0.2:25105 tcp
N/A 10.127.2.141:445 tcp
CN 106.9.67.2:9944 tcp
N/A 10.127.0.2:28017 tcp
N/A 10.127.2.135:445 tcp
CN 106.9.67.2:9981 tcp
N/A 10.127.0.2:32400 tcp
CN 106.9.67.2:9999 tcp
N/A 10.127.2.145:445 tcp
CN 106.9.67.2:10000 tcp
N/A 10.127.0.2:33338 tcp
N/A 10.127.2.137:445 tcp
N/A 10.127.2.142:445 tcp
N/A 10.127.2.143:445 tcp
N/A 10.127.0.2:33550 tcp
N/A 10.127.2.139:445 tcp
CN 106.9.67.2:10080 tcp
N/A 10.127.0.2:37215 tcp
N/A 10.127.2.144:445 tcp
CN 106.9.67.2:10081 tcp
N/A 10.127.2.148:445 tcp
CN 106.9.67.2:10134 tcp
N/A 10.127.0.2:37777 tcp
CN 106.9.67.2:10243 tcp
N/A 10.127.0.2:44818 tcp
N/A 10.127.2.149:445 tcp
CN 106.9.67.2:10554 tcp
N/A 10.127.2.150:445 tcp
N/A 10.127.0.2:49152 tcp
CN 106.9.67.2:11211 tcp
N/A 10.127.0.2:49153 tcp
N/A 10.127.2.140:445 tcp
CN 106.9.67.2:12345 tcp
N/A 10.127.0.2:50070 tcp
N/A 10.127.2.151:445 tcp
CN 106.9.67.2:13579 tcp
N/A 10.127.0.2:51106 tcp
CN 106.9.67.2:16010 tcp
N/A 10.127.0.2:54138 tcp
CN 106.9.67.2:16992 tcp
N/A 10.127.2.147:445 tcp
N/A 10.127.2.155:445 tcp
N/A 10.127.2.152:445 tcp
N/A 10.127.0.2:54984 tcp
N/A 10.127.2.156:445 tcp
CN 106.9.67.2:16993 tcp
N/A 10.127.0.2:55443 tcp
N/A 10.127.2.146:445 tcp
CN 106.9.67.2:18245 tcp
N/A 10.127.0.2:55553 tcp
N/A 10.127.0.2:60129 tcp
CN 106.9.67.2:20000 tcp
N/A 10.127.2.158:445 tcp
N/A 10.127.0.2:62078 tcp
CN 106.9.67.2:20547 tcp
CN 106.9.67.2:21379 tcp
N/A 10.127.0.3:80 tcp
N/A 10.127.2.157:445 tcp
CN 106.9.67.2:23424 tcp
N/A 10.127.0.3:81 tcp
N/A 10.127.2.153:445 tcp
N/A 10.127.2.160:445 tcp
N/A 10.127.0.3:82 tcp
CN 106.9.67.2:25105 tcp
CN 106.9.67.2:28017 tcp
N/A 10.127.0.3:83 tcp
N/A 10.127.2.154:445 tcp
CN 106.9.67.2:32400 tcp
N/A 10.127.0.3:84 tcp
N/A 10.127.0.3:88 tcp
CN 106.9.67.2:33338 tcp
N/A 10.127.2.163:445 tcp
N/A 10.127.0.3:89 tcp
CN 106.9.67.2:33550 tcp
N/A 10.127.0.3:99 tcp
N/A 10.127.2.164:445 tcp
N/A 10.127.0.3:99 tcp
CN 106.9.67.2:37215 tcp
N/A 10.127.0.3:102 tcp
CN 106.9.67.2:37777 tcp
N/A 10.127.0.3:104 tcp
CN 106.9.67.2:44818 tcp
N/A 10.127.2.159:445 tcp
N/A 10.127.0.3:113 tcp
N/A 10.127.2.162:445 tcp
N/A 10.127.2.165:445 tcp
N/A 10.127.2.161:445 tcp
CN 106.9.67.2:49152 tcp
N/A 10.127.2.168:445 tcp
N/A 10.127.0.3:175 tcp
CN 106.9.67.2:49153 tcp
N/A 10.127.0.3:179 tcp
CN 106.9.67.2:50070 tcp
N/A 10.127.0.3:195 tcp
N/A 10.127.2.172:445 tcp
N/A 10.127.2.171:445 tcp
N/A 10.127.0.3:264 tcp
CN 106.9.67.2:51106 tcp
N/A 10.127.0.3:311 tcp
N/A 10.127.2.166:445 tcp
N/A 10.127.2.167:445 tcp
CN 106.9.67.2:54138 tcp
N/A 10.127.0.3:443 tcp
CN 106.9.67.2:54984 tcp
N/A 10.127.0.3:443 tcp
N/A 10.127.2.169:445 tcp
N/A 10.127.0.3:444 tcp
N/A 10.127.2.174:445 tcp
N/A 10.127.0.3:515 tcp
CN 106.9.67.2:55443 tcp
N/A 10.127.2.173:445 tcp
N/A 10.127.2.177:445 tcp
N/A 10.127.0.3:631 tcp
CN 106.9.67.2:55553 tcp
N/A 10.127.0.3:631 tcp
CN 106.9.67.2:60129 tcp
N/A 10.127.0.3:789 tcp
N/A 10.127.2.175:445 tcp
N/A 10.127.2.179:445 tcp
CN 106.9.67.2:62078 tcp
US 8.8.8.8:53 zrkls.pw udp
CN 106.9.67.3:80 tcp
N/A 10.127.0.3:1010 tcp
N/A 10.127.0.3:1099 tcp
N/A 10.127.2.181:445 tcp
CN 106.9.67.3:81 tcp
N/A 10.127.2.170:445 tcp
N/A 10.127.0.3:1111 tcp
N/A 10.127.2.183:445 tcp
N/A 10.127.0.3:1200 tcp
CN 106.9.67.3:82 tcp
N/A 10.127.0.3:1234 tcp
N/A 10.127.0.3:1311 tcp
CN 106.9.67.3:83 tcp
N/A 10.127.0.3:1400 tcp
N/A 10.127.0.3:1471 tcp
N/A 10.127.2.176:445 tcp
N/A 10.127.0.3:1471 tcp
N/A 10.127.2.178:445 tcp
CN 106.9.67.3:84 tcp
N/A 10.127.0.3:1515 tcp
N/A 10.127.2.180:445 tcp
N/A 10.127.2.182:445 tcp
CN 106.9.67.3:88 tcp
N/A 10.127.0.3:1521 tcp
N/A 10.127.0.3:1599 tcp
CN 106.9.67.3:89 tcp
N/A 10.127.0.3:1723 tcp
CN 106.9.67.3:90 tcp
N/A 10.127.0.3:1741 tcp
N/A 10.127.2.186:445 tcp
CN 106.9.67.3:99 tcp
N/A 10.127.0.3:1777 tcp
N/A 10.127.0.3:1911 tcp
CN 106.9.67.3:102 tcp
N/A 10.127.0.3:1962 tcp
CN 106.9.67.3:104 tcp
N/A 10.127.0.3:1991 tcp
CN 106.9.67.3:113 tcp
N/A 10.127.0.3:2000 tcp
CN 106.9.67.3:175 tcp
N/A 10.127.2.184:445 tcp
N/A 10.127.0.3:2081 tcp
N/A 10.127.2.188:445 tcp
N/A 10.127.0.3:2082 tcp
CN 106.9.67.3:179 tcp
N/A 10.127.2.191:445 tcp
N/A 10.127.2.192:445 tcp
CN 106.9.67.3:195 tcp
N/A 10.127.0.3:2083 tcp
N/A 10.127.2.187:445 tcp
CN 106.9.67.3:264 tcp
N/A 10.127.0.3:2086 tcp
N/A 10.127.0.3:2087 tcp
CN 106.9.67.3:311 tcp
N/A 10.127.2.185:445 tcp
N/A 10.127.0.3:2181 tcp
GB 2.19.117.22:80 crl.microsoft.com tcp
CN 106.9.67.3:389 tcp
N/A 10.127.2.189:445 tcp
N/A 10.127.0.3:2222 tcp
CN 106.9.67.3:443 tcp
N/A 10.127.2.190:445 tcp
N/A 10.127.2.194:445 tcp
N/A 10.127.0.3:2375 tcp
CN 106.9.67.3:444 tcp
N/A 10.127.2.196:445 tcp
N/A 10.127.2.197:445 tcp
N/A 10.127.0.3:2376 tcp
CN 106.9.67.3:515 tcp
N/A 10.127.2.195:445 tcp
CN 106.9.67.3:554 tcp
N/A 10.127.0.3:2404 tcp
N/A 10.127.0.3:2455 tcp
N/A 10.127.2.202:445 tcp
CN 106.9.67.3:631 tcp
N/A 10.127.0.3:2480 tcp
N/A 10.127.2.193:445 tcp
CN 106.9.67.3:789 tcp
CN 106.9.67.3:1010 tcp
N/A 10.127.0.3:2628 tcp
N/A 10.127.0.3:3000 tcp
CN 106.9.67.3:1099 tcp
CN 106.9.67.3:1111 tcp
N/A 10.127.0.3:3001 tcp
CN 106.9.67.3:1177 tcp
N/A 10.127.0.3:3128 tcp
N/A 10.127.2.199:445 tcp
N/A 10.127.2.200:445 tcp
N/A 10.127.2.206:445 tcp
CN 106.9.67.3:1200 tcp
N/A 10.127.2.208:445 tcp
N/A 10.127.0.3:3260 tcp
N/A 10.127.2.205:445 tcp
CN 106.9.67.3:1234 tcp
N/A 10.127.2.203:445 tcp
N/A 10.127.2.209:445 tcp
N/A 10.127.0.3:3299 tcp
CN 106.9.67.3:1311 tcp
N/A 10.127.0.3:3310 tcp
CN 106.9.67.3:1400 tcp
N/A 10.127.2.198:445 tcp
CN 106.9.67.3:1471 tcp
N/A 10.127.0.3:3388 tcp
N/A 10.127.2.207:445 tcp
N/A 10.127.0.3:3389 tcp
CN 106.9.67.3:1515 tcp
N/A 10.127.0.3:3460 tcp
N/A 10.127.2.201:445 tcp
CN 106.9.67.3:1521 tcp
N/A 10.127.0.3:3541 tcp
N/A 10.127.0.3:3542 tcp
CN 106.9.67.3:1599 tcp
N/A 10.127.2.211:445 tcp
CN 106.9.67.3:1723 tcp
N/A 10.127.2.210:445 tcp
N/A 10.127.0.3:3689 tcp
CN 106.9.67.3:1741 tcp
N/A 10.127.0.3:3749 tcp
N/A 10.127.2.204:445 tcp
N/A 10.127.2.215:445 tcp
CN 106.9.67.3:1777 tcp
N/A 10.127.0.3:3780 tcp
N/A 10.127.2.214:445 tcp
CN 106.9.67.3:1911 tcp
N/A 10.127.0.3:3790 tcp
CN 106.9.67.3:1962 tcp
N/A 10.127.0.3:4000 tcp
N/A 10.127.2.213:445 tcp
CN 106.9.67.3:1991 tcp
N/A 10.127.0.3:4022 tcp
CN 106.9.67.3:2000 tcp
N/A 10.127.0.3:4040 tcp
CN 106.9.67.3:2081 tcp
N/A 10.127.2.221:445 tcp
N/A 10.127.0.3:4157 tcp
CN 106.9.67.3:2082 tcp
N/A 10.127.2.222:445 tcp
N/A 10.127.2.218:445 tcp
N/A 10.127.2.225:445 tcp
N/A 10.127.0.3:4443 tcp
N/A 10.127.2.212:445 tcp
CN 106.9.67.3:2083 tcp
N/A 10.127.2.219:445 tcp
N/A 10.127.0.3:4444 tcp
CN 106.9.67.3:2086 tcp
N/A 10.127.0.3:4567 tcp
CN 106.9.67.3:2087 tcp
N/A 10.127.0.3:4664 tcp
CN 106.9.67.3:2181 tcp
N/A 10.127.0.3:4782 tcp
CN 106.9.67.3:2222 tcp
N/A 10.127.0.3:4786 tcp
CN 106.9.67.3:2375 tcp
N/A 10.127.2.217:445 tcp
N/A 10.127.2.229:445 tcp
N/A 10.127.0.3:4848 tcp
CN 106.9.67.3:2376 tcp
N/A 10.127.2.224:445 tcp
N/A 10.127.0.3:4911 tcp
N/A 10.127.2.216:445 tcp
CN 106.9.67.3:2404 tcp
N/A 10.127.0.3:5000 tcp
CN 106.9.67.3:2455 tcp
N/A 10.127.0.3:5001 tcp
N/A 10.127.2.220:445 tcp
N/A 10.127.2.223:445 tcp
N/A 10.127.2.227:445 tcp
CN 106.9.67.3:2480 tcp
N/A 10.127.0.3:5007 tcp
N/A 10.127.2.231:445 tcp
CN 106.9.67.3:2628 tcp
N/A 10.127.0.3:5009 tcp
CN 106.9.67.3:3000 tcp
N/A 10.127.0.3:5055 tcp
CN 106.9.67.3:3001 tcp
N/A 10.127.0.3:5222 tcp
CN 106.9.67.3:3128 tcp
N/A 10.127.0.3:5269 tcp
CN 106.9.67.3:3260 tcp
N/A 10.127.2.226:445 tcp
N/A 10.127.0.3:5357 tcp
N/A 10.127.2.238:445 tcp
CN 106.9.67.3:3299 tcp
N/A 10.127.2.233:445 tcp
N/A 10.127.2.236:445 tcp
N/A 10.127.0.3:5555 tcp
N/A 10.127.2.228:445 tcp
CN 106.9.67.3:3310 tcp
N/A 10.127.0.3:5560 tcp
N/A 10.127.2.232:445 tcp
N/A 10.127.2.239:445 tcp
CN 106.9.67.3:3388 tcp
N/A 10.127.0.3:5601 tcp
N/A 10.127.2.235:445 tcp
CN 106.9.67.3:3389 tcp
N/A 10.127.0.3:5672 tcp
N/A 10.127.2.237:445 tcp
CN 106.9.67.3:3460 tcp
N/A 10.127.0.3:5800 tcp
CN 106.9.67.3:3541 tcp
N/A 10.127.2.241:445 tcp
N/A 10.127.2.230:445 tcp
N/A 10.127.0.3:5801 tcp
N/A 10.127.2.234:445 tcp
CN 106.9.67.3:3542 tcp
N/A 10.127.0.3:5900 tcp
CN 106.9.67.3:3689 tcp
N/A 10.127.0.3:5901 tcp
CN 106.9.67.3:3749 tcp
N/A 10.127.0.3:5938 tcp
N/A 10.127.2.240:445 tcp
N/A 10.127.2.242:445 tcp
N/A 10.127.2.245:445 tcp
N/A 10.127.2.249:445 tcp
CN 106.9.67.3:3780 tcp
N/A 10.127.0.3:5984 tcp
N/A 10.127.2.243:445 tcp
N/A 10.127.2.248:445 tcp
CN 106.9.67.3:3790 tcp
N/A 10.127.0.3:5985 tcp
CN 106.9.67.3:4000 tcp
N/A 10.127.0.3:5986 tcp
CN 106.9.67.3:4022 tcp
N/A 10.127.2.244:445 tcp
N/A 10.127.0.3:6000 tcp
CN 106.9.67.3:4040 tcp
N/A 10.127.2.250:445 tcp
N/A 10.127.0.3:6001 tcp
CN 106.9.67.3:4157 tcp
N/A 10.127.0.3:6060 tcp
CN 106.9.67.3:4443 tcp
N/A 10.127.2.246:445 tcp
N/A 10.127.2.247:445 tcp
N/A 10.127.0.3:6664 tcp
CN 106.9.67.3:4444 tcp
N/A 10.127.0.3:6666 tcp
CN 106.9.67.3:4567 tcp
CN 106.9.67.3:4664 tcp
N/A 10.127.0.3:6668 tcp
N/A 10.127.0.3:7001 tcp
CN 106.9.67.3:4782 tcp
N/A 10.127.0.3:7070 tcp
N/A 10.127.2.251:445 tcp
CN 106.9.67.3:4786 tcp
N/A 10.127.3.0:445 tcp
N/A 10.127.0.3:7071 tcp
CN 106.9.67.3:4848 tcp
N/A 10.127.0.3:7080 tcp
N/A 10.127.2.254:445 tcp
CN 106.9.67.3:4911 tcp
N/A 10.127.0.3:7415 tcp
CN 106.9.67.3:5000 tcp
N/A 10.127.0.3:7474 tcp
CN 106.9.67.3:5001 tcp
N/A 10.127.0.3:7547 tcp
CN 106.9.67.3:5007 tcp
N/A 10.127.3.10:445 tcp
N/A 10.127.0.3:7548 tcp
CN 106.9.67.3:5009 tcp
N/A 10.127.0.3:7657 tcp
N/A 10.127.2.253:445 tcp
CN 106.9.67.3:5055 tcp
N/A 10.127.2.252:445 tcp
N/A 10.127.0.3:7777 tcp
CN 106.9.67.3:5222 tcp
N/A 10.127.3.1:445 tcp
N/A 10.127.0.3:7779 tcp
CN 106.9.67.3:5269 tcp
N/A 10.127.3.6:445 tcp
N/A 10.127.0.3:7890 tcp
CN 106.9.67.3:5357 tcp
N/A 10.127.3.5:445 tcp
N/A 10.127.3.12:445 tcp
N/A 10.127.0.3:8000 tcp
CN 106.9.67.3:5555 tcp
N/A 10.127.3.14:445 tcp
N/A 10.127.0.3:8001 tcp
CN 106.9.67.3:5560 tcp
N/A 10.127.3.3:445 tcp
N/A 10.127.3.13:445 tcp
CN 106.9.67.3:5601 tcp
N/A 10.127.0.3:8002 tcp
N/A 10.127.3.2:445 tcp
N/A 10.127.3.16:445 tcp
N/A 10.127.3.4:445 tcp
CN 106.9.67.3:5672 tcp
N/A 10.127.3.7:445 tcp
N/A 10.127.0.3:8008 tcp
N/A 10.127.3.9:445 tcp
N/A 10.127.0.3:8009 tcp
CN 106.9.67.3:5800 tcp
CN 106.9.67.3:5801 tcp
N/A 10.127.3.11:445 tcp
N/A 10.127.0.3:8010 tcp
CN 106.9.67.3:5900 tcp
N/A 10.127.0.3:8012 tcp
N/A 10.127.3.8:445 tcp
N/A 10.127.3.17:445 tcp
CN 106.9.67.3:5901 tcp
N/A 10.127.0.3:8020 tcp
CN 106.9.67.3:5938 tcp
N/A 10.127.0.3:8030 tcp
N/A 10.127.3.21:445 tcp
N/A 10.127.0.3:8040 tcp
CN 106.9.67.3:5984 tcp
N/A 10.127.3.15:445 tcp
N/A 10.127.3.20:445 tcp
CN 106.9.67.3:5985 tcp
N/A 10.127.0.3:8050 tcp
N/A 10.127.3.23:445 tcp
CN 106.9.67.3:5986 tcp
N/A 10.127.0.3:8060 tcp
N/A 10.127.3.18:445 tcp
CN 106.9.67.3:6000 tcp
N/A 10.127.0.3:8069 tcp
N/A 10.127.3.25:445 tcp
N/A 10.127.0.3:8070 tcp
CN 106.9.67.3:6001 tcp
N/A 10.127.3.30:445 tcp
CN 106.9.67.3:6060 tcp
N/A 10.127.0.3:8080 tcp
N/A 10.127.3.19:445 tcp
N/A 10.127.0.3:8081 tcp
CN 106.9.67.3:6664 tcp
N/A 10.127.3.22:445 tcp
CN 106.9.67.3:6666 tcp
N/A 10.127.3.24:445 tcp
N/A 10.127.0.3:8082 tcp
N/A 10.127.0.3:8083 tcp
CN 106.9.67.3:6668 tcp
N/A 10.127.3.26:445 tcp
CN 106.9.67.3:7001 tcp
N/A 10.127.0.3:8084 tcp
CN 106.9.67.3:7070 tcp
N/A 10.127.0.3:8085 tcp
N/A 10.127.0.3:8086 tcp
CN 106.9.67.3:7071 tcp
CN 106.9.67.3:7080 tcp
N/A 10.127.0.3:8087 tcp
CN 106.9.67.3:7415 tcp
N/A 10.127.0.3:8088 tcp
CN 106.9.67.3:7474 tcp
N/A 10.127.0.3:8089 tcp
N/A 10.127.3.37:445 tcp
N/A 10.127.3.31:445 tcp
N/A 10.127.3.34:445 tcp
N/A 10.127.3.32:445 tcp
N/A 10.127.3.27:445 tcp
N/A 10.127.3.28:445 tcp
CN 106.9.67.3:7547 tcp
N/A 10.127.0.3:8090 tcp
CN 106.9.67.3:7548 tcp
N/A 10.127.0.3:8098 tcp
N/A 10.127.3.29:445 tcp
CN 106.9.67.3:7657 tcp
N/A 10.127.0.3:8099 tcp
CN 106.9.67.3:7777 tcp
N/A 10.127.3.36:445 tcp
N/A 10.127.0.3:8101 tcp
CN 106.9.67.3:7779 tcp
CN 106.9.67.3:7890 tcp
N/A 10.127.0.3:8112 tcp
N/A 10.127.3.33:445 tcp
CN 106.9.67.3:8000 tcp
N/A 10.127.0.3:8123 tcp
N/A 10.127.0.3:8126 tcp
CN 106.9.67.3:8001 tcp
CN 106.9.67.3:8002 tcp
N/A 10.127.0.3:8139 tcp
N/A 10.127.3.40:445 tcp
N/A 10.127.0.3:8140 tcp
CN 106.9.67.3:8008 tcp
N/A 10.127.3.35:445 tcp
CN 106.9.67.3:8009 tcp
N/A 10.127.0.3:8181 tcp
CN 106.9.67.3:8010 tcp
N/A 10.127.3.44:445 tcp
N/A 10.127.3.38:445 tcp
N/A 10.127.3.50:445 tcp
N/A 10.127.0.3:8334 tcp
CN 106.9.67.3:8012 tcp
N/A 10.127.3.41:445 tcp
N/A 10.127.0.3:8443 tcp
N/A 10.127.3.48:445 tcp
N/A 10.127.3.39:445 tcp
CN 106.9.67.3:8020 tcp
N/A 10.127.3.43:445 tcp
N/A 10.127.0.3:8554 tcp
CN 106.9.67.3:8030 tcp
N/A 10.127.0.3:8686 tcp
CN 106.9.67.3:8040 tcp
N/A 10.127.0.3:8800 tcp
CN 106.9.67.3:8050 tcp
N/A 10.127.3.42:445 tcp
N/A 10.127.0.3:8834 tcp
N/A 10.127.3.46:445 tcp
CN 106.9.67.3:8060 tcp
N/A 10.127.3.55:445 tcp
N/A 10.127.0.3:8866 tcp
CN 106.9.67.3:8069 tcp
CN 106.9.67.3:8070 tcp
N/A 10.127.0.3:8880 tcp
CN 106.9.67.3:8080 tcp
N/A 10.127.0.3:8883 tcp
N/A 10.127.3.45:445 tcp
CN 106.9.67.3:8081 tcp
N/A 10.127.0.3:8888 tcp
N/A 10.127.3.54:445 tcp
N/A 10.127.3.47:445 tcp
CN 106.9.67.3:8082 tcp
N/A 10.127.3.52:445 tcp
N/A 10.127.0.3:8889 tcp
CN 106.9.67.3:8083 tcp
N/A 10.127.0.3:9000 tcp
CN 106.9.67.3:8084 tcp
N/A 10.127.3.51:445 tcp
CN 106.9.67.3:8085 tcp
N/A 10.127.3.49:445 tcp
N/A 10.127.3.62:445 tcp
N/A 10.127.0.3:9001 tcp
CN 106.9.67.3:8086 tcp
N/A 10.127.3.53:445 tcp
N/A 10.127.0.3:9002 tcp
N/A 10.127.3.56:445 tcp
N/A 10.127.3.57:445 tcp
CN 106.9.67.3:8087 tcp
N/A 10.127.3.64:445 tcp
US 8.8.8.8:53 smtp.yandex.com udp
N/A 10.127.0.3:9008 tcp
N/A 10.127.3.60:445 tcp
CN 106.9.67.3:8088 tcp
RU 77.88.21.158:587 smtp.yandex.com tcp
N/A 10.127.0.3:9009 tcp
CN 106.9.67.3:8089 tcp
N/A 10.127.0.3:9051 tcp
N/A 10.127.3.61:445 tcp
N/A 10.127.3.66:445 tcp
N/A 10.127.3.69:445 tcp
CN 106.9.67.3:8090 tcp
N/A 10.127.0.3:9080 tcp
CN 106.9.67.3:8098 tcp
N/A 10.127.0.3:9081 tcp
CN 106.9.67.3:8099 tcp
N/A 10.127.0.3:9090 tcp
N/A 10.127.3.58:445 tcp
N/A 10.127.3.68:445 tcp
CN 106.9.67.3:8101 tcp
N/A 10.127.0.3:9091 tcp
CN 106.9.67.3:8112 tcp
N/A 10.127.0.3:9100 tcp
CN 106.9.67.3:8123 tcp
N/A 10.127.0.3:9151 tcp
N/A 10.127.3.59:445 tcp
CN 106.9.67.3:8126 tcp
N/A 10.127.0.3:9180 tcp
CN 106.9.67.3:8139 tcp
N/A 10.127.3.73:445 tcp
N/A 10.127.0.3:9191 tcp
N/A 10.127.3.63:445 tcp
CN 106.9.67.3:8140 tcp
N/A 10.127.0.3:9200 tcp
N/A 10.127.3.76:445 tcp
CN 106.9.67.3:8181 tcp
N/A 10.127.0.3:9295 tcp
N/A 10.127.3.79:445 tcp
N/A 10.127.3.65:445 tcp
CN 106.9.67.3:8334 tcp
N/A 10.127.0.3:9418 tcp
CN 106.9.67.3:8443 tcp
N/A 10.127.3.70:445 tcp
N/A 10.127.3.77:445 tcp
N/A 10.127.0.3:9443 tcp
N/A 10.127.3.80:445 tcp
CN 106.9.67.3:8554 tcp
N/A 10.127.0.3:9595 tcp
N/A 10.127.3.75:445 tcp
CN 106.9.67.3:8686 tcp
CN 106.9.67.3:8800 tcp
N/A 10.127.3.67:445 tcp
N/A 10.127.0.3:9600 tcp
CN 106.9.67.3:8834 tcp
N/A 10.127.0.3:9633 tcp
N/A 10.127.0.3:9869 tcp
CN 106.9.67.3:8866 tcp
N/A 10.127.3.71:445 tcp
N/A 10.127.3.72:445 tcp
N/A 10.127.3.78:445 tcp
N/A 10.127.3.83:445 tcp
N/A 10.127.3.85:445 tcp
N/A 10.127.0.3:9943 tcp
CN 106.9.67.3:8880 tcp
N/A 10.127.3.81:445 tcp
N/A 10.127.0.3:9944 tcp
CN 106.9.67.3:8883 tcp
CN 106.9.67.3:8888 tcp
N/A 10.127.0.3:9981 tcp
N/A 10.127.0.3:9999 tcp
CN 106.9.67.3:8889 tcp
N/A 10.127.3.74:445 tcp
N/A 10.127.3.84:445 tcp
N/A 10.127.0.3:10000 tcp
CN 106.9.67.3:9000 tcp
N/A 10.127.0.3:10080 tcp
N/A 10.127.3.87:445 tcp
CN 106.9.67.3:9001 tcp
N/A 10.127.0.3:10081 tcp
CN 106.9.67.3:9002 tcp
CN 106.9.67.3:9008 tcp
N/A 10.127.0.3:10134 tcp
N/A 10.127.3.86:445 tcp
CN 106.9.67.3:9009 tcp
N/A 10.127.3.82:445 tcp
N/A 10.127.0.3:10243 tcp
CN 106.9.67.3:9051 tcp
N/A 10.127.3.89:445 tcp
N/A 10.127.0.3:10554 tcp
CN 106.9.67.3:9080 tcp
N/A 10.127.3.94:445 tcp
N/A 10.127.3.92:445 tcp
CN 106.9.67.3:9081 tcp
N/A 10.127.0.3:11211 tcp
CN 106.9.67.3:9090 tcp
N/A 10.127.0.3:12345 tcp
CN 106.9.67.3:9091 tcp
N/A 10.127.0.3:13579 tcp
CN 106.9.67.3:9100 tcp
N/A 10.127.3.99:445 tcp
N/A 10.127.0.3:16010 tcp
CN 106.9.67.3:9151 tcp
CN 106.9.67.3:9180 tcp
N/A 10.127.0.3:16992 tcp
N/A 10.127.3.90:445 tcp
N/A 10.127.3.88:445 tcp
US 8.8.8.8:53 checkip.dyndns.org udp
N/A 10.127.0.3:16993 tcp
CN 106.9.67.3:9191 tcp
N/A 10.127.3.95:445 tcp
CN 106.9.67.3:9200 tcp
N/A 10.127.0.3:18245 tcp
N/A 10.127.3.101:445 tcp
US 158.101.44.242:80 checkip.dyndns.org tcp
CN 106.9.67.3:9295 tcp
N/A 10.127.3.104:445 tcp
N/A 10.127.0.3:20000 tcp
CN 106.9.67.3:9418 tcp
N/A 10.127.3.91:445 tcp
N/A 10.127.0.3:20547 tcp
CN 106.9.67.3:9443 tcp
N/A 10.127.0.3:21379 tcp
N/A 10.127.3.93:445 tcp
N/A 10.127.3.96:445 tcp
CN 106.9.67.3:9595 tcp
N/A 10.127.0.3:23424 tcp
CN 106.9.67.3:9600 tcp
N/A 10.127.3.107:445 tcp
N/A 10.127.0.3:25105 tcp
N/A 10.127.3.98:445 tcp
CN 106.9.67.3:9633 tcp
N/A 10.127.0.3:28017 tcp
N/A 10.127.3.97:445 tcp
CN 106.9.67.3:9869 tcp
N/A 10.127.0.3:32400 tcp
CN 106.9.67.3:9943 tcp
N/A 10.127.0.3:33338 tcp
CN 106.9.67.3:9944 tcp
N/A 10.127.0.3:33550 tcp
N/A 10.127.3.102:445 tcp
N/A 10.127.3.103:445 tcp
CN 106.9.67.3:9981 tcp
N/A 10.127.0.3:37215 tcp
N/A 10.127.3.100:445 tcp
CN 106.9.67.3:9999 tcp
N/A 10.127.3.110:445 tcp
N/A 10.127.0.3:37777 tcp
CN 106.9.67.3:10000 tcp
N/A 10.127.0.3:44818 tcp
CN 106.9.67.3:10080 tcp
N/A 10.127.3.106:445 tcp
N/A 10.127.0.3:49152 tcp
CN 106.9.67.3:10081 tcp
N/A 10.127.3.114:445 tcp
N/A 10.127.0.3:49153 tcp
CN 106.9.67.3:10134 tcp
N/A 10.127.0.3:50070 tcp
CN 106.9.67.3:10243 tcp
N/A 10.127.3.112:445 tcp
N/A 10.127.3.116:445 tcp
N/A 10.127.0.3:51106 tcp
N/A 10.127.3.105:445 tcp
CN 106.9.67.3:10554 tcp
N/A 10.127.3.108:445 tcp
N/A 10.127.0.3:54138 tcp
CN 106.9.67.3:11211 tcp
N/A 10.127.3.109:445 tcp
N/A 10.127.0.3:54984 tcp
N/A 10.127.3.113:445 tcp
CN 106.9.67.3:12345 tcp
N/A 10.127.0.3:55443 tcp
CN 106.9.67.3:13579 tcp
N/A 10.127.0.3:55553 tcp
CN 106.9.67.3:16010 tcp
N/A 10.127.3.111:445 tcp
N/A 10.127.3.121:445 tcp
N/A 10.127.0.3:60129 tcp
CN 106.9.67.3:16992 tcp
N/A 10.127.0.3:62078 tcp
CN 106.9.67.3:16993 tcp
N/A 10.127.0.4:80 tcp
CN 106.9.67.3:18245 tcp
N/A 10.127.3.123:445 tcp
CN 106.9.67.3:20000 tcp
N/A 10.127.3.115:445 tcp
N/A 10.127.0.4:81 tcp
N/A 10.127.0.4:82 tcp
CN 106.9.67.3:20547 tcp
N/A 10.127.3.126:445 tcp
CN 106.9.67.3:21379 tcp
N/A 10.127.3.118:445 tcp
N/A 10.127.0.4:84 tcp
N/A 10.127.0.4:84 tcp
N/A 10.127.3.129:445 tcp
CN 106.9.67.3:23424 tcp
N/A 10.127.3.117:445 tcp
N/A 10.127.3.120:445 tcp
N/A 10.127.3.130:445 tcp
N/A 10.127.3.128:445 tcp
CN 106.9.67.3:25105 tcp
N/A 10.127.0.4:88 tcp
N/A 10.127.3.119:445 tcp
CN 106.9.67.3:28017 tcp
N/A 10.127.0.4:89 tcp
N/A 10.127.3.122:445 tcp
N/A 10.127.3.133:445 tcp
N/A 10.127.3.132:445 tcp
CN 106.9.67.3:32400 tcp
N/A 10.127.3.125:445 tcp
N/A 10.127.0.4:90 tcp
N/A 10.127.3.131:445 tcp
CN 106.9.67.3:33338 tcp
N/A 10.127.0.4:99 tcp
CN 106.9.67.3:33550 tcp
CN 106.9.67.3:37215 tcp
N/A 10.127.3.124:445 tcp
CN 106.9.67.3:37777 tcp
N/A 10.127.0.4:102 tcp
CN 106.9.67.3:44818 tcp
N/A 10.127.0.4:104 tcp
N/A 10.127.3.127:445 tcp
CN 106.9.67.3:49152 tcp
N/A 10.127.0.4:113 tcp
N/A 10.127.3.137:445 tcp
CN 106.9.67.3:49153 tcp
CN 106.9.67.3:50070 tcp
N/A 10.127.0.4:175 tcp
N/A 10.127.0.4:179 tcp
N/A 10.127.3.143:445 tcp
N/A 10.127.3.144:445 tcp
CN 106.9.67.3:51106 tcp
CN 106.9.67.3:54138 tcp
N/A 10.127.0.4:195 tcp
N/A 10.127.3.135:445 tcp
CN 106.9.67.3:54984 tcp
N/A 10.127.0.4:264 tcp
N/A 10.127.3.134:445 tcp
N/A 10.127.3.139:445 tcp
N/A 10.127.0.4:311 tcp
CN 106.9.67.3:55443 tcp
N/A 10.127.3.145:445 tcp
N/A 10.127.0.4:389 tcp
CN 106.9.67.3:55553 tcp
N/A 10.127.3.147:445 tcp
N/A 10.127.3.136:445 tcp
N/A 10.127.0.4:443 tcp
CN 106.9.67.3:60129 tcp
CN 106.9.67.3:62078 tcp
N/A 10.127.0.4:444 tcp
N/A 10.127.0.4:515 tcp
CN 106.9.67.4:80 tcp
N/A 10.127.0.4:554 tcp
CN 106.9.67.4:81 tcp
N/A 10.127.3.148:445 tcp
N/A 10.127.0.4:631 tcp
CN 106.9.67.4:82 tcp
N/A 10.127.3.141:445 tcp
N/A 10.127.3.142:445 tcp
CN 106.9.67.4:83 tcp
N/A 10.127.0.4:789 tcp
N/A 10.127.3.140:445 tcp
N/A 10.127.3.146:445 tcp
N/A 10.127.3.150:445 tcp
N/A 10.127.0.4:1010 tcp
CN 106.9.67.4:84 tcp
CN 106.9.67.4:88 tcp
N/A 10.127.0.4:1099 tcp
CN 106.9.67.4:89 tcp
N/A 10.127.0.4:1111 tcp
CN 106.9.67.4:90 tcp
N/A 10.127.0.4:1177 tcp
CN 106.9.67.4:99 tcp
N/A 10.127.0.4:1200 tcp
CN 106.9.67.4:102 tcp
N/A 10.127.3.149:445 tcp
N/A 10.127.0.4:1234 tcp
N/A 10.127.3.157:445 tcp
CN 106.9.67.4:104 tcp
N/A 10.127.3.154:445 tcp
N/A 10.127.0.4:1311 tcp
CN 106.9.67.4:113 tcp
N/A 10.127.3.152:445 tcp
N/A 10.127.3.155:445 tcp
N/A 10.127.0.4:1400 tcp
CN 106.9.67.4:175 tcp
N/A 10.127.3.151:445 tcp
N/A 10.127.0.4:1471 tcp
CN 106.9.67.4:179 tcp
N/A 10.127.0.4:1515 tcp
CN 106.9.67.4:195 tcp
N/A 10.127.0.4:1521 tcp
CN 106.9.67.4:264 tcp
N/A 10.127.3.159:445 tcp
N/A 10.127.3.153:445 tcp
N/A 10.127.3.158:445 tcp
N/A 10.127.0.4:1599 tcp
CN 106.9.67.4:311 tcp
N/A 10.127.3.161:445 tcp
N/A 10.127.3.167:445 tcp
N/A 10.127.3.164:445 tcp
CN 106.9.67.4:389 tcp
N/A 10.127.0.4:1723 tcp
N/A 10.127.0.4:1741 tcp
CN 106.9.67.4:443 tcp
N/A 10.127.0.4:1777 tcp
N/A 10.127.3.156:445 tcp
CN 106.9.67.4:444 tcp
N/A 10.127.3.165:445 tcp
N/A 10.127.0.4:1911 tcp
CN 106.9.67.4:515 tcp
N/A 10.127.0.4:1962 tcp
CN 106.9.67.4:554 tcp
N/A 10.127.0.4:1991 tcp
CN 106.9.67.4:631 tcp
N/A 10.127.3.160:445 tcp
N/A 10.127.0.4:2000 tcp
CN 106.9.67.4:789 tcp
N/A 10.127.0.4:2081 tcp
N/A 10.127.3.175:445 tcp
N/A 10.127.3.168:445 tcp
CN 106.9.67.4:1010 tcp
N/A 10.127.0.4:2082 tcp
N/A 10.127.3.163:445 tcp
CN 106.9.67.4:1099 tcp
N/A 10.127.3.169:445 tcp
N/A 10.127.3.162:445 tcp
N/A 10.127.0.4:2083 tcp
CN 106.9.67.4:1111 tcp
CN 106.9.67.4:1177 tcp
N/A 10.127.0.4:2086 tcp
N/A 10.127.3.166:445 tcp
N/A 10.127.0.4:2087 tcp
CN 106.9.67.4:1200 tcp
N/A 10.127.0.4:2181 tcp
CN 106.9.67.4:1234 tcp
N/A 10.127.0.4:2222 tcp
CN 106.9.67.4:1311 tcp
N/A 10.127.3.179:445 tcp
N/A 10.127.0.4:2375 tcp
CN 106.9.67.4:1400 tcp
N/A 10.127.3.178:445 tcp
N/A 10.127.3.180:445 tcp
N/A 10.127.0.4:2376 tcp
CN 106.9.67.4:1471 tcp
N/A 10.127.0.4:2404 tcp
N/A 10.127.3.170:445 tcp
N/A 10.127.3.173:445 tcp
CN 106.9.67.4:1515 tcp
N/A 10.127.3.174:445 tcp
N/A 10.127.0.4:2455 tcp
CN 106.9.67.4:1521 tcp
N/A 10.127.3.171:445 tcp
N/A 10.127.0.4:2480 tcp
CN 106.9.67.4:1599 tcp
N/A 10.127.0.4:2628 tcp
CN 106.9.67.4:1723 tcp
N/A 10.127.3.182:445 tcp
N/A 10.127.3.172:445 tcp
CN 106.9.67.4:1741 tcp
N/A 10.127.3.181:445 tcp
N/A 10.127.0.4:3000 tcp
N/A 10.127.0.4:3001 tcp
CN 106.9.67.4:1777 tcp
N/A 10.127.0.4:3128 tcp
CN 106.9.67.4:1911 tcp
N/A 10.127.3.186:445 tcp
N/A 10.127.3.177:445 tcp
N/A 10.127.0.4:3260 tcp
N/A 10.127.3.176:445 tcp
N/A 10.127.3.184:445 tcp
CN 106.9.67.4:1962 tcp
N/A 10.127.3.189:445 tcp
N/A 10.127.0.4:3299 tcp
CN 106.9.67.4:1991 tcp
N/A 10.127.3.188:445 tcp
N/A 10.127.3.192:445 tcp
N/A 10.127.0.4:3310 tcp
CN 106.9.67.4:2000 tcp
N/A 10.127.0.4:3388 tcp
CN 106.9.67.4:2081 tcp
N/A 10.127.0.4:3389 tcp
N/A 10.127.3.183:445 tcp
CN 106.9.67.4:2082 tcp
CN 106.9.67.4:2083 tcp
N/A 10.127.0.4:3460 tcp
N/A 10.127.0.4:3541 tcp
N/A 10.127.3.196:445 tcp
N/A 10.127.3.195:445 tcp
CN 106.9.67.4:2086 tcp
N/A 10.127.3.190:445 tcp
N/A 10.127.3.191:445 tcp
N/A 10.127.3.197:445 tcp
N/A 10.127.0.4:3542 tcp
CN 106.9.67.4:2087 tcp
N/A 10.127.0.4:3689 tcp
CN 106.9.67.4:2181 tcp
N/A 10.127.3.185:445 tcp
N/A 10.127.0.4:3749 tcp
CN 106.9.67.4:2222 tcp
N/A 10.127.0.4:3780 tcp
CN 106.9.67.4:2375 tcp
N/A 10.127.3.187:445 tcp
N/A 10.127.3.202:445 tcp
N/A 10.127.0.4:3790 tcp
CN 106.9.67.4:2376 tcp
N/A 10.127.0.4:4000 tcp
CN 106.9.67.4:2404 tcp
N/A 10.127.0.4:4022 tcp
N/A 10.127.3.139:445 tcp
CN 106.9.67.4:2455 tcp
N/A 10.127.3.193:445 tcp
N/A 10.127.3.198:445 tcp
N/A 10.127.0.4:4040 tcp
CN 106.9.67.4:2480 tcp
N/A 10.127.0.4:4157 tcp
CN 106.9.67.4:2628 tcp
N/A 10.127.0.4:4443 tcp
N/A 10.127.3.194:445 tcp
CN 106.9.67.4:3000 tcp
CN 106.9.67.4:3001 tcp
N/A 10.127.0.4:4444 tcp
N/A 10.127.3.201:445 tcp
N/A 10.127.0.4:4567 tcp
CN 106.9.67.4:3128 tcp
N/A 10.127.3.200:445 tcp
N/A 10.127.0.4:4664 tcp
N/A 10.127.3.199:445 tcp
N/A 10.127.3.204:445 tcp
CN 106.9.67.4:3260 tcp
N/A 10.127.3.203:445 tcp
N/A 10.127.0.4:4782 tcp
CN 106.9.67.4:3299 tcp
N/A 10.127.0.4:4786 tcp
N/A 10.127.3.210:445 tcp
N/A 10.127.0.4:4848 tcp
CN 106.9.67.4:3310 tcp
N/A 10.127.0.4:4911 tcp
N/A 10.127.3.208:445 tcp
CN 106.9.67.4:3388 tcp
N/A 10.127.3.205:445 tcp
CN 106.9.67.4:3389 tcp
N/A 10.127.3.214:445 tcp
N/A 10.127.0.4:5000 tcp
CN 106.9.67.4:3460 tcp
N/A 10.127.0.4:5001 tcp
CN 106.9.67.4:3541 tcp
N/A 10.127.3.207:445 tcp
N/A 10.127.0.4:5007 tcp
N/A 10.127.3.206:445 tcp
N/A 10.127.3.217:445 tcp
CN 106.9.67.4:3542 tcp
N/A 10.127.0.4:5009 tcp
N/A 10.127.0.4:5055 tcp
CN 106.9.67.4:3689 tcp
CN 106.9.67.4:3749 tcp
N/A 10.127.0.4:5222 tcp
N/A 10.127.3.209:445 tcp
CN 106.9.67.4:3780 tcp
N/A 10.127.0.4:5269 tcp
CN 106.9.67.4:3790 tcp
CN 106.9.67.4:4000 tcp
N/A 10.127.0.4:5357 tcp
N/A 10.127.3.212:445 tcp
N/A 10.127.3.219:445 tcp
N/A 10.127.0.4:5555 tcp
N/A 10.127.3.211:445 tcp
CN 106.9.67.4:4022 tcp
N/A 10.127.3.215:445 tcp
CN 106.9.67.4:4157 tcp
N/A 10.127.3.213:445 tcp
CN 106.9.67.4:4157 tcp
N/A 10.127.0.4:5560 tcp
N/A 10.127.0.4:5601 tcp
CN 106.9.67.4:4443 tcp
N/A 10.127.3.216:445 tcp
CN 106.9.67.4:4444 tcp
N/A 10.127.3.225:445 tcp
N/A 10.127.3.223:445 tcp
N/A 10.127.0.4:5672 tcp
CN 106.9.67.4:4567 tcp
N/A 10.127.0.4:5800 tcp
CN 106.9.67.4:4664 tcp
N/A 10.127.3.228:445 tcp
N/A 10.127.0.4:5801 tcp
CN 106.9.67.4:4782 tcp
N/A 10.127.0.4:5900 tcp
CN 106.9.67.4:4786 tcp
N/A 10.127.3.222:445 tcp
N/A 10.127.0.4:5901 tcp
N/A 10.127.3.218:445 tcp
N/A 10.127.3.234:445 tcp
N/A 10.127.3.220:445 tcp
CN 106.9.67.4:4848 tcp
N/A 10.127.0.4:5938 tcp
N/A 10.127.3.229:445 tcp
CN 106.9.67.4:4911 tcp
N/A 10.127.0.4:5984 tcp
CN 106.9.67.4:5000 tcp
CN 106.9.67.4:5001 tcp
N/A 10.127.0.4:5985 tcp
N/A 10.127.3.221:445 tcp
CN 106.9.67.4:5007 tcp
N/A 10.127.0.4:5986 tcp
N/A 10.127.3.226:445 tcp
N/A 10.127.3.230:445 tcp
N/A 10.127.0.4:6000 tcp
N/A 10.127.3.224:445 tcp
CN 106.9.67.4:5009 tcp
N/A 10.127.3.236:445 tcp
N/A 10.127.0.4:6060 tcp
N/A 10.127.0.4:6060 tcp
N/A 10.127.3.227:445 tcp
CN 106.9.67.4:5055 tcp
N/A 10.127.0.4:6664 tcp
N/A 10.127.3.231:445 tcp
N/A 10.127.3.232:445 tcp
N/A 10.127.3.240:445 tcp
CN 106.9.67.4:5222 tcp
N/A 10.127.0.4:6666 tcp
N/A 10.127.3.233:445 tcp
CN 106.9.67.4:5269 tcp
N/A 10.127.0.4:6668 tcp
N/A 10.127.3.235:445 tcp
CN 106.9.67.4:5357 tcp
N/A 10.127.0.4:7001 tcp
N/A 10.127.3.237:445 tcp
N/A 10.127.3.242:445 tcp
N/A 10.127.3.243:445 tcp
CN 106.9.67.4:5555 tcp
N/A 10.127.0.4:7070 tcp
N/A 10.127.3.244:445 tcp
N/A 10.127.3.238:445 tcp
N/A 10.127.3.239:445 tcp
CN 106.9.67.4:5560 tcp
CN 106.9.67.4:5601 tcp
N/A 10.127.0.4:7071 tcp
CN 106.9.67.4:5672 tcp
N/A 10.127.0.4:7080 tcp
CN 106.9.67.4:5800 tcp
N/A 10.127.0.4:7415 tcp
N/A 10.127.3.247:445 tcp
N/A 10.127.3.241:445 tcp
CN 106.9.67.4:5801 tcp
N/A 10.127.0.4:7474 tcp
N/A 10.127.3.246:445 tcp
N/A 10.127.0.4:7547 tcp
CN 106.9.67.4:5900 tcp
CN 106.9.67.4:5901 tcp
N/A 10.127.0.4:7548 tcp
CN 106.9.67.4:5938 tcp
N/A 10.127.0.4:7657 tcp
N/A 10.127.0.4:7777 tcp
CN 106.9.67.4:5984 tcp
N/A 10.127.3.251:445 tcp
N/A 10.127.3.245:445 tcp
N/A 10.127.0.4:7779 tcp
CN 106.9.67.4:5985 tcp
N/A 10.127.0.4:7890 tcp
CN 106.9.67.4:5986 tcp
N/A 10.127.0.4:8000 tcp
CN 106.9.67.4:6000 tcp
N/A 10.127.3.254:445 tcp
N/A 10.127.3.250:445 tcp
N/A 10.127.0.4:8001 tcp
CN 106.9.67.4:6001 tcp
N/A 10.127.0.4:8002 tcp
N/A 10.127.4.0:445 tcp
N/A 10.127.0.4:8008 tcp
CN 106.9.67.4:6060 tcp
CN 106.9.67.4:6664 tcp
N/A 10.127.0.4:8009 tcp
CN 106.9.67.4:6666 tcp
N/A 10.127.0.4:8010 tcp
US 8.8.8.8:53 evilstealer.zzz.com.ua udp
N/A 10.127.3.248:445 tcp
CN 106.9.67.4:6668 tcp
N/A 10.127.0.4:8012 tcp
NL 5.79.66.145:80 evilstealer.zzz.com.ua tcp
N/A 10.127.3.249:445 tcp
N/A 10.127.0.4:8020 tcp
CN 106.9.67.4:7001 tcp
N/A 10.127.0.4:8030 tcp
N/A 10.127.4.2:445 tcp
CN 106.9.67.4:7070 tcp
N/A 10.127.3.252:445 tcp
N/A 10.127.3.253:445 tcp
N/A 10.127.4.3:445 tcp
N/A 10.127.0.4:8040 tcp
N/A 10.127.4.5:445 tcp
CN 106.9.67.4:7071 tcp
N/A 10.127.0.4:8050 tcp
N/A 10.127.4.1:445 tcp
CN 106.9.67.4:7080 tcp
N/A 10.127.4.7:445 tcp
N/A 10.127.0.4:8060 tcp
CN 106.9.67.4:7415 tcp
N/A 10.127.0.4:8069 tcp
CN 106.9.67.4:7474 tcp
N/A 10.127.0.4:8070 tcp
CN 106.9.67.4:7547 tcp
N/A 10.127.0.4:8080 tcp
N/A 10.127.4.9:445 tcp
N/A 10.127.4.10:445 tcp
CN 106.9.67.4:7548 tcp
N/A 10.127.0.4:8081 tcp
N/A 10.127.4.4:445 tcp
CN 106.9.67.4:7657 tcp
N/A 10.127.0.4:8082 tcp
CN 106.9.67.4:7777 tcp
N/A 10.127.0.4:8083 tcp
CN 106.9.67.4:7779 tcp
N/A 10.127.0.4:8084 tcp
CN 106.9.67.4:7890 tcp
N/A 10.127.0.4:8085 tcp
CN 106.9.67.4:8000 tcp
N/A 10.127.4.12:445 tcp
CN 106.9.67.4:8001 tcp
N/A 10.127.0.4:8086 tcp
N/A 10.127.4.6:445 tcp
CN 106.9.67.4:8002 tcp
N/A 10.127.0.4:8087 tcp
CN 106.9.67.4:8008 tcp
N/A 10.127.0.4:8088 tcp
N/A 10.127.4.21:445 tcp
N/A 10.127.4.13:445 tcp
CN 106.9.67.4:8009 tcp
N/A 10.127.0.4:8089 tcp
N/A 10.127.4.14:445 tcp
CN 106.9.67.4:8010 tcp
N/A 10.127.0.4:8090 tcp
N/A 10.127.4.8:445 tcp
N/A 10.127.4.23:445 tcp
CN 106.9.67.4:8012 tcp
N/A 10.127.4.11:445 tcp
N/A 10.127.0.4:8098 tcp
CN 106.9.67.4:8020 tcp
N/A 10.127.0.4:8099 tcp
N/A 10.127.4.18:445 tcp
CN 106.9.67.4:8030 tcp
N/A 10.127.0.4:8101 tcp
CN 106.9.67.4:8040 tcp
N/A 10.127.0.4:8112 tcp
N/A 10.127.4.15:445 tcp
CN 106.9.67.4:8050 tcp
N/A 10.127.0.4:8123 tcp
CN 106.9.67.4:8060 tcp
N/A 10.127.0.4:8126 tcp
CN 106.9.67.4:8069 tcp
N/A 10.127.4.16:445 tcp
N/A 10.127.0.4:8139 tcp
CN 106.9.67.4:8070 tcp
N/A 10.127.0.4:8140 tcp
CN 106.9.67.4:8080 tcp
N/A 10.127.4.17:445 tcp
N/A 10.127.4.19:445 tcp
N/A 10.127.0.4:8181 tcp
CN 106.9.67.4:8081 tcp
N/A 10.127.0.4:8334 tcp
CN 106.9.67.4:8082 tcp
N/A 10.127.4.28:445 tcp
N/A 10.127.0.4:8443 tcp
N/A 10.127.4.27:445 tcp
CN 106.9.67.4:8083 tcp
N/A 10.127.4.20:445 tcp
N/A 10.127.4.26:445 tcp
N/A 10.127.4.31:445 tcp
N/A 10.127.0.4:8554 tcp
CN 106.9.67.4:8084 tcp
N/A 10.127.4.24:445 tcp
N/A 10.127.0.4:8686 tcp
CN 106.9.67.4:8085 tcp
N/A 10.127.4.22:445 tcp
N/A 10.127.0.4:8800 tcp
CN 106.9.67.4:8086 tcp
N/A 10.127.4.30:445 tcp
N/A 10.127.0.4:8834 tcp
N/A 10.127.4.25:445 tcp
CN 106.9.67.4:8087 tcp
N/A 10.127.0.4:8866 tcp
CN 106.9.67.4:8088 tcp
N/A 10.127.0.4:8880 tcp
CN 106.9.67.4:8089 tcp
N/A 10.127.4.36:445 tcp
N/A 10.127.0.4:8883 tcp
N/A 10.127.4.29:445 tcp
CN 106.9.67.4:8090 tcp
N/A 10.127.0.4:8888 tcp
N/A 10.127.4.40:445 tcp
CN 106.9.67.4:8098 tcp
N/A 10.127.0.4:8889 tcp
N/A 10.127.4.34:445 tcp
N/A 10.127.4.42:445 tcp
CN 106.9.67.4:8099 tcp
N/A 10.127.0.4:9000 tcp
CN 106.9.67.4:8101 tcp
N/A 10.127.0.4:9001 tcp
CN 106.9.67.4:8112 tcp
N/A 10.127.4.43:445 tcp
N/A 10.127.4.45:445 tcp
N/A 10.127.0.4:9002 tcp
N/A 10.127.4.37:445 tcp
CN 106.9.67.4:8123 tcp
N/A 10.127.0.4:9008 tcp
N/A 10.127.4.32:445 tcp
N/A 10.127.4.33:445 tcp
CN 106.9.67.4:8126 tcp
N/A 10.127.0.4:9009 tcp
N/A 10.127.0.4:9051 tcp
N/A 10.127.4.35:445 tcp
N/A 10.127.4.39:445 tcp
CN 106.9.67.4:8139 tcp
N/A 10.127.0.4:9080 tcp
CN 106.9.67.4:8140 tcp
N/A 10.127.0.4:9081 tcp
CN 106.9.67.4:8181 tcp
N/A 10.127.0.4:9090 tcp
CN 106.9.67.4:8334 tcp
N/A 10.127.4.38:445 tcp
CN 106.9.67.4:8443 tcp
N/A 10.127.0.4:9091 tcp
N/A 10.127.4.44:445 tcp
N/A 10.127.4.41:445 tcp
N/A 10.127.0.4:9100 tcp
CN 106.9.67.4:8554 tcp
N/A 10.127.4.46:445 tcp
N/A 10.127.4.49:445 tcp
N/A 10.127.4.51:445 tcp
N/A 10.127.0.4:9151 tcp
CN 106.9.67.4:8686 tcp
N/A 10.127.4.52:445 tcp
CN 106.9.67.4:8800 tcp
N/A 10.127.0.4:9180 tcp
N/A 10.127.0.4:9191 tcp
CN 106.9.67.4:8834 tcp
CN 106.9.67.4:8866 tcp
N/A 10.127.0.4:9200 tcp
N/A 10.127.0.4:9295 tcp
CN 106.9.67.4:8880 tcp
N/A 10.127.0.4:9418 tcp
N/A 10.127.4.48:445 tcp
CN 106.9.67.4:8883 tcp
N/A 10.127.0.4:9443 tcp
CN 106.9.67.4:8888 tcp
N/A 10.127.4.60:445 tcp
CN 106.9.67.4:8889 tcp
N/A 10.127.4.54:445 tcp
N/A 10.127.0.4:9595 tcp
N/A 10.127.4.50:445 tcp
N/A 10.127.4.59:445 tcp
N/A 10.127.4.47:445 tcp
N/A 10.127.0.4:9600 tcp
CN 106.9.67.4:9000 tcp
N/A 10.127.4.57:445 tcp
N/A 10.127.0.4:9633 tcp
CN 106.9.67.4:9001 tcp
N/A 10.127.4.56:445 tcp
N/A 10.127.4.58:445 tcp
N/A 10.127.0.4:9869 tcp
N/A 10.127.4.53:445 tcp
CN 106.9.67.4:9002 tcp
N/A 10.127.4.55:445 tcp
N/A 10.127.0.4:9943 tcp
CN 106.9.67.4:9008 tcp
N/A 10.127.0.4:9944 tcp
CN 106.9.67.4:9051 tcp
CN 106.9.67.4:9051 tcp
N/A 10.127.0.4:9981 tcp
N/A 10.127.4.61:445 tcp
N/A 10.127.4.67:445 tcp
CN 106.9.67.4:9080 tcp
N/A 10.127.0.4:9999 tcp
CN 106.9.67.4:9081 tcp
N/A 10.127.0.4:10000 tcp
N/A 10.127.0.4:10080 tcp
CN 106.9.67.4:9090 tcp
N/A 10.127.4.68:445 tcp
CN 106.9.67.4:9091 tcp
N/A 10.127.0.4:10081 tcp
CN 106.9.67.4:9100 tcp
N/A 10.127.0.4:10134 tcp
N/A 10.127.4.70:445 tcp
CN 106.9.67.4:9151 tcp
N/A 10.127.0.4:10243 tcp
N/A 10.127.4.71:445 tcp
N/A 10.127.4.72:445 tcp
N/A 10.127.4.63:445 tcp
CN 106.9.67.4:9180 tcp
N/A 10.127.0.4:10554 tcp
N/A 10.127.4.66:445 tcp
N/A 10.127.4.62:445 tcp
N/A 10.127.0.4:11211 tcp
CN 106.9.67.4:9191 tcp
N/A 10.127.0.4:12345 tcp
CN 106.9.67.4:9200 tcp
N/A 10.127.4.64:445 tcp
N/A 10.127.0.4:13579 tcp
CN 106.9.67.4:9295 tcp
CN 106.9.67.4:9418 tcp
N/A 10.127.0.4:16010 tcp
CN 106.9.67.4:9443 tcp
N/A 10.127.0.4:16992 tcp
N/A 10.127.4.76:445 tcp
N/A 10.127.4.65:445 tcp
N/A 10.127.0.4:16993 tcp
CN 106.9.67.4:9595 tcp
CN 106.9.67.4:9600 tcp
N/A 10.127.0.4:18245 tcp
CN 106.9.67.4:9633 tcp
N/A 10.127.0.4:20000 tcp
N/A 10.127.4.74:445 tcp
N/A 10.127.4.82:445 tcp
CN 106.9.67.4:9869 tcp
N/A 10.127.0.4:20547 tcp
N/A 10.127.4.69:445 tcp
N/A 10.127.4.75:445 tcp
CN 106.9.67.4:9943 tcp
N/A 10.127.4.81:445 tcp
N/A 10.127.0.4:21379 tcp
CN 106.9.67.4:9944 tcp
N/A 10.127.0.4:23424 tcp
CN 106.9.67.4:9981 tcp
N/A 10.127.4.73:445 tcp
N/A 10.127.0.4:25105 tcp
CN 106.9.67.4:9999 tcp
N/A 10.127.0.4:28017 tcp
N/A 10.127.4.78:445 tcp
CN 106.9.67.4:10000 tcp
N/A 10.127.0.4:32400 tcp
CN 106.9.67.4:10080 tcp
N/A 10.127.0.4:33338 tcp
CN 106.9.67.4:10081 tcp
N/A 10.127.0.4:33550 tcp
N/A 10.127.4.88:445 tcp
N/A 10.127.4.77:445 tcp
N/A 10.127.0.4:37215 tcp
CN 106.9.67.4:10134 tcp
CN 106.9.67.4:10243 tcp
N/A 10.127.0.4:37777 tcp
CN 106.9.67.4:10554 tcp
N/A 10.127.0.4:44818 tcp
N/A 10.127.4.80:445 tcp
N/A 10.127.4.84:445 tcp
N/A 10.127.4.93:445 tcp
N/A 10.127.0.4:49152 tcp
CN 106.9.67.4:11211 tcp
N/A 10.127.0.4:49153 tcp
N/A 10.127.4.79:445 tcp
CN 106.9.67.4:12345 tcp
N/A 10.127.0.4:50070 tcp
CN 106.9.67.4:13579 tcp
N/A 10.127.4.91:445 tcp
N/A 10.127.0.4:51106 tcp
CN 106.9.67.4:16010 tcp
N/A 10.127.4.83:445 tcp
N/A 10.127.4.92:445 tcp
N/A 10.127.0.4:54138 tcp
N/A 10.127.4.89:445 tcp
N/A 10.127.4.86:445 tcp
CN 106.9.67.4:16992 tcp
N/A 10.127.0.4:54984 tcp
N/A 10.127.4.85:445 tcp
CN 106.9.67.4:16993 tcp
N/A 10.127.4.90:445 tcp
N/A 10.127.0.4:55443 tcp
N/A 10.127.4.87:445 tcp
CN 106.9.67.4:18245 tcp
N/A 10.127.0.4:55553 tcp
CN 106.9.67.4:20000 tcp
N/A 10.127.0.4:60129 tcp
N/A 10.127.4.96:445 tcp
N/A 10.127.4.100:445 tcp
CN 106.9.67.4:20547 tcp
N/A 10.127.0.4:62078 tcp
CN 106.9.67.4:21379 tcp
N/A 10.127.4.99:445 tcp
N/A 10.127.0.5:80 tcp
CN 106.9.67.4:23424 tcp
N/A 10.127.4.97:445 tcp
CN 106.9.67.4:25105 tcp
N/A 10.127.0.5:81 tcp
N/A 10.127.0.5:82 tcp
CN 106.9.67.4:28017 tcp
N/A 10.127.0.5:83 tcp
CN 106.9.67.4:32400 tcp
N/A 10.127.4.106:445 tcp
CN 106.9.67.4:33338 tcp
N/A 10.127.0.5:84 tcp
N/A 10.127.4.94:445 tcp
N/A 10.127.4.95:445 tcp
N/A 10.127.0.5:88 tcp
CN 106.9.67.4:33550 tcp
N/A 10.127.4.101:445 tcp
N/A 10.127.4.98:445 tcp
N/A 10.127.4.103:445 tcp
N/A 10.127.0.5:89 tcp
CN 106.9.67.4:37215 tcp
N/A 10.127.0.5:90 tcp
CN 106.9.67.4:37777 tcp
CN 106.9.67.4:44818 tcp
N/A 10.127.0.5:99 tcp
N/A 10.127.4.107:445 tcp
N/A 10.127.4.102:445 tcp
CN 106.9.67.4:49152 tcp
N/A 10.127.0.5:102 tcp
N/A 10.127.4.110:445 tcp
N/A 10.127.0.5:104 tcp
CN 106.9.67.4:49153 tcp
CN 106.9.67.4:50070 tcp
N/A 10.127.4.104:445 tcp
N/A 10.127.4.105:445 tcp
N/A 10.127.4.108:445 tcp
N/A 10.127.4.109:445 tcp
N/A 10.127.4.111:445 tcp
N/A 10.127.4.112:445 tcp
N/A 10.127.4.113:445 tcp
N/A 10.127.4.114:445 tcp
N/A 10.127.4.115:445 tcp
N/A 10.127.4.116:445 tcp
N/A 10.127.0.5:113 tcp
N/A 10.127.4.117:445 tcp
CN 106.9.67.4:51106 tcp
N/A 10.127.0.5:175 tcp
CN 106.9.67.4:54138 tcp
N/A 10.127.4.118:445 tcp
N/A 10.127.0.5:179 tcp
CN 106.9.67.4:54984 tcp
N/A 10.127.4.119:445 tcp
N/A 10.127.0.5:195 tcp
CN 106.9.67.4:55443 tcp
N/A 10.127.4.120:445 tcp
N/A 10.127.0.5:264 tcp
N/A 10.127.4.121:445 tcp
CN 106.9.67.4:55553 tcp
N/A 10.127.0.5:311 tcp
N/A 10.127.4.122:445 tcp
CN 106.9.67.4:60129 tcp
N/A 10.127.0.5:389 tcp
CN 106.9.67.4:62078 tcp
N/A 10.127.0.5:443 tcp
CN 106.9.67.5:80 tcp
N/A 10.127.0.5:444 tcp
CN 106.9.67.5:81 tcp
N/A 10.127.0.5:515 tcp
CN 106.9.67.5:82 tcp
N/A 10.127.4.123:445 tcp
N/A 10.127.0.5:554 tcp
N/A 10.127.4.126:445 tcp
CN 106.9.67.5:83 tcp
N/A 10.127.0.5:631 tcp
CN 106.9.67.5:84 tcp
N/A 10.127.0.5:789 tcp
CN 106.9.67.5:88 tcp
N/A 10.127.4.125:445 tcp
N/A 10.127.4.127:445 tcp
N/A 10.127.0.5:1010 tcp
CN 106.9.67.5:89 tcp
N/A 10.127.0.5:1099 tcp
CN 106.9.67.5:90 tcp
N/A 10.127.0.5:1111 tcp
CN 106.9.67.5:99 tcp
N/A 10.127.4.124:445 tcp
N/A 10.127.0.5:1177 tcp
CN 106.9.67.5:102 tcp
N/A 10.127.0.5:1200 tcp
CN 106.9.67.5:104 tcp
CN 106.9.67.5:113 tcp
N/A 10.127.0.5:1234 tcp
N/A 10.127.4.130:445 tcp
N/A 10.127.0.5:1311 tcp
CN 106.9.67.5:175 tcp
CN 106.9.67.5:179 tcp
N/A 10.127.0.5:1400 tcp
N/A 10.127.4.133:445 tcp
CN 106.9.67.5:195 tcp
N/A 10.127.0.5:1471 tcp
N/A 10.127.4.129:445 tcp
N/A 10.127.0.5:1515 tcp
CN 106.9.67.5:264 tcp
CN 106.9.67.5:311 tcp
N/A 10.127.0.5:1521 tcp
N/A 10.127.0.5:1599 tcp
CN 106.9.67.5:389 tcp
N/A 10.127.4.128:445 tcp
N/A 10.127.0.5:1723 tcp
CN 106.9.67.5:443 tcp
N/A 10.127.4.138:445 tcp
N/A 10.127.0.5:1741 tcp
CN 106.9.67.5:444 tcp
N/A 10.127.4.131:445 tcp
N/A 10.127.0.5:1777 tcp
CN 106.9.67.5:515 tcp
N/A 10.127.0.5:1911 tcp
CN 106.9.67.5:554 tcp
N/A 10.127.4.145:445 tcp
N/A 10.127.0.5:1962 tcp
CN 106.9.67.5:631 tcp
CN 106.9.67.5:789 tcp
N/A 10.127.0.5:1991 tcp
CN 106.9.67.5:1010 tcp
N/A 10.127.0.5:2000 tcp
CN 106.9.67.5:1099 tcp
N/A 10.127.0.5:2081 tcp
CN 106.9.67.5:1111 tcp
N/A 10.127.0.5:2082 tcp
CN 106.9.67.5:1177 tcp
N/A 10.127.0.5:2083 tcp
CN 106.9.67.5:1200 tcp
N/A 10.127.0.5:2086 tcp
N/A 10.127.4.147:445 tcp
N/A 10.127.4.152:445 tcp
CN 106.9.67.5:1234 tcp
N/A 10.127.0.5:2087 tcp
CN 106.9.67.5:1311 tcp
N/A 10.127.0.5:2181 tcp
N/A 10.127.4.149:445 tcp
CN 106.9.67.5:1400 tcp
N/A 10.127.0.5:2222 tcp
N/A 10.127.4.155:445 tcp
CN 106.9.67.5:1471 tcp
N/A 10.127.0.5:2375 tcp
CN 106.9.67.5:1515 tcp
N/A 10.127.0.5:2376 tcp
N/A 10.127.4.135:445 tcp
N/A 10.127.4.148:445 tcp
N/A 10.127.4.153:445 tcp
CN 106.9.67.5:1521 tcp
N/A 10.127.0.5:2404 tcp
N/A 10.127.4.144:445 tcp
N/A 10.127.4.146:445 tcp
CN 106.9.67.5:1599 tcp
N/A 10.127.4.132:445 tcp
N/A 10.127.4.134:445 tcp
N/A 10.127.4.136:445 tcp
N/A 10.127.4.137:445 tcp
N/A 10.127.4.139:445 tcp
N/A 10.127.4.140:445 tcp
N/A 10.127.4.141:445 tcp
N/A 10.127.4.142:445 tcp
N/A 10.127.4.143:445 tcp
N/A 10.127.4.150:445 tcp
N/A 10.127.4.151:445 tcp
N/A 10.127.4.154:445 tcp
N/A 10.127.4.156:445 tcp
N/A 10.127.4.157:445 tcp
N/A 10.127.4.158:445 tcp
N/A 10.127.4.159:445 tcp
N/A 10.127.0.5:2455 tcp
N/A 10.127.4.160:445 tcp
CN 106.9.67.5:1723 tcp
N/A 10.127.0.5:2480 tcp
N/A 10.127.4.161:445 tcp
CN 106.9.67.5:1741 tcp
N/A 10.127.0.5:2628 tcp
CN 106.9.67.5:1777 tcp
N/A 10.127.4.162:445 tcp
N/A 10.127.0.5:3000 tcp
CN 106.9.67.5:1911 tcp
N/A 10.127.4.163:445 tcp
N/A 10.127.0.5:3001 tcp
CN 106.9.67.5:1962 tcp
N/A 10.127.0.5:3128 tcp
N/A 10.127.4.164:445 tcp
N/A 10.127.4.165:445 tcp
CN 106.9.67.5:1991 tcp
N/A 10.127.0.5:3260 tcp
CN 106.9.67.5:2000 tcp
N/A 10.127.4.166:445 tcp
N/A 10.127.0.5:3299 tcp
CN 106.9.67.5:2081 tcp
N/A 10.127.4.167:445 tcp
CN 106.9.67.5:2082 tcp
N/A 10.127.0.5:3310 tcp
N/A 10.127.4.168:445 tcp
N/A 10.127.0.5:3388 tcp
CN 106.9.67.5:2083 tcp
N/A 10.127.4.169:445 tcp
N/A 10.127.0.5:3389 tcp
CN 106.9.67.5:2086 tcp
N/A 10.127.4.170:445 tcp
CN 106.9.67.5:2087 tcp
N/A 10.127.0.5:3460 tcp
N/A 10.127.4.171:445 tcp
N/A 10.127.0.5:3541 tcp
CN 106.9.67.5:2181 tcp
N/A 10.127.4.172:445 tcp
N/A 10.127.0.5:3542 tcp
CN 106.9.67.5:2222 tcp
N/A 10.127.4.173:445 tcp
CN 106.9.67.5:2375 tcp
N/A 10.127.4.174:445 tcp
N/A 10.127.0.5:3689 tcp
N/A 10.127.4.175:445 tcp
CN 106.9.67.5:2376 tcp
N/A 10.127.0.5:3749 tcp
N/A 10.127.0.5:3780 tcp
CN 106.9.67.5:2404 tcp
N/A 10.127.0.5:3790 tcp
CN 106.9.67.5:2455 tcp
CN 106.9.67.5:2480 tcp
N/A 10.127.0.5:4000 tcp
CN 106.9.67.5:2628 tcp
N/A 10.127.0.5:4022 tcp
N/A 10.127.0.5:4040 tcp
CN 106.9.67.5:3000 tcp
N/A 10.127.0.5:4157 tcp
CN 106.9.67.5:3001 tcp
N/A 10.127.0.5:4443 tcp
CN 106.9.67.5:3128 tcp
N/A 10.127.4.178:445 tcp
CN 106.9.67.5:3260 tcp
N/A 10.127.0.5:4444 tcp
N/A 10.127.4.176:445 tcp
CN 106.9.67.5:3299 tcp
N/A 10.127.0.5:4567 tcp
N/A 10.127.0.5:4664 tcp
CN 106.9.67.5:3310 tcp
CN 106.9.67.5:3388 tcp
N/A 10.127.0.5:4782 tcp
CN 106.9.67.5:3389 tcp
N/A 10.127.0.5:4786 tcp
N/A 10.127.0.5:4848 tcp
CN 106.9.67.5:3460 tcp
N/A 10.127.4.177:445 tcp
N/A 10.127.4.180:445 tcp
N/A 10.127.4.183:445 tcp
N/A 10.127.0.5:4911 tcp
CN 106.9.67.5:3541 tcp
N/A 10.127.4.185:445 tcp
N/A 10.127.0.5:5000 tcp
CN 106.9.67.5:3542 tcp
N/A 10.127.4.187:445 tcp
N/A 10.127.0.5:5001 tcp
CN 106.9.67.5:3689 tcp
N/A 10.127.4.184:445 tcp
N/A 10.127.0.5:5007 tcp
CN 106.9.67.5:3749 tcp
N/A 10.127.0.5:5009 tcp
CN 106.9.67.5:3780 tcp
N/A 10.127.0.5:5055 tcp
CN 106.9.67.5:3790 tcp
N/A 10.127.0.5:5222 tcp
N/A 10.127.4.186:445 tcp
CN 106.9.67.5:4000 tcp
N/A 10.127.4.181:445 tcp
N/A 10.127.0.5:5269 tcp
N/A 10.127.4.179:445 tcp
CN 106.9.67.5:4022 tcp
N/A 10.127.0.5:5357 tcp
CN 106.9.67.5:4040 tcp
N/A 10.127.4.182:445 tcp
N/A 10.127.0.5:5555 tcp
N/A 10.127.4.188:445 tcp
CN 106.9.67.5:4157 tcp
N/A 10.127.4.196:445 tcp
N/A 10.127.0.5:5560 tcp
CN 106.9.67.5:4443 tcp
N/A 10.127.4.191:445 tcp
N/A 10.127.4.198:445 tcp
N/A 10.127.0.5:5601 tcp
N/A 10.127.4.192:445 tcp
CN 106.9.67.5:4444 tcp
N/A 10.127.0.5:5672 tcp
CN 106.9.67.5:4567 tcp
N/A 10.127.4.190:445 tcp
N/A 10.127.0.5:5800 tcp
CN 106.9.67.5:4664 tcp
N/A 10.127.4.189:445 tcp
N/A 10.127.4.193:445 tcp
N/A 10.127.4.194:445 tcp
N/A 10.127.4.195:445 tcp
N/A 10.127.4.197:445 tcp
N/A 10.127.4.199:445 tcp
N/A 10.127.4.200:445 tcp
N/A 10.127.4.201:445 tcp
N/A 10.127.4.202:445 tcp
N/A 10.127.0.5:5801 tcp
CN 106.9.67.5:4782 tcp
N/A 10.127.4.203:445 tcp
N/A 10.127.0.5:5900 tcp
N/A 10.127.4.204:445 tcp
CN 106.9.67.5:4786 tcp
N/A 10.127.0.5:5901 tcp
N/A 10.127.4.205:445 tcp
CN 106.9.67.5:4848 tcp
N/A 10.127.0.5:5938 tcp
CN 106.9.67.5:4911 tcp
N/A 10.127.4.206:445 tcp
N/A 10.127.0.5:5984 tcp
N/A 10.127.4.207:445 tcp
CN 106.9.67.5:5000 tcp
N/A 10.127.0.5:5985 tcp
CN 106.9.67.5:5001 tcp
N/A 10.127.4.208:445 tcp
N/A 10.127.0.5:5986 tcp
CN 106.9.67.5:5007 tcp
N/A 10.127.4.209:445 tcp
N/A 10.127.0.5:6000 tcp
CN 106.9.67.5:5009 tcp
N/A 10.127.4.210:445 tcp
N/A 10.127.0.5:6001 tcp
N/A 10.127.4.211:445 tcp
CN 106.9.67.5:5055 tcp
N/A 10.127.0.5:6060 tcp
N/A 10.127.4.212:445 tcp
CN 106.9.67.5:5222 tcp
N/A 10.127.0.5:6664 tcp
CN 106.9.67.5:5269 tcp
N/A 10.127.4.213:445 tcp
N/A 10.127.0.5:6666 tcp
N/A 10.127.4.214:445 tcp
CN 106.9.67.5:5357 tcp
N/A 10.127.0.5:6668 tcp
CN 106.9.67.5:5555 tcp
N/A 10.127.4.215:445 tcp
N/A 10.127.0.5:7001 tcp
N/A 10.127.4.216:445 tcp
CN 106.9.67.5:5560 tcp
N/A 10.127.0.5:7070 tcp
N/A 10.127.4.217:445 tcp
CN 106.9.67.5:5601 tcp
N/A 10.127.0.5:7071 tcp
CN 106.9.67.5:5672 tcp
N/A 10.127.0.5:7080 tcp
CN 106.9.67.5:5800 tcp
N/A 10.127.0.5:7415 tcp
CN 106.9.67.5:5801 tcp
N/A 10.127.4.220:445 tcp
N/A 10.127.0.5:7474 tcp
CN 106.9.67.5:5900 tcp
N/A 10.127.4.219:445 tcp
N/A 10.127.0.5:7547 tcp
CN 106.9.67.5:5901 tcp
N/A 10.127.4.222:445 tcp
N/A 10.127.4.218:445 tcp
N/A 10.127.0.5:7548 tcp
CN 106.9.67.5:5984 tcp
CN 106.9.67.5:5984 tcp
CN 106.9.67.5:5985 tcp
N/A 10.127.0.5:7657 tcp
N/A 10.127.0.5:7777 tcp
CN 106.9.67.5:5986 tcp
N/A 10.127.4.221:445 tcp
CN 106.9.67.5:6000 tcp
N/A 10.127.0.5:7779 tcp
N/A 10.127.0.5:7890 tcp
CN 106.9.67.5:6001 tcp
N/A 10.127.4.225:445 tcp
CN 106.9.67.5:6060 tcp
N/A 10.127.0.5:8000 tcp
N/A 10.127.0.5:8001 tcp
CN 106.9.67.5:6664 tcp
N/A 10.127.4.228:445 tcp
N/A 10.127.0.5:8002 tcp
CN 106.9.67.5:6666 tcp
N/A 10.127.4.229:445 tcp
N/A 10.127.0.5:8008 tcp
CN 106.9.67.5:6668 tcp
CN 106.9.67.5:7001 tcp
N/A 10.127.0.5:8009 tcp
N/A 10.127.4.224:445 tcp
CN 106.9.67.5:7070 tcp
N/A 10.127.0.5:8010 tcp
CN 106.9.67.5:7071 tcp
N/A 10.127.0.5:8012 tcp
N/A 10.127.0.5:8020 tcp
CN 106.9.67.5:7080 tcp
CN 106.9.67.5:7415 tcp
N/A 10.127.0.5:8030 tcp
N/A 10.127.4.230:445 tcp
N/A 10.127.0.5:8040 tcp
CN 106.9.67.5:7474 tcp
CN 106.9.67.5:7547 tcp
N/A 10.127.0.5:8050 tcp
N/A 10.127.4.223:445 tcp
N/A 10.127.0.5:8060 tcp
CN 106.9.67.5:7548 tcp
N/A 10.127.4.226:445 tcp
N/A 10.127.4.234:445 tcp
N/A 10.127.0.5:8069 tcp
CN 106.9.67.5:7657 tcp
N/A 10.127.4.227:445 tcp
N/A 10.127.4.232:445 tcp
N/A 10.127.0.5:8070 tcp
CN 106.9.67.5:7777 tcp
N/A 10.127.4.231:445 tcp
N/A 10.127.0.5:8080 tcp
CN 106.9.67.5:7779 tcp
N/A 10.127.0.5:8081 tcp
CN 106.9.67.5:7890 tcp
N/A 10.127.0.5:8082 tcp
CN 106.9.67.5:8000 tcp
N/A 10.127.4.243:445 tcp
N/A 10.127.4.233:445 tcp
N/A 10.127.4.235:445 tcp
N/A 10.127.4.236:445 tcp
N/A 10.127.4.237:445 tcp
N/A 10.127.4.238:445 tcp
N/A 10.127.4.239:445 tcp
N/A 10.127.4.240:445 tcp
N/A 10.127.4.241:445 tcp
N/A 10.127.4.242:445 tcp
N/A 10.127.4.244:445 tcp
N/A 10.127.4.245:445 tcp
N/A 10.127.0.5:8083 tcp
CN 106.9.67.5:8001 tcp
N/A 10.127.4.246:445 tcp
CN 106.9.67.5:8002 tcp
N/A 10.127.0.5:8084 tcp
N/A 10.127.4.247:445 tcp
N/A 10.127.0.5:8085 tcp
CN 106.9.67.5:8008 tcp
N/A 10.127.4.248:445 tcp
CN 106.9.67.5:8009 tcp
N/A 10.127.0.5:8086 tcp
N/A 10.127.4.249:445 tcp
CN 106.9.67.5:8010 tcp
N/A 10.127.0.5:8087 tcp
N/A 10.127.4.250:445 tcp
CN 106.9.67.5:8012 tcp
N/A 10.127.0.5:8088 tcp
N/A 10.127.4.251:445 tcp
CN 106.9.67.5:8020 tcp
N/A 10.127.0.5:8089 tcp
N/A 10.127.4.252:445 tcp
N/A 10.127.0.5:8090 tcp
CN 106.9.67.5:8030 tcp
N/A 10.127.4.253:445 tcp
CN 106.9.67.5:8040 tcp
N/A 10.127.0.5:8098 tcp
N/A 10.127.4.254:445 tcp
CN 106.9.67.5:8050 tcp
N/A 10.127.0.5:8099 tcp
N/A 10.127.5.0:445 tcp
CN 106.9.67.5:8060 tcp
N/A 10.127.0.5:8101 tcp
N/A 10.127.5.1:445 tcp
N/A 10.127.0.5:8112 tcp
CN 106.9.67.5:8069 tcp
N/A 10.127.5.2:445 tcp
N/A 10.127.0.5:8123 tcp
CN 106.9.67.5:8070 tcp
N/A 10.127.5.3:445 tcp
N/A 10.127.0.5:8126 tcp
CN 106.9.67.5:8080 tcp
N/A 10.127.5.4:445 tcp
N/A 10.127.0.5:8139 tcp
CN 106.9.67.5:8081 tcp
N/A 10.127.0.5:8140 tcp
CN 106.9.67.5:8082 tcp
N/A 10.127.0.5:8181 tcp
CN 106.9.67.5:8083 tcp
N/A 10.127.0.5:8334 tcp
CN 106.9.67.5:8084 tcp
N/A 10.127.0.5:8443 tcp
CN 106.9.67.5:8085 tcp
N/A 10.127.0.5:8554 tcp
CN 106.9.67.5:8086 tcp
N/A 10.127.5.8:445 tcp
N/A 10.127.0.5:8686 tcp
CN 106.9.67.5:8087 tcp
N/A 10.127.5.7:445 tcp
CN 106.9.67.5:8088 tcp
N/A 10.127.0.5:8800 tcp
N/A 10.127.5.10:445 tcp
CN 106.9.67.5:8089 tcp
N/A 10.127.0.5:8834 tcp
N/A 10.127.0.5:8866 tcp
CN 106.9.67.5:8090 tcp
N/A 10.127.5.12:445 tcp
N/A 10.127.0.5:8880 tcp
CN 106.9.67.5:8098 tcp
CN 106.9.67.5:8099 tcp
N/A 10.127.0.5:8883 tcp
N/A 10.127.0.5:8888 tcp
CN 106.9.67.5:8101 tcp
N/A 10.127.5.11:445 tcp
CN 106.9.67.5:8112 tcp
N/A 10.127.0.5:8889 tcp
N/A 10.127.5.5:445 tcp
N/A 10.127.0.5:9000 tcp
CN 106.9.67.5:8123 tcp
CN 106.9.67.5:8126 tcp
N/A 10.127.0.5:9001 tcp
N/A 10.127.5.6:445 tcp
N/A 10.127.0.5:9002 tcp
CN 106.9.67.5:8139 tcp
N/A 10.127.0.5:9008 tcp
CN 106.9.67.5:8140 tcp
N/A 10.127.5.21:445 tcp
CN 106.9.67.5:8181 tcp
N/A 10.127.0.5:9009 tcp
N/A 10.127.5.19:445 tcp
CN 106.9.67.5:8334 tcp
N/A 10.127.0.5:9051 tcp
N/A 10.127.5.16:445 tcp
N/A 10.127.0.5:9080 tcp
CN 106.9.67.5:8443 tcp
N/A 10.127.5.14:445 tcp
N/A 10.127.5.9:445 tcp
N/A 10.127.5.13:445 tcp
CN 106.9.67.5:8554 tcp
N/A 10.127.0.5:9081 tcp
N/A 10.127.0.5:9090 tcp
CN 106.9.67.5:8686 tcp
N/A 10.127.5.22:445 tcp
N/A 10.127.0.5:9091 tcp
CN 106.9.67.5:8800 tcp
N/A 10.127.5.15:445 tcp
N/A 10.127.5.18:445 tcp
N/A 10.127.0.5:9100 tcp
N/A 10.127.5.23:445 tcp
CN 106.9.67.5:8834 tcp
N/A 10.127.5.17:445 tcp
CN 106.9.67.5:8866 tcp
N/A 10.127.0.5:9151 tcp
N/A 10.127.5.28:445 tcp
CN 106.9.67.5:8880 tcp
N/A 10.127.0.5:9180 tcp
N/A 10.127.5.24:445 tcp
N/A 10.127.5.27:445 tcp
N/A 10.127.0.5:9191 tcp
CN 106.9.67.5:8883 tcp
N/A 10.127.5.25:445 tcp
CN 106.9.67.5:8888 tcp
N/A 10.127.0.5:9200 tcp
N/A 10.127.0.5:9295 tcp
CN 106.9.67.5:8889 tcp
N/A 10.127.5.31:445 tcp
N/A 10.127.5.20:445 tcp
N/A 10.127.5.26:445 tcp
N/A 10.127.5.29:445 tcp
N/A 10.127.5.30:445 tcp
N/A 10.127.5.32:445 tcp
N/A 10.127.0.5:9418 tcp
CN 106.9.67.5:9000 tcp
CN 106.9.67.5:9001 tcp
N/A 10.127.0.5:9443 tcp
N/A 10.127.5.36:445 tcp
CN 106.9.67.5:9002 tcp
N/A 10.127.0.5:9595 tcp
N/A 10.127.0.5:9600 tcp
CN 106.9.67.5:9008 tcp
N/A 10.127.0.5:9633 tcp
CN 106.9.67.5:9009 tcp
N/A 10.127.0.5:9869 tcp
CN 106.9.67.5:9051 tcp
N/A 10.127.0.5:9943 tcp
N/A 10.127.5.34:445 tcp
CN 106.9.67.5:9080 tcp
N/A 10.127.0.5:9944 tcp
CN 106.9.67.5:9081 tcp
N/A 10.127.0.5:9981 tcp
N/A 10.127.0.5:9999 tcp
CN 106.9.67.5:9090 tcp
CN 106.9.67.5:9091 tcp
N/A 10.127.0.5:10000 tcp
N/A 10.127.5.35:445 tcp
CN 106.9.67.5:9100 tcp
N/A 10.127.0.5:10080 tcp
N/A 10.127.5.38:445 tcp
CN 106.9.67.5:9151 tcp
N/A 10.127.0.5:10081 tcp
N/A 10.127.5.43:445 tcp
N/A 10.127.5.44:445 tcp
CN 106.9.67.5:9180 tcp
N/A 10.127.0.5:10134 tcp
N/A 10.127.5.33:445 tcp
N/A 10.127.5.39:445 tcp
CN 106.9.67.5:9191 tcp
N/A 10.127.0.5:10243 tcp
N/A 10.127.5.47:445 tcp
CN 106.9.67.5:9200 tcp
N/A 10.127.0.5:10554 tcp
N/A 10.127.5.42:445 tcp
N/A 10.127.0.5:11211 tcp
CN 106.9.67.5:9295 tcp
N/A 10.127.5.37:445 tcp
CN 106.9.67.5:9418 tcp
N/A 10.127.0.5:12345 tcp
N/A 10.127.5.48:445 tcp
CN 106.9.67.5:9443 tcp
N/A 10.127.0.5:13579 tcp
N/A 10.127.5.46:445 tcp
CN 106.9.67.5:9595 tcp
N/A 10.127.0.5:16010 tcp
N/A 10.127.5.49:445 tcp
CN 106.9.67.5:9600 tcp
N/A 10.127.0.5:16992 tcp
N/A 10.127.5.40:445 tcp
CN 106.9.67.5:9633 tcp
N/A 10.127.0.5:16993 tcp
CN 106.9.67.5:9869 tcp
N/A 10.127.0.5:18245 tcp
N/A 10.127.5.53:445 tcp
CN 106.9.67.5:9943 tcp
N/A 10.127.0.5:20000 tcp
N/A 10.127.5.41:445 tcp
N/A 10.127.5.50:445 tcp
CN 106.9.67.5:9944 tcp
N/A 10.127.0.5:20547 tcp
N/A 10.127.0.5:21379 tcp
CN 106.9.67.5:9981 tcp
CN 106.9.67.5:9999 tcp
N/A 10.127.0.5:23424 tcp
CN 106.9.67.5:10000 tcp
N/A 10.127.0.5:25105 tcp
CN 106.9.67.5:10080 tcp
N/A 10.127.0.5:28017 tcp
N/A 10.127.5.54:445 tcp
CN 106.9.67.5:10081 tcp
N/A 10.127.0.5:32400 tcp
N/A 10.127.5.61:445 tcp
N/A 10.127.0.5:33338 tcp
CN 106.9.67.5:10134 tcp
N/A 10.127.0.5:33550 tcp
CN 106.9.67.5:10243 tcp
N/A 10.127.5.45:445 tcp
N/A 10.127.5.57:445 tcp
N/A 10.127.5.64:445 tcp
CN 106.9.67.5:10554 tcp
N/A 10.127.0.5:37215 tcp
CN 106.9.67.5:11211 tcp
N/A 10.127.0.5:37777 tcp
CN 106.9.67.5:12345 tcp
N/A 10.127.0.5:44818 tcp
N/A 10.127.5.55:445 tcp
N/A 10.127.5.56:445 tcp
N/A 10.127.5.63:445 tcp
CN 106.9.67.5:13579 tcp
N/A 10.127.0.5:49152 tcp
N/A 10.127.5.52:445 tcp
N/A 10.127.5.60:445 tcp
CN 106.9.67.5:16010 tcp
N/A 10.127.0.5:49153 tcp
N/A 10.127.5.65:445 tcp
N/A 10.127.5.51:445 tcp
CN 106.9.67.5:16992 tcp
N/A 10.127.0.5:50070 tcp
CN 106.9.67.5:16993 tcp
N/A 10.127.0.5:51106 tcp
N/A 10.127.5.62:445 tcp
CN 106.9.67.5:18245 tcp
N/A 10.127.0.5:54138 tcp
N/A 10.127.5.58:445 tcp
N/A 10.127.0.5:54984 tcp
CN 106.9.67.5:20000 tcp
N/A 10.127.0.5:55443 tcp
CN 106.9.67.5:20547 tcp
N/A 10.127.5.59:445 tcp
N/A 10.127.0.5:55553 tcp
CN 106.9.67.5:21379 tcp
CN 106.9.67.5:23424 tcp
N/A 10.127.0.5:60129 tcp
N/A 10.127.5.69:445 tcp
N/A 10.127.0.5:62078 tcp
CN 106.9.67.5:25105 tcp
N/A 10.127.5.66:445 tcp
CN 106.9.67.5:28017 tcp
CN 106.9.67.5:32400 tcp
N/A 10.127.5.74:445 tcp
CN 106.9.67.5:33338 tcp
N/A 10.127.5.68:445 tcp
N/A 10.127.5.67:445 tcp
N/A 10.127.5.70:445 tcp
N/A 10.127.5.71:445 tcp
N/A 10.127.5.72:445 tcp
N/A 10.127.5.73:445 tcp
N/A 10.127.5.75:445 tcp
N/A 10.127.5.76:445 tcp
N/A 10.127.5.77:445 tcp
N/A 10.127.0.6:80 tcp
N/A 10.127.5.78:445 tcp
N/A 10.127.0.6:81 tcp
N/A 10.127.5.79:445 tcp
N/A 10.127.0.6:82 tcp
N/A 10.127.5.80:445 tcp
N/A 10.127.0.6:83 tcp
N/A 10.127.5.81:445 tcp
CN 106.9.67.5:33550 tcp
CN 106.9.67.5:37215 tcp
N/A 10.127.0.6:84 tcp
N/A 10.127.5.82:445 tcp
N/A 10.127.5.83:445 tcp
CN 106.9.67.5:37777 tcp
N/A 10.127.0.6:88 tcp
N/A 10.127.5.84:445 tcp
N/A 10.127.0.6:89 tcp
CN 106.9.67.5:44818 tcp
CN 106.9.67.5:49152 tcp
N/A 10.127.5.85:445 tcp
N/A 10.127.0.6:90 tcp
CN 106.9.67.5:49153 tcp
N/A 10.127.0.6:99 tcp
N/A 10.127.5.86:445 tcp
N/A 10.127.5.87:445 tcp
CN 106.9.67.5:50070 tcp
N/A 10.127.0.6:102 tcp
N/A 10.127.5.88:445 tcp
CN 106.9.67.5:51106 tcp
N/A 10.127.0.6:104 tcp
N/A 10.127.5.89:445 tcp
CN 106.9.67.5:54138 tcp
N/A 10.127.0.6:113 tcp
N/A 10.127.5.90:445 tcp
N/A 10.127.0.6:175 tcp
CN 106.9.67.5:54984 tcp
N/A 10.127.5.91:445 tcp
CN 106.9.67.5:55443 tcp
N/A 10.127.0.6:179 tcp
N/A 10.127.5.92:445 tcp
N/A 10.127.0.6:195 tcp
CN 106.9.67.5:55553 tcp
CN 106.9.67.5:60129 tcp
N/A 10.127.5.93:445 tcp
N/A 10.127.0.6:264 tcp
CN 106.9.67.5:62078 tcp
N/A 10.127.0.6:311 tcp
N/A 10.127.5.94:445 tcp
CN 106.9.67.6:80 tcp
N/A 10.127.0.6:389 tcp
CN 106.9.67.6:81 tcp
N/A 10.127.0.6:443 tcp
CN 106.9.67.6:82 tcp
N/A 10.127.0.6:444 tcp
CN 106.9.67.6:83 tcp
N/A 10.127.0.6:515 tcp
CN 106.9.67.6:84 tcp
N/A 10.127.0.6:554 tcp
N/A 10.127.5.99:445 tcp
CN 106.9.67.6:88 tcp
N/A 10.127.0.6:631 tcp
CN 106.9.67.6:89 tcp
N/A 10.127.0.6:789 tcp
CN 106.9.67.6:90 tcp
N/A 10.127.0.6:1010 tcp
CN 106.9.67.6:99 tcp
N/A 10.127.0.6:1099 tcp
N/A 10.127.0.6:1111 tcp
CN 106.9.67.6:102 tcp
N/A 10.127.5.97:445 tcp
CN 106.9.67.6:104 tcp
N/A 10.127.0.6:1177 tcp
N/A 10.127.0.6:1200 tcp
CN 106.9.67.6:113 tcp
CN 106.9.67.6:175 tcp
N/A 10.127.0.6:1234 tcp
N/A 10.127.0.6:1311 tcp
CN 106.9.67.6:179 tcp
N/A 10.127.5.105:445 tcp
N/A 10.127.0.6:1400 tcp
CN 106.9.67.6:195 tcp
N/A 10.127.0.6:1471 tcp
CN 106.9.67.6:264 tcp
CN 106.9.67.6:311 tcp
N/A 10.127.0.6:1515 tcp
N/A 10.127.5.95:445 tcp
N/A 10.127.5.102:445 tcp
N/A 10.127.5.96:445 tcp
N/A 10.127.5.101:445 tcp
N/A 10.127.0.6:1521 tcp
CN 106.9.67.6:389 tcp
N/A 10.127.5.103:445 tcp
N/A 10.127.5.100:445 tcp
N/A 10.127.5.98:445 tcp
N/A 10.127.0.6:1599 tcp
CN 106.9.67.6:443 tcp
N/A 10.127.5.110:445 tcp
N/A 10.127.0.6:1723 tcp
CN 106.9.67.6:444 tcp
N/A 10.127.5.109:445 tcp
N/A 10.127.0.6:1741 tcp
CN 106.9.67.6:515 tcp
N/A 10.127.5.112:445 tcp
N/A 10.127.0.6:1777 tcp
CN 106.9.67.6:554 tcp
N/A 10.127.5.106:445 tcp
N/A 10.127.5.104:445 tcp
N/A 10.127.5.114:445 tcp
N/A 10.127.0.6:1911 tcp
CN 106.9.67.6:631 tcp
N/A 10.127.5.113:445 tcp
CN 106.9.67.6:789 tcp
N/A 10.127.0.6:1962 tcp
N/A 10.127.5.107:445 tcp
N/A 10.127.0.6:1991 tcp
CN 106.9.67.6:1010 tcp
N/A 10.127.5.119:445 tcp
CN 106.9.67.6:1099 tcp
N/A 10.127.0.6:2000 tcp
N/A 10.127.0.6:2081 tcp
CN 106.9.67.6:1111 tcp
CN 106.9.67.6:1177 tcp
N/A 10.127.0.6:2082 tcp
N/A 10.127.5.111:445 tcp
N/A 10.127.5.108:445 tcp
N/A 10.127.0.6:2083 tcp
CN 106.9.67.6:1200 tcp
N/A 10.127.5.123:445 tcp
N/A 10.127.5.117:445 tcp
CN 106.9.67.6:1234 tcp
N/A 10.127.0.6:2086 tcp
N/A 10.127.5.115:445 tcp
N/A 10.127.5.116:445 tcp
N/A 10.127.5.118:445 tcp
N/A 10.127.5.120:445 tcp
N/A 10.127.5.121:445 tcp
N/A 10.127.5.122:445 tcp
N/A 10.127.5.124:445 tcp
N/A 10.127.5.125:445 tcp
CN 106.9.67.6:1311 tcp
N/A 10.127.0.6:2087 tcp
N/A 10.127.5.126:445 tcp
CN 106.9.67.6:1400 tcp
N/A 10.127.0.6:2181 tcp
N/A 10.127.0.6:2222 tcp
N/A 10.127.5.127:445 tcp
CN 106.9.67.6:1471 tcp
CN 106.9.67.6:1515 tcp
N/A 10.127.0.6:2375 tcp
N/A 10.127.5.128:445 tcp
N/A 10.127.0.6:2376 tcp
CN 106.9.67.6:1521 tcp
N/A 10.127.5.129:445 tcp
N/A 10.127.5.130:445 tcp
N/A 10.127.0.6:2404 tcp
CN 106.9.67.6:1599 tcp
N/A 10.127.0.6:2455 tcp
N/A 10.127.5.131:445 tcp
CN 106.9.67.6:1723 tcp
N/A 10.127.5.132:445 tcp
CN 106.9.67.6:1741 tcp
N/A 10.127.0.6:2480 tcp
CN 106.9.67.6:1777 tcp
N/A 10.127.0.6:2628 tcp
N/A 10.127.5.133:445 tcp
CN 106.9.67.6:1911 tcp
N/A 10.127.5.134:445 tcp
N/A 10.127.0.6:3000 tcp
N/A 10.127.0.6:3001 tcp
CN 106.9.67.6:1962 tcp
N/A 10.127.5.135:445 tcp
CN 106.9.67.6:1991 tcp
N/A 10.127.0.6:3128 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 106.9.67.6:2000 tcp
N/A 10.127.0.6:3260 tcp
N/A 10.127.0.6:3299 tcp
CN 106.9.67.6:2081 tcp
N/A 10.127.0.6:3310 tcp
CN 106.9.67.6:2082 tcp
N/A 10.127.0.6:3388 tcp
CN 106.9.67.6:2083 tcp
N/A 10.127.5.139:445 tcp
N/A 10.127.5.136:445 tcp
CN 106.9.67.6:2086 tcp
N/A 10.127.0.6:3389 tcp
N/A 10.127.0.6:3460 tcp
CN 106.9.67.6:2087 tcp
CN 106.9.67.6:2181 tcp
N/A 10.127.0.6:3541 tcp
CN 106.9.67.6:2222 tcp
N/A 10.127.0.6:3542 tcp
N/A 10.127.5.140:445 tcp
CN 106.9.67.6:2375 tcp
N/A 10.127.0.6:3689 tcp
N/A 10.127.5.143:445 tcp
CN 106.9.67.6:2376 tcp
N/A 10.127.0.6:3749 tcp
N/A 10.127.5.141:445 tcp
US 8.8.8.8:53 www.microsoft.com udp
CN 106.9.67.6:2404 tcp
N/A 10.127.0.6:3780 tcp
US 8.8.8.8:53 www.microsoft.com udp
N/A 10.127.5.147:445 tcp
N/A 10.127.0.6:3790 tcp
CN 106.9.67.6:2455 tcp
CN 106.9.67.6:2480 tcp
N/A 10.127.0.6:4000 tcp
N/A 10.127.0.6:4022 tcp
CN 106.9.67.6:2628 tcp
CN 106.9.67.6:3000 tcp
N/A 10.127.0.6:4040 tcp
CN 106.9.67.6:3001 tcp
N/A 10.127.0.6:4157 tcp
CN 106.9.67.6:3128 tcp
N/A 10.127.0.6:4443 tcp
N/A 10.127.5.137:445 tcp
N/A 10.127.5.150:445 tcp
CN 106.9.67.6:3260 tcp
N/A 10.127.0.6:4444 tcp
N/A 10.127.5.144:445 tcp
N/A 10.127.5.145:445 tcp
N/A 10.127.5.138:445 tcp
CN 106.9.67.6:3299 tcp
N/A 10.127.0.6:4567 tcp
N/A 10.127.5.151:445 tcp
CN 106.9.67.6:3310 tcp
N/A 10.127.0.6:4664 tcp
CN 106.9.67.6:3388 tcp
N/A 10.127.0.6:4782 tcp
CN 106.9.67.6:3389 tcp
N/A 10.127.0.6:4786 tcp
N/A 10.127.5.142:445 tcp
CN 106.9.67.6:3460 tcp
N/A 10.127.0.6:4848 tcp
N/A 10.127.5.146:445 tcp
CN 106.9.67.6:3541 tcp
N/A 10.127.0.6:4911 tcp
N/A 10.127.5.149:445 tcp
N/A 10.127.5.154:445 tcp
N/A 10.127.0.6:5000 tcp
CN 106.9.67.6:3542 tcp
CN 106.9.67.6:3689 tcp
N/A 10.127.0.6:5001 tcp
N/A 10.127.5.148:445 tcp
CN 106.9.67.6:3749 tcp
N/A 10.127.0.6:5007 tcp
N/A 10.127.5.161:445 tcp
N/A 10.127.0.6:5009 tcp
CN 106.9.67.6:3780 tcp
N/A 10.127.5.156:445 tcp
N/A 10.127.5.160:445 tcp
CN 106.9.67.6:3790 tcp
N/A 10.127.0.6:5055 tcp
N/A 10.127.5.153:445 tcp
N/A 10.127.5.155:445 tcp
N/A 10.127.0.6:5222 tcp
CN 106.9.67.6:4000 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 106.9.67.6:4022 tcp
N/A 10.127.0.6:5269 tcp
N/A 10.127.5.152:445 tcp
N/A 10.127.5.157:445 tcp
N/A 10.127.5.158:445 tcp
N/A 10.127.5.159:445 tcp
N/A 10.127.5.162:445 tcp
N/A 10.127.5.163:445 tcp
N/A 10.127.5.164:445 tcp
N/A 10.127.5.165:445 tcp
N/A 10.127.5.166:445 tcp
N/A 10.127.5.167:445 tcp
CN 106.9.67.6:4040 tcp
N/A 10.127.0.6:5357 tcp
N/A 10.127.5.168:445 tcp
N/A 10.127.5.169:445 tcp
CN 106.9.67.6:4157 tcp
N/A 10.127.0.6:5555 tcp
CN 106.9.67.6:4443 tcp
N/A 10.127.0.6:5560 tcp
N/A 10.127.5.170:445 tcp
N/A 10.127.5.171:445 tcp
CN 106.9.67.6:4444 tcp
N/A 10.127.0.6:5601 tcp
N/A 10.127.5.172:445 tcp
N/A 10.127.0.6:5672 tcp
CN 106.9.67.6:4567 tcp
CN 106.9.67.6:4664 tcp
N/A 10.127.0.6:5800 tcp
N/A 10.127.5.173:445 tcp
N/A 10.127.5.174:445 tcp
N/A 10.127.0.6:5801 tcp
CN 106.9.67.6:4782 tcp
N/A 10.127.5.175:445 tcp
N/A 10.127.0.6:5900 tcp
CN 106.9.67.6:4786 tcp
CN 106.9.67.6:4848 tcp
N/A 10.127.0.6:5901 tcp
N/A 10.127.5.176:445 tcp
CN 106.9.67.6:4911 tcp
N/A 10.127.5.177:445 tcp
N/A 10.127.0.6:5938 tcp
N/A 10.127.0.6:5984 tcp
N/A 10.127.5.178:445 tcp
CN 106.9.67.6:5000 tcp
N/A 10.127.5.179:445 tcp
CN 106.9.67.6:5001 tcp
N/A 10.127.0.6:5985 tcp
N/A 10.127.5.180:445 tcp
N/A 10.127.0.6:5986 tcp
CN 106.9.67.6:5007 tcp
CN 106.9.67.6:5009 tcp
N/A 10.127.0.6:6000 tcp
N/A 10.127.0.6:6001 tcp
CN 106.9.67.6:5055 tcp
CN 106.9.67.6:5222 tcp
N/A 10.127.0.6:6060 tcp
N/A 10.127.0.6:6664 tcp
CN 106.9.67.6:5269 tcp
N/A 10.127.0.6:6666 tcp
CN 106.9.67.6:5357 tcp
CN 106.9.67.6:5555 tcp
N/A 10.127.0.6:6668 tcp
CN 106.9.67.6:5560 tcp
N/A 10.127.0.6:7001 tcp
N/A 10.127.5.182:445 tcp
CN 106.9.67.6:5601 tcp
N/A 10.127.0.6:7070 tcp
CN 106.9.67.6:5672 tcp
N/A 10.127.0.6:7071 tcp
CN 106.9.67.6:5800 tcp
N/A 10.127.0.6:7080 tcp
CN 106.9.67.6:5801 tcp
N/A 10.127.0.6:7415 tcp
N/A 10.127.0.6:7474 tcp
CN 106.9.67.6:5900 tcp
CN 106.9.67.6:5901 tcp
N/A 10.127.0.6:7547 tcp
N/A 10.127.5.185:445 tcp
CN 106.9.67.6:5938 tcp
N/A 10.127.0.6:7548 tcp
N/A 10.127.5.183:445 tcp
CN 106.9.67.6:5984 tcp
N/A 10.127.0.6:7657 tcp
CN 106.9.67.6:5985 tcp
N/A 10.127.0.6:7777 tcp
N/A 10.127.5.181:445 tcp
N/A 10.127.0.6:7779 tcp
CN 106.9.67.6:5986 tcp
N/A 10.127.5.186:445 tcp
N/A 10.127.5.194:445 tcp
CN 106.9.67.6:6000 tcp
N/A 10.127.0.6:7890 tcp
N/A 10.127.5.187:445 tcp
N/A 10.127.5.193:445 tcp
CN 106.9.67.6:6001 tcp
N/A 10.127.5.196:445 tcp
N/A 10.127.0.6:8000 tcp
CN 106.9.67.6:6060 tcp
N/A 10.127.0.6:8001 tcp
N/A 10.127.5.184:445 tcp
N/A 10.127.0.6:8002 tcp
CN 106.9.67.6:6664 tcp
N/A 10.127.5.188:445 tcp
N/A 10.127.5.198:445 tcp
CN 106.9.67.6:6666 tcp
N/A 10.127.0.6:8008 tcp
CN 106.9.67.6:6668 tcp
N/A 10.127.0.6:8009 tcp
N/A 10.127.0.6:8010 tcp
CN 106.9.67.6:7001 tcp
CN 106.9.67.6:7070 tcp
N/A 10.127.0.6:8012 tcp
N/A 10.127.5.195:445 tcp
N/A 10.127.5.189:445 tcp
N/A 10.127.5.191:445 tcp
CN 106.9.67.6:7071 tcp
N/A 10.127.0.6:8020 tcp
N/A 10.127.5.190:445 tcp
N/A 10.127.5.202:445 tcp
N/A 10.127.5.203:445 tcp
N/A 10.127.5.192:445 tcp
N/A 10.127.0.6:8030 tcp
CN 106.9.67.6:7080 tcp
N/A 10.127.0.6:8040 tcp
CN 106.9.67.6:7415 tcp
N/A 10.127.5.197:445 tcp
CN 106.9.67.6:7474 tcp
N/A 10.127.5.206:445 tcp
N/A 10.127.0.6:8050 tcp
N/A 10.127.5.201:445 tcp
N/A 10.127.0.6:8060 tcp
CN 106.9.67.6:7547 tcp
CN 106.9.67.6:7548 tcp
N/A 10.127.0.6:8069 tcp
N/A 10.127.5.199:445 tcp
N/A 10.127.5.200:445 tcp
N/A 10.127.5.204:445 tcp
N/A 10.127.5.205:445 tcp
N/A 10.127.5.207:445 tcp
N/A 10.127.5.208:445 tcp
N/A 10.127.5.209:445 tcp
N/A 10.127.5.210:445 tcp
N/A 10.127.5.211:445 tcp
CN 106.9.67.6:7657 tcp
N/A 10.127.0.6:8070 tcp
N/A 10.127.5.212:445 tcp
N/A 10.127.5.213:445 tcp
CN 106.9.67.6:7777 tcp
N/A 10.127.0.6:8080 tcp
CN 106.9.67.6:7779 tcp
N/A 10.127.0.6:8081 tcp
N/A 10.127.5.214:445 tcp
N/A 10.127.0.6:8082 tcp
N/A 10.127.5.215:445 tcp
CN 106.9.67.6:7890 tcp
N/A 10.127.5.216:445 tcp
CN 106.9.67.6:8000 tcp
N/A 10.127.0.6:8083 tcp
CN 106.9.67.6:8001 tcp
N/A 10.127.5.217:445 tcp
N/A 10.127.0.6:8084 tcp
CN 106.9.67.6:8002 tcp
N/A 10.127.0.6:8085 tcp
N/A 10.127.5.218:445 tcp
CN 106.9.67.6:8008 tcp
N/A 10.127.5.219:445 tcp
N/A 10.127.0.6:8086 tcp
CN 106.9.67.6:8009 tcp
N/A 10.127.0.6:8087 tcp
CN 106.9.67.6:8010 tcp
N/A 10.127.0.6:8088 tcp
N/A 10.127.0.6:8089 tcp
CN 106.9.67.6:8012 tcp
N/A 10.127.5.220:445 tcp
CN 106.9.67.6:8020 tcp
N/A 10.127.0.6:8090 tcp
CN 106.9.67.6:8030 tcp
N/A 10.127.0.6:8098 tcp
CN 106.9.67.6:8040 tcp
N/A 10.127.0.6:8099 tcp
N/A 10.127.0.6:8101 tcp
CN 106.9.67.6:8050 tcp
CN 106.9.67.6:8060 tcp
N/A 10.127.0.6:8112 tcp
CN 106.9.67.6:8069 tcp
N/A 10.127.0.6:8123 tcp
N/A 10.127.5.221:445 tcp
N/A 10.127.5.227:445 tcp
CN 106.9.67.6:8070 tcp
N/A 10.127.0.6:8126 tcp
N/A 10.127.0.6:8139 tcp
CN 106.9.67.6:8080 tcp
CN 106.9.67.6:8081 tcp
N/A 10.127.0.6:8140 tcp
CN 106.9.67.6:8082 tcp
N/A 10.127.0.6:8181 tcp
N/A 10.127.5.230:445 tcp
N/A 10.127.5.224:445 tcp
N/A 10.127.5.226:445 tcp
CN 106.9.67.6:8083 tcp
N/A 10.127.0.6:8334 tcp
N/A 10.127.5.229:445 tcp
N/A 10.127.0.6:8443 tcp
CN 106.9.67.6:8084 tcp
N/A 10.127.0.6:8554 tcp
CN 106.9.67.6:8085 tcp
N/A 10.127.5.231:445 tcp
N/A 10.127.5.222:445 tcp
CN 106.9.67.6:8086 tcp
N/A 10.127.0.6:8686 tcp
N/A 10.127.5.225:445 tcp
CN 106.9.67.6:8087 tcp
N/A 10.127.0.6:8800 tcp
N/A 10.127.5.223:445 tcp
CN 106.9.67.6:8088 tcp
N/A 10.127.0.6:8834 tcp
N/A 10.127.5.232:445 tcp
CN 106.9.67.6:8089 tcp
N/A 10.127.0.6:8866 tcp
N/A 10.127.5.239:445 tcp
CN 106.9.67.6:8090 tcp
N/A 10.127.0.6:8880 tcp
N/A 10.127.5.233:445 tcp
N/A 10.127.0.6:8883 tcp
CN 106.9.67.6:8098 tcp
N/A 10.127.5.238:445 tcp
CN 106.9.67.6:8099 tcp
N/A 10.127.0.6:8888 tcp
N/A 10.127.5.240:445 tcp
CN 106.9.67.6:8101 tcp
N/A 10.127.0.6:8889 tcp
N/A 10.127.5.228:445 tcp
CN 106.9.67.6:8112 tcp
N/A 10.127.0.6:9000 tcp
N/A 10.127.0.6:9001 tcp
CN 106.9.67.6:8123 tcp
N/A 10.127.5.235:445 tcp
N/A 10.127.5.234:445 tcp
N/A 10.127.0.6:9002 tcp
CN 106.9.67.6:8126 tcp
CN 106.9.67.6:8139 tcp
N/A 10.127.0.6:9008 tcp
N/A 10.127.0.6:9009 tcp
CN 106.9.67.6:8140 tcp
N/A 10.127.5.241:445 tcp
CN 106.9.67.6:8181 tcp
N/A 10.127.0.6:9051 tcp
CN 106.9.67.6:8334 tcp
N/A 10.127.0.6:9080 tcp
N/A 10.127.5.244:445 tcp
N/A 10.127.5.236:445 tcp
N/A 10.127.5.249:445 tcp
CN 106.9.67.6:8443 tcp
N/A 10.127.0.6:9081 tcp
N/A 10.127.5.251:445 tcp
N/A 10.127.0.6:9090 tcp
CN 106.9.67.6:8554 tcp
N/A 10.127.5.237:445 tcp
CN 106.9.67.6:8686 tcp
N/A 10.127.0.6:9091 tcp
N/A 10.127.5.245:445 tcp
N/A 10.127.5.252:445 tcp
N/A 10.127.0.6:9100 tcp
CN 106.9.67.6:8800 tcp
CN 106.9.67.6:8834 tcp
N/A 10.127.0.6:9151 tcp
N/A 10.127.5.242:445 tcp
N/A 10.127.5.243:445 tcp
N/A 10.127.5.246:445 tcp
N/A 10.127.5.247:445 tcp
N/A 10.127.5.248:445 tcp
N/A 10.127.5.250:445 tcp
N/A 10.127.5.253:445 tcp
N/A 10.127.5.254:445 tcp
N/A 10.127.6.0:445 tcp
CN 106.9.67.6:8866 tcp
N/A 10.127.0.6:9180 tcp
N/A 10.127.6.1:445 tcp
N/A 10.127.6.2:445 tcp
N/A 10.127.0.6:9191 tcp
CN 106.9.67.6:8880 tcp
CN 106.9.67.6:8883 tcp
N/A 10.127.6.3:445 tcp
N/A 10.127.0.6:9200 tcp
N/A 10.127.0.6:9295 tcp
N/A 10.127.6.4:445 tcp
CN 106.9.67.6:8888 tcp
CN 106.9.67.6:8889 tcp
N/A 10.127.0.6:9418 tcp
N/A 10.127.6.5:445 tcp
N/A 10.127.0.6:9443 tcp
N/A 10.127.6.6:445 tcp
CN 106.9.67.6:9000 tcp
N/A 10.127.6.7:445 tcp
CN 106.9.67.6:9001 tcp
N/A 10.127.0.6:9595 tcp
N/A 10.127.0.6:9600 tcp
CN 106.9.67.6:9002 tcp
N/A 10.127.0.6:9633 tcp
CN 106.9.67.6:9008 tcp
CN 106.9.67.6:9009 tcp
N/A 10.127.0.6:9869 tcp
N/A 10.127.0.6:9943 tcp
CN 106.9.67.6:9051 tcp
CN 106.9.67.6:9080 tcp
N/A 10.127.0.6:9944 tcp
CN 106.9.67.6:9081 tcp
N/A 10.127.0.6:9981 tcp
CN 106.9.67.6:9090 tcp
N/A 10.127.0.6:9999 tcp
N/A 10.127.6.9:445 tcp
N/A 10.127.6.8:445 tcp
N/A 10.127.0.6:10000 tcp
CN 106.9.67.6:9091 tcp
N/A 10.127.0.6:10080 tcp
CN 106.9.67.6:9100 tcp
N/A 10.127.0.6:10081 tcp
CN 106.9.67.6:9151 tcp
N/A 10.127.0.6:10134 tcp
CN 106.9.67.6:9180 tcp
N/A 10.127.0.6:10243 tcp
CN 106.9.67.6:9191 tcp
N/A 10.127.0.6:10554 tcp
CN 106.9.67.6:9200 tcp
CN 106.9.67.6:9295 tcp
N/A 10.127.0.6:11211 tcp
N/A 10.127.0.6:12345 tcp
CN 106.9.67.6:9418 tcp
N/A 10.127.6.22:445 tcp
N/A 10.127.0.6:13579 tcp
CN 106.9.67.6:9443 tcp
CN 106.9.67.6:9595 tcp
N/A 10.127.0.6:16010 tcp
N/A 10.127.0.6:16992 tcp
CN 106.9.67.6:9600 tcp
N/A 10.127.6.24:445 tcp
N/A 10.127.0.6:16993 tcp
CN 106.9.67.6:9633 tcp
CN 106.9.67.6:9869 tcp
N/A 10.127.0.6:18245 tcp
N/A 10.127.6.23:445 tcp
N/A 10.127.0.6:20000 tcp
CN 106.9.67.6:9943 tcp
N/A 10.127.6.11:445 tcp
N/A 10.127.6.21:445 tcp
N/A 10.127.0.6:20547 tcp
CN 106.9.67.6:9944 tcp
N/A 10.127.0.6:21379 tcp
CN 106.9.67.6:9981 tcp
N/A 10.127.6.19:445 tcp
N/A 10.127.0.6:23424 tcp
CN 106.9.67.6:9999 tcp
N/A 10.127.6.26:445 tcp
N/A 10.127.6.17:445 tcp
CN 106.9.67.6:10000 tcp
N/A 10.127.0.6:25105 tcp
N/A 10.127.6.18:445 tcp
N/A 10.127.6.13:445 tcp
N/A 10.127.6.25:445 tcp
N/A 10.127.0.6:28017 tcp
CN 106.9.67.6:10080 tcp
N/A 10.127.0.6:32400 tcp
CN 106.9.67.6:10081 tcp
N/A 10.127.0.6:33338 tcp
CN 106.9.67.6:10134 tcp
N/A 10.127.6.20:445 tcp
N/A 10.127.6.27:445 tcp
N/A 10.127.6.30:445 tcp
N/A 10.127.0.6:33550 tcp
N/A 10.127.6.15:445 tcp
CN 106.9.67.6:10243 tcp
N/A 10.127.0.6:37215 tcp
CN 106.9.67.6:10554 tcp
N/A 10.127.0.6:37777 tcp
CN 106.9.67.6:11211 tcp
N/A 10.127.0.6:44818 tcp
CN 106.9.67.6:12345 tcp
N/A 10.127.6.10:445 tcp
N/A 10.127.6.29:445 tcp
N/A 10.127.0.6:49152 tcp
CN 106.9.67.6:13579 tcp
N/A 10.127.6.33:445 tcp
N/A 10.127.0.6:49153 tcp
N/A 10.127.6.31:445 tcp
N/A 10.127.6.36:445 tcp
CN 106.9.67.6:16010 tcp
N/A 10.127.6.14:445 tcp
N/A 10.127.6.16:445 tcp
N/A 10.127.0.6:50070 tcp
CN 106.9.67.6:16992 tcp
N/A 10.127.6.42:445 tcp
N/A 10.127.0.6:51106 tcp
N/A 10.127.6.28:445 tcp
CN 106.9.67.6:16993 tcp
N/A 10.127.6.12:445 tcp
N/A 10.127.0.6:54138 tcp
N/A 10.127.6.32:445 tcp
N/A 10.127.6.34:445 tcp
N/A 10.127.6.35:445 tcp
N/A 10.127.6.37:445 tcp
N/A 10.127.6.38:445 tcp
N/A 10.127.6.39:445 tcp
N/A 10.127.6.40:445 tcp
N/A 10.127.6.41:445 tcp
N/A 10.127.6.43:445 tcp
CN 106.9.67.6:18245 tcp
N/A 10.127.6.44:445 tcp
N/A 10.127.0.6:54984 tcp
CN 106.9.67.6:20000 tcp
N/A 10.127.6.45:445 tcp
N/A 10.127.0.6:55443 tcp
N/A 10.127.6.46:445 tcp
CN 106.9.67.6:20547 tcp
N/A 10.127.0.6:55553 tcp
CN 106.9.67.6:21379 tcp
N/A 10.127.6.47:445 tcp
N/A 10.127.0.6:60129 tcp
CN 106.9.67.6:23424 tcp
N/A 10.127.6.48:445 tcp
N/A 10.127.0.6:62078 tcp
N/A 10.127.6.49:445 tcp
CN 106.9.67.6:25105 tcp
N/A 10.127.0.7:80 tcp
N/A 10.127.6.50:445 tcp
CN 106.9.67.6:28017 tcp
N/A 10.127.0.7:81 tcp
CN 106.9.67.6:32400 tcp
N/A 10.127.6.51:445 tcp
CN 106.9.67.6:33338 tcp
N/A 10.127.0.7:83 tcp
CN 106.9.67.6:33550 tcp
N/A 10.127.0.7:84 tcp
CN 106.9.67.6:37215 tcp
N/A 10.127.0.7:88 tcp
N/A 10.127.6.52:445 tcp
CN 106.9.67.6:37777 tcp
N/A 10.127.0.7:89 tcp
CN 106.9.67.6:44818 tcp
N/A 10.127.0.7:90 tcp
CN 106.9.67.6:49152 tcp
N/A 10.127.0.7:99 tcp
CN 106.9.67.6:49153 tcp
N/A 10.127.6.55:445 tcp
N/A 10.127.0.7:102 tcp
CN 106.9.67.6:50070 tcp
N/A 10.127.0.7:104 tcp
CN 106.9.67.6:51106 tcp
N/A 10.127.0.7:113 tcp
CN 106.9.67.6:54138 tcp
N/A 10.127.0.7:175 tcp
CN 106.9.67.6:54984 tcp
N/A 10.127.0.7:179 tcp
CN 106.9.67.6:55443 tcp
N/A 10.127.0.7:195 tcp
CN 106.9.67.6:55553 tcp
N/A 10.127.6.54:445 tcp
N/A 10.127.0.7:264 tcp
CN 106.9.67.6:60129 tcp
N/A 10.127.0.7:311 tcp
CN 106.9.67.6:62078 tcp
N/A 10.127.6.57:445 tcp
N/A 10.127.6.64:445 tcp
N/A 10.127.0.7:389 tcp
N/A 10.127.0.7:82 tcp
CN 106.9.67.7:80 tcp
N/A 10.127.6.60:445 tcp
N/A 10.127.6.62:445 tcp
N/A 10.127.0.7:443 tcp
CN 106.9.67.7:81 tcp
N/A 10.127.6.53:445 tcp
N/A 10.127.0.7:444 tcp
CN 106.9.67.7:82 tcp
N/A 10.127.0.7:515 tcp
CN 106.9.67.7:83 tcp
N/A 10.127.6.58:445 tcp
N/A 10.127.0.7:554 tcp
CN 106.9.67.7:84 tcp
N/A 10.127.0.7:631 tcp
N/A 10.127.6.61:445 tcp
N/A 10.127.6.56:445 tcp
CN 106.9.67.7:88 tcp
N/A 10.127.6.72:445 tcp
N/A 10.127.0.7:789 tcp
N/A 10.127.6.68:445 tcp
CN 106.9.67.7:89 tcp
N/A 10.127.0.7:1010 tcp
CN 106.9.67.7:90 tcp
N/A 10.127.6.63:445 tcp
N/A 10.127.0.7:1099 tcp
N/A 10.127.6.59:445 tcp
CN 106.9.67.7:99 tcp
N/A 10.127.0.7:1111 tcp
CN 106.9.67.7:102 tcp
N/A 10.127.6.69:445 tcp
N/A 10.127.6.70:445 tcp
N/A 10.127.6.75:445 tcp
N/A 10.127.0.7:1177 tcp
CN 106.9.67.7:104 tcp
N/A 10.127.6.65:445 tcp
N/A 10.127.0.7:1200 tcp
N/A 10.127.6.73:445 tcp
CN 106.9.67.7:113 tcp
N/A 10.127.6.67:445 tcp
N/A 10.127.6.71:445 tcp
N/A 10.127.6.76:445 tcp
N/A 10.127.6.77:445 tcp
N/A 10.127.0.7:1234 tcp
N/A 10.127.6.66:445 tcp
CN 106.9.67.7:175 tcp
N/A 10.127.0.7:1311 tcp
N/A 10.127.6.74:445 tcp
CN 106.9.67.7:179 tcp
N/A 10.127.0.7:1400 tcp
CN 106.9.67.7:195 tcp
N/A 10.127.0.7:1471 tcp
CN 106.9.67.7:264 tcp
N/A 10.127.6.82:445 tcp
N/A 10.127.0.7:1515 tcp
CN 106.9.67.7:311 tcp
N/A 10.127.0.7:1521 tcp
CN 106.9.67.7:389 tcp
N/A 10.127.6.84:445 tcp
N/A 10.127.0.7:1599 tcp
N/A 10.127.6.83:445 tcp
CN 106.9.67.7:443 tcp
N/A 10.127.0.7:1723 tcp
CN 106.9.67.7:444 tcp
N/A 10.127.0.7:1741 tcp
CN 106.9.67.7:515 tcp
N/A 10.127.6.78:445 tcp
N/A 10.127.6.79:445 tcp
N/A 10.127.6.80:445 tcp
N/A 10.127.6.81:445 tcp
N/A 10.127.6.85:445 tcp
N/A 10.127.6.86:445 tcp
N/A 10.127.6.87:445 tcp
N/A 10.127.0.7:1777 tcp
N/A 10.127.6.88:445 tcp
CN 106.9.67.7:554 tcp
N/A 10.127.0.7:1911 tcp
CN 106.9.67.7:631 tcp
N/A 10.127.6.89:445 tcp
N/A 10.127.0.7:1962 tcp
CN 106.9.67.7:789 tcp
N/A 10.127.6.90:445 tcp
N/A 10.127.0.7:1991 tcp
CN 106.9.67.7:1010 tcp
N/A 10.127.6.91:445 tcp
N/A 10.127.0.7:2000 tcp
CN 106.9.67.7:1099 tcp
N/A 10.127.6.92:445 tcp
N/A 10.127.0.7:2081 tcp
CN 106.9.67.7:1111 tcp
N/A 10.127.0.7:2082 tcp
CN 106.9.67.7:1177 tcp
N/A 10.127.0.7:2083 tcp
CN 106.9.67.7:1200 tcp
N/A 10.127.0.7:2086 tcp
CN 106.9.67.7:1234 tcp
N/A 10.127.0.7:2087 tcp
CN 106.9.67.7:1311 tcp
N/A 10.127.6.97:445 tcp
N/A 10.127.0.7:2181 tcp
CN 106.9.67.7:1400 tcp
N/A 10.127.6.98:445 tcp
N/A 10.127.0.7:2222 tcp
CN 106.9.67.7:1471 tcp
N/A 10.127.0.7:2375 tcp
CN 106.9.67.7:1515 tcp
N/A 10.127.0.7:2376 tcp
CN 106.9.67.7:1521 tcp
N/A 10.127.0.7:2404 tcp
CN 106.9.67.7:1599 tcp
N/A 10.127.6.95:445 tcp
N/A 10.127.0.7:2455 tcp
N/A 10.127.6.99:445 tcp
CN 106.9.67.7:1723 tcp
N/A 10.127.0.7:2480 tcp
CN 106.9.67.7:1741 tcp
N/A 10.127.6.96:445 tcp
N/A 10.127.0.7:2628 tcp
CN 106.9.67.7:1777 tcp
N/A 10.127.6.94:445 tcp
N/A 10.127.0.7:3000 tcp
N/A 10.127.6.104:445 tcp
CN 106.9.67.7:1911 tcp
N/A 10.127.6.93:445 tcp
N/A 10.127.0.7:3001 tcp
CN 106.9.67.7:1962 tcp
N/A 10.127.0.7:3128 tcp
CN 106.9.67.7:1991 tcp
N/A 10.127.0.7:3260 tcp
CN 106.9.67.7:2000 tcp
N/A 10.127.0.7:3299 tcp
CN 106.9.67.7:2081 tcp
N/A 10.127.6.101:445 tcp
N/A 10.127.0.7:3310 tcp
CN 106.9.67.7:2082 tcp
N/A 10.127.6.100:445 tcp
N/A 10.127.0.7:3388 tcp
CN 106.9.67.7:2083 tcp
N/A 10.127.6.103:445 tcp
N/A 10.127.6.107:445 tcp
N/A 10.127.0.7:3389 tcp
N/A 10.127.6.106:445 tcp
CN 106.9.67.7:2086 tcp
N/A 10.127.0.7:3460 tcp
CN 106.9.67.7:2087 tcp
N/A 10.127.6.102:445 tcp
N/A 10.127.0.7:3541 tcp
CN 106.9.67.7:2181 tcp
N/A 10.127.6.105:445 tcp
N/A 10.127.6.114:445 tcp
N/A 10.127.0.7:3542 tcp
CN 106.9.67.7:2222 tcp
N/A 10.127.0.7:3689 tcp
CN 106.9.67.7:2375 tcp
N/A 10.127.0.7:3749 tcp
CN 106.9.67.7:2376 tcp
N/A 10.127.6.118:445 tcp
N/A 10.127.0.7:3780 tcp
CN 106.9.67.7:2404 tcp
N/A 10.127.6.115:445 tcp
N/A 10.127.6.109:445 tcp
N/A 10.127.0.7:3790 tcp
N/A 10.127.6.108:445 tcp
CN 106.9.67.7:2455 tcp
N/A 10.127.0.7:4000 tcp
CN 106.9.67.7:2480 tcp
N/A 10.127.0.7:4022 tcp
CN 106.9.67.7:2628 tcp
N/A 10.127.6.113:445 tcp
N/A 10.127.0.7:4040 tcp
CN 106.9.67.7:3000 tcp
N/A 10.127.6.116:445 tcp
N/A 10.127.0.7:4157 tcp
CN 106.9.67.7:3001 tcp
N/A 10.127.6.111:445 tcp
N/A 10.127.6.110:445 tcp
N/A 10.127.6.122:445 tcp
N/A 10.127.0.7:4443 tcp
CN 106.9.67.7:3128 tcp
N/A 10.127.0.7:4444 tcp
CN 106.9.67.7:3260 tcp
N/A 10.127.6.119:445 tcp
N/A 10.127.6.121:445 tcp
N/A 10.127.0.7:4567 tcp
N/A 10.127.6.112:445 tcp
CN 106.9.67.7:3299 tcp
N/A 10.127.0.7:4664 tcp
CN 106.9.67.7:3310 tcp
N/A 10.127.6.123:445 tcp
N/A 10.127.6.120:445 tcp
N/A 10.127.0.7:4782 tcp
CN 106.9.67.7:3388 tcp
N/A 10.127.0.7:4786 tcp
CN 106.9.67.7:3389 tcp
N/A 10.127.0.7:4848 tcp
CN 106.9.67.7:3460 tcp
N/A 10.127.6.117:445 tcp
N/A 10.127.6.124:445 tcp
N/A 10.127.6.125:445 tcp
N/A 10.127.6.126:445 tcp
N/A 10.127.6.127:445 tcp
N/A 10.127.6.128:445 tcp
N/A 10.127.6.129:445 tcp
N/A 10.127.6.130:445 tcp
N/A 10.127.6.131:445 tcp
N/A 10.127.0.7:4911 tcp
CN 106.9.67.7:3541 tcp
N/A 10.127.6.132:445 tcp
N/A 10.127.0.7:5000 tcp
CN 106.9.67.7:3542 tcp
N/A 10.127.6.133:445 tcp
N/A 10.127.0.7:5001 tcp
CN 106.9.67.7:3689 tcp
N/A 10.127.6.134:445 tcp
N/A 10.127.0.7:5007 tcp
N/A 10.127.6.135:445 tcp
CN 106.9.67.7:3749 tcp
N/A 10.127.0.7:5009 tcp
CN 106.9.67.7:3780 tcp
N/A 10.127.0.7:5055 tcp
CN 106.9.67.7:3790 tcp
N/A 10.127.0.7:5222 tcp
CN 106.9.67.7:4000 tcp
N/A 10.127.0.7:5269 tcp
N/A 10.127.6.136:445 tcp
CN 106.9.67.7:4022 tcp
N/A 10.127.0.7:5357 tcp
CN 106.9.67.7:4040 tcp
N/A 10.127.0.7:5555 tcp
CN 106.9.67.7:4157 tcp
N/A 10.127.0.7:5560 tcp
CN 106.9.67.7:4443 tcp
N/A 10.127.0.7:5601 tcp
CN 106.9.67.7:4444 tcp
N/A 10.127.0.7:5672 tcp
CN 106.9.67.7:4567 tcp
N/A 10.127.0.7:5800 tcp
CN 106.9.67.7:4664 tcp
N/A 10.127.0.7:5801 tcp
CN 106.9.67.7:4782 tcp
N/A 10.127.0.7:5900 tcp
CN 106.9.67.7:4786 tcp
N/A 10.127.0.7:5901 tcp
N/A 10.127.6.137:445 tcp
CN 106.9.67.7:4848 tcp
N/A 10.127.0.7:5938 tcp
N/A 10.127.6.142:445 tcp
CN 106.9.67.7:4911 tcp
N/A 10.127.6.141:445 tcp
N/A 10.127.0.7:5984 tcp
CN 106.9.67.7:5000 tcp
N/A 10.127.6.144:445 tcp
N/A 10.127.0.7:5985 tcp
CN 106.9.67.7:5001 tcp
N/A 10.127.6.138:445 tcp
N/A 10.127.6.145:445 tcp
N/A 10.127.0.7:5986 tcp
CN 106.9.67.7:5007 tcp
N/A 10.127.0.7:6000 tcp
CN 106.9.67.7:5009 tcp
N/A 10.127.0.7:6001 tcp
CN 106.9.67.7:5055 tcp
N/A 10.127.6.140:445 tcp
N/A 10.127.6.147:445 tcp
N/A 10.127.0.7:6060 tcp
N/A 10.127.6.152:445 tcp
CN 106.9.67.7:5222 tcp
N/A 10.127.6.148:445 tcp
N/A 10.127.6.139:445 tcp
N/A 10.127.0.7:6664 tcp
CN 106.9.67.7:5269 tcp
N/A 10.127.0.7:6666 tcp
CN 106.9.67.7:5357 tcp
N/A 10.127.6.155:445 tcp
N/A 10.127.0.7:6668 tcp
CN 106.9.67.7:5555 tcp
N/A 10.127.6.143:445 tcp
N/A 10.127.0.7:7001 tcp
CN 106.9.67.7:5560 tcp
N/A 10.127.0.7:7070 tcp
CN 106.9.67.7:5601 tcp
N/A 10.127.6.150:445 tcp
N/A 10.127.0.7:7071 tcp
CN 106.9.67.7:5672 tcp
N/A 10.127.0.7:7080 tcp
N/A 10.127.6.154:445 tcp
N/A 10.127.6.156:445 tcp
N/A 10.127.6.157:445 tcp
CN 106.9.67.7:5800 tcp
N/A 10.127.0.7:7415 tcp
N/A 10.127.6.146:445 tcp
N/A 10.127.6.151:445 tcp
CN 106.9.67.7:5801 tcp
N/A 10.127.0.7:7474 tcp
N/A 10.127.6.163:445 tcp
CN 106.9.67.7:5900 tcp
N/A 10.127.0.7:7547 tcp
CN 106.9.67.7:5901 tcp
N/A 10.127.0.7:7548 tcp
N/A 10.127.6.149:445 tcp
CN 106.9.67.7:5938 tcp
N/A 10.127.6.158:445 tcp
N/A 10.127.0.7:7657 tcp
N/A 10.127.6.153:445 tcp
CN 106.9.67.7:5984 tcp
N/A 10.127.6.162:445 tcp
N/A 10.127.0.7:7777 tcp
CN 106.9.67.7:5985 tcp
N/A 10.127.0.7:7779 tcp
CN 106.9.67.7:5986 tcp
N/A 10.127.0.7:7890 tcp
CN 106.9.67.7:6000 tcp
N/A 10.127.0.7:8000 tcp
CN 106.9.67.7:6001 tcp
N/A 10.127.6.169:445 tcp
N/A 10.127.0.7:8001 tcp
N/A 10.127.6.160:445 tcp
CN 106.9.67.7:6060 tcp
N/A 10.127.0.7:8002 tcp
N/A 10.127.6.167:445 tcp
CN 106.9.67.7:6664 tcp
N/A 10.127.0.7:8008 tcp
N/A 10.127.6.159:445 tcp
N/A 10.127.6.173:445 tcp
CN 106.9.67.7:6666 tcp
N/A 10.127.0.7:8009 tcp
CN 106.9.67.7:6668 tcp
N/A 10.127.6.161:445 tcp
N/A 10.127.6.164:445 tcp
N/A 10.127.6.165:445 tcp
N/A 10.127.6.166:445 tcp
N/A 10.127.6.168:445 tcp
N/A 10.127.6.170:445 tcp
N/A 10.127.6.171:445 tcp
N/A 10.127.6.172:445 tcp
N/A 10.127.6.174:445 tcp
N/A 10.127.6.175:445 tcp
N/A 10.127.0.7:8010 tcp
CN 106.9.67.7:7001 tcp
N/A 10.127.6.176:445 tcp
N/A 10.127.0.7:8012 tcp
CN 106.9.67.7:7070 tcp
N/A 10.127.6.177:445 tcp
N/A 10.127.0.7:8020 tcp
CN 106.9.67.7:7071 tcp
N/A 10.127.0.7:8030 tcp
CN 106.9.67.7:7080 tcp
N/A 10.127.0.7:8040 tcp
N/A 10.127.6.178:445 tcp
CN 106.9.67.7:7415 tcp
N/A 10.127.0.7:8050 tcp
CN 106.9.67.7:7474 tcp
N/A 10.127.0.7:8060 tcp
CN 106.9.67.7:7547 tcp
N/A 10.127.0.7:8069 tcp
CN 106.9.67.7:7548 tcp
N/A 10.127.0.7:8070 tcp
CN 106.9.67.7:7657 tcp
N/A 10.127.0.7:8080 tcp
CN 106.9.67.7:7777 tcp
N/A 10.127.0.7:8081 tcp
CN 106.9.67.7:7779 tcp
N/A 10.127.0.7:8082 tcp
CN 106.9.67.7:7890 tcp
N/A 10.127.6.183:445 tcp
N/A 10.127.0.7:8083 tcp
CN 106.9.67.7:8000 tcp
N/A 10.127.6.179:445 tcp
N/A 10.127.0.7:8084 tcp
CN 106.9.67.7:8001 tcp
N/A 10.127.0.7:8085 tcp
CN 106.9.67.7:8002 tcp
N/A 10.127.6.189:445 tcp
N/A 10.127.0.7:8086 tcp
N/A 10.127.6.185:445 tcp
CN 106.9.67.7:8008 tcp
N/A 10.127.6.182:445 tcp
N/A 10.127.6.187:445 tcp
N/A 10.127.0.7:8087 tcp
CN 106.9.67.7:8009 tcp
N/A 10.127.6.180:445 tcp
N/A 10.127.0.7:8088 tcp
N/A 10.127.6.191:445 tcp
CN 106.9.67.7:8010 tcp
N/A 10.127.6.181:445 tcp
N/A 10.127.0.7:8089 tcp
CN 106.9.67.7:8012 tcp
N/A 10.127.6.186:445 tcp
N/A 10.127.0.7:8090 tcp
CN 106.9.67.7:8020 tcp
N/A 10.127.0.7:8098 tcp
N/A 10.127.6.194:445 tcp
CN 106.9.67.7:8030 tcp
N/A 10.127.6.184:445 tcp
N/A 10.127.0.7:8099 tcp
CN 106.9.67.7:8040 tcp
N/A 10.127.6.190:445 tcp
N/A 10.127.0.7:8101 tcp
CN 106.9.67.7:8050 tcp
N/A 10.127.6.188:445 tcp
N/A 10.127.0.7:8112 tcp
CN 106.9.67.7:8060 tcp
N/A 10.127.6.196:445 tcp
N/A 10.127.0.7:8123 tcp
CN 106.9.67.7:8069 tcp
N/A 10.127.0.7:8126 tcp
CN 106.9.67.7:8070 tcp
N/A 10.127.6.195:445 tcp
N/A 10.127.6.199:445 tcp
N/A 10.127.0.7:8139 tcp
CN 106.9.67.7:8080 tcp
N/A 10.127.0.7:8140 tcp
N/A 10.127.6.202:445 tcp
CN 106.9.67.7:8081 tcp
N/A 10.127.6.198:445 tcp
N/A 10.127.0.7:8181 tcp
CN 106.9.67.7:8082 tcp
N/A 10.127.0.7:8334 tcp
N/A 10.127.6.193:445 tcp
CN 106.9.67.7:8083 tcp
N/A 10.127.6.203:445 tcp
N/A 10.127.0.7:8443 tcp
CN 106.9.67.7:8084 tcp
N/A 10.127.6.197:445 tcp
N/A 10.127.0.7:8554 tcp
CN 106.9.67.7:8085 tcp
N/A 10.127.0.7:8686 tcp
CN 106.9.67.7:8086 tcp
N/A 10.127.6.206:445 tcp
N/A 10.127.6.207:445 tcp
N/A 10.127.0.7:8800 tcp
N/A 10.127.6.192:445 tcp
CN 106.9.67.7:8087 tcp
N/A 10.127.0.7:8834 tcp
N/A 10.127.6.205:445 tcp
CN 106.9.67.7:8088 tcp
N/A 10.127.0.7:8866 tcp
CN 106.9.67.7:8089 tcp
N/A 10.127.0.7:8880 tcp
CN 106.9.67.7:8090 tcp
N/A 10.127.0.7:8883 tcp
CN 106.9.67.7:8098 tcp
N/A 10.127.6.209:445 tcp
N/A 10.127.0.7:8888 tcp
N/A 10.127.6.200:445 tcp
N/A 10.127.6.204:445 tcp
CN 106.9.67.7:8099 tcp
N/A 10.127.0.7:8889 tcp
CN 106.9.67.7:8101 tcp
N/A 10.127.6.212:445 tcp
N/A 10.127.0.7:9000 tcp
CN 106.9.67.7:8112 tcp
N/A 10.127.0.7:9001 tcp
CN 106.9.67.7:8123 tcp
N/A 10.127.6.201:445 tcp
N/A 10.127.0.7:9002 tcp
CN 106.9.67.7:8126 tcp
N/A 10.127.0.7:9008 tcp
CN 106.9.67.7:8139 tcp
N/A 10.127.6.208:445 tcp
N/A 10.127.6.210:445 tcp
N/A 10.127.6.211:445 tcp
N/A 10.127.6.213:445 tcp
N/A 10.127.6.214:445 tcp
N/A 10.127.6.215:445 tcp
N/A 10.127.6.216:445 tcp
N/A 10.127.6.217:445 tcp
N/A 10.127.6.218:445 tcp
N/A 10.127.6.219:445 tcp
N/A 10.127.0.7:9009 tcp
CN 106.9.67.7:8140 tcp
N/A 10.127.6.220:445 tcp
N/A 10.127.0.7:9051 tcp
CN 106.9.67.7:8181 tcp
N/A 10.127.0.7:9080 tcp
CN 106.9.67.7:8334 tcp
N/A 10.127.0.7:9081 tcp
CN 106.9.67.7:8443 tcp
N/A 10.127.6.221:445 tcp
N/A 10.127.0.7:9090 tcp
CN 106.9.67.7:8554 tcp
N/A 10.127.6.222:445 tcp
N/A 10.127.0.7:9091 tcp
CN 106.9.67.7:8686 tcp
N/A 10.127.0.7:9100 tcp
CN 106.9.67.7:8800 tcp
N/A 10.127.0.7:9151 tcp
CN 106.9.67.7:8834 tcp
N/A 10.127.0.7:9180 tcp
CN 106.9.67.7:8866 tcp
N/A 10.127.0.7:9191 tcp
CN 106.9.67.7:8880 tcp
N/A 10.127.6.223:445 tcp
N/A 10.127.0.7:9200 tcp
CN 106.9.67.7:8883 tcp
N/A 10.127.6.226:445 tcp
N/A 10.127.0.7:9295 tcp
CN 106.9.67.7:8888 tcp
N/A 10.127.0.7:9418 tcp
CN 106.9.67.7:8889 tcp
N/A 10.127.0.7:9443 tcp
CN 106.9.67.7:9000 tcp
N/A 10.127.0.7:9595 tcp
N/A 10.127.6.227:445 tcp
CN 106.9.67.7:9001 tcp
N/A 10.127.0.7:9600 tcp
CN 106.9.67.7:9002 tcp
N/A 10.127.0.7:9633 tcp
CN 106.9.67.7:9008 tcp
N/A 10.127.0.7:9869 tcp
N/A 10.127.6.229:445 tcp
N/A 10.127.6.236:445 tcp
CN 106.9.67.7:9009 tcp
N/A 10.127.6.232:445 tcp
N/A 10.127.0.7:9943 tcp
CN 106.9.67.7:9051 tcp
N/A 10.127.6.237:445 tcp
N/A 10.127.0.7:9944 tcp
N/A 10.127.6.224:445 tcp
CN 106.9.67.7:9080 tcp
N/A 10.127.0.7:9981 tcp
CN 106.9.67.7:9081 tcp
N/A 10.127.0.7:9999 tcp
CN 106.9.67.7:9090 tcp
N/A 10.127.6.225:445 tcp
N/A 10.127.0.7:10000 tcp
CN 106.9.67.7:9091 tcp
N/A 10.127.0.7:10080 tcp
CN 106.9.67.7:9100 tcp
N/A 10.127.6.238:445 tcp
N/A 10.127.6.234:445 tcp
N/A 10.127.0.7:10081 tcp
CN 106.9.67.7:9151 tcp
N/A 10.127.6.228:445 tcp
N/A 10.127.0.7:10134 tcp
N/A 10.127.6.230:445 tcp
CN 106.9.67.7:9180 tcp
N/A 10.127.6.231:445 tcp
N/A 10.127.0.7:10243 tcp
CN 106.9.67.7:9191 tcp
N/A 10.127.0.7:10554 tcp
N/A 10.127.6.244:445 tcp
CN 106.9.67.7:9200 tcp
N/A 10.127.0.7:11211 tcp
CN 106.9.67.7:9295 tcp
N/A 10.127.0.7:12345 tcp
N/A 10.127.6.233:445 tcp
N/A 10.127.6.240:445 tcp
CN 106.9.67.7:9418 tcp
N/A 10.127.0.7:13579 tcp
CN 106.9.67.7:9443 tcp
N/A 10.127.6.242:445 tcp
N/A 10.127.0.7:16010 tcp
CN 106.9.67.7:9595 tcp
N/A 10.127.0.7:16992 tcp
N/A 10.127.6.235:445 tcp
CN 106.9.67.7:9600 tcp
N/A 10.127.0.7:16993 tcp
CN 106.9.67.7:9633 tcp
N/A 10.127.6.239:445 tcp
N/A 10.127.0.7:18245 tcp
N/A 10.127.6.246:445 tcp
CN 106.9.67.7:9869 tcp
N/A 10.127.6.248:445 tcp
N/A 10.127.0.7:20000 tcp
CN 106.9.67.7:9943 tcp
N/A 10.127.6.254:445 tcp
N/A 10.127.0.7:20547 tcp
CN 106.9.67.7:9944 tcp
N/A 10.127.0.7:21379 tcp
CN 106.9.67.7:9981 tcp
N/A 10.127.6.241:445 tcp
N/A 10.127.6.247:445 tcp
N/A 10.127.0.7:23424 tcp
CN 106.9.67.7:9999 tcp
N/A 10.127.0.7:25105 tcp
N/A 10.127.6.243:445 tcp
CN 106.9.67.7:10000 tcp
N/A 10.127.0.7:28017 tcp
CN 106.9.67.7:10080 tcp
N/A 10.127.0.7:32400 tcp
N/A 10.127.7.5:445 tcp
CN 106.9.67.7:10081 tcp
N/A 10.127.6.245:445 tcp
N/A 10.127.0.7:33338 tcp
N/A 10.127.6.250:445 tcp
CN 106.9.67.7:10134 tcp
N/A 10.127.7.6:445 tcp
N/A 10.127.0.7:33550 tcp
N/A 10.127.6.249:445 tcp
N/A 10.127.6.251:445 tcp
N/A 10.127.6.252:445 tcp
N/A 10.127.6.253:445 tcp
N/A 10.127.7.0:445 tcp
N/A 10.127.7.1:445 tcp
N/A 10.127.7.2:445 tcp
N/A 10.127.7.3:445 tcp
N/A 10.127.7.4:445 tcp
N/A 10.127.7.7:445 tcp
CN 106.9.67.7:10243 tcp
N/A 10.127.7.8:445 tcp
N/A 10.127.0.7:37215 tcp
CN 106.9.67.7:10554 tcp
N/A 10.127.7.9:445 tcp
N/A 10.127.0.7:37777 tcp
CN 106.9.67.7:11211 tcp
N/A 10.127.0.7:44818 tcp
CN 106.9.67.7:12345 tcp
N/A 10.127.0.7:49152 tcp
CN 106.9.67.7:13579 tcp
N/A 10.127.0.7:49153 tcp
CN 106.9.67.7:16010 tcp
N/A 10.127.7.13:445 tcp
N/A 10.127.0.7:50070 tcp
CN 106.9.67.7:16992 tcp
N/A 10.127.0.7:51106 tcp
CN 106.9.67.7:16993 tcp
N/A 10.127.0.7:54138 tcp
CN 106.9.67.7:18245 tcp
N/A 10.127.0.7:54984 tcp
CN 106.9.67.7:20000 tcp
N/A 10.127.0.7:55443 tcp
N/A 10.127.7.12:445 tcp
CN 106.9.67.7:20547 tcp
N/A 10.127.7.10:445 tcp
N/A 10.127.0.7:55553 tcp
CN 106.9.67.7:21379 tcp
N/A 10.127.0.7:60129 tcp
CN 106.9.67.7:23424 tcp
N/A 10.127.0.7:62078 tcp
N/A 10.127.7.11:445 tcp
CN 106.9.67.7:25105 tcp
CN 106.9.67.7:28017 tcp
N/A 10.127.7.20:445 tcp
N/A 10.127.7.15:445 tcp
N/A 10.127.7.17:445 tcp
CN 106.9.67.7:32400 tcp
N/A 10.127.7.23:445 tcp
N/A 10.127.7.18:445 tcp
CN 106.9.67.7:33338 tcp
N/A 10.127.7.21:445 tcp
N/A 10.127.7.16:445 tcp
CN 106.9.67.7:33550 tcp
N/A 10.127.7.25:445 tcp
N/A 10.127.0.8:84 tcp
N/A 10.127.7.22:445 tcp
CN 106.9.67.7:37215 tcp
N/A 10.127.7.24:445 tcp
N/A 10.127.0.8:88 tcp
CN 106.9.67.7:37777 tcp
N/A 10.127.0.8:89 tcp
N/A 10.127.7.14:445 tcp
CN 106.9.67.7:44818 tcp
N/A 10.127.0.8:90 tcp
CN 106.9.67.7:49152 tcp
N/A 10.127.7.19:445 tcp
N/A 10.127.0.8:80 tcp
N/A 10.127.0.8:81 tcp
N/A 10.127.0.8:82 tcp
N/A 10.127.0.8:83 tcp
N/A 10.127.7.26:445 tcp
N/A 10.127.7.27:445 tcp
N/A 10.127.7.28:445 tcp
N/A 10.127.7.29:445 tcp
N/A 10.127.0.8:99 tcp
CN 106.9.67.7:49153 tcp
N/A 10.127.7.30:445 tcp
N/A 10.127.0.8:102 tcp
N/A 10.127.7.31:445 tcp
CN 106.9.67.7:50070 tcp
N/A 10.127.0.8:104 tcp
N/A 10.127.7.32:445 tcp
CN 106.9.67.7:51106 tcp
N/A 10.127.0.8:113 tcp
CN 106.9.67.7:54138 tcp
N/A 10.127.7.33:445 tcp
N/A 10.127.0.8:175 tcp
N/A 10.127.7.34:445 tcp
CN 106.9.67.7:54984 tcp
N/A 10.127.0.8:179 tcp
N/A 10.127.7.35:445 tcp
CN 106.9.67.7:55443 tcp
N/A 10.127.0.8:195 tcp
N/A 10.127.7.36:445 tcp
CN 106.9.67.7:55553 tcp
N/A 10.127.0.8:264 tcp
CN 106.9.67.7:60129 tcp
N/A 10.127.7.37:445 tcp
N/A 10.127.0.8:311 tcp
N/A 10.127.7.38:445 tcp
CN 106.9.67.7:62078 tcp
N/A 10.127.0.8:389 tcp
N/A 10.127.7.39:445 tcp
CN 106.9.67.8:80 tcp
N/A 10.127.0.8:443 tcp
N/A 10.127.7.40:445 tcp
CN 106.9.67.8:81 tcp
N/A 10.127.0.8:444 tcp
N/A 10.127.7.41:445 tcp
CN 106.9.67.8:82 tcp
N/A 10.127.0.8:515 tcp
N/A 10.127.7.42:445 tcp
CN 106.9.67.8:83 tcp
N/A 10.127.0.8:554 tcp
CN 106.9.67.8:84 tcp
N/A 10.127.7.43:445 tcp
N/A 10.127.0.8:631 tcp
CN 106.9.67.8:88 tcp
N/A 10.127.7.44:445 tcp
N/A 10.127.0.8:789 tcp
N/A 10.127.7.45:445 tcp
CN 106.9.67.8:89 tcp
N/A 10.127.0.8:1010 tcp
CN 106.9.67.8:90 tcp
N/A 10.127.7.46:445 tcp
N/A 10.127.0.8:1099 tcp
N/A 10.127.7.47:445 tcp
CN 106.9.67.8:99 tcp
N/A 10.127.0.8:1111 tcp
CN 106.9.67.8:102 tcp
N/A 10.127.7.48:445 tcp
N/A 10.127.0.8:1177 tcp
N/A 10.127.7.49:445 tcp
CN 106.9.67.8:104 tcp
N/A 10.127.0.8:1200 tcp
CN 106.9.67.8:113 tcp
N/A 10.127.7.50:445 tcp
N/A 10.127.0.8:1234 tcp
N/A 10.127.7.51:445 tcp
CN 106.9.67.8:175 tcp
N/A 10.127.0.8:1311 tcp
CN 106.9.67.8:179 tcp
N/A 10.127.0.8:1400 tcp
CN 106.9.67.8:195 tcp
N/A 10.127.7.52:445 tcp
N/A 10.127.0.8:1471 tcp
CN 106.9.67.8:264 tcp
N/A 10.127.0.8:1515 tcp
CN 106.9.67.8:311 tcp
N/A 10.127.0.8:1521 tcp
CN 106.9.67.8:389 tcp
N/A 10.127.0.8:1599 tcp
CN 106.9.67.8:443 tcp
N/A 10.127.7.57:445 tcp
N/A 10.127.0.8:1723 tcp
CN 106.9.67.8:444 tcp
N/A 10.127.0.8:1741 tcp
CN 106.9.67.8:515 tcp
N/A 10.127.0.8:1777 tcp
CN 106.9.67.8:554 tcp
N/A 10.127.0.8:1911 tcp
CN 106.9.67.8:631 tcp
N/A 10.127.0.8:1962 tcp
CN 106.9.67.8:789 tcp
N/A 10.127.7.53:445 tcp
N/A 10.127.0.8:1991 tcp
CN 106.9.67.8:1010 tcp
N/A 10.127.0.8:2000 tcp
CN 106.9.67.8:1099 tcp
N/A 10.127.0.8:2081 tcp
N/A 10.127.7.56:445 tcp
CN 106.9.67.8:1111 tcp
N/A 10.127.0.8:2082 tcp
CN 106.9.67.8:1177 tcp
N/A 10.127.0.8:2083 tcp
CN 106.9.67.8:1200 tcp
N/A 10.127.7.60:445 tcp
N/A 10.127.0.8:2086 tcp
N/A 10.127.7.62:445 tcp
CN 106.9.67.8:1234 tcp
N/A 10.127.7.66:445 tcp
N/A 10.127.0.8:2087 tcp
N/A 10.127.7.55:445 tcp
N/A 10.127.7.64:445 tcp
CN 106.9.67.8:1311 tcp
N/A 10.127.0.8:2181 tcp
N/A 10.127.7.54:445 tcp
CN 106.9.67.8:1400 tcp
N/A 10.127.7.61:445 tcp
N/A 10.127.0.8:2222 tcp
CN 106.9.67.8:1471 tcp
N/A 10.127.0.8:2375 tcp
CN 106.9.67.8:1515 tcp
N/A 10.127.0.8:2376 tcp
CN 106.9.67.8:1521 tcp
N/A 10.127.7.58:445 tcp
N/A 10.127.7.59:445 tcp
N/A 10.127.7.63:445 tcp
N/A 10.127.7.65:445 tcp
N/A 10.127.7.67:445 tcp
N/A 10.127.7.68:445 tcp
N/A 10.127.7.69:445 tcp
N/A 10.127.7.70:445 tcp
N/A 10.127.7.71:445 tcp
N/A 10.127.7.72:445 tcp
N/A 10.127.7.73:445 tcp
N/A 10.127.0.8:2404 tcp
N/A 10.127.7.74:445 tcp
CN 106.9.67.8:1599 tcp
N/A 10.127.0.8:2455 tcp
CN 106.9.67.8:1723 tcp
N/A 10.127.7.75:445 tcp
N/A 10.127.0.8:2480 tcp
CN 106.9.67.8:1741 tcp
N/A 10.127.7.76:445 tcp
N/A 10.127.0.8:2628 tcp
N/A 10.127.7.77:445 tcp
CN 106.9.67.8:1777 tcp
N/A 10.127.0.8:3000 tcp
N/A 10.127.7.78:445 tcp
CN 106.9.67.8:1911 tcp
N/A 10.127.0.8:3001 tcp
CN 106.9.67.8:1962 tcp
N/A 10.127.7.79:445 tcp
N/A 10.127.0.8:3128 tcp
N/A 10.127.7.80:445 tcp
CN 106.9.67.8:1991 tcp
N/A 10.127.0.8:3260 tcp
N/A 10.127.7.81:445 tcp
CN 106.9.67.8:2000 tcp
N/A 10.127.0.8:3299 tcp
CN 106.9.67.8:2081 tcp
N/A 10.127.7.82:445 tcp
N/A 10.127.0.8:3310 tcp
N/A 10.127.7.83:445 tcp
CN 106.9.67.8:2082 tcp
N/A 10.127.0.8:3388 tcp
CN 106.9.67.8:2083 tcp
N/A 10.127.7.84:445 tcp
N/A 10.127.0.8:3389 tcp
CN 106.9.67.8:2086 tcp
N/A 10.127.7.85:445 tcp
N/A 10.127.0.8:3460 tcp
N/A 10.127.7.86:445 tcp
CN 106.9.67.8:2087 tcp
N/A 10.127.0.8:3541 tcp
CN 106.9.67.8:2181 tcp
N/A 10.127.7.87:445 tcp
N/A 10.127.0.8:3542 tcp
N/A 10.127.7.88:445 tcp
CN 106.9.67.8:2222 tcp
N/A 10.127.0.8:3689 tcp
CN 106.9.67.8:2375 tcp
N/A 10.127.7.89:445 tcp
N/A 10.127.0.8:3749 tcp
N/A 10.127.7.90:445 tcp
CN 106.9.67.8:2376 tcp
N/A 10.127.0.8:3780 tcp
N/A 10.127.7.91:445 tcp
CN 106.9.67.8:2404 tcp
N/A 10.127.0.8:3790 tcp
N/A 10.127.7.92:445 tcp
CN 106.9.67.8:2455 tcp
N/A 10.127.0.8:4000 tcp
N/A 10.127.7.93:445 tcp
CN 106.9.67.8:2480 tcp
N/A 10.127.0.8:4022 tcp
N/A 10.127.7.94:445 tcp
CN 106.9.67.8:2628 tcp
N/A 10.127.0.8:4040 tcp
CN 106.9.67.8:3000 tcp
N/A 10.127.7.95:445 tcp
N/A 10.127.0.8:4157 tcp
N/A 10.127.7.96:445 tcp
CN 106.9.67.8:3001 tcp
N/A 10.127.0.8:4443 tcp
CN 106.9.67.8:3128 tcp
N/A 10.127.0.8:4444 tcp
CN 106.9.67.8:3260 tcp
N/A 10.127.0.8:4567 tcp
N/A 10.127.7.97:445 tcp
CN 106.9.67.8:3299 tcp
N/A 10.127.0.8:4664 tcp
CN 106.9.67.8:3310 tcp
N/A 10.127.0.8:4782 tcp
N/A 10.127.7.98:445 tcp
CN 106.9.67.8:3388 tcp
N/A 10.127.0.8:4786 tcp
CN 106.9.67.8:3389 tcp
N/A 10.127.7.99:445 tcp
N/A 10.127.0.8:4848 tcp
CN 106.9.67.8:3460 tcp
N/A 10.127.0.8:4911 tcp
CN 106.9.67.8:3541 tcp
N/A 10.127.7.103:445 tcp
N/A 10.127.0.8:5000 tcp
N/A 10.127.7.102:445 tcp
CN 106.9.67.8:3542 tcp
N/A 10.127.7.104:445 tcp
N/A 10.127.0.8:5001 tcp
CN 106.9.67.8:3689 tcp
N/A 10.127.0.8:5007 tcp
CN 106.9.67.8:3749 tcp
N/A 10.127.0.8:5009 tcp
CN 106.9.67.8:3780 tcp
N/A 10.127.7.105:445 tcp
N/A 10.127.0.8:5055 tcp
N/A 10.127.7.101:445 tcp
CN 106.9.67.8:3790 tcp
N/A 10.127.0.8:5222 tcp
CN 106.9.67.8:4000 tcp
N/A 10.127.0.8:5269 tcp
CN 106.9.67.8:4022 tcp
N/A 10.127.7.100:445 tcp
N/A 10.127.0.8:5357 tcp
CN 106.9.67.8:4040 tcp
N/A 10.127.0.8:5555 tcp
CN 106.9.67.8:4157 tcp
N/A 10.127.7.110:445 tcp
N/A 10.127.0.8:5560 tcp
CN 106.9.67.8:4443 tcp
N/A 10.127.0.8:5601 tcp
CN 106.9.67.8:4444 tcp
N/A 10.127.7.115:445 tcp
N/A 10.127.0.8:5672 tcp
N/A 10.127.7.106:445 tcp
CN 106.9.67.8:4567 tcp
N/A 10.127.0.8:5800 tcp
CN 106.9.67.8:4664 tcp
N/A 10.127.7.107:445 tcp
N/A 10.127.7.108:445 tcp
N/A 10.127.7.109:445 tcp
N/A 10.127.7.111:445 tcp
N/A 10.127.7.112:445 tcp
N/A 10.127.7.113:445 tcp
N/A 10.127.7.114:445 tcp
N/A 10.127.7.116:445 tcp
N/A 10.127.7.117:445 tcp
N/A 10.127.0.8:5801 tcp
CN 106.9.67.8:4782 tcp
N/A 10.127.7.118:445 tcp
N/A 10.127.0.8:5900 tcp
CN 106.9.67.8:4786 tcp
N/A 10.127.7.119:445 tcp
N/A 10.127.0.8:5901 tcp
N/A 10.127.7.120:445 tcp
CN 106.9.67.8:4848 tcp
N/A 10.127.0.8:5938 tcp
CN 106.9.67.8:4911 tcp
N/A 10.127.7.121:445 tcp
N/A 10.127.0.8:5984 tcp
N/A 10.127.7.122:445 tcp
CN 106.9.67.8:5000 tcp
N/A 10.127.0.8:5985 tcp
CN 106.9.67.8:5001 tcp
N/A 10.127.7.123:445 tcp
N/A 10.127.0.8:5986 tcp
N/A 10.127.7.124:445 tcp
CN 106.9.67.8:5007 tcp
N/A 10.127.0.8:6000 tcp
N/A 10.127.7.125:445 tcp
CN 106.9.67.8:5009 tcp
N/A 10.127.0.8:6001 tcp
CN 106.9.67.8:5055 tcp
N/A 10.127.7.126:445 tcp
N/A 10.127.0.8:6060 tcp
N/A 10.127.7.127:445 tcp
CN 106.9.67.8:5222 tcp
N/A 10.127.0.8:6664 tcp
CN 106.9.67.8:5269 tcp
N/A 10.127.7.128:445 tcp
N/A 10.127.0.8:6666 tcp
CN 106.9.67.8:5357 tcp
N/A 10.127.7.129:445 tcp
N/A 10.127.0.8:6668 tcp
N/A 10.127.7.130:445 tcp
CN 106.9.67.8:5555 tcp
N/A 10.127.0.8:7001 tcp
CN 106.9.67.8:5560 tcp
N/A 10.127.7.131:445 tcp
N/A 10.127.0.8:7070 tcp
CN 106.9.67.8:5601 tcp
N/A 10.127.7.132:445 tcp
N/A 10.127.0.8:7071 tcp
CN 106.9.67.8:5672 tcp
N/A 10.127.7.133:445 tcp
N/A 10.127.0.8:7080 tcp
N/A 10.127.7.134:445 tcp
CN 106.9.67.8:5800 tcp
N/A 10.127.0.8:7415 tcp
CN 106.9.67.8:5801 tcp
N/A 10.127.7.135:445 tcp
N/A 10.127.0.8:7474 tcp
N/A 10.127.7.136:445 tcp
CN 106.9.67.8:5900 tcp
N/A 10.127.0.8:7547 tcp
N/A 10.127.7.137:445 tcp
CN 106.9.67.8:5901 tcp
N/A 10.127.0.8:7548 tcp
CN 106.9.67.8:5938 tcp
N/A 10.127.7.138:445 tcp
N/A 10.127.0.8:7657 tcp
CN 106.9.67.8:5984 tcp
N/A 10.127.0.8:7777 tcp
CN 106.9.67.8:5985 tcp
N/A 10.127.0.8:7779 tcp
CN 106.9.67.8:5986 tcp
N/A 10.127.7.140:445 tcp
N/A 10.127.0.8:7890 tcp
CN 106.9.67.8:6000 tcp
N/A 10.127.0.8:8000 tcp
CN 106.9.67.8:6001 tcp
N/A 10.127.0.8:8001 tcp
CN 106.9.67.8:6060 tcp
N/A 10.127.0.8:8002 tcp
N/A 10.127.7.143:445 tcp
CN 106.9.67.8:6664 tcp
N/A 10.127.0.8:8008 tcp
CN 106.9.67.8:6666 tcp
N/A 10.127.0.8:8009 tcp
CN 106.9.67.8:6668 tcp
N/A 10.127.7.145:445 tcp
N/A 10.127.0.8:8010 tcp
N/A 10.127.7.146:445 tcp
CN 106.9.67.8:7001 tcp
N/A 10.127.0.8:8012 tcp
CN 106.9.67.8:7070 tcp
N/A 10.127.7.147:445 tcp
N/A 10.127.0.8:8020 tcp
CN 106.9.67.8:7071 tcp
N/A 10.127.0.8:8030 tcp
N/A 10.127.7.141:445 tcp
CN 106.9.67.8:7080 tcp
N/A 10.127.7.150:445 tcp
N/A 10.127.0.8:8040 tcp
CN 106.9.67.8:7415 tcp
N/A 10.127.0.8:8050 tcp
CN 106.9.67.8:7474 tcp
N/A 10.127.7.152:445 tcp
N/A 10.127.7.139:445 tcp
N/A 10.127.0.8:8060 tcp
CN 106.9.67.8:7547 tcp
N/A 10.127.7.144:445 tcp
N/A 10.127.7.154:445 tcp
N/A 10.127.0.8:8069 tcp
CN 106.9.67.8:7548 tcp
N/A 10.127.0.8:8070 tcp
CN 106.9.67.8:7657 tcp
N/A 10.127.7.153:445 tcp
N/A 10.127.0.8:8080 tcp
CN 106.9.67.8:7777 tcp
N/A 10.127.0.8:8081 tcp
N/A 10.127.7.142:445 tcp
CN 106.9.67.8:7779 tcp
N/A 10.127.0.8:8082 tcp
CN 106.9.67.8:7890 tcp
N/A 10.127.0.8:8083 tcp
N/A 10.127.7.149:445 tcp
CN 106.9.67.8:8000 tcp
N/A 10.127.0.8:8084 tcp
N/A 10.127.7.148:445 tcp
N/A 10.127.7.151:445 tcp
N/A 10.127.7.155:445 tcp
N/A 10.127.7.156:445 tcp
N/A 10.127.7.157:445 tcp
N/A 10.127.7.158:445 tcp
N/A 10.127.7.159:445 tcp
N/A 10.127.7.160:445 tcp
N/A 10.127.7.161:445 tcp
CN 106.9.67.8:8001 tcp
N/A 10.127.0.8:8085 tcp
N/A 10.127.7.162:445 tcp
CN 106.9.67.8:8002 tcp
N/A 10.127.0.8:8086 tcp
CN 106.9.67.8:8008 tcp
N/A 10.127.7.163:445 tcp
N/A 10.127.0.8:8087 tcp
N/A 10.127.7.164:445 tcp
CN 106.9.67.8:8009 tcp
N/A 10.127.0.8:8088 tcp
N/A 10.127.7.165:445 tcp
CN 106.9.67.8:8010 tcp
N/A 10.127.0.8:8089 tcp
N/A 10.127.7.166:445 tcp
CN 106.9.67.8:8012 tcp
N/A 10.127.0.8:8090 tcp
CN 106.9.67.8:8020 tcp
N/A 10.127.7.167:445 tcp
N/A 10.127.0.8:8098 tcp
N/A 10.127.7.168:445 tcp
CN 106.9.67.8:8030 tcp
N/A 10.127.0.8:8099 tcp
CN 106.9.67.8:8040 tcp
N/A 10.127.7.169:445 tcp
N/A 10.127.0.8:8101 tcp
N/A 10.127.7.170:445 tcp
CN 106.9.67.8:8050 tcp
N/A 10.127.0.8:8112 tcp
CN 106.9.67.8:8060 tcp
N/A 10.127.7.171:445 tcp
N/A 10.127.0.8:8123 tcp
CN 106.9.67.8:8069 tcp
N/A 10.127.7.172:445 tcp
N/A 10.127.0.8:8126 tcp
N/A 10.127.7.173:445 tcp
CN 106.9.67.8:8070 tcp
N/A 10.127.0.8:8139 tcp
N/A 10.127.7.174:445 tcp
CN 106.9.67.8:8080 tcp
N/A 10.127.0.8:8140 tcp
N/A 10.127.7.175:445 tcp
CN 106.9.67.8:8081 tcp
N/A 10.127.0.8:8181 tcp
N/A 10.127.7.176:445 tcp
CN 106.9.67.8:8082 tcp
N/A 10.127.0.8:8334 tcp
CN 106.9.67.8:8083 tcp
N/A 10.127.7.177:445 tcp
N/A 10.127.0.8:8443 tcp
N/A 10.127.7.178:445 tcp
CN 106.9.67.8:8084 tcp
N/A 10.127.0.8:8554 tcp
CN 106.9.67.8:8085 tcp
N/A 10.127.7.179:445 tcp
N/A 10.127.0.8:8686 tcp
CN 106.9.67.8:8086 tcp
N/A 10.127.7.180:445 tcp
N/A 10.127.0.8:8800 tcp
N/A 10.127.7.181:445 tcp
CN 106.9.67.8:8087 tcp
N/A 10.127.0.8:8834 tcp
CN 106.9.67.8:8088 tcp
N/A 10.127.0.8:8866 tcp
CN 106.9.67.8:8089 tcp
N/A 10.127.0.8:8880 tcp
CN 106.9.67.8:8090 tcp
N/A 10.127.0.8:8883 tcp
CN 106.9.67.8:8098 tcp
N/A 10.127.7.182:445 tcp
N/A 10.127.0.8:8888 tcp
CN 106.9.67.8:8099 tcp
N/A 10.127.0.8:8889 tcp
CN 106.9.67.8:8101 tcp
N/A 10.127.0.8:9000 tcp
CN 106.9.67.8:8112 tcp
N/A 10.127.0.8:9001 tcp
CN 106.9.67.8:8123 tcp
N/A 10.127.7.183:445 tcp
N/A 10.127.0.8:9002 tcp
CN 106.9.67.8:8126 tcp
N/A 10.127.0.8:9008 tcp
CN 106.9.67.8:8139 tcp
N/A 10.127.0.8:9009 tcp
CN 106.9.67.8:8140 tcp
N/A 10.127.0.8:9051 tcp
CN 106.9.67.8:8181 tcp
N/A 10.127.0.8:9080 tcp
CN 106.9.67.8:8334 tcp
N/A 10.127.7.184:445 tcp
N/A 10.127.0.8:9081 tcp
CN 106.9.67.8:8443 tcp
N/A 10.127.0.8:9090 tcp
CN 106.9.67.8:8554 tcp
N/A 10.127.7.186:445 tcp
N/A 10.127.0.8:9091 tcp
CN 106.9.67.8:8686 tcp
N/A 10.127.7.185:445 tcp
N/A 10.127.0.8:9100 tcp
CN 106.9.67.8:8800 tcp
N/A 10.127.7.191:445 tcp
N/A 10.127.0.8:9151 tcp
CN 106.9.67.8:8834 tcp
N/A 10.127.7.194:445 tcp
N/A 10.127.0.8:9180 tcp
N/A 10.127.7.196:445 tcp
N/A 10.127.7.198:445 tcp
CN 106.9.67.8:8866 tcp
N/A 10.127.7.187:445 tcp
N/A 10.127.7.188:445 tcp
N/A 10.127.7.190:445 tcp
N/A 10.127.0.8:9191 tcp
CN 106.9.67.8:8880 tcp
N/A 10.127.7.189:445 tcp
N/A 10.127.0.8:9200 tcp
CN 106.9.67.8:8883 tcp
N/A 10.127.0.8:9295 tcp
CN 106.9.67.8:8888 tcp
N/A 10.127.7.192:445 tcp
N/A 10.127.7.199:445 tcp
N/A 10.127.0.8:9418 tcp
CN 106.9.67.8:8889 tcp
N/A 10.127.7.193:445 tcp
N/A 10.127.7.195:445 tcp
N/A 10.127.7.197:445 tcp
N/A 10.127.7.200:445 tcp
N/A 10.127.7.201:445 tcp
N/A 10.127.7.202:445 tcp
N/A 10.127.7.203:445 tcp
N/A 10.127.7.204:445 tcp
N/A 10.127.0.8:9443 tcp
CN 106.9.67.8:9000 tcp
N/A 10.127.7.205:445 tcp
N/A 10.127.0.8:9595 tcp
CN 106.9.67.8:9001 tcp
N/A 10.127.7.206:445 tcp
N/A 10.127.0.8:9600 tcp
N/A 10.127.7.207:445 tcp
CN 106.9.67.8:9002 tcp
N/A 10.127.0.8:9633 tcp
N/A 10.127.7.208:445 tcp
CN 106.9.67.8:9008 tcp
N/A 10.127.0.8:9869 tcp
CN 106.9.67.8:9009 tcp
N/A 10.127.7.209:445 tcp
N/A 10.127.0.8:9943 tcp
N/A 10.127.7.210:445 tcp
CN 106.9.67.8:9051 tcp
N/A 10.127.0.8:9944 tcp
CN 106.9.67.8:9080 tcp
N/A 10.127.7.211:445 tcp
N/A 10.127.0.8:9981 tcp
CN 106.9.67.8:9081 tcp
N/A 10.127.7.212:445 tcp
N/A 10.127.0.8:9999 tcp
CN 106.9.67.8:9090 tcp
N/A 10.127.7.213:445 tcp
N/A 10.127.0.8:10000 tcp
N/A 10.127.7.214:445 tcp
CN 106.9.67.8:9091 tcp
N/A 10.127.0.8:10080 tcp
N/A 10.127.7.215:445 tcp
CN 106.9.67.8:9100 tcp
N/A 10.127.0.8:10081 tcp
CN 106.9.67.8:9151 tcp
N/A 10.127.7.216:445 tcp
N/A 10.127.0.8:10134 tcp
CN 106.9.67.8:9180 tcp
N/A 10.127.7.217:445 tcp
N/A 10.127.0.8:10243 tcp
N/A 10.127.7.218:445 tcp
CN 106.9.67.8:9191 tcp
N/A 10.127.0.8:10554 tcp
CN 106.9.67.8:9200 tcp
N/A 10.127.7.219:445 tcp
N/A 10.127.0.8:11211 tcp
CN 106.9.67.8:9295 tcp
N/A 10.127.7.220:445 tcp
N/A 10.127.0.8:12345 tcp
CN 106.9.67.8:9418 tcp
N/A 10.127.7.221:445 tcp
N/A 10.127.0.8:13579 tcp
CN 106.9.67.8:9443 tcp
N/A 10.127.7.222:445 tcp
N/A 10.127.0.8:16010 tcp
CN 106.9.67.8:9595 tcp
N/A 10.127.7.223:445 tcp
N/A 10.127.0.8:16992 tcp
CN 106.9.67.8:9600 tcp
N/A 10.127.0.8:16993 tcp
CN 106.9.67.8:9633 tcp
N/A 10.127.0.8:18245 tcp
CN 106.9.67.8:9869 tcp
N/A 10.127.0.8:20000 tcp
CN 106.9.67.8:9943 tcp
N/A 10.127.0.8:20547 tcp
N/A 10.127.7.224:445 tcp
CN 106.9.67.8:9944 tcp
N/A 10.127.7.226:445 tcp
N/A 10.127.0.8:21379 tcp
CN 106.9.67.8:9981 tcp
N/A 10.127.0.8:23424 tcp
CN 106.9.67.8:9999 tcp
N/A 10.127.0.8:25105 tcp
CN 106.9.67.8:10000 tcp
N/A 10.127.0.8:28017 tcp
CN 106.9.67.8:10080 tcp
N/A 10.127.0.8:32400 tcp
CN 106.9.67.8:10081 tcp
N/A 10.127.0.8:33338 tcp
CN 106.9.67.8:10134 tcp
N/A 10.127.0.8:33550 tcp
CN 106.9.67.8:10243 tcp
N/A 10.127.0.8:37215 tcp
CN 106.9.67.8:10554 tcp
N/A 10.127.7.231:445 tcp
N/A 10.127.0.8:37777 tcp
N/A 10.127.7.225:445 tcp
CN 106.9.67.8:11211 tcp
N/A 10.127.7.236:445 tcp
N/A 10.127.0.8:44818 tcp
N/A 10.127.7.234:445 tcp
CN 106.9.67.8:12345 tcp
N/A 10.127.0.8:49152 tcp
N/A 10.127.7.230:445 tcp
CN 106.9.67.8:13579 tcp
N/A 10.127.7.229:445 tcp
N/A 10.127.7.232:445 tcp
N/A 10.127.0.8:49153 tcp
CN 106.9.67.8:16010 tcp
N/A 10.127.7.228:445 tcp
N/A 10.127.7.238:445 tcp
N/A 10.127.0.8:50070 tcp
CN 106.9.67.8:16992 tcp
N/A 10.127.0.8:51106 tcp
CN 106.9.67.8:16993 tcp
N/A 10.127.7.227:445 tcp
N/A 10.127.0.8:54138 tcp
CN 106.9.67.8:18245 tcp
N/A 10.127.0.8:54984 tcp
CN 106.9.67.8:20000 tcp
N/A 10.127.0.8:55443 tcp
N/A 10.127.7.240:445 tcp
CN 106.9.67.8:20547 tcp
N/A 10.127.0.8:55553 tcp
N/A 10.127.7.237:445 tcp
CN 106.9.67.8:21379 tcp
N/A 10.127.7.233:445 tcp
N/A 10.127.7.239:445 tcp
N/A 10.127.0.8:60129 tcp
CN 106.9.67.8:23424 tcp
N/A 10.127.7.244:445 tcp
N/A 10.127.7.242:445 tcp
N/A 10.127.0.8:62078 tcp
CN 106.9.67.8:25105 tcp
N/A 10.127.7.241:445 tcp
N/A 10.127.7.235:445 tcp
N/A 10.127.7.243:445 tcp
N/A 10.127.7.245:445 tcp
N/A 10.127.7.246:445 tcp
N/A 10.127.7.247:445 tcp
N/A 10.127.7.248:445 tcp
N/A 10.127.0.9:80 tcp
N/A 10.127.7.249:445 tcp
CN 106.9.67.8:28017 tcp
N/A 10.127.0.9:81 tcp
N/A 10.127.7.250:445 tcp
CN 106.9.67.8:32400 tcp
N/A 10.127.0.9:82 tcp
N/A 10.127.7.251:445 tcp
CN 106.9.67.8:33338 tcp
N/A 10.127.0.9:83 tcp
N/A 10.127.7.252:445 tcp
CN 106.9.67.8:33550 tcp
N/A 10.127.0.9:84 tcp
N/A 10.127.7.253:445 tcp
CN 106.9.67.8:37215 tcp
N/A 10.127.0.9:88 tcp
CN 106.9.67.8:37777 tcp
N/A 10.127.7.254:445 tcp
N/A 10.127.0.9:89 tcp
CN 106.9.67.8:44818 tcp
N/A 10.127.8.0:445 tcp
N/A 10.127.0.9:90 tcp
N/A 10.127.8.1:445 tcp
CN 106.9.67.8:49152 tcp
N/A 10.127.0.9:99 tcp
CN 106.9.67.8:49153 tcp
N/A 10.127.8.2:445 tcp
N/A 10.127.0.9:102 tcp
N/A 10.127.8.3:445 tcp
CN 106.9.67.8:50070 tcp
N/A 10.127.0.9:104 tcp
N/A 10.127.8.4:445 tcp
CN 106.9.67.8:51106 tcp
N/A 10.127.0.9:113 tcp
N/A 10.127.8.5:445 tcp
CN 106.9.67.8:54138 tcp
N/A 10.127.0.9:175 tcp
N/A 10.127.8.6:445 tcp
CN 106.9.67.8:54984 tcp
N/A 10.127.0.9:179 tcp
N/A 10.127.8.7:445 tcp
CN 106.9.67.8:55443 tcp
N/A 10.127.0.9:195 tcp
N/A 10.127.8.8:445 tcp
CN 106.9.67.8:55553 tcp
N/A 10.127.0.9:264 tcp
CN 106.9.67.8:60129 tcp
N/A 10.127.8.9:445 tcp
N/A 10.127.0.9:311 tcp
N/A 10.127.8.10:445 tcp
CN 106.9.67.8:62078 tcp
N/A 10.127.0.9:389 tcp
CN 106.9.67.9:80 tcp
N/A 10.127.0.9:443 tcp
CN 106.9.67.9:81 tcp
N/A 10.127.0.9:444 tcp
CN 106.9.67.9:82 tcp
N/A 10.127.8.11:445 tcp
N/A 10.127.8.12:445 tcp
N/A 10.127.0.9:515 tcp
CN 106.9.67.9:83 tcp
N/A 10.127.0.9:554 tcp
CN 106.9.67.9:84 tcp
N/A 10.127.0.9:631 tcp
CN 106.9.67.9:88 tcp
N/A 10.127.0.9:789 tcp
CN 106.9.67.9:89 tcp
N/A 10.127.0.9:1010 tcp
CN 106.9.67.9:90 tcp
N/A 10.127.0.9:1099 tcp
CN 106.9.67.9:99 tcp
N/A 10.127.0.9:1111 tcp
N/A 10.127.8.16:445 tcp
CN 106.9.67.9:102 tcp
N/A 10.127.0.9:1177 tcp
CN 106.9.67.9:104 tcp
N/A 10.127.0.9:1200 tcp
N/A 10.127.8.14:445 tcp
CN 106.9.67.9:113 tcp
N/A 10.127.0.9:1234 tcp
CN 106.9.67.9:175 tcp
N/A 10.127.8.21:445 tcp
N/A 10.127.0.9:1311 tcp
CN 106.9.67.9:179 tcp
N/A 10.127.8.18:445 tcp
N/A 10.127.0.9:1400 tcp
CN 106.9.67.9:195 tcp
N/A 10.127.8.17:445 tcp
N/A 10.127.0.9:1471 tcp
CN 106.9.67.9:264 tcp
N/A 10.127.8.13:445 tcp
N/A 10.127.0.9:1515 tcp
N/A 10.127.8.26:445 tcp
CN 106.9.67.9:311 tcp
N/A 10.127.0.9:1521 tcp
CN 106.9.67.9:389 tcp
N/A 10.127.8.15:445 tcp
N/A 10.127.0.9:1599 tcp
CN 106.9.67.9:443 tcp
N/A 10.127.0.9:1723 tcp
CN 106.9.67.9:444 tcp
N/A 10.127.8.29:445 tcp
N/A 10.127.0.9:1741 tcp
CN 106.9.67.9:515 tcp
N/A 10.127.0.9:1777 tcp
CN 106.9.67.9:554 tcp
N/A 10.127.8.20:445 tcp
N/A 10.127.8.24:445 tcp
N/A 10.127.0.9:1911 tcp
N/A 10.127.8.32:445 tcp
N/A 10.127.8.19:445 tcp
CN 106.9.67.9:631 tcp
N/A 10.127.0.9:1962 tcp
CN 106.9.67.9:789 tcp
N/A 10.127.0.9:1991 tcp
CN 106.9.67.9:1010 tcp
N/A 10.127.0.9:2000 tcp
CN 106.9.67.9:1099 tcp
N/A 10.127.0.9:2081 tcp
CN 106.9.67.9:1111 tcp
N/A 10.127.8.22:445 tcp
N/A 10.127.8.23:445 tcp
N/A 10.127.8.25:445 tcp
N/A 10.127.8.27:445 tcp
N/A 10.127.8.28:445 tcp
N/A 10.127.8.30:445 tcp
N/A 10.127.8.31:445 tcp
N/A 10.127.8.33:445 tcp
N/A 10.127.8.34:445 tcp
N/A 10.127.8.35:445 tcp
N/A 10.127.8.36:445 tcp
N/A 10.127.8.37:445 tcp
N/A 10.127.0.9:2082 tcp
CN 106.9.67.9:1177 tcp
N/A 10.127.8.38:445 tcp
N/A 10.127.0.9:2083 tcp
CN 106.9.67.9:1200 tcp
N/A 10.127.8.39:445 tcp
N/A 10.127.0.9:2086 tcp
CN 106.9.67.9:1234 tcp
N/A 10.127.8.40:445 tcp
N/A 10.127.0.9:2087 tcp
CN 106.9.67.9:1311 tcp
N/A 10.127.8.41:445 tcp
N/A 10.127.0.9:2181 tcp
CN 106.9.67.9:1400 tcp
N/A 10.127.8.42:445 tcp
N/A 10.127.0.9:2222 tcp
CN 106.9.67.9:1471 tcp
N/A 10.127.8.43:445 tcp
N/A 10.127.0.9:2375 tcp
CN 106.9.67.9:1515 tcp
N/A 10.127.8.44:445 tcp
N/A 10.127.0.9:2376 tcp
CN 106.9.67.9:1521 tcp
N/A 10.127.8.45:445 tcp
N/A 10.127.0.9:2404 tcp
CN 106.9.67.9:1599 tcp
N/A 10.127.8.46:445 tcp
N/A 10.127.0.9:2455 tcp
N/A 10.127.8.47:445 tcp
CN 106.9.67.9:1723 tcp
N/A 10.127.0.9:2480 tcp
N/A 10.127.8.48:445 tcp
CN 106.9.67.9:1741 tcp
N/A 10.127.0.9:2628 tcp
CN 106.9.67.9:1777 tcp
N/A 10.127.8.49:445 tcp
N/A 10.127.0.9:3000 tcp
N/A 10.127.8.50:445 tcp
CN 106.9.67.9:1911 tcp
N/A 10.127.0.9:3001 tcp
N/A 10.127.8.51:445 tcp
CN 106.9.67.9:1962 tcp
N/A 10.127.0.9:3128 tcp
N/A 10.127.8.52:445 tcp
CN 106.9.67.9:1991 tcp
N/A 10.127.0.9:3260 tcp
CN 106.9.67.9:2000 tcp
N/A 10.127.0.9:3299 tcp
CN 106.9.67.9:2081 tcp
N/A 10.127.0.9:3310 tcp
CN 106.9.67.9:2082 tcp
N/A 10.127.0.9:3388 tcp
CN 106.9.67.9:2083 tcp
N/A 10.127.0.9:3389 tcp
CN 106.9.67.9:2086 tcp
N/A 10.127.0.9:3460 tcp
CN 106.9.67.9:2087 tcp
N/A 10.127.0.9:3541 tcp
CN 106.9.67.9:2181 tcp
N/A 10.127.0.9:3542 tcp
CN 106.9.67.9:2222 tcp
N/A 10.127.0.9:3689 tcp
CN 106.9.67.9:2375 tcp
N/A 10.127.8.58:445 tcp
N/A 10.127.8.61:445 tcp
N/A 10.127.0.9:3749 tcp
CN 106.9.67.9:2376 tcp
N/A 10.127.8.56:445 tcp
N/A 10.127.8.62:445 tcp
N/A 10.127.0.9:3780 tcp
N/A 10.127.8.55:445 tcp
CN 106.9.67.9:2404 tcp
N/A 10.127.0.9:3790 tcp
N/A 10.127.8.59:445 tcp
CN 106.9.67.9:2455 tcp
N/A 10.127.8.64:445 tcp
N/A 10.127.0.9:4000 tcp
CN 106.9.67.9:2480 tcp
N/A 10.127.8.54:445 tcp
N/A 10.127.0.9:4022 tcp
CN 106.9.67.9:2628 tcp
N/A 10.127.0.9:4040 tcp
CN 106.9.67.9:3000 tcp
N/A 10.127.0.9:4157 tcp
CN 106.9.67.9:3001 tcp
N/A 10.127.8.53:445 tcp
N/A 10.127.0.9:4443 tcp
CN 106.9.67.9:3128 tcp
N/A 10.127.0.9:4444 tcp
CN 106.9.67.9:3260 tcp
N/A 10.127.0.9:4567 tcp
N/A 10.127.8.57:445 tcp
CN 106.9.67.9:3299 tcp
N/A 10.127.8.65:445 tcp
N/A 10.127.0.9:4664 tcp
N/A 10.127.8.63:445 tcp
N/A 10.127.8.67:445 tcp
CN 106.9.67.9:3310 tcp
N/A 10.127.8.68:445 tcp
N/A 10.127.8.69:445 tcp
N/A 10.127.8.70:445 tcp
N/A 10.127.8.71:445 tcp
N/A 10.127.0.9:4782 tcp
CN 106.9.67.9:3388 tcp
N/A 10.127.8.60:445 tcp
N/A 10.127.0.9:4786 tcp
CN 106.9.67.9:3389 tcp
N/A 10.127.0.9:4848 tcp
CN 106.9.67.9:3460 tcp
N/A 10.127.0.9:4911 tcp
CN 106.9.67.9:3541 tcp
N/A 10.127.0.9:5000 tcp
CN 106.9.67.9:3542 tcp
N/A 10.127.0.9:5001 tcp
N/A 10.127.8.74:445 tcp
CN 106.9.67.9:3689 tcp
N/A 10.127.0.9:5007 tcp
N/A 10.127.8.72:445 tcp
CN 106.9.67.9:3749 tcp
N/A 10.127.0.9:5009 tcp
CN 106.9.67.9:3780 tcp
N/A 10.127.0.9:5055 tcp
CN 106.9.67.9:3790 tcp
N/A 10.127.8.66:445 tcp
N/A 10.127.8.73:445 tcp
N/A 10.127.8.75:445 tcp
N/A 10.127.8.76:445 tcp
N/A 10.127.8.77:445 tcp
N/A 10.127.8.78:445 tcp
N/A 10.127.8.79:445 tcp
N/A 10.127.8.80:445 tcp
N/A 10.127.8.81:445 tcp
N/A 10.127.0.9:5222 tcp
CN 106.9.67.9:4000 tcp
N/A 10.127.8.82:445 tcp
N/A 10.127.0.9:5269 tcp
N/A 10.127.8.83:445 tcp
CN 106.9.67.9:4022 tcp
N/A 10.127.0.9:5357 tcp
CN 106.9.67.9:4040 tcp
N/A 10.127.8.84:445 tcp
N/A 10.127.0.9:5555 tcp
CN 106.9.67.9:4157 tcp
N/A 10.127.8.85:445 tcp
N/A 10.127.0.9:5560 tcp
N/A 10.127.8.86:445 tcp
CN 106.9.67.9:4443 tcp
N/A 10.127.0.9:5601 tcp
N/A 10.127.8.87:445 tcp
CN 106.9.67.9:4444 tcp
N/A 10.127.0.9:5672 tcp
N/A 10.127.8.88:445 tcp
CN 106.9.67.9:4567 tcp
N/A 10.127.0.9:5800 tcp
N/A 10.127.8.89:445 tcp
CN 106.9.67.9:4664 tcp
N/A 10.127.0.9:5801 tcp
CN 106.9.67.9:4782 tcp
N/A 10.127.8.90:445 tcp
N/A 10.127.0.9:5900 tcp
N/A 10.127.8.91:445 tcp
CN 106.9.67.9:4786 tcp
N/A 10.127.0.9:5901 tcp
CN 106.9.67.9:4848 tcp
N/A 10.127.8.92:445 tcp
N/A 10.127.0.9:5938 tcp
CN 106.9.67.9:4911 tcp
N/A 10.127.8.93:445 tcp
N/A 10.127.0.9:5984 tcp
N/A 10.127.8.94:445 tcp
CN 106.9.67.9:5000 tcp
N/A 10.127.0.9:5985 tcp
N/A 10.127.8.95:445 tcp
CN 106.9.67.9:5001 tcp
N/A 10.127.0.9:5986 tcp
CN 106.9.67.9:5007 tcp
N/A 10.127.0.9:6000 tcp
CN 106.9.67.9:5009 tcp
N/A 10.127.0.9:6001 tcp
CN 106.9.67.9:5055 tcp
N/A 10.127.0.9:6060 tcp
CN 106.9.67.9:5222 tcp
N/A 10.127.0.9:6664 tcp
CN 106.9.67.9:5269 tcp
N/A 10.127.0.9:6666 tcp
CN 106.9.67.9:5357 tcp
N/A 10.127.8.96:445 tcp
N/A 10.127.0.9:6668 tcp
CN 106.9.67.9:5555 tcp
N/A 10.127.0.9:7001 tcp
CN 106.9.67.9:5560 tcp
N/A 10.127.8.98:445 tcp
N/A 10.127.8.102:445 tcp
N/A 10.127.0.9:7070 tcp
CN 106.9.67.9:5601 tcp
N/A 10.127.0.9:7071 tcp
CN 106.9.67.9:5672 tcp
N/A 10.127.0.9:7080 tcp
N/A 10.127.8.104:445 tcp
CN 106.9.67.9:5800 tcp
N/A 10.127.0.9:7415 tcp
CN 106.9.67.9:5801 tcp
N/A 10.127.0.9:7474 tcp
CN 106.9.67.9:5900 tcp
N/A 10.127.0.9:7547 tcp
CN 106.9.67.9:5901 tcp
N/A 10.127.0.9:7548 tcp
CN 106.9.67.9:5938 tcp
N/A 10.127.0.9:7657 tcp
CN 106.9.67.9:5984 tcp
N/A 10.127.0.9:7777 tcp
CN 106.9.67.9:5985 tcp
N/A 10.127.8.110:445 tcp
N/A 10.127.0.9:7779 tcp
CN 106.9.67.9:5986 tcp
N/A 10.127.0.9:7890 tcp
CN 106.9.67.9:6000 tcp
N/A 10.127.0.9:8000 tcp
N/A 10.127.8.113:445 tcp
CN 106.9.67.9:6001 tcp
N/A 10.127.8.103:445 tcp
N/A 10.127.0.9:8001 tcp
N/A 10.127.8.115:445 tcp
N/A 10.127.8.108:445 tcp
N/A 10.127.8.114:445 tcp
N/A 10.127.8.101:445 tcp
CN 106.9.67.9:6060 tcp
N/A 10.127.0.9:8002 tcp
CN 106.9.67.9:6664 tcp
N/A 10.127.0.9:8008 tcp
CN 106.9.67.9:6666 tcp
N/A 10.127.0.9:8009 tcp
CN 106.9.67.9:6668 tcp
N/A 10.127.0.9:8010 tcp
CN 106.9.67.9:7001 tcp
N/A 10.127.0.9:8012 tcp
CN 106.9.67.9:7070 tcp
N/A 10.127.8.120:445 tcp
N/A 10.127.0.9:8020 tcp
N/A 10.127.8.111:445 tcp
N/A 10.127.8.121:445 tcp
CN 106.9.67.9:7071 tcp
N/A 10.127.0.9:8030 tcp
CN 106.9.67.9:7080 tcp
N/A 10.127.0.9:8040 tcp
N/A 10.127.8.118:445 tcp
N/A 10.127.8.109:445 tcp
CN 106.9.67.9:7415 tcp
N/A 10.127.8.117:445 tcp
N/A 10.127.0.9:8050 tcp
N/A 10.127.8.97:445 tcp
N/A 10.127.8.99:445 tcp
N/A 10.127.8.100:445 tcp
N/A 10.127.8.105:445 tcp
N/A 10.127.8.106:445 tcp
N/A 10.127.8.107:445 tcp
N/A 10.127.8.112:445 tcp
N/A 10.127.8.116:445 tcp
N/A 10.127.8.119:445 tcp
N/A 10.127.8.122:445 tcp
N/A 10.127.8.123:445 tcp
N/A 10.127.8.124:445 tcp
N/A 10.127.8.125:445 tcp
CN 106.9.67.9:7474 tcp
N/A 10.127.0.9:8060 tcp
CN 106.9.67.9:7547 tcp
N/A 10.127.8.126:445 tcp
N/A 10.127.0.9:8069 tcp
N/A 10.127.8.127:445 tcp
CN 106.9.67.9:7548 tcp
N/A 10.127.0.9:8070 tcp
CN 106.9.67.9:7657 tcp
N/A 10.127.8.128:445 tcp
N/A 10.127.0.9:8080 tcp
CN 106.9.67.9:7777 tcp
N/A 10.127.8.129:445 tcp
N/A 10.127.0.9:8081 tcp
CN 106.9.67.9:7779 tcp
N/A 10.127.8.130:445 tcp
N/A 10.127.0.9:8082 tcp
N/A 10.127.8.131:445 tcp
CN 106.9.67.9:7890 tcp
N/A 10.127.0.9:8083 tcp
CN 106.9.67.9:8000 tcp
N/A 10.127.8.132:445 tcp
N/A 10.127.0.9:8084 tcp
CN 106.9.67.9:8001 tcp
N/A 10.127.8.133:445 tcp
N/A 10.127.0.9:8085 tcp
N/A 10.127.8.134:445 tcp
CN 106.9.67.9:8002 tcp
N/A 10.127.0.9:8086 tcp
CN 106.9.67.9:8008 tcp
N/A 10.127.8.135:445 tcp
N/A 10.127.0.9:8087 tcp
CN 106.9.67.9:8009 tcp
N/A 10.127.8.136:445 tcp
N/A 10.127.0.9:8088 tcp
CN 106.9.67.9:8010 tcp
N/A 10.127.8.137:445 tcp
N/A 10.127.0.9:8089 tcp
CN 106.9.67.9:8012 tcp
N/A 10.127.8.138:445 tcp
N/A 10.127.0.9:8090 tcp
CN 106.9.67.9:8020 tcp
N/A 10.127.0.9:8098 tcp
CN 106.9.67.9:8030 tcp
N/A 10.127.0.9:8099 tcp
CN 106.9.67.9:8040 tcp
N/A 10.127.8.140:445 tcp
N/A 10.127.0.9:8101 tcp
CN 106.9.67.9:8050 tcp
N/A 10.127.0.9:8112 tcp
CN 106.9.67.9:8060 tcp
N/A 10.127.0.9:8123 tcp
CN 106.9.67.9:8069 tcp
N/A 10.127.0.9:8126 tcp
CN 106.9.67.9:8070 tcp
N/A 10.127.0.9:8139 tcp
CN 106.9.67.9:8080 tcp
N/A 10.127.0.9:8140 tcp
N/A 10.127.8.139:445 tcp
CN 106.9.67.9:8081 tcp
N/A 10.127.0.9:8181 tcp
CN 106.9.67.9:8082 tcp
N/A 10.127.0.9:8334 tcp
CN 106.9.67.9:8083 tcp
N/A 10.127.8.149:445 tcp
N/A 10.127.0.9:8443 tcp
N/A 10.127.8.143:445 tcp
CN 106.9.67.9:8084 tcp
N/A 10.127.0.9:8554 tcp
CN 106.9.67.9:8085 tcp
N/A 10.127.0.9:8686 tcp
CN 106.9.67.9:8086 tcp
N/A 10.127.0.9:8800 tcp
N/A 10.127.8.141:445 tcp
CN 106.9.67.9:8087 tcp
N/A 10.127.0.9:8834 tcp
CN 106.9.67.9:8088 tcp
N/A 10.127.8.146:445 tcp
N/A 10.127.0.9:8866 tcp
N/A 10.127.8.151:445 tcp
CN 106.9.67.9:8089 tcp
N/A 10.127.0.9:8880 tcp
N/A 10.127.8.142:445 tcp
CN 106.9.67.9:8090 tcp
N/A 10.127.0.9:8883 tcp
CN 106.9.67.9:8098 tcp
N/A 10.127.8.155:445 tcp
N/A 10.127.0.9:8888 tcp
CN 106.9.67.9:8099 tcp
N/A 10.127.0.9:8889 tcp
CN 106.9.67.9:8101 tcp
N/A 10.127.8.145:445 tcp
N/A 10.127.8.157:445 tcp
N/A 10.127.0.9:9000 tcp
CN 106.9.67.9:8112 tcp
N/A 10.127.0.9:9001 tcp
N/A 10.127.8.147:445 tcp
N/A 10.127.8.144:445 tcp
CN 106.9.67.9:8123 tcp
N/A 10.127.0.9:9002 tcp
N/A 10.127.8.154:445 tcp
CN 106.9.67.9:8126 tcp
N/A 10.127.0.9:9008 tcp
N/A 10.127.8.152:445 tcp
CN 106.9.67.9:8139 tcp
N/A 10.127.0.9:9009 tcp
CN 106.9.67.9:8140 tcp
N/A 10.127.0.9:9051 tcp
CN 106.9.67.9:8181 tcp
N/A 10.127.0.9:9080 tcp
CN 106.9.67.9:8334 tcp
N/A 10.127.0.9:9081 tcp
CN 106.9.67.9:8443 tcp
N/A 10.127.0.9:9090 tcp
CN 106.9.67.9:8554 tcp
N/A 10.127.8.148:445 tcp
N/A 10.127.8.150:445 tcp
N/A 10.127.8.153:445 tcp
N/A 10.127.8.156:445 tcp
N/A 10.127.8.158:445 tcp
N/A 10.127.8.159:445 tcp
N/A 10.127.8.160:445 tcp
N/A 10.127.8.161:445 tcp
N/A 10.127.8.162:445 tcp
N/A 10.127.8.163:445 tcp
N/A 10.127.8.164:445 tcp
N/A 10.127.8.165:445 tcp
N/A 10.127.8.166:445 tcp
N/A 10.127.8.167:445 tcp
N/A 10.127.8.168:445 tcp
N/A 10.127.0.9:9091 tcp
N/A 10.127.8.169:445 tcp
CN 106.9.67.9:8686 tcp
N/A 10.127.0.9:9100 tcp
CN 106.9.67.9:8800 tcp
N/A 10.127.8.170:445 tcp
N/A 10.127.0.9:9151 tcp
CN 106.9.67.9:8834 tcp
N/A 10.127.8.171:445 tcp
N/A 10.127.0.9:9180 tcp
N/A 10.127.8.172:445 tcp
CN 106.9.67.9:8866 tcp
N/A 10.127.0.9:9191 tcp
CN 106.9.67.9:8880 tcp
N/A 10.127.8.173:445 tcp
N/A 10.127.0.9:9200 tcp
CN 106.9.67.9:8883 tcp
N/A 10.127.8.174:445 tcp
N/A 10.127.0.9:9295 tcp
N/A 10.127.8.175:445 tcp
CN 106.9.67.9:8888 tcp
N/A 10.127.0.9:9418 tcp
CN 106.9.67.9:8889 tcp
N/A 10.127.8.176:445 tcp
N/A 10.127.0.9:9443 tcp
CN 106.9.67.9:9000 tcp
N/A 10.127.8.177:445 tcp
N/A 10.127.0.9:9595 tcp
CN 106.9.67.9:9001 tcp
N/A 10.127.8.178:445 tcp
N/A 10.127.0.9:9600 tcp
N/A 10.127.8.179:445 tcp
CN 106.9.67.9:9002 tcp
N/A 10.127.0.9:9633 tcp
N/A 10.127.8.180:445 tcp
CN 106.9.67.9:9008 tcp
N/A 10.127.0.9:9869 tcp
CN 106.9.67.9:9009 tcp
N/A 10.127.8.181:445 tcp
N/A 10.127.0.9:9943 tcp
CN 106.9.67.9:9051 tcp
N/A 10.127.0.9:9944 tcp
CN 106.9.67.9:9080 tcp
N/A 10.127.0.9:9981 tcp
CN 106.9.67.9:9081 tcp
N/A 10.127.0.9:9999 tcp
CN 106.9.67.9:9090 tcp
N/A 10.127.0.9:10000 tcp
CN 106.9.67.9:9091 tcp
N/A 10.127.0.9:10080 tcp
N/A 10.127.8.182:445 tcp
CN 106.9.67.9:9100 tcp
N/A 10.127.0.9:10081 tcp
CN 106.9.67.9:9151 tcp
N/A 10.127.0.9:10134 tcp
CN 106.9.67.9:9180 tcp
N/A 10.127.0.9:10243 tcp
CN 106.9.67.9:9191 tcp
N/A 10.127.0.9:10554 tcp
CN 106.9.67.9:9200 tcp
N/A 10.127.0.9:11211 tcp
CN 106.9.67.9:9295 tcp
N/A 10.127.8.184:445 tcp
N/A 10.127.8.185:445 tcp
N/A 10.127.0.9:12345 tcp
CN 106.9.67.9:9418 tcp
N/A 10.127.8.186:445 tcp
N/A 10.127.0.9:13579 tcp
CN 106.9.67.9:9443 tcp
N/A 10.127.0.9:16010 tcp
CN 106.9.67.9:9595 tcp
N/A 10.127.0.9:16992 tcp
CN 106.9.67.9:9600 tcp
N/A 10.127.8.196:445 tcp
N/A 10.127.0.9:16993 tcp
CN 106.9.67.9:9633 tcp
N/A 10.127.0.9:18245 tcp
CN 106.9.67.9:9869 tcp
N/A 10.127.8.183:445 tcp
N/A 10.127.0.9:20000 tcp
CN 106.9.67.9:9943 tcp
N/A 10.127.8.198:445 tcp
N/A 10.127.0.9:20547 tcp
CN 106.9.67.9:9944 tcp
N/A 10.127.8.188:445 tcp
N/A 10.127.8.193:445 tcp
N/A 10.127.0.9:21379 tcp
N/A 10.127.8.187:445 tcp
CN 106.9.67.9:9981 tcp
N/A 10.127.8.189:445 tcp
N/A 10.127.0.9:23424 tcp
CN 106.9.67.9:9999 tcp
N/A 10.127.8.190:445 tcp
N/A 10.127.0.9:25105 tcp
N/A 10.127.8.197:445 tcp
CN 106.9.67.9:10000 tcp
N/A 10.127.0.9:28017 tcp
CN 106.9.67.9:10080 tcp
N/A 10.127.8.192:445 tcp
N/A 10.127.0.9:32400 tcp
CN 106.9.67.9:10081 tcp
N/A 10.127.0.9:33338 tcp
CN 106.9.67.9:10134 tcp
N/A 10.127.8.194:445 tcp
N/A 10.127.0.9:33550 tcp
N/A 10.127.8.191:445 tcp
CN 106.9.67.9:10243 tcp
N/A 10.127.8.195:445 tcp
N/A 10.127.0.9:37215 tcp
CN 106.9.67.9:10554 tcp
N/A 10.127.0.9:37777 tcp
CN 106.9.67.9:11211 tcp
N/A 10.127.0.9:44818 tcp
CN 106.9.67.9:12345 tcp
N/A 10.127.8.199:445 tcp
N/A 10.127.0.9:49152 tcp
N/A 10.127.8.203:445 tcp
CN 106.9.67.9:13579 tcp
N/A 10.127.0.9:49153 tcp
N/A 10.127.8.204:445 tcp
N/A 10.127.8.200:445 tcp
N/A 10.127.8.201:445 tcp
N/A 10.127.8.202:445 tcp
N/A 10.127.8.205:445 tcp
N/A 10.127.8.206:445 tcp
N/A 10.127.8.207:445 tcp
N/A 10.127.8.208:445 tcp
N/A 10.127.8.209:445 tcp
N/A 10.127.8.210:445 tcp
N/A 10.127.8.211:445 tcp
N/A 10.127.8.212:445 tcp
CN 106.9.67.9:16010 tcp
N/A 10.127.0.9:50070 tcp
CN 106.9.67.9:16992 tcp
N/A 10.127.8.213:445 tcp
N/A 10.127.0.9:51106 tcp
CN 106.9.67.9:16993 tcp
N/A 10.127.8.214:445 tcp
N/A 10.127.0.9:54138 tcp
N/A 10.127.8.215:445 tcp
CN 106.9.67.9:18245 tcp
N/A 10.127.0.9:54984 tcp
CN 106.9.67.9:20000 tcp
N/A 10.127.8.216:445 tcp
N/A 10.127.0.9:55443 tcp
N/A 10.127.8.217:445 tcp
CN 106.9.67.9:20547 tcp
N/A 10.127.0.9:55553 tcp
CN 106.9.67.9:21379 tcp
N/A 10.127.8.218:445 tcp
N/A 10.127.0.9:60129 tcp
CN 106.9.67.9:23424 tcp
N/A 10.127.8.219:445 tcp
N/A 10.127.0.9:62078 tcp
CN 106.9.67.9:25105 tcp
N/A 10.127.8.220:445 tcp
N/A 10.127.0.10:80 tcp
N/A 10.127.8.221:445 tcp
CN 106.9.67.9:28017 tcp
N/A 10.127.0.10:81 tcp
CN 106.9.67.9:32400 tcp
N/A 10.127.8.222:445 tcp
N/A 10.127.0.10:82 tcp
CN 106.9.67.9:33338 tcp
N/A 10.127.8.223:445 tcp
N/A 10.127.0.10:83 tcp
CN 106.9.67.9:33550 tcp
N/A 10.127.8.224:445 tcp
N/A 10.127.0.10:84 tcp
CN 106.9.67.9:37215 tcp
N/A 10.127.8.225:445 tcp
N/A 10.127.0.10:88 tcp
CN 106.9.67.9:37777 tcp
N/A 10.127.0.10:89 tcp
CN 106.9.67.9:44818 tcp
N/A 10.127.0.10:90 tcp
CN 106.9.67.9:49152 tcp
N/A 10.127.0.10:99 tcp
CN 106.9.67.9:49153 tcp
N/A 10.127.0.10:102 tcp
CN 106.9.67.9:50070 tcp
N/A 10.127.0.10:104 tcp
CN 106.9.67.9:51106 tcp
N/A 10.127.0.10:113 tcp
CN 106.9.67.9:54138 tcp
N/A 10.127.8.229:445 tcp
N/A 10.127.0.10:175 tcp
CN 106.9.67.9:54984 tcp
N/A 10.127.0.10:179 tcp
CN 106.9.67.9:55443 tcp
N/A 10.127.0.10:195 tcp
N/A 10.127.8.233:445 tcp
N/A 10.127.8.226:445 tcp
CN 106.9.67.9:55553 tcp
N/A 10.127.0.10:264 tcp
CN 106.9.67.9:60129 tcp
N/A 10.127.0.10:311 tcp
CN 106.9.67.9:62078 tcp
N/A 10.127.8.228:445 tcp
N/A 10.127.0.10:389 tcp
CN 106.9.67.10:80 tcp
N/A 10.127.8.227:445 tcp
N/A 10.127.8.237:445 tcp
N/A 10.127.0.10:443 tcp
CN 106.9.67.10:81 tcp
N/A 10.127.8.235:445 tcp
N/A 10.127.0.10:444 tcp
CN 106.9.67.10:82 tcp
N/A 10.127.8.236:445 tcp
N/A 10.127.0.10:515 tcp
N/A 10.127.8.230:445 tcp
CN 106.9.67.10:83 tcp
N/A 10.127.0.10:554 tcp
N/A 10.127.8.231:445 tcp
CN 106.9.67.10:84 tcp
N/A 10.127.8.232:445 tcp
N/A 10.127.0.10:631 tcp
CN 106.9.67.10:88 tcp
N/A 10.127.0.10:789 tcp
CN 106.9.67.10:89 tcp
N/A 10.127.0.10:1010 tcp
CN 106.9.67.10:90 tcp
N/A 10.127.0.10:1099 tcp
CN 106.9.67.10:99 tcp
N/A 10.127.0.10:1111 tcp
CN 106.9.67.10:102 tcp
N/A 10.127.0.10:1177 tcp
CN 106.9.67.10:104 tcp
N/A 10.127.0.10:1200 tcp
CN 106.9.67.10:113 tcp
N/A 10.127.0.10:1234 tcp
CN 106.9.67.10:175 tcp
N/A 10.127.0.10:1311 tcp
CN 106.9.67.10:179 tcp
N/A 10.127.0.10:1400 tcp
N/A 10.127.8.245:445 tcp
CN 106.9.67.10:195 tcp
N/A 10.127.8.247:445 tcp
N/A 10.127.0.10:1471 tcp
N/A 10.127.8.251:445 tcp
CN 106.9.67.10:264 tcp
N/A 10.127.0.10:1515 tcp
N/A 10.127.8.250:445 tcp
CN 106.9.67.10:311 tcp
N/A 10.127.0.10:1521 tcp
N/A 10.127.8.248:445 tcp
CN 106.9.67.10:389 tcp
N/A 10.127.0.10:1599 tcp
N/A 10.127.8.234:445 tcp
N/A 10.127.8.238:445 tcp
N/A 10.127.8.239:445 tcp
N/A 10.127.8.240:445 tcp
N/A 10.127.8.241:445 tcp
N/A 10.127.8.242:445 tcp
N/A 10.127.8.243:445 tcp
N/A 10.127.8.244:445 tcp
N/A 10.127.8.246:445 tcp
N/A 10.127.8.249:445 tcp
N/A 10.127.8.252:445 tcp
N/A 10.127.8.253:445 tcp
N/A 10.127.8.254:445 tcp
N/A 10.127.9.0:445 tcp
N/A 10.127.9.1:445 tcp
CN 106.9.67.10:443 tcp
N/A 10.127.0.10:1723 tcp
CN 106.9.67.10:444 tcp
N/A 10.127.9.2:445 tcp
N/A 10.127.0.10:1741 tcp
N/A 10.127.9.3:445 tcp
CN 106.9.67.10:515 tcp
N/A 10.127.0.10:1777 tcp
N/A 10.127.9.4:445 tcp
CN 106.9.67.10:554 tcp
N/A 10.127.0.10:1911 tcp
N/A 10.127.9.5:445 tcp
CN 106.9.67.10:631 tcp
N/A 10.127.0.10:1962 tcp
N/A 10.127.9.6:445 tcp
CN 106.9.67.10:789 tcp
N/A 10.127.0.10:1991 tcp
N/A 10.127.9.7:445 tcp
CN 106.9.67.10:1010 tcp
N/A 10.127.0.10:2000 tcp
N/A 10.127.9.8:445 tcp
CN 106.9.67.10:1099 tcp
N/A 10.127.0.10:2081 tcp
CN 106.9.67.10:1111 tcp
N/A 10.127.9.9:445 tcp
N/A 10.127.0.10:2082 tcp
N/A 10.127.9.10:445 tcp
CN 106.9.67.10:1177 tcp
N/A 10.127.0.10:2083 tcp
N/A 10.127.9.11:445 tcp
CN 106.9.67.10:1200 tcp
N/A 10.127.0.10:2086 tcp
CN 106.9.67.10:1234 tcp
N/A 10.127.0.10:2087 tcp
CN 106.9.67.10:1311 tcp
N/A 10.127.9.12:445 tcp
N/A 10.127.0.10:2181 tcp
CN 106.9.67.10:1400 tcp
N/A 10.127.0.10:2222 tcp
CN 106.9.67.10:1471 tcp
N/A 10.127.0.10:2375 tcp
CN 106.9.67.10:1515 tcp
N/A 10.127.0.10:2376 tcp
CN 106.9.67.10:1521 tcp
N/A 10.127.0.10:2404 tcp
CN 106.9.67.10:1599 tcp
N/A 10.127.0.10:2455 tcp
CN 106.9.67.10:1723 tcp
N/A 10.127.0.10:2480 tcp
CN 106.9.67.10:1741 tcp
N/A 10.127.9.13:445 tcp
N/A 10.127.0.10:2628 tcp
CN 106.9.67.10:1777 tcp
N/A 10.127.9.17:445 tcp
N/A 10.127.9.21:445 tcp
N/A 10.127.0.10:3000 tcp
CN 106.9.67.10:1911 tcp
N/A 10.127.9.16:445 tcp
N/A 10.127.0.10:3001 tcp
CN 106.9.67.10:1962 tcp
N/A 10.127.0.10:3128 tcp
CN 106.9.67.10:1991 tcp
N/A 10.127.0.10:3260 tcp
N/A 10.127.9.19:445 tcp
N/A 10.127.9.18:445 tcp
CN 106.9.67.10:2000 tcp
N/A 10.127.0.10:3299 tcp
N/A 10.127.9.14:445 tcp
CN 106.9.67.10:2081 tcp
N/A 10.127.0.10:3310 tcp
N/A 10.127.9.22:445 tcp
CN 106.9.67.10:2082 tcp
N/A 10.127.0.10:3388 tcp
N/A 10.127.9.20:445 tcp
CN 106.9.67.10:2083 tcp
N/A 10.127.0.10:3389 tcp
N/A 10.127.9.24:445 tcp
CN 106.9.67.10:2086 tcp
N/A 10.127.0.10:3460 tcp
N/A 10.127.9.25:445 tcp
N/A 10.127.9.28:445 tcp
CN 106.9.67.10:2087 tcp
N/A 10.127.0.10:3541 tcp
N/A 10.127.9.15:445 tcp
CN 106.9.67.10:2181 tcp
N/A 10.127.0.10:3542 tcp
CN 106.9.67.10:2222 tcp
N/A 10.127.0.10:3689 tcp
CN 106.9.67.10:2375 tcp
N/A 10.127.0.10:3749 tcp
N/A 10.127.9.30:445 tcp
CN 106.9.67.10:2376 tcp
N/A 10.127.9.29:445 tcp
N/A 10.127.0.10:3780 tcp
CN 106.9.67.10:2404 tcp
N/A 10.127.0.10:3790 tcp
CN 106.9.67.10:2455 tcp
N/A 10.127.9.23:445 tcp
N/A 10.127.0.10:4000 tcp
CN 106.9.67.10:2480 tcp
N/A 10.127.0.10:4022 tcp
CN 106.9.67.10:2628 tcp
N/A 10.127.0.10:4040 tcp
CN 106.9.67.10:3000 tcp
N/A 10.127.0.10:4157 tcp
N/A 10.127.9.37:445 tcp
CN 106.9.67.10:3001 tcp
N/A 10.127.0.10:4443 tcp
N/A 10.127.9.35:445 tcp
CN 106.9.67.10:3128 tcp
N/A 10.127.0.10:4444 tcp
N/A 10.127.9.31:445 tcp
CN 106.9.67.10:3260 tcp
N/A 10.127.0.10:4567 tcp
N/A 10.127.9.33:445 tcp
N/A 10.127.9.26:445 tcp
CN 106.9.67.10:3299 tcp
N/A 10.127.0.10:4664 tcp
N/A 10.127.9.27:445 tcp
CN 106.9.67.10:3310 tcp
N/A 10.127.0.10:4782 tcp
N/A 10.127.9.32:445 tcp
N/A 10.127.9.34:445 tcp
N/A 10.127.9.36:445 tcp
N/A 10.127.9.38:445 tcp
N/A 10.127.9.39:445 tcp
N/A 10.127.9.40:445 tcp
N/A 10.127.9.41:445 tcp
N/A 10.127.9.42:445 tcp
N/A 10.127.9.43:445 tcp
N/A 10.127.9.44:445 tcp
N/A 10.127.9.45:445 tcp
CN 106.9.67.10:3388 tcp
N/A 10.127.0.10:4786 tcp
N/A 10.127.9.46:445 tcp
CN 106.9.67.10:3389 tcp
N/A 10.127.0.10:4848 tcp
CN 106.9.67.10:3460 tcp
N/A 10.127.9.47:445 tcp
N/A 10.127.0.10:4911 tcp
N/A 10.127.9.48:445 tcp
CN 106.9.67.10:3541 tcp
N/A 10.127.0.10:5000 tcp
N/A 10.127.9.49:445 tcp
CN 106.9.67.10:3542 tcp
N/A 10.127.0.10:5001 tcp
CN 106.9.67.10:3689 tcp
N/A 10.127.9.50:445 tcp
N/A 10.127.0.10:5007 tcp
N/A 10.127.9.51:445 tcp
CN 106.9.67.10:3749 tcp
N/A 10.127.0.10:5009 tcp
N/A 10.127.9.52:445 tcp
CN 106.9.67.10:3780 tcp
N/A 10.127.0.10:5055 tcp
N/A 10.127.9.53:445 tcp
CN 106.9.67.10:3790 tcp
N/A 10.127.0.10:5222 tcp
CN 106.9.67.10:4000 tcp
N/A 10.127.9.54:445 tcp
N/A 10.127.0.10:5269 tcp
CN 106.9.67.10:4022 tcp
N/A 10.127.0.10:5357 tcp
CN 106.9.67.10:4040 tcp
N/A 10.127.0.10:5555 tcp
CN 106.9.67.10:4157 tcp
N/A 10.127.0.10:5560 tcp
CN 106.9.67.10:4443 tcp
N/A 10.127.0.10:5601 tcp
CN 106.9.67.10:4444 tcp
N/A 10.127.0.10:5672 tcp
N/A 10.127.9.55:445 tcp
CN 106.9.67.10:4567 tcp
N/A 10.127.0.10:5800 tcp
CN 106.9.67.10:4664 tcp
N/A 10.127.0.10:5801 tcp
CN 106.9.67.10:4782 tcp
N/A 10.127.0.10:5900 tcp
N/A 10.127.9.60:445 tcp
CN 106.9.67.10:4786 tcp
N/A 10.127.0.10:5901 tcp
N/A 10.127.9.63:445 tcp
CN 106.9.67.10:4848 tcp
N/A 10.127.9.57:445 tcp
N/A 10.127.0.10:5938 tcp
N/A 10.127.9.56:445 tcp
N/A 10.127.9.62:445 tcp
CN 106.9.67.10:4911 tcp
N/A 10.127.0.10:5984 tcp
CN 106.9.67.10:5000 tcp
N/A 10.127.0.10:5985 tcp
CN 106.9.67.10:5001 tcp
N/A 10.127.9.67:445 tcp
N/A 10.127.0.10:5986 tcp
CN 106.9.67.10:5007 tcp
N/A 10.127.9.64:445 tcp
N/A 10.127.0.10:6000 tcp
N/A 10.127.9.61:445 tcp
CN 106.9.67.10:5009 tcp
N/A 10.127.0.10:6001 tcp
N/A 10.127.9.69:445 tcp
N/A 10.127.9.65:445 tcp
CN 106.9.67.10:5055 tcp
N/A 10.127.0.10:6060 tcp
CN 106.9.67.10:5222 tcp
N/A 10.127.0.10:6664 tcp
CN 106.9.67.10:5269 tcp
N/A 10.127.0.10:6666 tcp
CN 106.9.67.10:5357 tcp
N/A 10.127.0.10:6668 tcp
N/A 10.127.9.68:445 tcp
CN 106.9.67.10:5555 tcp
N/A 10.127.9.59:445 tcp
N/A 10.127.0.10:7001 tcp
N/A 10.127.9.58:445 tcp
CN 106.9.67.10:5560 tcp
N/A 10.127.0.10:7070 tcp
CN 106.9.67.10:5601 tcp
N/A 10.127.0.10:7071 tcp
N/A 10.127.9.66:445 tcp
CN 106.9.67.10:5672 tcp
N/A 10.127.0.10:7080 tcp
CN 106.9.67.10:5800 tcp
N/A 10.127.0.10:7415 tcp
CN 106.9.67.10:5801 tcp
N/A 10.127.9.77:445 tcp
N/A 10.127.0.10:7474 tcp
CN 106.9.67.10:5900 tcp
N/A 10.127.0.10:7547 tcp
N/A 10.127.9.71:445 tcp
CN 106.9.67.10:5901 tcp
N/A 10.127.0.10:7548 tcp
CN 106.9.67.10:5938 tcp
N/A 10.127.0.10:7657 tcp
CN 106.9.67.10:5984 tcp
N/A 10.127.9.70:445 tcp
N/A 10.127.0.10:7777 tcp
CN 106.9.67.10:5985 tcp
N/A 10.127.0.10:7779 tcp
N/A 10.127.9.72:445 tcp
CN 106.9.67.10:5986 tcp
N/A 10.127.9.82:445 tcp
N/A 10.127.0.10:7890 tcp
CN 106.9.67.10:6000 tcp
N/A 10.127.9.83:445 tcp
N/A 10.127.0.10:8000 tcp
N/A 10.127.9.75:445 tcp
CN 106.9.67.10:6001 tcp
N/A 10.127.0.10:8001 tcp
N/A 10.127.9.87:445 tcp
N/A 10.127.9.78:445 tcp
N/A 10.127.9.80:445 tcp
CN 106.9.67.10:6060 tcp
N/A 10.127.9.73:445 tcp
N/A 10.127.9.74:445 tcp
N/A 10.127.9.76:445 tcp
N/A 10.127.9.79:445 tcp
N/A 10.127.9.81:445 tcp
N/A 10.127.9.84:445 tcp
N/A 10.127.9.85:445 tcp
N/A 10.127.9.86:445 tcp
N/A 10.127.9.88:445 tcp
N/A 10.127.0.10:8002 tcp
CN 106.9.67.10:6664 tcp
N/A 10.127.9.89:445 tcp
N/A 10.127.0.10:8008 tcp
N/A 10.127.9.90:445 tcp
CN 106.9.67.10:6666 tcp
N/A 10.127.0.10:8009 tcp
N/A 10.127.9.91:445 tcp
CN 106.9.67.10:6668 tcp
N/A 10.127.0.10:8010 tcp
CN 106.9.67.10:7001 tcp
N/A 10.127.9.92:445 tcp
N/A 10.127.0.10:8012 tcp
N/A 10.127.9.93:445 tcp
CN 106.9.67.10:7070 tcp
N/A 10.127.0.10:8020 tcp
CN 106.9.67.10:7071 tcp
N/A 10.127.9.94:445 tcp
N/A 10.127.0.10:8030 tcp
N/A 10.127.9.95:445 tcp
CN 106.9.67.10:7080 tcp
N/A 10.127.0.10:8040 tcp
CN 106.9.67.10:7415 tcp
N/A 10.127.9.96:445 tcp
N/A 10.127.0.10:8050 tcp
CN 106.9.67.10:7474 tcp
N/A 10.127.0.10:8060 tcp
CN 106.9.67.10:7547 tcp
N/A 10.127.0.10:8069 tcp
N/A 10.127.9.97:445 tcp
CN 106.9.67.10:7548 tcp
N/A 10.127.0.10:8070 tcp
CN 106.9.67.10:7657 tcp
N/A 10.127.0.10:8080 tcp
CN 106.9.67.10:7777 tcp
N/A 10.127.0.10:8081 tcp
CN 106.9.67.10:7779 tcp
N/A 10.127.0.10:8082 tcp
CN 106.9.67.10:7890 tcp
N/A 10.127.0.10:8083 tcp
CN 106.9.67.10:8000 tcp
N/A 10.127.0.10:8084 tcp
N/A 10.127.9.102:445 tcp
CN 106.9.67.10:8001 tcp
N/A 10.127.0.10:8085 tcp
CN 106.9.67.10:8002 tcp
N/A 10.127.0.10:8086 tcp
N/A 10.127.9.105:445 tcp
CN 106.9.67.10:8008 tcp
N/A 10.127.9.101:445 tcp
N/A 10.127.0.10:8087 tcp
CN 106.9.67.10:8009 tcp
N/A 10.127.0.10:8088 tcp
CN 106.9.67.10:8010 tcp
N/A 10.127.9.98:445 tcp
N/A 10.127.0.10:8089 tcp
N/A 10.127.9.100:445 tcp
CN 106.9.67.10:8012 tcp
N/A 10.127.0.10:8090 tcp
CN 106.9.67.10:8020 tcp
N/A 10.127.0.10:8098 tcp
CN 106.9.67.10:8030 tcp
N/A 10.127.0.10:8099 tcp
CN 106.9.67.10:8040 tcp
N/A 10.127.0.10:8101 tcp
CN 106.9.67.10:8050 tcp
N/A 10.127.0.10:8112 tcp
N/A 10.127.9.114:445 tcp
N/A 10.127.9.108:445 tcp
CN 106.9.67.10:8060 tcp
N/A 10.127.9.104:445 tcp
N/A 10.127.0.10:8123 tcp
CN 106.9.67.10:8069 tcp
N/A 10.127.9.99:445 tcp
N/A 10.127.9.106:445 tcp
N/A 10.127.0.10:8126 tcp
N/A 10.127.9.111:445 tcp
CN 106.9.67.10:8070 tcp
N/A 10.127.9.107:445 tcp
N/A 10.127.9.116:445 tcp
N/A 10.127.0.10:8139 tcp
CN 106.9.67.10:8080 tcp
N/A 10.127.0.10:8140 tcp
CN 106.9.67.10:8081 tcp
N/A 10.127.0.10:8181 tcp
N/A 10.127.9.113:445 tcp
N/A 10.127.9.103:445 tcp
CN 106.9.67.10:8082 tcp
N/A 10.127.0.10:8334 tcp
CN 106.9.67.10:8083 tcp
N/A 10.127.0.10:8443 tcp
CN 106.9.67.10:8084 tcp
N/A 10.127.9.122:445 tcp
N/A 10.127.0.10:8554 tcp
N/A 10.127.9.109:445 tcp
N/A 10.127.9.110:445 tcp
N/A 10.127.9.120:445 tcp
CN 106.9.67.10:8085 tcp
N/A 10.127.0.10:8686 tcp
CN 106.9.67.10:8086 tcp
N/A 10.127.0.10:8800 tcp
CN 106.9.67.10:8087 tcp
N/A 10.127.0.10:8834 tcp
CN 106.9.67.10:8088 tcp
N/A 10.127.9.117:445 tcp
N/A 10.127.0.10:8866 tcp
CN 106.9.67.10:8089 tcp
N/A 10.127.0.10:8880 tcp
CN 106.9.67.10:8090 tcp
N/A 10.127.0.10:8883 tcp
N/A 10.127.9.112:445 tcp
N/A 10.127.9.115:445 tcp
CN 106.9.67.10:8098 tcp
N/A 10.127.0.10:8888 tcp
CN 106.9.67.10:8099 tcp
N/A 10.127.0.10:8889 tcp
N/A 10.127.9.124:445 tcp
CN 106.9.67.10:8101 tcp
N/A 10.127.0.10:9000 tcp
N/A 10.127.9.123:445 tcp
N/A 10.127.9.118:445 tcp
N/A 10.127.9.119:445 tcp
N/A 10.127.9.121:445 tcp
N/A 10.127.9.125:445 tcp
N/A 10.127.9.126:445 tcp
N/A 10.127.9.127:445 tcp
N/A 10.127.9.128:445 tcp
N/A 10.127.9.129:445 tcp
N/A 10.127.9.130:445 tcp
N/A 10.127.9.131:445 tcp
N/A 10.127.9.132:445 tcp
CN 106.9.67.10:8112 tcp
N/A 10.127.0.10:9001 tcp
CN 106.9.67.10:8123 tcp
N/A 10.127.9.133:445 tcp
N/A 10.127.0.10:9002 tcp
CN 106.9.67.10:8126 tcp
N/A 10.127.9.134:445 tcp
N/A 10.127.0.10:9008 tcp
CN 106.9.67.10:8139 tcp
N/A 10.127.9.135:445 tcp
N/A 10.127.0.10:9009 tcp
CN 106.9.67.10:8140 tcp
N/A 10.127.9.136:445 tcp
N/A 10.127.0.10:9051 tcp
CN 106.9.67.10:8181 tcp
N/A 10.127.9.137:445 tcp
N/A 10.127.0.10:9080 tcp
CN 106.9.67.10:8334 tcp
N/A 10.127.9.138:445 tcp
N/A 10.127.0.10:9081 tcp
CN 106.9.67.10:8443 tcp
N/A 10.127.0.10:9090 tcp
CN 106.9.67.10:8554 tcp
N/A 10.127.0.10:9091 tcp
N/A 10.127.9.139:445 tcp
CN 106.9.67.10:8686 tcp
N/A 10.127.0.10:9100 tcp
CN 106.9.67.10:8800 tcp
N/A 10.127.0.10:9151 tcp
CN 106.9.67.10:8834 tcp
N/A 10.127.0.10:9180 tcp
N/A 10.127.9.141:445 tcp
CN 106.9.67.10:8866 tcp
N/A 10.127.9.144:445 tcp
N/A 10.127.0.10:9191 tcp
CN 106.9.67.10:8880 tcp
N/A 10.127.0.10:9200 tcp
N/A 10.127.9.143:445 tcp
CN 106.9.67.10:8883 tcp
N/A 10.127.0.10:9295 tcp
CN 106.9.67.10:8888 tcp
N/A 10.127.0.10:9418 tcp
CN 106.9.67.10:8889 tcp
N/A 10.127.0.10:9443 tcp
CN 106.9.67.10:9000 tcp
N/A 10.127.0.10:9595 tcp
CN 106.9.67.10:9001 tcp
N/A 10.127.9.149:445 tcp
N/A 10.127.0.10:9600 tcp
CN 106.9.67.10:9002 tcp
N/A 10.127.0.10:9633 tcp
CN 106.9.67.10:9008 tcp
N/A 10.127.0.10:9869 tcp
N/A 10.127.9.140:445 tcp
CN 106.9.67.10:9009 tcp
N/A 10.127.0.10:9943 tcp
CN 106.9.67.10:9051 tcp
N/A 10.127.0.10:9944 tcp
N/A 10.127.9.142:445 tcp
CN 106.9.67.10:9080 tcp
N/A 10.127.0.10:9981 tcp
CN 106.9.67.10:9081 tcp
N/A 10.127.0.10:9999 tcp
N/A 10.127.9.155:445 tcp
CN 106.9.67.10:9090 tcp
N/A 10.127.9.151:445 tcp
N/A 10.127.0.10:10000 tcp
CN 106.9.67.10:9091 tcp
N/A 10.127.0.10:10080 tcp
N/A 10.127.9.148:445 tcp
CN 106.9.67.10:9100 tcp
N/A 10.127.0.10:10081 tcp
N/A 10.127.9.145:445 tcp
N/A 10.127.9.147:445 tcp
CN 106.9.67.10:9151 tcp
N/A 10.127.0.10:10134 tcp
N/A 10.127.9.157:445 tcp
N/A 10.127.9.153:445 tcp
N/A 10.127.9.156:445 tcp
CN 106.9.67.10:9180 tcp
N/A 10.127.0.10:10243 tcp
N/A 10.127.9.146:445 tcp
CN 106.9.67.10:9191 tcp
N/A 10.127.0.10:10554 tcp
N/A 10.127.9.159:445 tcp
CN 106.9.67.10:9200 tcp
N/A 10.127.9.154:445 tcp
N/A 10.127.0.10:11211 tcp
N/A 10.127.9.163:445 tcp
CN 106.9.67.10:9295 tcp
N/A 10.127.9.150:445 tcp
N/A 10.127.0.10:12345 tcp
CN 106.9.67.10:9418 tcp
N/A 10.127.0.10:13579 tcp
CN 106.9.67.10:9443 tcp
N/A 10.127.9.161:445 tcp
N/A 10.127.0.10:16010 tcp
N/A 10.127.9.160:445 tcp
CN 106.9.67.10:9595 tcp
N/A 10.127.0.10:16992 tcp
N/A 10.127.9.152:445 tcp
N/A 10.127.9.166:445 tcp
CN 106.9.67.10:9600 tcp
N/A 10.127.0.10:16993 tcp
CN 106.9.67.10:9633 tcp
N/A 10.127.0.10:18245 tcp
CN 106.9.67.10:9869 tcp
N/A 10.127.0.10:20000 tcp
CN 106.9.67.10:9943 tcp
N/A 10.127.0.10:20547 tcp
CN 106.9.67.10:9944 tcp
N/A 10.127.9.165:445 tcp
N/A 10.127.9.158:445 tcp
N/A 10.127.0.10:21379 tcp
CN 106.9.67.10:9981 tcp
N/A 10.127.0.10:23424 tcp
N/A 10.127.9.169:445 tcp
CN 106.9.67.10:9999 tcp
N/A 10.127.0.10:25105 tcp
CN 106.9.67.10:10000 tcp
N/A 10.127.9.170:445 tcp
N/A 10.127.0.10:28017 tcp
N/A 10.127.9.171:445 tcp
N/A 10.127.9.162:445 tcp
N/A 10.127.9.164:445 tcp
N/A 10.127.9.167:445 tcp
N/A 10.127.9.168:445 tcp
N/A 10.127.9.172:445 tcp
N/A 10.127.9.173:445 tcp
N/A 10.127.9.174:445 tcp
N/A 10.127.9.175:445 tcp
N/A 10.127.9.176:445 tcp
CN 106.9.67.10:10080 tcp
N/A 10.127.0.10:32400 tcp
N/A 10.127.9.177:445 tcp
CN 106.9.67.10:10081 tcp
N/A 10.127.0.10:33338 tcp
N/A 10.127.9.178:445 tcp
CN 106.9.67.10:10134 tcp
N/A 10.127.0.10:33550 tcp
N/A 10.127.9.179:445 tcp
CN 106.9.67.10:10243 tcp
N/A 10.127.0.10:37215 tcp
CN 106.9.67.10:10554 tcp
N/A 10.127.9.180:445 tcp
N/A 10.127.0.10:37777 tcp
CN 106.9.67.10:11211 tcp
N/A 10.127.9.181:445 tcp
N/A 10.127.0.10:44818 tcp
CN 106.9.67.10:12345 tcp
N/A 10.127.0.10:49152 tcp
CN 106.9.67.10:13579 tcp
N/A 10.127.0.10:49153 tcp
CN 106.9.67.10:16010 tcp
N/A 10.127.0.10:50070 tcp
CN 106.9.67.10:16992 tcp
N/A 10.127.9.182:445 tcp
N/A 10.127.0.10:51106 tcp
CN 106.9.67.10:16993 tcp
N/A 10.127.0.10:54138 tcp
N/A 10.127.9.183:445 tcp
CN 106.9.67.10:18245 tcp
N/A 10.127.0.10:54984 tcp
CN 106.9.67.10:20000 tcp
N/A 10.127.0.10:55443 tcp
CN 106.9.67.10:20547 tcp
N/A 10.127.0.10:55553 tcp
CN 106.9.67.10:21379 tcp
N/A 10.127.0.10:60129 tcp
N/A 10.127.9.186:445 tcp
N/A 10.127.9.185:445 tcp
N/A 10.127.9.190:445 tcp
CN 106.9.67.10:23424 tcp
N/A 10.127.0.10:62078 tcp
CN 106.9.67.10:25105 tcp
CN 106.9.67.10:28017 tcp
CN 106.9.67.10:32400 tcp
CN 106.9.67.10:33338 tcp
N/A 10.127.9.191:445 tcp
N/A 10.127.9.194:445 tcp
CN 106.9.67.10:33550 tcp
N/A 10.127.9.193:445 tcp
CN 106.9.67.10:37215 tcp
N/A 10.127.9.184:445 tcp
CN 106.9.67.10:37777 tcp
N/A 10.127.0.11:89 tcp
CN 106.9.67.10:44818 tcp
N/A 10.127.0.11:90 tcp
CN 106.9.67.10:49152 tcp
N/A 10.127.0.11:99 tcp
N/A 10.127.9.189:445 tcp
CN 106.9.67.10:49153 tcp
N/A 10.127.0.11:102 tcp
CN 106.9.67.10:50070 tcp
N/A 10.127.9.187:445 tcp
N/A 10.127.0.11:104 tcp
CN 106.9.67.10:51106 tcp
N/A 10.127.9.188:445 tcp
N/A 10.127.0.11:113 tcp
CN 106.9.67.10:54138 tcp
N/A 10.127.9.198:445 tcp
N/A 10.127.0.11:175 tcp
CN 106.9.67.10:54984 tcp
N/A 10.127.0.11:179 tcp
CN 106.9.67.10:55443 tcp
N/A 10.127.9.192:445 tcp
N/A 10.127.0.11:195 tcp
CN 106.9.67.10:55553 tcp
N/A 10.127.0.11:264 tcp
CN 106.9.67.10:60129 tcp
N/A 10.127.9.206:445 tcp
N/A 10.127.0.11:311 tcp
N/A 10.127.9.195:445 tcp
N/A 10.127.9.196:445 tcp
N/A 10.127.9.199:445 tcp
CN 106.9.67.10:62078 tcp
N/A 10.127.0.11:389 tcp
CN 106.9.67.11:80 tcp
N/A 10.127.0.11:443 tcp
N/A 10.127.9.209:445 tcp
N/A 10.127.9.203:445 tcp
N/A 10.127.9.210:445 tcp
CN 106.9.67.11:81 tcp
N/A 10.127.0.11:444 tcp
CN 106.9.67.11:82 tcp
N/A 10.127.9.197:445 tcp
N/A 10.127.0.11:515 tcp
N/A 10.127.9.212:445 tcp
CN 106.9.67.11:83 tcp
N/A 10.127.9.208:445 tcp
N/A 10.127.0.11:554 tcp
CN 106.9.67.11:84 tcp
N/A 10.127.0.11:631 tcp
N/A 10.127.9.201:445 tcp
CN 106.9.67.11:88 tcp
N/A 10.127.0.11:789 tcp
N/A 10.127.9.200:445 tcp
CN 106.9.67.11:89 tcp
N/A 10.127.9.205:445 tcp
N/A 10.127.9.214:445 tcp
N/A 10.127.0.11:1010 tcp
CN 106.9.67.11:90 tcp
N/A 10.127.0.11:1099 tcp
N/A 10.127.9.202:445 tcp
CN 106.9.67.11:99 tcp
N/A 10.127.0.11:1111 tcp
CN 106.9.67.11:102 tcp
N/A 10.127.0.11:1177 tcp
N/A 10.127.0.11:80 tcp
N/A 10.127.0.11:81 tcp
N/A 10.127.0.11:82 tcp
N/A 10.127.0.11:83 tcp
N/A 10.127.0.11:84 tcp
N/A 10.127.0.11:88 tcp
N/A 10.127.9.204:445 tcp
N/A 10.127.9.207:445 tcp
N/A 10.127.9.211:445 tcp
N/A 10.127.9.213:445 tcp
N/A 10.127.9.215:445 tcp
N/A 10.127.9.216:445 tcp
N/A 10.127.9.217:445 tcp
N/A 10.127.9.218:445 tcp
N/A 10.127.9.219:445 tcp
N/A 10.127.9.220:445 tcp
CN 106.9.67.11:104 tcp
N/A 10.127.0.11:1200 tcp
CN 106.9.67.11:113 tcp
N/A 10.127.9.221:445 tcp
N/A 10.127.0.11:1234 tcp
N/A 10.127.9.222:445 tcp
CN 106.9.67.11:175 tcp
N/A 10.127.0.11:1311 tcp
N/A 10.127.9.223:445 tcp
CN 106.9.67.11:179 tcp
N/A 10.127.0.11:1400 tcp
CN 106.9.67.11:195 tcp
N/A 10.127.9.224:445 tcp
N/A 10.127.0.11:1471 tcp
CN 106.9.67.11:264 tcp
N/A 10.127.0.11:1515 tcp
CN 106.9.67.11:311 tcp
N/A 10.127.0.11:1521 tcp
CN 106.9.67.11:389 tcp
N/A 10.127.0.11:1599 tcp
CN 106.9.67.11:443 tcp
N/A 10.127.0.11:1723 tcp
CN 106.9.67.11:444 tcp
N/A 10.127.0.11:1741 tcp
CN 106.9.67.11:515 tcp
N/A 10.127.0.11:1777 tcp
N/A 10.127.9.225:445 tcp
CN 106.9.67.11:554 tcp
N/A 10.127.0.11:1911 tcp
CN 106.9.67.11:631 tcp
N/A 10.127.0.11:1962 tcp
CN 106.9.67.11:789 tcp
N/A 10.127.9.230:445 tcp
N/A 10.127.0.11:1991 tcp
CN 106.9.67.11:1010 tcp
N/A 10.127.0.11:2000 tcp
CN 106.9.67.11:1099 tcp
N/A 10.127.0.11:2081 tcp
CN 106.9.67.11:1111 tcp
N/A 10.127.0.11:2082 tcp
CN 106.9.67.11:1177 tcp
N/A 10.127.9.226:445 tcp
N/A 10.127.0.11:2083 tcp
CN 106.9.67.11:1200 tcp
N/A 10.127.0.11:2086 tcp
N/A 10.127.9.231:445 tcp
CN 106.9.67.11:1234 tcp
N/A 10.127.9.228:445 tcp
N/A 10.127.0.11:2087 tcp
CN 106.9.67.11:1311 tcp
N/A 10.127.0.11:2181 tcp
CN 106.9.67.11:1400 tcp
N/A 10.127.9.227:445 tcp
N/A 10.127.0.11:2222 tcp
N/A 10.127.9.233:445 tcp
CN 106.9.67.11:1471 tcp
N/A 10.127.0.11:2375 tcp
CN 106.9.67.11:1515 tcp
N/A 10.127.9.240:445 tcp
N/A 10.127.0.11:2376 tcp
N/A 10.127.9.229:445 tcp
CN 106.9.67.11:1521 tcp
N/A 10.127.0.11:2404 tcp
CN 106.9.67.11:1599 tcp
N/A 10.127.0.11:2455 tcp
N/A 10.127.9.236:445 tcp
N/A 10.127.9.245:445 tcp
N/A 10.127.9.244:445 tcp
CN 106.9.67.11:1723 tcp
N/A 10.127.0.11:2480 tcp
CN 106.9.67.11:1741 tcp
N/A 10.127.9.235:445 tcp
N/A 10.127.0.11:2628 tcp
N/A 10.127.9.232:445 tcp
N/A 10.127.9.239:445 tcp
CN 106.9.67.11:1777 tcp
N/A 10.127.0.11:3000 tcp
CN 106.9.67.11:1911 tcp
N/A 10.127.0.11:3001 tcp
N/A 10.127.9.246:445 tcp
N/A 10.127.9.243:445 tcp
CN 106.9.67.11:1962 tcp
N/A 10.127.9.250:445 tcp
N/A 10.127.0.11:3128 tcp
N/A 10.127.9.234:445 tcp
CN 106.9.67.11:1991 tcp
N/A 10.127.0.11:3260 tcp
CN 106.9.67.11:2000 tcp
N/A 10.127.9.238:445 tcp
N/A 10.127.0.11:3299 tcp
N/A 10.127.9.237:445 tcp
CN 106.9.67.11:2081 tcp
N/A 10.127.9.242:445 tcp
N/A 10.127.0.11:3310 tcp
N/A 10.127.9.248:445 tcp
CN 106.9.67.11:2082 tcp
N/A 10.127.0.11:3388 tcp
N/A 10.127.9.249:445 tcp
CN 106.9.67.11:2083 tcp
N/A 10.127.0.11:3389 tcp
CN 106.9.67.11:2086 tcp
N/A 10.127.10.0:445 tcp
N/A 10.127.0.11:3460 tcp
CN 106.9.67.11:2087 tcp
N/A 10.127.9.241:445 tcp
N/A 10.127.0.11:3541 tcp
CN 106.9.67.11:2181 tcp
N/A 10.127.0.11:3542 tcp
N/A 10.127.10.3:445 tcp
CN 106.9.67.11:2222 tcp
N/A 10.127.9.253:445 tcp
N/A 10.127.0.11:3689 tcp
N/A 10.127.10.1:445 tcp
CN 106.9.67.11:2375 tcp
US 128.31.0.39:9101 tcp
N/A 10.127.0.11:3749 tcp
CN 106.9.67.11:2376 tcp
N/A 10.127.0.11:3780 tcp
N/A 10.127.9.247:445 tcp
CN 106.9.67.11:2404 tcp
N/A 10.127.0.11:3790 tcp
CN 106.9.67.11:2455 tcp
N/A 10.127.9.251:445 tcp
N/A 10.127.9.252:445 tcp
N/A 10.127.9.254:445 tcp
N/A 10.127.10.2:445 tcp
N/A 10.127.10.4:445 tcp
N/A 10.127.10.5:445 tcp
N/A 10.127.10.6:445 tcp
N/A 10.127.10.7:445 tcp
N/A 10.127.10.8:445 tcp
N/A 10.127.0.11:4000 tcp
N/A 10.127.10.9:445 tcp
CN 106.9.67.11:2480 tcp
N/A 10.127.0.11:4022 tcp
N/A 10.127.10.10:445 tcp
CN 106.9.67.11:2628 tcp
N/A 10.127.0.11:4040 tcp
CN 106.9.67.11:3000 tcp
N/A 10.127.10.11:445 tcp
N/A 10.127.0.11:4157 tcp
N/A 10.127.10.12:445 tcp
CN 106.9.67.11:3001 tcp
N/A 10.127.0.11:4443 tcp
N/A 10.127.10.13:445 tcp
CN 106.9.67.11:3128 tcp
N/A 10.127.0.11:4444 tcp
CN 106.9.67.11:3260 tcp
N/A 10.127.0.11:4567 tcp
CN 106.9.67.11:3299 tcp
N/A 10.127.0.11:4664 tcp
N/A 10.127.10.14:445 tcp
CN 106.9.67.11:3310 tcp
N/A 10.127.0.11:4782 tcp
N/A 10.127.10.16:445 tcp
CN 106.9.67.11:3388 tcp
N/A 10.127.0.11:4786 tcp
CN 106.9.67.11:3389 tcp
N/A 10.127.0.11:4848 tcp
CN 106.9.67.11:3460 tcp
N/A 10.127.0.11:4911 tcp
CN 106.9.67.11:3541 tcp
N/A 10.127.0.11:5000 tcp
CN 106.9.67.11:3542 tcp
N/A 10.127.10.21:445 tcp
N/A 10.127.0.11:5001 tcp
CN 106.9.67.11:3689 tcp
N/A 10.127.10.22:445 tcp
N/A 10.127.0.11:5007 tcp
CN 106.9.67.11:3749 tcp
N/A 10.127.0.11:5009 tcp
CN 106.9.67.11:3780 tcp
N/A 10.127.10.19:445 tcp
N/A 10.127.0.11:5055 tcp
CN 106.9.67.11:3790 tcp
N/A 10.127.0.11:5222 tcp
N/A 10.127.10.24:445 tcp
CN 106.9.67.11:4000 tcp
N/A 10.127.10.15:445 tcp
N/A 10.127.0.11:5269 tcp
N/A 10.127.10.18:445 tcp
CN 106.9.67.11:4022 tcp
N/A 10.127.10.27:445 tcp
N/A 10.127.0.11:5357 tcp
CN 106.9.67.11:4040 tcp
N/A 10.127.0.11:5555 tcp
CN 106.9.67.11:4157 tcp
N/A 10.127.0.11:5560 tcp
CN 106.9.67.11:4443 tcp
N/A 10.127.0.11:5601 tcp
N/A 10.127.10.17:445 tcp
CN 106.9.67.11:4444 tcp
N/A 10.127.0.11:5672 tcp
CN 106.9.67.11:4567 tcp
N/A 10.127.10.29:445 tcp
N/A 10.127.0.11:5800 tcp
CN 106.9.67.11:4664 tcp
N/A 10.127.10.25:445 tcp
N/A 10.127.0.11:5801 tcp
CN 106.9.67.11:4782 tcp
N/A 10.127.0.11:5900 tcp
N/A 10.127.10.28:445 tcp
CN 106.9.67.11:4786 tcp
N/A 10.127.10.33:445 tcp
N/A 10.127.0.11:5901 tcp
N/A 10.127.10.31:445 tcp
CN 106.9.67.11:4848 tcp
N/A 10.127.0.11:5938 tcp
N/A 10.127.10.20:445 tcp
N/A 10.127.10.23:445 tcp
CN 106.9.67.11:4911 tcp
N/A 10.127.0.11:5984 tcp
N/A 10.127.10.26:445 tcp
N/A 10.127.10.32:445 tcp
CN 106.9.67.11:5000 tcp
N/A 10.127.0.11:5985 tcp
CN 106.9.67.11:5001 tcp
N/A 10.127.0.11:5986 tcp
N/A 10.127.10.34:445 tcp
N/A 10.127.10.35:445 tcp
CN 106.9.67.11:5007 tcp
N/A 10.127.0.11:6000 tcp
CN 106.9.67.11:5009 tcp
N/A 10.127.10.36:445 tcp
N/A 10.127.0.11:6001 tcp
N/A 10.127.10.30:445 tcp
CN 106.9.67.11:5055 tcp
N/A 10.127.0.11:6060 tcp
N/A 10.127.10.39:445 tcp
CN 106.9.67.11:5222 tcp
N/A 10.127.0.11:6664 tcp
CN 106.9.67.11:5269 tcp
N/A 10.127.0.11:6666 tcp
CN 106.9.67.11:5357 tcp
N/A 10.127.0.11:6668 tcp
CN 106.9.67.11:5555 tcp
N/A 10.127.0.11:7001 tcp
CN 106.9.67.11:5560 tcp
N/A 10.127.10.45:445 tcp
N/A 10.127.0.11:7070 tcp
CN 106.9.67.11:5601 tcp
N/A 10.127.0.11:7071 tcp
CN 106.9.67.11:5672 tcp
N/A 10.127.0.11:7080 tcp
CN 106.9.67.11:5800 tcp
N/A 10.127.0.11:7415 tcp
CN 106.9.67.11:5801 tcp
N/A 10.127.0.11:7474 tcp
N/A 10.127.10.46:445 tcp
N/A 10.127.10.37:445 tcp
N/A 10.127.10.38:445 tcp
N/A 10.127.10.40:445 tcp
N/A 10.127.10.41:445 tcp
N/A 10.127.10.42:445 tcp
N/A 10.127.10.43:445 tcp
N/A 10.127.10.44:445 tcp
N/A 10.127.10.47:445 tcp
N/A 10.127.10.48:445 tcp
N/A 10.127.10.49:445 tcp
N/A 10.127.10.50:445 tcp
N/A 10.127.10.51:445 tcp
N/A 10.127.10.52:445 tcp
CN 106.9.67.11:5900 tcp
N/A 10.127.0.11:7547 tcp
N/A 10.127.10.53:445 tcp
CN 106.9.67.11:5901 tcp
N/A 10.127.0.11:7548 tcp
N/A 10.127.10.54:445 tcp
CN 106.9.67.11:5938 tcp
N/A 10.127.0.11:7657 tcp
CN 106.9.67.11:5984 tcp
N/A 10.127.0.11:7777 tcp
CN 106.9.67.11:5985 tcp
N/A 10.127.0.11:7779 tcp
CN 106.9.67.11:5986 tcp
N/A 10.127.0.11:7890 tcp
CN 106.9.67.11:6000 tcp
N/A 10.127.10.56:445 tcp
N/A 10.127.0.11:8000 tcp
CN 106.9.67.11:6001 tcp
N/A 10.127.0.11:8001 tcp
CN 106.9.67.11:6060 tcp
N/A 10.127.0.11:8002 tcp
N/A 10.127.10.55:445 tcp
CN 106.9.67.11:6664 tcp
N/A 10.127.0.11:8008 tcp
CN 106.9.67.11:6666 tcp
N/A 10.127.0.11:8009 tcp
CN 106.9.67.11:6668 tcp
N/A 10.127.0.11:8010 tcp
CN 106.9.67.11:7001 tcp
N/A 10.127.0.11:8012 tcp
CN 106.9.67.11:7070 tcp
N/A 10.127.0.11:8020 tcp
CN 106.9.67.11:7071 tcp
N/A 10.127.0.11:8030 tcp
N/A 10.127.10.66:445 tcp
CN 106.9.67.11:7080 tcp
N/A 10.127.0.11:8040 tcp
CN 106.9.67.11:7415 tcp
N/A 10.127.0.11:8050 tcp
CN 106.9.67.11:7474 tcp
N/A 10.127.0.11:8060 tcp
N/A 10.127.10.61:445 tcp
CN 106.9.67.11:7547 tcp
N/A 10.127.10.60:445 tcp
N/A 10.127.10.63:445 tcp
N/A 10.127.0.11:8069 tcp
CN 106.9.67.11:7548 tcp
N/A 10.127.10.67:445 tcp
N/A 10.127.0.11:8070 tcp
CN 106.9.67.11:7657 tcp
N/A 10.127.10.64:445 tcp
N/A 10.127.0.11:8080 tcp
CN 106.9.67.11:7777 tcp
N/A 10.127.10.58:445 tcp
N/A 10.127.0.11:8081 tcp
N/A 10.127.10.57:445 tcp
N/A 10.127.10.59:445 tcp
CN 106.9.67.11:7779 tcp
N/A 10.127.0.11:8082 tcp
CN 106.9.67.11:7890 tcp
N/A 10.127.10.74:445 tcp
N/A 10.127.0.11:8083 tcp
N/A 10.127.10.62:445 tcp
CN 106.9.67.11:8000 tcp
N/A 10.127.0.11:8084 tcp
CN 106.9.67.11:8001 tcp
N/A 10.127.0.11:8085 tcp
CN 106.9.67.11:8002 tcp
N/A 10.127.0.11:8086 tcp
CN 106.9.67.11:8008 tcp
N/A 10.127.10.70:445 tcp
N/A 10.127.10.77:445 tcp
N/A 10.127.10.73:445 tcp
N/A 10.127.0.11:8087 tcp
N/A 10.127.10.65:445 tcp
CN 106.9.67.11:8009 tcp
N/A 10.127.0.11:8088 tcp
CN 106.9.67.11:8010 tcp
N/A 10.127.10.68:445 tcp
N/A 10.127.10.71:445 tcp
N/A 10.127.0.11:8089 tcp
CN 106.9.67.11:8012 tcp
N/A 10.127.0.11:8090 tcp
CN 106.9.67.11:8020 tcp
N/A 10.127.0.11:8098 tcp
CN 106.9.67.11:8030 tcp
N/A 10.127.0.11:8099 tcp
N/A 10.127.10.75:445 tcp
CN 106.9.67.11:8040 tcp
N/A 10.127.10.80:445 tcp
N/A 10.127.10.85:445 tcp
N/A 10.127.0.11:8101 tcp
N/A 10.127.10.69:445 tcp
N/A 10.127.10.79:445 tcp
N/A 10.127.10.72:445 tcp
CN 106.9.67.11:8050 tcp
N/A 10.127.0.11:8112 tcp
CN 106.9.67.11:8060 tcp
N/A 10.127.0.11:8123 tcp
N/A 10.127.10.81:445 tcp
N/A 10.127.10.87:445 tcp
CN 106.9.67.11:8069 tcp
N/A 10.127.0.11:8126 tcp
N/A 10.127.10.84:445 tcp
CN 106.9.67.11:8070 tcp
N/A 10.127.0.11:8139 tcp
N/A 10.127.10.78:445 tcp
CN 106.9.67.11:8080 tcp
N/A 10.127.0.11:8140 tcp
CN 106.9.67.11:8081 tcp
N/A 10.127.0.11:8181 tcp
CN 106.9.67.11:8082 tcp
N/A 10.127.0.11:8334 tcp
N/A 10.127.10.86:445 tcp
N/A 10.127.10.76:445 tcp
CN 106.9.67.11:8083 tcp
N/A 10.127.10.93:445 tcp
N/A 10.127.0.11:8443 tcp
CN 106.9.67.11:8084 tcp
N/A 10.127.10.82:445 tcp
N/A 10.127.0.11:8554 tcp
N/A 10.127.10.89:445 tcp
CN 106.9.67.11:8085 tcp
N/A 10.127.0.11:8686 tcp
N/A 10.127.10.83:445 tcp
N/A 10.127.10.88:445 tcp
N/A 10.127.10.90:445 tcp
N/A 10.127.10.91:445 tcp
N/A 10.127.10.92:445 tcp
N/A 10.127.10.94:445 tcp
N/A 10.127.10.95:445 tcp
CN 106.9.67.11:8086 tcp
N/A 10.127.10.96:445 tcp
N/A 10.127.0.11:8800 tcp
N/A 10.127.10.97:445 tcp
CN 106.9.67.11:8087 tcp
N/A 10.127.0.11:8834 tcp
CN 106.9.67.11:8088 tcp
N/A 10.127.10.98:445 tcp
N/A 10.127.0.11:8866 tcp
CN 106.9.67.11:8089 tcp
N/A 10.127.0.11:8880 tcp
CN 106.9.67.11:8090 tcp
N/A 10.127.0.11:8883 tcp
CN 106.9.67.11:8098 tcp
N/A 10.127.0.11:8888 tcp
CN 106.9.67.11:8099 tcp
N/A 10.127.0.11:8889 tcp
CN 106.9.67.11:8101 tcp
N/A 10.127.0.11:9000 tcp
N/A 10.127.10.103:445 tcp
CN 106.9.67.11:8112 tcp
N/A 10.127.0.11:9001 tcp
CN 106.9.67.11:8123 tcp
N/A 10.127.0.11:9002 tcp
N/A 10.127.10.100:445 tcp
CN 106.9.67.11:8126 tcp
N/A 10.127.0.11:9008 tcp
N/A 10.127.10.99:445 tcp
N/A 10.127.10.101:445 tcp
CN 106.9.67.11:8139 tcp
N/A 10.127.0.11:9009 tcp
N/A 10.127.10.104:445 tcp
CN 106.9.67.11:8140 tcp
N/A 10.127.0.11:9051 tcp
CN 106.9.67.11:8181 tcp
N/A 10.127.10.102:445 tcp
N/A 10.127.0.11:9080 tcp
CN 106.9.67.11:8334 tcp
N/A 10.127.0.11:9081 tcp
CN 106.9.67.11:8443 tcp
N/A 10.127.0.11:9090 tcp
CN 106.9.67.11:8554 tcp
N/A 10.127.0.11:9091 tcp
CN 106.9.67.11:8686 tcp
N/A 10.127.0.11:9100 tcp
N/A 10.127.10.107:445 tcp
CN 106.9.67.11:8800 tcp
N/A 10.127.0.11:9151 tcp
CN 106.9.67.11:8834 tcp
N/A 10.127.0.11:9180 tcp
CN 106.9.67.11:8866 tcp
N/A 10.127.0.11:9191 tcp
N/A 10.127.10.105:445 tcp
N/A 10.127.10.114:445 tcp
CN 106.9.67.11:8880 tcp
N/A 10.127.0.11:9200 tcp
CN 106.9.67.11:8883 tcp
N/A 10.127.0.11:9295 tcp
CN 106.9.67.11:8888 tcp
N/A 10.127.0.11:9418 tcp
CN 106.9.67.11:8889 tcp
N/A 10.127.0.11:9443 tcp
N/A 10.127.10.106:445 tcp
N/A 10.127.10.111:445 tcp
N/A 10.127.10.112:445 tcp
CN 106.9.67.11:9000 tcp
N/A 10.127.0.11:9595 tcp
CN 106.9.67.11:9001 tcp
N/A 10.127.10.121:445 tcp
N/A 10.127.0.11:9600 tcp
N/A 10.127.10.109:445 tcp
N/A 10.127.10.115:445 tcp
CN 106.9.67.11:9002 tcp
N/A 10.127.10.117:445 tcp
N/A 10.127.0.11:9633 tcp
N/A 10.127.10.108:445 tcp
CN 106.9.67.11:9008 tcp
N/A 10.127.0.11:9869 tcp
CN 106.9.67.11:9009 tcp
N/A 10.127.10.120:445 tcp
N/A 10.127.0.11:9943 tcp
N/A 10.127.10.113:445 tcp
N/A 10.127.10.118:445 tcp
CN 106.9.67.11:9051 tcp
N/A 10.127.10.110:445 tcp
N/A 10.127.0.11:9944 tcp
CN 106.9.67.11:9080 tcp
N/A 10.127.0.11:9981 tcp
N/A 10.127.10.124:445 tcp
CN 106.9.67.11:9081 tcp
N/A 10.127.0.11:9999 tcp
CN 106.9.67.11:9090 tcp
N/A 10.127.10.116:445 tcp
N/A 10.127.0.11:10000 tcp
CN 106.9.67.11:9091 tcp
N/A 10.127.0.11:10080 tcp
CN 106.9.67.11:9100 tcp
N/A 10.127.0.11:10081 tcp
CN 106.9.67.11:9151 tcp
N/A 10.127.0.11:10134 tcp
CN 106.9.67.11:9180 tcp
N/A 10.127.0.11:10243 tcp
CN 106.9.67.11:9191 tcp
N/A 10.127.10.119:445 tcp
N/A 10.127.0.11:10554 tcp
CN 106.9.67.11:9200 tcp
N/A 10.127.10.129:445 tcp
N/A 10.127.0.11:11211 tcp
N/A 10.127.10.122:445 tcp
CN 106.9.67.11:9295 tcp
N/A 10.127.0.11:12345 tcp
CN 106.9.67.11:9418 tcp
N/A 10.127.0.11:13579 tcp
N/A 10.127.10.123:445 tcp
CN 106.9.67.11:9443 tcp
N/A 10.127.0.11:16010 tcp
N/A 10.127.10.125:445 tcp
N/A 10.127.10.131:445 tcp
CN 106.9.67.11:9595 tcp
N/A 10.127.0.11:16992 tcp
N/A 10.127.10.126:445 tcp
N/A 10.127.10.127:445 tcp
N/A 10.127.10.128:445 tcp
N/A 10.127.10.130:445 tcp
N/A 10.127.10.132:445 tcp
N/A 10.127.10.133:445 tcp
N/A 10.127.10.134:445 tcp
N/A 10.127.10.135:445 tcp
N/A 10.127.10.136:445 tcp
N/A 10.127.10.137:445 tcp
N/A 10.127.10.138:445 tcp
N/A 10.127.10.139:445 tcp
CN 106.9.67.11:9600 tcp
N/A 10.127.10.140:445 tcp
N/A 10.127.0.11:16993 tcp
CN 106.9.67.11:9633 tcp
N/A 10.127.0.11:18245 tcp
CN 106.9.67.11:9869 tcp
N/A 10.127.10.142:445 tcp
N/A 10.127.0.11:20000 tcp
N/A 10.127.10.141:445 tcp
CN 106.9.67.11:9943 tcp
N/A 10.127.0.11:20547 tcp
CN 106.9.67.11:9944 tcp
N/A 10.127.0.11:21379 tcp
CN 106.9.67.11:9981 tcp
N/A 10.127.0.11:23424 tcp
CN 106.9.67.11:9999 tcp
N/A 10.127.0.11:25105 tcp
CN 106.9.67.11:10000 tcp
N/A 10.127.0.11:28017 tcp
CN 106.9.67.11:10080 tcp
N/A 10.127.0.11:32400 tcp
CN 106.9.67.11:10081 tcp
N/A 10.127.0.11:33338 tcp
N/A 10.127.10.143:445 tcp
CN 106.9.67.11:10134 tcp
N/A 10.127.0.11:33550 tcp
N/A 10.127.10.145:445 tcp
N/A 10.127.10.148:445 tcp
CN 106.9.67.11:10243 tcp
N/A 10.127.0.11:37215 tcp
CN 106.9.67.11:10554 tcp
N/A 10.127.0.11:37777 tcp
CN 106.9.67.11:11211 tcp
N/A 10.127.10.150:445 tcp
N/A 10.127.0.11:44818 tcp
CN 106.9.67.11:12345 tcp
N/A 10.127.10.144:445 tcp
N/A 10.127.0.11:49152 tcp
CN 106.9.67.11:13579 tcp
N/A 10.127.0.11:49153 tcp
N/A 10.127.10.146:445 tcp
CN 106.9.67.11:16010 tcp
N/A 10.127.0.11:50070 tcp
N/A 10.127.10.147:445 tcp
CN 106.9.67.11:16992 tcp
N/A 10.127.0.11:51106 tcp
CN 106.9.67.11:16993 tcp
N/A 10.127.0.11:54138 tcp
N/A 10.127.10.149:445 tcp
CN 106.9.67.11:18245 tcp
N/A 10.127.0.11:54984 tcp
CN 106.9.67.11:20000 tcp
N/A 10.127.0.11:55443 tcp
CN 106.9.67.11:20547 tcp
N/A 10.127.0.11:55553 tcp
N/A 10.127.10.151:445 tcp
N/A 10.127.10.152:445 tcp
N/A 10.127.10.153:445 tcp
N/A 10.127.10.154:445 tcp
N/A 10.127.10.155:445 tcp
N/A 10.127.10.156:445 tcp
N/A 10.127.10.157:445 tcp
N/A 10.127.10.158:445 tcp
N/A 10.127.10.159:445 tcp
N/A 10.127.10.160:445 tcp
N/A 10.127.10.161:445 tcp
CN 106.9.67.11:21379 tcp
N/A 10.127.10.162:445 tcp
N/A 10.127.0.11:60129 tcp
CN 106.9.67.11:23424 tcp
N/A 10.127.10.163:445 tcp
N/A 10.127.0.11:62078 tcp
N/A 10.127.10.164:445 tcp
CN 106.9.67.11:25105 tcp
N/A 10.127.0.12:80 tcp
N/A 10.127.10.165:445 tcp
CN 106.9.67.11:28017 tcp
N/A 10.127.0.12:81 tcp
N/A 10.127.10.166:445 tcp
CN 106.9.67.11:32400 tcp
N/A 10.127.0.12:82 tcp
CN 106.9.67.11:33338 tcp
N/A 10.127.10.167:445 tcp
N/A 10.127.0.12:83 tcp
CN 106.9.67.11:33550 tcp
N/A 10.127.10.168:445 tcp
N/A 10.127.0.12:84 tcp
N/A 10.127.10.169:445 tcp
CN 106.9.67.11:37215 tcp
N/A 10.127.0.12:88 tcp
N/A 10.127.10.170:445 tcp
CN 106.9.67.11:37777 tcp
N/A 10.127.0.12:89 tcp
CN 106.9.67.11:44818 tcp
N/A 10.127.10.171:445 tcp
N/A 10.127.0.12:90 tcp
CN 106.9.67.11:49152 tcp
N/A 10.127.10.172:445 tcp
N/A 10.127.0.12:99 tcp
CN 106.9.67.11:49153 tcp
N/A 10.127.10.173:445 tcp
N/A 10.127.0.12:102 tcp
N/A 10.127.10.174:445 tcp
CN 106.9.67.11:50070 tcp
N/A 10.127.0.12:104 tcp
N/A 10.127.10.175:445 tcp
CN 106.9.67.11:51106 tcp
N/A 10.127.0.12:113 tcp
CN 106.9.67.11:54138 tcp
N/A 10.127.10.176:445 tcp
N/A 10.127.0.12:175 tcp
CN 106.9.67.11:54984 tcp
N/A 10.127.10.177:445 tcp
N/A 10.127.0.12:179 tcp
CN 106.9.67.11:55443 tcp
N/A 10.127.10.178:445 tcp
N/A 10.127.0.12:195 tcp
CN 106.9.67.11:55553 tcp
N/A 10.127.10.179:445 tcp
N/A 10.127.0.12:264 tcp
N/A 10.127.10.180:445 tcp
CN 106.9.67.11:60129 tcp
N/A 10.127.0.12:311 tcp
CN 106.9.67.11:62078 tcp
N/A 10.127.10.181:445 tcp
N/A 10.127.0.12:389 tcp
N/A 10.127.10.182:445 tcp
CN 106.9.67.12:80 tcp
N/A 10.127.0.12:443 tcp
N/A 10.127.10.183:445 tcp
CN 106.9.67.12:81 tcp
N/A 10.127.0.12:444 tcp
N/A 10.127.10.184:445 tcp
CN 106.9.67.12:82 tcp
N/A 10.127.0.12:515 tcp
CN 106.9.67.12:83 tcp
N/A 10.127.0.12:554 tcp
CN 106.9.67.12:84 tcp
N/A 10.127.0.12:631 tcp
CN 106.9.67.12:88 tcp
N/A 10.127.0.12:789 tcp
CN 106.9.67.12:89 tcp
N/A 10.127.10.188:445 tcp
N/A 10.127.0.12:1010 tcp
N/A 10.127.10.186:445 tcp
N/A 10.127.10.185:445 tcp
CN 106.9.67.12:90 tcp
N/A 10.127.0.12:1099 tcp
CN 106.9.67.12:99 tcp
N/A 10.127.0.12:1111 tcp
CN 106.9.67.12:102 tcp
N/A 10.127.0.12:1177 tcp
CN 106.9.67.12:104 tcp
N/A 10.127.0.12:1200 tcp
CN 106.9.67.12:113 tcp
N/A 10.127.0.12:1234 tcp
N/A 10.127.10.190:445 tcp
N/A 10.127.10.192:445 tcp
CN 106.9.67.12:175 tcp
N/A 10.127.0.12:1311 tcp
CN 106.9.67.12:179 tcp
N/A 10.127.0.12:1400 tcp
CN 106.9.67.12:195 tcp
N/A 10.127.0.12:1471 tcp
CN 106.9.67.12:264 tcp
N/A 10.127.10.189:445 tcp
N/A 10.127.0.12:1515 tcp
N/A 10.127.10.194:445 tcp
CN 106.9.67.12:311 tcp
N/A 10.127.10.196:445 tcp
N/A 10.127.0.12:1521 tcp
CN 106.9.67.12:389 tcp
N/A 10.127.0.12:1599 tcp
CN 106.9.67.12:443 tcp
N/A 10.127.0.12:1723 tcp
N/A 10.127.10.187:445 tcp
N/A 10.127.10.195:445 tcp
N/A 10.127.10.191:445 tcp
CN 106.9.67.12:444 tcp
N/A 10.127.10.199:445 tcp
N/A 10.127.0.12:1741 tcp
CN 106.9.67.12:515 tcp
N/A 10.127.0.12:1777 tcp
CN 106.9.67.12:554 tcp
N/A 10.127.0.12:1911 tcp
CN 106.9.67.12:631 tcp
N/A 10.127.0.12:1962 tcp
N/A 10.127.10.193:445 tcp
CN 106.9.67.12:789 tcp
N/A 10.127.10.197:445 tcp
N/A 10.127.10.198:445 tcp
N/A 10.127.10.200:445 tcp
N/A 10.127.10.201:445 tcp
N/A 10.127.10.202:445 tcp
N/A 10.127.10.203:445 tcp
N/A 10.127.10.204:445 tcp
N/A 10.127.10.205:445 tcp
N/A 10.127.0.12:1991 tcp
CN 106.9.67.12:1010 tcp
N/A 10.127.10.206:445 tcp
N/A 10.127.0.12:2000 tcp
CN 106.9.67.12:1099 tcp
N/A 10.127.10.207:445 tcp
N/A 10.127.0.12:2081 tcp
CN 106.9.67.12:1111 tcp
N/A 10.127.10.208:445 tcp
N/A 10.127.0.12:2082 tcp
CN 106.9.67.12:1177 tcp
N/A 10.127.10.209:445 tcp
N/A 10.127.0.12:2083 tcp
N/A 10.127.10.210:445 tcp
CN 106.9.67.12:1200 tcp
N/A 10.127.0.12:2086 tcp
CN 106.9.67.12:1234 tcp
N/A 10.127.10.211:445 tcp
N/A 10.127.0.12:2087 tcp
CN 106.9.67.12:1311 tcp
N/A 10.127.10.212:445 tcp
N/A 10.127.0.12:2181 tcp
CN 106.9.67.12:1400 tcp
N/A 10.127.10.213:445 tcp
N/A 10.127.0.12:2222 tcp
CN 106.9.67.12:1471 tcp
N/A 10.127.10.214:445 tcp
N/A 10.127.0.12:2375 tcp
CN 106.9.67.12:1515 tcp
N/A 10.127.10.215:445 tcp
N/A 10.127.0.12:2376 tcp
CN 106.9.67.12:1521 tcp
N/A 10.127.10.216:445 tcp
N/A 10.127.0.12:2404 tcp
N/A 10.127.10.217:445 tcp
CN 106.9.67.12:1599 tcp
N/A 10.127.0.12:2455 tcp
CN 106.9.67.12:1723 tcp
N/A 10.127.10.218:445 tcp
N/A 10.127.0.12:2480 tcp
CN 106.9.67.12:1741 tcp
N/A 10.127.10.219:445 tcp
N/A 10.127.0.12:2628 tcp
CN 106.9.67.12:1777 tcp
N/A 10.127.10.220:445 tcp
N/A 10.127.0.12:3000 tcp
CN 106.9.67.12:1911 tcp
N/A 10.127.10.221:445 tcp
N/A 10.127.0.12:3001 tcp
CN 106.9.67.12:1962 tcp
N/A 10.127.10.222:445 tcp
N/A 10.127.0.12:3128 tcp
CN 106.9.67.12:1991 tcp
N/A 10.127.10.223:445 tcp
N/A 10.127.0.12:3260 tcp
N/A 10.127.10.224:445 tcp
CN 106.9.67.12:2000 tcp
N/A 10.127.0.12:3299 tcp
CN 106.9.67.12:2081 tcp
N/A 10.127.10.225:445 tcp
N/A 10.127.0.12:3310 tcp
CN 106.9.67.12:2082 tcp
N/A 10.127.10.226:445 tcp
N/A 10.127.0.12:3388 tcp
CN 106.9.67.12:2083 tcp
N/A 10.127.10.227:445 tcp
N/A 10.127.0.12:3389 tcp
CN 106.9.67.12:2086 tcp
N/A 10.127.0.12:3460 tcp
CN 106.9.67.12:2087 tcp
N/A 10.127.0.12:3541 tcp
CN 106.9.67.12:2181 tcp
N/A 10.127.0.12:3542 tcp
CN 106.9.67.12:2222 tcp
N/A 10.127.0.12:3689 tcp
CN 106.9.67.12:2375 tcp
N/A 10.127.0.12:3749 tcp
CN 106.9.67.12:2376 tcp
N/A 10.127.10.229:445 tcp
N/A 10.127.0.12:3780 tcp
CN 106.9.67.12:2404 tcp
N/A 10.127.0.12:3790 tcp
N/A 10.127.10.233:445 tcp
CN 106.9.67.12:2455 tcp
N/A 10.127.0.12:4000 tcp
N/A 10.127.10.228:445 tcp
CN 106.9.67.12:2480 tcp
N/A 10.127.0.12:4022 tcp
N/A 10.127.10.230:445 tcp
CN 106.9.67.12:2628 tcp
N/A 10.127.10.232:445 tcp
N/A 10.127.0.12:4040 tcp
CN 106.9.67.12:3000 tcp
N/A 10.127.0.12:4157 tcp
N/A 10.127.10.231:445 tcp
CN 106.9.67.12:3001 tcp
N/A 10.127.0.12:4443 tcp
CN 106.9.67.12:3128 tcp
N/A 10.127.0.12:4444 tcp
CN 106.9.67.12:3260 tcp
N/A 10.127.0.12:4567 tcp
CN 106.9.67.12:3299 tcp
N/A 10.127.0.12:4664 tcp
CN 106.9.67.12:3310 tcp
N/A 10.127.0.12:4782 tcp
CN 106.9.67.12:3388 tcp
N/A 10.127.10.240:445 tcp
N/A 10.127.0.12:4786 tcp
CN 106.9.67.12:3389 tcp
N/A 10.127.10.234:445 tcp
N/A 10.127.0.12:4848 tcp
CN 106.9.67.12:3460 tcp
N/A 10.127.0.12:4911 tcp
CN 106.9.67.12:3541 tcp
N/A 10.127.0.12:5000 tcp
N/A 10.127.10.235:445 tcp
N/A 10.127.10.244:445 tcp
CN 106.9.67.12:3542 tcp
N/A 10.127.0.12:5001 tcp
N/A 10.127.10.237:445 tcp
N/A 10.127.10.239:445 tcp
N/A 10.127.10.236:445 tcp
N/A 10.127.10.238:445 tcp
N/A 10.127.10.241:445 tcp
N/A 10.127.10.242:445 tcp
N/A 10.127.10.243:445 tcp
N/A 10.127.10.245:445 tcp
N/A 10.127.10.246:445 tcp
N/A 10.127.10.247:445 tcp
N/A 10.127.10.248:445 tcp
N/A 10.127.10.249:445 tcp
CN 106.9.67.12:3689 tcp
N/A 10.127.0.12:5007 tcp
N/A 10.127.10.250:445 tcp
CN 106.9.67.12:3749 tcp
N/A 10.127.0.12:5009 tcp
CN 106.9.67.12:3780 tcp
N/A 10.127.10.251:445 tcp
N/A 10.127.0.12:5055 tcp
CN 106.9.67.12:3790 tcp
N/A 10.127.10.252:445 tcp
N/A 10.127.0.12:5222 tcp
N/A 10.127.10.253:445 tcp
CN 106.9.67.12:4000 tcp
N/A 10.127.0.12:5269 tcp
CN 106.9.67.12:4022 tcp
N/A 10.127.10.254:445 tcp
N/A 10.127.0.12:5357 tcp
N/A 10.127.11.0:445 tcp
CN 106.9.67.12:4040 tcp
N/A 10.127.0.12:5555 tcp
CN 106.9.67.12:4157 tcp
N/A 10.127.11.1:445 tcp
N/A 10.127.0.12:5560 tcp
CN 106.9.67.12:4443 tcp
N/A 10.127.11.2:445 tcp
N/A 10.127.0.12:5601 tcp
N/A 10.127.11.3:445 tcp
CN 106.9.67.12:4444 tcp
N/A 10.127.0.12:5672 tcp
N/A 10.127.11.4:445 tcp
CN 106.9.67.12:4567 tcp
N/A 10.127.0.12:5800 tcp
N/A 10.127.11.5:445 tcp
CN 106.9.67.12:4664 tcp
N/A 10.127.0.12:5801 tcp
CN 106.9.67.12:4782 tcp
N/A 10.127.11.6:445 tcp
N/A 10.127.0.12:5900 tcp
CN 106.9.67.12:4786 tcp
N/A 10.127.11.7:445 tcp
N/A 10.127.0.12:5901 tcp
N/A 10.127.11.8:445 tcp
CN 106.9.67.12:4848 tcp
N/A 10.127.0.12:5938 tcp
N/A 10.127.11.9:445 tcp
CN 106.9.67.12:4911 tcp
N/A 10.127.0.12:5984 tcp
N/A 10.127.11.10:445 tcp
CN 106.9.67.12:5000 tcp
N/A 10.127.0.12:5985 tcp
N/A 10.127.11.11:445 tcp
CN 106.9.67.12:5001 tcp
N/A 10.127.0.12:5986 tcp
N/A 10.127.11.12:445 tcp
CN 106.9.67.12:5007 tcp
N/A 10.127.0.12:6000 tcp
N/A 10.127.11.13:445 tcp
CN 106.9.67.12:5009 tcp
N/A 10.127.0.12:6001 tcp
CN 106.9.67.12:5055 tcp
N/A 10.127.11.14:445 tcp
N/A 10.127.0.12:6060 tcp
CN 106.9.67.12:5222 tcp
N/A 10.127.11.15:445 tcp
N/A 10.127.0.12:6664 tcp
CN 106.9.67.12:5269 tcp
N/A 10.127.0.12:6666 tcp
CN 106.9.67.12:5357 tcp
N/A 10.127.0.12:6668 tcp
CN 106.9.67.12:5555 tcp
N/A 10.127.0.12:7001 tcp
CN 106.9.67.12:5560 tcp
N/A 10.127.0.12:7070 tcp
N/A 10.127.11.16:445 tcp
N/A 10.127.11.17:445 tcp
CN 106.9.67.12:5601 tcp
N/A 10.127.0.12:7071 tcp
CN 106.9.67.12:5672 tcp
N/A 10.127.0.12:7080 tcp
CN 106.9.67.12:5800 tcp
N/A 10.127.11.18:445 tcp
N/A 10.127.0.12:7415 tcp
CN 106.9.67.12:5801 tcp
N/A 10.127.0.12:7474 tcp
CN 106.9.67.12:5900 tcp
N/A 10.127.0.12:7547 tcp
CN 106.9.67.12:5901 tcp
N/A 10.127.0.12:7548 tcp
CN 106.9.67.12:5938 tcp
N/A 10.127.0.12:7657 tcp
N/A 10.127.11.22:445 tcp
CN 106.9.67.12:5984 tcp
N/A 10.127.0.12:7777 tcp
CN 106.9.67.12:5985 tcp
N/A 10.127.11.19:445 tcp
N/A 10.127.0.12:7779 tcp
CN 106.9.67.12:5986 tcp
N/A 10.127.0.12:7890 tcp
CN 106.9.67.12:6000 tcp
N/A 10.127.0.12:8000 tcp
N/A 10.127.11.23:445 tcp
CN 106.9.67.12:6001 tcp
N/A 10.127.0.12:8001 tcp
N/A 10.127.11.21:445 tcp
CN 106.9.67.12:6060 tcp
N/A 10.127.0.12:8002 tcp
CN 106.9.67.12:6664 tcp
N/A 10.127.11.25:445 tcp
N/A 10.127.0.12:8008 tcp
CN 106.9.67.12:6666 tcp
N/A 10.127.0.12:8009 tcp
CN 106.9.67.12:6668 tcp
N/A 10.127.0.12:8010 tcp
N/A 10.127.11.27:445 tcp
CN 106.9.67.12:7001 tcp
N/A 10.127.11.28:445 tcp
N/A 10.127.0.12:8012 tcp
N/A 10.127.11.36:445 tcp
CN 106.9.67.12:7070 tcp
N/A 10.127.11.20:445 tcp
N/A 10.127.0.12:8020 tcp
N/A 10.127.11.24:445 tcp
N/A 10.127.11.26:445 tcp
N/A 10.127.11.29:445 tcp
N/A 10.127.11.30:445 tcp
N/A 10.127.11.31:445 tcp
N/A 10.127.11.32:445 tcp
N/A 10.127.11.33:445 tcp
N/A 10.127.11.34:445 tcp
N/A 10.127.11.35:445 tcp
N/A 10.127.11.37:445 tcp
N/A 10.127.11.38:445 tcp
CN 106.9.67.12:7071 tcp
N/A 10.127.0.12:8030 tcp
CN 106.9.67.12:7080 tcp
N/A 10.127.11.39:445 tcp
N/A 10.127.0.12:8040 tcp
N/A 10.127.11.40:445 tcp
CN 106.9.67.12:7415 tcp
N/A 10.127.0.12:8050 tcp
CN 106.9.67.12:7474 tcp
N/A 10.127.11.41:445 tcp
N/A 10.127.0.12:8060 tcp
CN 106.9.67.12:7547 tcp
N/A 10.127.11.42:445 tcp
N/A 10.127.0.12:8069 tcp
N/A 10.127.11.43:445 tcp
CN 106.9.67.12:7548 tcp
N/A 10.127.0.12:8070 tcp
CN 106.9.67.12:7657 tcp
N/A 10.127.11.44:445 tcp
N/A 10.127.0.12:8080 tcp
N/A 10.127.11.45:445 tcp
CN 106.9.67.12:7777 tcp
N/A 10.127.0.12:8081 tcp
CN 106.9.67.12:7779 tcp
N/A 10.127.11.46:445 tcp
N/A 10.127.0.12:8082 tcp
CN 106.9.67.12:7890 tcp
N/A 10.127.11.47:445 tcp
N/A 10.127.0.12:8083 tcp
N/A 10.127.11.48:445 tcp
CN 106.9.67.12:8000 tcp
N/A 10.127.0.12:8084 tcp
N/A 10.127.11.49:445 tcp
CN 106.9.67.12:8001 tcp
N/A 10.127.0.12:8085 tcp
N/A 10.127.11.50:445 tcp
CN 106.9.67.12:8002 tcp
N/A 10.127.0.12:8086 tcp
N/A 10.127.11.51:445 tcp
CN 106.9.67.12:8008 tcp
N/A 10.127.0.12:8087 tcp
N/A 10.127.11.52:445 tcp
CN 106.9.67.12:8009 tcp
N/A 10.127.0.12:8088 tcp
CN 106.9.67.12:8010 tcp
N/A 10.127.11.53:445 tcp
N/A 10.127.0.12:8089 tcp
N/A 10.127.11.54:445 tcp
CN 106.9.67.12:8012 tcp
N/A 10.127.0.12:8090 tcp
CN 106.9.67.12:8020 tcp
N/A 10.127.11.55:445 tcp
N/A 10.127.0.12:8098 tcp
N/A 10.127.11.56:445 tcp
CN 106.9.67.12:8030 tcp
N/A 10.127.0.12:8099 tcp
CN 106.9.67.12:8040 tcp
N/A 10.127.11.57:445 tcp
N/A 10.127.0.12:8101 tcp
CN 106.9.67.12:8050 tcp
N/A 10.127.11.58:445 tcp
N/A 10.127.0.12:8112 tcp
CN 106.9.67.12:8060 tcp
N/A 10.127.0.12:8123 tcp
CN 106.9.67.12:8069 tcp
N/A 10.127.0.12:8126 tcp
CN 106.9.67.12:8070 tcp
N/A 10.127.0.12:8139 tcp
CN 106.9.67.12:8080 tcp
N/A 10.127.0.12:8140 tcp
CN 106.9.67.12:8081 tcp
N/A 10.127.0.12:8181 tcp
CN 106.9.67.12:8082 tcp
N/A 10.127.11.61:445 tcp
N/A 10.127.0.12:8334 tcp
CN 106.9.67.12:8083 tcp
N/A 10.127.0.12:8443 tcp
CN 106.9.67.12:8084 tcp
N/A 10.127.0.12:8554 tcp
CN 106.9.67.12:8085 tcp
N/A 10.127.11.65:445 tcp
N/A 10.127.0.12:8686 tcp
CN 106.9.67.12:8086 tcp
N/A 10.127.0.12:8800 tcp
CN 106.9.67.12:8087 tcp
N/A 10.127.11.60:445 tcp
N/A 10.127.11.66:445 tcp
N/A 10.127.0.12:8834 tcp
CN 106.9.67.12:8088 tcp
N/A 10.127.0.12:8866 tcp
CN 106.9.67.12:8089 tcp
N/A 10.127.0.12:8880 tcp
CN 106.9.67.12:8090 tcp
N/A 10.127.11.59:445 tcp
N/A 10.127.11.68:445 tcp
N/A 10.127.0.12:8883 tcp
CN 106.9.67.12:8098 tcp
N/A 10.127.0.12:8888 tcp
CN 106.9.67.12:8099 tcp
N/A 10.127.0.12:8889 tcp
CN 106.9.67.12:8101 tcp
N/A 10.127.0.12:9000 tcp
N/A 10.127.11.70:445 tcp
CN 106.9.67.12:8112 tcp
N/A 10.127.0.12:9001 tcp
N/A 10.127.11.73:445 tcp
CN 106.9.67.12:8123 tcp
N/A 10.127.0.12:9002 tcp
N/A 10.127.11.64:445 tcp
N/A 10.127.11.62:445 tcp
CN 106.9.67.12:8126 tcp
N/A 10.127.0.12:9008 tcp
N/A 10.127.11.76:445 tcp
CN 106.9.67.12:8139 tcp
N/A 10.127.0.12:9009 tcp
N/A 10.127.11.63:445 tcp
N/A 10.127.11.69:445 tcp
CN 106.9.67.12:8140 tcp
N/A 10.127.0.12:9051 tcp
CN 106.9.67.12:8181 tcp
N/A 10.127.0.12:9080 tcp
N/A 10.127.11.67:445 tcp
N/A 10.127.11.71:445 tcp
N/A 10.127.11.72:445 tcp
N/A 10.127.11.74:445 tcp
N/A 10.127.11.75:445 tcp
N/A 10.127.11.77:445 tcp
N/A 10.127.11.78:445 tcp
N/A 10.127.11.79:445 tcp
N/A 10.127.11.80:445 tcp
N/A 10.127.11.81:445 tcp
N/A 10.127.11.82:445 tcp
CN 106.9.67.12:8334 tcp
N/A 10.127.0.12:9081 tcp
CN 106.9.67.12:8443 tcp
N/A 10.127.11.83:445 tcp
N/A 10.127.0.12:9090 tcp
CN 106.9.67.12:8554 tcp
N/A 10.127.11.84:445 tcp
N/A 10.127.0.12:9091 tcp
CN 106.9.67.12:8686 tcp
N/A 10.127.11.85:445 tcp
N/A 10.127.0.12:9100 tcp
N/A 10.127.11.86:445 tcp
CN 106.9.67.12:8800 tcp
N/A 10.127.0.12:9151 tcp
CN 106.9.67.12:8834 tcp
N/A 10.127.11.87:445 tcp
N/A 10.127.0.12:9180 tcp
N/A 10.127.11.88:445 tcp
CN 106.9.67.12:8866 tcp
N/A 10.127.0.12:9191 tcp
CN 106.9.67.12:8880 tcp
N/A 10.127.11.89:445 tcp
N/A 10.127.0.12:9200 tcp
CN 106.9.67.12:8883 tcp
N/A 10.127.11.90:445 tcp
N/A 10.127.0.12:9295 tcp
CN 106.9.67.12:8888 tcp
N/A 10.127.11.91:445 tcp
N/A 10.127.0.12:9418 tcp
CN 106.9.67.12:8889 tcp
N/A 10.127.11.92:445 tcp
N/A 10.127.0.12:9443 tcp
N/A 10.127.11.93:445 tcp
CN 106.9.67.12:9000 tcp
N/A 10.127.0.12:9595 tcp
CN 106.9.67.12:9001 tcp
N/A 10.127.11.94:445 tcp
N/A 10.127.0.12:9600 tcp
CN 106.9.67.12:9002 tcp
N/A 10.127.11.95:445 tcp
N/A 10.127.0.12:9633 tcp
N/A 10.127.11.96:445 tcp
CN 106.9.67.12:9008 tcp
N/A 10.127.0.12:9869 tcp
N/A 10.127.11.97:445 tcp
CN 106.9.67.12:9009 tcp
N/A 10.127.0.12:9943 tcp
N/A 10.127.11.98:445 tcp
CN 106.9.67.12:9051 tcp
N/A 10.127.0.12:9944 tcp
CN 106.9.67.12:9080 tcp
N/A 10.127.11.99:445 tcp
N/A 10.127.0.12:9981 tcp
N/A 10.127.11.100:445 tcp
CN 106.9.67.12:9081 tcp
N/A 10.127.0.12:9999 tcp
CN 106.9.67.12:9090 tcp
N/A 10.127.11.101:445 tcp
N/A 10.127.0.12:10000 tcp
CN 106.9.67.12:9091 tcp
N/A 10.127.0.12:10080 tcp
CN 106.9.67.12:9100 tcp
N/A 10.127.0.12:10081 tcp
CN 106.9.67.12:9151 tcp
N/A 10.127.0.12:10134 tcp
CN 106.9.67.12:9180 tcp
N/A 10.127.0.12:10243 tcp
CN 106.9.67.12:9191 tcp
N/A 10.127.0.12:10554 tcp
CN 106.9.67.12:9200 tcp
N/A 10.127.0.12:11211 tcp
CN 106.9.67.12:9295 tcp
N/A 10.127.0.12:12345 tcp
CN 106.9.67.12:9418 tcp
N/A 10.127.11.106:445 tcp
N/A 10.127.0.12:13579 tcp
N/A 10.127.11.105:445 tcp
CN 106.9.67.12:9443 tcp
N/A 10.127.0.12:16010 tcp
CN 106.9.67.12:9595 tcp
N/A 10.127.0.12:16992 tcp
CN 106.9.67.12:9600 tcp
N/A 10.127.0.12:16993 tcp
N/A 10.127.11.108:445 tcp
CN 106.9.67.12:9633 tcp
N/A 10.127.0.12:18245 tcp
CN 106.9.67.12:9869 tcp
N/A 10.127.0.12:20000 tcp
N/A 10.127.11.110:445 tcp
CN 106.9.67.12:9943 tcp
N/A 10.127.11.112:445 tcp
N/A 10.127.11.102:445 tcp
N/A 10.127.0.12:20547 tcp
CN 106.9.67.12:9944 tcp
N/A 10.127.0.12:21379 tcp
N/A 10.127.11.115:445 tcp
CN 106.9.67.12:9981 tcp
N/A 10.127.0.12:23424 tcp
CN 106.9.67.12:9999 tcp
N/A 10.127.11.104:445 tcp
N/A 10.127.0.12:25105 tcp
N/A 10.127.11.103:445 tcp
CN 106.9.67.12:10000 tcp
N/A 10.127.0.12:28017 tcp
CN 106.9.67.12:10080 tcp
N/A 10.127.0.12:32400 tcp
N/A 10.127.11.107:445 tcp
N/A 10.127.11.117:445 tcp
CN 106.9.67.12:10081 tcp
N/A 10.127.0.12:33338 tcp
CN 106.9.67.12:10134 tcp
N/A 10.127.0.12:33550 tcp
N/A 10.127.11.118:445 tcp
CN 106.9.67.12:10243 tcp
N/A 10.127.0.12:37215 tcp
CN 106.9.67.12:10554 tcp
N/A 10.127.11.116:445 tcp
N/A 10.127.0.12:37777 tcp
N/A 10.127.11.114:445 tcp
CN 106.9.67.12:11211 tcp
N/A 10.127.11.113:445 tcp
N/A 10.127.11.109:445 tcp
N/A 10.127.11.111:445 tcp
N/A 10.127.11.119:445 tcp
N/A 10.127.11.120:445 tcp
N/A 10.127.11.121:445 tcp
N/A 10.127.11.122:445 tcp
N/A 10.127.11.123:445 tcp
N/A 10.127.11.124:445 tcp
N/A 10.127.11.125:445 tcp
N/A 10.127.0.12:44818 tcp
CN 106.9.67.12:12345 tcp
N/A 10.127.11.126:445 tcp
N/A 10.127.0.12:49152 tcp
N/A 10.127.11.127:445 tcp
CN 106.9.67.12:13579 tcp
N/A 10.127.0.12:49153 tcp
N/A 10.127.11.128:445 tcp
CN 106.9.67.12:16010 tcp
N/A 10.127.0.12:50070 tcp
CN 106.9.67.12:16992 tcp
N/A 10.127.11.129:445 tcp
N/A 10.127.0.12:51106 tcp
N/A 10.127.11.130:445 tcp
CN 106.9.67.12:16993 tcp
N/A 10.127.0.12:54138 tcp
N/A 10.127.11.131:445 tcp
CN 106.9.67.12:18245 tcp
N/A 10.127.0.12:54984 tcp
CN 106.9.67.12:20000 tcp
N/A 10.127.11.132:445 tcp
N/A 10.127.0.12:55443 tcp
N/A 10.127.11.133:445 tcp
CN 106.9.67.12:20547 tcp
N/A 10.127.0.12:55553 tcp
CN 106.9.67.12:21379 tcp
N/A 10.127.11.134:445 tcp
N/A 10.127.0.12:60129 tcp
CN 106.9.67.12:23424 tcp
N/A 10.127.11.135:445 tcp
N/A 10.127.0.12:62078 tcp
CN 106.9.67.12:25105 tcp
N/A 10.127.11.136:445 tcp
N/A 10.127.0.13:80 tcp
CN 106.9.67.12:28017 tcp
N/A 10.127.11.137:445 tcp
N/A 10.127.0.13:81 tcp
CN 106.9.67.12:32400 tcp
N/A 10.127.11.138:445 tcp
N/A 10.127.0.13:82 tcp
CN 106.9.67.12:33338 tcp
N/A 10.127.11.139:445 tcp
N/A 10.127.0.13:83 tcp
CN 106.9.67.12:33550 tcp
N/A 10.127.11.140:445 tcp
N/A 10.127.0.13:84 tcp
N/A 10.127.11.141:445 tcp
CN 106.9.67.12:37215 tcp
N/A 10.127.0.13:88 tcp
CN 106.9.67.12:37777 tcp
N/A 10.127.11.142:445 tcp
N/A 10.127.0.13:89 tcp
CN 106.9.67.12:44818 tcp
CN 106.9.67.12:49152 tcp
CN 106.9.67.12:49153 tcp
N/A 10.127.11.143:445 tcp
CN 106.9.67.12:50070 tcp
N/A 10.127.11.146:445 tcp
N/A 10.127.0.13:104 tcp
CN 106.9.67.12:51106 tcp
N/A 10.127.0.13:113 tcp
CN 106.9.67.12:54138 tcp
N/A 10.127.0.13:90 tcp
N/A 10.127.0.13:175 tcp
CN 106.9.67.12:54984 tcp
N/A 10.127.11.149:445 tcp
N/A 10.127.0.13:179 tcp
CN 106.9.67.12:55443 tcp
N/A 10.127.0.13:195 tcp
N/A 10.127.11.150:445 tcp
CN 106.9.67.12:55553 tcp
N/A 10.127.0.13:264 tcp
CN 106.9.67.12:60129 tcp
N/A 10.127.0.13:311 tcp
N/A 10.127.11.144:445 tcp
CN 106.9.67.12:62078 tcp
N/A 10.127.0.13:389 tcp
CN 106.9.67.13:80 tcp
N/A 10.127.0.13:443 tcp
CN 106.9.67.13:81 tcp
N/A 10.127.0.13:444 tcp
CN 106.9.67.13:82 tcp
N/A 10.127.11.145:445 tcp
N/A 10.127.0.13:515 tcp
CN 106.9.67.13:83 tcp
N/A 10.127.0.13:554 tcp
CN 106.9.67.13:84 tcp
N/A 10.127.0.13:631 tcp
CN 106.9.67.13:88 tcp
N/A 10.127.0.13:99 tcp
N/A 10.127.0.13:789 tcp
CN 106.9.67.13:89 tcp
N/A 10.127.0.13:1010 tcp
CN 106.9.67.13:90 tcp
N/A 10.127.0.13:1099 tcp
CN 106.9.67.13:99 tcp
N/A 10.127.0.13:1111 tcp
CN 106.9.67.13:102 tcp
N/A 10.127.11.151:445 tcp
N/A 10.127.0.13:1177 tcp
N/A 10.127.11.158:445 tcp
CN 106.9.67.13:104 tcp
N/A 10.127.11.157:445 tcp
N/A 10.127.0.13:1200 tcp
CN 106.9.67.13:113 tcp
N/A 10.127.11.160:445 tcp
N/A 10.127.0.13:1234 tcp
CN 106.9.67.13:175 tcp
N/A 10.127.0.13:1311 tcp
CN 106.9.67.13:179 tcp
N/A 10.127.0.13:1400 tcp
N/A 10.127.11.162:445 tcp
CN 106.9.67.13:195 tcp
N/A 10.127.0.13:1471 tcp
N/A 10.127.11.161:445 tcp
CN 106.9.67.13:264 tcp
N/A 10.127.0.13:102 tcp
N/A 10.127.11.147:445 tcp
N/A 10.127.11.148:445 tcp
N/A 10.127.11.152:445 tcp
N/A 10.127.11.153:445 tcp
N/A 10.127.11.154:445 tcp
N/A 10.127.11.155:445 tcp
N/A 10.127.11.156:445 tcp
N/A 10.127.11.159:445 tcp
N/A 10.127.11.163:445 tcp
N/A 10.127.11.164:445 tcp
N/A 10.127.11.165:445 tcp
N/A 10.127.11.166:445 tcp
N/A 10.127.11.167:445 tcp
N/A 10.127.11.168:445 tcp
N/A 10.127.11.169:445 tcp
N/A 10.127.0.13:1515 tcp
N/A 10.127.11.170:445 tcp
CN 106.9.67.13:311 tcp
N/A 10.127.0.13:1521 tcp
CN 106.9.67.13:389 tcp
N/A 10.127.11.171:445 tcp
N/A 10.127.0.13:1599 tcp
CN 106.9.67.13:443 tcp
N/A 10.127.11.172:445 tcp
N/A 10.127.0.13:1723 tcp
N/A 10.127.11.173:445 tcp
CN 106.9.67.13:444 tcp
N/A 10.127.0.13:1741 tcp
CN 106.9.67.13:515 tcp
N/A 10.127.11.174:445 tcp
N/A 10.127.0.13:1777 tcp
N/A 10.127.11.175:445 tcp
CN 106.9.67.13:554 tcp
N/A 10.127.0.13:1911 tcp
CN 106.9.67.13:631 tcp
N/A 10.127.11.176:445 tcp
N/A 10.127.0.13:1962 tcp
N/A 10.127.11.177:445 tcp
CN 106.9.67.13:789 tcp
N/A 10.127.0.13:1991 tcp
CN 106.9.67.13:1010 tcp
N/A 10.127.11.178:445 tcp
N/A 10.127.0.13:2000 tcp
N/A 10.127.11.179:445 tcp
CN 106.9.67.13:1099 tcp
N/A 10.127.0.13:2081 tcp
N/A 10.127.11.180:445 tcp
CN 106.9.67.13:1111 tcp
N/A 10.127.0.13:2082 tcp
CN 106.9.67.13:1177 tcp
N/A 10.127.11.181:445 tcp
N/A 10.127.0.13:2083 tcp
CN 106.9.67.13:1200 tcp
N/A 10.127.11.182:445 tcp
N/A 10.127.0.13:2086 tcp
CN 106.9.67.13:1234 tcp
N/A 10.127.11.183:445 tcp
N/A 10.127.0.13:2087 tcp
CN 106.9.67.13:1311 tcp
N/A 10.127.11.184:445 tcp
N/A 10.127.0.13:2181 tcp
CN 106.9.67.13:1400 tcp
N/A 10.127.11.185:445 tcp
N/A 10.127.0.13:2222 tcp
CN 106.9.67.13:1471 tcp
N/A 10.127.11.186:445 tcp
N/A 10.127.0.13:2375 tcp
CN 106.9.67.13:1515 tcp
N/A 10.127.0.13:2376 tcp
CN 106.9.67.13:1521 tcp
N/A 10.127.0.13:2404 tcp
CN 106.9.67.13:1599 tcp
N/A 10.127.0.13:2455 tcp
N/A 10.127.11.187:445 tcp
CN 106.9.67.13:1723 tcp
N/A 10.127.0.13:2480 tcp
CN 106.9.67.13:1741 tcp
N/A 10.127.0.13:2628 tcp
CN 106.9.67.13:1777 tcp
N/A 10.127.0.13:3000 tcp
CN 106.9.67.13:1911 tcp
N/A 10.127.0.13:3001 tcp
CN 106.9.67.13:1962 tcp
N/A 10.127.11.190:445 tcp
N/A 10.127.0.13:3128 tcp
CN 106.9.67.13:1991 tcp
N/A 10.127.0.13:3260 tcp
N/A 10.127.11.188:445 tcp
CN 106.9.67.13:2000 tcp
N/A 10.127.0.13:3299 tcp
N/A 10.127.11.191:445 tcp
CN 106.9.67.13:2081 tcp
N/A 10.127.0.13:3310 tcp
N/A 10.127.11.195:445 tcp
CN 106.9.67.13:2082 tcp
N/A 10.127.0.13:3388 tcp
N/A 10.127.11.193:445 tcp
CN 106.9.67.13:2083 tcp
N/A 10.127.0.13:3389 tcp
N/A 10.127.11.196:445 tcp
CN 106.9.67.13:2086 tcp
N/A 10.127.0.13:3460 tcp
N/A 10.127.11.200:445 tcp
N/A 10.127.11.198:445 tcp
CN 106.9.67.13:2087 tcp
N/A 10.127.0.13:3541 tcp
CN 106.9.67.13:2181 tcp
N/A 10.127.11.202:445 tcp
N/A 10.127.0.13:3542 tcp
N/A 10.127.11.192:445 tcp
N/A 10.127.11.197:445 tcp
CN 106.9.67.13:2222 tcp
N/A 10.127.0.13:3689 tcp
N/A 10.127.11.189:445 tcp
CN 106.9.67.13:2375 tcp
N/A 10.127.0.13:3749 tcp
N/A 10.127.11.194:445 tcp
CN 106.9.67.13:2376 tcp
N/A 10.127.0.13:3780 tcp
CN 106.9.67.13:2404 tcp
N/A 10.127.0.13:3790 tcp
CN 106.9.67.13:2455 tcp
N/A 10.127.0.13:4000 tcp
N/A 10.127.11.203:445 tcp
CN 106.9.67.13:2480 tcp
N/A 10.127.0.13:4022 tcp
CN 106.9.67.13:2628 tcp
N/A 10.127.11.207:445 tcp
N/A 10.127.0.13:4040 tcp
CN 106.9.67.13:3000 tcp
N/A 10.127.0.13:4157 tcp
CN 106.9.67.13:3001 tcp
N/A 10.127.0.13:4443 tcp
CN 106.9.67.13:3128 tcp
N/A 10.127.0.13:4444 tcp
N/A 10.127.11.199:445 tcp
N/A 10.127.11.201:445 tcp
N/A 10.127.11.204:445 tcp
N/A 10.127.11.205:445 tcp
N/A 10.127.11.206:445 tcp
N/A 10.127.11.208:445 tcp
N/A 10.127.11.209:445 tcp
N/A 10.127.11.210:445 tcp
N/A 10.127.11.211:445 tcp
N/A 10.127.11.212:445 tcp
N/A 10.127.11.213:445 tcp
CN 106.9.67.13:3260 tcp
N/A 10.127.0.13:4567 tcp
CN 106.9.67.13:3299 tcp
N/A 10.127.11.214:445 tcp
N/A 10.127.0.13:4664 tcp
CN 106.9.67.13:3310 tcp
N/A 10.127.11.215:445 tcp
N/A 10.127.0.13:4782 tcp
CN 106.9.67.13:3388 tcp
N/A 10.127.11.216:445 tcp
N/A 10.127.0.13:4786 tcp
CN 106.9.67.13:3389 tcp
N/A 10.127.11.217:445 tcp
N/A 10.127.0.13:4848 tcp
N/A 10.127.11.218:445 tcp
CN 106.9.67.13:3460 tcp
N/A 10.127.0.13:4911 tcp
N/A 10.127.11.219:445 tcp
CN 106.9.67.13:3541 tcp
N/A 10.127.0.13:5000 tcp
CN 106.9.67.13:3542 tcp
N/A 10.127.11.220:445 tcp
N/A 10.127.0.13:5001 tcp
N/A 10.127.11.221:445 tcp
CN 106.9.67.13:3689 tcp
N/A 10.127.0.13:5007 tcp
N/A 10.127.11.222:445 tcp
CN 106.9.67.13:3749 tcp
N/A 10.127.0.13:5009 tcp
CN 106.9.67.13:3780 tcp
N/A 10.127.11.223:445 tcp
N/A 10.127.0.13:5055 tcp
N/A 10.127.11.224:445 tcp
CN 106.9.67.13:3790 tcp
N/A 10.127.0.13:5222 tcp
CN 106.9.67.13:4000 tcp
N/A 10.127.11.225:445 tcp
N/A 10.127.0.13:5269 tcp
CN 106.9.67.13:4022 tcp
N/A 10.127.11.226:445 tcp
N/A 10.127.0.13:5357 tcp
N/A 10.127.11.227:445 tcp
CN 106.9.67.13:4040 tcp
N/A 10.127.0.13:5555 tcp
N/A 10.127.11.228:445 tcp
CN 106.9.67.13:4157 tcp
N/A 10.127.0.13:5560 tcp
CN 106.9.67.13:4443 tcp
N/A 10.127.0.13:5601 tcp
CN 106.9.67.13:4444 tcp
N/A 10.127.0.13:5672 tcp
N/A 10.127.11.229:445 tcp
CN 106.9.67.13:4567 tcp
N/A 10.127.0.13:5800 tcp
CN 106.9.67.13:4664 tcp
N/A 10.127.0.13:5801 tcp
CN 106.9.67.13:4782 tcp
N/A 10.127.0.13:5900 tcp
N/A 10.127.11.231:445 tcp
CN 106.9.67.13:4786 tcp
N/A 10.127.0.13:5901 tcp
N/A 10.127.11.230:445 tcp
CN 106.9.67.13:4848 tcp
N/A 10.127.0.13:5938 tcp
CN 106.9.67.13:4911 tcp
N/A 10.127.0.13:5984 tcp
CN 106.9.67.13:5000 tcp
N/A 10.127.11.232:445 tcp
N/A 10.127.0.13:5985 tcp
CN 106.9.67.13:5001 tcp
N/A 10.127.0.13:5986 tcp
CN 106.9.67.13:5007 tcp
N/A 10.127.0.13:6000 tcp
CN 106.9.67.13:5009 tcp
N/A 10.127.11.234:445 tcp
N/A 10.127.0.13:6001 tcp
N/A 10.127.11.240:445 tcp
CN 106.9.67.13:5055 tcp
N/A 10.127.0.13:6060 tcp
N/A 10.127.11.237:445 tcp
CN 106.9.67.13:5222 tcp
N/A 10.127.0.13:6664 tcp
CN 106.9.67.13:5269 tcp
N/A 10.127.11.242:445 tcp
N/A 10.127.0.13:6666 tcp
N/A 10.127.11.233:445 tcp
CN 106.9.67.13:5357 tcp
N/A 10.127.0.13:6668 tcp
CN 106.9.67.13:5555 tcp
N/A 10.127.0.13:7001 tcp
CN 106.9.67.13:5560 tcp
N/A 10.127.0.13:7070 tcp
CN 106.9.67.13:5601 tcp
N/A 10.127.0.13:7071 tcp
N/A 10.127.11.236:445 tcp
CN 106.9.67.13:5672 tcp
N/A 10.127.0.13:7080 tcp
N/A 10.127.11.245:445 tcp
N/A 10.127.11.241:445 tcp
CN 106.9.67.13:5800 tcp
N/A 10.127.11.235:445 tcp
N/A 10.127.0.13:7415 tcp
CN 106.9.67.13:5801 tcp
N/A 10.127.0.13:7474 tcp
N/A 10.127.11.247:445 tcp
CN 106.9.67.13:5900 tcp
N/A 10.127.11.239:445 tcp
N/A 10.127.0.13:7547 tcp
CN 106.9.67.13:5901 tcp
N/A 10.127.11.243:445 tcp
N/A 10.127.0.13:7548 tcp
N/A 10.127.11.238:445 tcp
CN 106.9.67.13:5938 tcp
N/A 10.127.0.13:7657 tcp
CN 106.9.67.13:5984 tcp
N/A 10.127.0.13:7777 tcp
CN 106.9.67.13:5985 tcp
N/A 10.127.11.253:445 tcp
N/A 10.127.0.13:7779 tcp
N/A 10.127.11.254:445 tcp
CN 106.9.67.13:5986 tcp
N/A 10.127.0.13:7890 tcp
N/A 10.127.11.244:445 tcp
N/A 10.127.11.246:445 tcp
N/A 10.127.11.248:445 tcp
N/A 10.127.11.249:445 tcp
N/A 10.127.11.250:445 tcp
N/A 10.127.11.251:445 tcp
N/A 10.127.11.252:445 tcp
N/A 10.127.12.0:445 tcp
N/A 10.127.12.1:445 tcp
N/A 10.127.12.2:445 tcp
CN 106.9.67.13:6000 tcp
N/A 10.127.0.13:8000 tcp
N/A 10.127.12.3:445 tcp
CN 106.9.67.13:6001 tcp
N/A 10.127.0.13:8001 tcp
CN 106.9.67.13:6060 tcp
N/A 10.127.12.4:445 tcp
N/A 10.127.0.13:8002 tcp
CN 106.9.67.13:6664 tcp
N/A 10.127.12.5:445 tcp
N/A 10.127.0.13:8008 tcp
CN 106.9.67.13:6666 tcp
N/A 10.127.12.6:445 tcp
N/A 10.127.0.13:8009 tcp
CN 106.9.67.13:6668 tcp
N/A 10.127.12.7:445 tcp
N/A 10.127.0.13:8010 tcp
N/A 10.127.12.8:445 tcp
CN 106.9.67.13:7001 tcp
N/A 10.127.0.13:8012 tcp
CN 106.9.67.13:7070 tcp
N/A 10.127.12.9:445 tcp
N/A 10.127.0.13:8020 tcp
N/A 10.127.12.10:445 tcp
CN 106.9.67.13:7071 tcp
N/A 10.127.0.13:8030 tcp
CN 106.9.67.13:7080 tcp
N/A 10.127.12.11:445 tcp
N/A 10.127.0.13:8040 tcp

Files

memory/1664-46-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/1664-47-0x0000000140000000-0x00000001405E8000-memory.dmp

C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Blocker.gen-2073b0ed73c39354551642459c4ce70c3747d622ca3dc16ea6c8c16f1389976f.exe

MD5 8e988eaf5767726e63601a609e0486ee
SHA1 0ac262bf8dbefecf9301818993529bcb2821944e
SHA256 2073b0ed73c39354551642459c4ce70c3747d622ca3dc16ea6c8c16f1389976f
SHA512 d0ee7c49c33454f6472f6272d4f63fe582058f06deb9c5005974b83f5ebf7cbe96dd963a5a41c6a1634392569919d39c0d4a7a86bf214d8ec006568509eacced

C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Blocker.gen-4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09.exe

MD5 a39140200b589708ab45f50721812c68
SHA1 ef1020ef177bc44a48efb598e049c7d13fe9d3c0
SHA256 4fc69a291af1ea8ee05823d3ed983ad00279c4e4441f3060a883eb214b06ea09
SHA512 afe880b0c7bc4b08948a13c53e0b75ce7ca2410d65c51ad6a7dbd2266050d434aa010f21b5e05de72d89654d18959e6dd83bb2832b8b4c0d8bd86d4be58e857f

memory/380-94-0x0000000000400000-0x000000000042F000-memory.dmp

memory/2428-99-0x0000000000400000-0x000000000054E000-memory.dmp

memory/2000-98-0x0000000001090000-0x0000000001189000-memory.dmp

memory/1136-97-0x0000000000400000-0x0000000000432000-memory.dmp

memory/1972-96-0x0000000000E00000-0x0000000000F0D000-memory.dmp

memory/1608-95-0x0000000000400000-0x0000000000B5E000-memory.dmp

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Swed.a-fbaa0b9fe6f035b1c466a75f768c6c86da669af72b363de043b4e5339bbbc4de.exe

MD5 1d79ad8323f4c0d42a5886be05a9c635
SHA1 ce40f723074765819876b2ae579d5b1ad78558b6
SHA256 fbaa0b9fe6f035b1c466a75f768c6c86da669af72b363de043b4e5339bbbc4de
SHA512 77704129642a75c6bba54ad2c174ddf131190e1ed327d9ac57300cb10777f7498712edd66c66be485004717c4bd278d865855072bfed28ca76cd715ebff460b3

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Purga.mp-24ed6ee6c21b01723299773311912048f6a4a782de9496c6e479c22d6fceb085.exe

MD5 cc74e57fa7575573e12255a4ef6d77e3
SHA1 ea4c747239a8accbce0577daf0fef5dc5a08c347
SHA256 24ed6ee6c21b01723299773311912048f6a4a782de9496c6e479c22d6fceb085
SHA512 17f7ffc19b481da3851af9b818b9b84e515e17d039b0fdbe749cc29108f60cee054bd42f017e295ade3523f9ccd25d8c2cda022215b12a5d2e0c9928974d8a8f

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.ldqm-e1936dd3f073c4b959dda43b660bf048b435bbcd0de3747bf53f04b6125272f6.exe

MD5 44cce7ce39b8b2560a3ee6b892b8cb87
SHA1 e8f0622aba6192f3df1d6618184bd0534ed9e010
SHA256 e1936dd3f073c4b959dda43b660bf048b435bbcd0de3747bf53f04b6125272f6
SHA512 eb6bb7e94cb2fa14785bb0104b817059f7ad3d478eb26523cdf1b9e1e240c3e544cc8cbd94eaeda28248d95469d175745b4c75168a02817fa4fae9c28432085c

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.aei-f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe

MD5 5a131b48f147586afa20b0a1a00a1533
SHA1 35d0125d8ca6457ff4604d5e245b2102a9ec4a6e
SHA256 f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9
SHA512 0d01c70c6dbf948ce29491bb81df5bb58e010e775456a168db93973b4dd9fc4a518fff68c7480cb4a79a52b2a8070253b3f06d32e0ac0ecf1c4b1541301a32ee

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Crypmodadv.xrx-951150abf88603c73afef53326bded068d0f87b45e01dee3d268eca4eedbe9dd.exe

MD5 9e0fd09ae20af32dfb66d844c6de9418
SHA1 2d834ebcadce10b267ab6c20241b62d12706875d
SHA256 951150abf88603c73afef53326bded068d0f87b45e01dee3d268eca4eedbe9dd
SHA512 97ea9aeb912358cd1f09fa82863ec61388de96e6ba6216a36a648adce846adc3712f1247cc549589a7827419a50606683cc4bb9a1e6849fcb3b19c8661b5d2e4

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.meia-f275e43433e98d1fc3f6c868f93460e975e3b737e052cce8037abdd518ea8e77.exe

MD5 e54c1e7cdeb69e7eefe0f6926c0a0ae6
SHA1 75c54c081a0a44a4675fc515c16fd1d376194ca8
SHA256 f275e43433e98d1fc3f6c868f93460e975e3b737e052cce8037abdd518ea8e77
SHA512 ab2d1ddf0b887747dc6204754b8472835769bb04e5255aa21cc450238dcc80e28e65a3a648c9f2908c0ecd566e48f7259213b9048f2c9649bcf4699d823fce80

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.levy-4a972d009561ea1960c7e866665979d74506c2d84eb0ad594540366873ab0441.exe

MD5 4b8af22dcd9b3f3fd578cf880a8f2c56
SHA1 072de9fef3a56ac2c601aafe9221231b7a6d5962
SHA256 4a972d009561ea1960c7e866665979d74506c2d84eb0ad594540366873ab0441
SHA512 6d3526e3d9806c01d015d5b0df65ca02e98b3890843d707c3a5655dcec9cc1992327907d90ca4323bd4cd3541863c905d588cf98e6d908e3eafff367fa9f746b

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lbmq-8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1.exe

MD5 56536976497b145fdc39199e0d6d02bc
SHA1 4c910a26b1d7699074ecba152a06fa7060605638
SHA256 8882395917dc24d5065b27f638f94ba949ce1f1ecaa5b5de9e4d9c6023728fe1
SHA512 a621fef8311f76c23683b688a3b42c93cd071ecd58a84dc403f46097c2aef225872dacd6063394a96a3fe40e9ca99a79c6ed9b4efba821226b02f477a2759e99

C:\Users\Admin\Desktop\00342\Trojan-Ransom.MSIL.Agent.ggz-4cea9dbc941756f7298521104001bc20cb73cfdda06a60a9e90760188661f5e4.exe

MD5 e4d1951b179a1de9d22f83227f1026a6
SHA1 53fd14f3aebe3d253af2d505967fd8c6a6c9352c
SHA256 4cea9dbc941756f7298521104001bc20cb73cfdda06a60a9e90760188661f5e4
SHA512 67bf39eed15ff05010bffe7ee4cbe5d06dd8700f1b957b33dd76b72452f447f8ee0888db18ff2755fddd9f21cefbd7e40a42043f1f14438984cb0e4a52e09e9f

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Wanna.zbu-04f468bec220fa9dfd4897adf86f28f8ceb04a72806c473cd22e366f716389a3.exe

MD5 f42d29367786af1b8919a9d0cbedfd3f
SHA1 28f4efd9fbb9bb8e14d2946da97eff28fed682c9
SHA256 04f468bec220fa9dfd4897adf86f28f8ceb04a72806c473cd22e366f716389a3
SHA512 fb0f9703f592ec503f65c261f062df043d5dcc50f3732f73edbc7b6bfdb5988b272db9ee14d37f9b5bf237f4472f42a9993b0da202ee2b6f9b6da765436f4010

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Shade.oxu-ea8772f373c29b2b731e4926a4c96facf93226dbeff5f9513387351cc0dc7e74.exe

MD5 4039c1e8c180688104b67c315473fdb4
SHA1 fb63df4c92ea7b861ecb1bef2ce48b67f5d37df2
SHA256 ea8772f373c29b2b731e4926a4c96facf93226dbeff5f9513387351cc0dc7e74
SHA512 794d41a12ba38db3e799e87817404c93879457dda397ac64888b3a54965458338008f81542fbc80d0a7c2a037f17f96b2c551d1abf166ee3ad77f64a2a719e08

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Foreign.obfr-3d561c3b90d639500373124149828d7f8e8e7550d113b071d5dbdb1eb7faa52d.exe

MD5 21bcfce92ba425727e86a12ce2b24a0f
SHA1 22d15c1d2f4aa1609525e94b9f81b7456debbfd3
SHA256 3d561c3b90d639500373124149828d7f8e8e7550d113b071d5dbdb1eb7faa52d
SHA512 17177eddb1c2430889b8fbab17343f3c3d932a3fe67a3c23ff2d6871f5ad046ca5fa844ba233a89890104184e796284319e1e7ebe47f79f4c73d6b9877d4e057

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Encoder.n-35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe

MD5 6999c944d1c98b2739d015448c99a291
SHA1 d9beb50b51c30c02326ea761b5f1ab158c73b12c
SHA256 35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282
SHA512 ab883364a8907636c00a4d263670cd495d0e6c521283d40c68d47398163c6ee6647cfbbc2142005121735d9edf0b414ddac6ea468f30db87018c831eaa327276

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryptXXX.asdgay-2539ffb7dbf707e0d4031bfcda075ca7bf06007fc558457ca74432a90579c071.exe

MD5 8d75650da4c3d053fbe0e84bad55c068
SHA1 3af7ea85d4d3e391e274a84dc83b9fd575d737ee
SHA256 2539ffb7dbf707e0d4031bfcda075ca7bf06007fc558457ca74432a90579c071
SHA512 9c4c7e5121a27b336124c98e0bf9c4b4c997c7a35484ef87ec81d189a6d7101e1388ed9499acac818bea6108c1de0f9ad72769ec9f90091795df6987cd44d9e3

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.CryFile.zzl-daff68b6fa20239505d252f3a5d6c07219d2a0ffdcb782633645a864b334fe77.exe

MD5 24bf2e26a150df152869e417ada736d2
SHA1 a223e18c6eac313aa9628e4e7bf728b43ab2a62d
SHA256 daff68b6fa20239505d252f3a5d6c07219d2a0ffdcb782633645a864b334fe77
SHA512 04316d03bb9916466108d753f0b7e39ee8549912c30302d02b548b8e197c743e040487465a4066daf111ca160f92b94cc176489153e5fdcb120beba53ec15198

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.lkaa-664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0.exe

MD5 7dbb64de527f787e5e62cea388960997
SHA1 2b35243bbf208b6b026d548ff2295743519b6d7d
SHA256 664833adf062fdcbdba69c40f3f043f1ac34ce45cd583c94ff01e6d342e30ec0
SHA512 8a5d0b097456673727602dfa6704d4518c9ebdf218839619bc1d69374ddd6775c427ff1480522c3331a8586648741550b6e6ef539da66f271716561817a56741

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.ldar-35ad66a94dd28ef478a84ecc5fb98fc509e9fd0e4097b5b17e3e9cb71e8b39fc.exe

MD5 83cd72c5d6f734c308aed40b46704ca8
SHA1 cacd3b6a18e71e0356d767f5db97f5bcc482207d
SHA256 35ad66a94dd28ef478a84ecc5fb98fc509e9fd0e4097b5b17e3e9cb71e8b39fc
SHA512 14969e6609b52cdb9b605890a2671f098bac315d827b875af0f420eceefe13f7da5380b66f1cb0568f28dd8d146f8133c6817cecaceee8609b752410cbfa312d

C:\Users\Admin\Desktop\00342\Trojan-Ransom.Win32.Blocker.kpuo-ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb.exe

MD5 d0875e6d0f2298599000f7f7a9289480
SHA1 5bb2f5d8e90b75d9c36c91efadc428a06d7353a3
SHA256 ff46d9fe03d25457deba7b10aab8f26934e597db61baaafbbcbc6d17918009bb
SHA512 b589f1e6fac1f7ce4c27023a698501f2a91211d1be9352a4d33a6e189e355ac381167dea3dc0a7f41b882c63d057874c98c11dec8b40f11d6d8ca64df13917bd

C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.Win32.Generic-bee964f8b61d10dc2c34b4b6f5a01213e811a35c8e3df6eb73b7fd754440bf05.exe

MD5 cbee8882f64a0da607e0bcb29f9ffb62
SHA1 b91b680dcb02e08d9f55c86cfec73c2eb62dafad
SHA256 bee964f8b61d10dc2c34b4b6f5a01213e811a35c8e3df6eb73b7fd754440bf05
SHA512 246c9225968b856086a1a012460294fbfc8f4d1edf233cd177aa9451132532478dcba081eefc5f73aecf1193de0d4a5e0e38cd76e53b94d479da00b580a49b13

C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypren.gen-f9e38f82b51d7898ef9569f51b1a9ed58281417e548343098fed5114c6abcbca.exe

MD5 ad6c4ae3faa76b698254068df99d57d1
SHA1 ec338c0cdda440871da4ee6a676255fb8a416f27
SHA256 f9e38f82b51d7898ef9569f51b1a9ed58281417e548343098fed5114c6abcbca
SHA512 35afa02cf539a903642b37999cc7cae46dfd07dc6fc2028dad4be43315a66a892052513484d1bee0e90ce73e5419a85b1ca7b6e6652e64b0ae2057ed5e00755a

C:\Users\Admin\Desktop\00342\HEUR-Trojan-Ransom.MSIL.Crypmod.gen-55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745.exe

MD5 a9b2d45dc6cd5121152742fb24ac6f40
SHA1 ddf58c9685b32496deb953802f3e162a616b0219
SHA256 55bc2b322cbd7dd11ea20e9031b18d30ed2d0c48e1c731d3bb06e7617b184745
SHA512 1dfcaf3f73fe7c1f701201e7f55d97c18820fa898f33373b777ea260701118a091825ba35b633f0009c9eb20fe159d128fdbf082ee49eaee043369cdb0146ad2

C:\Users\Admin\AppData\Local\Temp\nsoB434.tmp\npHelper.dll

MD5 04b6fbef6c229230313beda281aa422d
SHA1 9b23da2fb50ca31938ad5312ae7f174b291fc19f
SHA256 b0457bc4367bbb67b9b995af5368cd7806c8ee67526318dc9cb82eea29415ea0
SHA512 f342263f7eddc9ec68854ea78d91cd80f16462bb33028d986179cd761ed657650a500b7b3ba59a5d253de091b8c20fefacfed9646d88e09469f371f8ceba65d4

\Users\Admin\AppData\Local\Temp\nsoB433.tmp\System.dll

MD5 fc90dfb694d0e17b013d6f818bce41b0
SHA1 3243969886d640af3bfa442728b9f0dff9d5f5b0
SHA256 7fe77ca13121a113c59630a3dba0c8aaa6372e8082393274da8f8608c4ce4528
SHA512 324f13aa7a33c6408e2a57c3484d1691ecee7c3c1366de2bb8978c8dc66b18425d8cab5a32d1702c13c43703e36148a022263de7166afdce141da2b01169f1c6

memory/2064-106-0x0000000000A40000-0x0000000000B08000-memory.dmp

memory/1620-105-0x00000000013E0000-0x00000000013FE000-memory.dmp

memory/1732-104-0x0000000000AB0000-0x0000000000B1C000-memory.dmp

\Users\Admin\AppData\Local\Temp\nsoB434.tmp\System.dll

MD5 a4dd044bcd94e9b3370ccf095b31f896
SHA1 17c78201323ab2095bc53184aa8267c9187d5173
SHA256 2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc
SHA512 87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a

memory/3028-160-0x00000000000C0000-0x00000000000D3000-memory.dmp

memory/1172-166-0x0000000000720000-0x0000000000730000-memory.dmp

\Users\Admin\AppData\Local\Temp\genialness.dll

MD5 4092ba050b6be1584a69b74ce68c6feb
SHA1 cedbb9da0279563ffb153c073846002d30b32a7a
SHA256 927d80753547868763a121a10bbe62d9fd9ce6ef205275e4c120bca30723c9e6
SHA512 d3322541cdbef2e28ff0aa312f8da4d2a95fe9ab2f5afe990395dc00707781e4852145abf8a5294b0a71cca7d17e84bcfcb90f1fb81fdef2411083cfd933f95c

\ProgramData\mmkt.exe

MD5 45184aaea2f47f6a569043f834690581
SHA1 09320ff533c6612e548ac7452d71c39f3ad13f16
SHA256 8fd09186e5d2e2bce989f94b9a1ee4654382d396ca2e2680edacdcf8e21a4385
SHA512 40dd31db4d73c248116ae7abc92195de2f0b5e7eed78f3bb418ba7dcf197f13a364f26f05fdaaa42cf89ea28cca606b1d33cf11a5d4f01c4dea931ebfcb4cbd2

memory/1144-174-0x0000000000ED0000-0x0000000000EE3000-memory.dmp

memory/2804-199-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2804-197-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2804-196-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2804-194-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2804-192-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2804-190-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2804-188-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2804-184-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2804-182-0x0000000000400000-0x000000000041F000-memory.dmp

memory/996-179-0x00000000000A0000-0x00000000000A1000-memory.dmp

memory/996-175-0x0000000000090000-0x0000000000091000-memory.dmp

memory/1732-213-0x0000000000220000-0x0000000000230000-memory.dmp

C:\Sicck.exe

MD5 9e1df6b03289389309b8d1e0168aba3a
SHA1 9a0b3592544c23cb8518b92e11dc79167dd89230
SHA256 cba8829b1989d484a23b2338cd013fd321837d55f6151605e9b454c0d6fa0543
SHA512 fcf290a814fe89dbc261f8fc7be1dacfe93a2b0977020b10af77cedf91bb20391193bc1f8448fd8ed23dbf5d1e693f4744f0254688573938c13e9919cd4a403b

C:\Users\Admin\AppData\Local\Temp\delself.bat

MD5 8720237dd87339e6bc1a525abeb0cb92
SHA1 91822b2afd40fd17dee3af5102239f7dbe836dcc
SHA256 34842e6c5f0f15dae531282e10025c7b4e5e7ed983717bbc653d7a7718728376
SHA512 6eb370ed4beae659af8b3c62abdf27da4b6150290fa3a39aaec23f17872382b621a9d10e2918a4c032d873c7e58a168fa1e81066ca4cf06530ae112697ceb674

memory/644-295-0x0000000000400000-0x000000000044B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\0P0JC783.bat

MD5 88aa5c8f460d3f2b0cb941885f4d6802
SHA1 f8d3fbf9cde2b4caf178e00f680eb5c068bd70d5
SHA256 0ea474970328ebb26055e77a2dba2d9e9054f7a1a6f972c5ec41279cefc1a148
SHA512 e4efc3476e8ee59f679ec970deb51f5b54c4d366bd543d4a2626be94768a0bf70b51df44ac65e78a395d7013b4af56571751da14fd4e0c9d799235e6f728726f

memory/1136-344-0x0000000000400000-0x0000000000432000-memory.dmp

memory/1972-343-0x0000000000E00000-0x0000000000F0D000-memory.dmp

memory/1608-342-0x0000000000400000-0x0000000000B5E000-memory.dmp

memory/380-341-0x0000000000400000-0x000000000042F000-memory.dmp

memory/2428-348-0x0000000000400000-0x000000000054E000-memory.dmp

memory/2000-347-0x0000000001090000-0x0000000001189000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabD56A.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

memory/2428-409-0x0000000000400000-0x000000000054E000-memory.dmp

memory/2000-408-0x0000000001090000-0x0000000001189000-memory.dmp

memory/1520-402-0x0000000000400000-0x0000000000547000-memory.dmp

memory/2044-400-0x0000000000400000-0x00000000004B9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TarD6E4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

memory/348-421-0x0000000000400000-0x0000000000613000-memory.dmp

memory/2804-508-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f17379d131627dd649a7f78926c1a9f0
SHA1 7b73685bd7d86ef71a5473bf66e40234be614190
SHA256 c9034c4d8e678d6840c695cee7e8be86e831415e76f615c803870ebaffa00fd4
SHA512 a29d85d36662f06e621634fcdd3d8535f3bb33c562a74d56546b72e0771e070ab0655f1fef06a1b20cf7ffceea39e371ab7814951ef818cb679b40eb0273a35e

memory/2064-628-0x00000000043D0000-0x0000000004414000-memory.dmp

memory/1528-655-0x0000000140000000-0x00000001400FB000-memory.dmp

memory/700-767-0x0000000000400000-0x000000000044B000-memory.dmp

memory/2044-838-0x0000000000400000-0x00000000004B9000-memory.dmp

memory/380-919-0x0000000003090000-0x00000000030BF000-memory.dmp

memory/2064-923-0x00000000022A0000-0x00000000022A1000-memory.dmp

memory/1868-970-0x0000000000400000-0x000000000042F000-memory.dmp

memory/380-963-0x0000000003090000-0x00000000030BF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\getadmin.vbs

MD5 ccab54ddd146fa5de5cc5acb4bf9b328
SHA1 bd262a39727c1d97ac6b89f25afb0c00471dfe1f
SHA256 777963b725f17c6511fd34c1eac628ccabf1f889bccfa783e8017c2f58226212
SHA512 0dd9e0cb7290e61294328470dfbd7b488356676c8a4ecb4006d74c9177f58d7bf43c4fde378a44aee194b1024e414c85f440270bdfaffc25d7119f0249e8c408

memory/888-998-0x0000000000400000-0x000000000042F000-memory.dmp

C:\ProgramData\ctfmon.exe

MD5 a8347481e8b974e0501429ecf6d1dc08
SHA1 a3d134aeec18e66ecddeb3b2f27a5315d28fdc7e
SHA256 13654cbe13a3585b28b1b19042a49da0531a8db0a93ff7c6d6e52c497f247cda
SHA512 e337f7e96762efce4ea0e67922307578286843efcc9a210e65475b26743c03ecbbf5d3dcec041eef0f103f081d18e203b66041ce52b59d0951b41a52eb69b201

C:\Users\Admin\AppData\Roaming\Macromedia\winMacromedia.exe

MD5 cf1226cc134d454b49c78279b405fff4
SHA1 8fa9963e978ba70821331b79b488956f9a63d3bb
SHA256 1a5a9a1fd35ac4b3b764738fd4d73918b9ea309a24364c6001903b43039d1b8f
SHA512 0a5aa83513ce2598a37a821512625e5d7c0399add3349797ea68506e70db01eb8ab47891524cad7b25d87d548e9cf64cf6480b9561e3b6b8ee97d8db8972ab75

memory/1176-1010-0x0000000000400000-0x000000000042F000-memory.dmp

memory/1420-1015-0x0000000000D30000-0x0000000000D62000-memory.dmp

memory/1420-1014-0x0000000000D30000-0x0000000000D62000-memory.dmp

memory/1420-1013-0x0000000000D20000-0x0000000000D52000-memory.dmp

memory/1420-1012-0x0000000000D20000-0x0000000000D52000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ReadMe-w3c.html

MD5 03cf3439ba072c9b201be753acdef1b9
SHA1 8e903dd7fdc7c59293f0e9147bc63e3c46bc9809
SHA256 6825fdc397c63ae638c494ce09a964b25b3bc8bb8ff54225a9520244918985ad
SHA512 83997f1e13f8f280fb9f5c512b958c9701b34af2c7767fdaf6e9fe5778ef18780245eaf814d3567ee7f9f94a83aef5d702c74bd8ce251383b981c406ccd7111b

memory/1136-1166-0x0000000000400000-0x0000000000432000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite

MD5 eda590c206d230defcf1019ece2600d2
SHA1 a370d11331de608915a8792674307ae82e6234a8
SHA256 406d6ad3e5a0686c089abe565833cb94826e462c77b1b1003dc673c55af561c5
SHA512 c0cc695977fc3f6a489b86254ac02899d70626399fd660e83805791c2baa87409cce87ff8e0f3ccca45db195d839eb5a3ebd1e6771bef5730e32f89df3252e61

memory/2056-1263-0x0000000000400000-0x000000000044B000-memory.dmp

memory/700-1275-0x0000000000400000-0x000000000044B000-memory.dmp

memory/700-1272-0x00000000022B0000-0x00000000024AE000-memory.dmp

memory/1972-1304-0x0000000000E00000-0x0000000000F0D000-memory.dmp

memory/380-1305-0x0000000003090000-0x00000000030BF000-memory.dmp

memory/876-1306-0x0000000000400000-0x0000000000477000-memory.dmp

memory/876-1308-0x00000000065F0000-0x0000000006680000-memory.dmp

memory/1348-1319-0x00000000006B0000-0x00000000006E2000-memory.dmp

memory/1348-1318-0x00000000006B0000-0x00000000006E2000-memory.dmp

memory/1348-1317-0x00000000006B0000-0x00000000006E2000-memory.dmp

memory/3836-1320-0x0000000000400000-0x0000000000432000-memory.dmp

memory/380-1338-0x0000000003090000-0x00000000030BF000-memory.dmp

memory/328-1337-0x0000000000400000-0x000000000042F000-memory.dmp

memory/380-1348-0x0000000000400000-0x000000000042F000-memory.dmp

memory/1520-1349-0x0000000000400000-0x0000000000547000-memory.dmp

memory/380-1354-0x0000000003090000-0x00000000030BF000-memory.dmp

memory/348-1353-0x0000000000400000-0x0000000000613000-memory.dmp

memory/2428-1352-0x0000000000400000-0x000000000054E000-memory.dmp

memory/2000-1351-0x0000000001090000-0x0000000001189000-memory.dmp

memory/1608-1350-0x0000000000400000-0x0000000000B5E000-memory.dmp

memory/3028-1419-0x00000000000C0000-0x00000000000D3000-memory.dmp

memory/328-1399-0x0000000000400000-0x000000000042F000-memory.dmp

memory/3324-1441-0x0000000000400000-0x0000000000432000-memory.dmp

memory/4324-1440-0x0000000000400000-0x000000000042F000-memory.dmp

memory/4840-1439-0x0000000000400000-0x000000000042F000-memory.dmp

memory/380-1438-0x0000000003090000-0x00000000030BF000-memory.dmp

memory/380-1437-0x0000000003090000-0x00000000030BF000-memory.dmp

memory/4840-1446-0x0000000000400000-0x000000000042F000-memory.dmp

memory/3324-1451-0x0000000000400000-0x0000000000432000-memory.dmp

memory/380-1453-0x0000000003090000-0x00000000030BF000-memory.dmp

memory/4232-1498-0x0000000000400000-0x0000000000432000-memory.dmp

memory/5080-1467-0x0000000000400000-0x000000000042F000-memory.dmp

memory/3836-1465-0x0000000000400000-0x0000000000432000-memory.dmp

memory/4852-1464-0x0000000000B00000-0x0000000000B32000-memory.dmp

memory/4852-1463-0x0000000000B00000-0x0000000000B32000-memory.dmp

memory/4852-1462-0x0000000000B00000-0x0000000000B32000-memory.dmp

memory/4852-1461-0x0000000000B00000-0x0000000000B32000-memory.dmp

memory/3836-1511-0x0000000000400000-0x0000000000432000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

MD5 9c56be4459ea5d046617690826ea7e16
SHA1 edec7d389d05a8a90d1776f365fe6e83a33ee3b2
SHA256 5589e2637531eef76210e82824eb2104ba9f9d4550481b18b70f3c090c27270c
SHA512 e139a2d42f7f15286188712ac8691e78c2ca6dcff1a72969b6890c8ccf769ae35fd462fd80e6d719cf787a90352dff0e50c6db9ba4688d304b00f83c62f60c01

C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

MD5 95bb806d7120b6eb5daf3d86f47df3f7
SHA1 30f9cbdef38bc6d68ba8830de681d67008933b45
SHA256 a34b547e920dd21e0479108057daacb40755f80ad7b6e2751b8e3e1f4a9ef79e
SHA512 9258c1111d88435763712f022a2d3c934d7ca0ecacb8e2291cd2a2ff4d50f9fb9a451830d4392a56723ce1b363494658c0e368ad37186602b184f8d5f605424b

C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

MD5 25859ea049a6f51b1fbac001c4b8d8a1
SHA1 bf1dc408a82b96f3711270cda2667c4e736a5b20
SHA256 7e1e0e294431e3a9a0d7bb91578eac08b4e92aef30f503107d721585c878f66a
SHA512 0b34524265d7d89e8c60e6aaaf1bbfc73892988d19277e8ca69bb4854e6b56770fdecfc78c2f222e1f40f16ff3807d3d2dd254cba20bf81dd123fcfe84f81579

memory/4544-1599-0x0000000000400000-0x0000000000432000-memory.dmp

memory/4944-1598-0x0000000000D50000-0x0000000000D82000-memory.dmp

memory/4944-1597-0x0000000000B90000-0x0000000000BC2000-memory.dmp

memory/4944-1596-0x0000000000B90000-0x0000000000BC2000-memory.dmp

memory/4232-1602-0x0000000000400000-0x0000000000432000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

MD5 aa751058ccf97335d6f96de195985329
SHA1 53a00b2dd19dd7f4c9e42e1b1cd1b2bffe6994cd
SHA256 3435fbfd34b9d9b9045be552145da4c359974dc61369f320ddc247bfba6a8316
SHA512 4034709feab2ee53233f0b7a450190e5411111838f2a2fd24f9474fa3e39aaf8a6305bc41462a84fe72f924de0919a87091c3d45a36cd49bd0d2f839f13918db

C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

MD5 6f8f10ed781ba4eb70f1b26593cb6cb6
SHA1 ebd88a274ea6fe5e1d5d345190aa8014540b8b4b
SHA256 8bcbcd49daa549db8ad91a2a7b980bc1c81b6c46c74dd1b7589f43b79bff3d3a
SHA512 d573aa52a49de07f191dd3ab4605f60766ebb13b8fb6af9956687d0edca0aa0a4b13bb6055e0b81e57b8f74f591364bd6338957161bf680cdc8e45f517f9a4ca

memory/4448-1688-0x0000000000400000-0x0000000000432000-memory.dmp

memory/4544-1690-0x0000000000400000-0x0000000000432000-memory.dmp

memory/3924-1725-0x0000000000650000-0x0000000000682000-memory.dmp

memory/4820-1727-0x0000000000400000-0x0000000000432000-memory.dmp

memory/4448-1729-0x0000000000400000-0x0000000000432000-memory.dmp

memory/4876-1765-0x0000000000400000-0x0000000000432000-memory.dmp

memory/4820-1767-0x0000000000400000-0x0000000000432000-memory.dmp

memory/4876-1806-0x0000000000400000-0x0000000000432000-memory.dmp

memory/4236-1847-0x0000000000400000-0x0000000000432000-memory.dmp

memory/856-1845-0x0000000000400000-0x0000000000432000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

MD5 48dd6cae43ce26b992c35799fcd76898
SHA1 8e600544df0250da7d634599ce6ee50da11c0355
SHA256 7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a
SHA512 c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

memory/5172-2111-0x0000000002100000-0x0000000002132000-memory.dmp

memory/5172-2110-0x0000000002100000-0x0000000002132000-memory.dmp

memory/5248-2317-0x0000000000400000-0x0000000000432000-memory.dmp

memory/856-2524-0x0000000000400000-0x0000000000432000-memory.dmp

memory/7000-2975-0x0000000000400000-0x0000000000432000-memory.dmp

memory/5792-2974-0x0000000002160000-0x0000000002192000-memory.dmp

memory/5792-2973-0x0000000002160000-0x0000000002192000-memory.dmp

memory/5792-2972-0x0000000002160000-0x0000000002192000-memory.dmp

memory/5792-2971-0x0000000002160000-0x0000000002192000-memory.dmp

memory/5248-2978-0x0000000000400000-0x0000000000432000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log

MD5 0328f500b522e10f4449edf4ca726106
SHA1 c3d004e072faa3433855e3860a5ca6245f1a6e4e
SHA256 d6d8e61b78888cec3ea21b682d725218b1d0b9c2d9462f6bdf6c1fddc3569d8c
SHA512 013665d5d35f03749baa020e399a25ec8571f1ab54ac0770d52c129881fb5471b85aa9421d37ca2c555cd8bd669c4e57b58ccb17ed7f498c9c287fcdc7ce1690

memory/6248-3650-0x00000000009F0000-0x0000000000A22000-memory.dmp

memory/6248-3649-0x00000000009F0000-0x0000000000A22000-memory.dmp

memory/5600-3654-0x0000000000400000-0x0000000000432000-memory.dmp

memory/6248-3648-0x00000000009F0000-0x0000000000A22000-memory.dmp

memory/6248-3647-0x00000000009F0000-0x0000000000A22000-memory.dmp

memory/7000-3653-0x0000000000400000-0x0000000000432000-memory.dmp

memory/6020-4521-0x0000000000400000-0x0000000000432000-memory.dmp

memory/5828-4520-0x0000000002FA0000-0x0000000002FD2000-memory.dmp

memory/5828-4519-0x0000000002FA0000-0x0000000002FD2000-memory.dmp

memory/5828-4518-0x0000000002FA0000-0x0000000002FD2000-memory.dmp

memory/5828-4517-0x0000000002FA0000-0x0000000002FD2000-memory.dmp

memory/5600-4539-0x0000000000400000-0x0000000000432000-memory.dmp

memory/5184-4773-0x0000000002880000-0x00000000028B2000-memory.dmp

memory/5184-4774-0x0000000002880000-0x00000000028B2000-memory.dmp

memory/5184-4772-0x0000000002880000-0x00000000028B2000-memory.dmp

memory/6020-4777-0x0000000000400000-0x0000000000432000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 862bdb8e47c06c6ddce6a2bbb4862139
SHA1 3660e3f9cfcc529da84ed8c638a33f8c865a518f
SHA256 5d150123e5b35cf0018fe035116062fb707ccc1e60a5de399829de33b1ad1799
SHA512 4853f8fa96eb95f7acc67dbb6d89d2f61693a612e45701ce1a202526b0e76daf2dcddd8bc8782e6e3c385a5d278858635a5802400169bb3157c6c265b1f1e4ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eddb56de2d4c10da690c33b7e3b8a923
SHA1 ab3d4347dc12e50d2a8a6e985bd3b53befe0ba17
SHA256 f13fa4abf1fc1e754e3793392165fe84239386da37eb5a20bd0b4a31ae6fe5cf
SHA512 596247f15421ca7d8a1ff9e3e01529a2919e23947e7642e9016f05fd2a939a8f6adc34316785f5deb6daba088c1306d6cc32bf9d94c6437f9d640b48479dd4bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f16f1e41fffa27c4448fd6b1690bf743
SHA1 c6ca2d6756182a2b48537c24b7bce7ed9a00a61e
SHA256 16d14d18636b043f00e3df3dae8274afe068a3ff2e692a3f003b6d2048a12724
SHA512 e37789c3e5ed4f41fa88bfde77b57ee9961a5f44ec47749ffd8e9c8cd9110a4a48a2d35a76b7a77e5ee93f1a752e3be1b4c748ac105bb5255aaf33f0692e1a43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc47e024a792d4dfd3a9153710e33de4
SHA1 9461bbdcd2fa9f0214224ffcb2629e09fa57e42b
SHA256 692f0e9028c147f8334312b98dcca3b2e5483d96b8ee3fd27ea4f1cbca0a1a1c
SHA512 3d1752b27d5d69b7bf58dd765ab5f540433667fdcf5908aac8b0e24d46b5ea2a3d2ee6730b204aa42849dbcfc374779d8b48aa75e927cd9345a5b970b7fe4b85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04b5dfc0a55c9ba671200e65aa472fe5
SHA1 32bfc31ac9cad243aee245f4bd14455e98b46b4d
SHA256 04c910ef151fae02028f32610feeaf22b396658f73d5a7a272a84a7eb67b1c0b
SHA512 4ce8c3e2cb55ff59bf507fca740af98af7dce841eb0e308867a3f80ac499e1ac6484c20a469c106290ea8f38d17d2bae5fcb22b790443e3f3addc0652ddcbc9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f5e54832f0583eccfed7e3d387b6a18
SHA1 2a2e77154a30291d050180b942df5af700f668aa
SHA256 a1fc304d85a2aed74c4315070a0662d572a32a9816cd7a1f74bd3895184468a0
SHA512 0573f1345061cc643e0744859ac5ec92bc2b9975217ece4f93b38f9ed783b9a65243883cf7944d686d5541c2300e198acaa12d60b5d0f4b60cfa07260023b29e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba8ad2a9e737e296d835cc266f243f32
SHA1 f9a1f2b013e9e8a4019d9f48015b0bc7ddcd53c5
SHA256 22f2a6de3c63556ff0d869d2b84d037676323ec8d7211838d919323aee7634ce
SHA512 f1639adae5816f4b817ca34a36bd6b99930f9600390bd3fb4015212764724da4948c1f1dccbf7322f344b6cf5590c3f347a7353a48b5e1578685bd192f0955b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3181f3170240e5f983b0643f8bafadd
SHA1 99956e71d9e353319198ef5d531541ba0df99b43
SHA256 dad33713ab21ef96cada428187f0a400adbff4e733515e765c17793c81cebbc8
SHA512 a2a797805bab70235352fe960f7b1e4bb2cc440c4edf8b46f52ff870e163f36358beb66631a887f64754e609b58191b91dd16e530fc59af59892f1c784ad87c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9dec688479f9b72ff9242bfbfac124b1
SHA1 e0caf2c2f59f549db79e579f9ad28fd87d584194
SHA256 38b3c870709b91046f15ef9821f0db0a3841e3bed19f9c9907879b2a524559a5
SHA512 f3d84de8c0cc54e35272052654c435e9f02f92bc7b1a337df2ab854c8bf10ee53997d7d6f5edafee4969857403b1bd2548b2a20c00c513d00a79da138e3d16af

C:\Users\Admin\AppData\Local\Temp\getadmin.vbs

MD5 d14a6c18536b08c2d91cc10129cec2ca
SHA1 d1fbfc316c335d22da1da32dc8255e01d3629ad5
SHA256 88f0e55be41422957e8f4fec8caf0f9ed4e68d1f0290171ba8f4bd26c19fa17d
SHA512 1ee2a30c0549d94ab0aa1ac80b621edf740f7e76e9c98f6fd5c76b5a669bb736d84d57f048d8663354dc5467d181d1051b88feac0726e38728e79231b6aa646b

C:\Users\Admin\AppData\Local\My Inbox Helper\My Inbox Helper.exe

MD5 8052003e500e26d2c4c0659cf06fc246
SHA1 25a98e3553be7cfade033c504d9a2068517a229e
SHA256 2908a84aa26483bcaccb06f6f2c8f9c97a70ed45927df43dd48f04caa16f6dd0
SHA512 349a58b2bff78b8385c8623fedce1d909297c2bec4568f87035891c9020c13bd052a296c48754a1a1b20fa2021330f697ef60c82376ab5d5a388c539e4fb3404

C:\Users\Admin\AppData\Local\Temp\nsoB434.tmp\nsDialogs.dll

MD5 0d45588070cf728359055f776af16ec4
SHA1 c4375ceb2883dee74632e81addbfa4e8b0c6d84a
SHA256 067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a
SHA512 751ebf4c43f100b41f799d0fbf8db118ea8751df029c1f4c4b0daeb0fef200ddf2e41c1c9c55c2dc94f2c841cf6acb7df355e98a2e5877a7797f0f1d41a7e415

C:\MSOCache\!!!DECRYPTION__KEYPASS__INFO!!!.txt

MD5 daf2d6b2d0033ff60b7da2b3dabc5a0f
SHA1 b33c6ddaf9782cf29dd69dcc093aeeddf33506b1
SHA256 ea770e96140a6a18280b9cd118bbfd68d72e95d9daacfe0dd1925e277e074077
SHA512 72e154960498fc7cc2b26a98ba0e06920a4f2c8eeb56189448ec28ba26e2667d894b6b2c42228cac4ca37d0e50e0cefd4c197c3e4c7261ca8c0a3a045caaeaab

C:\Data Admin.exe

MD5 28acf0bfb37cb08a04cb3960886f7448
SHA1 0add17424ef7f5a6bd63d9d314e03e5ed38b18cc
SHA256 92ceb8cb0d819a17ae682b2d646798fcf06aa7c9a2025de8a31af7837c3de5c3
SHA512 bf610ac956047de1791df14c27b1b64d04959c565c714f9c36e783b4c63b9b5a8045070e99e906d3aa7d0204dece5819914e9d06f2116b3dc9d5a61243c9e030

C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl

MD5 a6ae8db527950806cf5c4ff90c4d214a
SHA1 a8e534e327237590a2608b20f3a86913807132cf
SHA256 5f217c062cf3c67cdd7db3a85a6f4b0105a237dd95a847daf00a228768ae562d
SHA512 1d246e5519dfc8ee2da99150c61a32234364c15279eed1215f6765d6b6eefe056c45f9b033db572f76ff710cbb5119e9c2b60f8e84dc64afb5afaa7832dd5190

C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll

MD5 bf9a4846aebc7c05f454f8a69acc261f
SHA1 06d64d3bf050b2f7d7b362004671f839f4136967
SHA256 c6210e253086e72c6f3f7c62b1a6b9227128780733d5785b8648d1c71c3a7865
SHA512 df903a5aeb044f60e28b0017f9cc2cc11c48d2e2204abeb8c689f3a788ea31aea2751ccc3f19dabd3b211319625c311090f474ede802940393ed449268a137fd

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 4dc9bd6202a83a6d822592b05e9c5b36
SHA1 3c6778ae92c5d7f2429920e93ccfa23d09c501a9
SHA256 4f4c6b0458edd400d0555af2e57c1d35b0555134d41751c64248a95742b73f3f
SHA512 3020ca978b154dcdb45d50d9f8f988bfca050d9164ad4d5c4cff0b5fa3112d78f9e942a2c4d93665dca700c22524355bd794825843e3e449b44394973bc7c80e

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC

MD5 cda93a7a4d59748f32eb7786acb0bfd9
SHA1 58968eb5144b708a8e55aad0c04580e1951a9360
SHA256 19d776d99b83d04a620cbcb223838902695b22fb328e6eb8dccbc1454e821da2
SHA512 3b26d4ef527b757f88eaf8c697c6d5f0fdabda7a5ec5a02a0a2384e890ed137189c5b1019a98bd5a95999a6083fdef099ed207c4381644f8e6fe54daa54df5e4

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5

MD5 4d57f6a09f7c9ce5e360ad1b76d5e4b6
SHA1 7ca65fa6f5dc7fa1358750020f57093bd7438ba9
SHA256 50673f7e41f3594c92e9fb7dc72ebeeecc897c4d936e55632ac98d7bb871373f
SHA512 dfd9e32a707dcaffcdfeeb3dbc8aba84b2a69191673956c46fd80e93660620e0b04644a0973709aa6598f228a14d9c8511e44c894166bdfd053429fde1beee30

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7

MD5 20a901a42a0aa6ce9cd35803c50bf804
SHA1 f32d9bd4d14a5da1cd326e2029b51c4912cdaf02
SHA256 30402268b722689ef82a43f9e0393447177c3e845b2dd305b6aadac1c437f1e3
SHA512 9538819f395a57a0a2e78dccb9cbf4d14227a08e4ee8f80e6e5cd4c27a6f143d62424313243ae800d964bc4fe31541842516a5cf8b88acec6612e483bb4711d9

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10

MD5 e4c3b78273bb993089d93a319d0a0681
SHA1 76c2724f7f86a2d6d44107c6ffdb1a78b46992eb
SHA256 c746577cac28d123cbcbaaeb7a8006d218738076374b068859d494b7b3067f16
SHA512 93d16d99a6cc3c68b2fa5de8c3f7279c1205c7cfeaa5d8122e97f0a28a4fed68774f402c540ba3fb2fada0b3d0e7ec301568c217a05b2d173d7e2ce3b134f80e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 daff72e68bf9ef721b768d40a637a53f
SHA1 01355379ee8e807a687948fac07696fd6566cba4
SHA256 32e719e5bd32494dfd3764f38c1e4e9417fe0f66c627f4b7c5a0716207b25eaf
SHA512 54c688bc1e666c33a732f8b01c01d41367e41924c9deeaa92dec6f658e5e3098f8c6bacbba0297fb5984b5210c2040938e7d41dd49a3531c79d35bab79956447

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 63b9946224b956f89c16f0e242f4397b
SHA1 372691809fadb5265b4df41a39490a024bd786fe
SHA256 85d49f22739171d00e52e0bab4c10e89ed3f10e148aff965a57a7ca2f90daa05
SHA512 72825f7e378ecd52069119ee98945bed4cafd6635a16cae6b669f24fe2f3cf0ac71c6f72764b9e67040e5acb14b834d77574601398439abf584fcff69943d9e3

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt

MD5 3fec8ea007a8aeee8fec78f53e007ea6
SHA1 f491bb8b2ad6850ce0ea1727ff4428fc86c53fb9
SHA256 c31ede88df6a1f7dbedfe22f8fe22d0a6c2ca7657d82e3ddf20e0d261a645bfb
SHA512 c10aff7a30d4a11e5b37e97a68465658565433c772c41125356d5346eac0fdaeddccdd11cf31e90bc33cb95f8a4aac81bd594a21e356585a33deb94a97cc6aaf

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf

MD5 cd58288d3d46a2e8760375c80d5e9293
SHA1 eb292462cfdf388f415c6a69fe6237f1a8a71599
SHA256 914f17281cc79c00adf4e70bc1808308d91a759ebeb2f87b122df16a6fc56c97
SHA512 ed6666597baf8343649951dfcc0fcc06bcdac16887316fa7b56b4c3871f4f06c33248a50f5c38ec7ce23aba1a50f7d367940e6551101861ea5fe145ba57670ef

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA

MD5 781cd9508791115346c662880cbae5a8
SHA1 ec829c33591a6561a1fe93c3f5584289266abe70
SHA256 c157a0d4699104baad007ee15d05624d5e5c44f7edee74c4a099d83df0a4ef0f
SHA512 a5fd081fe2db56e0a0bdb61bbb791b72001a3042c58193990e40515c7dc9b96bfbe5404eb33bd3645016b94b5a72f0e47db75ffe3df0867594b9c097d31e52ef

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA

MD5 a01fc8b11dcfed48209b66c663f92bac
SHA1 4903692cb952d7b281887e7779874459d2be0ad6
SHA256 7579b19fe0faaeb0b01c1cbb791a7b53f48b34c02f667412bb6bd3541fa3b54d
SHA512 5aad8abcac6accd1d7416ae22272792d308c04d8e165b63b95ec76b495fb695011a77b84c6da8907cbac34ac0a96f1968b154ae21b6ce229879b6bd693d4cfae

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF

MD5 400956f098c13d57e621fe2510767e78
SHA1 acb8d6d67153b759df1c909df70288122e42bd9b
SHA256 3450492d666d01b599d7f42b596558fe7a86b24469f90882a14440ce51f836c3
SHA512 1aab15f5558e41588a76f30fa15a758960263f29a636e3cd237c4acbc7f75e2e8d423600fb8754dff50da58eee70adb64b6630034ec52df059f0b6f3054a4764

C:\Program Files\Java\jre7\COPYRIGHT

MD5 d46f5e617a464681f042f1163e6f0035
SHA1 f7c20deab5f210017f43d6c05e7b0fbed8bba07f
SHA256 0ea5d346cb3df6e14d433e434a7c8ecd7dd83325c11dab82f0895a5594325978
SHA512 589febd99a1fba4e7a0b8f9e49b22f8ea0eba3dfe4bbbf928f1b062a7d8c5f31d50bab88d4a00b7a6a9bc277832f32f3da83afad263f32ef2e008ecd66a91b2c

C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties

MD5 ccb6f914de523e82298bcc7d8b1c0759
SHA1 e895f87adbb839e48e8e2e3b3e6796846e290897
SHA256 8774a66c3403c6f573c9931ffc972612a02876d42f90fdd88785a9239e90f3e8
SHA512 820d7d8939c1a26d015ee0721ea11a7cef674c5256978a12e3344cc6bba072a4617c77b66b0e2fc0d600f9a5f06f314e611090213dd9ac67e020893b35fab84e

C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia

MD5 9dd485f8389f769b5c3c6738a7a54eb8
SHA1 6f8e4bd340893aea89b628cb800decd742938cc4
SHA256 cccd2ee6b0254cdeed2223ccaeae41ab844e86261bd680aed4b99a5a73d5c76c
SHA512 974dc1585418f58c6af8cc90c5a1b7dd56aaada2b16beddc141d0ab82358f5cd744e0cd773da7120a0d04be9bb19ae0b2b1f6bd2a4f5471a6cf6b290e38e8c01

C:\Program Files\Java\jre7\lib\zi\CET

MD5 efb8da49307b189e0e2f25ef9e28cece
SHA1 5103a1eedfc0330b57de8a46c50cbe43292cef46
SHA256 3c20c7fabd7dbaf72c814e4e893df29629b7fef578734c2f141b1083cea8855a
SHA512 7d6ebefdea9ac6aa75a9d325a95ac87b4bf2ec8c143176ff5ac3278100b92040d0c78c109fe97bab6ee3e7f9998afc69c3fb6f91c9751b0b9c35af9e139bbe65

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6

MD5 f4d8511db5e893ee11366827e5f81e93
SHA1 49d3c2f60e845799142efd98f8590aa937cf27ac
SHA256 6c5ef573bc96ea7d4d8ac3c5ca879802beed32abaa19559f0b754667147a6730
SHA512 9b209c1446019cdc1659fe7c506e9cd057fe0f066743125ded45bec055039ae56c7497f8d140b1096abb72e3ea26e16f8860cd2ac02f9ada7fca1dc67e02b06a

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4

MD5 a07b54a49e7fabf5962b4ddf6e1bd29b
SHA1 032d2ad089f243aa7d9ebb150b3fd44ad9c31b81
SHA256 ed113c778d1652614de9e15af80021903c23a53d09de778cc6afef1b5d7c94df
SHA512 218417425f69892556df4e17a4f974deb325727e0c0b4a2287077d3ff1ab067821fbfb2083aeda181316bfb9bc3a0712ecf52ca55764130b50094f302abf5ecf

C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10

MD5 0b8c258c6f07b3834c2106b60756e5b4
SHA1 b1bc19eb9e3879c1d12f9a14185a9f9195e9c7a2
SHA256 97c1bbd6e839f0b99925999fa7ba46d71591218ce8863e3f1e93c6e258141b12
SHA512 a9ec50e4492ed8472dab2a295f1da8e032348fe674508d3739e24044efc7118aeec1c8378a30eef4cb37b75da43a38d9bbae75536a9cff35f84fd5f30b85412c

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9

MD5 585cc73d599344efbb063aa52e69a0cd
SHA1 100631b62261331fd62e427be855af2a3907349b
SHA256 8d00313ba35b8cfa400d62e437f77b25550b470c28c9a94389de1038ff56ca84
SHA512 9d5ec7acc1e03e4ce0c9513c58f6e53c5a7a160ce78a96ac49499a0e55779715a24b4bc6b16faf0181149fad0ad281818acf9994972ce06954dd55a25d8b7e2b

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8

MD5 d74b4f034b50c3278e17e15f3d083acb
SHA1 31a147be5e9a56eb07173d573a81278d78daa04a
SHA256 e72a8cc3c4e666fda551bfe3d073ccb6962f3445d6988ebcfd36a5f3eb8f63bb
SHA512 5c81122dfb6731efb688dde8eb243234f0b9a1515e08e0090dba165e1d40baf8601fe4985038cf8375c9ad77f4c1a61c7567c7bc95c8dfb924b1817af00364ee

C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7

MD5 6b4fef0f58bf0d11f8b40111e89c008b
SHA1 2bc457ecfb3ffba12dff240a2f4c858fe89e1ff4
SHA256 691f53faa17f1366db01c6824ac7d86556f8c7ae02de3263de96b6a7fa45df11
SHA512 28f5fe4168cce36df68d22bc3230164b4b7aaafe372a4eb638357e65ffecd140583581696f240f7b4fb6f1889cde33f861d386082062ae855504fc2098f26cd5

C:\Program Files\Java\jre7\LICENSE

MD5 46d991ef003465999c09eeca695bd8b6
SHA1 b8ea3388b622397994f96810772f0ca1967be2b6
SHA256 b31ac4965e6aef292e3c60883ee1dd18dd344a5c7971807bd3a757a84683c5df
SHA512 0e9e34c98fcedb4161e1d9f658b0fad1bfdc95c8e56610c55fb4e7ee3e0de0ee35f541916f5ee7d52266c257949ee4c5f3700e6191c981672aeb913b72f1fb17

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 bf0b9baccb7d27fc891cb650c4300de3
SHA1 b374a5a5e833465484fafa60d7668a2075a59360
SHA256 946e353eb5dd2705b94888ff62a6605b5aa6ad77da1acc946e9b6e830877bfb4
SHA512 121af8476fd54defb4e975b4d3734c19a2bd156cb1328b7f0ae38fdc9fd2a2381b9ff9e99a7dc630f8cee5f4e12911ea61eb3736b6df8de3d2ba9cbf6015979a

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 3274b5753af25043c4d25f1c7cd6f8a5
SHA1 8beac4389d41ee0a9e3339bd4da464f4fc119a4b
SHA256 d32044698701c9107b393bc113aaaad2880467fc67e354af74d2b361bc402926
SHA512 da2eaf3ff5170a964aa33f1dc2e7dec4fb69af9d6e80ee53b510b740ce2336da7bb7653b39848bbfe647cc2ba09316f9459f45649361cbb3385b21c7ee6add4d

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

MD5 356eb356d46d6c156866032ca9e7a3d0
SHA1 4262ef5b6a6caef14e474b906533e7e37353af42
SHA256 fc7bf719b8146e4de91d18f2ea908dcebbafdfb5c397c7ef567151c0a088f357
SHA512 c5420122bf7773a7bd6663791094e0a0560c555a715123b3078753a05ec07dcca04d5e73bb43f62fe8162dd6e44330a19260694e514d3fdfe9330bdfb4f6af73

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML

MD5 ae4672326f935e8fda0275ccbf6d0d56
SHA1 59799215328f11eeb332578528082cef34b39dcf
SHA256 84607ab80f956674ed2c43dca857152694be7c620827ab374e321571d319bb6a
SHA512 9eb809a54b91d30563634206a1c2e55f4d35757e45544e552754714d6314a22e37442d9c0e9286e306fc01e853eb00ff8e94421565f8870419f101328b657ee1

C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK

MD5 36b3d706127f67f7b6a44a5f5ed00b2c
SHA1 059220c9137ec81b2903ef0183730664b6e68e88
SHA256 0404439dd2d4f55740bde30183f35c6d124cdf925199c2a557dc92a9db1316c1
SHA512 ba63b8dee51efbf5efa6d71f60afc25ed4ca41b4e8f675f6424c607832d61877bd1ae59957977767b3003da99625d0be60ad3a40cf3629a255e74d247d0b5583

C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK

MD5 8d10d878f388b5c7726ff3433fc79204
SHA1 45b25f38831830f7c935e87475c7888f365cdd22
SHA256 e05db82824103b6d5c322c6880e85a5d00b36d9335740dc66b30095f966b10e7
SHA512 1c4ea5c3b7299dd57e204af74ef8e6cb1f5b07860c519c96041577be8622ab1ea66ad5831fb2548f7813af2d7d39a0c942f6e8bf3f0c0111d890cef4cc8d00ed

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 e4e4cf6f3212f0c69a156b73cf6968d0
SHA1 d209cef66f2308ad74ad7a7a7023f09ffcd965ce
SHA256 0a61c6a7ab34d5df358564ecb26457a7c73b6385f63cb345bcb349839c4409ce
SHA512 9c10d96915c9c06a4402db7a721625526802edc354cb6a777af6a8f476a0712271087c1312602b8c15c5ab90238defadcb12ec0445d232f884d3963a3399c47e

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 52d7b4c065fc1d588bd6e81a3205ceb5
SHA1 3be9267f2de77f713d89f7082074cb3c7ce80223
SHA256 ae9bbba7dc89d6729c2f4581b6f1f56cd2badaff73a1cd6747712ed9e98d4e0c
SHA512 23cbfa104aa8cba3116e96eff43a6ed58c1f58939a39b2c8d12ff7a7fea8e383a092cd08a0976ffd2e676d934b399c7810e675f21aff3166cdb5da13f668ec0b

C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\SIST02.XSL

MD5 4799a20596957e80f04182ec1716d551
SHA1 e76f10a116a2c4fa4c7ea2c4302d8693c68307ea
SHA256 ce875080c613ec47d13c0c831d7ac1c345ab3da69b80497417dcf78f9b9c696c
SHA512 8436fd059f934c545a2d39e9cdf321d2c563545155f43e5f92ffa467ce23d01489df31e61ed875851a05ec2bd3602f55a89a0d5df27d3b4c3a87b0c365b7c618

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 df21adbb0024c558202038325a451754
SHA1 c1116607adf5b0859869b6569bc3ea9896db9436
SHA256 81ebf02d6eed6cc3d167b5eaf2a95a882a7e50f9ec21b38a5cb7885c5148b58c
SHA512 590b3b57fc68c967c7785b594af4ca50f0e6a81d640a793079520972c07f40eb8aa290a6306436311f3b09083e8c231313b47144ef23b8b5f5dabec2f1a8a2e1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 6a306d125a8382e7637713db9e8c999a
SHA1 0a512d07fe1d69e0f8e162ecee27aa815439e6ff
SHA256 7c0a63965b06ab37293ab2a14c432d86bae0a02cd94818b2b566a4593e25d47c
SHA512 ebcffe1ba2b27141a082d7eb229905b1c857a6dc8216a55890dd19ae0b2bd3c83ddad3460265676e0dd89f909a7af46d752815268c4cde09e9458ebb7b089a7d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 eaf1dc1d9a7abbf2b62ff40c3376dff5
SHA1 05b0cfdacc2e6833625c24c8f40689e5d9c6780c
SHA256 4db1820915b860088d68f68885caf19fae2dbcd7c5b3f2259c5de477bd41680f
SHA512 f58d5146482c379da4509548e1b0eaa469d8f5216096ef607a38da70afb81fd8eb54d01b1aae4e823d88840c87b7a6bc997a822371f3c73db551f0b85a9897f6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 0195ecbf4454ef0dc683e99adbe5fcee
SHA1 d7bd5f0f8663d18b728f254868f26d4362a91aee
SHA256 5e4461c84d7e3df93f241cb092363446dbfe3369073d30a7ddef94ca93defe2d
SHA512 e4f7e6363e8ec64f20c2fa48a0ae7e79266a602d7ac21ccf9717c1c5768380a7d5bce6f7d5096a39b2ca7c124b72a1d02c42ba40a171e5ce36e440f2962af8fb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 06006943faf42a04ba0f9b14d0c8155d
SHA1 14f344aa5db18bca4a5ad57f4accd90b9c4152b3
SHA256 ac03e08f610b04e5bef6a896cf1c00801d16a4728c9306192c6c533632550daa
SHA512 e8cefbf7f1c8ae1f9b6e41e993ededbfe64bdab9e06f28c5c4e468b54e6974e0a648240ebc7b53eacab0098b5c73d34b7d0383627067318f6effe15b5a84e5b0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 b33281349f5000185d167afc641faf5e
SHA1 7d2cb3c991784828c374dcf1f490ce72d7cf83a0
SHA256 ad393167ba5612082bcaf324b25a8e81c7cea500b51f4c6bc7c5a0676cdd0586
SHA512 a832d3020bcfda99ed27202802d560a20ecb8f6a00efb8cd703bd8b915e9a93dbfeb175fb952be5d5d1d6e364887f029374ab398973e53a9bed11f9412fa6ed4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 cfb02edfdbdd9ed54d1d2560926265c8
SHA1 769994b8b748b230aca3c1c4eecf1af9c67b7381
SHA256 947cfeee232612b3ab3cb5cdabceed02d6fc8452fc7a1ad9c4a888be8b5cb17d
SHA512 9e4ac3f927ec8f20d228471634c226884717273efbb428d481a78bc0dbdbcb5728aa4eaf6b4a013d0ff566f4d2c59580686d16af5da8c10cf64aa97926cabff6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 14dd36f07b097546cd4525f1c4388151
SHA1 cb2aba5a0f02140639a35b3daf319e4422225e07
SHA256 40290b0ca2c546e7f2c8db5a5f236566ebda1b8dc9349a180cb94a11ea5cdf02
SHA512 2b75d93a359a0ffdc300986467416180b0bd63b89ccb9eec2349a1fcf32a587c755ebd529da80206a9e48d825a9935da777ff513de19d8741f2621b7edf0464d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 dc8112ae8504289472cf9b80a6aef5e2
SHA1 94a0552eb8f3d5fb97d9052c93a6abdfbc16ba1e
SHA256 09bba55e23a8833eaac5a359c707f0fa07959baac0f37f62a2ef35aacadce509
SHA512 a52f8970e16ddc49c156b53c15fe57e7a94e965e81a41c4374eabc3080e497bd1e0e8e14601880854546046366c3161463f48c7d046a273b64b6f3a8d1e72e7d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 ef51f420d92d8c8d1e5d362eb54d5f46
SHA1 04917f29d04a2420930be95facda1aac076b4237
SHA256 036108fae5d71f68c6764513febf9baf8e49ebed53b6b7f19196e702da27014b
SHA512 021d977a980de3f8a6c5d6489c6a3dfbc1b6d2f1e739679abb69769d66da0d99f9539825dc3e8f68b4ace48392a63b64daaa02bbd8fe2fb613e2d1f8c00a7357

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 c7330345bfbb102db3004fe5f2a7802f
SHA1 1ab084640ae544619726f1d2c5b6423da602e05e
SHA256 08ec90ce539ef610f8753b3c1fc745d0bb5f4621d80e6f493aab6f18a5118e03
SHA512 07a4879406ba99605abe3d4d926a3a8b39a92480e93c41e5e2c541c8d88dc5a669b50cd462b1c54411e85cd09dea992a38998c542c90c0ec14450be8e9e651fa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 d238d0dd974b8e3a7fe09cf14b4f04b0
SHA1 f091edf1f060a5338fe76257eeb825570b5ca3fe
SHA256 ef8179b8bc153bc437d1b84274ecc8448076d646f4cf21829aeddb75a09383ab
SHA512 9a0044417d2a4794e1c429382d5b56a473b696681e03b76af9b642c29ae3c8e9beb7d0f3432045c3f707e6be298d205aac4fb84e208781273a46830820931430

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 b7bc13b8c8367b0a4a8d2bf9266a1f0e
SHA1 6f38ed1b7078598953145405ac697e51ddf94b0f
SHA256 98907029ef08e17c064e9494c4ea7250c898baaf396488e36394fa4bd5e374ab
SHA512 262e691ad84da03bd4c49aa92caa613031e27a413a9ca757c4225288354b51bd65ce79a84cc3acbbff0e4ed655ae676e67edc432abdb6d2215909df68550a1c7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 e4c450fdd1bbb719a7d678c4f989a366
SHA1 bbcf5869c7caee7c261d5689286b10a9c5a71dad
SHA256 5c50742363e7b1ecfe4b93660496a06212a2e54f6e8f994020440acf050afa73
SHA512 c34d7c1362f0668c130a1f2012994b83e31249cb1c2a6beb5dcc4ff4c807010c65a83ef42e77263d1560027f0059ab6549f846129882de100966b7679a124450

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 e862debbbdb2e021cacd1725cba30745
SHA1 55258bb5569824b4e60d635d002ef6080c5a363c
SHA256 84a5553a3c0c191052669cb1e067013c9c58079700a374e917f0ecdc16ee1596
SHA512 d756f549fb7559c2ceaa897ed019f4f93c480f3f33ca68b8a53e3689867a5d8e107522c41b28caf79c5e2a8e0c8d599ce5e7a5cf7b4bf81e6476197a973b148d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 369e205a610cab65c15f8965af6094cb
SHA1 bd03e0b7291788a522c72f647c51ae1071ef387f
SHA256 04dbc9dd3f1b92313c210f0410ed1e6fef5b386b0b4762e521d68912bcf4173d
SHA512 94dd7e731def9cf4f2b22e10cfb99703e9252658f7c38d0fe0ac03662786d84123f7c1ab75f0157144e49c5432043d9fff8865e43d278480667aaf748bb0c1cf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 ef914ba7c879324851318ca793dcc0eb
SHA1 12a9db5190e0e3c9c689c511c0e3e57a6ee5dff7
SHA256 dc7ed2212da21a6b17c07d042fd13441600d34c35e905d88fca66a00d1e15f3c
SHA512 bc1625f58c309c7c6abad7e2a7101be7456b6da2f2e03393063cbbd2b4537f6f0ee68a7ebff20d4a4af7e8f74d751410f9968cc805742f25ec54ee4efb79e21b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 ea910dd6cd19fffd51de14d2579e055b
SHA1 0049af78751115e9b9e1c821adecae7007f20d2a
SHA256 2ab06730fab323024085d3ca5faad1d44d8633ff9ebccd10f29e2fa6961a9a0a
SHA512 1e414afb2f50b35320c468702afa688af5d93d40cf758dddccd292a4f5e7ee7b49d98c3ce3b7753d62e15c786bba441d0d98d4c409783c367b22461038cef0ae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 84258de2bbd3c60e616e9b5b7f7a0011
SHA1 314756a81c162475ff8820cf6d43b120d11efb7e
SHA256 003a2e8697b2ea223cd7291afba643da0ab26ab10581262184c2556c6047f5e8
SHA512 19f47f6887791e05e6458c4767d387b796792e71060e4de53ade9380835384254ff99474d9d2221d89cfc23c773ab3cefd80428b94d6488c2a54a25c50f4bdf0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FORM.ICO

MD5 2ef9b426f6c7707589d9d0bd73af4e72
SHA1 e6a0ac87ab4a3d0d7b4d95b8230f5013e91a9541
SHA256 07dabe9aa7b3d5282701a4d7287a009de6794fe42a336fe2517765ce1c7ac9f9
SHA512 0544736773cbaaa90163fbc45b039cbe1568f73d6f68b4772cd770293e55f6a3826bd1f555527ab67545725bc0523cf8d9254494335c3d17363640c6d24c0bd3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 5283a5a5e6ca14037baaf8a80602049d
SHA1 3249fdd11c7ef50a6c0200a853295929ea0194da
SHA256 20282de87c5ae8ad08812f042392723577dad552e7a10fd08f2696fe45cd92e2
SHA512 93b51140bf3dfa9140bfaa62ddfc18cd903627d36c26c8d9a627260aa62362b3d3b94d3172d53d788ca02978c5c640a9c35a6041c8012eaa93043c455b76b7fb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 bbf27325e25f8a4cd8ae36df936cad1f
SHA1 a8c83d43d53914498e468ddf00a3780515e01f41
SHA256 e5faa2382c2e3eef2db9f7e0c7211e8bf1498f201811c0fba567dfed77815d82
SHA512 d1d24c201ed5c514d1ce50002b685fed5f53427ce7abf5c46d8cdbe9a6bde7e1f9bc920511b18361a308e6b0944980643aff2f47bd0abe2eaa02e64681a335ae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 6ec140e430a80185837eebd41e5e004c
SHA1 193535ee98571fec6d930028a31a960e6b429dd2
SHA256 cc9a0c083957f6c708835f5ba137abe7c503009e5036602e5c58901ae41f46a7
SHA512 a023b58f40b5f5d51456783f1a40819dbcf1b82c606b5e10c61e9cf9878989fe4231f490a42f1506203a3f30eec0587f93e5b635dd20c3faadf7f755cde8a7ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 7eeb5489a375d5693e8686a8e9c6a262
SHA1 93d6880deace8d4f6db31a73115c8f883181810e
SHA256 60ab84a0553ac76c8c065141672a67eda8472dc92321c8f3bc78abd482338607
SHA512 d8646dcbf9c2e8e7ea9e818ce77fc3a81a53c9ebfb214eb850b3802bcaefb21b1211fef32b1e6bf66ff027b655b6d52171736a875e7ee9c9a36b92dd458f3e8f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 b3b324cbeb649ec1503048653cfbed4b
SHA1 5a684f4f3367252f37f2c2da6c4479f459d2e42e
SHA256 9e2cede8e1249f2c40a6ac0bfa204d2d9bf9cfa124fe211c2a6f50b9e6bf90a2
SHA512 14ee1f4043bb7f2606ff761ea77dc759fa2a6e05fac85cb4b3fa9c36387d75ac4d3d4fbb79077263b34908492098dca3ee0f7981b3184e0dc2ae903c984c855e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 e404b5f67829b5a4fbe37b3abd0aaed2
SHA1 c7eea6baa398fe46c3eec61b41aecf1be47dd07b
SHA256 721732509c64d9985ffd1940d8efed2faa1d66814e506ee97f526e498d14cede
SHA512 b9461b485bad98839bf14e1229ccb4d7fb544f7f0b76d154c009b930226d6e3c23d6dc6a44d44c4e1400ffd7b12c3410ee60f7226b75cb04480e63f1241d665f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 b0c8b3128de53638924fe0fd09e4dd66
SHA1 1b3271c5fa9ae261014f494ab482d9a06744f377
SHA256 d7a80d904002106c51f88687284d377da82d6e94559f502bfeb7c187765469c4
SHA512 f0cbaae4aeb74f6bb382943a4976f2d70f40c5c0834f1428eb93e7e072b46a5f42c9403bef351a41a4f7bf8c29d8eb90d436c77c49afc0f5b1280713afdd1c29

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 71c2993f804f8e2003e896253089afc6
SHA1 8c0a147fad3f4e861ed4fea84e491be914eea3fd
SHA256 f20adb4f2ad0b2950c72dbc3e30ec2aafde4c9a3ce4d64c2f45447d688b80d14
SHA512 0cbb6954e1c42b57f55574ecb51b396eaa503eec1b046bd273ff4de289edaf93a58f97419e7231ccd95555853e2d52764e0b736b39a163350c863cff199870f3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 8325b3b84d8f7f1c8e6af91349a0bf8e
SHA1 d6003b95a4c3cc06758a486cbd384dcef6971a5b
SHA256 599e69559e834bd8bf2e656b52b71d3127f5c8f3a1fae442407735597f5bf471
SHA512 1bf55e3afd6212128e14f69e372f13b0969ee823d472ef1e01f9f14e191ea55eff52f64670f45029c78a4b58283bebfafb12f41b180e62bb93a2ef997971c802

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 6c759885748a95da1eb505d7a933d0f5
SHA1 fe42d0bce97acc9baf8c114a0fdc74e452546222
SHA256 e4a36dd47836c34bf5158cd5bdfce3c634b0097de73101c72e018fbcd3bb866d
SHA512 ecb94bf506f3ac0a42abc42b5629756a414b787cac1bd89949e2154174ddb4db3c58df56cd606048e67f7d2bfad5131876cfba4a79599e3ef8d5c7be557d9b1d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 f781315e94bb4f9ea00bdeb730bd7804
SHA1 1745185fa55c430d6da29ebab91197c92ffbfb19
SHA256 925112b9b2caaeecbdf8be8af79b270983e55fff839fef19f097378140a8555a
SHA512 e2f2cc2ebb23478ca8054038a10e330cb8ba42b87363a5b40104a2e2a236e5280fc88e343eff58c5ba95683c947a5f66e2e0057dfd91f140fc9c7c7e67e70796

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 9008ae975d2ea32465f942942854c08c
SHA1 7eea1de42081bce86e2d024bd36f864b2c190e46
SHA256 31c8eca5c5fdc8505b478fb816b00cc6986c6bc0ef1e29ec14dd2a1148e10700
SHA512 00849f46513279ebfce51268b3619011effcc2a56bfeea4af80f11c8f88477170b0b66ba4a59bff457aab35d880462d6871c6a78eeb0ddce9258c8a581180297

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

MD5 e2c5e3388781810492147b1b99eafa7d
SHA1 f1e8c095f22e39ed67d982bdacd5558d2e9eb09d
SHA256 4818704f75d590b8bb918009e483f2ade4c58633206567dc60dfdc437068ca50
SHA512 992df0a6cbedf7c1630752337b074e94a9189cfd98486ab4d7bfbc457b3e42e2a0701c7d23dc13fa87812f27ae0a10bf42656225b05d508af5b7360d5f353be3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

MD5 800b98790298ff9e276eedce97c41562
SHA1 001520046d0bad659eaba644453dea42fc0499a4
SHA256 9730674edd0b5ff12f2f0de719ced505204a6608afb28f72c3e7b46054769778
SHA512 1eb49515b44b89a6d5bf6a7d6df209a1beb46bc82999e68b4ca7e2ac76ba9897ecc6a184d142d56fe85bb17cc6f38f77a84f2b7ca0509116001335127cbbd263

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

MD5 d3566b8700e2ae0f106e46b73f559d67
SHA1 93414da8beb85273ce6d8358436bfad0721de66b
SHA256 7475d31242b29fd83f88ec1cfa7233078cc388146b4b1d61078ba9a2282ea14a
SHA512 5f81f941a1bc375a4111e0be6576ad3b8856fc8cff569c24ecf73e438e9b082f57e79b84fa521eb2323a8f33acf2b143369dd2d898b2e298e92c8c2e53333ff0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 e1fe4fae3f9cff7c82f1245e6d29d8e5
SHA1 75503ec9061b401f0632cccb784e11e30931c632
SHA256 f5b4622ca041c0e17b3dd5dbcd46ce89e001ce24081444b4396bcf8df9319718
SHA512 177b08537e885acc7afc78fb0c951ba2ed41f86864940d9876c2040bd49595672149a77b164e93ea2c3a8f86871b0425fec55d2431b8a5fde5090c1861a4840d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 eaccfec83a5217a62fd3197c3496d3dd
SHA1 8ec3fc28da3d7bac7e40967e88b6bc1c551e5e0a
SHA256 faa690693d4ae76e5b09581c711452e75695a5706695d4472a302d1e2c5d3eb9
SHA512 201245f48ecdcedcd13fe748d0a24295c44a88a408de8fb0fd67ea283adb393b60b21c6eb7d8390a7ef479dca687fe8560a851ee3401d8c67e79c471f1e912d7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

MD5 21430d30c4d6b0132fbcc08b089d5dfe
SHA1 beead65017b2a4c06fcf1900a4f66bbf9a8369c6
SHA256 61a3ada9d283d40f5fea665c4d1cc8f86bd31bc38be19b6a2e0669e40737a41f
SHA512 de1438d0d03dd9757f6b7b0f76fc81e18d70a44b7780c08f2501c8e7cc0e166bfadea25bacb7784ac04ab14ecb20791f46971acc91aad1adc2aa13cf51474f59

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 b4f8902bc933506ab45d9252c6e8169f
SHA1 9ea8f196448c4d7a8bced63216f95014631241a7
SHA256 ce89cca25a51f081e4a6a85d522a70369d6a55f36bdd454cd452762ec47170e8
SHA512 3e00c84b49df1a6cc1bc9649dc3ebe2bdaaa3c945af9ebd57f49f2212132d9fe4a776fa51d74992c55d65c508d5332e2f4eefcca95a8f655447264e0dbefeccc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 0c4b57c70c58642039c4a1e143447fe3
SHA1 a39c0f1bb8de878497aecf6f6e0d2aa1d4e66901
SHA256 5c708e6399f47a1014fbc142c21bd4d1d0691294b7e351e7ef6e0d4efb56fb39
SHA512 f60eb7d0c8077c6ba080244f745c1f9168065abd5fc68a98b784b9aba54a8299d6fae13d3caa02e32adc21cb64036cb5a2ea7beed7041de415f2e2f5ec20a492

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 f5c3cda2cd59770b81e2796a74eaa740
SHA1 80c9240626dddc0c4ca77fea5416b3182a2c7f10
SHA256 36e964055999b5a90195c5aa056f743f35d251d74fa32abaedd3ef0b56e33a3d
SHA512 e8fa57cbd3f89343c253e31103421c4ce30e930d5147e9c91e554f04028d555ba6475ff08af3dec9e79f891440ca20d16ba539d4ed3c55ffc306d97ccfd1d0db

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 2301287d7fbbecb3032a21299edc5555
SHA1 c692a58980655bd37b94e0d913a4ebc8510da391
SHA256 cb701f4ce9a8206d575414b7d1750f6c4a72ce2f6bdc99395a4423ff32f840b3
SHA512 fe418603aa0bb62c8c6b241873c527cfd543d965d10f22a942f879b9371626bda3a3973a644c89a403ec8f6001b7e18782df4548990ffbd0a0c1bdd4c5058f3a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 a3f818f8aaa4e0b7f3dbe5e938ff90d1
SHA1 36087c50bb59019f145fb6060c0851e5546919a9
SHA256 e3f2916da657f9733070bd797b9c0d0226470d83288811a312d009c391d02a9d
SHA512 a41dee932a15c7314ff2d0be68317857f82dd696e8601919bb1218a2a3a5d02709d52e413317f432ed1a595aa2d14471cf43496a45508b0fb6efc3ce02e6afe9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\VIEW.ICO

MD5 20d487db1a7fc5727f5106dbb78f7d29
SHA1 184bc1724afbb69d55e81568c57c9af5495616b4
SHA256 b4bb8d7c1bc384cf51a212955e133128fa7f7f9d6359f40f25aab38a587e25f6
SHA512 8ff0bf257566acf637c031f192756ca367c511ef319965d0c2f66b7d33cd61e664c358547660549f7222c3b8605521a8a1e23b7a4b2b339460cc3ce0b36b4026

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 dfbf2a1c4791b94246a6059a1caab63f
SHA1 7a91c5ad1390a258a81cba04348cdbbe0b5e130a
SHA256 cfafa31ddec515f1045a0648831034ab9a28f4aaf2a8e5c209eaaa845cd55a7d
SHA512 9f6b9ce2bcd99a19bccd40de4ad0657ea72d02d59c1941b82a6874eb9421abbde54e8a0222c647f7cf0c1d67dba80413f6dc9d53ca03d10daf3697c004b40705

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 254faf9367e5be749b53a1b2e48da0c1
SHA1 a4602d26f92e561a3f61fae791e001ba9154bff2
SHA256 9279871c162fd3f88bd3c935925cea18b93cd96b165bf15fc539d5b3d465e0ba
SHA512 133f550bd9e4653603c9e0bb36f637daede322b556acbb582cc7bdc7d8b855a07aa39f5cbf237d2fb7fc72b5800f000e839b839fb566a895d72819bf503ee7a3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 8b6ae35709ac5e0a8c12ffbfd1674160
SHA1 f220990a9d9314e1900ba2b502e2de6b9e082d93
SHA256 f6eee8a39f40872b41cd2a1ea4d35e76f9011412eaa3e955a610197ca1097d7a
SHA512 787ad9d67b209f5f61f49db7ee12f86f57720f7e94ce9bf2f2143680a7a8144f3234bcde66f833f469dfd2303db3eaf1a0b06a9d580eea9c2034f2db8b0f556c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 9c20269d447aa06d97b1e68c3ba693a1
SHA1 b304d13290f84b3fe86d015d887939a549b465d5
SHA256 196d0b4469c202ff126eec569831a6a9c1e1826b14869bb0ff0c8be68b39b47f
SHA512 2b99f8bc9b181ff1026c86f660d087c530889d285b1bc30250c98da3e1759c522cba3711bd86f6d36ffb87e49011367267369041287362bbc8c499e774cbd30b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 70870888f2a58c87049411a9e99eb137
SHA1 c7f40e891e095d864cb740c2396b56ebdf8a4722
SHA256 bd12556c38a981ac0003c0d0e554f1a9ae0e5e37117d99489978fb50fcac5e7a
SHA512 64af7c47b48fc6f14ff81374fd6f94e07b76e63b09fe73dae5a5377851426adcbe040cf3866a96d00023692f2021750a405294a21796f5951fbf6d725b984fae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 ff1e9cdd5d9087ae5ac24f949f3ec7b5
SHA1 b1ca61c851979c3c88f06bd356434ff36e7785b6
SHA256 65058b621417f6311fd5c0e02e49b6fe55904176ba9712412e8b88888c4d33f4
SHA512 088cb2e34019cccef3d3473c6e464fc55f4a9d796dfeae360bca28df3efe9dc4a6b6c3ee80ffc24226a77277f81276f2424694e8475385dc649ae63e8bf95444

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 ea4cdeade71fc9b99e32d0323153f38c
SHA1 6c6cae005e8ad88408276a5f0f09effa3fb7b49b
SHA256 a369136911234875039de1a12954ca4585891884cf767402c11ef3d84a103c4c
SHA512 f3bc501bddddb07813ba7bec6902c7ddc7ed7b652d6756cb687964e6ac8bba26212ed28c5a38e8f8edc7497ab4c0c5401d3288c2bb729dd1840be7b337c55fe1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 46249596137a2ef7b6ea416b8bb47b53
SHA1 d2a3fce7d5a56d7770862b51ceaef05657dbedbd
SHA256 b3b6867ec103cf839d8deb970c438a406f54ab26a41c61fba79158d68a524933
SHA512 c14479607d96c9affdcde62cfea5e2f8484cf48e4b0c260ab13deb3e608b80e1b11e07846408470eaac5942d1caa6f7a50c17bddcf4b86edae4955bd3e6b5634

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 fa7f31e585fe3448aeabf7ec20509075
SHA1 145afabef33cc43d0704cac9b3e8d08310983472
SHA256 0b9045166d37e1310021cc17d24d9f9397ba516ea5448a0a5b7cc1a26bedbaa6
SHA512 33875b1edc79125ac8475ac6ed3f744ebdafe3a977a245a82c06a6ad0e90ddf3a944cb580db81f778af5aa0693029c9cc049619c0d998c0bc89a0cb5f2142d24

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 df310528d0989b1b64831b547793e061
SHA1 8a9b4621bec770d5d8e9ca35419f7f0295e4070c
SHA256 c323fcb895ef9ee970a5486b5830a98d22ee6131d815cc133943d406aa8c9cc3
SHA512 fe76884a36d7f8e07073fc0f7d16b93ed2b6de9714f1713ed8f6958baaf13d5906e1e895e5862545a68d741eafbcbc1c77d73388025568979cc5030b2ea42a4d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 fdac914de41eeaed9a958c6b557ee36f
SHA1 6964396c1587874b2ce568ca0fc6ae384417ae25
SHA256 a614a2360efd37f3b67bd1f21cab67acb7eb3b4cdef30b337c86323d74ee85f2
SHA512 1ef136752af32a8253e0750b4d4cd922de9f06f4b0475ee6ba76c3064f4a537d6102f8d369d15b2dde89665a7ebe77ab16e9bb3bd92aed055409c664e9b52110

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 30a18b6d95911ebdddc1ead0285f3e95
SHA1 655b92501e12e6735d168858b9506e80deec9d7e
SHA256 28926817a06cc5f9b5be810a347b476faa8dddb9fed2d00ae068359c4b7d1ff6
SHA512 305580735904708d1396777cf5467630eb4a34b943f2d4892b3671b988c274262adbb80d4f551915d1880769b6aac29d25916b18899a6a74deb8046c1278a7b9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 200fcb4acc6ee327afd70286eee21345
SHA1 5885270cd0553fbb2390df9d21bc43e17e69773b
SHA256 c83deba8ad4db254f3cc33b369846540eeb792b650ae39ab309662d27be4ef62
SHA512 5f6cbd172edcbe95a7531a7cada9369831c0a3a654292644cfe3c1bef239c19c6e2f0cdd19b3918e90fdb7e29d8b28ed7f7f5fd626dd30a9799993aaa7d2adb3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 697abc33c59c2f67ba147bc12ced22e6
SHA1 9a1506eae2a2d0ffa1f8912adc80b04d30a8cd51
SHA256 1b16b5bdd14f0e705d7d626f7e73bf6eabcab5303eccc3837fa8ddbef1048d8e
SHA512 3bdce922505c97b63e2e317559591acde297db63a103734c4d041ca2700929ae62f16eb8f26dd41c19359e8f5db7b90bbc9752d12445c4832777dfed1072ca9d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 73ead20bf8c544629f92646377df030d
SHA1 de6ab247e1ba248cb0ebbc3af94467f826596d60
SHA256 005c57c18077429961c343327ab251e1d6d1269f95056ab357ddcf8bde6e4ab6
SHA512 bd3f3b8d3e7af2ae561c60a0856a50345565bbae962ba7d3792820f4156e1ce6265bf391ce32dba75ba151f37071d67ab145f94d00d2ee1a862427de2929cfc5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 9f165280bbd859b637b59b1effbb8111
SHA1 cf176c964e0bfca9eac3a0d27a36e72ddbfaf91f
SHA256 40ba8d410c54aa08232c50418a9dfd8cd2c9968a927f6929256465b461acf2cd
SHA512 f3e26d12431acd05a39d6c9870a974e0b845ae755414fd8ef2e633891213eb3cd9f3d3816fa87462da2d012ee55b97275580608a83d9b2c289591561ecab5b7d

C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

MD5 3ac7b8a400e4c0fa25c7809be5e9d602
SHA1 6c10c5230ba419c45f06eb20ecba105048a11bbb
SHA256 6bfe2917b33dc9095fa79b7cecbdcffabdfdd41405020bf7d003e9dc70bd8901
SHA512 f5cf95d802e6e13313fd21f5ef3a15e9fcb9dd092e7909ef11581dca1a28154da3bf8c7b790907c554f60f82dde613ed5b8457b1c88ecd4262636971cfb04f4d

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML

MD5 9009664a617d8249331c7cdff00dd649
SHA1 73ad7af39e990ddbfa1c4cb22db0228f8d8838bd
SHA256 903abf02610fdcbbcd23af47a3afe299ce25ec18c90f67232a40a5cef35f8dfb
SHA512 29847ba1a592f224fe8b29170986b5ae111d8de42a928eda9d35e3fafc7c956df69e545d11d79192670e1c79d9afbc47d4d067b44c701dc823b152a0aea974a7

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML

MD5 371dc3828772b579388f54d55b97b119
SHA1 f7fcee9785ed5f8681dbc98bcbc01c8bac5baf1d
SHA256 cf9442480533f012eef88300028e4797e0c673bd9df2fa53f892e0236dfd0412
SHA512 baf41988a23524138eaec868cb857cdea0b11b36476737d8157387cea6c17f6480544e01f18f9533c22e5f2bcd27346f4863bf0464a5fdec7338075b824c2ba5

C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.Lck

MD5 b1819aa38dd3fddf2b0499e14c1eb223
SHA1 be645f6b63baf5da3c5e065c54f605a9793f83ce
SHA256 63549c4789267a9204475e5151b71c9588b35a2a0aff766fbaf7a7e0910aefb7
SHA512 5e5b91219c1436738b0d5edf56fcf6e292bafa6f5039e73cea1420c82c2678f02966263f0a5fc6e0e7c2a95c1652051f2b83299b7e5b8e2a9831a30a15b5ceb4

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000

MD5 f4e07f3edd37ed0e1aa691344ef92140
SHA1 adbf0c71de6b2953b13752c9b2c70167958debe5
SHA256 7283266f3845e9055cea851224fd885ac70ab6f3532ac9dac3b1649e343ce8ba
SHA512 3c556ff49ab02735b66388adda7353129f0ef4d108fc900c1112fead8f5dcc02616f3423571af60b8948ad35c608aa2fc3d38116f5820e6188373443be1db59e

C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi

MD5 bed93e486060f98e84a70154e74536a8
SHA1 4acc1f7b5bca5a3b02211970e698f7710a52552d
SHA256 43b977804238e2673e40c375de4ddee21d83b4457ff1cc79a69284b912ec0acc
SHA512 65158d4780782c358450884e23e6027c3e657c97c0c88a0479f687c032635f0c67dc4c42df98f8b28fc2f36a4ab5d2ea02154b5638943ee7a7cf74d2a9bf1ab7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

MD5 c094601eea3e04ff40734c8b0288d1ba
SHA1 aed700ae74b3807eb1dfc1ac78caab62a3e2360f
SHA256 0cff048d2e0a95f2f2f343191614b91e44f1786850b5b756b2620181ec196d2b
SHA512 ec6b624c1625d0230ee07c948ff562e4470c1d7cfc7ab0c3d504e62d08054c8ac61fe664759c6ea50742dae3b1228985bf9f8507c2afdf53f35af2aee442adb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

MD5 80b59e61c8a2086f33db19fc900eb71d
SHA1 0706ba00b4b44e07bd8fbd3a53e424711d372845
SHA256 6be1aedaeeee9b6a425e3e5c3cbbed1015be79aa6e684312843efb2b3522a3aa
SHA512 5459e6666fddc33120d540dc91486f407af2b5f9aaf3dda1b7a416d3b4b7a18845823bac3c8bc1a8b496c239f29b391c464d389ea9d5b7c42964b7a202cfe7a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\ReadMe-w3c.html

MD5 9481addc9a25b8499fec1f34132c39ac
SHA1 d3782a84fc4d98d6182a159cdebf99de8f105f75
SHA256 72797c16a06d90965b88b31bd60f7ad33593a7cc3111df7cadf7e0f4bc7ca1d9
SHA512 5b02ac7fddea1ad64eebeab0927b7019f84d413c9fd890c17c21b40ce5fbcf8eacaf8f8027774df4b060c607c081e12bce500d7285516bfd882205f534366727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 90f968afb83058c702cb20d420417e7b
SHA1 eb96eb0baf32c9a421375409ee88513fe1735c5c
SHA256 a797bb473f198bc72904113b88eabc2566df399b224a59673ad972eb4da0ccca
SHA512 efdaffd1bb494ef0e74cfe32c9b5e012dadfd0e068707e138f22921e034ddc702cd6cae167353b2068d7643ffdb94e33d27f026ad63bd754f2fc261e5015428e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

MD5 c9b6f0707b005fdecdbb82a07ee2ddae
SHA1 bfe342382421febf4887b1a7d3aa90888836ea36
SHA256 3bb856bdc3aae76f73dc49482ae26aeded2731025826d7eccd64daad3db3dad5
SHA512 23e6f68a0d50f9f33eec553201a8814a1042af391d837dcc68a797496915873ef2de2a2d5b124dc719842547b0676f5812b7d12c161b46cc9937a0d15442511a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

MD5 1984268f962e3c76a5d29e29a2e5a882
SHA1 6fec09fb26f758d9901b61e7ce78f0bda796364d
SHA256 a273e221c9e07ea63176cb22bb194a64197ecd55a8f1d72a3116f875b07f6f35
SHA512 480b0bc11c530d66a424d38cfd94213123d3a4b3214d67196337d77bb583dd320569e947363e814f8585462853e58f56b889522849a47584fb164619d23680a5

C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms

MD5 4787b70c61d8595e4ad5b3e4e8cf4fc6
SHA1 1bf42495e1b99b53fc399065dad17b14fdb04cbd
SHA256 fe9375c2f9123b1f4bf0021c48f0915301aad42fcf1041033cb8d1d76bab7d1a
SHA512 ff10247e02ba6fda7dd009e74861ac8c460e154bbc42ed4ff58332197807a7aff3c6b7ca7520a28b9d47713610367006c2053afb246f395b1d6e2b8b1cc1f59d

C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\TN6BGAW3\desktop.ini.KEYPASS

MD5 cd5be1b0ff1afe2e18bb7cff453c2d78
SHA1 70c72755dba33e570d3699515e1c9448c5e4a2ac
SHA256 308dddb6de14e1b54406afeb437a6660d7d0418de565a4c045d46b0760a5baee
SHA512 9a9f5777a2bf6b305201e88fa63e5f8ecce4265006a002552d2cfc49ed00bf405c834ea5f3d99dbb3b0ed6494cc343ee014446b2ec9b636b09c72bd568938648

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01res00001.jrs

MD5 87a7bd472db5f0a7987a119f7ce37bda
SHA1 41546a3e9905d3b71ed630128231d94c587e97fe
SHA256 7c061c1dfc76f4434d39fca8cfcf06803dac43fdcd61cd1a2b6e51bcac1d3dd0
SHA512 69c12050a37f3d44f384764ba85637366e810f679ac408489d262d14d6b0ed7b248606d7cd54c2fba36569e3cd14709b922952d2c850cbe5ae1a64bf3ec2c228

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini

MD5 6ce81a0bc02d431e2c62e1442eb7df04
SHA1 fc717b54b5f8d201082e64c730f8cb6446121d2f
SHA256 1c05f28f00524598bc4228baf89226d44000b4ef86dea745d60e72d5d18791cf
SHA512 18cc455246aa5c0ea0dd216d4530666dfcd85433744fbd8c37d7c890ce6fe35efa901f7e262d2728282aa8793fc55ee529efd906b98e8ad781bf182b994fdef6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite.locked-w3c

MD5 de73d4bda36882969be21b366434842f
SHA1 5b9a0941cd59ea5f3360447e48182543eeee4dd1
SHA256 859d0eb1a05a151be13c20d15dc11217dbf9e5cd7cab8d5311811b6d50e44608
SHA512 6100f9b55d8445331142db5d2be511327e73644eb478810a7afd15bfb0f8c7c26a77d0b95ea69baa9828e4b2be043499f6d5fa4ec4772be58116dacc504cf32b

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 ab8cb12d08aba01c0a4e8ace0bcd66ba
SHA1 b8abfe25e7e00d6e4058522cb34bd2f7227b41ca
SHA256 e6a1f978bec77b22ab2c19bdf869a265684046bcc8ca21c3689010376c8604bc
SHA512 4a2ddf852763a3063ef2870ce5f2d69f44e8d5859954d5e8a552ecc2333143ec74a70733b4602505d8fcbd085ada869fdd3d50ecb79c44cef5517811f198d62e

C:\Users\Admin\AppData\Local\Temp\delself.bat

MD5 d57f4fb1e5ca0ab9dbced75b02a1dfa7
SHA1 e3a457a422a982811b84d5f4f8dcea5f500da8b4
SHA256 6ec2c55f892707040acc734b09ba81117b733805f5fb1746368a2ad752d6a414
SHA512 b0ea9c1f83c556b57f1851dec7092b2b77f88d414d8f363ea18d5eb1811eaea49dacabc3113215bb92698698fb6ac2f5d7b3983d707dbce0f5d9eb7a216ce570

F:\$RECYCLE.BIN\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini

MD5 a526b9e7c716b3489d8cc062fbce4005
SHA1 2df502a944ff721241be20a9e449d2acd07e0312
SHA256 e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066
SHA512 d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad57da9a4386c9dd6d10c77f30a5efa6
SHA1 5d7fb32374e3c72830ec9952bd660541b906d217
SHA256 e9f0bdbcd8722b289e01ea4d98b52d3cdb613bfa348def619c0f466afaeadf68
SHA512 e074dd9810d5ff35004c21098dd977feac7143db5b507c88869f90cf94f5a6f948d3a27770848d3ef32dc3cdf25155990f4d7e993837d80348044bb56b0d79f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 48980d686d13255edbc4e52eb438ad06
SHA1 0fad0aa5873768a885ffe6c6c302101982b9d110
SHA256 7f2879a34528c0de73a16ed5c61898f64851173b5ff278bfce0e172d068f99d8
SHA512 1dc7cb1fea3301336b8f05966c9a673fb9e8e167f730f7e59610c319fb7cf2c510cb9e37481058cb48cd8aeac523231c1d75f7716d70865c51aad18db42cfd97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d168f39117874aab60ec015cbd4f37d
SHA1 0b53927854fc927a43eb155aea853ca7b79462b8
SHA256 4462770c6909c63ab263acca384d985d650a81705d980b1542f60c3bfa721903
SHA512 6c034a7891fc162e10ad4008ded23d5ab79ee9d78dcf018b37c58cfd49d7543b8a5bb458ee3b5ddf019d860fe058b03fae2016401fe378de68193db3dfd4cf8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd97c5e60df9be8949e15820375767bb
SHA1 ab1939ff336ced6c09f7195076fed48587dc3236
SHA256 6bb21c4deacef5e335e069e682d489342439750f15a1d8cbd2d44f53392e2e3a
SHA512 3fa61e13fb409c91385aab784cdad7f234a966af1ce3efd29816e1edf27cfe9040f83836438702c90e77c74cee3b9810872e7653a4ed59858ad7220cc3bc59d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae16a4021238a2617e64f24a156ff78e
SHA1 7e75627e7c6a659219ef3ad471d30bc8bc3ac921
SHA256 53ca30e0195c4631058bbba80d4f62c3f0162314ab19636103b7a8abd8d0e3c8
SHA512 ecba3afd9988e10ce4c1940c5915bf1b5fab4b6ef21aa00c9b54fd02068aacce264843d3bc96df993b1903370d93d8f70e557dd0256462a3609bc0d2372ae487

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 660e8d1a9bf39061302e81dde5465a3f
SHA1 372a470c7076ba9eb60b777578b2f0a35b2ef888
SHA256 26882bc113f734ad9d4b734caafc0cf6aff4c2574da7694ab11ef0b13aac3dbf
SHA512 bb63aca071d22d704d68324ab658e5877f4a6eccade8dd82460a91b762951537f53f81e9d9d5697d8b258b36d48b5f6469d0b7f1e3b38b61483971418914b33a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e2ee22826e2586c7cbddcd3eade126a
SHA1 1cba901ffb1486f688c01687d340d9cfe256814b
SHA256 f3c6326e631e0b035b562fbaa050df41131fa2f234b7d818c7a9a0bf0f059299
SHA512 af051329762c551e920212ab18d3ef482a5d7cb82056418b7bbf9e2f3965fcfff1944d055931b5dd145eb76b39ef4ca50d7bd4f76195aa3eb319332815e6edee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37e97d85f03aa0583e95f279c947b640
SHA1 34c8ce283e7c7deb861f1ec624089c6109ffa69e
SHA256 26c9383c393086078d84d7106356002a80c982800ba7a3b374230da713421f52
SHA512 e921e7793586bd8b1c952792bede136fdbe4e9da4830bc7614de2b98c565c732a6776b219d39d6f5f9f025e0d756559a6f85bfdf4a094d9340955d1db2992548

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 026e4d60a74548300934065a37f48eb5
SHA1 24570d20fdd4ef52f44e4800841656422a9f65be
SHA256 b20f86d492152cb6955b628e6f1bacfbdb571c55de6258101fc809d8fb023244
SHA512 66ab6eb6730e3e862596681606205d29854eb170f4769ecf30bf8655228661cb364aea84396376ecd1f0efdf9b338d9a9f83d71028e823ee7bb0cefd37e54391

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4bf9cfdf4b9e34def1592215bdfebed9
SHA1 19764ad036c59fd45607b8862f15bf7053882e5a
SHA256 83d3c62395047c6a7c77e1392464717d2c4e423f905be205485f91d0668cb4c0
SHA512 d5e0a87bdbe1484235b8356ceb75e37a097bbfdb07e0265f0797e7d33ed2089f1fe150a21329f06944cb9be5a00cf9dfa58b4e6c925f5d9e31c8a91cacf9b64a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca86902fadb734a25715c0b60be53d4c
SHA1 a8942d8d965e90c33996d4ab0794c324ce4c77c4
SHA256 59bb948a5328aa8d4c0bc74f18cdece6012b7d08dbed25e6bdf2a56be6d58110
SHA512 a5ad206e92dce9b298c224ba22f821ec61f1ce3a2eea1a76b29da92fb1bf02aa850ba62de80c1f60d84d2a355be5837b5f4f3012f92ff51fc105be4f81464669

C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini

MD5 e0fd7e6b4853592ac9ac73df9d83783f
SHA1 2834e77dfa1269ddad948b87d88887e84179594a
SHA256 feea416e5e5c8aa81416b81fb25132d1c18b010b02663a253338dbdfb066e122
SHA512 289de77ffbe328388ad080129b7460712985d42076e78a3a545124881c30f564c5ef8fb4024d98903d88a6a187c60431a600f6ecbbe2888ee69e40a67ce77b55