Malware Analysis Report

2025-01-18 20:53

Sample ID 241122-dnswbstkhy
Target Batch_5.zip
SHA256 51b3773145652b5d559396a08e1282a3a1d92d4df473f774d61791386fca0598
Tags
credential_access discovery persistence ransomware spyware stealer defense_evasion pony rat collection evasion execution impact trojan upx hydracrypt xorist
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

51b3773145652b5d559396a08e1282a3a1d92d4df473f774d61791386fca0598

Threat Level: Known bad

The file Batch_5.zip was found to be: Known bad.

Malicious Activity Summary

credential_access discovery persistence ransomware spyware stealer defense_evasion pony rat collection evasion execution impact trojan upx hydracrypt xorist

Detected Xorist Ransomware

Xorist family

Xorist Ransomware

HydraCrypt

Pony family

Modifies WinLogon for persistence

UAC bypass

Pony,Fareit

Hydracrypt family

Renames multiple (2188) files with added filename extension

Renames multiple (474) files with added filename extension

Renames multiple (7132) files with added filename extension

Deletes shadow copies

Renames multiple (8207) files with added filename extension

Drops file in Drivers directory

Indicator Removal: Network Share Connection Removal

Disables RegEdit via registry modification

Executes dropped EXE

Reads data files stored by FTP clients

Checks computer location settings

Unsecured Credentials: Credentials In Files

Loads dropped DLL

Reads user/profile data of web browsers

Deletes itself

Drops startup file

Credentials from Password Stores: Windows Credential Manager

Drops desktop.ini file(s)

Creates a large amount of network flows

Checks whether UAC is enabled

Adds Run key to start application

Declares broadcast receivers with permission to handle system events

Looks up external IP address via web service

Accesses Microsoft Outlook accounts

Enumerates connected drives

Requests dangerous framework permissions

Accesses Microsoft Outlook profiles

Checks installed software on the system

UPX packed file

Drops file in System32 directory

Suspicious use of SetThreadContext

AutoIT Executable

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Program crash

System Location Discovery: System Language Discovery

Unsigned PE

Browser Information Discovery

System policy modification

outlook_win_path

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Kills process with taskkill

Runs net.exe

Modifies data under HKEY_USERS

Modifies Internet Explorer settings

Uses Volume Shadow Copy service COM API

Modifies registry class

Interacts with shadow copies

Modifies Internet Explorer Phishing Filter

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: RenamesItself

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-22 03:09

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:49

Platform

win7-20240903-en

Max time kernel

359s

Max time network

361s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\bd2d4d43009623941f49554f5932188154fc9d16d820e00db1281d057468b017.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\bd2d4d43009623941f49554f5932188154fc9d16d820e00db1281d057468b017.vbs"

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:53

Platform

win7-20240903-en

Max time kernel

600s

Max time network

361s

Command Line

"C:\Users\Admin\AppData\Local\Temp\be514549a2e654706aeeaa15c8cffce504f0e271c904fe07d865f3999ebaa61f.exe"

Signatures

Renames multiple (7132) files with added filename extension

ransomware

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Deletes itself

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update Svc = "C:\\Program Files (x86)\\windowsupdate.exe" C:\Users\Admin\AppData\Local\Temp\be514549a2e654706aeeaa15c8cffce504f0e271c904fe07d865f3999ebaa61f.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Update Svc = "C:\\Program Files (x86)\\windowsupdate.exe" C:\Users\Admin\AppData\Local\Temp\be514549a2e654706aeeaa15c8cffce504f0e271c904fe07d865f3999ebaa61f.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI C:\Program Files (x86)\windowsupdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2 C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0297269.WMF C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE02120_.WMF.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR22F.GIF.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataListIconImagesMask.bmp.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEINTL.DLL C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\pkeyconfig-office.xrm-ms C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02055_.GIF.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\UnformattedNumeric.jpg C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImagesMask.bmp.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\SplashScreen.bmp C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down_BIDI.png C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0102002.WMF.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00330_.WMF C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGWEBSBR.DPV C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\server\Xusage.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\calendars.properties C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0251301.WMF.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\OIS_COL.HXC C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\macroprogress.gif C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGNAVBAR.XML.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\REPTWIZ.POC.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HM00426_.WMF C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Civic.eftx.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\JUNGLE.GIF C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\NEWS.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH02155_.WMF C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\BIZCARD.XML.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\QRCode.pmp.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\settings.css C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD00297_.WMF C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00810_.WMF.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02736G.GIF.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR37F.GIF.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\STUDIO.INF C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\settings.html C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287642.JPG.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\settings.css C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48F.GIF.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\settings.css C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek C:\Program Files (x86)\windowsupdate.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\PROGRAM.DPV.How_To_Decrypt.txt C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png C:\Program Files (x86)\windowsupdate.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\VBHW6.CHM C:\Program Files (x86)\windowsupdate.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\be514549a2e654706aeeaa15c8cffce504f0e271c904fe07d865f3999ebaa61f.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\windowsupdate.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A
N/A N/A C:\Program Files (x86)\windowsupdate.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\be514549a2e654706aeeaa15c8cffce504f0e271c904fe07d865f3999ebaa61f.exe

"C:\Users\Admin\AppData\Local\Temp\be514549a2e654706aeeaa15c8cffce504f0e271c904fe07d865f3999ebaa61f.exe"

C:\Program Files (x86)\windowsupdate.exe

C:\Users\Admin\AppData\Local\Temp\be514549a2e654706aeeaa15c8cffce504f0e271c904fe07d865f3999ebaa61f.exe

C:\Windows\explorer.exe

explorer.exe

Network

N/A

Files

\Program Files (x86)\windowsupdate.exe

MD5 0c526b77abfe8d54363e3d14aa28acfe
SHA1 3239434398da123454635d8fdb0bedc9f40d831a
SHA256 be514549a2e654706aeeaa15c8cffce504f0e271c904fe07d865f3999ebaa61f
SHA512 6c201b45e2041d3f96b05e0275c7e1164ea481b704b49767d2decba19e1587fc93ae54078c89fcb6d937de345697fe7196e49cf8245a53b8f519fa63970b40e4

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPsWW2.cab.How_To_Decrypt.txt

MD5 026abc0114bae5f316aa5efd8485427f
SHA1 a4a598c546c94a80e45c9baa3d0eb16d2abb2b13
SHA256 b6fbd939345a1a5e755aa2e02d120e1c8dc16db0e45ec5c0a26994270289cd3b
SHA512 e0431e4f17b729f57ceacc9898bfec95bafea221a45462c8fbbfa1cb4a8502926e5da98b4d7214d2b1e83a89dd59cd2a37daf0a836aa0ae1ec437212170805f8

C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\branding.xml

MD5 f905c5d6f482e48c874c2369169e78da
SHA1 45ae7aba61c0d82c43dcad012633d1b579f6a5cf
SHA256 debace877258a3e5aae5a67af058f775b531593bb25165a9cf3358b3b114f04b
SHA512 eac3ca533824d270e202d1e97159df36933a47cac6d52c9da8ce028738fdf776023d94a1ae6fc60211b611028c40d87f34e819f718584d189c2a35b2e0cb03e2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.encrypted

MD5 cc1d40e4c61712c025165189a12ee629
SHA1 27a760157e0a19e8a7ec16a6decd0a5896293302
SHA256 201c94e3a56b109175bed6fd67728448c3b55fd094ae482025af4c9e656b557b
SHA512 8a0ef7a6b5c5a553043062a811f7e5f6af532da29940cfba80563ab79d63d1b711ae0304481cb293d0625ffc2ff42dcc6a35c113588c2640b2442a6a7cee382b

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.encrypted

MD5 05684cca40669b05d6cf69d1fc186aa9
SHA1 e1d693710208b6d3005eacf907dba6756f1a9d56
SHA256 cb46f5c3896b3c8e0f54442e599c433e55616caff67f88a35713d6ae658a25e5
SHA512 1230d4386d0c71cbccd1da27e537ffcbb3a7673c9bfd11be0e5c9a05dc934c7d42d2bb921db8305be4d9cd46e8dd679de29a6ff828dd9dc8161899eb431019df

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.encrypted

MD5 ab8b5a626c0b809fd19e5f6a035fc5fd
SHA1 0638ee2add047c0058b0d4ecfda9fc0dc7a17114
SHA256 51498575e7a2c4db4f58c107ba0bb1ceacfd296566e81a60d0de919b02a1f320
SHA512 388eac8a25f96b9276ee4a96b79e44049c71bf4f14374514c4092820c8f4d909205e992e01098e4f2993db86f70a4834b758526eda433518516181aec2400f57

C:\Program Files\Java\jdk1.7.0_80\db\bin\ij

MD5 ef34bde9e9c5c792af300b9f939b8c6c
SHA1 444af4c99740849442bfe05ddc14de94cdbf49ae
SHA256 5e997c9dfb76501425c4ee6b7755ff591e09e4091589c3e722c9a3f57cb8b961
SHA512 9feb3620bd7be186dc77c276ae9b7cf3fda5f4051cc4ff5c8ec609fcdec2174c741a0f4ba0e83e4ceb715d22525bd31a75aa9eaa7b0cdf8b775066cb74bbd612

C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.encrypted

MD5 06b5e232f2337077b68abcefc83ed443
SHA1 5a0cf266ec0cf20953c1d7afacdf85f463924bf6
SHA256 5a1ceeadc6d559b18bd016bd6cebe7ec137e02047115431d4a58bc28f8c0758c
SHA512 9bd604c2ea10963b3e3e53ef922c7161fd607f29c6f8b4fb2ff53f7d1d984e1efb306a97fb2ec4c55f10e8a79a961047478cc363911b31f8b40e3a1a2bd4bc21

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.encrypted

MD5 b36ad0856f76c6b6740ae4e2fe0bd5ae
SHA1 1d3ffb14da0379717657d731195961ff1923702b
SHA256 341114f534411e64338a382722108149a920f3dcb812f1f5c529332fb4ee6121
SHA512 e025a5774c4a44ce98e986ec10dfabd23151d35f1b064b3460e352030be3e3314bb21af7863e8cb3563d11fc9a546d16411690974a9b263284cc72467c93f132

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 ac9158ad462c01faa45af08c8819ef42
SHA1 73928a928bcc2f4cfeb012e952263d2becc21dc2
SHA256 02aaadc2134f0dd308e4fe9e1a95d20614982000db8ebd300fd5f0a70bab4352
SHA512 6ee786e2ac2290ec94f43cca9363e8cb6bde8b121993fca30286438fadf1675f8c527d1fdebe4104502d9de879546ca4b095d99aee075351d69ee66f815ddf54

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 d5d97250865846610f5cd075fd8abee0
SHA1 67508854856ca966bb7f1180f9de62747a497c8e
SHA256 3eba86ecb5e978787894b80ee82a6457bf6e20e54be8b32fea03f46328027b05
SHA512 07f39ff3f28d9c5097dbeaec7a276ee8b59fb0fcb89b9e93e2d4ee69e8ef6189f6a9372d00de1e77099ff03e6c724a513c6aade9c4fe9fb89fcfee74a1b76089

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf

MD5 192588a2c23f769237e88b97efd4b027
SHA1 96b306e71e02576ebdd8a2118b32407629a6264c
SHA256 88b73a6d043343a045b33772721b171c8c08587928af980655eee0057b18429d
SHA512 0053702badbb7763a39ec1b74572fea70f4152159b4c058b4a47064b35dce56fb292237490acd93a18378d84300c351870d5c4da945bbdd5a719d3f2aabdc5fa

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt

MD5 d54ac339fd3079bae1002089f3bf901d
SHA1 48010a3cc51626acbaafd3c0b7d8a06f3f590a00
SHA256 1fbfbc909764ef74dfeab25d9a166f1fc7e1e3a47d055cff128d2895953f00bd
SHA512 8cd46e647190983f9ad13382f6f33f17db89e57a7e51fd2b571f2e07807c737ce2cbbb0e2069579ac967a7dec3e2c19a3f11c02696a2270d58191c18cedb9c08

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA

MD5 57688fd089098bfcb1f939e6a6e5499a
SHA1 46bdcf0cfeb4e985c1ad4118cfd7a01e1cf879d9
SHA256 2f987e144d1979e90c2ddf828f6cd9d4af6f0915b38f533964bf445df8f06490
SHA512 1383a260d86d5b54b70e03be86b3b81c4a64ee1ab954acc295e3a8eec9e47184d5a7cab030714742c3714dfa7d4ea0aabb3b765c18c4199d1c685dadd671c89c

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA

MD5 5cc5013b37ebb4217c66deb419242565
SHA1 df1154be4edcf476b43b2b13b45e50b04c761d7a
SHA256 ef50a9f0fe38b9ed2755a973afe06785b455a75bc224b263f817464b009d0273
SHA512 8444667712a872bc0c033d079e9fad4d9a53055c87bfd461f389bd2a97c4b474161151c5ce021f74df50fee44bf24cc6c4df3505fc35875842cae971234c7aca

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF

MD5 644ef1a3594bf0e91f0c984c0550c9cd
SHA1 b7a670ef0ae22017ba4b734a779a51aff872d21c
SHA256 a5cd0439a9f8ce77647e0182435550776cfbd99673352b7e3d636daa760ba1d1
SHA512 4d1a377f44a1e2575b712e0e0cc33321bd9da9492584010577aff57354d0699d2124b80045502b6a2bc46fdfb4a579b36d4a3a1ef7e45ffdc23ef463d85a45a6

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC

MD5 ce31a3b2b77052cc5a895ee190cd9912
SHA1 1ad7d65ad30b89918cddb5b25d89cf0d70302473
SHA256 6bf6ea236cf9f23c6837484d21886a600eeb04abeea9f70d07dc06a085a76258
SHA512 43d358e821a0b751c3935c427cff92cec2bb9983051ff4c3953be51030a6c24602fd4d3c0078b1199a7ab3dccf0859f1c561ffd1d544629ce34ad4d2cfade238

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5

MD5 5cc04a365ee65cdbe89e223cb4fa3a2a
SHA1 cf3a92d63e46ddbac804f6714e28c7b3966d8d2c
SHA256 9068d7a9456d339b58869743ef4bd6b603c34ed3119d386103877f760489a24c
SHA512 03998095aebcc2c12b109b325260a532a1f51798979fb7c7784835d7132db5ffdc6c2607ee2c195bbc13b40e2a32d3a747662c865cc7f2de2597ca44c5eecc6c

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7

MD5 8fb472f95e5dddc89a57a3bfaa9b40d4
SHA1 ca58362c5807a596472eaa1097c7718f99f836ab
SHA256 0cb157f2a8af8003dd6b94fa25581567ca53efba057bff255b0d22db2068fe49
SHA512 8b6297f97dbc39b120f005f2ce870c0f1eab1cc48d4c0704d4b59a148975ed7dcc6df9a0e5923801c276663eb96fbeb3fc923aebd1003d324278f7896518cfe1

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10

MD5 c95f19a5f9d01cf50937904b587812ce
SHA1 e33a3343af44813dcc7d0d580b45c618e02d289f
SHA256 4cced5b2be89a2f2b6c29981b5be0406a1546f24db2f68c468aae7a4cb2e96ed
SHA512 b38014c6e34f9b182c194d5dd21e46443bb1c8e8a91339949ae9ad5b1e76fc563bae0d53d57ce2025245558b277c04f605701ff6ceaf9b6caaa96009b2aa9249

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.encrypted

MD5 65ca701107d82d9fe903fbac21b9edbf
SHA1 9d9bf0cb9f56a6ddec53f3a92216cf62a789f9ac
SHA256 a0a78049a918b0a552ca9b411dc01aca5b7035b2611b7a67b5269f852c8f6aed
SHA512 e2508331c5aae812d9eff7273489f0e21336c7a7cdb6f3059337ded77544ad9041da2ea945f496aa5315bbbde27900245ca7a820d0e63a7c71361f3d7020a124

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.encrypted

MD5 55e096026e5ed4ced092377bb2d5c947
SHA1 e0328d2b1089cdc92f2970f4ef9b32291c3d696e
SHA256 a15b07396de0ab6b68592fd497e1884aa8f485da1addc48dd03c27ba76601edb
SHA512 f496eb5c3dfcd666550aa9e96b32c41a6355004d731d17263c706dec9cc711fc9d1c81dc38513c8a75cbdb3b135a97038b40f52d9517a814b93265832ddc99dd

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.encrypted

MD5 64bd00993b4ea08eeff3461a4181ac92
SHA1 a2d2d054425ee9358d51df54c0dd2141c24cfce0
SHA256 3858571a2cdd26717735e8d3577d8b4c86aeff4a693e3f11d14bc428b8688522
SHA512 a450f6a9d4453315a66779224aaba61c7ef18930e8084c5687426d7bdb6963e91f90c767c9c7a7af8682f86170ca90e08f4819a391a097ba3116e29fc291aadb

C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.encrypted

MD5 2a13d024908fc1807fb32501152dd84e
SHA1 a25d72c18df04151eef5ffdfdbafd910c80f7c28
SHA256 8502f0f858a07d80f8ba44712b39e18b59759cbbaa97dc9ac64e118b813ddcee
SHA512 617e58cea3bcd599a2a5ea73e801e1a0e10346686bad9a8729af3377144769d1ae81dbfdae03f79fc82b4fd6ef1359b100a18ab5e670c46d56d8a10435b2bf31

C:\Program Files\Java\jdk1.7.0_80\LICENSE.encrypted

MD5 14e1f7baf0cc8aba9075203f01269502
SHA1 7703107e14af4ae1b2f07f7911594a2fe71f9614
SHA256 d2db9ab4b760753902a103c70c75ade7903273c27bebdeb17f7b2b51c25fb83a
SHA512 0f88d7d6de3c1e41876966ce0edc774fbb3aade653df2c27ad02aec807f838b65ac933aff54ab4bbacfd646695e83dd28243be046fe3ed272c7b89f4b89f52d7

C:\Program Files\Java\jre7\lib\alt-rt.jar

MD5 97215a582f670744f53f2b54beb8e4f9
SHA1 8db252f692e8990bbab9fa9ff510a724a99b5cd5
SHA256 f0c3b80d555d63204610794440c2747c3b691627614d81009da978f400df27ec
SHA512 831df6538097b319136cb1d22b217549a515209958a57ea894ce4a5b873b49e53c63b532215916cb9d4575acb43406ea5e177fdab90e5da0f7147fbce3f6859c

C:\Program Files\Java\jre7\lib\accessibility.properties

MD5 da064a9cbc001e371bbdedfe78bec5b7
SHA1 4d9c71a46794c9795e7d8380bc0cdc6dbc53478b
SHA256 f734b6b92d9296ad752cd97adbf00eb64cb6835cf1b082f69f60c3636ea21553
SHA512 6d9efe43969d3566d3c1829b8c1df182bcb63be11b4450814fcccfa2574aee1ca932c898e81a588f1ceaaf9085319fea5d26996b68046cb22531ace90f7e5521

C:\Program Files\Java\jre7\COPYRIGHT

MD5 0d1092835c3cca64cabf75643cc8cd9c
SHA1 70ab1b51e7f403996c22962df66b01d492b5c3f5
SHA256 72accd27e4b3ed3346e4093aa385ad1ec5e4b0de614a4efd1366cc9fa660cc61
SHA512 85ac14d84a2e1a1e603d39574d42079d483504f95c918c59816c2adbfd9765913408f6f27097a242a974531ebe9974fe3a025e10ff3675acbda039ee9ddd23f1

C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.encrypted

MD5 7f589d38b697d4d9c5a95ec7caeec411
SHA1 b0f5bc81b9125452c7b9ff961a7e8a2d7d53c056
SHA256 e81f3c4e82bf6125e3b6cb650dc6694cef83aecb885f22304afc0e338562fd7e
SHA512 0a8e5673474f523cd25c105b29a185042f71cad550824f34f38d1b4e954ac00b3bb702440258e283bfcc62645d0dbf9ba01162719d4617401baea82995c43569

C:\Program Files\Java\jre7\lib\calendars.properties.encrypted

MD5 df2f2fd3ed07f6847745b1844c4a2a23
SHA1 acb7582e4b36955eb9077c3e9296d463427cff29
SHA256 5a7d7bfc89f4de727ecbf5b823c99e0f91e844ca7a986896cb058e25877cfc2a
SHA512 982981b5993baffab19f4bce706f773d3a8e27de099013f17c376cc32fd1824e4571f056a168a36fea8564d829bb4e4100eed17bd3396fea3ba51bd166dfb052

C:\Program Files\Java\jre7\lib\classlist

MD5 e1d9b968cfeadf0312cd8f477f2a2fcb
SHA1 9b2fbba2d513cdb48bcb13407073e9e1a4b86927
SHA256 22832049dc31d83da5afe644570b3ad792fe5c2440f09847a506593fd3a74360
SHA512 b72167aa425df031003b426db99ed643dccc2576795c272e118dec855bdbfc9ea20f888e7ac9d2bc59b62eb30516226ae576335068e7945edd91bb0cf08d80cb

C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf

MD5 1243f8975d6f3bd498f9c5b27e9d0e99
SHA1 cae4f318159de140a07772ca3385de3a6b3595ef
SHA256 0db206d1063f87f50c150c7b665e45815897a6538f2b27d9920163cc5f28a62d
SHA512 62a3c8d20461330ca90819adf31b8149e5c34143bf7b9e087783b86ca026bd8690eb40b9d68e2987554e01b0c1d3763ce067fcca95ac56fa348a21d9c4c952d6

C:\Program Files\Java\jre7\lib\cmm\GRAY.pf

MD5 79efe6b3d4df23111c7e2239cc9cec5a
SHA1 2d85103d8c7ec3e1becfe805ff61e159eda10b57
SHA256 ad099bab0eff2f3a586a2497e95d9f77a9e3425cfe90a997dea2674375b8f9a5
SHA512 9ce63d02988462828db1de1258cb0c5bceb8d6f3de843398e72c826c81226e36d51d39793808089027eb9a65b98a386ae596c7de672e36234aff529047aaa7cd

C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf

MD5 edfd8a50344602ffb69d8265bb5eddc8
SHA1 06b2f67b56c535c85520d742a2b92845c9617ee1
SHA256 de481c53f0658ca279fa555b5bb541e853167fc9af1b3cf23e68b59939320346
SHA512 d17402c19fb4dd991b92c3fb9010499bb28ce1e1a8155b1d192df4f943b64b98ac4967f8616b78791df51b0bf6f56a27b1b274ef5d28da11f60f76118f82202f

C:\Program Files\Java\jre7\lib\cmm\PYCC.pf

MD5 4a3382ec264c2f7999a9b8e73fb6d6d9
SHA1 5a73047fc48e4c621ce980e1a461616cb090dc47
SHA256 819936a480019ad32260a846a16a02149ef8c1699c9a74279f30f748ada1aff8
SHA512 5e16aeef1144be975051772719713d34faacde97979683375a34c85396bd238e6e3dafb320f656256fa18066c1c7361b0a820eacfa1baa0a925f6943ec9ec639

C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip

MD5 aa6b50eae8c3c9242cf2a36de54331a6
SHA1 6be8038f331acc51dd8c32b1a6bd881af79b522d
SHA256 8bd0663c999d11648a1ff8d411b7fca1e5c86b01aa045f2971c7292ee41f946f
SHA512 c2a2272136d5bee1cbecbcf07ed45e34b38fae3b5bd59c751d3acc6e6bd7c172b2b8b7c731f3f84ca1ea236f314f39111492a770af97b886abd5233f92e15dba

C:\Program Files\Java\jre7\lib\content-types.properties

MD5 27e7c91f6dfa15d059e75188e785f425
SHA1 2b1d2acf3a6a4b691762f32c157710de33a48042
SHA256 95ef5caa5b3506297d1692d7fe5588756fbed54281f217caffdbac31f5826558
SHA512 226e30df3660e56229159d617acb0badc26a2bbf7d1d666444a9302a5c0fb5ffc911657b203fc2bae4fb24fd739505236b4aeb6ddd2f34fee2d135081c764084

C:\Program Files\Java\jre7\lib\deploy\messages.properties

MD5 8a038eb65577dfdb16c908961c33d971
SHA1 15b6b3a95b7995997f3d79b24a9137fa2dbd7d46
SHA256 0fe86e9e786c2fb3c57f852af879a23f895c366047ca33d551162c22409f36cf
SHA512 d2049acb1e6ea5820c6e52981dff08c6ca477407d88223bf77eb5a1d5cea500b7eab4250a774c92105e25610d0cc3c1df6f960cfac68504af850b82564deeacd

C:\Program Files\Java\jre7\lib\deploy\messages_de.properties

MD5 7a3a72e8217b3e731d483f91cac56149
SHA1 a242f9b6515b3f18d8bc901fce741af31406b323
SHA256 c1ac107594d4684d66693160eb673ed419e183908428bac4378f33481111f10f
SHA512 4a76a6a69962cf4aeb63cf8125f7f27b77433e260d8304ac2fb13ad2f1633ed626ab281364143c19c90473a3f93caa4d04dd0146149af9a84da5a86898f2af9b

C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties

MD5 0d8b40e18c4c3f1f1ac7ed5981f65556
SHA1 cb55c3a143b57b3b079cd19d0aead6d31c248d63
SHA256 b2c3f05bfc3d6751d8ee6a7fab8c2b6523ed7435ce2cfd3bafc00fbe60fc4a62
SHA512 8fa3dfb790dae49ce84e5b9ad3702eb8a15a1f129bcf20f243fbc898c297ff4625d1ee9133e2a97d0097a95ff1a5a98f9d5ca5bd6687e1088112c22c6c6e4bb7

C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties

MD5 deaf30ef5b401b720ff0429d7f57e06b
SHA1 fae282bd067480a9cf833e30cd7933a9e49377f7
SHA256 e269e610c2abacd8f2903adb79773d8de27034e1126a6256c37e5a60177c7fb1
SHA512 c1911d5b075348a4837fd302054fd7ef703e50495caf9ca87631147a305b157d6c119f2af03ecfd00e55f64c7050229e188a931625fe79c9b2fd449840e952e6

C:\Program Files\Java\jre7\lib\deploy\messages_it.properties

MD5 412edca36bab4bcc114aa453ef75e4f4
SHA1 ccd7a3bb1671f2daeaf1086ee6ff3584d5bdddd0
SHA256 26564b7210d83dcb9545de7bedfe030ec0b5ccd93849a1c851ed0784d49aa838
SHA512 de006bab0ebbfbd5f96f66f3d1918fd13c6479919e200903d06b68550bf067352f2b29299abf4413cf062c9bcf24046d657340a00c7aac476cefc6b2f04832d9

C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties

MD5 36c5b89de5e3c4b0860632016281f6e0
SHA1 cfecb54191d681b7e75fbf65816d516760fdff07
SHA256 aae0d17707d1e2fa23aa24b11e9716333eb43eaff47f5e63e04c358b1df42430
SHA512 411a06b7e0074f750bfa38a5089f269a463b08dedadbff2a419cfbccc3c21bbc266dedf9e24762aec0f78f5e10ec5b7d9902a6488d72742f69bc35c59e091f6d

C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties

MD5 cea2f49cc9ab688be76f283739a08ead
SHA1 a9cdde0239f75ef0b028dc4a57b35181f4f2db17
SHA256 aebd39374a2482f99ebd4f87d346002e095a56ce7fbf3756a3ab36edc2910db0
SHA512 ccced0dac3a9a4746c4832ec69e4c8bf40b6831d8d8230a7a953f3baa0c9a9f96ed36e98410d2e088752e62a5cb64f6eae60b605f635cdcbca9ac01860cc49d4

C:\Program Files\Java\jre7\lib\deploy\splash.gif.encrypted

MD5 f217ad064b16d712f2d8ea4a20d3ef55
SHA1 a85850e7d6163994f6feed744304c618bef991c1
SHA256 3feb7ff2ffa281c2469d64508d886b61593dcfcd6f1201898d99da0932fd15a4
SHA512 03a6814f78bd73aa127b07be73f763b97213e79783306a24f6a2434e84799e0077c29b82ad91117dd8cf5559da8fdee48911f32519564dfc17c1b75f6c2c9113

C:\Program Files\Java\jre7\lib\deploy.jar

MD5 bbab1bc2bf27ad999659886bb4544025
SHA1 4c365b86f5baab045c100ecc22895d6f37b3819a
SHA256 f1b4fe86d697bef3b51e7876234b494361b52f0e449b23105ec1a36cca0bd77c
SHA512 43fb0955ca343aef007c52ac0e878099cace7236a429599c9ce07aa26a5aade36aa1f2b125c205da8e1980f19a19104488a197754fb1183fb90734357333850d

C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.encrypted

MD5 33f167eea957b838f2a8de53fa756dd7
SHA1 f098c9de12d4643a1fe6bd730f21e06bcdd325ec
SHA256 82790a9fd48772e5860f301db944744ed00cac71a7f54f1a1127a3599e5a3a51
SHA512 7fd819cba74fa02b6ba1ab95526cbf28007f440eb0c347f92fd5a94527f150cf97a728da75793bf90d75c0a6183abc368c04cd87db621b338f7a0e472d3e3d84

C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar

MD5 b34f188b7e801b15289c31d9a86df5ae
SHA1 8e1efa9d8a76003018f1f2a3832a766d9bcf9095
SHA256 a3cb5983fd81afe2664bce687bad44ed218ef61d9f8b1bfbf72d3b9ecbec0756
SHA512 abbb89b79f157dad500395b3b0de6c2fc522d1e62d4c3d935eb49e8ce66ea7775f3c55bf249b399f78208cf59f51e9fb096bd194f1a23258223ba2f2fd789891

C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.encrypted

MD5 c223bb5b63bcb184038620c1b931ad4e
SHA1 788b95e92875d8759db9500fcc38e16e28b33632
SHA256 27ea0a2707717182761205b26916b00b65d6568774f1d80121a84d289f44aeaf
SHA512 1f7478bb3d7c827659c624c04bbda611a406856b084e90b64ebe44b79475a1ad8896062f5fa4028aec555cc2aea292dba07aa279a4951151b09f6d19b575d955

C:\Program Files\Java\jre7\lib\ext\sunec.jar

MD5 b678d9c08496b02769068486a89d1c80
SHA1 a062119edea7d7f050bf81a305d43f38af9db10c
SHA256 148c1a8b0a2951584ccc1dcb276bf62ca2a45fc61cda49abc32484ffedbd0fc6
SHA512 bcfc3d23ef21df1e7c3c62bb52fc6a81cf9fbaa92f638c290b9221fcd55ec7b8788c7750cf8ab09f9aa32f6a67d87263b7c72d6c2adf2c4b615a73e9b7a0d0f0

C:\Program Files\Java\jre7\lib\ext\meta-index

MD5 c5a723ac95ae25db7bdc0833b492034c
SHA1 0489a4ece763d9385e53730c88c8ad9fbd30b2b8
SHA256 dc0a5178d9a2e86f5303696994fea80b178dc69f4b18f9966317c9b1f41a971e
SHA512 501d5ce66bde3dc958405e230666f0d3169b0f8547c86da403e8db9140946f638b52ef4f78cca2b45b2cb7258c7c7856112e2523f8829acdbdfc09a3a687e5d5

C:\Program Files\Java\jre7\lib\flavormap.properties

MD5 f3c60bddf4a7dcd46cb1e71d584fb541
SHA1 e9da9f96ebc100fc1329e8ab58cfabeaa74ca73e
SHA256 cfc3cf7bf4021cf4d2c81ee8e86b533fb50ec6a1640b7a866a4b2382664f76cf
SHA512 23b318b1eee84bd84531f691ebeaa15a9924642532d4b3c4446d1d9fd924139cb4e9f84a20219545c9d283dc426a2db56c306b719703c20a926a8a0f04ec8d29

C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf

MD5 9654d3252a6e66afcb942469a62ea0ef
SHA1 b7f938cd12ced4b5ba783f21304769711f5afb87
SHA256 68896578a83af1c25fd5b3b8b965313086f212407898428addce2c6b31802bac
SHA512 7d57e3fbd47c1c297075f93321f61f1a85cff7a3894cc2ea276a6d0761bc95a4a14fbe44e3e09345d8c12cc0e163d4d4ec569c9916cb28dda4fb6ef281b98d95

C:\Program Files\Java\jre7\lib\fontconfig.bfc.encrypted

MD5 2caa321af49d556bb29ad7a51f104739
SHA1 97b7ffc07cba0dc1771d791104eb15450dbfd27a
SHA256 cf4fb838c9185341f1c33f436718846813e88b74c7a098fa6a32c0cf7f8957db
SHA512 6e1228446887b896cd16ad69a6a3c70fae34efe79508e718b7453370376e2ba87fb05bb98d3fd69416527268c0218785b230fbee54a3495cf755323b03dc531b

C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf

MD5 a86f926fa5ee23e210b7434532adc46a
SHA1 c04b257ac7377eac40a31cca521aeb2cf6eb60df
SHA256 8cfadd95ec51d78e1fce2da5a0d428a5a9c8334e8c6df2eff3520a00fbb006f3
SHA512 5e054ee0f1dac5468a815eec8daa3a8a53d9e49a2085678c966af1ae3370a5b1e3107982a6b53243f23c51d59e3cb1a3ec6599f9cd6c28d4f54dfb088c0e0621

C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf

MD5 d89bedba2b3762418e55322fd8d958e3
SHA1 0ce4f66a5781935a31ad2424942e1e407b8eb0f9
SHA256 e41007368870359e99a2f570bd56c96c706931690a44bdf0917a23c2bfc94c99
SHA512 14ad613b1e546aa193e039007669fd1cb03a0aa75f5aca29c6a20020f1595b5be76cdca4760f32de512460689e2ccf637b0610bb9a55462bc176e19565918431

C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf

MD5 4737a3e42876826385cc35bbb746dc78
SHA1 3e8afe23324fe96b362781f1a1b7b2c3d801a6b0
SHA256 264484c8a9d8016798af348588937898248bfffa3af7b36ed304db89b6e802ca
SHA512 7900308fec346a5ade5bb9bfe12b57005af14dfc2cfbeabc049c326f282e09eef96fc7378466b3549eee2a06fd9be11cd87804883bed7249477e61107346a9eb

C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf

MD5 99f7f4a3687e7fd66e1edcb58221eac4
SHA1 1ea7cbb34397e8a122d9dbf0adef3a55673014ef
SHA256 672b070fd5959b1d1621fc4d917d8c0cb00469560d4740bca26077837e6e3e9b
SHA512 54cb947d9860ee7bd4f88c82cfa7a30b4d3aafa3afa468fde019d4bb74cad4b9bcef6fd29b245bd72c01d48894c72c32adff3025a346f95a820f03a10d6cfc0a

C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf

MD5 afc2c813677e97211659f9682a1cce15
SHA1 a13395c630eb447c3ce265206afd0edbb0181bfe
SHA256 a07327380ec35df28f298a72c82ee1a371bbc071e98f17d2b63dc569f49f2cef
SHA512 57ec294a236eacc16fd9e7473fa83aba4f466299ded86d7342d13fa6e33d6d54e709223a2fdf0b6ca2ccefd6f7669fd767b93923265ca650971c0b37d6688a53

C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.encrypted

MD5 1960d5e6938c9c6a1d4d859e5b938c4c
SHA1 172d5d60a5bf7b184db1a0e35b35810177a1993f
SHA256 dded4ecb6272676fb28c696a283b2f544c98c76b65dfd3c5c1ce6116425c0f4f
SHA512 b94a6ef90facf1aeeb14a9fd8e4a6db73bfd48b8da00b66b93d0ac2b2c40baed0f7c93149abe2cb52a853be2449604a1bf96aab99ea72e582edc6e5e86b5d861

C:\Program Files\Java\jre7\lib\jfr\default.jfc.encrypted

MD5 af63171f297aa5a83796ee1fc0fbbedf
SHA1 006728fdb43b16f2cb51b6065bbbbbf1af487f06
SHA256 4dc75d109a2b6bc6a6eddf96c7e15ad94ab7a9fb70322f944df0d1c292066b71
SHA512 879a26ad84dc2ecd8e7c6f6d5a3c201cacdebb6df330d58519b0ebfe5d662e258eb15323295fdea1287fbaeb3cf772b089421461158f1481955523facdc39d61

C:\Program Files\Java\jre7\lib\jce.jar.encrypted

MD5 1a1cd421fa289dc0731ff73839f6514a
SHA1 52ca4d86dd1ea22dac80f5c79e347a922026769b
SHA256 f9840f01a299bce210826b224df06d35cdb79e99b910bec0e6c0378a8255db54
SHA512 7531055500a33a55cdf50953cb3598fcc6541d34e6703de5c0c6cd98993c5aa2e43e6be49662b6faa17a2c3bb032ff8e8b330b78b2f1b3ba11493aa7bd2bafe2

C:\Program Files\Java\jre7\lib\javaws.jar.encrypted

MD5 bb6c3adcba7cddebf9d4548e0d24b717
SHA1 f0212a7e9a596bbfd4a35ed180d3cb7885306e33
SHA256 27eb54d8770417c4b19f707aa470d2da45828b98864701f8f1a1ec466ddb9415
SHA512 212032bfc1333524f41edef10875ad83f1303830607a8b6fe10aa7051da468ee7215dafcfc8a1572a36d9927b3567c505ee7726d06a2ad0b918bd982c8ab90eb

C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf

MD5 5712531c0fb12010d081a7e646e0faba
SHA1 741ac7e704e58018febf7f4b719d78d4a93986f4
SHA256 aa8159dbe212521f97e1ba2ce5d361bfb2f5eb4ace820f8d54c0a94d20eda5a1
SHA512 ef729ebb7051cc3c645a88c59725a6becaea592648d48365c7afef2c5d492f85c3e37c3f81dc25df22d99bc44a67c789cf91ddde63ec7b4a98bcd9e4a1827d93

C:\Program Files\Java\jre7\lib\javafx.properties

MD5 63400ed4dd297bd31f3b1a1eed31b136
SHA1 3aa545149902fa974a582f93619365bf444e137c
SHA256 b93bcccb812601a4fe82ef22492be1b023d3c2d87670d50e84144272522c498a
SHA512 872e0f05bbee39ff19a25e9fa1c1b9e8361aa7ce174ad99e696e7fc10e5690689716992716163ac6a832e8fc19c8c7940aa3d47991ab03ed28209582d927d250

C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.encrypted

MD5 cb286f3bde3b58123e32dfcd44ec51e0
SHA1 2e395416b2b46e1fadaeb080c91249323591547a
SHA256 a336a241c71a721aadfecf2b03843b6ab5ef7cff4dda4a8b17c879875ede1a09
SHA512 1618e0a487098b2c37ac60a9198acba68ec918530216f185b5fe777152dfe4ca841dae3bd31d5e831085fef646873ae8b2990bbac7a07f61e7245234888214ad

C:\Program Files\Java\jre7\lib\jfxrt.jar

MD5 12077001bf360fc9035bbb663a194d10
SHA1 134262b188b34cecdc051dc5e81609b51da62fd2
SHA256 7ef687082e0099e9448f37fe265e7d57f7164369dc198e453e4c44bcc7729242
SHA512 8126c45331529f3d16325dc02d76cb9d0c5cf2c5ac60ecdd85e57e9fdfaf0eea0b02b94a2e10f9447420fdcaf5c39b1d23fc0baa37a1459e99e80c5a747cd354

C:\Program Files\Java\jre7\lib\management\management.properties.encrypted

MD5 4f339b90e42d5116db908278fb5ee8de
SHA1 b0a7040f12c5d2381b44f78c9426dd534f8cb242
SHA256 c22a80010e1ebeff972f167eb24fc7e920b6752847576dbe07d562a5536c5b7b
SHA512 6b8a55c3042976443e7de250b7ebe790f1b6b11e311f7e088d2eb1596a64ee99850e57d908b438e4456575dcd255de4bd605143c9de182cd8687fad6bad8c99c

C:\Program Files\Java\jre7\lib\management\jmxremote.access.encrypted

MD5 d6be4873fd70568119b6c8b79212d969
SHA1 3dc0b2eeea473ffd86c1253f6302b25ba567a2a7
SHA256 012fe1f52861d8c9f1dcfebccddc13a52fa7e9b1639f288f9f5b0ba107d9d65b
SHA512 d468012a55e00c4e2edfd2e587c16585b98fdc59f12ef9b8b7f20351a3a96ce0e7da0b6f6d03e8dc420d36dd7cd8b882cce1e327da02b350ac268620356d0fca

C:\Program Files\Java\jre7\lib\plugin.jar.encrypted

MD5 f3a607243cdd9905ca9a46e725c48aad
SHA1 9dfb54dd74c47d4847b5a7d97c8f98a58683ec20
SHA256 a331b0b355e4c1bb10c1098135f80a410bbba36c84ad2e5f356b10e35e1a9a79
SHA512 fc8f524e287ec379bcae4fa2517428826ae6dadcc3a427164a85e1bc243c441cf16eb36611d4ee36ad2775bf83703db5459a9af99a71f61769e62c003d944368

C:\Program Files\Java\jre7\lib\net.properties.encrypted

MD5 acd8e8ee24029ac3d1edae4b6f1e0e8c
SHA1 e03bbcb780abf6fdeaee0176ff140ea6ba6f8fb4
SHA256 cfd7b315639f1c96ec0429442470d8603995825bee73739b01a9e14e3edde387
SHA512 c2e80972a0408e5a193983f57ea8027fc3b8d5b2b943451b87d3ac352dfa4f48fdc238ae9c6f879492dfea2097c2fa36890099c1c714bddbd1d4fbc7e946ce07

C:\Program Files\Java\jre7\lib\meta-index

MD5 187a9ea9a6099568bda6a1593d81779e
SHA1 1d359caf84d99fa01dba7d03b3f9fb2b7e9dda16
SHA256 41fbef9a465d7ca8ed4e972a5f8b84e01a8807139b46002296fbc835c8de4c00
SHA512 c81e425e96fc6547de5d57c6825306529a228f6b0b1a1f4198f90478fa5cdc13e579760257bee139752732976be2025e4c1ca2ee134e3490d2e776dbe4974665

C:\Program Files\Java\jre7\lib\management-agent.jar.encrypted

MD5 c3af044c343e9d9f0e4ec1397628ea7f
SHA1 b67c1ae668a886a2631f537ab047e453ac7f9c40
SHA256 06191ba2e51d81da421bce52d5460f803b7f85d3e9337a47213bb87bc6a4d113
SHA512 5bedf72241b0e597ed92d053ecc219385f940033781be87d04be474f4df231db35f5aafba61ccf95ea9c11302731ef1a16998accdbac01d1dcf50d36c0223331

C:\Program Files\Java\jre7\lib\security\cacerts

MD5 8272d1608622411dd6f07dafb0d27d0d
SHA1 d0c4d788af4d078bb5da85172e741f5a25dc541d
SHA256 e1944d212dcc27661e242a06170bf4fa34ca4ffad2467b5991447ac9f88c4b97
SHA512 a2fe11b070a426f7bc8b73ab3a0fdd4d566d9802d6c0c057b1853660fc772faadfe3165a2474e01f149e844ff5eb4f85660dd280f7461a5bc5dc7a8c90b200a7

C:\Program Files\Java\jre7\lib\security\java.policy

MD5 c1f82cabac4186a5ce89bd1a69c844d2
SHA1 0836397c7be54bfa92801a52ed855e0728d0229c
SHA256 415fd77b0aa5d7dd0b15d80d8ffa3e853b0e4028f3dd91d86d103a099730bdd0
SHA512 3b8d8153b5fcb098750aa6d7f8666860ef30e5f478bde41f280989056e94fa510e248ab4eeca4ce0629526e25e1523da1f40d4270bd31441414114e4dda9e6a7

C:\Program Files\Java\jre7\lib\security\local_policy.jar

MD5 5584f0f2c20651dd9a9a8483d9e69dcf
SHA1 3226c844ff238ded22860ce37888bfe16459b9d8
SHA256 50a7e3a72a4640d3d7225f766b1ca6665ed9d24db18534525b719460c7ad743c
SHA512 efe5e12360f2fd74859ad8bded6fbf8effda6f998d804b829c22582e43b3347fb985ab49dca5baa5872671f08c5bda3ff60ae2e93610034766a90587ab67b6a1

C:\Program Files\Java\jre7\lib\security\javaws.policy

MD5 7c087817a5e0f707b5bbea5af8ebe5c8
SHA1 9cc9b4f7d9af296aaf5758f133c4873f1d2bd169
SHA256 efdd16f8d3127353f9c4f6c1975cc2c95fbfb9862903ab690875c1531490b6d0
SHA512 7911794286164c9173921108a783fe9a6419ee34ca8b08e8210260e6781a430d274e1df2954e2cc4e0fa08ddc6e9deb82a51065daa19d03d17b1cca2fa92950d

C:\Program Files\Java\jre7\lib\sound.properties

MD5 ed9b9fa6280afd908b32be22712b1e31
SHA1 3f9cd5a82896485bed0b8183536b295b177b57ba
SHA256 3f45e0fa27d77ff8e999913ec67f7c24604acc4c3a9fc2683574fd16bfb8191c
SHA512 30e043e68c02910484c74421951745d4a384dcf5de0568f5a2148d82ab442fa62364be48a15444e806810bb763d5240c82a1f964f560a9b31e28590299588c02

C:\Program Files\Java\jre7\lib\tzmappings

MD5 133f29e9d90ef887d76c71d84fecc51f
SHA1 234a1e31b1e3681c8713cc345b949fac5588225f
SHA256 ca2bb2ea90689305ede3205d2131b61db2fbaca3c633fb8a79fa8c66ac99d379
SHA512 e49d6a1b7d1bf6d883a8c42dc7707f97b3132482847cfca76103c0eaacb2d10a443225d3b5b2d422750b056a2f45cbe1ca1fe794702814c18768b9e053299139

C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan

MD5 9ed1f7affe38a3a4634b6439c84d2f97
SHA1 62bd715408097015e897aa8a6e7c9da067ebb381
SHA256 445fde7d04737aaf75dcab841be405d7ea475bdefdc89b4ffc09d5358e810443
SHA512 4db4cb13bdb304aacf1a6d943e0d4bab23c1df6b9bbf640fec6188e8ff76e4d6c107cbdb0044dbf84edd95d2d03306fa386bcb1f7db33b12dfec43f8b6e3e7a7

C:\Program Files\Java\jre7\lib\zi\Africa\Bissau

MD5 9fb2832c8016303be0878d872e228e27
SHA1 34bd90e48b9fe3c82c94f112eaf42fa3bb81aebf
SHA256 e86e4ab2ead114cf56305ea22f87e5de5fdac50caf6e73a29d887e433ad09b4a
SHA512 577056c1b62c5d4b685ee1b9b96d344daa5a03582ce35db6f68908f548571fa4a964218cce7da0ee07272b10b7f1d3009b0187d0dc3e0c21492edd70c1c1dacd

C:\Program Files\Java\jre7\lib\zi\Africa\Accra.encrypted

MD5 70bb1beea3e62aa608440127dbb7717a
SHA1 0fe6afffc294207c57f775ed3a08556552966e46
SHA256 b7422f86b99bd222bcf9ba784da91edff833de8c0707e4b5f962bee38d257640
SHA512 f6296a50c5a3e662ce6a374cc8bb35ad568eb8a58e1675ad434e7f0687ae50068b4750c0c1d94c9a9ce5d2f1e14f88ca0152efad20732e47386136962413bc3d

C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum

MD5 d0045ed9b8ed23ed5ad5f219a764f798
SHA1 ec704fb3dab5c80f6366883d504c9746f4e7b594
SHA256 15f584da77adadce3be1f732f1ab88bee0590c3dd2884912a03e77e348319354
SHA512 f75e81dca1863483c03b478cdc440db84073fba4fca0e7be86dcb7d29e1f3d806a34ece80b8b8d2320040b677c6a205d561a244c594a855a6be81453fb2109f0

C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.encrypted

MD5 e847adafb8d61923057b9bba2a580376
SHA1 31dc01e8f945fb7cfbf4aa512efdfaeb2fbe1d1b
SHA256 7cac49d7af7476ccc46985086d097e412509e6003dd727e321520f8d948c15ff
SHA512 eb6d4ccdde11a9c88fb3ffdde618a3ed7b5730a1f8de190e2dd58545980083eb945430db1f154e30a78a82d4e0bd5391b82fb31cbc83e8bc51680809d6b290b9

C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.encrypted

MD5 037384be52758f6b60dd330c9910390e
SHA1 63fae176ec56459d8fc84230eaf1d73875fd1cf6
SHA256 1b65c38fb81c5c90897482348e906e9c70f3afa456887d34eda1f32213f1fe34
SHA512 8bf2833ca62fc37282b0c73af6a4bf1d6dac16990d1632986e9801042c2da0d21bba23adfaab8700b4f0018fee6b86a3fce4353699fe831368bb84313d700cfa

C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca

MD5 8424179092d8b50f5d5be0487ecd8133
SHA1 619d19013d075f39b0384f2aba2f5e45c2bfcc55
SHA256 305b9b611336c5fec76d348dfe2c81a41069cd878eecd931bf0d5c1c47bcbd99
SHA512 21f7f18844bc02cc93e8cb73130b2ef998d4faad1ae34c38d87418f5a0b29cd6c454e95a24f1d72c549f9050bc9ecfd3cefebbb57186539d0eecdaa8925808d4

C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia

MD5 6f2768d9b42cc2d4289c586ef2896155
SHA1 49457357c2cc7ed0d11cf375b1b3bdb48115259b
SHA256 c09d2e3d6cb9d714f384f5166432d8b97a110c2986471b25fec6159fee30fc90
SHA512 ac57cd6bbb405d5c03f1943d81f77b18d0db9db1a0f560b7396f71019656f62960a162d9f75089f340de889d0b748815237e3d7f01baf37c5bee2270abcb4f40

C:\Program Files\Java\jre7\lib\zi\Africa\Maputo

MD5 c1f9f5705f13d1840140d9d920a2fc1a
SHA1 8f994c62ecb15b7b18d25fe12fbdc22678358b76
SHA256 93dedef9827c316e3dc35a6fdf4b0c9099ca6ffcee0fbe4faaa3b9253d9da247
SHA512 c6230c64612dafe28d3432035887ab82722a59e26cc923ae942999c846a6e5cea6b6058642446a628f4464c3aae6afba4bf80fcf95eb13e33ae6ef288a330e53

C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.encrypted

MD5 5de50771febfa84104fee2e83a0b1517
SHA1 7a21e2ba340e00ede749b850fa7ef0bd40e783db
SHA256 fe23e0dc7603f0bc97b6d320976f47ad4db7070ea9de41bd15063103f6a66b86
SHA512 82da7c93a10dbed3de53d82364d5c69633e2ef856c48d190cedaf569ab19ddcb08bc0560005ac85b9bc3a9fdd77b5483d5a650613d47611780bda514b96b30f4

C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.encrypted

MD5 959304e726939aec0f5a4b052ff112bb
SHA1 00a21100c5e0e9ae97863e016ed1afecf3bafb8a
SHA256 256d0784e02d2bf1835e94c30acfcc883e614261328522e424192d960120440d
SHA512 d235d56c60738d306627be6ca9fc4633f6b45af77b8881970528aa41ab195245fa112d6b02a60d5ebe8c3382c84d94e2071903e7e167476f80a5ecc25dc4e81a

C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.encrypted

MD5 27363d4f2ddc3b4ccd1d9879fb7d84b9
SHA1 843ecffcd784b6a108f0855eb297ff78a8972dc0
SHA256 ee0e06df7f5a040fc37e62dd38946fa445c78092a847ecfe472c207a97488bfc
SHA512 bce48570168c2db9f405e7171abb34f14b8881974742eed26b3c8f180f2847780fd8bb2178b70bf15195594fdf53727dce59a15d86213417ad4acebaf2be4eda

C:\Program Files\Java\jre7\lib\zi\America\Adak.encrypted

MD5 456613f753cc337f63deca342beafe53
SHA1 e9d48f74f78738297b692de2602b9f7a031d631a
SHA256 13c7b00c04f55c7c97de3f0ac58c3109f8460189586975c5b582a772a43db378
SHA512 4771be1781fd63feb93a105245d6f731163b29513a1591d7cf20ef82ab407e77f1bb9d23ae120de3b2df64aa0eafb88a18acaa16284ce94a4aeba81d554df7a5

C:\Program Files\Java\jre7\lib\zi\America\Antigua.encrypted

MD5 0b33ca1b22087cd819c1336e88372096
SHA1 806df146a2470f2429778d8b8a3adb23391342f0
SHA256 caf25ed4e5535d9614445e4525c74451792e5217d5404a38d12274cead815e94
SHA512 61028925609edb355ff27ddc34b1ffaa291655d2d60ca39b623250d11ccf2546713c6868ff8394611d10ca9ea3448523ad65eb80a35a356c325dd47f0372df84

C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.encrypted

MD5 7372cb1f2b9de1add9cfa3bbe1a6e12b
SHA1 cb61f1c9bf4feb079d4d1ac86fa2ecc3c61567bc
SHA256 987b1ce00783508cd0f15a5936d746ad7513d220d0febe94e94bb8a41ba4f0a2
SHA512 da40f6cee1fec317b23a008ce39b91c6e30b823a6dc3f4eb52b6864d8d0f94665c338d9f9b16123be24d50b65770018cf377106fed78e2bb91349d8d51847714

C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.encrypted

MD5 7b7b3aea1da706b16856598660a613b7
SHA1 1dfde6179a8fd22480cc57c11d8e239ffd7c4219
SHA256 0dbab5bf08e75feda6cdfb18b316c8705d0208caba5c85fd276bc6d8d12990e2
SHA512 e1eb6456f33a8c71b5d96d1ff22efb5360778d2e5cd8977fcf8e7abf06867e4ae84facf4c17ebadbd0e57413b1d9e56643eec93a24c1eddca603a3f1b40d508d

C:\Program Files\Java\jre7\lib\zi\America\Araguaina.encrypted

MD5 585ee144c95ecfb53bb42edd13d3056f
SHA1 c33c0ba33b07d70de285ba183b25111e4698cbdb
SHA256 8bc6d5de9ed1b09ca44f119c58f45d64d09273abbb9bdd07d71c510ebcc44084
SHA512 9c7dea7e1761aab55461af2b95b433899d0a6e4a1ae25b47de2ead79456826b23bbcf652061cd3cf0d1a32717047ac489173b35eb47f400cae1699ddc81c5f9d

C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.encrypted

MD5 7783187c59502225598b51de35a9ebb4
SHA1 4e277f2319ca3a5646ed5321d12c52782804fe8f
SHA256 e6e8d46bcfa56efe867a590878031e8a335503b72ca653dfad546cb047ad200c
SHA512 6535e36d838e462fba40cfaff609876c0bea57b273ded962d2d2f927f44e771e3c97c505fcd845d57829c5f058869cc5f1b30bc990888f1dae49266b3fa7247e

C:\Program Files\Java\jre7\lib\zi\America\Asuncion.encrypted

MD5 45a7d93a2567ceb55161a4ff810f518c
SHA1 febde191c2ebdd7f21531bb91f12bab0a0d6e9a1
SHA256 53f59524afc39be26a36cf5594532e266745418f6af1e79c6a63902591a5bc69
SHA512 1bf8f5360b5581bcfa0d76813adfc5b4f9930931aae89e312a60171087376d9c0a6bba22b866e4deca0494e4ff1fc11683a83b2618215ef8ca8a554d94d7bd92

C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman

MD5 c782ab486f082ee6a34ade93d2f9d2df
SHA1 443ebc0c1d57103f2df16d8e8e0e32668761b675
SHA256 cf0ea9557a1bbebde9517717ce52991d31b1504af09c2009e68a9f806eba4cf4
SHA512 ba4e9ebed794028d23c8045a3dbd62ca7982007f19c85e4266a7c3ed66d88e22a1cbb6a68ee8a045d64c0620b788c228e9e7fd8b8e9a9f31ea1d472e18d449cb

C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.encrypted

MD5 4fb2b26f9919d56e46248b2439c3a800
SHA1 5f5d7ae581f94ec7be05a49099303cd025719843
SHA256 17842b26ed3ec091411ce36f85685b58a8c414d5d0a2e9c7c0fe560548280fec
SHA512 df8f628a09bba70f64adea1f6350dc6af41add24020bfaebd4f1b66e35aef631664b8f5d145019f1cf4e7feef310758a57cefbc24ca0ac787dfad15641b7339a

C:\Program Files\Java\jre7\lib\zi\America\Bahia.encrypted

MD5 2b7fcc5fdd3dac8a892d0e9058a859c7
SHA1 f5c974a13b7084104cb913d4bfe725f39ea6f40a
SHA256 6540d448fbaf506cb6b95c5ef3f4f2d6c277a932dfa34b4d344e6d394c9efa01
SHA512 e62af588e5c9dae0839446718ab142108fcbfd6d41caf7f60a2597bf6d87b6b766ae759990d08f10f72d7d45f9f498edd083311a406a04f27e109f3d5935844f

C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.encrypted

MD5 2130af3911358eb72199f1672bea6c68
SHA1 59b41b4fd524fd1be718b3f85e774b08362d3fd1
SHA256 07d3a4104359ecf774463b31f980b2e93d2a5fe209a2bfb5d3fb77c3678055b5
SHA512 2ad333952db8052c850ff8a0ac117f5b3b35b7de99c2ea2e95e589b237530eebcdfac127d5ee808322153e1e2445a2390edb53244e063fad40b3e32613f22838

C:\Program Files\Java\jre7\lib\zi\America\Belem

MD5 28f1dd7e9ad70402df2bb690e950eede
SHA1 0f75590700f6e3c3c729e4126d518b7c7d7caa73
SHA256 40c820c02c597bb796f806c7e35dfb22dec2a7a151a45e037611636c7bf967e8
SHA512 7f1c8255ba88c18da81bad6a69d0ac6f8a5b485fa26f0bd848f9f33dfd8817d9fb65eb53d077b39f0b9685fd0c140fe5402c2b5149a7162caa54139aa63028d9

C:\Program Files\Java\jre7\lib\zi\America\Belize.encrypted

MD5 e86b172312e9b3fb9e36caef98246433
SHA1 d7578e99a39d2a9f9cdc438a4d2f01bda310a5a8
SHA256 446263567992509ec398c27f15462d4116ea28a3171edd0bd98230238e828214
SHA512 7417c996025bcb3f18b6c8737bd3bccc6eadc22f2435ba54a9a3a5095bbedf348d58358e19222a969222fd97041ba85361c2065341dbbef9f493bb08e2720786

C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.encrypted

MD5 46a418484eb1680287c44f6943b1bea6
SHA1 5c5c539db554e663c630b3d1a5059626e71d2ab2
SHA256 b25fb44ae43b2c2ec54b65c35b0597c5dafffa32cb6d22f437e9251e378f5f63
SHA512 171c39a360eab81e01d63bd19d0e0ed6d5014f7b434640d62e123037d9ac406dd1799301ea04a46fc10b5f58e1b85352bac9ec54387588f25550704ad5ac54ab

C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.encrypted

MD5 fd9ab89f856c216df68e79061375d3f7
SHA1 8e4694c7e36d7b0db47e557b141b1aa6efdeb5b0
SHA256 de525263485e74904760162d8b833dc0f642afa5064b81527c83c14d5a1f0548
SHA512 7f8278722d04c4180c7b33bf942382b6aed00e1364b6a0f82ba35fd49aec51a0226698adc32192a7192ae4bafe446975f894f67867408151a7d1bcf415a08172

C:\Program Files\Java\jre7\lib\zi\America\Cayman

MD5 7c22349a3cf95622371c7905a946438c
SHA1 91a3dd4298cb1086ea7cd9f2ca18ce949d86e50c
SHA256 768e97a9209825ae60e717638394da5558d170849331d7af28f8b9ccb7792f73
SHA512 bb98a608dd3238fb83993c0c427f8b0023f1ca6bd85ea514ab43592a31d349b4148a94b2ae8fd5cbd6ebd58198c38f13ccc370c374d5eadf6ae7fc583c72447e

C:\Program Files\Java\jre7\lib\zi\America\Cayenne.encrypted

MD5 09c721b06ef539d48c9729534ae9b3db
SHA1 23aaaa52048d4c2944113a496027083e2b35c5e0
SHA256 826b01a3136eb298081a90abd7462629208e64bc49b973ad4e7adf9b9f6b5f1e
SHA512 b4d31d7d76d037061ef971c24cbaaa3e6def6158a00435f029aacf256ce96483d32f56a2fb6e71ddc063ec038212617eb9788fd07a60c0f9fb4ea8865440bd90

C:\Program Files\Java\jre7\lib\zi\America\Caracas

MD5 fe46b20231733d1d9f89fdfa62adb79c
SHA1 1e5819a995dc01f7f73da76ca228881a0ecfb38c
SHA256 20959f2396cf3965cc161f9d1b7e1524653dc062e9d2ad5f9a1e347c1fccd80f
SHA512 b63e57940593e7db07c228a89729ae1f1698ca7c5e1716fd0faa7fdb073009e750a4d7c7f709faa91cf8f2379e5b23754c28af662fe6497b215e98ba5086764d

C:\Program Files\Java\jre7\lib\zi\America\Chicago.encrypted

MD5 903e249e342f72506e3566626869a82e
SHA1 bc8f706ad351ab24f0016f7b5e3a871e4f18a9a1
SHA256 272d639febc575ee28721951363a66ffa82f6902867428b4379dce14a88a2e4a
SHA512 d06c9e2f6d1578ec01b9e61a9ea18ac421f1774c4e1a0a82c730349d462099735b5146f9f76d09f3c2abba179e18382261710752aa5c3ff2c8fe3b56524c1ca5

C:\Program Files\Java\jre7\lib\zi\America\Cancun

MD5 dc90b0a0da5b5072567deb3ca07fb0be
SHA1 2f5c3b1605db08f629b0cbfba6217dc6004a06ea
SHA256 a15bb970763c1b26a842e13428b34620158d0f69f7cbc69bdd394f77988a1482
SHA512 2ca0f998f2e7125897b846e2d1eb22a1d91665e33b5d787fe1df6b6d4b7cb06537874e44a0611e61bca7df0344fb6bad85eb306bed766e849a1c80d95f7057f5

C:\Program Files\Java\jre7\lib\zi\America\Curacao.encrypted

MD5 01c1906829c38ce23e8a7d98c65b493c
SHA1 65d37b60dd153a939be225fe5ce2caef177e23ac
SHA256 8e73e6be84d1bdad33ed8ee226620f9d017d9655b7cd5d0a6abfc688413b810b
SHA512 dcb37c79819aa643c58b936a3c1ec727e6d80ba9494b1cda7e14a1517b6f65e7eb8697c28db4d4aabf40084cf484567404520e700cc08fb6358466082eb820ef

C:\Program Files\Java\jre7\lib\zi\America\Detroit

MD5 d6e37990e21b762e29f4fdb4c9158947
SHA1 1cfb817b4aeea743849693e657f2e456cd45f592
SHA256 781b0e8d46dacd75d7d42bb470df7e01383a9c58276f3c0243f647e3d526b8ed
SHA512 f9dff773c33d9781ed90b988208ba7bc8964bdda10d543253cf60f87ca75cb2d06eff69920c1b016c12cf647029e4a2915c36ca61636c3958566fcb70a1b3640

C:\Program Files\Java\jre7\lib\zi\America\Edmonton.encrypted

MD5 c7bbf6999d95b9b93b77aca03b1c9945
SHA1 8ac37e659ef8d41f33530ceb72aec82c6d8fd7e7
SHA256 109bbd10c4b738ee67fbdc8c4eff24377f71fad38316e3180d156410a44c94af
SHA512 b1d2453546172064751cb52e746802bfa1a16d18b02a19286fa7f9dad71962c1ee3daf51815e7de7cd4b1f35e2ad99c5cab7656a3ae8c6b13d8cc69e29da5bfc

C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.encrypted

MD5 cdf1be3e5438c1bb0be8dd3150f97e87
SHA1 8e890d3a896720faa8367ef2bbe6bad1d7b4d58b
SHA256 39b40f307c50dda31f4ad4112fcddb458330653f9bae34e782beb8e1cc229081
SHA512 0d2fdac84da68e5ad64694bb90da76c4fb0cb5f0b12e216d23a962aca4597f1c71bee725a22d71be01323e2d1a1ff2628220a1382765f579d01f29591994d1a3

C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.encrypted

MD5 b2cfd373df32f31ebe14e77439225db3
SHA1 bf0b771c553f4d750475896cb6a24f0969065e22
SHA256 e81a127eb7587838927d8b53601c3b3ae9532bdea6ea509fbf0d2d623d29c21d
SHA512 5fb350ec08b21db251db1b8495a11e9b7d2b466a0d85e5fa5e9c5e3f626dae828d8266d4a80ee8e4893a2ccfb8e6347a366f5fca343e70f05b41ee80109012a7

C:\Program Files\Java\jre7\lib\zi\America\Maceio.encrypted

MD5 a2569cf70eaaf17e4c882e28e791f57a
SHA1 f1a7ce91825bb8d460f54fa2f12fe915ca46bdb2
SHA256 052ef6a5491ed8c549050359c59bd4ca52fd557bc66afdbe56cc2c76ab1873bf
SHA512 faeb50065597594cbb97403243af269f787563504cb8d5cfc1693a34a4673ff39e140ef417e34e56ebb467c80941324da15178ce3cf74028b8c97ffc1ec87806

C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.encrypted

MD5 af2a9bf62933f61b6aff34182812c0e9
SHA1 a34ba36ebd833c923bc5af92370c0813a76f8c0f
SHA256 cb2b434eb56454c3384d1bbb0a8654df644667af64a5c2367c93423fc4b83f0a
SHA512 8e78ff63d4b5c12e6ca4c2d867b715aa8a298e62e8cca79e9c122d71309cc71b222515da2a05205a922622e9400245b43c80c03a330d5d57d4c503291d232111

C:\Program Files\Java\jre7\lib\zi\Asia\Amman.encrypted

MD5 63a43a9710ccf632522a59464f7bdb6d
SHA1 5f07f697c6fca81d776cbb0850e6cbb37c6b685b
SHA256 e55d2904d1e7d6982bfb989b3f06280aca1ce778592e3e3c6e3770b2359a8198
SHA512 9b4d14a31ec987a2a15280d31f50c3415e7568bb6b85aae54f3875d5ab0a0e94e5ccdd0ed76460134aa1d98ba36ac1e1200939ed4e0ce86e13e443a6edd9aa99

C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.encrypted

MD5 136a7b0477079a9981884ca099176d91
SHA1 392542f46d814217ebd7c537eaffce5593c0e201
SHA256 73ba3fbbdd7478c6962f7250a64c04003ad42bd12a49993cf153723f16ee5a12
SHA512 5ce0fa9c3c65252622be81a35fc4986fcefa366fc68e78738b551c6d2f45feb8663316f3a4264752993a019dda4d7c4e802a374202a936f62c309d069c91b5cd

C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek

MD5 f43210af84d117bd9879c3978a1b7aad
SHA1 1445e9105bc3950b95282ec8f6a19ef52ebff20e
SHA256 06a5e7e425ed063abdaf5c8dd5c88ee420fb2d09c09f0982cf6cd8ed4ea7f30b
SHA512 cce30404795033cfb403d56c9b8170e40b63cf420e2c3269c176c9ef35464df18bcb8dae19b47c75a6b7f785f93514167072c18c12835be310916087a9f4a709

C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.encrypted

MD5 90971e0eafdfff0354970eb3f9eadaa7
SHA1 0c08eea1af9be63d8951d533f3e639ea8fee4556
SHA256 7d8beeec1c2a4bb7a90837442b1c207ef2b7e36ce87a0bf44fbd172c11c0a41d
SHA512 865345662bc1049e210375b85ab681eaf5655731dd357c82318d6136f5fc10b56f2cfb0a40de4d2e7115fd30d7691f7994246e73b04a97e21e4006764b3b5515

C:\Program Files\Java\jre7\lib\zi\America\Regina.encrypted

MD5 5d2107d8abcc150935276301721c54db
SHA1 35a197ed24d051b1906b33688243a37b308fad5e
SHA256 81c7f42ebcf482445fee554a0c4aba7049ad98bfd80ec31a29b48aa0a9abd32f
SHA512 541a48bba97a35cf4d7aae5fa9b53786773308652cc54265af1645895a80eae9810592664bbb27e84fb3b2231646ac190f2488f129658bb9ca1249c8e57014f6

C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.encrypted

MD5 ffaf72ba80199126421b61d03eefefee
SHA1 823a779e0125e6f6a0a24d4aa6cdd2b574715214
SHA256 fd2bb7eed3d1ed8581c91d9745f751f033e30bf18ea68deb3b66587e12a526d3
SHA512 9e672e80980c807a8b4db0d90d27ae79ddd7ca28aecc4a716d4a765a04f99a86dca1c9cba14639ca7d731ed2636936eb11a68a32498186a45ad9c40cf353973d

C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.encrypted

MD5 190e1e21a7dfb3435d33223c98a864ca
SHA1 9788d2d4bda79c5a891b0790f6338b494fc6ea70
SHA256 6e274dade888465f6f02b97893e98be102a24cff90bc92a09d76de5b19bf638d
SHA512 76d1afd0ea70ede8fd23549fd4dcb4c5223c4dc36af32325ef077f14eb8c8b2bab0b4dee94790e8bd71d49b448f1fda1c505fc1b6b11b42b49911fe14598fbc6

C:\Program Files\Java\jre7\lib\zi\Asia\Oral

MD5 67cc7c850974ea517ebed8304f6147ad
SHA1 05b7bf5c2418f0600a4dcbee503f4b77081df087
SHA256 bf1e8fe56eeafc38ea9c7713dd9f1466a02a00968132a9d9e08cb8fa53d3d343
SHA512 04a637bb696fdbb11328b050f0d82decd7a360b6b3dcb7084d199c9501d13086bd4c67ea1a7a8c4b14b8ac594bae13557b448b31e5ffc26d6078c74858c3de75

C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak

MD5 5058637b6cf5be541779d5435897b209
SHA1 da36e7b700c89b3557aae2afd25357e39f907d4b
SHA256 b34042ddac629f15cbf6a373f1f1f8ae85b6729b9ad1537b1fdc386d3af55674
SHA512 9e9b63620563c7afea14469311475492f29a3f82e37b13bb392ee7f7c0aa98325cb03ba46922824839773f5d6fe7227c44b54a526c8a7bd5844537b36a63837f

C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.encrypted

MD5 346a2cfbd426696f2ec54f740350cef7
SHA1 0941ca77d29d9ac44082739ec1cffe8aba10e4e1
SHA256 dc2575705a3861c5699305da6409737dcec8623284c5dc05f601ab9dbab79fd6
SHA512 52fadd0e7eed1d1cd687733143f6c4f5ecf7a34986ccc1cd6bbcce8fa1c5e517a6018a1792c739d5efceccbe6ee3507ad1d6fc82ffce92831123fda37902369d

C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.encrypted

MD5 b66345b8605b0bca1cc75af289a9a1c0
SHA1 7078f3f63b997c2686157ea1bbaa5ece606ec445
SHA256 c7aa19f9ba5c1e9cf6d9a339fa56888a5e018291ceecb800a40cbb83faacfe56
SHA512 2039987170813cf488ae6b7b7948b15ef3fc222f29a11e0e5ec88b5f5894dafe99cd63cbcd5dcf9eec7f2b3793615ddada408a25a8d5b9993fb9227e88a08dd8

C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.encrypted

MD5 29169be20200c52a9dd6ab8612fca2aa
SHA1 fb2298c5e8bdb755159a47c7492845eb6a784422
SHA256 cde98d01d3a023105f78ddfbe4c0f93244e49920abf2ec35fe6d645761e2c3f8
SHA512 c1910f9bf8cc55c42dee60afe66b81cd43d79726fc04065e6544aa2fa8709bb4ab1023be43d66b49a2ebfb141931821867f32b68e9f250705859f289a9ab79f8

C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89

MD5 50192fa5056ad205367fa6e5dfc07638
SHA1 49539dfa3feab873c44f7ab937072f5062a85b86
SHA256 dd43fc1b29a2174c3776604dcf88f2169b62aa4eb2cf04921f1de053be1c8696
SHA512 768e6b61f1fa9d989e02b20705a5c822a47e802d790ce51970561cb82c3a0ca0f0c4273108280ec0b5438aaa258bb5083e5c0badeb8c4afe00783472f5a9ed20

C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.encrypted

MD5 64330895cbefdaf5d4914769e3dfcc23
SHA1 6e9cec613f95bd677a59cb5946390d8d6c374811
SHA256 a40e89fe6e0a760122ea6b9af0a67942bb086efff9fc67e9f7c11289b232f727
SHA512 d8cdd6e199c45f87b185dbcd9d7a78ea828fde39fb92ba40525997e85733ff5a0172d3cf41615a1148ea86d560b57eda726c139476f67971c2ff5e1fb961171e

C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.encrypted

MD5 bd1cccc0c0906a96f2eb6bd6ba424404
SHA1 b677a1be8d53011b56fc0ccf28e571ae8cdcc8c9
SHA256 2fe2986bb6773798291a1c5d3d64788084e0e6c351d35d634accfc1da042240e
SHA512 73794b85f6ea2405b074d745721b8b7140285177d1b2fcb32e9850da71ab00946963e338803a1d477fd021727af621e523503f6dcae8912084aac6b2cd4ba9d1

C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.encrypted

MD5 d204c9e2dc67097e3a8b3329ba38cbe1
SHA1 aa873b9fe9e3be27abbadd6ccdcdedfbaf592eba
SHA256 aaf205ddbb565fc3483b99a0d419e52d5930449e52108ed2ad66a7a15f1605dc
SHA512 d928382ed106e77040b98a492feeb86430f44abae4875e1e4a4b68f27c437aa21c00f0ece38003a0a50c93144a40ea531efe61c9e7e53add1b14b2d06673bd90

C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu

MD5 cb4712b023bdff404c2ece9c0c340202
SHA1 765214189c5b3ac43ab3a822b39996ed8157b2b9
SHA256 b31388e4f89c695ca7adc13b6a68cf6a7fbc84c9261b0721e5bfd550a5a6052b
SHA512 7129ea1394ebca8ada11feb040b82004e06fd846407d196543937bb56083cbeb64d24c8e992c92553601c1fc8f832ce5d2d711a13b64e7fba83f990604d92dc1

C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo

MD5 324d19f64c5c15dea3c55458498f56bf
SHA1 16935aa4a62c8f7cbf091f1a5d743e1741e492b1
SHA256 ff9ff16ab3a2bf1a2360706ccd91963ab80ea5879224a8276d2b3d66e88cbf35
SHA512 d01d40164eea2263c64e09c4443d019c401ca46f8c66814a50058d8066ed4a55404a36e0c672ceaa41ff22e59f67eca6f0810e6849436f4148d6b20c3d746476

C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi

MD5 4e0ab98b5adeafe4baf60a1d2ac69c6c
SHA1 9361d97e2bd6a40ef033718a27b452e6838cee91
SHA256 2cc6756d59ac6a93f9e52f4c6ebcc3751031aea601df4ce097bda3b8656d9671
SHA512 648779f6e72d00fed381d0f835492b60457bdb0a2a883234756f97fc04723e48ff0e4f765933505c499d8db5062df8da2c8f2da3a073ec6fd581f61d45ae94ab

C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.encrypted

MD5 728c28aa498d8b6b9fbdaeba43233f72
SHA1 c237c892e8f526de1aa542c9007d7fcb0d7ae5c9
SHA256 4df57d840260d09b08edc641488a9473cf199ffff19769fc9e6f63789c2bd819
SHA512 946ffae9d7a96abfe20c6b86b6625e9417e6d8d16a9f3634b62c0d9933683104071ad83b0d698f3af3280b5ca3134f59abd6f77a0bc81067d956e7353ecf3e3d

C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok

MD5 54f811068dd2ba1b4496ff9ccd64859f
SHA1 10bc662e8fc7583a91e12358e94c5d1b8f592cb2
SHA256 90f86be09d0f87b0fdb9d08844658b4dfbd3f858abd35bdd8850e218a13a2f74
SHA512 def5595065b060ab4612ce2ac383336d328b13cca8078194188448dd101fdb774b5869fb13fc95b37a25fe9a897a6d2994b57f7e294a4813ca56201f3ef707d8

C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg

MD5 e5c740778bf6b717043cc6f6438582f9
SHA1 63f1bb0d63d6ee0690c0441677b8fd2d2e7630df
SHA256 fb27432a1285342a428cc098a8415be09a6bea71f8cbfc074f937f1316e5ed8b
SHA512 01ced76e9b880cab3c51424d4b6a4ce178e4c535fff3b271196840d3abc8e570f0b7a1fa1059063f1406a420d8c39ef6eed5e5f221bf3c4692ff7444b81dfc0f

C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan

MD5 3d5150a0d3e5c928a1efa6a3a30c2c31
SHA1 ad9a88f628448dd4d1d056f0d5daf50d93b9ecba
SHA256 08326b2588bb9b5825818c7fab43f4e1c206f6d0db5ed19103079be7e542b9fe
SHA512 57043ed3a1af9c39f63894f7c7d4988f7b73f05525f028c37db7d349c23f9562aa1e83663a4f441c5c704ccc388c6c2899163798f0d0a6d04a33e94f3d310032

C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.encrypted

MD5 7a971c2a581da6bd507504e2c008486c
SHA1 a3ba3b8bdeb44d0656d305a5ca91612d2a7bef40
SHA256 d2f302ea77588bd256c11b7f7cc0bcd21d396459974ba847eefbf82f4885c587
SHA512 8f0a0d0e4e355c53b2d6a153cadbdcc785494e39184cf989c1c06ea4cc28295f545a24bf70711f75fc5efcf31fbf4b527f40d83bcf64d7a9aed86aaee00a0d37

C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda

MD5 2dd7d707d39248b5f3a4f551f7c9da61
SHA1 04b771d624f9ab886267a2728d1b573f58225d98
SHA256 695716010e9a70442aa239115c8cc8fcb113aaa13ba2edc903cacf7b666c9c51
SHA512 1f3d2a69fa406103bd51c047741d9d6b3b2431bd1ee89d5b96175d357dfd8e0f8f86ecaf0f0d6279a409d0c22c230965c6db3759a5d06e3cdfdc738456d5276f

C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.encrypted

MD5 a1fe03d2c55d26563f237a7c75b55e04
SHA1 ac5848a8e3cf90592137eb8b18bf66520095ce0c
SHA256 0db322849dc5d12df927a19ceffff28e062b16d3ea5da5f3b2df147e3ea712f4
SHA512 886657ed20bf92f3fb67ae6af69fa7b41d5fc25ddf3cd9b732968187bcf263a4051608b94e6886c9463d65fcb671beadf156c83ed93e56792d1470b5df36b7ec

C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia

MD5 506130d24f458f9bf490e63f183f3a72
SHA1 ff81ec03498686b8d29b90cc8ce3fbfdafe80baf
SHA256 0521266049ab5edc414206d4a563d2c3067905ff3f13bac57360e7f6b09e09b9
SHA512 d77195a818817271b005aefb69b26a1f3eb16f162f02cd444593a343e40eb9bb984232d385bf1cbc0e50ee511de5d22e0c8518a9f0b38e718b4eeeedfed49f1c

C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.encrypted

MD5 6703f49991068972ebc099f8ccf2539e
SHA1 2315790db8bbb4d10fbd78f342a87ae6eb227028
SHA256 ee12a8d8496b4815746cfa9897e51dfefba8fd40b7d6060586f1f1132ba207af
SHA512 c79ebfb2501414fcd337693dfe303fe7676154bb0b6ef9669962b72530e2acfe81e2655e717069f9a8d5f756dcbf4dd2bcb1c71a0990a6a4ffaa27b967e52f9c

C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.encrypted

MD5 b3bdf7ce304c3c93ceaee99f29c61cea
SHA1 227d586426e47dbdb289fab2c963bf08dba893e4
SHA256 415c03069715c043e898c66a30d5cb58ee2deed812014654992f90558b5059a1
SHA512 06a484e52bb8114a6184972465422aa9ba8d1961a7c0a2b3b2d8a49eb888f730ce8967f990d350b2ca31478e397e36c57b0f15fb2b8e9b5446ccdbf0b1305d96

C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman

MD5 7aeabed493d2cfca4050157b4a3d595b
SHA1 6ae9f9d1e395775b5387aed97dcaa1c5b98cf852
SHA256 1a98207add9bd2465d9e69d3935159aaa28ac4f19c5322c37abd20fb992877a7
SHA512 b3c0705adf961b9f9ac31da84015392376e3b07c4d0ea9634b431abd975588ba7cb132b2042e843ff94f436624a8e1353a098718041d1ca930c7abe97f87a840

C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.encrypted

MD5 7bb2844285ce5df467e1e91167abda5e
SHA1 d91832f7a4509d2af18735a2c866ab556d3546a1
SHA256 00fafd156fdf6f416b25dbb2a9d34e8f151b6962f73f26e741d54035472cf15c
SHA512 a99397c3f8608a92bc4eb9f7438bcb599bb9213897a16037f49125eea431c5381e5331e61a7e14bcd405bcce9e3c36f19ad6d68263f6a91b9a707cf9d6b02675

C:\Program Files\Java\jre7\lib\zi\CET

MD5 1bfdf9d6064daa295fc503b5f2ab8a63
SHA1 95d250b5f47e528265297ccba989e7066065d669
SHA256 cc87c54eb9f0caefda68e3e0d874ab2232fef2d03b271175a663f36d8d6b5d80
SHA512 48bb501034723d31753ca7dd69120bbd286c257e443a335547157dfa16ba587d0b926680f24e464631ddeb8471ea332232969dd1bd4ce0327ef475a0d599aa5f

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.encrypted

MD5 b95a1983af7cb0f52fcc5be92fd1cbfc
SHA1 bddc3e72d7b165094ad92a95b4e68817df2f66db
SHA256 5c72764b56eb38d8c6fe401940c4040911b65edc5751aaee52c1ca497e7c2b1a
SHA512 fa85f743a9d39fd4792b8dc378f4668c417828844bda43d6eb9614f999d17e6d821868495e739b6bb382cd461c80838605b893c39321bf14854ab7f5a7079d97

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9

MD5 db5de52415a40084e800e1082785fc6d
SHA1 55334e5410de58860c1e3cdf7a7ae3f0805d7ab6
SHA256 3e0ba6cf7954fd64de8d455461bb0a4cae529c0c6b644b7ed97830d6ea1abe2b
SHA512 2898be78608d4aface21464ea132d21ad3ee890f4865d354604180d5e87507e83fe5f68a4388ed0f1179c6c07f753766ff32fea116bbb77fd9925315cea0721e

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4

MD5 85ac6cdb0a71e931ce6304f72258d3d8
SHA1 e5e01ae418d5f9714bf12ddee29d07147ebc364d
SHA256 ec4c080db324e8c8565ebd0a81dc4fda69dc0aa78a37a955039ccea86b4a6420
SHA512 a1b6fb440e266c0d970b7b71192be5b8f067d4593ab2ff4125e483e4bd202b3fb7f5ee2f96c8fea36c160f68dae8ffd7c92d0064644f6906d722b7ca5cce2f6f

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8

MD5 98e554e9f8c6d8022396679cc87dd6c8
SHA1 e4d5154f09800fe98465b880b4e4a198704a7fbd
SHA256 ba092936110e39ade2b160ee6f803b229c82f49dd62c3d4ba474e915ebe905cd
SHA512 fd7acad43ad17872a63e2da63d678b364ea8adabd1a2a78de7a1e13f108cd5bf1997db12c452469abe37a52d59c24bf20d1a360aaec2641fc3eb20b6acf0da58

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6

MD5 58bba32e0378cfe401a8b9a9119949b9
SHA1 8bb976b428e6b2c7e395d586c065d934c76ebfb1
SHA256 bfa46f0ea31cccd4e97d49981405d5a0afe6c6eb4367e03703af408a658c066d
SHA512 04fedca367536a1aa464e22b620320a02f1680b31534bb5722d59cad496dbb38792b17dcfa5c6451d496c7d0a7779aef172d5194f2f2c8244857581f9cba6a02

C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10

MD5 dc5d10d1c3fd9ab2ee422396f99533de
SHA1 df5559c0ea0350e02edd25cd1fa750ba5d59f5ce
SHA256 989ae4bea986b9066569cbe0ad68dfc691c9d450934cf64e24a789b99337cc30
SHA512 40b9b7ddbde06ceea22d4bc7a055bf9c993adf2582b00614064cc0ec292613078c03f120063e5445d854922c7dd63d3c81beb1fe9168d8c97a61b85c23a26371

C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.encrypted

MD5 302cb4c3670392ed50f866e046307e66
SHA1 adde00f6b6ffcd9e0929438be9bde3f4bfbca3b3
SHA256 7ada0d875aad9c160dca2ec10424221d4490cb0b3638256676bf5f144e0b7c88
SHA512 0719d1eda88c3957405cf1fdd9568f3e60fcaa9eb094f499e64d14ac10be7cf1eef00c6b659f3e53ef9833e9a530c976f5f8320debe448faadd4a36802bb8cfc

C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.encrypted

MD5 f8adb03197ae92e022b8c959a0bd0f4a
SHA1 07fbd89e29a5ab2f949db8d1ce82123aa3f6d526
SHA256 8ac8592bc54887c7bf1686805f6736e9698f1ef8b99f258ff09a8f2103d77686
SHA512 4f1bb5a90bd18503bbd6e8f06bf8f118e832250f45e5500f0941d1f3a0d062a2955862780ce0fbfac7f63381c862b34774355afae032e174bbc4fbae5ab35106

C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14

MD5 02489a334a360b0ea4f37d496ce58491
SHA1 69b8adc9ce442f4cf4f604218d640fc724b8f249
SHA256 28fa7f94f2c27d7aab1e6caadea1a6867fdaecd9dfe96742bf32f18aa8fcab03
SHA512 537d74406d0b4021e5bb3693674060d0c846aa690f09495928d8eefeb38bab8b6f596e6567a463c37b2389bd317e6395164319af57b5faf5b17989d43ed54a56

C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.encrypted

MD5 1693774c97affb0bb11ba47c1873a7bf
SHA1 307b96aac47f77bc8137879b929bf9665dc1a31e
SHA256 5fba7bd4436fd28277949453462fcc7ff44556ec83b7fc92cd370de9131155db
SHA512 1f39bc00ce8fc0c8ec61a90cd7c35afe360664a63c49252bf5ae43a2919f709488942bd4a172707f058a1c563a4d86944bdca7e086fc957010faedc72f8f7512

C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4

MD5 08749e5ff0eeb105d4d74b10ca5ece92
SHA1 59aa88e35464a2666c58ecaa966501ffbf710069
SHA256 82a01fe795661ed153af52f278364364d0bd30b5eee22b9f3bb62bbd1d43b241
SHA512 9d2caaffe804309cdf82f79f003179b3688413808cee95967d0b6485e5d9d89ca350c6802d284e043c2e562a5204dde057318d7a5246c1ab2c3b8b3c101e51d8

C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.encrypted

MD5 6a3981bcfa4749147c79394dc09497eb
SHA1 576cc2b3d27e80f42564b308227426da10df6088
SHA256 97d107ac7816acb75ae30742c340a3fa5bbf81038212c0f593cf0a983b2317b5
SHA512 0f8255cac53debfe629f4f3474407475084947c4a86e2524a80540bd0240a8500976f6a0a8e2e3ace12aee9fd7228858d7d5c76b5a20b0547d8f76be90a0cf28

C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.encrypted

MD5 0f56cbbe723bdccd59ceafe022dfee3a
SHA1 b31df073fa7d67aebce407383e9241c15aadbf0b
SHA256 c9d02b038732c04f3eafe28a0266670aa257a009e8d1358fafbc40025455194f
SHA512 d13afaac8d27deda26bcc0b8f7ffd990187ae2e19946b7e2ab978a5c79a235888b310c80bde1464dd27d7661a782b280ea21b36b1522d1f1a00c1a0575807579

C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7

MD5 3b5639a4bd3bcfafec52f2029aa2ec0a
SHA1 4e98f93d640e3e3db18341380efdfa7d5d73ad18
SHA256 0ff3095d50b30f3e97a63d6db55b1c8ee6eca42193779354590c6b5ca6bd1000
SHA512 50de5518fb279a3872e5ccbc99901cbb967042e1f529d64b2b09b9ad5dce0f9bb71a9722769b61ed6ba4f5d6f2f07798531a619fbdb23472276a0cb79831c6d9

C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8

MD5 ea5d86a97936728064e95c0abc6eec18
SHA1 e3127b3549fb9208c30ac79fefdd9c351ba4912b
SHA256 803129884da6aca373cf6102487586e19b41ea9089827bb932e0387856aa964f
SHA512 5edcaf57c6c4f38a45f8220fed0867929ba377b5df4ca0045ddf5d6227b1db3e8e1d69a3534883014844df6b8e90747681c623bec04d66b583e1707334232d22

C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam

MD5 c6431dfef4750f7fd36ac3d671523ba7
SHA1 34567054d69c30a1d6f95801b2f84acf5ea7ca03
SHA256 3258af2f0c0c955cc6bea189719eed07adb86e299c2c0d3553d6599fa65e08b1
SHA512 ef5af560fc41fbff78f5986b56cbc2f6cab097ec8ce998203541057e2dd79da7b4a803b484c142cbc1ff7d801da3edbd4c82f8e583749e227dac5aaf94c6f322

C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.encrypted

MD5 5e56d0fb2ddb02383d7e72eb135a49fa
SHA1 4ea96fe18d85dc3edb40ccfc6daf08bebaf47083
SHA256 26ecb46496bb7b0780680184f939122e25873df0e8078f6b10e7ba1466b03847
SHA512 eabef02f41c16bf41199cb09e12f25033e460b0241ad2e1c5e5759cf7d4a92bbaff739335889358058974f600d02697d44df66396aabf4dd17a5fa1cc21babe8

C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.encrypted

MD5 6471a893c39ae18def0f99d59e2be3c3
SHA1 f49d077e180fdfd91e53724a85948cbcc5270b62
SHA256 83476bc5c3402c12c0ecb089806b74f3f944ddd4159eb66e81cab190e5a52db0
SHA512 13f8a717dadf469dac34de27420b6b424977b37420a759a3d0718e2f6c69afb2d2d99a52959ac2869b9ab2571eb8beabdf421bfe045a60614c59ef15c249bd7c

C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.encrypted

MD5 91d45db1a2beecdeb3dcc9e8c31695eb
SHA1 c7c8310b4e35c78d26fa15ca6fcd451f3ef59bce
SHA256 0219ecbaca6eb16268df21b33335cac25b2e8bb04077279f3ae4b103a40fd0cd
SHA512 23e0bf98bfd2d1bf2cda5867054655ca41833eb96e50ae96d953c20891ff1457175e8489e65dce48430625459845ad3c95408d46dcd5c402452c8a00e6cee35b

C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.encrypted

MD5 eabc6919acaf3ee45084e2e9af613fad
SHA1 3a45558d77a350a002a458a095b1bb63c69a5618
SHA256 e4b9d005b3b85d2a70b28863a0548a563e9d8af6ef931c544919cade0cd402a4
SHA512 b3421cf5fdbef825bbc4649249517e7b888f5aad88a3d2997b3b9b306f9f204427beb124e47b021f571bcc35bedd1f0c7f92847fe963b5eea3fe9d7a0d12cbeb

C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.encrypted

MD5 e3e115ee74c5b90f885ea0d9c3835f43
SHA1 9464fd9a5687e0905b3d0e7fa3065f0035ff1796
SHA256 a1336cfdae1ffd0edd750b80ead0c64f7a7175e4993d545a1ff385018680e013
SHA512 71c9c9e0375a76dda7c526168dc90158b1a539009d5614efdbce9f51b45fae604296b50d8e382a6bb3de8895c6a30f3d265726ca02695a60da7a1b8dcdc12388

C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.encrypted

MD5 a0d4bc356e28179c6c98f680f19af3a4
SHA1 c84b1e678006e1270193ea678d4696266a1cd7e3
SHA256 3d7939518b30c5f1d177c20797ad8c863e378782c680b92f7ff888cc2b330638
SHA512 be8c6ca664a869652f6dfe73bc671ebdc817743e25f2ed4cb8d7bf926f0f3b573f708b36216c8cdd8d3e75d75e29941330aa5227bdbdf1f5d5d5e39bbe98a6ce

C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.encrypted

MD5 a6cbcadad9839c2fe2dfc59efe0c061d
SHA1 a8c0afcd9fee8d6c23deaedb22e412b9d80762f5
SHA256 777112aa2fdd51311fbb15b83f37eef61b2e0c1631b905f24730023ac4d99a24
SHA512 e8d7179cf5a64edcd007c61e7242d012af6299e81541615fca1ce1bc58a62b37f121198aa30299b77630b80ee1014f8bfbb167a94683cc96dc7169ab4107c742

C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.encrypted

MD5 59df7c8880d25b6e4427f4eb24c746e5
SHA1 c4f2bbbe86b097ea79576bffa471cbc8c5ca06a0
SHA256 e8f6239d8fb35edd0fb193ce4eefdcb725d0acfecb4913f7c0a562d5a04f72dd
SHA512 2b40a2eec169e42b34d908d94a70fe48df9aa82b2f348547deb64cf3d193bbd6bcfa7bdc0d1494968f499e5c24710a327f6a671e886a925f6b2dbd5e05069243

C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad

MD5 38ee1948031ce64e38665b5b462eb6d8
SHA1 9be9d423941ce2a5e2afa6267c617485cf7477e5
SHA256 9463abc360943d8c8ba821ef43c6b7647c0716166c1da0bbcd32641d8ebf4d98
SHA512 23ccda60ee4e7deebc1df05ff191cec73f5d8f2fd085ba4ae32b35f649bc4ee97962fd4af822b2555ccab7a86fe080ddbe63d21905a0f6314deae046dfac441f

C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.encrypted

MD5 bfdc287e6f7189e2b77f40eb19b68fbe
SHA1 c7ff6a5fadde9c8d1eac2f4b4eff332287bea12b
SHA256 7a0af4acaf4f2a35f09a9c1b8fd561a1ddbe2167d3b70797f95ad08273910b60
SHA512 fb225c9f4a75a7d1f9b2dbe07aba24b88025cf22b0d19e9fedfa2f1533ac8efa9ccbefd52f1b29fd8adbe9e9bb4c0071c8460876e476521c96d058c49169bb5b

C:\Program Files\Java\jre7\lib\zi\Indian\Cocos

MD5 8e91b2b3f596e639ac783f9851755728
SHA1 55b4a7c78345f55422416f284b7a67f2aa42ab38
SHA256 8dbe26adf8041221d679073a81cce6ffcbfab8f24e89509e4d7049f570ae2278
SHA512 5203e4f663e93465f7c3edf88b41ba76507c04271ed8cb3fd2ab5d25405960e41acace466e07f1ef2dda47d41aee47441667f8ce22a0be0137f6042bc72ec5c2

C:\Program Files\Java\jre7\lib\zi\Indian\Reunion

MD5 2ad2c08dbde82890bb6006ca90939ad4
SHA1 eb4d45301ca8bf0e95880b9073979c86c7dd694f
SHA256 2c371ee097587739e3dd3e09d90244b111bc0cadf33220935c42f9bb2cc540f0
SHA512 f4e8f3dc35c34e033366014165d71e6f822f57963a64fe1844f1ecab2fa4cde87d3c5dcca9c845f64e1478b2d18b5c12b2cd00414fe25c2654e9a768f0098c48

C:\Program Files\Java\jre7\lib\zi\MST7MDT.encrypted

MD5 ecd02a57c41ac30edfcc6542ff22fcb6
SHA1 c41b6485582d1846854cb597d47e06c7000580a5
SHA256 7b5033dffd4e400d28d2fbc50df8d4422fddbe29689eac3480a6fd50946e6bef
SHA512 eb7127fcaa769f5616bfb2fd4712e56826cd80f2ddb7c7a41621e32c3d647eb365a94230ca70220d0c058c241cde860e81b1badc3335aa1b9b81aa9ab9305a7f

C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.encrypted

MD5 3f899ca38f423c955640e65b73eb159b
SHA1 d9163baa5f91c9b9a9aa791820a46b5181cfcc22
SHA256 f1f7f40b496028584ca7c1ea04098e2f425349096d376d500a3dee2fd80f924f
SHA512 93b3025029fa14c579055c3fcea89128959daa37f25c61773a05ddc7bda886cbaf9314dba6e9129eb566dd107115290aa0936a339858fa6a06dc3e9945689eca

C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.encrypted

MD5 cee5b68e92ecbcf61285b706cdab4efd
SHA1 5ac6b3db4ae6f2291b64d7e1fa69970566747ed8
SHA256 d05e2119c69a879b34de0f8edba27cd6c8a9505721c3093aa534ba5be920ba41
SHA512 9a7f16c9efcbdfcee24a2a2cd342e3e0cb8c5cafa8f022734b3bf23d28abf208fbf63a9d4e805fb725167ad4499538c9fa59886bcc8154f7e655e528a0f5064f

C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.encrypted

MD5 70143d1ac387dd52df0b356edfbd0a3c
SHA1 7562e165dd9d09f317bc9f543349bd1a173b791f
SHA256 6531c745b5493fcf76531f7c87221a6638093808589d9a594b5f7744b48c3c14
SHA512 5e8f040bb41a85c05ad56f1049d3054bb31f9d3b434e49d641d101ffc10dd81b332b70f32d81496518244a63e791cef0529a47a659060bbeeaaea6042c4d4195

C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.encrypted

MD5 3360872260e9c67b3ec76ee225f20e47
SHA1 324fc7d4a1ccd9f05ef7cc1b9fff2eec143644f6
SHA256 1856eab24bfa16d4b93b9200bb98ced2e579b8cc9dee0938539947757a27073c
SHA512 fa0799014bb9b072d2f51197819f0b73e1e40ec5d59c741259f339268d3b60eb080b4b67e59774c5bc3e079cf3a8e90518f882eb7c9b369f9f4415b12c8d3791

C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.encrypted

MD5 ee12d14d007d9b3b5b5581c3d3d368ab
SHA1 d5e72ff5b3f6c84fd06e9e7eeb6731e70684c1d5
SHA256 13818951bea714bf5bc2561ead5d1beb8be0d84bf2d6b1535bca25965e12f4b9
SHA512 db2ef95361f0d01076adc4c95f86c798693e6faa2769cc0a71c1c1acc472ca928654d59bcefc9e1849341db7998202309fa6612a58df19b25b4d9f1ed957e181

C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.encrypted

MD5 94b52df2cd7e8d307378f4df2d82c334
SHA1 f1434f685ea47be48631ea7b040feabd39128aa2
SHA256 c05570b1ec6e4ac682112407bb6ae426da54ffc5e8537191138cf660b683f3ee
SHA512 3553d05b3a130fd9e90ba2f3de07d10232d0d4429c38f8a3ca67c91ea5df45952ef6ab7509a498c10d9662f18267aeb6093c9e6dfab6f299d66dec5243215ac1

C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.encrypted

MD5 8ba8a55e688de02a19df38b486390176
SHA1 cfef372d0ab50951ccb019b183dc71e43b6aa5d0
SHA256 9093aa8a6e8f96aa3e751149d8be371b40ddc6084544c6a37e691af815ee111b
SHA512 e489f578a97766099f6908b438f08c4e71ac60669282dc4028630fe64beb59b5c3048a2c1bc2dd747a94dd46386906031b3419f7bc2ee6dacc1f5854e87ce318

C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.encrypted

MD5 66550486de38a2979a6ca01c03b4d2a2
SHA1 49971b1ea508f41a19e7d614df5a3de5dfda5b1a
SHA256 3369019fb3b3fe7f65ba39c94be7b53ce44a5bc13654110b22f167f48a3bde6f
SHA512 bbbe2de35a470534580ff88e4ccbdfc28feafa235e994e08a89b3a88b81d6b52ce489de80e8a6e6b44c3168542bc2e8df666065f15a84a7e845cf7f7f996f8ca

C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.encrypted

MD5 64dca3d6e12d2c27bf7112826412a551
SHA1 43014f0ebce86b9a82cd38575cc226fa4e3b800e
SHA256 4a8531ea6ef7dd662420a26fb0c8767b1911e8591a8dad463be7d1663cddd334
SHA512 263022dafc0dce7f838ee37322fd2fb7967903c18b76e4e58cff9a014fa0695bd9db0ca10f17c92e0a2cbdca6d2d50eaedb6b20acb6375e1fc133080ea6b4f2d

C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti

MD5 536e819e9fa8e49f60af96fc7cd92974
SHA1 227bd2a37dfee33a99e8f8d77fae361639828c10
SHA256 0e01e1f50faea9d7efff819e47930f071d9b40639fbafc6cd36f5c74b5e8cf8c
SHA512 e2d0c54631cbe006a8ecea1522def703366f93cafa78697408ad8c107e8055682018acf6b3fe79b790d932d960caf5a223ae14ef5c21d52726d2cab043967edf

C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal

MD5 f92126a750ea1fea7d4e8087d6da9619
SHA1 80f86716bfa55eece6807754785a5d9ef8d8d25f
SHA256 8a361890aa7654073c6360c0098c32626104cd4d819eac802f9bc9a50e128b1a
SHA512 fbc12167becb78bcbec16f04e39535103a34680bfd61083ab0bffdcf8d9a7e0fe3380c732a555863cf0bde49b925cb5eed04404d6551571523d1481fac38e83b

C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.encrypted

MD5 38273e1e85de907cf47853c865667f75
SHA1 f92fab45da97fea2e0a209c5fb71ece688d7164f
SHA256 90e1bde24f0aa514b833b182d50861eda55496cf09624e967474a25cf0186c90
SHA512 414e01ffcb85a623a68c533267526aa10daa52bcc8a6e411cbcb0c71cb4372a36b8e12a213837db7b5f061d86d09bdd5ff019eb7af2feffa05f310d03e0ce0c8

C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu

MD5 23d346b7551855daeac420159c778569
SHA1 792cddf0aaeeed971877b7879a9ba96bb5c82303
SHA256 9b937e2e036d2f20a4ce402cab3842fd8e1f20887dfa29ff02c73b4a3ca71fd3
SHA512 7ade9da0ed74cbd6ce35edb0405ce294634c4dcbd4af2932de2cc57f45f92b21f5c3b136623950870240336838ffc62145bb26529ade79cc07032eac9cacc548

C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein

MD5 d689cf13b701c08b80eabb112535e2bf
SHA1 c4cd27752dc51bf59415e02cc25f800b217db0b6
SHA256 51e70bd0d9c5ff40408875cb08345b56b8ce2e6bb6a5965626855dee070982ee
SHA512 f77244b6a8fa21a3b269ace69a3992c283d2ad5b13abd83587df374c44d088635e09de6f3c69e449b3f600bfb6b74c4381e3cad9c5ca50c962ebcd04d3eb3670

C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.encrypted

MD5 344679bea6c32d7f61530933ad61265a
SHA1 ddab780ead8352740afa321ce484545ae72d5112
SHA256 4e815db6f92fe3cf0294422db83775bb214a2c5a36c5a1ab60f3cb3d7a35aaad
SHA512 3a166d461dce205b18a4075e564ba81431c0937764c00460ddab02ada0a02c84172c1069e9157587c416efe2dec3679bcf55834a277e0dc8e4c6c6d7b2d0326c

C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro

MD5 21511ea32f1ea2b96ef966a7182c1812
SHA1 da93e678d4f73fb08f73b8728cc7b11fed99cbfa
SHA256 1ab090dcb9ff4e645f5fcde93ee22fabdf55979f3412a4ce89f8fb9b83acee56
SHA512 3642e9683406eb444de960cb89f8a483642fd79ce318421f0701d6a9d7043ba9c1727a3664113ff3f208c3d53504e64b7e1fb44c2972421addf097c9ba027670

C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas

MD5 ddd3fcd3b8bd939f60cf6b34373a80f7
SHA1 c9ea315d7793dfc8655a0ff56d89822cea0b8f32
SHA256 b265c787af97c6b275633fe86775ad38b0b71737486a9ce7087830fd6bc00a46
SHA512 8482aa89e1ce102d0498689c5d36af553c74aa23da16bf6325c552563dc108e1211521825a1bd0c15ca82f0b43fb7b0989bbffdd2fa6b9522811306efec9e2f1

C:\Program Files\Java\jre7\lib\zi\Pacific\Midway

MD5 941ba176bdbc56f77f6a0ca1f1bd8d7e
SHA1 9bc73e35e3499f337bad044481c28e00206c49df
SHA256 82a6bb4e776a52b6731ad1f6de46bca7e878704bbc550c25950f103943774586
SHA512 ef8aeee2d4d0f3402a82cfdc6089c2f360ed8101225758c224df65cfb714f8ae42e491896ceb9bdb5768c6af70cd1916d060d256e8ac5d1d345c7ae72b1950f2

C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru

MD5 1b149b91bcb64a0a12aef8d4aabab309
SHA1 ad365d8ee01876d19235a3e38fd01f198b650c6a
SHA256 0b093f70c19b02a836ec438d389df254eb6009cda064bab1c73a112c023420eb
SHA512 c2500c9a3160a319aa0fffaeb422f3b0228a048f430cc402cdcbd0eaba0da2ea81be325b123da073f91b2685fde62576affc55393df4f6f259c50d55bf1d19db

C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea

MD5 0dc85b7d3338f18ea1f7f13fddded165
SHA1 a9a05bf2267b0ffc7b234aa5d06c78ef0ceb8c97
SHA256 b6eff68700a2af5e814c22097b3cff557b77f81e4b5a19c59a1255d45c023bf9
SHA512 756caf1026e074b9ad3c1f2317e79f42fd7f02cc3e51eba35e2e6d6c72fe9d10c52502a738b644437755c317308cc81000fa614f15914877a1468203c0f5d6ae

C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk

MD5 aea38ba9bb312ce31542f62f333aa050
SHA1 7f7e7ae6f02bad7171c0b476e37ee3868c62a6bb
SHA256 a57b75444df709d2a526090ee237d27719da2eb64b0f39272e61a3c8a4bd06d3
SHA512 e322db6a884e2a19bc8528a3455c7930b5caeb190d862e34143a79c8a280e2efac9e66755b8a86110fc571291ec87f2ee5956e7cdf9dd3bd879855ace37951b9

C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.encrypted

MD5 a3393b73cbd04b6a264dca9d0a632984
SHA1 256af038aaf8af97bb3cb7c70f90a79ea7416b30
SHA256 374bac717a43c2ac0cad017704dae05ca5e1f54f3c1c8fc66ff467c5fc0a6fb0
SHA512 4ba71b82fab00dd13c067104ef6e2607ca5a68f654548099fa48e18b3ae4ca68c95bc3e461e89331940292d575dafd731c0c62e6ce340452844ccdc8129ea878

C:\Program Files\Java\jre7\lib\zi\Pacific\Palau

MD5 6d8c358fcd18b0863a1942c0c64280ff
SHA1 fd0a3d6d6d19a3ffb89a82bc24b14a5fb7eb57b3
SHA256 356d80cf0a45dec007956527eb832381e290043a784e4fd9c7560390efc59d7b
SHA512 7b5e3c2252868f7dc2efa6b79746496d8ff7a5a8a24f4c04d5fd43fc253970d9c259d99d552b41f2e48e68aef266601d67a78d12f3b1c2227e4f45e6a51a0c06

C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago

MD5 138baa0e460f4baf5b0927c32127e075
SHA1 5d9771c346c023c7f2684293ade578f6c45b73ff
SHA256 3a29b0637b6c74f6477806f0110aa1f85bd8ee6b7ed6f26972dd87102c0882f9
SHA512 afb11241f59b0fccaa7abce9ccddfe9ac05b1e25f04df4a00321e3c3d1ea4499caed7c728374f9c73501c92672efac85bc447c7d2c7f9f8493497bad5437d2b0

C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.encrypted

MD5 80858240852688835cbcb6ba69449eb7
SHA1 9acb54df6c0d7a9df4336fa557ec68a1a32fe002
SHA256 b10582c67569165c628b03979658442e11d45a17199000cc6a4a1c70a3e066db
SHA512 7c5f5e4cd384308022f35ccfa763021c7306514d1ca6bac7c671082db75ec6ebba52d8df586ad45f04dfefba7b1b7abf1a8c8b9062b87c268919604877422e85

C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei

MD5 44cae399ef9f51126c589a13db0dc9c0
SHA1 e13a91f0d7eb995e35da2fdfc305e51541ac3587
SHA256 c3e53d99e704333b21e243f93dbabeab8b1e302158c1eb785859aea6ba052b07
SHA512 1dd44737d98e3c9e42a51055fa9598bec2a57c28ef7c8f65d28a4e98679f686d8a783e990eda9a95ede55cf11d08504c3da6a01d6606b4dd333443c3b6c08fd8

C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.encrypted

MD5 e625ae890369d23bb2abb9e929a65674
SHA1 4c094f408d9c8de26642b8027ede4299ce2c8e05
SHA256 bfbf397d11d4a2485d83e3cd10e99ffec6c9435f08faac53dcd4a983af6620c1
SHA512 4429a451cb8a165d0e5d478b43620f43e48cc1496e260f1ef6827da2a1639858ed61f92eb06ed0fed103d111a4e3f93d7c03e0177cff3993a6f45a4546502b16

C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.encrypted

MD5 986249fada2922196681a155f089585d
SHA1 0fb6865f60ee2c13ce5a0f6b8038c5fc21c240ee
SHA256 bc3533c826a9cc6a5b7a428b9a6e92cd0bed689f51c7efddf5163a409e09da7a
SHA512 41ff96e90baf64eab269efb416a30afc0a8aecc1391e120817ebd36333a0410ee504d3a89ad80e019bba14d3aa3d050c86e331c9e098c51f033a5e44c6760803

C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.encrypted

MD5 241e30db9cc96d24b12bd7820883465f
SHA1 941394b6189fdab812cccdc7183eefe824ec4515
SHA256 d85a80cf3e75c02fc0fe643f35d40a83a82d0d954bdfa66d2905eb333dd0c4a8
SHA512 e0d859cfb472139c9ac6c8ae77ed05f875355c8038699c5799bc9fee1d8bd5bf66fcd5d5b2ffc9a2e6d764797b6cae0924553bf933f86b5a401a17924a82a972

C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT

MD5 d7861fcfd35a50004897c4b866ca3b1d
SHA1 0e843c913ddf4883d93b45f951d2e365ae4864cf
SHA256 ddc5926e751b76c103c8d674620ec1b6fe6867d786875619934fa25cc599e7e8
SHA512 caccb846ef1c7fed6c2840c2a2fd369ee4808fbea54a502b5843c888c3bb675d3b751ab1831c0a07caa1011d65d6e6acdc26bf86b92ec6ccdff3736036620983

C:\Program Files\Java\jre7\lib\zi\WET.encrypted

MD5 278d171d9419a3576e44e9aa859285ef
SHA1 da18fd178282b0e2169cb27cfb57fce94fa05e5f
SHA256 7bfc2267805e539b691d3c2c17bba48a0b303e41f180fd28e199c041b3dc88cf
SHA512 e3f03bf9dc3174e6b53384479805d496fc83c1e5c8536512b0dd763b0c5a2ae2fd2a3a857d3d0c94f2bddcfce34da011482b95f0b1a25cc5efc77827a933c79c

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 4ab05dfdab210858761a7d89bea8171f
SHA1 3a345d494cba5530df3cea5079093a24d234dffe
SHA256 af05e2172822d37c70572f0fa6fd6c6d12292143f5fc355ab601a5bdc029be67
SHA512 dbc54efdc7916549a61156ff4e58c21f135c30985034974b1951996b941c2c7b98ab356206d21095bf2b17b80adb13d48d7515581fd2af7e36f42d0c2c3e997f

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 52e10cd8a8023dce48cc41ade5b20840
SHA1 384ab353a3b463f4461c04262c50149299de0618
SHA256 d7a0e8be93c07b4c63adf56569f0757920afd6e122cfc69908dcb2a1b8fd65fd
SHA512 54cbbde93f18059ad51cc646af64a816e6e8b932d64855fc7735627726ba05fa1dc5a32d4273623887b4bbd017a8838f0bdd4c98561e38ae13927c7e2481f099

C:\Program Files\Java\jre7\release.encrypted

MD5 51cfa9f2d8efc2eaca4bb112f543b3e6
SHA1 168b92be580fb69aedd2453969853373bb5d4311
SHA256 3f270dbfe7ba5df550173cc2b8114a467db97c872a9d00881e187194cf2ecd2d
SHA512 2fbd0df7f26a499b5377c9ed6998a5a8e47d4de5c5d81e189c3ada5ddc19f70c4c77de528384f8aff47bfa78c83772311dee1f4404be48c516ebeeeb7393591e

C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt

MD5 d8cb7cd9f55965252924790964a1917e
SHA1 8a896239b3672759935ff093b52282ca10de4c5c
SHA256 2575b4bef496ce27d1f640d48946ee0bb37e64cb0c5ac7ea54cc277461677178
SHA512 ad15bc459bc4f777b47823f17b809bafb17f71b7ed31428acf792be4a959e8432d9be7de64404da7a7dbab2e2ed36d6bb2fa2ce22aa209e83f630652034d9453

C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.encrypted

MD5 b8b49f3c6dbe3c8f9b5f04b380bc469f
SHA1 cf1c570321bcefefea520e82a4f3e2ecedffd64b
SHA256 b700684d82928f70a2623a7c779d5b467c770946237bda0153f34a16ead879af
SHA512 074ed908efc4121163fed1e080e27233ff64eb956ed38bef443da05292a9f85502be2ee14bcde588d2ba3e1a253435d06fd992f367d990aa7b3c6a2cb0a5a2d3

C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo

MD5 a6b7525d32cf98b98d60b5bae5831ef3
SHA1 fe5db06afc46d3d2f63d8b163584c31192e85282
SHA256 d3decf2242bd95552d94bcd7f23b7276dd7e7d7a83656a5a3800d32acc9e4b86
SHA512 668524f53a06351aa8445664b47ad417a0457aee8c1a9f059b79b98ebdc75bded4647b213b566ef3c0a696305e5bca13f837dfe920d92a6a3c25e87e18e50074

C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\vlc.mo.encrypted

MD5 bff13f124a9e70582d78e621861f5066
SHA1 0b38d8b3894f45f331c79d01c9b3fbed4b6de166
SHA256 51e15dcee06ca4a9837bdffd190b8be82931d634fdbac90c71bb2144d410e3a1
SHA512 d471c3b435ae035778dcc4ee11d1e075897ce7250463430e66887b592c1ca7cde9bd3fc80eb3ccf589ab33a4b5a7c8fde8a78be5b0952d745b4aae02b10ffc71

C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.encrypted

MD5 818aac45dc7048b988d76f4d9f3798f8
SHA1 1f4a5a01d7ab846918dab2ef4c42160a40ae3e94
SHA256 dd0086432dc49932d51964469b08435a6f9ee4fb03a29b148d517005cfe8c783
SHA512 257c0e77954b8fda1619a32b2ace545f779a33d7284c55a5b8cd865da5e55840ce7e0f633e4da8abd6cc7a44ae0330c41eb189d64e103f62a4ed3a6414f959af

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.lng

MD5 c48f46efa79c074ac09d4bbdbba32abb
SHA1 101b741291f067603988ce2e7b5818afc3121b6d
SHA256 4d3a0268ebfb59167306f4f6aa53e4e506a36df1a1e9b28be7d2c0e75e6a373b
SHA512 cebe30a41d0dbe87fbaee1b70ca6a4e229ca967edc94401063c7352e224d34a83ec49bfb2a1ca9ecd2e729572d52398f85319587e01700490326cbd8a88b1b27

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvSOFT.x3d.encrypted

MD5 31337cdff9d5ec446ff8450c7491dc16
SHA1 c6147c4c382c2325db69e59b56a2fa63c7099443
SHA256 035f090e022ccf0fb168a88c740151970022ff6264777d30b666c3871a588ab1
SHA512 8ca2f276846aa95b2a7415fb76000f2b0555a462ea408356b7d244f6283b8472360fe756db2bfbdbdbda54d2b9dbeb3b87eeb7e0f8febd292768829881ca329a

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif.encrypted

MD5 050aacc361f0a1409106fad9e2b69af3
SHA1 d7bdeb4846a0b8a399b5d41901bc919ceb214a01
SHA256 43d66605196e334e3958913ac5b928e1de1c0cdd60ede9fcbb45f1231a99721b
SHA512 eaf2498275efbd2b8b2f101ccd90db602d278458acca8e2bea86c3facb5a43b3eef171da8ad6959578bd2d354bba724cbe2ddfce22a178b8e95e536b548014c6

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif.encrypted

MD5 c2ab2cdcbf07b21ca454f80cdcf12fad
SHA1 c673f48c678b7f45c25154d0427f1fd8128da949
SHA256 505a2dfc9afa000e739f399b82a960ecea00174eff4fad8ae77bdd8e87c0f1f9
SHA512 21f566d0d928cb020ff4d931429b801a8cd616025c8efc7dc06ccb0afed8c01d902150caffb7489cf23fa8e5eed5c249df34479070368eeb5ad93b32d8b572d4

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_shared.gif.encrypted

MD5 3a190f7c2e9bf57fdbd57a18a9d60c41
SHA1 49fcce48bb20459f1d1d921ea887cd4a14b830f8
SHA256 40264a02e1cbdbac1c113a4bd2fab7e0442854b89eba20d4f5ab724bffe766ee
SHA512 c5a047e86e099607f6b1cb31edd47e2d2cabc35286d6721a7cd8f5ac2395cdfcffe0869b8dc7c30cf1818c33d538ea8ae57c6a35632bc3289bf9515ea6aa6cde

C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 9c7fe40778cf9372421c96e713b87ec7
SHA1 324d68b59ff283737898d4c923b881436aeb23cc
SHA256 2553c37739a1c0dc46cde0b76a433c9747b12e86164b816dea52754164e75f3e
SHA512 5348d5b7b531ccbe6e03b353837c0f2e64311885e88781379a2870411ef8eed95028336bbb9b1faf17419b52b3555838f4fbe9af501f61108fc325454445efd4

C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca

MD5 69cf99e84e8d42744561c17a0ea62900
SHA1 fab8ca56ea95001a68fafb02bf1d83efb6ba56c3
SHA256 9e052fb80195180cd3560087ad3f78ddd8a5d0fb8c8232a3b909b87f047e9029
SHA512 a63fc7a259e4b822d3c420b613b954a1a23972bbecb7cc50b625654286b9ff18cbc96f0f44f73149c07a38cf9d4eae1b3db8dd47c701e4247295eb160245e56e

C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE

MD5 026bbb5e553e0ec6ab78f61adc9a3991
SHA1 b9729a571e47d5b2da286d8da115e2253d81cf2b
SHA256 4209b6c49e61f0b63fd4cc65e2414d9e2a81f3d42ad86068995ee884005c47d9
SHA512 7fc2ded153b518d40a582f5f373909eeb61a5bef381bca69e42bb49196468d9b312d981dcdf97b271ecddabe911e6d18a1ed58717ab18262580886d80a07e8a2

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACETXT.DLL.encrypted

MD5 62520272e3f84720719400ce8af35697
SHA1 fb1287561605a980f9f98b9d215edc8840ee3eaa
SHA256 575bc19a7c6a32d10a0ac17cc9b130cc82d2cc9338f52df647e7aa88244aa812
SHA512 487d4a8f4a3ff5b2a88ec1b5efd1f41154b7280e65843594a9271d9818f7ea35d5578f933c5bb21b859a4052d4ec8c7257146921c2c2ba830f3c6a6b1f83621f

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML

MD5 0f61cfad97e56dad858147f970e45020
SHA1 4a5dc85894ce70dc63d84b78e9339ba13183baba
SHA256 6eb677be447ea556b3376b3c307c50ecc18f55622b0cdeef470ad7dd2eabc21c
SHA512 cd3018cf46327a6f9aea3ec2d63c5541c769b982730a87a43657670f79b78f3e54494455663384db992afd52e9e0e400e02e0713751e4aff8c12747818d95a2b

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML

MD5 5a2cb2340264a3bc9838f565506754ce
SHA1 fe3c2b513cbee02d57037d970a6912c0cfa07b17
SHA256 a4e6b780182a197edecf86d900a35bc52eb8842b63dd938197c9fd1a8b9d16fa
SHA512 ef6338e974349dfe694bb77918b6a55764c96a9669f2309232c8c72c556e6094bc76064e2c097eec9229365bbb452d1728151a5d6285690bcc12bbff619b8281

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML

MD5 47f58cbccd3252cf177e137d51994ab5
SHA1 6cda57ca10fcdd8ea273ff3ee900c89e99966de5
SHA256 5b67a28d17c963185db1b7878f10b0c250ebe93acc48138992eb10ead204eec8
SHA512 37f8b9e5589ff40e26cc1938eb4397bffa140374a41dfec3640a39416dde4fbcdbb6d2a507f99ac504bc51692651a232d7d11e9e677a1939bfd1995da2ce4c8c

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML

MD5 725aa9ae483b561fc7924930818b4d25
SHA1 982a02b0b88618a5278df6287c9232347d6442a2
SHA256 825665621bd626c5a45cad114db6c9d1c757d13b8c04b8408e6badded6ca472e
SHA512 6d426b3003b6fca1b96d11143929c5dd6364b4f127b2f820ad5b66e229601cdced16544a5b0fcfe339909112cf44a88062aa5ede2e01996a5a7dad8e3c984a23

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.encrypted

MD5 622e8ead58682afcec88587688ef2779
SHA1 182e7d65cd9f35fad711472e04145a5ecb084aa8
SHA256 8a3e0d0d75d31a1ad22f6a4df859c911581a3c729012480ba0657e82244c5a20
SHA512 24eb5468bc854ee17f7ecce430b6d00b737bc927bfec72b4fd34483be145cbbf882f0ea6b82fdfd47c27f24771d3698761c51dc5efe3244bf18e6931176b798d

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.encrypted

MD5 617647800b18e37cb97ed630e70ba933
SHA1 95017bc6a2090b4854ee1834bfda438054e2a96c
SHA256 edaee70ac26c324f58b3842eb464e615fd352d42cd166a741c02d50575c5dc2a
SHA512 801237d93019531590aaea7a8e4da56e619e0c2b26c3c822a4f8abb2bc6d000f6d5cc57ddb64a6371ac6197565f992618aa8ceca69e8e6c07bfa754e52ea4cda

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM

MD5 873b702c4ea904d7c9b764c033814a02
SHA1 eef18dbc52cef26b65b0bef4ed8b7fa20896120f
SHA256 5bec4044099969a96c5d892e4c4edffeee0bf0412725b2ff853f748570ba6331
SHA512 088ef478801423f6078655e73b707260655120c47423ca00f38ad5aabe51f332d2414e1d5aea780f1adef515d72cde36429f9225c17707ac9c37ef95da8164e6

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM

MD5 b2ce531974d649aafbf642803e457639
SHA1 cb0d3abded747e419b1cc2c6771ffc3a10c1e0f9
SHA256 c3c9f304a72518af9504c8d63e94613ad5c8d8e1cefe705226ebd760d6978829
SHA512 4ab16565d2dbe73247d7eeac138f1a058917782819673e3928d0103d5d83a1c6ff7ace913ddf56a28264d79d7d94b250bfddf38c356a76a3c5d6c094bc6d4160

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.encrypted

MD5 2fbf11169005d269d56eda102e2fa827
SHA1 6723660bcad9dacdd1960564269e99f23df8ce7c
SHA256 8218c119318850cfbac0c8931ed19e4cdd2bb681272247c078139f08520f26ff
SHA512 8485983bd7e52a10750448d2da5cdf119f72476d0b00f77b190ecee1d2560b07da1d9e1f75545542c9efb7ea7bbd2995fad2fb7b1e9c2e967a78b8b81f111992

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\Office64MUI.XML

MD5 20bbcc3648c016b54e9455b385ba4fd6
SHA1 471aeac84d745b79245726caaa3e495097f0e80a
SHA256 13228a22869448cbe68930a5e88d9e4742856e44b4b95f52e7cbacfc75cda2c0
SHA512 dd0259dcabdd652f02aeb8c8182894b16ea24c1bab52c2a816f55981451991b046cd986709e7772e6669c04d5c0a03578bf4141597875a7d8a54e4b569a65691

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\Office64MUISet.XML

MD5 37fc512baed4418495941a429a954457
SHA1 71d4fedec21972c590f83d864a6f3e7cec2efbc9
SHA256 1c60291345091343ce2ab020b2071cf01f74dcd5cc73ff103b7217ca7fca8357
SHA512 b6a9706e41cf09fea3e3e9006a23078f058b0287bd17ac225e67c2aa73d4979059e0cd4c5c4cd3b6dbcf46f19ec7ac886327f3a565b2c8cc902e8c4dca046519

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\Office64WW.XML

MD5 212718bbd17d90f25ba4363f5c1fb7fa
SHA1 58b85a0ded1e87529cbd6720e73b57ed44126cdf
SHA256 72eab5bdbc352adc84e17c1b443fe5369fd7c1da5945e241b87460f946c6e2ac
SHA512 be866de1e0b46000370da1acd6664cfa72e174dd33b29b52b3ecdcd57d5ea53c21868f7bdba7b75d7e5a846f86257030db23cfb65980bbac0521799d3b5ef4d3

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.encrypted

MD5 ec3b6e52cebae6f2975e374d343753a9
SHA1 1e0ed3cde4665084360f8e3fdbf53a5512f666e6
SHA256 7c43ec30689f91afce4eaa4f1f2295c90cf3090be18b2acd094433510fd60569
SHA512 f2eb4cd6922e0c25b8262c6cf1a9d1a3fb3fd338a74760859cf6ae8128fc56a8f3f31dcda24553dc1a3564854c218a7c9876edea7f8bfb67d1c087e4b0091b2a

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML

MD5 79e7ad622ef0035077927bf8ee794de4
SHA1 aad6ce0771a4ee787452b3831720a4397af1b460
SHA256 1361ade78a5f928e2474a43e88081d4521b05cf2c8d0ac5311188db771bf1a3c
SHA512 1901069918f165a73c670337823f59f5c7e200aff9a6281920a742411847b74c3490598c0bcdd6fd3894544e79ce29383337f19e221b13ce0b2135cfcd2eb15b

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML

MD5 7fe8d96810477c9557dcf0abccf536de
SHA1 ffdc77470dfe33190000651029fe156784b2fc51
SHA256 8d73239c3ef2240d9903e625b3a637a76fdaef92bbd09a25b8e19f97386f9267
SHA512 9962e279b4ab1f7132abd08a153dbe0894112ecd10574d4f83e1e1f7819a508d57f080b912192dec533d52c2afea8e6baf4a6d953299e3ca234a470a9070667c

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML

MD5 18f5b4b5586523e5890b410998a693e6
SHA1 cfbc31cfb2542979af79809d5c16495c7c3c2b70
SHA256 834a12c39fee56fb557bb4c7afcdea3c00548de707269f6fd5edfcdf867bf264
SHA512 23aab20421bdd427c4d33f1de277adf387fb0d7e05316c17c8bff3eb8c5be12d12d57285169f03e7c98a0db196364420e2698fc2b17083b7e0ead87d0c809686

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML

MD5 c2c601cfee1192b726b90de9e3ff2f62
SHA1 b4fcf2a0bf5cce38c1b8be9b5bd59b665872a569
SHA256 149b8639dd463378574a434d0ffcc274468a1d888e0c75381a894a59a172fd17
SHA512 361a1e2f60fb6d75a912776c2d62be8202fdc147b3f7c03e199dd7024de530c8040fd250de04354182a77e20d54de579a606e4ca2dde7df182b33827148a2102

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML

MD5 e48b0911c0c23bc30a221fae489cd138
SHA1 7c66c1a5931b5a89f7ffaa3638949ae018213782
SHA256 3b30e64d8aaf352a1392a9b9f72cf27273936cdfb3de2667a08b5bd9eabdf133
SHA512 e3e3d0d79859b08046b4263c1060565e3fb27d38d0536787cf69f752b22d3fe5a44d9d28d1b952cec0a6c0fb94390013d018a0362267cc1d129f80de171f85e6

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\ProPlusWW.XML

MD5 2bb6fec3c101bcc6dac96c2d1d4be130
SHA1 e0be59e645bdde32e55b81562f0ed07391b2da2f
SHA256 12616ce1cdd86d132700801be162172e2352c66e5852fc5ad4a7b56a7cc355db
SHA512 9f523afe07bfb8fbc156fc9c765b5bdb418ba5a8e514571504008895b3a3c96e47b29c2ccda627c18a129081701455062912e141e7088112fd8574fb5506993c

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.encrypted

MD5 6eccbe4baeebd5088f56f956720a6361
SHA1 50a96ddec5dbb9f1c3ad9f350c3b2d9e556e9a62
SHA256 69b38c3c616e360e86af7cb4eed6c4ca59d7c1871087dab1168cbe7f4aaf833d
SHA512 da86affe915330a96df8fdec32075e9562482543503fe53acc460c93de231901f28e140f199a9f736e78aac6eb0ea17ac7f501dcfd0dafaa0949e0bf188b3a01

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML

MD5 1905ee7e26b7c56a98b0c41f9c84ecc2
SHA1 0232cc8d7755bd50de660087e2680d541f652ee5
SHA256 04873e23dfa1f4becf6f1d0762c765750bac0fe2ac41a130b50d223c888e337d
SHA512 466e56a90d35414ac6a7d1fbfcabc320dcf169800c91948dea347174b1d65047267d610269804c86e0856a8cb5553ff8eca570829b6133948db81ec58cbd9c31

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\VBAJET32.DLL.encrypted

MD5 357b8035949e7548c7996a4523e3bb06
SHA1 0864c4304165970a11578b921e319a2a3bfe11b5
SHA256 08515fef2ba0578c9916a50f2bbcb15ebdf3adcb505c25ef505df7129d2af842
SHA512 d6ae27291db146becc4a83421a38129deb52756b073c09dc8975830577bd563dfa3ed2ae2da7397fafc7571182f4496004567341273e8530d42342cf8f2f2af2

C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\WT61ES.LEX

MD5 b972ca0dcb910279b39e4f97645007c7
SHA1 58283b7f2fa885e64bf4f4c7406b6039dad6891f
SHA256 c1b9cd6a948c8c0a69cca893b8014fcd63fb5c4779868cd29d96cf5627abb480
SHA512 1f2f007fd5a739a1b1827bd9c3b7bc7fcf71039cd024dc709ca3515ae197c12748aeb36e4a6699dd322074681450a7dc68134165eed4f3ee151f8e2ebc4660a9

C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\MSB1FREN.DLL.encrypted

MD5 e2e0e05620feda35b87e64007a487b12
SHA1 23bb0727742cfe330b969995ea9f061aa237ac9c
SHA256 480a1eb998218a794735df84ad356a9eaf2d29bf61f5487dcb3d6a2aa98e34db
SHA512 00b1a0e2b77abd68702832dc61492b77c85a3cc0c00a4f3605cc569f1d8219859de8816e17fa99fdb9dd5576ef171c8808a9035b73038a3bad67f403508fce6b

C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.config

MD5 3c1a37ea5b27354b639391a0c7a659c4
SHA1 0906d1fe046f2a4bc4c5c64bd55c5f367db9c35c
SHA256 7c7a9d7cfd07b3de4388074c16d352a4786af26c2008d8005255aefef70b4009
SHA512 91ea9f7b1e0d78ed829b9c0aaf23511f54b1f70ab4c16938bab7dacbe9f98714a5b505a3a1242e8a5eb6242fd7498d2569319c742157f7c6ebcdf0941e0a8ede

C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF.encrypted

MD5 2565dac5c9ac3bd3ed697e7d5909edd1
SHA1 29d8f68abbcd45516b70c41b100580c682c33edd
SHA256 1e636ab2a084ec83181959d67f8628654fb31bb3ffe014287e98c1196044d017
SHA512 846cc2362f66116f6f3340a5d2f96d464df647318d446a1d374a763f34ca55d9e4bd7c473e800894b1bb81ea72baf69457e1c49a4015b18b68803d287d9fe587

C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH02166_.WMF.encrypted

MD5 c1f2b70ac495c8ecb454b11c3bc69606
SHA1 c7d48af5172570a5873d7eec365769e317450aa8
SHA256 d2a68c521fa4ef0303c871295bb8efee7f3e9494a0fed8c9a37b42fcfb244a11
SHA512 e0061aad347eccacd30ec0a64b5a6189ceba63a5d7a6402db08947f8f4544ed51148a3bc5916bfb037f82aae7df2bbfe85b8cd245dc7b73d27ed32d96275712f

C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0153398.WMF.encrypted

MD5 bef18bf26682714d9c27ff37967bddc2
SHA1 cdc9bb5e22aea9a47518bcf474e9f7235bddf5e6
SHA256 fcd3b28fe51affd4a9d5791c1987739255c531fbe52ede11e31d0299ffbfdf1c
SHA512 07a6c94a3e464d29c6627e555e1cd4dd0b78244a884e2eb2c5c892b2a31acdd2bdb55dd76c64c4c01391c9a776543056f50015f02b70d12c91e21c7145225181

C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0215709.WMF.encrypted

MD5 d9f6be56cf8bdd378d54312dc35e7f36
SHA1 367ec30176eef6fe284dd0d412a7a2b4919a3399
SHA256 7923cdbb499ca5c703e2793da8600952ee601bf21c7b0fa77950ab3842031545
SHA512 4ee398e4eaf59c41e6a55faa996c0035eeff3f4c2795663e08f0d811dc1ac02734f6c04ae2c58d69c611d9fd4f9d659a5634e1d69492818fb7a8e4a389aa46d2

C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287642.JPG.encrypted

MD5 bebe698e847f7b63378f390e8397c456
SHA1 e30f9050559bbde3b1fbe7a26ea71ec2d7761f22
SHA256 0535b01e1afb892047443a0c8d719d0de0e33e2c94135b7bdf011daff7ceb2f5
SHA512 45938986fdf6955f498fe63cdb39ace1bb6b0d17ad322fc6d435046587e95a9b4a9ff3095e57c96c6bb466a0b9357ca89703ce83001c8b8aea3bd0b004158e2c

C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341559.JPG.encrypted

MD5 c08551cb1726db2a61ba8839f2b77233
SHA1 07d032ba8b770b00e26cf5de2d3e6c7508679b11
SHA256 7d5b027da6891e6f8b4064e5a27beae9ab9b9557a0af2a57a5b5e62bb433c3de
SHA512 21756a84721495705cf51c4846f619672c43d72be7db35a6b24b4ab3a0e9790d0a7cee063f04bb5df82b89eee8232e0167e36097f6ec8adb33d3bcab69daacdb

C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0384888.JPG.encrypted

MD5 c723e4a7232ee844480bf46b291ce44e
SHA1 edf07650f9bb8888a4c4b602c6c6d4a26196a59b
SHA256 2298c3ca36e0921eeb5c5e116614a9a03fc48b27173d5bfe093404d4ab2940db
SHA512 0c94b2e18eaef4a67185193ade27f3d429792006cff1433bb28cb7edc8a42ba3556462ac17939d59ee378d03e9bed649d5e3ca01e6c269f176f61e65ef7f142e

C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00034_.WMF.encrypted

MD5 38f1da668065b184369f447ccd678763
SHA1 62200d9f5058024a12825a87a30855c8d0f8c24e
SHA256 6270edf205638c9ffe9abd2a7654892ea86a1f8e9a0503e8b09be1d161912880
SHA512 b532154c081147f657fee2fb44dd29d17bbb5e8fb15284867a58be5d0e86acf96e97922381bf1f725ea5d58314a725e621c3eafd110135c6f0adab7fc9b71b85

C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00640_.WMF.encrypted

MD5 6a26bd26daa838b341fd3650b9b6c428
SHA1 5e2fcbdde21dd569524ffb5e10d4fc8487c41a8c
SHA256 1c811daab56f9fc3dde21b079b7939854b93daa5b7bb6d488a52f9fd531f182a
SHA512 91de9608c019ce7540cfa1d3cc30f260b4dba0328cbcca100da14344fce02252b1e1d53d96a0a22560b3f36e4f0d2f2c615fb48642a15dbd0155b915f60c672d

C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02750U.BMP.encrypted

MD5 b3bef1b2efc4e985f657f80a5cbd674d
SHA1 fa427f7485293cc58485d3c2796094e643014b68
SHA256 a903f084a2eed78a542e3f1ccc6fd30b6654a639682f1d2dee89ee14f5f9882a
SHA512 dd2bc047c504996ec7a9dc9d7792d92eccc12ee72865a9dff9f5da48ee14b245dc3c07fb5e91ef4b406f0255bb2401de8f553a703264375b82b8456e5934ffbd

C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02829J.JPG

MD5 ffe268a202466555114f47999b616246
SHA1 158731aa9988824b8ec97cb9a89f93ad77d382bc
SHA256 863ff5c9eddad237ee8f087a4d0fc4f55fbf90b29fe4ffab91faab4ff06447f3
SHA512 e85ce14dd45d9862a73a144506eb651b89cea9fb2548632a8a0817d5202a1d5b9d65f80f16ad534d154309be54f03e3614220688d396bbddf90dbd6a336b4162

C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\TN01308_.WMF.encrypted

MD5 cf49dda7f1e58adfe29816a879b91a74
SHA1 9c06035f73aec95f516231151f4e4df3c865d1a1
SHA256 d2c4710b4350abd04de7b37729a44b9149e76f28dee71197e53c8e2e884ee8bd
SHA512 f596fec475048c28a427db110f3370c77b2c9671e1d1a5026ea9a7131b31d2f11ea2d02c45fe84d70e1c0659bc008a542e40898b8168d855cbeac4ad7abf358b

C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01245_.GIF.encrypted

MD5 814fed616087fd30337fd7da3a68f984
SHA1 b861a6aa2e61d7c10b28aa2fd440918836bc4bfb
SHA256 23074f0221e6eeed38c5ec2dad67dae4bbb8e4e9f53f9ffafe47878b99788181
SHA512 0c26302d7767a8641cc4015d2ac1e0ebad192c4293dff35e03a2e5010048e882906257213b4990a2824be7abee062c9e9d1d01609c26bf5aa7d72fdcb3206215

C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01246_.GIF.encrypted

MD5 b23ba0f951462fe01c1642266d772de6
SHA1 0700a408f2818051d0a45ded7cc22500c2504fe7
SHA256 1b980d630b242edc2ab6fffb820d12372854735450d6d19e400df4d93fd5db79
SHA512 3bf097c197d95410b4dfece49bd8a3067640025c1a0e2a0effd4f87773c24216f702e3b74ca87d616ef238d8b84cf63c3977f6e9871c7b4c96490ef467dc4dbb

C:\Program Files (x86)\Microsoft Office\Document Themes 14\Opulent.thmx.encrypted

MD5 0a86acee0a10157fd6cb67dc525c6d15
SHA1 985b729c062b94e9c4754bb3e57bb79f3aed4acc
SHA256 b98c89c607f17a0bfa95f9e471671648c4aadb9042d989eef8e565c57c335b55
SHA512 fd82c5ecb017bbfc385715873232e491cc698a9932796126c22a8562afa7677dc4d29a9efda45a8175ec93551d3e63946e31a7a39443644be4010128bdabd4dd

C:\Program Files (x86)\Microsoft Office\Document Themes 14\Perspective.thmx.encrypted

MD5 a46eb3e2b7579824c404666283ff2a97
SHA1 c432bd11180c83dd2c4a54508ea7997cab9e5c37
SHA256 5ac7df8e1f5e3e86b373d966d1c09db1f14b4dcffaba9c583d1fb58977d34431
SHA512 f8862feda4c8b0ca1792e44d000fdcbb9ebc80d0569e684d9ff5bcf9932db481a5e988b3899429a4464f5856b1afdd237b8f809aac077eca1509db4a55a92225

C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Perspective.xml

MD5 1bbf4a0020955fe3c4d7bc2a512223b7
SHA1 91d9c7b4153ce72ba1d5be11b3e98bdf34e5b2f1
SHA256 76ec5e48bccba8a770a900214f7273f35dbbdd6ab1ad88d8816746f3d48de6c5
SHA512 ec6a06f4b247ff88f9ba0050518421cf00d4502dea82d8ae3f94451eafcc3e201cec90fda77f06b73b7eb2dff3f2065d2f5489d78bd6d9e141aa0f163aea3d6d

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115835.GIF.encrypted

MD5 78be92528c07c8c5f130c7822dcfdb8a
SHA1 00f62e4307f5ba22e972b78484cb02fd6a47656f
SHA256 bfa76fb5d7ca476770a7325934d1068cb2b19a5c86b3a62290adaeaf0ed3182f
SHA512 196365176ceaa6c76190286a67437f25bd5ca9f0b401ee460af7a1ecd58797cba280aaeeed6698eca137e19d238c1feafe0678a807eeb32d1df650bd87f8499c

C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK

MD5 8bbaaffb07c508b15bb4373008cb887e
SHA1 ef7ea63854f9f2d4521a4d063729d7792e62e2c5
SHA256 b2bcc0f4b09d0da92048437d581932823a618b6f8647c301f97eb5f108cf5fbd
SHA512 ae2cf3414237b1f989968a6cb29a8317e580bcf07d7588100f4c14cf9b6cc3a27938a042f8b68f32d5fc6d9ba7a1add2db31c1babc6079a36c3acbef6f8fbe44

C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK

MD5 5d3fe4b8623a736bc21f5b107d3ad49e
SHA1 3f90fcc44137cf0de145b561410b7c23ee501a36
SHA256 56c441e95971210b3b62de3ab0adf5eb472f931c9dbd84b38f770fb57b900077
SHA512 cd0ef915e1196fa1b05b13577ac8790763b7f1cc7b3df76a73603085b81f1e51e24c02e8b126ca2071c818bc97899d5ea5556a48671f14cc4add61937c95eb64

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\TAB_OFF.GIF.encrypted

MD5 85061f7e7c92656e4a179c439ca727c3
SHA1 5781a5faace886451cc6bb04e5e46ce8471ffb6c
SHA256 426ace768e3eec42f9737b2d5f12bf7696d8b3a2c9b52661360f1db98f6be6ad
SHA512 5042acfd55c33c73901f64fe3924ed00cdb9d0188c2ad4de15ea2b51559caa7d6582eecce373279b98bd67926821aac53960defadabebd0d338539a405b8cd96

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\TAB_ON.GIF.encrypted

MD5 a390d9a1e2e14a3922dffdaee3a50142
SHA1 440272ddc3e5a75c4bce7c5dd47ee5924103ee5f
SHA256 cecd3fa1ca51edbbf0662996c1d85e077f6f7fa6057be21ff60a365f8a0a4982
SHA512 520dbe112b0a5154125e69ed175b60c6a736ee1f606380380892b2c5fcf0b1fe76a9be5a532fe8a2e0586b7dab96b72d0a72d8b7dd671fe2196a42c064493bdb

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\BUTTON.GIF.encrypted

MD5 7c43acf1d61a35b9545c1ae1da12ea2e
SHA1 c95f501fa436577572f854ae1721abe24893b792
SHA256 cfa072c095ae9f5c9e605a2a3209767c0fc06cd8210c33dd5c525e9e799c38cd
SHA512 abf345a8ed661aa6dc02595aa9bf73b58b8c689996f8fc950f521cbd62ef2d9d604ce3d9c4b267ecc042c43f0d53d061aaa011e15dcd7cb57ab842b2cfc59d85

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\TAB_OFF.GIF

MD5 8f24640941c3604252c22ab971fef64d
SHA1 bc4b3baf9baeac63d2cf551dfe01ee65ecb147c9
SHA256 c63078083c6cc5589e2105db486ca7e48ba90bd21d157d42205ee7949e802f08
SHA512 afc26e5402b31aa324bf2a58c633b7a90bd3b745f1cc726dbc2274ad1591d6a1f6d0eae8da381dee1dde8a50bf2d3647a0102e83d59376e898daa4c8b08d48e3

C:\Program Files (x86)\Microsoft Office\Office14\1033\MOR6INT.REST.IDX_DLL.encrypted

MD5 4a5563096aa1afa898ca7a403d73d37c
SHA1 95d221692d0122b86c2103c447cd126f0e0517ab
SHA256 9835bb8d88ef46093cf3706480f4317f0bf37bdb3b2d76c074fd29328c8062da
SHA512 8348cf4a9cf214963449611d3a9c7728f378906c2d0d46ffbe5b7509903c82fbace5943400fe2dd4508409d886aa644de4231e1c6f19fd3b55de89a6010bd699

C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME11.CSS.encrypted

MD5 61416850dd359ec406cedebdcd6e7f45
SHA1 4b763407a24a0d7b0cbd9878e1f0f8393952481f
SHA256 fe7e1d316c348b7d945773007130731c79b239a464e5ca0597cc31b2c8f26fc7
SHA512 94a01618d361593c3847f4042f4663aeadfe5554d6009f284bf17b2eb75c46f568bc1e03b2e084d343b0f0189424270bc941016fba19b65614f1a03d351975ac

C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR32F.GIF.encrypted

MD5 d88abc42be4490213083e923d19d7e0e
SHA1 1bb0368e58c319d92847f98eeaa20c477a199aca
SHA256 a099745b2b143921f77fb7a35ac231924e230b2aa4e5dbbe2868c2f3a4cde5fc
SHA512 11a6ece87db3a8f55adb94512172fa21904f70f5bdd5fec82e744d78391f776e913fc24dbcb9f8b7b5d5b515a5441186a87672b37e208a46afd9470ae1f55230

C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\ISO690.XSL

MD5 e315cc525ce2e4a3da4be32092ef4f6c
SHA1 ddbbbb64615dc88b18d03d18923aa1a31f050c09
SHA256 4b786a96ff6482a8f7c7bb4166fc8848c29db45b6c5a3e010b3ca62860b7380b
SHA512 35134731ea486e4a0295eb89c1e5767193c6f01524b123252318df91035e62ebaaf7f42686388d421fac9a33b75533f025795b513ae419c796091f06f88668dc

C:\Program Files (x86)\Microsoft Office\Office14\DBGHELP.DLL.encrypted

MD5 32a83fc166c27b609728c75ede83fc73
SHA1 2be75cb17d4a81b55e0121b5973742abda0bbe41
SHA256 60adacf14864929d6cff3da3aa42d3ba3f50cfd6f362d2f7fdf1e18baf952fd2
SHA512 7e0397f2dfbca20ab157848f8023e47462752d8f0729d97ab1b28d60c5f57e45949f6edd1b004083f744f897a44bb13f440b7fbec6e185830b296b9751c9a941

C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\NOTES.ICO.encrypted

MD5 cb4899fa98198eb83a2b56b20705d793
SHA1 16f4a721b0e5b078d1ea665460f9411197f80c33
SHA256 7ac59286b6986f32e7cbb42a87c0e6e3af579896337f4cc9593623a2b813e12f
SHA512 b1d726887cb018c67a7d9b0640cd745d671df030e978d62a39bf5045633aa9836bf13e34744e5a475057cbb1b2ed33af607064e7fd80ac3c235fb0b805158956

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImagesMask.bmp.encrypted

MD5 caaa11c9d8c0b72085776b4def9e7246
SHA1 ddf59c56467a1559b0a08e6abf4d80e4ff15dbaa
SHA256 c0da1481384acf90ec5d91b2a4ea508185699e3102b9cfc53fb240cf57ea492c
SHA512 a164b8fb9ba45a14bc553a6ff4d745991c6dd0e91b220f14611732d0741a335cbc5bdc98684e689013faaf5a9587eccaf3a935836c479d24ee9a93a3374db64f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_OffMask.bmp

MD5 fa87350e9e78d66ec7d421f816556833
SHA1 6ac55f1c5f6405275195500cd4481368f4dbc5b9
SHA256 0012fc25d04f5bb4ebdc9933a3389fc5ce9f1238332e7ebde8c228e3166507b0
SHA512 289df3416872a17c45972e1f82a4f8c0ce9b8849279093221ff3e2df19935e33e7d29ed03ad26d7ed0ec87ddeb55074ab7a3bd1c5bb430359d803f99088113de

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\BG_ADOBE.GIF

MD5 c5fd0c882033fa6298143e26a84ac4ad
SHA1 016a229667e5b8d1b603719e97f2c23c3208044d
SHA256 74676670416c2900d4e862f84d5e950911a9e2ee131bb54a188561dd125d45a1
SHA512 ea887644d63bb4fc0688ece837ffa436dc54dc276a55040937d728c4b489879a5b1cb4f4172b62dc1a57c0b79ad6e49f40a709b59ef85bd0e7dc61d994f5d9b9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Country.gif.encrypted

MD5 fa200b5ff61cb3767e3c19ee4ba7ad1a
SHA1 040940b9b031b158ad49a8ae009252d706153086
SHA256 0594c1e31723e8c45af65ae840bda4346397895f085d372194e13faa2f5ef6e5
SHA512 2565a99ed1c05dd787ba81b62f5fb8c538907cb8d43259114074daaab938336c9f5a24b5b752840f553fc52229328d0453d8e5715184d4783bede571242b377b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_LightSpirit.gif.encrypted

MD5 3c21aac816b0a7c335287c3bfc204dfb
SHA1 6d36f927f559b7b8d4695210b8dffe9f2d0506b9
SHA256 8ec1b0b00c2a3b9ea801f795a55dc837b7c45adc74385f3c7c0da9b03e050c4d
SHA512 78981afb24f24ffb4f7f3f542a765104ef3a0dc7c9ecb15e04de57bb348d01480d9ee8e8781601a5fff66f88ac803a1a72199f41113569ab0e7426090a6ac917

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Groove.gif

MD5 6c58012e503233cf91af27e345dfe826
SHA1 091fae924317bf4f523b8cbf2bca58ed4b182ff2
SHA256 70340f58153f11b4fd5cf4bd0caf8472961d8da52ff8bf964059beb94a29f908
SHA512 1817dea86e12146571bb6d0b8900e7a5b7c95d6e89295a867dbdb9f24bba76a247c1891a6dcad7df808c56c8e876a017c8dee45c438e6e001bc63a6a7477795e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_GreenTea.gif

MD5 c83082edcb12b34446ac92dd24d2092a
SHA1 01f7cdc7e02301e4ad95200d2b28039ce8613851
SHA256 63b97015c33191fb183aa7b841e678e4c917e3536010ea1d769de503685cc6bb
SHA512 d9077aab3dc96b66a1d9b7e2c06c1b48f42ca1b5e38d06e158436d6a126f6e7f66cf8ff795c48128daec20975af07d896bdffcacdd9e49f9f57557c7f896a209

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_VelvetRose.gif

MD5 223b40586f7c0790551c555881f6b655
SHA1 4c7799b35a04edc309f47b842a0bc83d1a248144
SHA256 dbd8aca6fe6415b0ad4501c18d7db3d72f6a2f4801b1e834c02d1f84eb9334e9
SHA512 5dde3b1ae058f575d89033f777b69866e1e62418990fae39d2f792a43a2728eddc6606380cfb15d9d9d245fd400e7c244974fca71240a24d8f0b965c9a16943b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Earthy.gif

MD5 b49e4f5e0884cc5692d2bcff7aeaeeb1
SHA1 be82bdfa0a71f6f7bbad934e602f1291e230382a
SHA256 5280ad63c15761b1702b731204966c2619bdc5beb406fae7490ff97426ed3e59
SHA512 5574aff13437e46a60f4ee8047725286609b4f4e0616dd5d7681ae401dd49891e1f969050df6e347ab2ac2e1f79bcfa60390e4f975d4a669325a3ae76872ff76

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrow.jpg

MD5 71e2256ac69fd31c95e3009b88196c0b
SHA1 27a588ee3212cb1b5fc3a2250e85c0688c3d6e39
SHA256 548c961de953342b6b5ba417ff175db9f95bf7969f9ac823a811a4b71a337854
SHA512 a0749f67283f6fd81d754f7e826c8650e95e0c388bbf344757688b2496ae1dc7fc81f49af89372f8f00fa7854ff7912f7c53c2d06051291849a56dcee3812e28

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrowMask.bmp

MD5 10bbdcc0a5db92e4e8e4710cd928263b
SHA1 5d1830bfb0904b3236942071bd73de8dea5fa50a
SHA256 bfcf3a1f6f212196dc30b73526af8d5d61877c65f478038c34dcf43c9dc178c6
SHA512 09618593b2cb4daa654cfc58b243ba08e12f2f34a82af90dd70c5f721def4b16385c6cd24c9f8f66505a919079bb08ac4bed90daa5418c39a5e1b6dcce759367

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\attention.gif

MD5 0b37ecea276fd791907cbcbd12d37584
SHA1 a93d97ea2e7bb778860426a0439327350e1e041d
SHA256 a459150f335f226e89e9a4160d312e5393c43640c9e51af9b31dd92f55ffaf3e
SHA512 db3a6ec6e421507cee5b4102047e1749809d88b15aa3ce46228c84c2799ed79d61ce6bc3974240b177f6e74fbc61034ded40a8e1103c7dd50c315a8b14caf8c0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 fcbc44daf050e044709b69d8e797d598
SHA1 f8f660848d8c2ae0201199778371ee40654952b7
SHA256 c7abf1a98338cc465f3a14756072cb248d74bbd5074f33b9ed86cd338e7b3bc7
SHA512 e7b6055a9ef849767fb4f2ec070e0e9ab875ba01b2aadd458777826aa6817cdd5b7f76ac64683418bba3696e95d2062454b7d747c9b914d3e690808106adf7df

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageBlank.gif

MD5 ca37f95013093eddeb51097fdce43b6f
SHA1 7aa62dace8179052dcb8f9d13c332e900a4ba153
SHA256 3da9494f1b041c5e608797eeb218cc21f22b09b61a34c18e4679d4f0d219e76a
SHA512 a4e2c6cf02ed0738ee032b375c5f4e16b0e521121099281f65cc1549e02c1db662ee71c59be4c9ff629c9b435c95c576f4e4198f429db2bcb70c94660d843a48

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif.encrypted

MD5 a9d0bbbf363ce289b99b436cc2817dba
SHA1 32ea29b00c82584e23709b01f283456ad7e2e75e
SHA256 0afbf68393acb8fcc26f6db1c3da86247d53a3514594c259a29a0b243f1cf3e3
SHA512 5c88109abccc10711b1e18ffca009d16d2d3d78ec69e6f1024be035d5192c0b26614202166d76d7198f0eaf885aa88d123f430bccb1a39d549eb2a7ab201c703

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 33ee5548745548e6273184ee9b54a442
SHA1 65ec8b8306721e835d720b9bad08aa5e85116916
SHA256 e9c32dd893964220977678ec89bc259b0e577b0f5d0c7274551dc44ff1960df4
SHA512 66ab886ae89e42ea9169ce7ab7046537a13e283265400e66b66c343dfa4f0bc218b5349e896049b823c0ee94d9b4cdcfa2db22736ceb9ab6333ecda70a856289

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 8bb4e53175de754ac6fe1d472c73f528
SHA1 386048576972bd6fad16f996cbf04be2e11905e4
SHA256 7e27c38db1712da998cd38dc3ce46b0a1aaa1a38574d6de814e494398b84d162
SHA512 881300ce64792e1054dd0c9a2b4293ca923bbc827eff5178dcb194c57e65701cfe7331dbbfcf7a80af52547055caddd77b75270854a9e8af534faa8d8c51420e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif.encrypted

MD5 cb08ae2e991b7c9a4c6be70912579f89
SHA1 cb8e9ee3731843c60a2ce102b7c7c7764cb4b9d2
SHA256 ea3e1a3fc522f93dc5aea372d96fffacfcf8e3bb16baed6b433e0dfc4e4399e1
SHA512 a160c4d85446c163ec1d9111cac3732a40326d9cc10f0f92fb7eeb24ffd8779378e422822b57df9da77357e879b9a68d98fd6cb14722d22720b021a50ff42fae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\HEADER.GIF.encrypted

MD5 c939a7c2c03dd633b241873a1aae8f76
SHA1 c1d4424b350ada34a258a4a9d4b4984cc0bb56d4
SHA256 9a86a2db8cb0fde62b48bb5d1ebe0ca98bcbb424b657b2ad15617da75f0b4681
SHA512 d79d13cb87adb4a91042187e3793afc51954a7dd8e5ffbc729458a2520dc3be4ed2cbe363c5a99107f3baacce1b9b969f2f297d1bb4af5ffff24f3c1296dc5ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\background.gif.encrypted

MD5 cd62b9d9486ce30556c5ebead9ebaadf
SHA1 4d610b63968a0813e3c2df930d605d1396422dd4
SHA256 45b3716ba210cf6ce585e39ec94bdbff6f96709991df4b60c58451db7e240036
SHA512 4d43bf99ec25b2ef7b7cb8222c7079a8b41ead045715cba2a31048f48259efc982830b1f39e766c8aa87ba145ce51f0b4dc96c81e26e4d594647fccfc5cca4f8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\HEADER.GIF

MD5 e7fd9dbf9ea4ca5248b1698b6e2ec7bd
SHA1 91ac3e5d1a8bca457fd81574c242d3b5f2fb268f
SHA256 1a4ac7076b3639a53f544ce524da2c61a7217cdcf86ea102dc028bcc3ce8a50a
SHA512 a769912a398ea4f858979b43bb5f57728b94f6ac35befdb317ee0b30689113522f4b50b15759dc3a885bc6ef197e1a30d5a6077123923a3ead482173470d6318

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\HEADER.GIF

MD5 334954f39a113ac3bc9da0a7fdcb8f85
SHA1 a2b83d7a2ea0041428558525d97c394aeaf77be6
SHA256 af212749c60b817ccf3c8ebb2184387dee727bc4405622fe555bcef17040e252
SHA512 17be961c9bebdacb1c98a11de61e4a26db3c1f07150bc1c7028fe9b1832342cd31f7794af559888bed6014242438d4a7911f920eac64af419fd7badbd97c31d8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 dd55d57fd956776eed9ab1eeefefcb7d
SHA1 82a7b6bb379b976309680e104c202e8fb3c2dae3
SHA256 7f3d4afad8ead9fdf3038f4e178634681d66bcafdd0a44890e94dc62fbe580e8
SHA512 285df8b028535a226783f316d42d958fdbae4ef1017fb54ecc6ed27446113d4a13a451d16661b8caef1687999b071f0d277214ff344e7076cf9c04986c32512b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\HEADER.GIF.encrypted

MD5 543910519de8947a4549a88d0a852a5a
SHA1 4afa3abfd2b9205f0ab1712f1410462aeff81bb8
SHA256 47d28edc46667e2e2b6b328ad71084fb34f71668edf0ff3d7ef297c533b262e1
SHA512 32e0d573f5d00e7189c97e4ea0f9f78f531661203d29e84525e7ab4654098a583bbc516da8a9a8cca8699fc808d5035e4caf27ab3578f8f86d3509c5fbff237d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\TAB_ON.GIF.encrypted

MD5 edbaab27229078accc0ca71f335a522b
SHA1 ee9572823e49485b1f530936745ce67a1d07ecff
SHA256 534979cb51c52fa7ce8a14ebd9605fc2257aad60e5ab52e2cec7df1181e0225d
SHA512 ef2a6a4205898b43c5b4ab72b7d6e139a62f4731fa65462aa46e1f3c2f5ee5e1b9150bc31460cba2730c5e2be62b7579dd6f609e921b79f1bf1a813a92793e27

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\TAB_OFF.GIF

MD5 fd1902540cd7c1296d35853a5593f465
SHA1 27d8b67512327edf842423a74cbd37740ad0c96d
SHA256 83c74ac55b00fe3e7ae94f0d0cbb86bebde9d9136714ba40c3bc5188d9e36e26
SHA512 83ce4dc96cec043f94df92cf8ca49a64fd28edce3f90993ad93dfebf6d3242be464716df2c9731b181cce2cff827a85171a119085d5e5f99b245ea32889a5ffe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\TAB_ON.GIF

MD5 22359828e3d2730fd6b515e63fe2a634
SHA1 fa29a5575b548ed852aaaeb7da19fc03d3f7f76e
SHA256 63392b1d92b401948bae95e2d7cbcf7866affed51673557e5e64e82e9851d65a
SHA512 b2c2a91070c82b1db3eae84fa242db4668e49bd8d72b5e7c35cc9b179205b6d45c5be3969ff69a4e356f1813751e381b6e566051199109bac54f49524b37125c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\background.gif

MD5 4a79df1e3f42f0ed6c3e07c239413a24
SHA1 e13d4da2ffb0adffbda5c52c57aa7ef8dfb26dbf
SHA256 26ab0ce0e7bf67f928f10339f7a23387de1df27219be28616bdd3997c189495d
SHA512 49d2a020e99467002d46be674116ac676aa03a43df6916e8c5113c167843b80443a1b94ca64bb6de01871f11a58538b4899e453d024240321e1ecfde3141e190

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\BUTTON.GIF

MD5 1ea23417aa3b468a5f8448a9544e1422
SHA1 894fed570e5375acc8ccb440fe9f3d184785311b
SHA256 b9f38d2ef56d8742f6db8c4603dd0eb9b710138af393d77ac53571814fc7a694
SHA512 b0d797011d45a1e8593690d878b9b7da47b559037424f643a36bb1bdd7209d6bd145218eb9cf0dad44bd21dcac6063e49265148df9cafa141cc8a9784e50d720

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\header.gif.encrypted

MD5 7214b7b83b1c07e4f87f67f382ef0c84
SHA1 1b96eab98b4c2aea32cf3b9ab05840211fde266b
SHA256 b513a0cdaebf0596107fcaef3497abcd7de30e9b59f9421372cfaa6cff808ec6
SHA512 5906903504585323f98ea2a41d4972e0665a93acc295b4eaf6b2a7e84cbeffeaba05f1ec06c5c052d17d99e604ffce67b038ec1e27031ac2ab3bc53920d8ff80

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\background.gif.encrypted

MD5 b250e33f54cbb77325eaae3509804239
SHA1 ec9ecab36b987b253d1026a9fa336f0e10fa1ac3
SHA256 a37d97ac51d0a021eed2d73b80140feaf593d716cd58157a4e664dfaffe0703b
SHA512 8aa599a8be77a8367b2fc7a9f67afe13d2998739924e04e38aabd02d3d1dd819affe9546b81f6ad6361d9ff56fd7ce37fe5784273e0209e5762d052c5c1e7f5c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\RTF_BOLD.GIF.encrypted

MD5 59c62cab03f3ce74356c8c91cac709a6
SHA1 e825e37d6ff1c1c965bfae7f0fcc0360d353e49c
SHA256 8f2ab280ecb72ee0f9bc850f8f35b066895f38c81dce79fe704b66643bbe4bc0
SHA512 a3b8e2c77f59d5db6120cfe2f3c70de8dc96356a365c094898219a4124dca546a5d58602fde9c10910d67f5a718aa321da74a12d21aee8c5a96ecffddce5f86e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_choosefont.gif.encrypted

MD5 43fc062d98fd778db00eddfcbb32ad23
SHA1 5d319738753813f3d8a8db02e5ab2adee7d985a1
SHA256 163f9ca06813c09d2b3e3b5edea5507e1d23e8d589185a22e910b943432fd9d0
SHA512 bcdccd11044676b6729dfa516371a20966cba9abc000a587e2f4f15915977229262c22d687dccdfd08396f653a92cd5bf30d68f5fd76bf7287672a8a248aacd3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_italic.gif

MD5 0f6875b464a041b1dde09e48b8b39f18
SHA1 952ed32f229a72f13782a319596ed6861b53360a
SHA256 c63e6e3c663c13a5a8ca0ef427d5db0aa8188cc091afd9df169c975b1624d150
SHA512 fd4ba81e16e61e410399cb2caf477e2d1158c786e91593b8b6b8bb0bb84d07eb4b38a8012205d0cec757cb979445bd82f22581c75b363c6c1badec71765ef4c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_underline.gif

MD5 c1d7f1e38d91e5dd42275012cf27f41d
SHA1 490ba915a31cc8eade341db0432ae676f8cb8018
SHA256 9d3745e5709bbd3bf7ac85c378d61fc1e07a90872533aa62edbdd6855e38c4c8
SHA512 c1e2fb9d9e6738f284a8f7e6f914909d48a456fc80047d0bf251aaa7d82407240461e71932d1b9481b35f30802e1bae4ad087c1e0722ca9551721ebaed3264cd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\VIEW.ICO.encrypted

MD5 9fab8cb990ac5bbd545c49d535d4e762
SHA1 088ba236c6876b513a13dd237a07394fc50a4045
SHA256 0b429d466e76b89ebb02a157f0cde6ae31f293e4038b8c44c75b170704c98ee1
SHA512 a5a536302f6fa693e2e475a1ba515dc326bb46ae21aff7ba20a84ac46741202703716c6be8ce21cfd322f30e2845c2dda42f3640ca614cbb0b54e7ed2e0a680f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ViewHeaderPreview.jpg.encrypted

MD5 fe4a9c1f8aa1bc846b1a7476a731c263
SHA1 14d286624eaed3c082bd39e0866d5aeed5a76cb2
SHA256 76fb0a4afada1fa000cdfc15ac012235a1607005fa1752607be3eda6a0d0fb90
SHA512 59b7726bab640c47019541f895933bf3688e598bda905b6098ba36a27137e3b2a1c9b51bc630d9a47295d8f09623af716f5fb4992d81bfd80845e053964a8196

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ADD.GIF

MD5 60046ad21c2712aff6b17afef8296336
SHA1 e03c78ab5aad94de09b68762aa9b3ac1c565aea8
SHA256 8f2e26bfb66fc2b3a558ce16f6b4df4d3c49a46fa5d3e97c3068fb137395f0ae
SHA512 de8d9cf316ffc97f5f479d385b8c35dafbee409bd0c9e6c71924394b262266bf4f51ca4a8d0f02ef0a7510c0449b9d0da001f515bcf470f34ef196144ca6be8f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePage.gif.encrypted

MD5 9ff86684434d5505bef639d58a23e1b2
SHA1 97eefff6fb44dea1e3ebcf136abb56862b0dae60
SHA256 7855c130b0905dcff62fd46dae6bdc95e26c8a7990dbcfcb65bdbd7a68cc485d
SHA512 22cfd772f254261f1c0eb0054b6ea3194475b272c154824cc1273c29de669c776db5daef7338a3cc0bf371efc95a817393b0c941d10bdf68d5402692ceb26584

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageSlice.gif

MD5 4d60c0aedcced949df47ea1eea804da0
SHA1 44e09d315d2f49d86d987fe2b3bf5dc5abb399bd
SHA256 f9cf3d1beaddca6338d9135d78b0a636745f7593987e539a360a962ea1b6bc0d
SHA512 6a9c58e6a7eb015e319c83ae90deaeded5cceef3790562922c8f7aea6322dcdff6eb5c471017c9a7f4b30599a32f11061b5d81ab5fe799ee014e1ff4ff3e5ac3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FORM.ICO

MD5 4697a945ce64e8ec83d4c27aa59f2510
SHA1 14c96859e76e0bf13c3cb192f92cced8a32cb3b9
SHA256 5d86055b54433a7f302dde9dc9920f247a5871e096a1df1a08f8d9ad6d439a86
SHA512 795dd3252b39b945daf1a3bb0c2452dcb09da272746ace50d91db9f17e10f2156b1a0b9f02406ff4cd203d070662942594d1f017c3d1b9d199f93f3b14567a2b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\CALENDAR.GIF.encrypted

MD5 a09c7a50449f6b37fe681ebccd7ff675
SHA1 3436a6521b61bfc5e54d5ec75681509fa0e0dbde
SHA256 e310be4ffd93ab13eeecea1b2fed82800cae80fff143a146e3162a47cd0e7174
SHA512 c30da6217fe7a0365e031821fcd40080d146c921bc51fbe64264fdcbf6785b72851275efb73b5a0316ffca77a6df4f5555bfd3f48eb24127b3256d235825cebe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right_over.gif.encrypted

MD5 f9d56b9961e9377668b54829ad6c4133
SHA1 5f0e29c52f3a50bf6bb60dce7ca5a9509a0a0981
SHA256 e4dba55969e1f1c9fafd89a81e5254e97dd9d1a179f725d57a7c45752e0c6692
SHA512 7089c1957a33ccab0f56cfa748b512ca1f27975b598b0790bffac5a7afb5741910bac277ad50a8570d3a42f268c1eb06dba0016cd942961e25aed11850b7950c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right.gif.encrypted

MD5 d583b23989d712ec7e406d98f9d78abf
SHA1 27ab9984d154007cf15f9ac9ef2020ace86c8a75
SHA256 e679bd7ff626f0598fcee81ed2e0dadceb0bfdb8b4d986829fa4735671a2a22a
SHA512 0ee0b474dad8905d5defceb8b8905b003e24d60d56f02079dc4c744136599afbb5919b25c5d2df9e9859c5087409f2e11ad20a7644de57ba5d969002f59b86fd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_left.gif

MD5 553527fbceed2f5b55b54289922bdede
SHA1 3fd94be8964fbb54959b9bf13b7a9141c597d7dd
SHA256 a2f88baf1f4d306b2d3afce0dd952742dd2b34a62037e942fc52f4594747e3f7
SHA512 4def3db64ab4770544d5cc714f49000e6aef752363391457bda61aa24bba844e845559a360d01936b14aca9cbaef8bf1f6dd3e8cb26692444018615178ea79ee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 452c0bbc28604c004abaa5d99969f358
SHA1 1afba9723e1466e42a791e3c483f878ff141146a
SHA256 c2a652992dc65dfc6535d7235759ab079947f4ae2f64378aad42ed0d92bb635d
SHA512 456fafa44433b7d995741e2d65d7a1865d27c2bdcc3d35a8badcaa7ae9c1795f5f24bd79f24f822d2157cf456383a05c94454789d6a4b89673207de2beb0affe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 bf437324c4588d1cbb711fbf8ee87daf
SHA1 c688a936f7dac961f2c1b5a1e90921abd94a98e3
SHA256 2d39c1120c57a1820b3f2f6def1fceb82a10839acdfc6ba86935aa044f25f197
SHA512 c8ea0e39a7a1e474d8bd007c04ad5846f92c5d54e6b2a783d67cbea62a99cabc9ba2abae7b5522fbf634908cc588da1d93dcf52ad7ac5946a083ff4b98eaf44e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 d6205eee11618bb6644dd6e422f14fb3
SHA1 f351212c0eed1b230d0065206c9e70dff2e580eb
SHA256 ed67e6efb29abf489f3671838982d50a8f7522de1631258bbb10c122c234e5d4
SHA512 26e6748d31b0baf4c5d745922594e91a58286eee6744f9b6a3762c0828e5c2e7ba9b6a7fa0e2d86231f29cfcd6275269bf76575c0df80c1c119210a19231b3b9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

MD5 fdd70af7d01d9f08b029000cfad78423
SHA1 9a2143a46dfca4b7adebce90ae76696116b261b7
SHA256 57b7650b00be4549d8e9c589eecbe58473d43fd0d526fd6b6bff6e6d6ab8778d
SHA512 ffa14f52efab074293960424ec2caff3ba9c4bf877a9d8f0ed2fa9ffeb60399f16aa978d8fcac7dceffe21c27ce7028419a66d646f2ed1cbd1e4532256bc2130

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

MD5 7288390d572d7b44dc7611cd9a950b31
SHA1 6afa029c68e3c758541ddd55dcf9e20e24a9ffab
SHA256 f53904cf981880c2cece49681624b60fe68021d13408e56582f0ff8060f5a4fb
SHA512 599f9f91bf2fc51ceb7261ff81f52e2984c4f161c1ee1f80fec042e603829f96dd6b6073caad4f0764688d9c5e49fa7b9f8aaab05fd29d6c5b181754e6711e34

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 61bd9da93ba4f5de4c6f27016632dea3
SHA1 d75407330f39062303ccb25b8827a628e4a486c1
SHA256 8ee2208422a5ce7e7ab92eefb608d46b32ac3cf6347d4be47f4db048b168171d
SHA512 a09c26bf316a73ce698a700054f0739cbfb8276171f0da3d7ce056083427a236de177a762602c47c96b4c55163c0fac65bf902d31c4533df77cc6ae326916298

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\LAUNCH.GIF.encrypted

MD5 53c97eef184ba39e648c38a9a1ae1c37
SHA1 823f403366bdd08b75ce002d599c3de0bfb5f6f7
SHA256 99baeb60241922dbbc95ad5ad6aff8ad44bb667d5106c90c996061e3bb0d3ac9
SHA512 5391b527a0b7fc053bf696245fbcf4a8e88237c8baea70778b0ad1d63ec724fae99e0fbfb8b1b7490662dee40e3b1d5e1d2e97e056f86062b8ac5999ab58188d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_alignleft.gif

MD5 6bffe84c549f7bb20dc7854d18cb7baf
SHA1 a7ae332474b271f0d6239f56529b45d484f8af63
SHA256 828bb7481bbfaf90639b7c7868c28f2fa944d5e3d453257344f1691df12a3315
SHA512 f72f40c50edfef2cd691548247dec7227f455676208d9bd0919dafa22de3c00404c49517d0b0019d7e6276e3b2d7e12974bbf9a4ea84cbf8f152d964bfe9af1e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_bullets.gif.encrypted

MD5 578ef07730823f81246a6770506e5f51
SHA1 6f1a714052e3d369cc151b81bed6dbdb65fb73ba
SHA256 522352a1ac2012399238f06c5be311373d459dce4a8a9a94472a627ff29f539c
SHA512 1fbca50561ae4fda719aa37dfdf33410c40ca3157d2722c7e6be20e4c5fdcbfeef9ba0b8b0dd99fb6de64b414082b2a392394e948e3fe5c20eab698ced2dd163

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_center.gif

MD5 b87321297bd820bf22aed114f3fee747
SHA1 d5e13609b2ce0cd33f94511fe0d16eb6e8393c6d
SHA256 e76e16a816ab5cecd6697e7e34e28d92e0b16085fa12bd4341edfaf9c2dd6a89
SHA512 86e09bcde28087d297c3581c1a957d4d483a90f8c7bfdbdca680401ef7cf002e0d3d304f133eaaacf74a6a7e0e1bd7fc9943a02d2f770e0344f6101a03425f75

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_spellcheck.gif.encrypted

MD5 2c29f4232a6fa5db3b048cc1834717db
SHA1 33e139955c3e74538472c2b85ca7bd803b99a56d
SHA256 52225563fafa523b801408ea1e9498e9fc74991e139fb18b73f23ff4a8e5b558
SHA512 0be02d50223b69a945718e39031948cdf1cd0337321d963abeb7a701eefab19969f946be47d711c0fc2261354bd303feddf53b5361231df1ecc06ce41bf68408

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 db8494fec58991ca0f5af56deba0f2ed
SHA1 c9c0fbd36880966214d26d4f7a732d5d7737d545
SHA256 11e5b13b78aadfe4770be98c69310eaf31f444bd9d9b01da9b2485edd36b7dad
SHA512 a0d2941ed6a4f907d3f6fe7712e601cad58cfacd549fdaa51a0cca6eba32ffe8e25e0e294050ac5662ff13fcd586a1764bd7d5b9e6d39275802305d3dd987986

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 df7436cb4e38845df57b26b6c48e9d2d
SHA1 6521da745e3aec9ffd9d291e0d361cdb14a3f336
SHA256 7c0f95e9cff9847cd790f08b198b1afb0f0a78af29c567f03d2953b01146b0ed
SHA512 719682bcedac2b1f05d4343fb01979100f3770aa4b4a649cdf470222fa574a733cc79a5b4d2057b824a7978fd2008e9df2d41e0ab64604c4ce753937041eb4fb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FORM.JS.encrypted

MD5 45e54e8eaca9bfa139c349b5da85b371
SHA1 7cca4d5f03b607e087cf49366de00437de082a26
SHA256 786c88b0c0d09762f2bc789b9d60fb657c62748817b1a22d9e72e77ae682e886
SHA512 c1344c7616c53114711708d014bf2c3216bbbc0cfd13f916d66b016c2ebe9b91c6401280cce717b818c9a04da22493ce060be7531c49f120516144a05d13a8ce

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsColorChart.html.encrypted

MD5 e18d0d91421e6211b75fd11a5c272db1
SHA1 8a125bbbf862638c3d15d2af2f126a6d95c3f0a6
SHA256 7d7e02a9a89326824d5232147baf9a68cd2433baebfbd763c778109b273aaf46
SHA512 7538a94e3f9de379cac37dfb6edfb1378c04312f89b488b8ffba47f5286c978f57bb0d113c1c317ad718898e1e1c0159a94eaa4f1baf6ba3e3981cf97ab90093

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsMacroTemplate.html.encrypted

MD5 7c429937cfa68fb2baf6a523617f1e50
SHA1 890e7bcd7d2d656e0a5ab5659bfc54c87075495d
SHA256 28c80bbf7f028641c49b46557a847ddce975b65d278b1abe613049f20431a49f
SHA512 4dd86545830e94434f44c959d0b7adc4318eeb8a6e64371dc9475fed1b6c9b1bedfb130cd3b009e2c910c6b83164c26978c7a71199251741713c7082743279f6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 c6bb1bbe5c3c67b9a53f1c7b60981660
SHA1 4aea54e5558d87f79dc521c88059b948ccde7a65
SHA256 354f3639e330a5ce26d9eb487444f3f2964d44b5578186b4553a4bb308ff86e9
SHA512 96f2a88a3eb0225901e8528aeb5c4c59601f58bb4e8ee699788f76ff3b26bd171f12c1dea4cde043f3b531d6b319b3bf5137119358a1b678ba127a4363a82571

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\PublicFunctions.js

MD5 e0691ca295f560a2d170f7be353d64ad
SHA1 4926447c78a34e08c50c41aa3897c6e4bd528489
SHA256 2d2a586d60605d33042f39e6eb06eb9046394912eb60dcce4bfc2597ade1f0d6
SHA512 e9e4d4dd4d70411dc86c62c81f18d603a2447b3db805f7fcea8b186ccf833106f37fc6453ff17b2813c585cc3b25b18629915dab4a5719d7ae2a1a1fa5267b8a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 01f50f702d397350fcf9747854893653
SHA1 9e7152b2c8ae84795c24a15964306563a0823a12
SHA256 22352251526708830e1ab87b4fe317441238269ad72c5dfb0b17e56cc559612c
SHA512 5d8867a8ad889ca782e458fa1e6afab91d7e97a2e1bf43d34c43c2bc33522f2a3a042c2ece0cdcd900eb69b60e97e66ed8ed19d867b60b358532f1b936d36549

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 9fa71a7426e9d4660b83c89605a5e628
SHA1 26f5bb015e8805e82fa950292300af73a5866a53
SHA256 e86c049f2dec21b2750dc13c4879c872417805001426ba7472037afb26ba998d
SHA512 b065112cae2fb83dc08bd1e962ec9700be5208cb25e60bc0c4b8b14e411645ac2d4eb3118d1ec44ccee27e5a0c0094356e556ecb43294b1a6431d64bc07d8648

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_hyperlink.gif.encrypted

MD5 c8f5a80cbc5d955836972495dd281e53
SHA1 5b1bce11bc75b2f8af7ed2fcca54cda17d5de179
SHA256 4cf47fa585b965e53b586520aaab31aee156f0abf12afa6d5f5fe295960acbb7
SHA512 fdacdb42a4c433a73b7703090e397552a37b45934d415afd9398a20a69940244df025fcecdbe2d861d414bd77daa07de6b8f9918f909ff819af54b6cc14f31bd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 0eaa3c9ee03a3630584580d18b1e1bd8
SHA1 55c09984f3475cc3e7afb7901a26a972d0acfd17
SHA256 b4d529d651f39f2a666e89ff913abae3394cde0b915d8fa377fa9966cfc87056
SHA512 3fd2c7222044258605d10ff7da646727826a9d29bfbae8cb0ac8dedafa03f237a941ea581bdd1dd12853e2a97b7d1700d7c7bcb54167f53057c6d48718c2e18b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 331a0c43842edda909295a45f574e572
SHA1 2a4f95f9259ab17785cc6a6cb283e5a158758b7c
SHA256 7f94e62c9d934fb06699f7b41620c0fd3c09c45f90f4dbec171b273397330146
SHA512 967ae3699af0e70ef0fc9b99dec3697be3ea21b26c2057eca9b679fdcfd9c04e0d9acefd91fd70f784f5fee450ccc28e83d7879bdb8d4ca54c71c5b835734aa8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 482d55ca6451b85af1a8d990526d493c
SHA1 59ea7a8b160c82902648af8cc72964454fdb17ce
SHA256 265bd45d9cc470a1dd40ded85346eca34dff1dd6d802ad3a56251798285ee9ea
SHA512 e1fa7be9c6fe3ad6d2350c706c40be90a6b72fc2c73c6348a4bcf0b6af7399420d4335bd7f7c6cc683cb748c83c29d20bf6c8cdc3d49c39e9efb0d9128efdc73

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\SAVE.GIF.encrypted

MD5 44925d68c58fc58aaafa1a88ab70db31
SHA1 c59e355bed5b2ed8ee28cdd8b4290404c0156675
SHA256 27f10e82a32b0da27d85082f179779978366cbe9c5013bdd38dfe9d95d6c3fc9
SHA512 4afd5fb671ed5fe65fe2d4524727fb5b7fe38bfd5f084dbfb42f49be8d3f2938bbc280ceac37d678888f2ce664e160bcb37f62528e83a8056ed4cf01b635b9bb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\SUBMIT.JS.encrypted

MD5 9a35b8470c02c9d347c08d4baa718791
SHA1 f91174a684e617d2e17b0cc35ee74cc0204795f4
SHA256 d3e6ce63480af0efdc1507ee72230470c6e2c543cbd8e04461d7853a079e4fa8
SHA512 02e059b16e91c7a8d8c51257b3a08a9b0b9a81751d743e4ce7bcfd1c4edbd52f46fa0d6b4af98a99b7780cd60e79c851c84e91bff9037bbeaf2c6bcf07412a96

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\utilityfunctions.js

MD5 50304e20660f220a40497581e6e9d753
SHA1 03d4b449215d09cb29d92850f4b2fe3a048be0d4
SHA256 eb7888267bfd4b9942ced3a4f9eb989081b1739b4ec38d40b2468464f888e375
SHA512 7e8d440867f819e955217508d649bdc2111b1e2164eace0838c298b1dd7a5e28a9ed618204d9f695bfbe81f83e44b5412738d45f7f6be4b8921f7fd6f2037239

C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\Microsoft.Office.InfoPath.xml

MD5 251c727790976dad307ea42a6837f286
SHA1 a4acaaeecdef0e2f643ed861e621fdc3bb118e71
SHA256 7fc1c4dd55930ea9de3130b198d2c9fffd8e8da65db943b681133e981ad52e40
SHA512 33ab679ce19530d5acdc3fe91bb85eaca100eb360a52044ba65fe4319b070a32da62db8b285e9040fb26edc5493a6fb6526ed0b80e41e05130dffa8e436c3277

C:\Program Files (x86)\Microsoft Office\Office14\MEDCAT.DLL.encrypted

MD5 b884f403194e297f1ead15177d38041a
SHA1 0c06fa87023a0aabe0b6423c5589e945b8e55b47
SHA256 e007d3afc1e7c4b1ca2485079f21447bcea7d4a79151cebf42bdf146c37ee9e8
SHA512 c7333af4136619652cb20490ffae670d07fa1c08135fa6a2bb2c1ff799c2ce904035f7ffb4e24fda18dd3d5a8873423e6de1c352a227304c4c88d0209501ec85

C:\Program Files (x86)\Microsoft Office\Office14\OIMG.DLL

MD5 b5170794d7e68be3331ea3f664c37487
SHA1 9b77cfe7976faf21546f677a38cf21fd69580e06
SHA256 e1737040b4c944cca22689550208fc810c99cb0b10a1e20603107c3b4ca8532e
SHA512 23d4c2f979b9e65944afbd4517584a3ecca6d15c7f378dc826c2fc1acebae93e4c851fa7e1cd5b1f1c6b5a41467947ba9640d341b6cafe46a2d351d8f750ebfb

C:\Program Files (x86)\Microsoft Office\Office14\OLKIRMV.XML.encrypted

MD5 9c4cfe31683cef5d3d4e840bc96a20aa
SHA1 0940cb2b5dd328a5c7779b05cca70de947fe11ef
SHA256 e594e205029a931fee1321e6abb540512854741eb7ca0c00991cd3e5a960a310
SHA512 dc7ee70b70496cf2a36031c6a480cabc4434869c271a9de3fa245cad7a04c372ca56e7ca90cd9e65a92060a3e60337fe037fcb42515cb0751b5ac2b58db167e3

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML

MD5 4a60f0a8634c807ceccc33ac842aaeb2
SHA1 8bcd5465added92da6318dff6d1cd215320557f4
SHA256 8d2c097800541555f855b6546d744104be22121d46a24fa4553abc1ba375141f
SHA512 4e1cde9cd909237ab65fb826b9813f44e702e7e9cfe9a9e3919605df9dc1f28d9dda3c7e88de1305a82dfde1aa58069a303a30ac5f783c8fc6fb763889c2561e

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.AU.XML

MD5 4d332b2af8e4d9567238407d69f3a7a0
SHA1 c5fd5b623d62b718a8cb54e740415db7758cb11e
SHA256 9a293c80fa674625672f0f33db7a8610f0c797424ecaadd51a4b0e463b6b7970
SHA512 8616e4f69f06a3880798401379b7f7a1bc8c68828cddc306afc393fcba9abca3514cd19cc5365177d7b2ae7f6753ad3e2852338425abb05f1759c1693157a587

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.MX.XML

MD5 7a1373f3e43fc8234f4025d24f62b3ec
SHA1 c680b9855689a8f6612a6426788b82ca6f6c63c5
SHA256 572b57c4f9430239d24c2a5728dd7a63389089bcd16d7204d8f1c3ae3d9927aa
SHA512 6eb634dd881894954f108fdc184120ae915e1bb726abc3bc049a4adacd39dc1c9703c8ca078c4d91521eba5910dcbef00d2dc958587ceeab8022fca53a252192

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.IE.XML

MD5 3d014408bba2cf3b584f291c54c0df1e
SHA1 8e6b25eeeee3078b9e19c3ac0aa7f6c109cc7c1b
SHA256 3d2103ab273e88aea1763227aa3db6eb5aa5d3f0c1d21ea9f432f090f08e508a
SHA512 b2bed54658e5308c6944223e7ffc1f11ad8093a2c69bb68245b39c10c24d4553c78b8a77c2d2d1c4b09f1edb62d9a8bca95772d68f1ee7efcb97dec44c7c7339

C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSSP7ES.DLL.encrypted

MD5 f1eeeeab72cebe104ee79f92376b0503
SHA1 852927f3d5974e684cfd7d2d12c8a46d59fdccb8
SHA256 c2ba5283c15f08ecb7e56857420d4a5640fbc96a7996680f7f90b1e1baa3ec74
SHA512 307f6ecb57c3fa08fb827d597a67311a194b692b840c760c5d660720971af4eac0c9d6f605c87499215aadeda67a4e3c441a6f4e336a7367788f52878194c291

C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSSP7FR.dub

MD5 5ebd533d193be652d5286194cd1d87f3
SHA1 451883d25fcb012cdff6ab7ecab475d32e35ef88
SHA256 d2a83f77adeff3da0d8b9e34464c155d5256328396ea96eb45c645aff7d3ceee
SHA512 f62856c2e234f9714495f6c5b99d95cb40ebd1462cfcd9b5ddd17a7055e6abff99e2f754285584037a24534c114b821d60c30f425ec51a775a0a043a54e86f45

C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSTH7FR.LEX

MD5 f67c74908e0c118c0553c9c29792266f
SHA1 32f2ea59c0890f08be8905199f50ced4209569b2
SHA256 0d8266b97a1ccb3fec3c1554ebab0aa5cf2c0224d7ddfe07658fb2a700a884ca
SHA512 73bb00cc85cc4b5ad9b5235dbe0f5d15618f7b62dfcc1bc5c83f35982edc8e1cba7c07d84a8ff1820433dd5c008034c608357a78901d3b11c97c3399a8efa3b7

C:\Program Files (x86)\Microsoft Office\Office14\STSCOPY.DLL.encrypted

MD5 d1ec42f65ff0f7304262dfc7bd0fea9c
SHA1 72007c92627d07f2a8364345c6bb55fe984bb3f5
SHA256 21da62746dc37fb6970ba8280cca30ab0159a34631ea964b5fdc15dc100ed518
SHA512 c07d2030b7ce8ea1613b94503272178159fae59df5360ef454d2a56b971a2135407ae3bde4da696d12acc9044ba18e03e8b096638ab0f6be6b39c81de44dee10

C:\Program Files (x86)\Microsoft Office\Office14\THOCR.PSP.encrypted

MD5 2810100d1a1781176461e1511b0a265b
SHA1 b2da599d50388609e78c20b87d83d9bd0425702e
SHA256 a02cd357e7477a13fc5f9803f185034b331fe717c1eff7f8679c581574a37b39
SHA512 ffafca63e7584135edc0aad5e8165531cdc9cefa25fe39bdb601264d4454ad4f9e89762daa74044c8e1166a0730bcf970b29d2d975c1060f3564cc52eeda16f8

C:\Program Files (x86)\Microsoft Office\Office14\WORDIRMV.XML.encrypted

MD5 5205462bec75c20c58a55054b1080719
SHA1 75cc2be8a0ab3d09c1f60b2a7fd89917723bfe91
SHA256 84248110644fdb39e975283a566ae81f21c0994768c48132ac9b1d67c6995708
SHA512 a16b8fb29d78910acb6e76a6331fa9271b4ce0d3b1c646571196fa08d0177a541785c82b6d15a6a2400a8ad2f9a38a3c2aa26eb6477f9d48ac06ac16837e5e54

C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Part\Contacts.accdt.encrypted

MD5 22cdcae13c608357fe28c2fb13b71553
SHA1 e4ed45bced847a4d1ef0f1fbdb4e3fba4dbac379
SHA256 2d6a11244d955ce757153e5a1aeedc41e31239bd39aa007a538132bf1c1edc5b
SHA512 d6e1c0439d29294d49a2ef05c5d6365629e832615ab4da7f49d92a397ffd8298d9a5a4c885956bbb80c560152a0a9e76400c57f0a2ff5a4fdc2d3c9807349410

C:\Program Files (x86)\Microsoft Office\Templates\1033\EssentialMergeLetter.dotx.encrypted

MD5 0db47ed723988ba3ac26ddc1f6cd1ba5
SHA1 361e1a736bb24dd25e624960c9ba3bacca483acb
SHA256 1f84b7725009d839253db178867553578099a739bb35fa4a78c27557d1208f85
SHA512 e3d5c932432c9e9fbdef65d1d0a571610cceaaabd3485b044d6c33f8999f6ee74d064eec5332dcfcb23220260c528f8045138da8ecca7bf0848ab43844d1530c

C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.Lck

MD5 0e46c2122f6f4f0331897ed48b1c3096
SHA1 c1999d7703a84345baa040c698c509265d5f08e0
SHA256 9abf57875524cc6e383b6e6d6efeeac9af8dbdf84b276a0d9e83f9a457797933
SHA512 91580f34142b372d3176d76a0feea2e742d6cda9958a61420f2c29b3316891d3629ade12ceefcea58d90eee2721f5f6dabfd00840dd6badf45921836337d0f12

C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll.encrypted

MD5 fa8eb12d626759139a91d8320a5dd41f
SHA1 01b008084d7131985114f1b34aac2b73f00e7416
SHA256 179987ad4688e0f997ff8c38729615d823d3b3c332ec2339840fe4faa6df3ea6
SHA512 c0517a5f2ca83bfc2ea8eb457783fc3f85715478196e3db1e0e7f249020594713b51a1815e58198659ba0a82987c74d98058392ccd479e594cdf076ea437e996

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000

MD5 75b83e60f35b07676f090f1dc4baee54
SHA1 b702b631640de4b86a1aad1971c98a5a8cf59689
SHA256 2d2f625f92d4ea2acc79cc160aea2c91a10905b0a26cc2472057eb989bfcec6e
SHA512 189f7ee32fc1838a573552cb03da6a839296ec5360086bbdb59a9090889452ec157603539f7a360403de2c278c0a015fd6058d11eae4982e390afe1c20fe91c2

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001.encrypted

MD5 7b9147b6bc73ddec33601da93347a057
SHA1 2b4b1ca1b86f4a2ad49bda303b111fc03e67a947
SHA256 0fd1158d7300e36072fe9b62c64f552f4fbcd876c25bef9ddb6aa6ec36531c0f
SHA512 ee1a67298135b81e3119b839d2e842359860847651e190afc429278fb9f7089537406061ca9e30e094f07a29a1d106434908835d555fe4aea64c3c6323571c0e

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002

MD5 df86661eca6df78be8d5c37916886b6d
SHA1 921f890483c368122c2c67d59f4b964f5e5dfe79
SHA256 7bebdd85db4cd7deee2d4bf517d91f6669498ae4c1eb5eb6adebfcd02eb5e5ad
SHA512 a743faf0cd4ad454d08107c42290ffa35f06193a79e5396ca42744261fc8299fb57beef41cac49946ccf3933121f1506bc8d6f5638209f4690f549f808333689

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002.encrypted

MD5 44b0adbe0f3a11ed4d698fa56f912a0b
SHA1 3f7b0c267f9b82fa4de8edbb5f51e98b513cfa52
SHA256 5ebe47b28f2eabcc848477ae235dc38f7a07736780cdb4b79d906eb40e7a7bc3
SHA512 573ceb70391625ba8379c74f871797ae0d3742cd1c68f283a128961194e01b260817ba4b01ac9e63f201eb17210d7df76908bf4efa024da9060ca3b19a5b84c1

C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db.encrypted

MD5 c4aa17d772efdbeba5b942d4787ca83a
SHA1 455e4dd168176b96690f83b5b428f9827ff7ddb3
SHA256 b3c68560b6bbb56a7fc44169c9392e29aeedde57721917c65346c873a2c1493c
SHA512 f0ba282ba941284e89b6a27aea2bb9c895a25f62797661970684be10155f88de72dd4a79ce2c02c0fb4f819088e90edb4d7dd147cfe0f9a9358de3c29165c688

C:\ProgramData\Microsoft\Windows\Caches\{A9E4022C-9477-4B6D-B223-8709BE9C8AB0}.2.ver0x0000000000000002.db

MD5 c74cd6a4a5deff215f8bc4658c240385
SHA1 f54a669de249e10ee6d731ce00ee32f9f3bf8fb8
SHA256 7b604441e53e4b6c60b49805d54f386b134dbabc9af2aff4e2b508f93dedde37
SHA512 c37512267d630b8b2e485b6ac833f8e8c7ba83c98684186496b467d087fe6735ee19c34b73136925a437cc6fa606f2790d2829d4b775cf07cbc1b55f02d39d98

C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma.encrypted

MD5 c3c13076feb36931be9d5bf9f021a493
SHA1 4e02fa698626ca56b8f5d9f02d266ccc8f7af0f2
SHA256 57341e81e32089a22bb8eba3b293acf3105055a95bcd08650078cbfdd7201f82
SHA512 cd5727a6b8a784f341a304f759ce024b4f1d30f17d3bb641eb6681efd19524604be7de6224eb0cff4128b6a5a1a2cebc94e43897d917ac972e41912817ee1290

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

MD5 36cc60bda72cd913ed9bce7de69484bb
SHA1 9b90d75e324a4626f903916bd2503d5af7da6231
SHA256 2fc498f28b0a31812a891f3518c20edf5da6894b4cdef249e9f27ac69cbfe5e8
SHA512 3561952e0c7a2ecbaf7133ecb13454c28c474a1fcd49ab5d18d802f4730bff38ad5e0a35133adf04fda0d00a1f8c08c9f9197412b9676012e2c4a1934263110b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

MD5 d3511a436b360b4f98ee36ae261cf34a
SHA1 5911498e9287e9e7eb4b869fbcf979bd19118083
SHA256 3cb7667891b0c90fa92ebf6d1905eb2b50882046cc59c33ed7e96ebb7bf08174
SHA512 148317cac60c0a84d86efae79e6ffb0edf33d4a9e6c5cf84068f2879ca1d96e4da451bafb0a864be55cc8dd3942ea80699bf24a85a269223cc12bd3866087b60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

MD5 ef9138e3f6a78357b0199eb57ca2e7a2
SHA1 530f98c9084b630018473cff689acb7cc638e148
SHA256 0c0d44a6cb284fbf4a956076b46199849a2f004bdca7a70c36ca688830a28095
SHA512 f472aedc6d0fe721c2a13d89928446a12ab8d3ca188158d3e48fb0141b6e94d3fc61e0957a4d0984583ffc36c719c03720fbb5c6f0cb8efd418ac88afd7b2d26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 b2db488e3c60a9d204d2e6adec8766f4
SHA1 7b5a2c56bb9ff91cb977b4eccf6e526043642d85
SHA256 817756dfc74e129f47f03fa0825387183aea2a24f0cd3af9197a814f2aea3aed
SHA512 543d29534b3be0770d79b196145a36d4f6f0f20e95765a0e0c5b2a5e742b73f6fd3b214b3470e08b0587cfe5e499462058634995a6f24714c64a74944029c949

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

MD5 178b9d0a5725af833c523a2527e3e077
SHA1 a183d546959136221117bc361a36461c443465b9
SHA256 f348a7084617ef33da6ad1c28700457ceb03f8dbd6641f25be373aa48bf2b2d9
SHA512 7cf6daf43366adaf73a3dac7b295bf4fb6ffb2908b34c269df01eddeaa101b831f95004d5f4fa8655a55cfce2e944d7ce10209e1f2e262f6116ad1a0d166b90d

C:\Users\Admin\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms

MD5 ac32db0352e6b9904cce15f7ba633636
SHA1 be038d8ea55c3b15897d46bacd949f17de82614a
SHA256 6e1131614906a1ede9d0d79eff51f3345257e2f57bde52ebcf7aa2b3cb70a01f
SHA512 1e7f9faa10c23bcd3dd6944c19c8c126bb114c351c488b716273e5f0412f58dcf09039ab90a37d49426c3ac2fe1a5d578bea18dc54c5e50175ef1b90525573f6

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V0100001.log.encrypted

MD5 8b04880e5b5f1b1a1279c1287d3513e7
SHA1 e1cca5afb5d965bf56a19ae39bd0cb838089f6c6
SHA256 0376a8afa5fb3ead6e7ddde151cfaa590d653a468d7d67519d052c3c0b14b989
SHA512 af5dbf56cf384eaae92d4885e463e68768f1f75d3c2c5cf1e222701a164d375e1ba323f2fbb3127139bf904cf9253bcc13b515bc314f1a967c59b9094a315e3d

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01res00001.jrs

MD5 e753b89f18abfffbe49db86af5377b66
SHA1 49786809c6af226257ef19ab476103746caee1d2
SHA256 519c91fc6e3848066c52fec683a311666205168c79cc260ceb36bda43d118da0
SHA512 209cd5c0ac44d8bc4657c1c1b2a87ad1b6a0900bc0637bf66344b2120a9acfc45d2137404a50effcaf8aef043e4836cfac38fffb9722cbd1350d0d7ceb8ce4dc

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb00001.log

MD5 df81107f2f16845e9794299cdea7a74d
SHA1 5e2e1d2d72694c61beec71f0d267e72b421c5c3f
SHA256 fced9f645a4fea5e63b28f01fb8cee4aece765647785913adc6e39afd5460ab5
SHA512 d97513959b4562062b5c77ee7ae98f69e10ce0d18e4fbb9ada0f08c88b35e7f1aeb0967acc172dd6a62b67a87dbb84ce03fea1c68bb5ec491e123197858feda9

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg.encrypted

MD5 78e3e59ab7e280a598b27d794804af5d
SHA1 71fbe19f93c3f3567b956dfae00c3b1ce1cbfc05
SHA256 cb7108624134c0e510d96d340a7ab269f5354d190c19d7594cf354da20c45961
SHA512 248f5bbfbeb2a23e8475b6bd40bc769dacbec13d4461f3e9da0887433a5f17385dd4578ff856363dab663ed47e38cc30a2e58fc36c0f4df81bdbeeb7ddb39164

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg.encrypted

MD5 ffba1d96143439d293f0c4a8575ecf8c
SHA1 3e051d02dcd3afaf05bae2d72a28dc46e6294cc0
SHA256 a16837e46fd7bb64186e4a4bd652ff8e04300c07a0dd40d1e881440ff7d3a05d
SHA512 c735d6d59b3f6cc8e894e36bccbca592880f980a2e42246ac38f5ed34c6f79eec583cc5f5e2e14a3a66b7ad535932b7744a46335f4bf8ae7ba167d7ebcd92d94

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2.encrypted

MD5 56bf1d9677a0e6f9b0c388035728b2b5
SHA1 ea0b03e6edd23b2115136056ceed267e7632aa28
SHA256 904ab1a7462835184fa42e7198baa98c3e369f6de0115062368bd63ce9ea48a2
SHA512 1c7c9d298c19a7df2edc1b6b99fd9fa2d0150f17e576f96cd8221e779d10543a3d723e89ca921cbac27857af0a6940d98ca72040adef0a1e80805e74e91af44e

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat.encrypted

MD5 a01e219c1d0f84ca114bdf635f45fd19
SHA1 887f18277b1151229f4b2b9d8ba6169eddaa2b59
SHA256 79f0701476e00cedffd116a2d2e7b49829bcabd8200e8ecc16eb90fee494fab4
SHA512 90684a32a308dce9b98bcb171ade4aa699e3dfe0617744896a8155ae701778c67255c05695293ed9631366b5a67352e6a089f9e1c410dc4b286fcf5edec55195

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

MD5 dd6b52192e0e31777646002f28912c60
SHA1 15562fc275ccc25f5a83cc30e531135cb78a6cc6
SHA256 b3b674763238b96dd54b3f676a94ef1709adc35b24efebc4a15e9223e58af0fe
SHA512 60a45956716afd5b5ec5bde4c981ef45814b37cfe61abd4a2c643c2d8819aebe29dc057bf9978fe3c9bdaeae188f2aff7248244ae2a30d7c22afe29a2e1f2af8

C:\Users\Admin\AppData\Local\Temp\Admin.bmp

MD5 503d6e3ea2be54563de7edb2e4f23cb6
SHA1 242aa747ac31b6863b17919fdaa9dfd7ec777535
SHA256 7f3e246030a1ada4fbffd14d81ff75d5c9284c6cb567b3ada5f156368cf52201
SHA512 680f6d6c71ece25378d4e0aba70c06513525ebea07a7eb7a729073afc1d472fff79d669ed5d0bc44242ffd442b0287137a737d93005336d58651b20ec5683359

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_F70553637B9F26717122C4DAFA3ADB11

MD5 a17df18b112a5cd2255ae6aa50aa06e3
SHA1 51a066c41d18702502fb8316dd1896ec82b883be
SHA256 ce309a6a3f074b69dab3797dde63e6a05a4a92e101d46eecc4be7da18bd57133
SHA512 b6b8a2a1fbacaf690450e2dee74dcbd4d092cc76999e3264993f024ccf64779a65a8d48e427f71e7259a11d0d97c9faeab990ec3abcb85c70cb6523cc34df4c9

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 ecf0ece8a911c096e2990de47b9d9a24
SHA1 308b047d593fb6b59c0424b6b2ae57b45854cb47
SHA256 10cc31282262ba9146c85e689b10c85623f58047610ce04bd089fad12c9eeb0a
SHA512 3e727d5c375696ab99a2a21b48d746c900f2d8e375503a2affa248cbeb6d734249e517b4576ebc47d20934faa4f200c5ed03b8a029e02d252f329fd658821d99

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 899a085cbf0e583eb2597edd858830d3
SHA1 42ecbe2ce5e81f83f7695fa4c901dcd3b196854b
SHA256 5295e1566bd24151cf5a84979448c9d9714f4eaa3b63d0dd5def2c45ae228f14
SHA512 77a93af6b0b7e313604545c10ef27e2cc8a654e10e5e6099a342d4d8b06037566edcb3232fbdc4b971d87fadd63a933c9cd37c27e8d882b671071ffede065d29

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\xulstore.json

MD5 3243e5b7974544f4c8ea71db0720c18b
SHA1 440e13d9df78ed70f497f4968c40f809b31158e8
SHA256 a98ca538a0eeb686a86bfa1b994b3a0427ed6e815aeb9672fa5f7fa9f141107b
SHA512 aeed82c5d36ac394f3ec81e0b403383e67690c0f2084f19b7b76cad44f1c297b3fefaf13ceaef7d378eb3f79224ca633fcf15400f62cda1cd498f894449be2e5

C:\Users\Admin\Desktop\SplitCompare.xlsx

MD5 d10ed2c33fd3c22740465a5058fcda26
SHA1 3ef70cbb548b803fbf950d1bc4b589c31796934f
SHA256 8949b266881fa788db93ec365cd151a8454232542b7a26c1f5b867b11fe179f5
SHA512 09ac6092e67ab536d98ed8b6c439cc927957d3235f8aae43d0b2c6412426d4800b3399b7a50143385398822a1e31fce97fdef2404e9937873483a722a1d0f8df

C:\Users\Admin\Downloads\UpdateRead.dwg.encrypted

MD5 e9042cd5b4cc9242d9b22ebdc18c0bca
SHA1 3bce84845ac4eba4a042ee51dcafe563e60bb7af
SHA256 2fbd36fd252472b619b717725590ac57770faaba38826781163f9410e9cdac4b
SHA512 e096b69a7fc5b6bd6dadf923511a2c2d45f76a35a731376c09927ad313a0594563aa38e76ae13f72cdb64c3ab29404938e925ddbdb0c10700d2430bbf4372fd2

C:\Users\Admin\Searches\Indexed Locations.search-ms.encrypted

MD5 62e0a123b0f2b0762f905cd4ae91395a
SHA1 235fc6b588fa10b1c2fe03d06bbe6ebb429ab226
SHA256 eb10ee0413758c81e506d72426059ee17a83fceca41bc8615f9b144eca1e03b7
SHA512 b04ce248bd63ea0413c19cfac79a49aa059b9d261bb7a546a15c420aa0e3108c3c9350ac2f2fd8c9db3747631c3f675ecf2b285dd858e6560ed1e90fb602d008

C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink.encrypted

MD5 39ab49d10da9ffe7af0e95401d6f05e0
SHA1 c020cda65a1e9980674ea1bc0436d20c83ee2d54
SHA256 8ab8227def3c1a9cfeec807d47e8d6cfc4ed83f2837c55b7342def599f00b796
SHA512 424b32797cbdd7e7b9d783babc31587ba682275ba6e350f7a95c4da6309f240d0a6278dc381b49009697456c84d6a7d591c5eb92178629d5bba37514fdb4864e

C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget.encrypted

MD5 e0e2016f8054ef79734c94298ec4f2cf
SHA1 31c598df08967ac8b125b2e3f21330928fb5b490
SHA256 0e2b5dadd089268230e24cb2bcd842e789f1177709ece151cd72616107f461d6
SHA512 dffbc15671547cbfdc05769e66237c36936f6656d599942b3a1455678056ba6b93d0636f0fb8ef26ad99375d4a4d2c0ea2348aae5a394713606b770e66a02368

C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail.encrypted

MD5 6c9fd231ec12e132161103a74045f94c
SHA1 8d4fbfd78d12462d320a8aa94e1f43910c8c4dac
SHA256 8d161db9ca9f45a1d6e2313d43939564bab4a1e4dbb58c021ff043aeff07580c
SHA512 c59d9752e487e155f2f94eb2810294ee2147fd3e890f2b03f8acd1f4c8bd8bf83bdf446dac931d6593c7fbc755abdbbfef3811c8207dfefd60007b0114933151

C:\vcredist2010_x86.log.html

MD5 d8d41683930d7d1c8981635766add5f2
SHA1 9010c152e026e37099ac4997247f8e33d00d544c
SHA256 6413cafaec9320e9e78cabfee1ee3c837ba7f5f12f62de73a67c3e684a94b7f9
SHA512 a8f7f11ea6fd19f8ed439e9a92c12d33f21488beebbbfef5a96687814351d2f638250d9add387085bd866b376c51f75a14c3e0a1ca75d2b08e0717dcb185a382

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-22 17:01

Platform

win7-20240708-en

Max time kernel

362s

Max time network

363s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Box.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Box.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Box.exe

"C:\Users\Admin\AppData\Local\Temp\Box.exe"

Network

N/A

Files

memory/2200-0-0x0000000073C0E000-0x0000000073C0F000-memory.dmp

memory/2200-1-0x0000000000C20000-0x0000000000C94000-memory.dmp

memory/2200-2-0x0000000073C00000-0x00000000742EE000-memory.dmp

memory/2200-3-0x0000000073C00000-0x00000000742EE000-memory.dmp

memory/2200-4-0x0000000073C0E000-0x0000000073C0F000-memory.dmp

memory/2200-5-0x0000000073C00000-0x00000000742EE000-memory.dmp

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:29

Platform

win7-20241023-en

Max time kernel

361s

Max time network

362s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aace43af8d0932a7b01c5b8fb71c8199.exe"

Signatures

Indicator Removal: Network Share Connection Removal

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\net.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aace43af8d0932a7b01c5b8fb71c8199.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\aace43af8d0932a7b01c5b8fb71c8199.exe

"C:\Users\Admin\AppData\Local\Temp\aace43af8d0932a7b01c5b8fb71c8199.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c net use * /DELETE /Y

C:\Windows\SysWOW64\net.exe

net use * /DELETE /Y

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:46

Platform

win7-20240903-en

Max time kernel

363s

Max time network

364s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\b7989d9eacb5a8b224fd183f6ba65e4e6bd30a4f0e4e1a299f0d2b63dcb56730_Archive_useless.zip"

Signatures

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\b7989d9eacb5a8b224fd183f6ba65e4e6bd30a4f0e4e1a299f0d2b63dcb56730_Archive_useless.zip"

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:47

Platform

win7-20240903-en

Max time kernel

590s

Max time network

377s

Command Line

"C:\Users\Admin\AppData\Local\Temp\zsgblrbrumorwxfizuke.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zsgblrbrumorwxfizuke.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\sfgkuyuaoarifrk = "C:\\Windows\\ydyategyulafxiprjjmv.exe" C:\Users\Admin\AppData\Local\Temp\zsgblrbrumorwxfizuke.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\sfgkuyuaoarifrk = "C:\\Windows\\ydyategyulafxiprjjmv.exe" C:\Users\Admin\AppData\Local\Temp\zsgblrbrumorwxfizuke.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\sfgkuyuaoarifrk = "C:\\ProgramData\\ydyategyulafxiprjjmv.exe" C:\Users\Admin\AppData\Local\Temp\zsgblrbrumorwxfizuke.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\sfgkuyuaoarifrk = "C:\\ProgramData\\ydyategyulafxiprjjmv.exe" C:\Users\Admin\AppData\Local\Temp\zsgblrbrumorwxfizuke.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ydyategyulafxiprjjmv.exe C:\Users\Admin\AppData\Local\Temp\zsgblrbrumorwxfizuke.exe N/A
File opened for modification C:\Windows\ydyategyulafxiprjjmv.exe C:\Users\Admin\AppData\Local\Temp\zsgblrbrumorwxfizuke.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zsgblrbrumorwxfizuke.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\zsgblrbrumorwxfizuke.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\zsgblrbrumorwxfizuke.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zsgblrbrumorwxfizuke.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\zsgblrbrumorwxfizuke.exe

"C:\Users\Admin\AppData\Local\Temp\zsgblrbrumorwxfizuke.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 trybesmart.in udp

Files

memory/2532-1-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2532-0-0x00000000002C0000-0x00000000002C1000-memory.dmp

memory/2532-2-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2532-3-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2532-7-0x0000000000400000-0x0000000000428000-memory.dmp

C:\ProgramData\xedwccxvxjdrmpsrukbdmumycqumjwgq

MD5 720ffbd7c4e1e136bc524c0f3315be5a
SHA1 d97a4c5256f6936226dfc01a6f2681ead44f762e
SHA256 c5ee84be2172fe70689f3716ddd55d39e1d177a76e1ed4844df7feb2d7ad5064
SHA512 c40fff39128002ecf9fc9fbe1af645bbddf6264676aafd4a1f2db780271bd2c7f26e17dea299f5baf515a0524dd4aca59e476a1591c53120fb999cc74a36e8b4

memory/2532-47-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2532-66-0x0000000000400000-0x0000000000428000-memory.dmp

Analysis: behavioral30

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:55

Platform

win7-20240903-en

Max time kernel

590s

Max time network

361s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c3dd2e3cf0ebeec7a6c280e187a044a32b54b369a78aaaa89c600a0767b49704.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\c3dd2e3cf0ebeec7a6c280e187a044a32b54b369a78aaaa89c600a0767b49704.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c3dd2e3cf0ebeec7a6c280e187a044a32b54b369a78aaaa89c600a0767b49704.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c3dd2e3cf0ebeec7a6c280e187a044a32b54b369a78aaaa89c600a0767b49704.exe

"C:\Users\Admin\AppData\Local\Temp\c3dd2e3cf0ebeec7a6c280e187a044a32b54b369a78aaaa89c600a0767b49704.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 dolores.cursopersona.com udp

Files

memory/1640-1-0x0000000000400000-0x0000000000411000-memory.dmp

memory/1640-0-0x00000000003C0000-0x00000000003C1000-memory.dmp

memory/1640-5-0x0000000000400000-0x0000000000419000-memory.dmp

C:\ProgramData\ocgqzsglrkbdnmm

MD5 5a469be8042fe7121f4f90f7b10dfbff
SHA1 3f4cf020ee30bac1473de7df182e9bb2388c9e3d
SHA256 d4c0b734e1f111a360c60e6c1395e76dc43ed225847462adeca436e9f03918c2
SHA512 94db8bb4776902079c548dda4bf1daca3d120de273ac78ad75d643b43b23dfd50f39e73c899f4ebfede199fc24f4905772963c4938eff1c500a30677140603fc

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:39

Platform

win7-20240903-en

Max time kernel

359s

Max time network

360s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad3cc219a818047d6d3c38a8e4662e21dfedc858578cb2bde2c127d66dfeb7de_PonyNews.dll,#1

Signatures

Pony family

pony

Pony,Fareit

rat spyware stealer pony

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Unsecured Credentials: Credentials In Files

credential_access stealer

Checks installed software on the system

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\rundll32.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\rundll32.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\rundll32.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\rundll32.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\rundll32.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\rundll32.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\rundll32.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2100 wrote to memory of 2116 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2100 wrote to memory of 2116 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2100 wrote to memory of 2116 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2100 wrote to memory of 2116 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2100 wrote to memory of 2116 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2100 wrote to memory of 2116 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2100 wrote to memory of 2116 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad3cc219a818047d6d3c38a8e4662e21dfedc858578cb2bde2c127d66dfeb7de_PonyNews.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad3cc219a818047d6d3c38a8e4662e21dfedc858578cb2bde2c127d66dfeb7de_PonyNews.dll,#1

Network

N/A

Files

memory/2116-0-0x0000000074D79000-0x0000000074D7A000-memory.dmp

memory/2116-1-0x0000000074D70000-0x0000000074D8C000-memory.dmp

memory/2116-5-0x0000000000250000-0x0000000000252000-memory.dmp

memory/2116-6-0x00000000001F0000-0x00000000001F9000-memory.dmp

memory/2116-7-0x0000000000200000-0x000000000020F000-memory.dmp

memory/2116-8-0x0000000074D79000-0x0000000074D7A000-memory.dmp

memory/2116-9-0x0000000000250000-0x0000000000252000-memory.dmp

Analysis: behavioral12

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:46

Platform

win7-20240903-en

Max time kernel

357s

Max time network

358s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b56c4569d639e8ce104d9e52dffeba6d18813c058887a3404350904811f32d54_not_packed_maybe_useless.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\b56c4569d639e8ce104d9e52dffeba6d18813c058887a3404350904811f32d54_not_packed_maybe_useless.exe

"C:\Users\Admin\AppData\Local\Temp\b56c4569d639e8ce104d9e52dffeba6d18813c058887a3404350904811f32d54_not_packed_maybe_useless.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 152

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:49

Platform

win7-20241023-en

Max time kernel

599s

Max time network

598s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe"

Signatures

Deletes shadow copies

ransomware defense_evasion impact execution

Accesses Microsoft Outlook accounts

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts C:\Windows\SysWOW64\explorer.exe N/A

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Windows\SysWOW64\explorer.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asijihel = "C:\\Windows\\olyviced.exe" C:\Windows\SysWOW64\explorer.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\olyviced.exe C:\Windows\SysWOW64\explorer.exe N/A
File created C:\Windows\olyviced.exe C:\Windows\SysWOW64\explorer.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\vssadmin.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2624 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe
PID 2624 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe
PID 2624 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe
PID 2624 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe
PID 2624 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe
PID 2624 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe
PID 2624 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe
PID 2624 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe
PID 2624 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe
PID 2624 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe
PID 2624 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe
PID 1704 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe C:\Windows\SysWOW64\explorer.exe
PID 1704 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe C:\Windows\SysWOW64\explorer.exe
PID 1704 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe C:\Windows\SysWOW64\explorer.exe
PID 1704 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe C:\Windows\SysWOW64\explorer.exe
PID 1704 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe C:\Windows\SysWOW64\explorer.exe
PID 2632 wrote to memory of 2876 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\vssadmin.exe
PID 2632 wrote to memory of 2876 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\vssadmin.exe
PID 2632 wrote to memory of 2876 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\vssadmin.exe
PID 2632 wrote to memory of 2876 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\vssadmin.exe

Uses Volume Shadow Copy service COM API

ransomware

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Windows\SysWOW64\explorer.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe

"C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe"

C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe

"C:\Users\Admin\AppData\Local\Temp\Saldo.Pdf______________________________________________________________.exe"

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\system32\explorer.exe"

C:\Windows\SysWOW64\vssadmin.exe

vssadmin.exe Delete Shadows /All /Quiet

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 octoberpics.ru udp

Files

memory/1704-2-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1704-0-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/1704-15-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1704-16-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1704-17-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1704-14-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1704-11-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1704-9-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1704-7-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1704-5-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2632-19-0x00000000000D0000-0x000000000010D000-memory.dmp

memory/2632-20-0x00000000000D0000-0x000000000010D000-memory.dmp

C:\ProgramData\yvycuvufavytimur\01000000

MD5 9db79db6cb4edab84bd158bf26e50e12
SHA1 6661cc46a228ef880446ce4e19c07cc465d8091c
SHA256 30b806f6572a13fb68c4a6112b2f16f90931fabdb4d7441b091ea4867e410061
SHA512 5dd5c3a35fd1a50fd308f8cea6dc8a5278000bdefe75b1fc1ae39af07d75a3abb61a816cfc640a40fb42b40993f2aa1b1286bdce8768152f4a68820a6b657457

memory/2632-29-0x00000000000D0000-0x000000000010D000-memory.dmp

memory/1704-26-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2632-32-0x00000000000D0000-0x000000000010D000-memory.dmp

memory/2632-33-0x00000000000D0000-0x000000000010D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-22 17:00

Platform

win7-20240903-en

Max time kernel

357s

Max time network

359s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe"

Signatures

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Windows\SysWOW64\svchost.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\A5101B22 = "C:\\Users\\Admin\\AppData\\Roaming\\Klyizcnws\\730CD576A5101B224500.exe" C:\Windows\SysWOW64\svchost.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2104 set thread context of 2580 N/A C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe
PID 604 set thread context of 2724 N/A C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2104 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe
PID 2104 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe
PID 2104 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe
PID 2104 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe
PID 2104 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe
PID 2104 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe
PID 2104 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe
PID 2104 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe
PID 2580 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe C:\Windows\SysWOW64\svchost.exe
PID 2580 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe C:\Windows\SysWOW64\svchost.exe
PID 2580 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe C:\Windows\SysWOW64\svchost.exe
PID 2580 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe C:\Windows\SysWOW64\svchost.exe
PID 2580 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe C:\Windows\SysWOW64\svchost.exe
PID 2536 wrote to memory of 604 N/A C:\Windows\SysWOW64\svchost.exe C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre
PID 2536 wrote to memory of 604 N/A C:\Windows\SysWOW64\svchost.exe C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre
PID 2536 wrote to memory of 604 N/A C:\Windows\SysWOW64\svchost.exe C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre
PID 2536 wrote to memory of 604 N/A C:\Windows\SysWOW64\svchost.exe C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre
PID 604 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre
PID 604 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre
PID 604 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre
PID 604 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre
PID 604 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre
PID 604 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre
PID 604 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre
PID 604 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre
PID 2724 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre C:\Windows\SysWOW64\svchost.exe
PID 2724 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre C:\Windows\SysWOW64\svchost.exe
PID 2724 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre C:\Windows\SysWOW64\svchost.exe
PID 2724 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre C:\Windows\SysWOW64\svchost.exe
PID 2724 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre C:\Windows\SysWOW64\svchost.exe
PID 2468 wrote to memory of 2288 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\reg.exe
PID 2468 wrote to memory of 2288 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\reg.exe
PID 2468 wrote to memory of 2288 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\reg.exe
PID 2468 wrote to memory of 2288 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\reg.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe

"C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe"

C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe

C:\Users\Admin\AppData\Local\Temp\Abrechnung.exe

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre

C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre

C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre

C:\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Windows\SysWOW64\reg.exe

reg.exe add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005A8" "0000000000000498"

Network

Country Destination Domain Proto
US 8.8.8.8:53 horad-forum.com udp
US 8.8.8.8:53 spatbe-web.com udp
US 8.8.8.8:53 qoa-acc.com udp
US 8.8.8.8:53 horad-fo.com udp
US 8.8.8.8:53 spatbe-w.com udp
US 8.8.8.8:53 qoa-a.com udp

Files

memory/2580-0-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2104-13-0x0000000000400000-0x0000000000421000-memory.dmp

memory/2580-19-0x0000000000411000-0x0000000000416000-memory.dmp

memory/2536-21-0x000000007EF90000-0x000000007EFA1000-memory.dmp

memory/2580-18-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2536-15-0x000000007EF90000-0x000000007EFA1000-memory.dmp

memory/2580-12-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2580-11-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2580-10-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2580-8-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2580-6-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2580-4-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2580-2-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2536-14-0x000000007EF90000-0x000000007EFA1000-memory.dmp

\Users\Admin\AppData\Local\Temp\mzfxiwlech.pre

MD5 81ff324d2023d8ecb98a127b87d51450
SHA1 acd24c80f6a02f7fe7a388a6779ea49be64674bc
SHA256 7d9fc496bc0ade736bf75e05564e9c93167362ef18450d75222deef0664f9ed5
SHA512 38b17683e835e7259a6972d0f920f9ac7f5823591962c624aa795c39c3213d0735bacd76c72b7255be1cefeb9c298ffc31266513f088684969e5e18ad4e0a139

memory/604-41-0x0000000000400000-0x0000000000421000-memory.dmp

memory/2724-51-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2468-48-0x000000007EF90000-0x000000007EFA1000-memory.dmp

memory/2468-52-0x000000007EF90000-0x000000007EFA1000-memory.dmp

memory/2468-53-0x000000007EF90000-0x000000007EFA1000-memory.dmp

memory/2468-57-0x000000007EF90000-0x000000007EFA1000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-22 17:01

Platform

win7-20240903-en

Max time kernel

600s

Max time network

362s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a7768f4973ad7cf8217212a4d12dbae0.exe" C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a7768f4973ad7cf8217212a4d12dbae0.exe.lnk C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 828 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 2164 wrote to memory of 2228 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2164 wrote to memory of 2228 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2164 wrote to memory of 2228 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2164 wrote to memory of 2228 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 828 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 2860 wrote to memory of 2740 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2860 wrote to memory of 2740 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2860 wrote to memory of 2740 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2860 wrote to memory of 2740 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 828 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 2592 wrote to memory of 2824 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2592 wrote to memory of 2824 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2592 wrote to memory of 2824 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2592 wrote to memory of 2824 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 828 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 2196 wrote to memory of 2624 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2196 wrote to memory of 2624 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2196 wrote to memory of 2624 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2196 wrote to memory of 2624 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 828 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 2632 wrote to memory of 2588 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2632 wrote to memory of 2588 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2632 wrote to memory of 2588 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2632 wrote to memory of 2588 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 828 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 3064 wrote to memory of 1720 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 3064 wrote to memory of 1720 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 3064 wrote to memory of 1720 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 3064 wrote to memory of 1720 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 828 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 2572 wrote to memory of 2024 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2572 wrote to memory of 2024 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2572 wrote to memory of 2024 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2572 wrote to memory of 2024 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 828 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 828 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe C:\Windows\SysWOW64\cmd.exe
PID 2412 wrote to memory of 1984 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2412 wrote to memory of 1984 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2412 wrote to memory of 1984 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2412 wrote to memory of 1984 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu = "1" C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe

"C:\Users\Admin\AppData\Local\Temp\a7768f4973ad7cf8217212a4d12dbae0.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

Network

Country Destination Domain Proto
RU 95.163.104.80:80 tcp
RU 95.163.104.80:80 tcp

Files

memory/828-0-0x0000000000400000-0x00000000004C2000-memory.dmp

memory/828-1-0x00000000003D0000-0x00000000003E0000-memory.dmp

memory/828-3-0x0000000000400000-0x00000000004C2000-memory.dmp

memory/828-5-0x00000000003D0000-0x00000000003E0000-memory.dmp

memory/828-44-0x0000000000400000-0x00000000004C2000-memory.dmp

Analysis: behavioral27

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:54

Platform

win7-20241010-en

Max time kernel

314s

Max time network

320s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c145a26dd6d200080c16300456e7c0bc95f2b71f56d94136619e239e466a04a0.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c145a26dd6d200080c16300456e7c0bc95f2b71f56d94136619e239e466a04a0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c145a26dd6d200080c16300456e7c0bc95f2b71f56d94136619e239e466a04a0.exe

"C:\Users\Admin\AppData\Local\Temp\c145a26dd6d200080c16300456e7c0bc95f2b71f56d94136619e239e466a04a0.exe"

Network

N/A

Files

memory/3024-0-0x000000007447E000-0x000000007447F000-memory.dmp

memory/3024-1-0x0000000001010000-0x000000000101C000-memory.dmp

memory/3024-2-0x0000000074470000-0x0000000074B5E000-memory.dmp

memory/3024-3-0x0000000074470000-0x0000000074B5E000-memory.dmp

memory/3024-4-0x000000007447E000-0x000000007447F000-memory.dmp

memory/3024-5-0x0000000074470000-0x0000000074B5E000-memory.dmp

memory/3024-6-0x0000000074470000-0x0000000074B5E000-memory.dmp

memory/3024-7-0x0000000074470000-0x0000000074B5E000-memory.dmp

memory/3024-8-0x0000000074470000-0x0000000074B5E000-memory.dmp

Analysis: behavioral31

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:56

Platform

win7-20240903-en

Max time kernel

600s

Max time network

362s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\software = "C:\\Users\\Admin\\AppData\\Roaming\\cryptohost.exe" C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\software = "C:\\Users\\Admin\\AppData\\Roaming\\cryptohost.exe" C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2236 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe
PID 2236 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe
PID 2236 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe
PID 2236 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe
PID 2236 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe
PID 2236 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe
PID 2236 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe
PID 2236 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe
PID 2236 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe
PID 3044 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe C:\Users\Admin\AppData\Roaming\cryptohost.exe
PID 3044 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe C:\Users\Admin\AppData\Roaming\cryptohost.exe
PID 3044 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe C:\Users\Admin\AppData\Roaming\cryptohost.exe
PID 3044 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe C:\Users\Admin\AppData\Roaming\cryptohost.exe
PID 2348 wrote to memory of 352 N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe C:\Users\Admin\AppData\Roaming\cryptohost.exe
PID 2348 wrote to memory of 352 N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe C:\Users\Admin\AppData\Roaming\cryptohost.exe
PID 2348 wrote to memory of 352 N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe C:\Users\Admin\AppData\Roaming\cryptohost.exe
PID 2348 wrote to memory of 352 N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe C:\Users\Admin\AppData\Roaming\cryptohost.exe
PID 2348 wrote to memory of 352 N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe C:\Users\Admin\AppData\Roaming\cryptohost.exe
PID 2348 wrote to memory of 352 N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe C:\Users\Admin\AppData\Roaming\cryptohost.exe
PID 2348 wrote to memory of 352 N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe C:\Users\Admin\AppData\Roaming\cryptohost.exe
PID 2348 wrote to memory of 352 N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe C:\Users\Admin\AppData\Roaming\cryptohost.exe
PID 2348 wrote to memory of 352 N/A C:\Users\Admin\AppData\Roaming\cryptohost.exe C:\Users\Admin\AppData\Roaming\cryptohost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe

"C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe"

C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe

"C:\Users\Admin\AppData\Local\Temp\c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe"

C:\Users\Admin\AppData\Roaming\cryptohost.exe

"C:\Users\Admin\AppData\Roaming\cryptohost.exe"

C:\Users\Admin\AppData\Roaming\cryptohost.exe

"C:\Users\Admin\AppData\Roaming\cryptohost.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 blockchain.info udp
US 104.16.237.243:443 blockchain.info tcp
US 104.16.237.243:443 blockchain.info tcp

Files

memory/2236-0-0x0000000074B11000-0x0000000074B12000-memory.dmp

memory/2236-1-0x0000000074B10000-0x00000000750BB000-memory.dmp

memory/2236-2-0x0000000074B10000-0x00000000750BB000-memory.dmp

memory/2236-3-0x0000000074B10000-0x00000000750BB000-memory.dmp

memory/3044-6-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-19-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-17-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-4-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-13-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/3044-12-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-20-0x0000000074B10000-0x00000000750BB000-memory.dmp

memory/3044-10-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-8-0x0000000000400000-0x0000000000480000-memory.dmp

memory/2236-21-0x0000000074B10000-0x00000000750BB000-memory.dmp

memory/3044-25-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-37-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-38-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-36-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-42-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-41-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-40-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-39-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-34-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-33-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-32-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-31-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-30-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-29-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-28-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-27-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-26-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-24-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-23-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3044-43-0x0000000074B10000-0x00000000750BB000-memory.dmp

memory/3044-44-0x0000000074B10000-0x00000000750BB000-memory.dmp

memory/3044-45-0x0000000074B10000-0x00000000750BB000-memory.dmp

\Users\Admin\AppData\Roaming\cryptohost.exe

MD5 3a37931a0c7f2c8ec5c38b04380c69e1
SHA1 61ac0d9783a744dfc02f4b6dd880c82e24a274b0
SHA256 c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3
SHA512 9be09704ae50a657793ddee577e69967483858aa42c92eb3403c79a195c2d11a6f84f274cb6c5e8e357b9e8627ae347d9a11a39d1549a15690765dcf1f3579da

memory/3044-56-0x0000000074B10000-0x00000000750BB000-memory.dmp

memory/352-68-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Analysis: behavioral19

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:49

Platform

win7-20240903-en

Max time kernel

361s

Max time network

362s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f.exe"

Signatures

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zcrypt.lnk C:\Users\Admin\AppData\Local\Temp\bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\zcrypt.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\zcrypt = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f.exe\" " C:\Users\Admin\AppData\Local\Temp\bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f.exe

"C:\Users\Admin\AppData\Local\Temp\bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f.exe"

C:\Users\Admin\AppData\Roaming\zcrypt.exe

C:\Users\Admin\AppData\Roaming\zcrypt.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 poiuytrewq.ml udp

Files

\Users\Admin\AppData\Roaming\zcrypt.exe

MD5 d1e75b274211a78d9c5d38c8ff2e1778
SHA1 d14954a7b9e0c778909fe8dcad99ad4120365b2e
SHA256 bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f
SHA512 1ec3fbb0bf17d4ad6397ba2e58daa210745f10f88f6722971464a6eeb7573f49be6d65e70a497002d6d00745317f11442bdeaf999b91127b123c11dfe9b088c2

Analysis: behavioral21

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:50

Platform

win7-20240903-en

Max time kernel

498s

Max time network

498s

Command Line

"C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_Dumped_TDS=4F8C315F.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_Dumped_TDS=4F8C315F.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tdebbrpbeeauasj = "C:\\ProgramData\\aagvgugsuvtyqbhutxjv.exe" C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_Dumped_TDS=4F8C315F.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdebbrpbeeauasj = "C:\\ProgramData\\aagvgugsuvtyqbhutxjv.exe" C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_Dumped_TDS=4F8C315F.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tdebbrpbeeauasj = "C:\\Windows\\aagvgugsuvtyqbhutxjv.exe" C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_Dumped_TDS=4F8C315F.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdebbrpbeeauasj = "C:\\Windows\\aagvgugsuvtyqbhutxjv.exe" C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_Dumped_TDS=4F8C315F.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\aagvgugsuvtyqbhutxjv.exe C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_Dumped_TDS=4F8C315F.exe N/A
File opened for modification C:\Windows\aagvgugsuvtyqbhutxjv.exe C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_Dumped_TDS=4F8C315F.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_Dumped_TDS=4F8C315F.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_Dumped_TDS=4F8C315F.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_Dumped_TDS=4F8C315F.exe

"C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_Dumped_TDS=4F8C315F.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 trybesmart.in udp

Files

memory/2136-0-0x0000000001030000-0x000000000104D000-memory.dmp

memory/2136-1-0x0000000001030000-0x000000000104D000-memory.dmp

C:\ProgramData\vdjvzwnjxxqmrskmukyfebqfjutpiyaq

MD5 2ccd4a6682dab48393fc5677e813b1b7
SHA1 2e935c2a7b52aab263a7f725e5aa49506dff27a0
SHA256 69c83915db0c6dac2871e5fe81d01f406466fc85aeaab44702ac1b8c1c34b523
SHA512 afc02b5411f728cd6e9a36353214ba1d5e2cfcf7bbc6381413cd365bd10afc698e41e68725a3977dfeb50fc7f658c2747a28bae6f6715dfd1f5e63936f226e43

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:29

Platform

win7-20240729-en

Max time kernel

357s

Max time network

358s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aa7ff3bc285bcb4ec48bf2f361f0ad0a1d9fc8f17b7323d2f0615ade68973c1e.exe"

Signatures

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HTCryptor.exe C:\Users\Admin\AppData\Local\Temp\aa7ff3bc285bcb4ec48bf2f361f0ad0a1d9fc8f17b7323d2f0615ade68973c1e.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\Crypt = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HTCryptor.exe\"" C:\Users\Admin\AppData\Local\Temp\aa7ff3bc285bcb4ec48bf2f361f0ad0a1d9fc8f17b7323d2f0615ade68973c1e.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aa7ff3bc285bcb4ec48bf2f361f0ad0a1d9fc8f17b7323d2f0615ade68973c1e.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aa7ff3bc285bcb4ec48bf2f361f0ad0a1d9fc8f17b7323d2f0615ade68973c1e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\aa7ff3bc285bcb4ec48bf2f361f0ad0a1d9fc8f17b7323d2f0615ade68973c1e.exe

"C:\Users\Admin\AppData\Local\Temp\aa7ff3bc285bcb4ec48bf2f361f0ad0a1d9fc8f17b7323d2f0615ade68973c1e.exe"

Network

N/A

Files

memory/2268-0-0x0000000074D7E000-0x0000000074D7F000-memory.dmp

memory/2268-1-0x0000000000C50000-0x0000000000CE0000-memory.dmp

memory/2268-2-0x0000000074D70000-0x000000007545E000-memory.dmp

memory/2268-4-0x0000000074D70000-0x000000007545E000-memory.dmp

Analysis: behavioral11

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:45

Platform

win7-20240903-en

Max time kernel

361s

Max time network

362s

Command Line

"C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe"

Signatures

HydraCrypt

ransomware hydracrypt

Hydracrypt family

hydracrypt

Deletes shadow copies

ransomware defense_evasion impact execution

Renames multiple (474) files with added filename extension

ransomware

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.hydracrypttmp_ID_8c36b709 C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.hydracrypt_ID_8c36b709 C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Internet Explorer Update = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe\"" C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\ChromeSettingsStart3264 = "\"C:\\Users\\Admin\\AppData\\Roaming\\ChromeSetings3264\\koxaxevo.exe\"" C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Public\Music\Sample Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Public\Pictures\Sample Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Public\Recorded TV\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links for United States\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Public\Recorded TV\Sample Media\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BAFOJIJD\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\XMOOPFZ1\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Public\Videos\Sample Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\5WY8FHO4\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1600 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe
PID 1600 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe
PID 1600 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe
PID 1600 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe
PID 1600 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe
PID 1600 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe
PID 1600 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe
PID 1600 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe
PID 1600 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe
PID 1600 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe
PID 1600 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe
PID 1600 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe
PID 1600 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe
PID 1600 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe
PID 1600 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe
PID 2628 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2224 wrote to memory of 2544 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\net.exe
PID 2224 wrote to memory of 2544 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\net.exe
PID 2224 wrote to memory of 2544 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\net.exe
PID 2224 wrote to memory of 2544 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\net.exe
PID 2544 wrote to memory of 2744 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2544 wrote to memory of 2744 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2544 wrote to memory of 2744 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2544 wrote to memory of 2744 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2628 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2300 wrote to memory of 2576 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\vssadmin.exe
PID 2300 wrote to memory of 2576 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\vssadmin.exe
PID 2300 wrote to memory of 2576 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\vssadmin.exe
PID 2300 wrote to memory of 2576 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\vssadmin.exe
PID 2628 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2696 wrote to memory of 2564 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 2696 wrote to memory of 2564 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 2696 wrote to memory of 2564 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 2696 wrote to memory of 2564 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 2628 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2628 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe C:\Windows\SysWOW64\cmd.exe
PID 2524 wrote to memory of 2000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\vssadmin.exe
PID 2524 wrote to memory of 2000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\vssadmin.exe
PID 2524 wrote to memory of 2000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\vssadmin.exe
PID 2524 wrote to memory of 2000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\vssadmin.exe
PID 2584 wrote to memory of 3012 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\vssadmin.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe

"C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe"

C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe

C:\Users\Admin\AppData\Local\Temp\afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C net stop vss

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /All

C:\Windows\SysWOW64\net.exe

net stop vss

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop vss

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C wmic shadowcopy delete

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=Z: /All

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=Y: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=X: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=W: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=Z: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=Y: /All

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=X: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=V: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=W: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=U: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=T: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=V: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=S: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=R: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=U: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=T: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=Q: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=S: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=R: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=Q: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=P: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=O: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=N: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=P: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=M: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=O: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=L: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=K: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=N: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=M: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=J: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=L: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=I: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=H: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=K: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=J: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=G: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=I: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=H: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=F: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=E: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=F: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=D: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=G: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=C: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=E: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=B: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=D: /All

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin Delete Shadows /For=A: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=B: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=C: /All

C:\Windows\SysWOW64\vssadmin.exe

vssadmin Delete Shadows /For=A: /All

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 8444

Network

Country Destination Domain Proto
US 8.8.8.8:53 google.com udp
GB 142.250.187.238:80 google.com tcp
US 8.8.8.8:53 drivers-softprotect.eu udp
GB 142.250.187.238:80 google.com tcp
US 8.8.8.8:53 drivers-softprotect.eu udp

Files

memory/1600-0-0x0000000000270000-0x0000000000275000-memory.dmp

memory/2628-1-0x0000000000300000-0x0000000000400000-memory.dmp

memory/2628-2-0x0000000000400000-0x0000000000978000-memory.dmp

memory/2628-4-0x0000000000400000-0x0000000000978000-memory.dmp

memory/2628-10-0x0000000000400000-0x0000000000978000-memory.dmp

memory/2628-22-0x0000000000400000-0x0000000000978000-memory.dmp

memory/2628-20-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2628-18-0x0000000000400000-0x0000000000978000-memory.dmp

memory/2628-16-0x0000000000400000-0x0000000000978000-memory.dmp

memory/2628-14-0x0000000000400000-0x0000000000978000-memory.dmp

memory/2628-12-0x0000000000400000-0x0000000000978000-memory.dmp

memory/2628-6-0x0000000000400000-0x0000000000978000-memory.dmp

memory/2628-8-0x0000000000400000-0x0000000000978000-memory.dmp

memory/1780-23-0x0000000076AF0000-0x0000000076C0F000-memory.dmp

memory/1780-24-0x0000000076C10000-0x0000000076D0A000-memory.dmp

memory/2628-26-0x0000000000400000-0x0000000000978000-memory.dmp

C:\Users\Admin\AppData\Roaming\1$FUWW$FFHEX.dat

MD5 97af5987ff3d92867c5fd43bcd65b0c0
SHA1 ee0a355af5403d96e2a7a8fc091f4a233f6da787
SHA256 637b759f859bcb79be726f1cfca41dfb6cf252401d125e403afc2a46ecfadc9d
SHA512 dc489275e257d1367c78beb22cc969c9af7bb3f9b77d2c1264002685d6c93f7bb5c11ee746798560bb7f081d4869d2aec2e5cda8ae21147b4b57c040764ca93c

memory/2628-755-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2628-758-0x0000000000400000-0x0000000000978000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\60QKHYE2\desktop.ini.hydracrypttmp_ID_8c36b709

MD5 c8c380ea573b670576c926ecea6f8b44
SHA1 5ffa0324ad7eda99e57b9787fa9f47383da45ff0
SHA256 e91e242a2d730155afd13c450c068cb62c1bdaf5e8bc454c9bf40b159aae210e
SHA512 a9b69b251e88ea4a48063961d464dd075c4327837a65637bfda77b85e94fb14c125a75ccfb1fb0af93da005a454c4b01bcfccec919c1f78aa68aee00f549d6a3

C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\XMOOPFZ1\desktop.ini.hydracrypt_ID_8c36b709

MD5 7f4026ad416f627ac55bc7cd64809771
SHA1 09bf53bb14f20bab68b0417cb33931e6af9d17e2
SHA256 68bcf191467610d592edb8cdbbb5cbf92b888d627e48bca742085b7f61bb5aa6
SHA512 249ee652d699c8a428f8fde78ddac90c57b5556222e38950f05d4ed2283e512e8f0d12a327a752835332b32c8bf008efeae4e2916d2c576f04f8b3f6120906a1

C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240903_051511232.html.hydracrypttmp_ID_8c36b709

MD5 892c684f38853615b589043f93a3aff1
SHA1 da90e389eed0a4609f06c5c07d6605351aebd333
SHA256 41c0333e9bcccd69e0bf144c22b21ce62614cbd46f2d88ca7e1d42224ee99957
SHA512 6ccaa9ff3152292b86b08f7f25166aa065aa576eac620ee30e0b857e85aadd3ff9329a07094f72418969bc7702942506e22c698bc23dc028da8d7bd1326b0c18

C:\Users\Admin\Desktop\ShowUnblock.xlsx.hydracrypttmp_ID_8c36b709

MD5 c74ead6d856caeb58b916c2e3b097418
SHA1 fc869bb3acecb50bedcfc6561960a085885721eb
SHA256 508ef39a6eda1565a38a235fe29306072a45fc5506a0d1d94ad8e659ff1ca840
SHA512 851df558e1eae80066592435189643276006385eac01bd06f1c6872d2f55b29a4e72cc80061d04dcc2b0d28811131e1c1a2918b4f04fa63cd6bbea2bfe3b5874

memory/2628-2162-0x0000000000400000-0x000000000040E000-memory.dmp

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.hydracrypttmp_ID_8c36b709

MD5 0391023dab7004dbcb96cab7cc1602b2
SHA1 6c83e11583b195e6661aacb2ed9de37fe584364c
SHA256 f6cb25681ca6777c3e1029316f983ec56ef37d4adf9194d648635a4814ea3485
SHA512 75061dfe61f1fd6d458773fe420edbd072944b889add451269b6830a8810bfa37a26d795dd8739b80f6a245cad4aa4e47f3bff9c34d29872af053f2e53c74a9d

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.hydracrypttmp_ID_8c36b709

MD5 735dc473c4e67d5d67d3bcd88d36fb37
SHA1 ae90c60d4fb828f027aa1ebc73aab4b788982fa2
SHA256 15eed907efb3b358af82079434e204225ceb92465dc90a23d6bd3bcbc389e902
SHA512 55fad682bcae34920cfaf8cc1e4cce919b9b9e55a4b0f8dc50f82145640248cf0195dda19cd721f165299f4540f2fa809549949851df651efb15169b709ae7d8

C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.hydracrypttmp_ID_8c36b709

MD5 14aa73eda313dcc89b2d9830b883d057
SHA1 fe606ba5c087bc036428d734a813caee64bce136
SHA256 e8aa69bc2d1ea42eeb583986f89fac2ec72f08409bee707540f0aabf72890dee
SHA512 f027a7fd0792fd0367382d5a5112175f24f4f418b9eefe96780389a08b51fcc03035aad52e126c3feabe8833592ffc72b69a089fcb38078b458174802be5077d

C:\ProgramData\Microsoft\Windows\Caches\{A9E4022C-9477-4B6D-B223-8709BE9C8AB0}.2.ver0x0000000000000002.db.hydracrypttmp_ID_8c36b709

MD5 2cebacc78730325527087be8bbe46ade
SHA1 730a87f4c9ada2db7791640ceabde958be61e8da
SHA256 e57712881f9b7a5c903030ed9b91fdf8efbb8f4852eb5b16b4197b39bda1d579
SHA512 e472606abfc73a7a30c2f8b0798c3a0a1f4ce5f462523c88f3bfe6a661391b01c397131cc266dbcbcbb361931fa5d0eff8071b87411d247560b11b0cc6654160

C:\Users\Public\Videos\README_DECRYPT_HYDRA_ID_8c36b709.txt

MD5 36006a50bf0bee078e8b6096d083599c
SHA1 2cfef28cb6000f2b43a9173b2368c63361ead701
SHA256 41c4aeee47902be00f6535aa1a8753f8af529ee2d02245dc1cd48ad758c6a22c
SHA512 b3390474540d4f339d262550a88f7b47bdc665827f5b486dddc122661e7a403469beed775680ac265268414660a78a9d3ee681205e1334a188cbb0516b24094f

C:\Users\Public\Videos\README_DECRYPT_HYDRA_ID_8c36b709.txt

MD5 4a2545506bec96f69e4b4de1845f33d5
SHA1 ca4997ff3956ca9903b19c109d02a736bcf49a0a
SHA256 f8137ff22bcaf69a9aecc39945da8ecb8a3f4bf2acc923ed13ab1491eda630ba
SHA512 259098df65325c222c5abd3006f1dd6b1c9e58ccfb5e75ac4e616a5d811aed88345c827cd859165c075880647534acbe0be8b1988077c831baaeee786a24a06d

memory/2628-2973-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2628-2974-0x0000000000400000-0x0000000000978000-memory.dmp

Analysis: behavioral15

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:47

Platform

win7-20240903-en

Max time kernel

590s

Max time network

362s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe"

Signatures

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\sethc.exe C:\Users\Admin\AppData\Local\Temp\b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe

"C:\Users\Admin\AppData\Local\Temp\b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.sypexgeo.net udp
GB 89.38.146.218:80 api.sypexgeo.net tcp

Files

memory/1764-0-0x0000000000400000-0x0000000000576000-memory.dmp

memory/1764-1-0x0000000000220000-0x0000000000221000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe

MD5 4523ccfd191dcceeae8e884f82f5c7ad
SHA1 00107a6bdc9886e69425b7b0b761dcc8324946d3
SHA256 b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0
SHA512 79df12b1abb0d2ddab35e898aa01baaf7ea737fa37331c926b07d0ca478aa9c1c3d14795241e11d7dcff06ec3c5de93b2819cfbc0fd6db5bf6e752c52cfad5a5

memory/1764-3-0x0000000000400000-0x0000000000576000-memory.dmp

memory/1764-5-0x0000000000220000-0x0000000000221000-memory.dmp

Analysis: behavioral16

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:47

Platform

win7-20240903-en

Max time kernel

354s

Max time network

356s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Renames multiple (2188) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\drivers\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vQVykYApjMM758B.exe" C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_neutral_11bbf54c8508434e\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Core_Commands.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomeBasicE\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\winusb.inf_amd64_neutral_6cb50ae9f480775b\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\fr\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseE\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced_methods.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_functions_advanced_parameters.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_preference_variables.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_trap.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Starter\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmcd.inf_amd64_neutral_49212f5920298e45\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas.inf_amd64_neutral_395276dd9b7a7448\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_escape_characters.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00y.inf_amd64_neutral_977318f2317f5ddd\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsPhotoGallery.bmp C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\es-ES\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\ProfessionalE\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicE\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bda.inf_amd64_neutral_41c6262952846788\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_neutral_6fd673519d66ab20\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\ProfessionalN\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\IME\IMETC10\applets\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr009.inf_amd64_neutral_fd2ac5b9c40bd465\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sisraid2.inf_amd64_neutral_845e008c32615283\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbvideo.inf_amd64_neutral_836a6716cd56c692\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiaxx002.inf_amd64_neutral_fbe080a7dd77c4a3\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\EnterpriseE\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Professional\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\StarterN\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\ProfessionalN\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\migwiz\fr-FR\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\com\es-ES\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\de-DE\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\erofflps.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\UltimateN\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\StarterN\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl002.inf_amd64_neutral_e204d4267d752eb7\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnokia.inf_amd64_neutral_a8e9a41983d33a0b\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky005.inf_amd64_neutral_8836be987024e6a9\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\DriverStore\it-IT\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Ultimate\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cxfalcon_ibv64.inf_amd64_neutral_d065aec3fcf4ec4e\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\elxstor.inf_amd64_neutral_4263942b9dfe9077\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Redirection.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremium\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_environment_variables.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\it-IT\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\migwiz\de-DE\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\umpass.inf_amd64_neutral_e3be362bfab667d2\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\migration\ja-JP\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Return.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseN\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2960 set thread context of 2740 N/A C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02058U.BMP C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMaskRTL.bmp C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\TAB_OFF.GIF C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_right_disable.gif C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR41F.GIF C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0386120.JPG C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VS_ComponentSigningIntermediate.cer C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\grayStateIcon.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\README.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02897J.JPG C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\arrow.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsBrowserUpgrade.html C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0315612.JPG C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files\Java\jre7\Welcome.html C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files\Microsoft Games\More Games\it-IT\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR22F.GIF C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePage.gif C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0164153.JPG C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Part\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR47B.GIF C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\NOTEBOOK.JPG C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382948.JPG C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21344_.GIF C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\SplashImage.jpg C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099196.GIF C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_WMC_LogoText.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-security-negoexts_31bf3856ad364e35_6.1.7600.16385_none_1434ded81321974b\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..helibrary.resources_31bf3856ad364e35_6.1.7600.16385_en-us_fff56be556f7bc4e\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\undocked_blue_sun.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l2na.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8eeacc8bbc1d7c1a\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..tance-exe.resources_31bf3856ad364e35_6.1.7600.16385_it-it_74deb36d94bd1786\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..s-mdac-simpdata_tlb_31bf3856ad364e35_6.1.7600.16385_none_8d99b8faf65cdf46\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-t..ion-reflectordriver_31bf3856ad364e35_6.1.7601.17514_none_80a0bff528d7b32b\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..converter.resources_31bf3856ad364e35_8.0.7600.16385_it-it_f249f192fb93e45e\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-streambufferengineres_31bf3856ad364e35_6.1.7600.16385_none_eb86a517749854b9\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0522ecd1ea2fa29e\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-audio-mci_31bf3856ad364e35_6.1.7600.16385_none_79024acd05e90673\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..tbranding.resources_31bf3856ad364e35_8.0.7600.16385_it-it_f998bb70621dfc39\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..oradapter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_688bce682bc4b24c\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_prnca003.inf_31bf3856ad364e35_6.1.7600.16385_none_c4148f7740e2dfef\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.devmgr.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c81af0e277697bbc\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_he-il_a5612ff788fc14c2\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..in-appmgr.resources_31bf3856ad364e35_6.1.7600.16385_de-de_948f9dd6df3c4588\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.1.7601.17514_none_c239909bda09b2ac\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-huecycle_31bf3856ad364e35_6.1.7600.16385_none_810df6f57d9f2a73\15x15dot.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_netl160a.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7c260e8d374d4379\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\msil_microsoft.web.manag..davclient.resources_31bf3856ad364e35_6.1.7601.17514_es-es_aeead09ca19ac868\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_8.0.7601.17514_none_0fc0aacaa3770915\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ie-ratings.resources_31bf3856ad364e35_8.0.7600.16385_en-us_744dc9f0621c4d98\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..e-ehrecvr.resources_31bf3856ad364e35_6.1.7600.16385_de-de_552a2e0fe30db209\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..-provider.resources_31bf3856ad364e35_6.1.7600.16385_it-it_82685c3165ec1ed1\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sud.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f804fc3ab9b02239\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bNext-down.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..lified-chinese-core_31bf3856ad364e35_6.1.7601.17514_none_763763505e93084b\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\msil_microsoft.build.utilities.v3.5.resources_b03f5f7f11d50a3a_6.1.7601.17514_de-de_43c9714a467d8e9b\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Wind5cb9c182#\df5d78a6328636a4ff7bc7992531d6d0\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-mobilepc-sensors-api_31bf3856ad364e35_6.1.7600.16385_none_68b9778d5cdfa6d6\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-deskadp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_66785ef5b68459c4\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-photominfeature_31bf3856ad364e35_6.1.7600.16385_none_1bb49460b86b3cf5\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-u..-core-tsp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ca2031b623c48a1d\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_netfx-web_engine_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_c34e666ce012ebe9\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\Media\Cityscape\Windows Hardware Remove.wav C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_ecc8398c10d3edd4\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\docked_gray_hail.png C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-netproj.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_bb9cda912b93c047\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_netb57va.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3303bab87fcf7cdd\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_prnle004.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_264ccea7e8944ccb\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-accessibilitycpl_31bf3856ad364e35_6.1.7601.17514_none_5b652abeb21da986\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dssec.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5913064a54494ed7\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_de_b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..ecore-acm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b56f3a1a1dd48572\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-print.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6a78ab990b8a97c9\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..oler-core-isolation_31bf3856ad364e35_6.1.7601.17514_none_d21bb9d14b917922\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..gement-ui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_239cb8cccdbb42af\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_server-help-chm.iscsi_init.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9c47f75a94d4c99a\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_mdmlasat.inf_31bf3856ad364e35_6.1.7600.16385_none_92e94086ddebe21b\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..ility-assistant-adm_31bf3856ad364e35_6.1.7600.16385_none_7b487ca06770a648\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..-wsman-pluginworker_31bf3856ad364e35_6.1.7601.17514_none_c8755080ca6c48ea\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ipnat.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e2c0317b98bcf5c9\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..plication.resources_31bf3856ad364e35_6.1.7600.16385_en-us_915aa9599296fb2b\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0fb7f94ddcb90850\about_BITS_Cmdlets.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-h..ragelayer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f92689fcf1a7edb9\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_ds-ui-ext.resources_31bf3856ad364e35_6.1.7600.16385_es-es_79f660751417b764\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-ado15-dll_31bf3856ad364e35_6.1.7601.17514_none_6a56e7f587463b17\HOW TO DECRYPT FILES.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_modules.help.txt C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZIBXKKHVYMVCCPW\DefaultIcon C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZIBXKKHVYMVCCPW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vQVykYApjMM758B.exe,0" C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ZIBXKKHVYMVCCPW" C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZIBXKKHVYMVCCPW C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZIBXKKHVYMVCCPW\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZIBXKKHVYMVCCPW\shell\open\command C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZIBXKKHVYMVCCPW\shell C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZIBXKKHVYMVCCPW\shell\open C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZIBXKKHVYMVCCPW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vQVykYApjMM758B.exe" C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2960 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
PID 2960 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
PID 2960 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
PID 2960 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
PID 2960 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
PID 2960 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
PID 2960 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
PID 2960 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

"C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe"

C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

"C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe"

Network

N/A

Files

memory/2960-0-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2960-21-0x0000000000412000-0x0000000000413000-memory.dmp

memory/2960-28-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2960-22-0x00000000003F0000-0x00000000003F1000-memory.dmp

memory/2960-33-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2740-38-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2740-44-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2740-47-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2740-49-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2960-48-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2740-42-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2740-40-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2740-36-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2740-55-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2740-51-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2740-50-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt

MD5 84aa889a87f60a5efba19bf8d6464613
SHA1 4fe67d41d2ed917651e5820f131780bf078e3c7f
SHA256 43fc35d4b08e00236a28300d95f7426593db8f95f47e995477a77bfa5fb0ec99
SHA512 1d67c2552d16b8c9fa33417d45c8229d291077f45a12692d8a7e9ade813dbc629a4b13eb4107a773896386b9c4e6993fbefe54348568ef28f44f40c6153ff0a4

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 27c9d1245163f6a2ba76cc91b0c3bb3c
SHA1 5f126d6fca1dd15ee1a058e5e96a0b3c89dbbfab
SHA256 e25e7c97fca79b1146429e074fd830cea1283c464836c5b0e9676054e9469542
SHA512 c331ac3a69f9c599bf00cf6bc934ddb6195d8454af11603a7e954115376c8e0d1d7d9513357c2012c200a57e9ef6d43caa2d3bb3f2eae4eb0a063a825edf616d

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 331ecf38fe5668c78edb8f2bb51f0aec
SHA1 21695e4b52735a172e86a732c72202802d89731d
SHA256 0386d83e43e17e64adbf24ffa5a52d5640accdf4c8072a19f4c7e6c13f8f5312
SHA512 a7a89ea5ee617ecf375218a96e3bfbf37574b400ad3e78a7c849cce29dee873f1b364547337147f83ca2fa2dfd7c28fcccdddb17dd902eb3442c1659d20d0c2f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 371b241caff76c21d055604f7675fb91
SHA1 28bee99eadb23f6aef2bf49d609694394d4ba115
SHA256 a4725bf11da5be3e0a849b8c242a9eb1859bde3f061c8491abed29bf48dea725
SHA512 8258a5c185fee6d540ec933bceff4b9f6ef86dd47ce7b6c654065448882a5cd2036b949263504b32e74925c9d4072eb518fb86d84fa3b126c4002e2362fa7f03

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 966f4cc9ad4ff431c8f1d8d062939882
SHA1 ac03fe94102cbf1834c9a94545e3b5bfe6938b95
SHA256 a0828a0adea714702b6320c10ec46e1b92befacb621d9562db257d43e410e412
SHA512 4c9dbc87cf7ea0c757ccd5c965b9f63a5cce97bd360bf92356436fbc3eb8dfe3a9a0f4c91e7a48074a5c30543a12c944667fb0497ba13314d5d92903522673f6

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 e3adb8dda9d633a95914de56f1dbe84f
SHA1 7d321579b36f5c337868142696a1a39dbd1d920a
SHA256 e0e86d5a7275cc2315198bebd385e385700ebfec3a1f6015437f644c2afc9e22
SHA512 fc0d5fbd22924df69bc851f4dcb06c8bc3c11a63ee2f62a29cc435c63cd47ed47d7fff4e7c18c4e064d43d6d11a87fe2bae131870aad92d3230021bc0d853edd

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 5789f6e2fd217194f716477b7d2bb1cf
SHA1 677e3359be96317acc0989271ffa306f0218e547
SHA256 a68145965acc56b247030d8cbe79606490b893b05529940e652d054f803ac2ab
SHA512 7039e07572b2d143f80559bffce1a265a3c120fda3f0f801e7d14bc9ed9f409398f7dc753999c44de2940f1b032e88d306ad4adcfffd01d126112f6064db5b24

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 1af7d34ecf54e18b29b4521ade01f482
SHA1 76aeeb49f2db5b5ea19cfe94003757cf76dca92e
SHA256 761a41ab56c996490019bd9b7a2b14372d9cffa64c237284643bef9297f50937
SHA512 21989a19abbe03f023e19edb25ce57472eeb8b2a60ed0468b8753030c1b99f649e128af5eb8938162146bf64baf701b873fdc366c4094ce384c131275f6ceb21

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 8321938fde27f77a50bf2340b0fa405c
SHA1 db54bb8b6c243abdc7e3fbeacd5be46afcb150ca
SHA256 30de98a31555a2712d2fb74c6ee0b27ef1d7db74805c4116eb9d94c04ac21bed
SHA512 d3b17b98654bb73185fdb1702d5ebb0e9163230049c5af0a9966d3c74058418b14382e3ab5634020a6091723ab1c419030d3f58fcc32785ae20b885ea7e49c84

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 6cc7dc7807dcc77ede213cde5e316579
SHA1 6fa92b6c5222de926752f1870967f4256a5b062b
SHA256 dfb926a62310724d4d3bde6d018bc209d31b37a2e74e5470d1f27ee8356f672d
SHA512 1d97eacca8569ea3ff369a264718953e2d02adf7441cae137b73b306186e9131d109b67ef6560d09c2f76c201940771850680fe9ea096b29e1d049210f3d2edb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 f3633373e8e0c7766b0f95579bc4ac3c
SHA1 c7bdffe2bf44bf4c2e4439594dc21f4044b5d455
SHA256 4a17527487be1048fd913b65a1e578a44d40de9a252f2c8ce354c736fcfbcaec
SHA512 e4b7facd7f12ede517614fece819cb88de49f69491158c7c94c3b0c02fc6f1979ea9b9c882288da2fe091adc05dfd3c4ba67933ccd122d8bc44bc5d4c4a8a98a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 0874d67fd3a220a291bab11c5d6ac794
SHA1 cc6f56089dbd3b8209870a82984208c43d01cd80
SHA256 536545828d40a151b4eeade33fef03b8824a7b7cba0292ee08fd4e1511fda755
SHA512 04827149c1dee564b50cc1c596301528d08c8c80787c00e69309cbfc245d04ead4b9db14446758e4e645b6c8ee32680242415edd5af01ff485414fcb64e416c0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 3b02fe5c5472e8562208798eca30a4be
SHA1 db04ddf930e3cbd63230bef71dd3872d882dcfd9
SHA256 52607fd4de7550b57fe177f9559b0a8206a84688944e85cd56a8aa3ad8a148ed
SHA512 eb64733a22988d5532e6d07d37670a789d4c7a5de5829624d32cac65e49c7e224a19e90223e7b26dfa2d547c79a3072d659277fb11b4f8d4c2aeb7b9cdc398a8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 037a40463211dcef7895e83fbdaf51c4
SHA1 d4061d838f68179bfe857d47f7ccad8bfd1ab892
SHA256 704fb0f7bc0b9316fa7eb7d3b6a7aa433aae1a36f0e37423bebd7f9006e61eac
SHA512 0a926b8c562cda294c8828088409457a8e0800b06a560709c3015e7a312f5625821350bdc87bc241f1256bcbf51ba4585f13a724e8c2698dd8d85038100289a5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 2cc390c00a5fd530acc33d0047a41d07
SHA1 035a954db52459c1af0d1b92aba21e88820ce19d
SHA256 29e65d51175ac9cd88576b9776b55caf40f6deb643a7b134b657fc2817dca928
SHA512 df1b393bac3c7cfd1b5dd0c7ce1ae8e55d9356d72c05ef7d4c6dee8e390d65fcc3aebf681c2add565f78587aeea5814d56e728e8cdbdb5e58179dca7f69d6989

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 e4eb37d9927edd263c169bfa8380694c
SHA1 76c0dd6a9a3d175c619d73c17539b78d8a86574a
SHA256 9d1240e24a870dbdbe285e0261d62c093063b7a1d477f5a0c1d00980abee6e79
SHA512 bc93b9b4211b404cda7c9bff60bd547c7ffd1f3a2e6719ab39f4f268261239f450f6b556e643ae515943e81e95c4f483cb85740c3397a6d5963b0167c808ccd0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 0b5333afec9f35206926e204f5a0dec1
SHA1 cde48354e72657c12e47ec4f24b054f47284a26c
SHA256 7cc0c9233f07d999a7ac7f1c601f74b98c8ba825c4c275a477a4b2e4151edd93
SHA512 4c16493a1632867ed6bc4adf648bd14e1cb517b11febf6c446f93272a0aad5696956fff53cc705ab08cb2579905f8780a2a0cf25703fe01a9a18d59827611043

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 9c362b8c6b3cdf188a276b002cc14312
SHA1 2beb8de0eea83839e2309fd040e08593dc398c6d
SHA256 5b5371344edf9af149ac0c651215e0ed3d34a833e04e017ecdd8f4a919ff8227
SHA512 fe16f3bdcf60a21b97e0f90558ba5a833240a93f1b5abc8a059a3c486477b50cb59ba9fcb3d91090d699afacd225d03bf11c6830bf27385c552a9e4523ca1a8b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 189313edf729895068a09a40d48bc6bb
SHA1 f59b014b8426dff96512ef7f217f54e317fad268
SHA256 6b6672a3ba6f8294bb84551f69227a58865656c03355045cb7cfee2feb5a25b7
SHA512 fd88918c92dd23c1312044b803f893f998355342496cb97dc9c18b96d0b73f5cd0ec3d91474d702e7058a57d911a01abb0467c8a129403e8fb6b3af90028a739

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 239a81afd06619c189ef5de4e9d2b31b
SHA1 2a715c8788cae6b76c428d0e0d043ec8d18d896d
SHA256 0c521a36c64fdb6c61dc8d4d7e1a8872816b3c1d61699671c07fbb74fc85f631
SHA512 9d99b4a4c77108858c3239bbb33ecc181cb8fcc856088fecf3a1436d1c17df90d930696ae4f064cca07ebb8c5ee246e3719823f6738f67f830ecf29944c112a6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 571238b7377504c87fb90931bd3e8fde
SHA1 b1d54a5e2e1fb59bc673ad5910a8f6cdc7e4223b
SHA256 32749a6331c55f7c4b0028be698e119cc94dfe3f8e3b55616aae4a8a5aa156cc
SHA512 b0832b63561a52db5294c372218100b362f9def57710e23e47c5a7510a6b84237f9920c845f56818619ff9393ed3737883f357aeba56d7ac35cc3105f41fe8a8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 129b10bc49bb5bc1f57f72ddb004ebde
SHA1 a61a554555135bfde998ef7303f1989b87070880
SHA256 c351655e7779e970fe8681634d92622ab14efe721c5895d52a7ada2d1c5172bc
SHA512 20a17c7e639e613bbdebf8f73c4de25846eadb5fc1bd90146456dcef1bdd0219fbe97874a8ba182fbb2727ce579c96d20fa06f207b88ebf01c87a9ffb0a32a73

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 90ddbfcde3b20377a35bff127cf73ff3
SHA1 7a7ede591bf8d9f21de616367b3093b285dcb21c
SHA256 9eb0010d944bcb52540c519eb0ce7fa7a789567e706701bab250d57c01af5d79
SHA512 62608a4310529c745cec0f62aac9a49fbdd00698a2c2ff65e774797639b18a38fb9aae5de660a54e5f13c14a59627bbd7814625d694d094e3a2fb50ba0076097

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 fe670dae5a67ec4be196b6159f0fa4a9
SHA1 54b7d1ce5f11146fe70cc08ba26866fbaf7170fb
SHA256 f139cd555236f56d0eb47ba750b18f9fc63dcade07ab8ac04ce3339238f644fa
SHA512 f683cf92f425b7eb74c5a86c0fdc260649ae63af771bf99ebab9a77ca1930f0c53646e042b72a1a357b6ed04fc5c4b2a5e63235b1767c4bf82326a0652908c03

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 2191f9e12b06c48ce41f2a87c3da5665
SHA1 766db16171f27a44b3fd9c73db199f5ce5c42984
SHA256 716503674b82752ece37c7fc0e302329430d675b3fe1f8bbd6073a744d1fcf90
SHA512 dce47540f50a05a3e7ee6eca61d90998b553ee608daccf43e12fae400076e862fc5ee924e4f82639ec78bd54a82895322eb283aa2064e461136e9c52b93a8ac6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 1ff6398949983dd41121f17bb6372ce7
SHA1 9ab8267a552836d26968472d24a89352a20a99b6
SHA256 dbabe0cb31f73881e8ee5772a5872722f9326bce0694f05bc0f4ed077a3de21a
SHA512 afefd4cdad836019995189ac901920a2f1f07d6725e67ad5c54beadf5f30d5fff9a5be2965ee24bf4e042514de3fbd6e55c1e3596da6fd328265fcb85fa9c266

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 77ba715a0b8f4a96417464c1dff7e880
SHA1 037881f283a0ae8a1cffc251cbdbcbe03a70f462
SHA256 3c85e83631e5c64c73e89486c3fe9de952a203dbcdf7870c0d91618539c121e2
SHA512 1e021b19fff299543e2494bf73358e88224c6704152167779297820603913b0a6279d47d7d757b052f4cfa6de2138dd4ab339da7acda1c83269150b24b671f6b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 bbfc9fee85b3cce5e01feeadade57067
SHA1 8e41a07021da1d89dd05f25d23f74f1ef5d668fc
SHA256 aecf2f6aadd43fe06a095579ee03b2741d8996f3aef6ff5c73d947ac3c989e1c
SHA512 81c8436b4c4f259a287977e7ab01a5a5d05574ab023106c1cbd82d11e1f7445bf1c271f60f46a6f70f7381ff8e2e32e0d7e0d9bdf12256278630624849a7462d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 4a96cd84440185cb6450ff80f9515963
SHA1 21c23ba3bd1e2996cd4b30a321651131e1d0282f
SHA256 c483fa507d3ba541202dea8053c0294ba49babcca5a0a94d21bd13c9390a4f9c
SHA512 ff9fb1a1d03188adfcb066cd0407ef8c7661cf6b62bcd593a92a122b822b673a68a7f9a80ff17a6f87835edc21054b20bb4cb3bc69ad7afa0f5ba5157717398d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 52e09aaadc8c1bd1fb62c148740939b8
SHA1 1e93c9fad83ee2c11b5e74860e053ef9b22869e4
SHA256 adc8c15207c98cb57c12a70c5e50b0cf2edbee9811f8d106619d47bd869fdf22
SHA512 9a28269aeb2950e3b5fbfa76a026051edf10ac0d313c651d986183d79a5774d38db0246549d27c2e4549a0fa502a6c807a7001199cb5aa019a90972a9026dd31

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 aa0df9608730ca7882be62542c5fcea8
SHA1 b938169f5b3e2dc38859584c95bca590728d992f
SHA256 810d8e04879cb2023cf1ae4673ebbfc2c4497444cbd0d065398bc90c7d196641
SHA512 b9b8e7de87577cd2a8fa0332110d76edbff5ba1fbf834157bc43e933f89d687335935a6f5282bc756fb93f85f03300a9ab50726db89c68954759095492981aad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 ea00bdfe137da25d60eeda1a8cac86a2
SHA1 5ad3c2de5e197cafe4a8919dd357a622ef62dbad
SHA256 56d65fee28afcf0b6d2bb8857bd203db283f6620d1f0c1ad1260acaedf74b1a2
SHA512 4388a220e47ea3fcaeca93d55d9761a9c022f06e6b3ed3f1da2d3baa9ecffe19a4539a428f04595f14ec0826d0f368ea2703c848c8dc2481d7010dca934f670f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 75e246b20447144541d8e0f090ff6a6b
SHA1 e996764bb7f7ff60044654e985d93bf7cabbfe0e
SHA256 47aa405570f20e7b19b35d463009d865afb9717b8ca7378fc81db75c0e327a2f
SHA512 8e782d4a72918c8f486c5a548dbcff47f9fc5107af456366b6f3a0bbb7f14ffbce1a5aeffa92cfe2ab3e23f7711b9e22854f19f8e408c0a259a9b3ff55eee4f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 dc15280b790fca5bdbfabab3bc5446f6
SHA1 7428449183562ef329bc3fcdab355a3e5800724b
SHA256 a151d05b42161fee381ed99130f60c6002b3ccd97a10bd156fce5e3eed8dcbaf
SHA512 aef9a2f423259b83c48f9cb305192ae77fa5f2a45df59f6308079fa2db17dd52b7bf157cea269b6cdcffcd31579c112225951422963183b7e4f04ff0c481d3ff

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 ff57a6f0d9b9bc45e08c2d785863507b
SHA1 cb5e1611b69fc97af9585413409d8efb1069630f
SHA256 47ed0c154653cda79e633095b05b860ee59f8becbe27e5726cc133a46c9d2678
SHA512 dd14ad9024704eec2acded45e116e0509f75b4ea3681cd3466eedf245430380f8165766cc5e788b262d0490fe699b7c702f791f72d7464309714290a72ef0558

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 96cc94b8826144226e703172f6996627
SHA1 a6b6894ffbce36ef1bc026cae991367bad9da20c
SHA256 72aafa23161237c3ffe305f5b60bf84def198e741b56ceb79d5c76bc5b1d4c99
SHA512 3c8aae13146a89bac8eed311248f6cc992d62e4e2d961d6df83bd3aa49a9dc3b36b5b0d424b5f69485be73ea8d2facffd7c63fb47230a1e64dc8778fba9b2bb8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 b5ed2a4e21c005dfd68a5ddc944027c8
SHA1 b012bfaf356436773a9eefb71533295224008958
SHA256 a520142c90a32538118bfd76fb11b549bb2a295a202c7b555631dc0df18a6f85
SHA512 5e833354d4dc8cd6ff1c222ba891680ca04823fe246e9819ede09edfe4b92da8509c8d11f39e384c87577df3d589a76cf7507cfa8a62252705d3accb0f9037af

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 2cf1c26777eaa7724e67786a6ca48a81
SHA1 9c3132acba55cf0532b85d928e83aae04dbab033
SHA256 19bd07f62873b934a29d3eab74bb2e7f5ec5ecae751fa6499759bd9316a65ef7
SHA512 5d9d0de295687fedc342e2d05dc85b35221c9ea48ad660b70cc5ce6141e3173c1080be0a7142bf1897841348d8654710c63c55b45b3d6dc779a06528e9c36b12

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 59c102ff356b708076fc11c840ea92e6
SHA1 8fac6d7712a18d13e113b7ac07fd98fb9f362603
SHA256 33b128e9614c64504e0cea976975e96337578970285d1eff73fc1c471f40a70a
SHA512 7d327ca9f5f9cc730336193db0023ba498d6dce60bc64926aeefa6be446b04a6d86637612b13a51ed74c815927f57b8b7f183e00ee5ae341679ae5d29a37280d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 999ff477de483db6fca4043de9420d7b
SHA1 56290a59a63fc0750dd4b17a288898f86cb4b7b0
SHA256 d0bd2e06848ac27e92564c6134c4b6ae9a3d236a3a62537e9e7317665bbba503
SHA512 2d48d69406231b832de3130133d549dbdb93516dcbf0baaf01c014c6374ebd985740340320a4e03522515e1c5fb660df6902e099a959e403ff47af542ec256c2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 37bcb3378c6406012f98e09bb01543f4
SHA1 491a4e728c93e72753fb220d1ed4660e77c15631
SHA256 c262c865d610f582d647c2df016bc05a6a64c65e34700661af229d020cbe040a
SHA512 ace302257f76a2a502c30535c2bec50d04c67bc45a64ef5a9899c6073892c6601ea7bc6e6033b1dae817482034bbb6797b2f6b548b99632b4da3a246df64591e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 88f055405cb3f1036373ec29458aa04e
SHA1 6ece1dbb791601a65d92cb630acae8cb8616d4e1
SHA256 547c5402337effc10fa5a67e5dd7de9df13497bad2cfb153d29ea85e848f3ad1
SHA512 f094be8bca8731294911a1769e83f6319668dc8aba27e53fac755270136f8bf6cc94169f5ae9fefd43b22bd0e88d20d94880e8908decf12583efa99a4bd9f912

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 145842d6c8fe02679b5deb4096bad130
SHA1 699a4d263663f7bd753fc5ce2c1bffb006b4ffed
SHA256 c88b1bc2005800f2cc6ba64dc3dcb5b2c4e008a22b8bd83e053d427f3598c6ae
SHA512 d6950580bf8b615fa2deb1eaab8a9553bc0735c7d95e1189504bc2513c2228dfd9bdea2c530e0ad83958fad87acc19c7c834bbbb44fd673709f5be4bad21e9fe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 ff964617307777c91053a822cb6d7c01
SHA1 300c86581d3c540058196f97145d31d6e4114b1b
SHA256 23d066eb19d60da76aa3c00607ef20ad069ee5a3303400d427928e8812c46819
SHA512 4e81825e522ea80eb48d961aa319f42bc34101f5763324c95a2de2d9341b4e8a6959ffdf954780a2204c51e16fc7637ff8b391bbe5930dc087b9689bd109185a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 fb7ef9bf5138a01442a111f9176b2706
SHA1 884f716bc9ddcad0a7df541cd6afcf1738faad3c
SHA256 63205119b10b720404aa0088f988c4040d8457a57a36ae5910bc20ff09c553ab
SHA512 da53b773ac2e949b533de2f820c80581e508d6bd53de6419932ec5e1ccae44cb96611d53c44755cf96c194625ce34f995ec6458369fa1244512a29f48e54f5b9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 f38758e1513385075b72b53a280ab302
SHA1 d31fa8aba3282fa49ba32f1a9f5246d939c288c6
SHA256 f25cc7b3162b8817152712bb9472244d42d0e01ab81ab6ce4800b112653087a7
SHA512 ce5438aea734081098246fe499914bae2be0fbfcb8a48f85abfa30ce38c96a712dd88fffbd3f65fd0ebad77ac6b3663a018cc8b64e6afe54b3e0d95b80b7596d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 529610eadb200dec457b8ca9509793c5
SHA1 35822e8762aa6c342503b13cf6ca546ee5ae20c5
SHA256 5830b60ea874131243788e4e92b6f6e6d79477685d09a374f966d07984a85f5e
SHA512 22100675f81a9b70fab257fa1aea73222dcec9fff39797adaeef470c0ab1433b8bb12d350cc8ccdb2f6b99419db29aafe4f11e7af612499438150cfb49fff982

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 5a777f24df2f3a838c54a2eeece47c5f
SHA1 b3ed1cafbb1ec3a16b40aa155868474f108b1d6c
SHA256 d65f339175116d39d5e60559939fd8bccb303f3a0c1b8f4e70fe73c04478891b
SHA512 edd206aad270b2e30f59852e3f9623d6eb69d42c95c6def5c2cb4dfe32ca0d0ffad0ceb0af6c87b2330e27055bc04ce4ccec4afb6adc9256a9fe3e112e75a46b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 a1860c16a2e6d7531411610550892fe8
SHA1 b656cc0a27c3677bf6fbee9dc050e4336b3be89c
SHA256 d2fcaa260240d9cb0c73fce0db625f9317b82674c8054d878a0bedfcfa71b80b
SHA512 0899319cb416e4bdf4c0b9df22ce0c1def403f8d9327dd6e88ae53b0971f8810ecc08938969f893b86b0d3676b33d83c5375102d65dd1f67aad9274003cd8fcb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 c9a07ce0901259930e2667bb8724b281
SHA1 4490a70fe323700b51e58331cb5938e0dbc4cc19
SHA256 25ad073765302530d4d99f9faff234a46f23fa621b08a6121ab5d1b3c83c113e
SHA512 d37e64fa87b065c77dc6656312b8a4c4efa6161272cd7eca8bef04646ec619dff544c41b554d160847669d8d1c5986b56c96d726b0f2149299bfcb925de50108

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 7fe23a7a8a2b1e39855bb443c3549007
SHA1 4cb92470641a6e0d5fec3ad21c4da30f400a7c08
SHA256 46d40020b0d1e82e0ee3c81fc6338b1bea27866ec5e1b7ebbf516a8b723c84f4
SHA512 848af5a09029347af5653878c67c58f68522dd937fc078ce7dc6c0a985fb7fb209b2c70e2949b66ac341dd53f49adf8517867f18024d53024d53ab30ce16af5c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 104a8fc104adaa6ec0b908110029f029
SHA1 db9246d360163a0002e1cba970a0d8e468a00d41
SHA256 2a975372744f4901d0e527773a5aece8ab49574d300d480817d2ab5e0ba30c8e
SHA512 07221ed73cfab40949411192c34b101251cf58bc7445933d9ec8b02cd86ea6273c0043797d2e1015600593e0671cd24269ee2d311650af1b88eed81d06893ae5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 199b5c0a10456d55a63e1d5d31ef931b
SHA1 d768145dfb504e3f1a3abe5c2549581036455ea7
SHA256 a299207d72efd127b79224d01025f5f27cc721e4959a4fa93bab10ce1cde6a75
SHA512 f01fc015f1bf05dbfea8a793503564fd367667a519b62546eaff234fed4cb4a3f7c76c5c86f418fb9f156d4cdeb5e72acd29497c4e4d29bb6f1c99d08924d262

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 eb6f6b867242d0d794fa5d7494a3fc5e
SHA1 999ceccd9fcdf73691d04493cc33e0e41d9c1b49
SHA256 af79cebd96f06612eac986adc6ce098d66408e751dbea2a96dc65a0a34ae9ebf
SHA512 b8d3019b33cb18cbe0160bfb88abe9d9625b545e7b54f88f29b23b80542cda356d9a099cd71d7fb67e7d2407486f2901248b214770dd7d811e7d6b24d2f71ecd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 d40f18421223be9fbafa73f4d2d3549b
SHA1 2a6192a75767259e4983e715a733fcc31f32d130
SHA256 ded969a81919b844096029bd067ce71f9b1d8a7fc84494ccad55d663bd3d76fe
SHA512 51158af49a9d4bf23bd1d844d4065b4074d15c4c080062bb9556f1592d26d6aede2fb513deafb6753acacbc3371fa6a5638b398bcf1dd1b4a22b630ba289048c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 5bd49cf1243394561e3fbaa0242bc501
SHA1 5c402d4629e8973676bc0233cf712cd36ab325d4
SHA256 eb0116877343e27cdd9dfefec196d1230aaff96fd38f8ec0cef4d831cb647bb9
SHA512 458621c66b057a9837c677f76f9e76122067c57df58a8c42e62e99fc3f5217eb51f4d2394713980726ceffa547ef37441105b3741036374298e6e8383d94575f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 97ac4bdc1da5ef7d7cc21a02de934423
SHA1 830ce88d496230d529bc507bd51b07123b2ab5f3
SHA256 4a8e5c94f264aeda3bda0abafc9d7236f7775a2b7d1f233fd18712fe9360be7c
SHA512 3dcee6c41ca476c8b35fc384a638abdb6de2461bf435a31b4f3fbc5e1db98a6fd69521112b42f3d8203375b728b5fb4707095b85d6486c96ec49f7db123ab416

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 a2b435a9ee8eba8b3a732af749cc6e99
SHA1 0909fa22df696dc1afcc5206e56c405320fb9f80
SHA256 3374217860b15d352e6eb55a44501550f672ae986b42db66829dbf79959c61a7
SHA512 b9381a90d6fb4e4219dd2d999166cd2a789021539c33f922f1e674673852f9c7eb043cf48b4f1d4e85afcca3a548e3025ac039722879b4669554fd8906fa401b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 fb101ff707df20cfb23be6df94c1e01d
SHA1 7d2f9252c7e8b7d929ab741d4d888007fc5d1dac
SHA256 c8df420f7ee9a895c5a7cab749e6914ff5af06adc3f74e2f74cb6a0dfd25fffe
SHA512 153b41a2da57dd541076ac7e8ffe440b1252c2a6d7bcb1c895229e65c67f02d440d24e8daeb01a9b77740ae1040b72e2b1c281ffaf8e44644c2e04a77a0ca91f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 af9eae512bb1fe024a90df083bb9628c
SHA1 349ba6a80e54ca46f3808df8bdeb4a32c9c7a44a
SHA256 f46e2e37aba8dbcc957f979861de961eb9d0e42cad9a53c994f197825f6c7bb3
SHA512 d1c24d52ba800ee9d57ba9a93b2ffd49047c8ee1c9e019ed9039be33f9ffcdad688f8233270fa2b2bf13d287f856a3bee93882d87a8abd6443aa085ddbf6e9b9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 f1d7c3479982db1eee8069c3d398c7fa
SHA1 924629b426685ea84ec83bee1d057041c9821529
SHA256 cac8425aa84352cf861e1334954feab1ccdd71a2b3e8a92f0a9086620077b4fd
SHA512 8e30700061a1fe0198137750e5778b9bce8cd3abf1c9a83fb77efaf1a92e21eb2cc6c80eadca920337712dec3c3358cb35f4e334afb16f8f709dd3abc3bae429

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 6fbe7345ffb868d21ee2dfeddbc9fca0
SHA1 7bffbec9772f2137f76843dcef120732b36d2f68
SHA256 72d6cf5bea78745a8db2207c9e3835ae4ce36c5cee1f70253886835e60990d85
SHA512 879f9d171eafcd4b9a8225d679a33ceb409d295e1dc7b18049102691ff0673623c1c082b6252d3976237d7a413408408407e63a05eba48834fd7d0c340aa4f01

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 2cde10b142e0e2a2ef03efeca791a46c
SHA1 c323134f4c29d40e92fc61fa46468c8d3cd5d0b7
SHA256 a1a7536150a3fafa238d3862363eb66b5abd05a5b6d533a10a47c15f9944c0f8
SHA512 2f7fe733d57b00a7927bbbf1efcb73bc9ea9758d2101cbf83fe6609bcc53de0cbd0fb0625ece2ea439771c1cb2b20a9e9c6ecda9bc035b345dd88a4b45280134

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 76495b6cf106051aa1ba8037a1ca934d
SHA1 949447acc4b553113a8261b8777ff202936e771d
SHA256 12f098b9712c6bc602a8a58a1aae93fb2e31fd70dddbd41c42be7f8d6014fa69
SHA512 ba726e2246a6253f77ace8f714d9657ff458543ff75e8411ae585cc09614d3fa3b791a766621ab9a38793258393327fff7eb118cb0b51d3f13d7c8960c38a273

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 b7412761d9fb158d2665c7bebefb6a11
SHA1 00d9429c8b1e28395bb5ea5d16eb33cd501c4f6d
SHA256 b90189b5db13e7a61f0ca6dc1a7e7238c524f78f9039e67b13d7e80e3bfc4cff
SHA512 7896f47a94efee6fbbe44448c07fc80af40d81fbc29da8140478419d4fa2e5e07b047366226492326596e4a4db50ff00a80d39b3c98cd6730f63e9c3040c2db2

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 5d92af01977406945c2816e61e8dfd54
SHA1 e30a5794ebfd008bf6c243bd2b85848506f9a433
SHA256 88971b384a86c5fe7286b3cb84b0975e901835cea27ccf8b5e8cfc76f8d2560a
SHA512 1a1d545689cf2712f0fee43678b5a848a98b859ad1e7f279ee506cf62456859b138b05d65cf12ecc131892147fcb5d5df9cec43e68daa8ed5535b06102ecaa2f

memory/2740-7365-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2740-7499-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2740-7503-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 66c643fe3add0b511f0667f7190daa3d
SHA1 bede5464a77e2b9241103883351d67591f3c829c
SHA256 53841b17be03947251789fd8843814b2d686a330e353d0934ba59e8a42d440c5
SHA512 ed3f84325e86115948b8b59a534f5cd7153b9b9e1fa6e532ba092ec77eb60fd43f57bc3056bcca6f171ca59dcabe5964a864c2b9299846e0a9163a1ce9e28578

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 95e26a99f1735b921594c263341ce2c1
SHA1 01b3a9a236573f120f0c786124ee9ff2ba96f700
SHA256 59105a9f1c1c11ca4e7abb87a266e7b2bc594d6a9d4b49d51bd4afc958b4713b
SHA512 30ee1538d076d742a8e684d157c16d71daa37f7054711bb9368e3d2f69a2795a0f972fcb298becb527eaf1dae4632aae86db09e210af75f1ad554eb07e8a484c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 c4c893bd72e7f20347c96166150212be
SHA1 b521785d1972475fc0451b4e185b69d70a0f002d
SHA256 b3065b47d6999dd2dff7f1cbd2a490a1a0cc14925264e77ffe4a78c40f2fa014
SHA512 d9a994ad6d864e2b890047e14a55cb354d03a782387276f45dce56019ce32daf4e25d01d59ffe337e54645f7f94ff790ae81218ba04a37b941295066e11e5da5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 92ca8e0fcf7c5f1c4094b66090b90391
SHA1 73f9dada15010e660e996c270b7e66dd4fdd4cff
SHA256 e3bcfd660c68d3dcb98f84447d260f4adccacbea46f6deec8dfc315a0ae8366a
SHA512 1df478d4a29b9b853d4f4270a48d1233afe397537ef6685e2a9145b00e89fba82780c4638afe6fc8dd14ebfb17b5429a8492c40e531fe674df41bc674ac6057d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 48d0e43e1ff4c61cbb4819b6cc87b8e9
SHA1 78b5ed201b438366946419de394450d6dd63adcd
SHA256 f8642f052cfe5bc6543252bc9ac14dd3d5323d7e9cafe0e2e0d4d8ce08224f6d
SHA512 d7ace69436d70f1b19b0069ef55773d8e9a2a9b8ce5795649141deb9ec2ba83b42b836830e3bf53f2be66ff3f6b14a7ac208b908864f100ed492048158240750

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 e464aeb5dfe85b1a1ccb00ef09935905
SHA1 f89e3586da1385be7826f4a3163bbe75ae84594a
SHA256 ab393467312bd56b428392b869cef5ad1778ff3af8cdc4c58d636600cc597078
SHA512 3efa2c00c0b96e566a3aa9d5b0ab04a75116655a7d8af0e45795e26992e31ac8f8f5f696b76573c2b208232ea53b8b8b33514d957fb9a25ba719733c641f77e8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

MD5 c184ee4c96058287f30cac484bd9ee8d
SHA1 7a8ee8b9769d276b1aeea044fc74c1cd441a3d6d
SHA256 45ee7e26cb782243f7ae1f50c99dd6bfc77fe844dccf875d349781ef044ba4c4
SHA512 a40597141e860e48bf58f8a6f9d41edb8ea01a6cf3baa82d86242898c4b44821471722b5bd12c3b42ac15f8c989ad9697c724026555d8585c9ac25792418e495

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

MD5 74a92b45e5cded1b5af9fcb568ef242d
SHA1 c5d110452493c1b92cf3db67b39779e5a3e7ec6f
SHA256 93afba154fd15e29879528cd877791b73dd2acbd8549020b912450ca3e26dd59
SHA512 72eff94a1b385c602720d437e8d1ca273c0c7556b2dfeefe571e455ab884574ab80e2e19770572cdbda0330fe5d19388aa8da7d82d703c4a5dfc53163e8b8c8b

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 91f00ff2312c7974c0d2902391da8399
SHA1 4f8ad04d575cc8914fc6cf58695429836eaf711e
SHA256 542013c56fb0fa58084282b35891362bf8d2a516cfcc418ea3efc7e8a37db86b
SHA512 42ec7fd1e2646ce908e60480d51c021ab4fc78aae43e8004b33400d38d620c3fbbb4454d61cd7ee8db84d7742085ad2eecac0e2ac090af52c642d942614bf2a0

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 6e7f2dd48c147b13d485f6c839d41846
SHA1 ab257d2d00400f165c3848af78e984f9cb6bf767
SHA256 f7e05c4121962c4c052c81b0b8c0151afa4ae01eb2b52c37f4c626c2f9a22b05
SHA512 7f36fbfad0aeeb038ecbdd3bdd182cdecbfd624db8f7c69e58f569e35e29c592db66dbed0aab025ecaa9c1f7cf6c6df9957195207288c42feec72f6de0814789

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 744e7b23d328c836034fd5ca01423ddf
SHA1 b1e81e0d03a722341145e2e4e17dd69dd2285010
SHA256 727ea69cbf7f5d1e7bfb12d05ca3adb4ed647b548a41eadcf7ea66508aecdd4a
SHA512 f7c9facf0e90e8a091465fe124389b89793c55b7eed21bab610da5a606d57e9009ce9c394b60ee6cdcbf118b628cdf9f37d58d49c0a8370c3f1a95edf81f1ad5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 41526eaef057cc772abb093fcf3a2f09
SHA1 7ac26633f72ef4e634f665242977ceb9405bc983
SHA256 70964a3775e2d2e9dbc68ac218fb0a30b45460f8327d0dce70eefa439f9de82d
SHA512 89d44d65d738891559d0ee3e78fe3dfa46476d7418b5be8d989f3788d19a09914b41b2c8cdcdb126b2e1fc106832382038a2a201d2df6e531bd375fcca38162a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 0cba4e5e16ab58e7b932c885915de1d2
SHA1 07cdfdd0dd483b5200e3e8a838cce317365534a9
SHA256 6ae30d8599094052b05af2e94519d3f0f8905a425ed9e6538ee3b65980f9bce3
SHA512 366d986db2aec0158a48d079f1f12dc30d7cf1db717cf1608d95d971d0d9850752a87e938533f3062a8c15126c5fc3a13249a0d2b44b58fbbbfcfc997cd08e73

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 f1d235b8ead9bae3004d2828c13c95f6
SHA1 d88007a4623301884d63365b7f5f5576adea7e92
SHA256 feca6b69af4912dd3b1f04dfc091bd73070f2f29abcdc38ef69f185526f5c769
SHA512 07af1cd5cc2e753b056d2ef70f1775f40b814721672229f243f6cfe0f2a3a0ad7952ec1b903e870c355f135a65d0a1334403e3370c72d71b0fa6e36cbca97577

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 26ba333e7a7d012f740b211ac508d149
SHA1 ec4b64c6de7c16249ef9aa7ad2c28cce782f7140
SHA256 315291cc7a3b5aa1fc7eed56347bdd68fdff3cd77240ee58ad07b73388408de3
SHA512 0acaa61a8b6f6984137d20389a7c6085afbde06df45cff2fb112bf9884280b7dba6a38ceb9cd92124f53c1d1a9ffea0691a371525da4048c2ba8358f57f621bc

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 7344a100eae6134cca920134ba6f3d1d
SHA1 02659c0b1d95addb9498beac7faf7d0acac7e34f
SHA256 8f6ab273a64fb63622e6c307b270f5d5c9c6ce9012b385ed5e5426801899eba0
SHA512 d61814141277177fe26dd04f86bf736d705cd655db9342031945d1a89f5a39913f3d2d1ac2a7826ce1561a544dfd6a8bd0f24cc6459ddafe54f8f49da1274607

memory/2740-9122-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2740-9123-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2740-9125-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral18

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:49

Platform

win7-20240903-en

Max time kernel

599s

Max time network

597s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe"

Signatures

Deletes shadow copies

ransomware defense_evasion impact execution

Accesses Microsoft Outlook accounts

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts C:\Windows\SysWOW64\explorer.exe N/A

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Windows\SysWOW64\explorer.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uqidaken = "C:\\Windows\\omumonim.exe" C:\Windows\SysWOW64\explorer.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\omumonim.exe C:\Windows\SysWOW64\explorer.exe N/A
File created C:\Windows\omumonim.exe C:\Windows\SysWOW64\explorer.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\vssadmin.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2664 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe
PID 2664 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe
PID 2664 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe
PID 2664 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe
PID 2664 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe
PID 2664 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe
PID 2664 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe
PID 2664 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe
PID 2664 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe
PID 2664 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe
PID 2664 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe
PID 2808 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe C:\Windows\SysWOW64\explorer.exe
PID 2808 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe C:\Windows\SysWOW64\explorer.exe
PID 2808 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe C:\Windows\SysWOW64\explorer.exe
PID 2808 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe C:\Windows\SysWOW64\explorer.exe
PID 2808 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe C:\Windows\SysWOW64\explorer.exe
PID 2568 wrote to memory of 2532 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\vssadmin.exe
PID 2568 wrote to memory of 2532 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\vssadmin.exe
PID 2568 wrote to memory of 2532 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\vssadmin.exe
PID 2568 wrote to memory of 2532 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\vssadmin.exe

Uses Volume Shadow Copy service COM API

ransomware

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Windows\SysWOW64\explorer.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe

"C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe"

C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe

"C:\Users\Admin\AppData\Local\Temp\Transazione.Pdf______________________________________________________________.exe"

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\system32\explorer.exe"

C:\Windows\SysWOW64\vssadmin.exe

vssadmin.exe Delete Shadows /All /Quiet

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 octoberpics.ru udp

Files

memory/2808-0-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2808-2-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2808-15-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2808-16-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2808-18-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2808-11-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2808-9-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2808-7-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2808-6-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2808-13-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2568-20-0x00000000000C0000-0x00000000000FD000-memory.dmp

memory/2568-19-0x00000000000C0000-0x00000000000FD000-memory.dmp

memory/2808-31-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2568-27-0x00000000000C0000-0x00000000000FD000-memory.dmp

C:\ProgramData\orejemyruredyvik\01000000

MD5 e982953f4b15ad41dbccb13a09970214
SHA1 152b6ec0bda40347968c560f370e8f2089cb0436
SHA256 4c953b87b35c7764a32cbcde63ea1fb2f1563883f28ef209718604c48ba497e3
SHA512 60d9dc59ad324523ecc5f6933aada9a13cb5e9c67ba0b0e60007d784e17194da2e7308050ce1084c377a965a58bd846fd065c4589c5bc169666915fb557e6124

memory/2568-32-0x00000000000C0000-0x00000000000FD000-memory.dmp

memory/2568-33-0x00000000000C0000-0x00000000000FD000-memory.dmp

Analysis: behavioral25

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:53

Platform

win7-20241010-en

Max time kernel

590s

Max time network

361s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bldjad.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bldjad.exe

"C:\Users\Admin\AppData\Local\Temp\bldjad.exe"

Network

N/A

Files

memory/2316-0-0x00000000001B0000-0x00000000001E0000-memory.dmp

memory/2316-1-0x0000000000400000-0x0000000000430000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-22 17:00

Platform

win7-20240903-en

Max time kernel

581s

Max time network

591s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AES-NI.exe"

Signatures

Renames multiple (8207) files with added filename extension

ransomware

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A

Creates a large amount of network flows

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Chess\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Public\Music\Sample Music\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links for United States\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\HE9LBEC2\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Public\Pictures\Sample Pictures\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\RM4QEUM4\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Hearts\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Public\Recorded TV\Sample Media\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\QJELLEL3\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Purble Place\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Solitaire\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Public\Videos\Sample Videos\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\YLJ4V77F\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Mahjong\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Public\Recorded TV\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Microsoft Games\FreeCell\desktop.ini C:\Windows\SysWOW64\svchost.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D73CE810F817D372CC78C5824C36E338 C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\state.tmp C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D73CE810F817D372CC78C5824C36E338 C:\Windows\SysWOW64\svchost.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\QUERIES\!!! READ THIS - IMPORTANT !!!.txt C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA01123_.WMF C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02398U.BMP C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00452_.WMF C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\localizedStrings.js C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\settings.css C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\!!! READ THIS - IMPORTANT !!!.txt C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287415.WMF C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02426_.WMF C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\LAYERS.ELM C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\!!! READ THIS - IMPORTANT !!!.txt C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\!!! READ THIS - IMPORTANT !!!.txt C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pa\!!! READ THIS - IMPORTANT !!!.txt C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\DataType\!!! READ THIS - IMPORTANT !!!.txt C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\STSLIST.CHM C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14795_.GIF C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152708.WMF C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0232393.WMF C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\WATER.INF C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\et\!!! READ THIS - IMPORTANT !!!.txt C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\modules\!!! READ THIS - IMPORTANT !!!.txt C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\!!! READ THIS - IMPORTANT !!!.txt C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\!!! READ THIS - IMPORTANT !!!.txt C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\INFOMS.ICO C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\MSTAG.TLB C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\STOCKS.XML C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\highDpiImageSwap.js C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\!!! READ THIS - IMPORTANT !!!.txt C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0157167.WMF C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\PREVIEW.GIF C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_down.png C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Program Files\Windows Defender\it-IT\!!! READ THIS - IMPORTANT !!!.txt C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\!!! READ THIS - IMPORTANT !!!.txt C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DISTLIST.CFG C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0106572.WMF C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02886_.WMF C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\STUDIO.ELM C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\!!! READ THIS - IMPORTANT !!!.txt C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\!!! READ THIS - IMPORTANT !!!.txt C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00018_.WMF C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\!!! READ THIS - IMPORTANT !!!.txt C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152606.WMF C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Program Files\SearchPush.mp4 C:\Windows\SysWOW64\svchost.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\svchost.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1" C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\SysWOW64\svchost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F5D4FD4F-2F39-4FD7-8907-1D1F1B6F9E0E}\WpadDecisionTime = 50fc02a2fe3cdb01 C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SysWOW64\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" C:\Windows\SysWOW64\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0" C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SysWOW64\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F5D4FD4F-2F39-4FD7-8907-1D1F1B6F9E0E}\WpadDecision = "0" C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SysWOW64\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F5D4FD4F-2F39-4FD7-8907-1D1F1B6F9E0E}\WpadDecisionReason = "1" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F5D4FD4F-2F39-4FD7-8907-1D1F1B6F9E0E}\WpadNetworkName = "Network 3" C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SysWOW64\svchost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SysWOW64\svchost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f00b8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\SysWOW64\svchost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F5D4FD4F-2F39-4FD7-8907-1D1F1B6F9E0E}\72-3d-03-6b-26-f2 C:\Windows\SysWOW64\svchost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\72-3d-03-6b-26-f2\WpadDecisionTime = 50fc02a2fe3cdb01 C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F5D4FD4F-2F39-4FD7-8907-1D1F1B6F9E0E} C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\72-3d-03-6b-26-f2 C:\Windows\SysWOW64\svchost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SysWOW64\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\72-3d-03-6b-26-f2\WpadDecisionReason = "1" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SysWOW64\svchost.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AES-NI.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\AES-NI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2572 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\AES-NI.exe C:\Windows\SysWOW64\svchost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\AES-NI.exe

"C:\Users\Admin\AppData\Local\Temp\AES-NI.exe"

C:\Windows\SysWOW64\svchost.exe

"C:\Windows\SysWOW64\svchost.exe"

Network

Country Destination Domain Proto
N/A 127.0.0.1:49216 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.18.190.80:80 r11.o.lencr.org tcp
DE 131.188.40.189:443 tcp
DE 193.23.244.244:443 tcp
N/A 10.127.0.1:139 tcp
N/A 10.127.0.2:139 tcp
N/A 10.127.0.3:139 tcp
N/A 10.127.0.65:139 tcp
N/A 10.127.0.66:139 tcp
N/A 10.127.0.67:139 tcp
N/A 10.127.0.4:139 tcp
N/A 10.127.0.68:139 tcp
N/A 10.127.0.69:139 tcp
N/A 10.127.0.70:139 tcp
N/A 10.127.0.5:139 tcp
N/A 10.127.0.71:139 tcp
N/A 10.127.0.72:139 tcp
N/A 10.127.0.73:139 tcp
N/A 10.127.0.6:139 tcp
N/A 10.127.0.74:139 tcp
N/A 10.127.0.75:139 tcp
N/A 10.127.0.76:139 tcp
N/A 10.127.0.7:139 tcp
N/A 10.127.0.77:139 tcp
N/A 10.127.0.78:139 tcp
N/A 10.127.0.79:139 tcp
N/A 10.127.0.8:139 tcp
N/A 10.127.0.80:139 tcp
N/A 10.127.0.81:139 tcp
N/A 10.127.0.9:139 tcp
N/A 10.127.0.82:139 tcp
N/A 10.127.0.83:139 tcp
N/A 10.127.0.84:139 tcp
N/A 10.127.0.85:139 tcp
N/A 10.127.0.86:139 tcp
N/A 10.127.0.87:139 tcp
N/A 10.127.0.88:139 tcp
N/A 10.127.0.10:139 tcp
N/A 10.127.0.89:139 tcp
N/A 10.127.0.90:139 tcp
N/A 10.127.0.11:139 tcp
N/A 10.127.0.91:139 tcp
N/A 10.127.0.92:139 tcp
N/A 10.127.0.93:139 tcp
N/A 10.127.0.12:139 tcp
N/A 10.127.0.94:139 tcp
N/A 10.127.0.95:139 tcp
N/A 10.127.0.13:139 tcp
N/A 10.127.0.96:139 tcp
N/A 10.127.0.97:139 tcp
N/A 10.127.0.14:139 tcp
N/A 10.127.0.98:139 tcp
N/A 10.127.0.99:139 tcp
N/A 10.127.0.100:139 tcp
N/A 10.127.0.101:139 tcp
N/A 10.127.0.15:139 tcp
N/A 10.127.0.102:139 tcp
N/A 10.127.0.103:139 tcp
N/A 10.127.0.104:139 tcp
N/A 10.127.0.105:139 tcp
N/A 10.127.0.106:139 tcp
N/A 10.127.0.107:139 tcp
N/A 10.127.0.16:139 tcp
N/A 10.127.0.108:139 tcp
N/A 10.127.0.109:139 tcp
N/A 10.127.0.110:139 tcp
N/A 10.127.0.111:139 tcp
N/A 10.127.0.112:139 tcp
N/A 10.127.0.113:139 tcp
N/A 10.127.0.17:139 tcp
N/A 10.127.0.114:139 tcp
N/A 10.127.0.115:139 tcp
N/A 10.127.0.116:139 tcp
N/A 10.127.0.18:139 tcp
N/A 10.127.0.117:139 tcp
N/A 10.127.0.118:139 tcp
N/A 10.127.0.119:139 tcp
N/A 10.127.0.19:139 tcp
N/A 10.127.0.120:139 tcp
N/A 10.127.0.121:139 tcp
N/A 10.127.0.122:139 tcp
N/A 10.127.0.20:139 tcp
N/A 10.127.0.123:139 tcp
N/A 10.127.0.124:139 tcp
N/A 10.127.0.125:139 tcp
N/A 10.127.0.21:139 tcp
N/A 10.127.0.126:139 tcp
N/A 10.127.0.127:139 tcp
N/A 10.127.0.128:139 tcp
N/A 10.127.0.22:139 tcp
N/A 10.127.0.23:139 tcp
N/A 10.127.0.24:139 tcp
N/A 10.127.0.25:139 tcp
N/A 10.127.0.26:139 tcp
N/A 10.127.0.27:139 tcp
N/A 10.127.0.28:139 tcp
N/A 10.127.0.29:139 tcp
N/A 10.127.0.30:139 tcp
N/A 10.127.0.31:139 tcp
N/A 10.127.0.32:139 tcp
N/A 10.127.0.33:139 tcp
N/A 10.127.0.34:139 tcp
N/A 10.127.0.35:139 tcp
N/A 10.127.0.36:139 tcp
N/A 10.127.0.37:139 tcp
N/A 10.127.0.38:139 tcp
N/A 10.127.0.39:139 tcp
N/A 10.127.0.40:139 tcp
N/A 10.127.0.41:139 tcp
N/A 10.127.0.42:139 tcp
N/A 10.127.0.43:139 tcp
N/A 10.127.0.44:139 tcp
N/A 10.127.0.45:139 tcp
N/A 10.127.0.46:139 tcp
N/A 10.127.0.47:139 tcp
N/A 10.127.0.48:139 tcp
N/A 10.127.0.49:139 tcp
N/A 10.127.0.50:139 tcp
N/A 10.127.0.51:139 tcp
N/A 10.127.0.52:139 tcp
N/A 10.127.0.53:139 tcp
N/A 10.127.0.54:139 tcp
N/A 10.127.0.55:139 tcp
N/A 10.127.0.56:139 tcp
N/A 10.127.0.57:139 tcp
N/A 10.127.0.58:139 tcp
N/A 10.127.0.59:139 tcp
N/A 10.127.0.60:139 tcp
N/A 10.127.0.61:139 tcp
N/A 10.127.0.62:139 tcp
N/A 10.127.0.63:139 tcp
N/A 10.127.0.64:139 tcp
N/A 10.127.0.129:139 tcp
N/A 10.127.0.130:139 tcp
N/A 10.127.0.131:139 tcp
N/A 10.127.0.132:139 tcp
N/A 10.127.0.133:139 tcp
N/A 10.127.0.134:139 tcp
N/A 10.127.0.135:139 tcp
N/A 10.127.0.136:139 tcp
N/A 10.127.0.137:139 tcp
N/A 10.127.0.138:139 tcp
N/A 10.127.0.139:139 tcp
N/A 10.127.0.140:139 tcp
N/A 10.127.0.141:139 tcp
N/A 10.127.0.142:139 tcp
N/A 10.127.0.143:139 tcp
N/A 10.127.0.144:139 tcp
N/A 10.127.0.145:139 tcp
N/A 10.127.0.146:139 tcp
N/A 10.127.0.147:139 tcp
N/A 10.127.0.148:139 tcp
N/A 10.127.0.149:139 tcp
N/A 10.127.0.150:139 tcp
N/A 10.127.0.151:139 tcp
N/A 10.127.0.152:139 tcp
N/A 10.127.0.153:139 tcp
N/A 10.127.0.154:139 tcp
N/A 10.127.0.155:139 tcp
N/A 10.127.0.156:139 tcp
N/A 10.127.0.157:139 tcp
N/A 10.127.0.158:139 tcp
N/A 10.127.0.159:139 tcp
N/A 10.127.0.160:139 tcp
N/A 10.127.0.161:139 tcp
N/A 10.127.0.162:139 tcp
N/A 10.127.0.163:139 tcp
N/A 10.127.0.164:139 tcp
N/A 10.127.0.165:139 tcp
N/A 10.127.0.166:139 tcp
N/A 10.127.0.167:139 tcp
N/A 10.127.0.168:139 tcp
N/A 10.127.0.169:139 tcp
N/A 10.127.0.170:139 tcp
N/A 10.127.0.171:139 tcp
N/A 10.127.0.172:139 tcp
N/A 10.127.0.173:139 tcp
N/A 10.127.0.174:139 tcp
N/A 10.127.0.175:139 tcp
N/A 10.127.0.176:139 tcp
N/A 10.127.0.177:139 tcp
N/A 10.127.0.178:139 tcp
N/A 10.127.0.179:139 tcp
N/A 10.127.0.180:139 tcp
N/A 10.127.0.181:139 tcp
N/A 10.127.0.182:139 tcp
N/A 10.127.0.183:139 tcp
N/A 10.127.0.184:139 tcp
N/A 10.127.0.185:139 tcp
N/A 10.127.0.186:139 tcp
N/A 10.127.0.187:139 tcp
N/A 10.127.0.188:139 tcp
N/A 10.127.0.189:139 tcp
N/A 10.127.0.190:139 tcp
N/A 10.127.0.191:139 tcp
N/A 10.127.0.192:139 tcp
N/A 10.127.0.193:139 tcp
N/A 10.127.0.194:139 tcp
N/A 10.127.0.195:139 tcp
N/A 10.127.1.71:139 tcp
N/A 10.127.1.132:139 tcp
N/A 10.127.1.67:139 tcp
N/A 10.127.1.73:139 tcp
N/A 10.127.1.200:139 tcp
N/A 10.127.1.199:139 tcp
N/A 10.127.1.66:139 tcp
N/A 10.127.1.194:139 tcp
N/A 10.127.0.196:139 tcp
N/A 10.127.1.195:139 tcp
N/A 10.127.1.72:139 tcp
N/A 10.127.1.193:139 tcp
N/A 10.127.1.197:139 tcp
N/A 10.127.1.201:139 tcp
N/A 10.127.1.129:139 tcp
N/A 10.127.1.65:139 tcp
N/A 10.127.1.196:139 tcp
N/A 10.127.1.49:139 tcp
N/A 10.127.1.130:139 tcp
N/A 10.127.0.197:139 tcp
N/A 10.127.1.1:139 tcp
N/A 10.127.0.198:139 tcp
N/A 10.127.0.199:139 tcp
N/A 10.127.1.2:139 tcp
N/A 10.127.1.3:139 tcp
N/A 10.127.0.200:139 tcp
N/A 10.127.1.222:139 tcp
N/A 10.127.1.203:139 tcp
N/A 10.127.1.250:139 tcp
N/A 10.127.1.224:139 tcp
N/A 10.127.1.234:139 tcp
N/A 10.127.1.241:139 tcp
N/A 10.127.1.4:139 tcp
N/A 10.127.2.0:139 tcp
N/A 10.127.1.211:139 tcp
N/A 10.127.1.198:139 tcp
N/A 10.127.1.240:139 tcp
N/A 10.127.1.215:139 tcp
N/A 10.127.1.209:139 tcp
N/A 10.127.1.206:139 tcp
N/A 10.127.1.214:139 tcp
N/A 10.127.1.5:139 tcp
N/A 10.127.1.205:139 tcp
N/A 10.127.1.228:139 tcp
N/A 10.127.1.247:139 tcp
N/A 10.127.1.213:139 tcp
N/A 10.127.1.208:139 tcp
N/A 10.127.1.229:139 tcp
N/A 10.127.1.202:139 tcp
N/A 10.127.1.252:139 tcp
N/A 10.127.1.254:139 tcp
N/A 10.127.1.212:139 tcp
N/A 10.127.1.249:139 tcp
N/A 10.127.1.220:139 tcp
N/A 10.127.1.221:139 tcp
N/A 10.127.1.242:139 tcp
N/A 10.127.1.231:139 tcp
N/A 10.127.1.253:139 tcp
N/A 10.127.1.204:139 tcp
N/A 10.127.1.207:139 tcp
N/A 10.127.1.243:139 tcp
N/A 10.127.1.230:139 tcp
N/A 10.127.1.6:139 tcp
N/A 10.127.1.238:139 tcp
N/A 10.127.0.201:139 tcp
N/A 10.127.1.7:139 tcp
N/A 10.127.0.202:139 tcp
N/A 10.127.1.8:139 tcp
N/A 10.127.1.9:139 tcp
N/A 10.127.0.203:139 tcp
N/A 10.127.1.10:139 tcp
N/A 10.127.1.11:139 tcp
N/A 10.127.0.204:139 tcp
N/A 10.127.1.12:139 tcp
N/A 10.127.1.13:139 tcp
N/A 10.127.0.205:139 tcp
N/A 10.127.1.14:139 tcp
N/A 10.127.0.206:139 tcp
N/A 10.127.1.15:139 tcp
N/A 10.127.0.207:139 tcp
N/A 10.127.1.16:139 tcp
N/A 10.127.1.17:139 tcp
N/A 10.127.0.208:139 tcp
N/A 10.127.1.18:139 tcp
N/A 10.127.0.209:139 tcp
N/A 10.127.1.19:139 tcp
N/A 10.127.1.20:139 tcp
N/A 10.127.0.210:139 tcp
N/A 10.127.1.21:139 tcp
N/A 10.127.1.22:139 tcp
N/A 10.127.0.211:139 tcp
N/A 10.127.1.23:139 tcp
N/A 10.127.1.24:139 tcp
N/A 10.127.0.212:139 tcp
N/A 10.127.1.25:139 tcp
N/A 10.127.0.213:139 tcp
N/A 10.127.1.26:139 tcp
N/A 10.127.0.214:139 tcp
N/A 10.127.1.27:139 tcp
N/A 10.127.1.28:139 tcp
N/A 10.127.0.215:139 tcp
N/A 10.127.1.29:139 tcp
N/A 10.127.0.216:139 tcp
N/A 10.127.1.30:139 tcp
N/A 10.127.1.31:139 tcp
N/A 10.127.0.217:139 tcp
N/A 10.127.1.32:139 tcp
N/A 10.127.1.33:139 tcp
N/A 10.127.1.34:139 tcp
N/A 10.127.0.218:139 tcp
N/A 10.127.1.35:139 tcp
N/A 10.127.0.219:139 tcp
N/A 10.127.1.36:139 tcp
N/A 10.127.1.37:139 tcp
N/A 10.127.0.220:139 tcp
N/A 10.127.1.38:139 tcp
N/A 10.127.1.39:139 tcp
N/A 10.127.0.221:139 tcp
N/A 10.127.1.40:139 tcp
N/A 10.127.1.41:139 tcp
N/A 10.127.0.222:139 tcp
N/A 10.127.1.42:139 tcp
N/A 10.127.1.43:139 tcp
N/A 10.127.0.223:139 tcp
N/A 10.127.1.44:139 tcp
N/A 10.127.1.45:139 tcp
N/A 10.127.0.224:139 tcp
N/A 10.127.1.46:139 tcp
N/A 10.127.1.47:139 tcp
N/A 10.127.0.225:139 tcp
N/A 10.127.1.48:139 tcp
N/A 10.127.0.226:139 tcp
N/A 10.127.0.227:139 tcp
N/A 10.127.1.50:139 tcp
N/A 10.127.0.228:139 tcp
N/A 10.127.1.51:139 tcp
N/A 10.127.1.52:139 tcp
N/A 10.127.0.229:139 tcp
N/A 10.127.1.53:139 tcp
N/A 10.127.1.54:139 tcp
N/A 10.127.0.230:139 tcp
N/A 10.127.1.55:139 tcp
N/A 10.127.1.56:139 tcp
N/A 10.127.0.231:139 tcp
N/A 10.127.1.57:139 tcp
N/A 10.127.1.58:139 tcp
N/A 10.127.0.232:139 tcp
N/A 10.127.1.59:139 tcp
N/A 10.127.1.60:139 tcp
N/A 10.127.0.233:139 tcp
N/A 10.127.1.61:139 tcp
N/A 10.127.0.234:139 tcp
N/A 10.127.1.62:139 tcp
N/A 10.127.1.63:139 tcp
N/A 10.127.0.235:139 tcp
N/A 10.127.1.64:139 tcp
N/A 10.127.0.236:139 tcp
N/A 10.127.0.237:139 tcp
N/A 10.127.0.238:139 tcp
N/A 10.127.0.239:139 tcp
N/A 10.127.0.240:139 tcp
N/A 10.127.0.241:139 tcp
N/A 10.127.0.242:139 tcp
N/A 10.127.0.243:139 tcp
N/A 10.127.0.244:139 tcp
N/A 10.127.0.245:139 tcp
N/A 10.127.0.246:139 tcp
N/A 10.127.0.247:139 tcp
N/A 10.127.0.248:139 tcp
N/A 10.127.0.249:139 tcp
N/A 10.127.0.250:139 tcp
N/A 10.127.0.251:139 tcp
N/A 10.127.0.252:139 tcp
N/A 10.127.0.253:139 tcp
N/A 10.127.0.254:139 tcp
N/A 10.127.0.255:139 tcp
N/A 10.127.1.0:139 tcp
N/A 10.127.1.68:139 tcp
N/A 10.127.1.69:139 tcp
N/A 10.127.1.70:139 tcp
N/A 10.127.1.74:139 tcp
N/A 10.127.1.75:139 tcp
N/A 10.127.1.76:139 tcp
N/A 10.127.1.77:139 tcp
N/A 10.127.1.78:139 tcp
N/A 10.127.1.79:139 tcp
N/A 10.127.1.80:139 tcp
N/A 10.127.1.81:139 tcp
N/A 10.127.1.82:139 tcp
N/A 10.127.1.83:139 tcp
N/A 10.127.1.84:139 tcp
N/A 10.127.1.85:139 tcp
N/A 10.127.1.86:139 tcp
N/A 10.127.1.87:139 tcp
N/A 10.127.1.88:139 tcp
N/A 10.127.1.89:139 tcp
N/A 10.127.1.90:139 tcp
N/A 10.127.1.91:139 tcp
N/A 10.127.1.92:139 tcp
N/A 10.127.1.93:139 tcp
N/A 10.127.1.94:139 tcp
N/A 10.127.1.95:139 tcp
N/A 10.127.1.96:139 tcp
N/A 10.127.1.97:139 tcp
N/A 10.127.1.98:139 tcp
N/A 10.127.1.99:139 tcp
N/A 10.127.1.100:139 tcp
N/A 10.127.1.101:139 tcp
N/A 10.127.1.102:139 tcp
N/A 10.127.1.103:139 tcp
N/A 10.127.1.104:139 tcp
N/A 10.127.1.105:139 tcp
N/A 10.127.1.106:139 tcp
N/A 10.127.1.107:139 tcp
N/A 10.127.1.108:139 tcp
N/A 10.127.1.109:139 tcp
N/A 10.127.1.110:139 tcp
N/A 10.127.1.111:139 tcp
N/A 10.127.1.112:139 tcp
N/A 10.127.1.113:139 tcp
N/A 10.127.1.114:139 tcp
N/A 10.127.1.115:139 tcp
N/A 10.127.1.116:139 tcp
N/A 10.127.1.117:139 tcp
N/A 10.127.1.118:139 tcp
N/A 10.127.1.119:139 tcp
N/A 10.127.1.120:139 tcp
N/A 10.127.1.121:139 tcp
N/A 10.127.1.122:139 tcp
N/A 10.127.1.123:139 tcp
N/A 10.127.1.124:139 tcp
N/A 10.127.1.125:139 tcp
N/A 10.127.1.126:139 tcp
N/A 10.127.1.127:139 tcp
N/A 10.127.1.128:139 tcp
N/A 10.127.1.131:139 tcp
N/A 10.127.1.133:139 tcp
N/A 10.127.1.134:139 tcp
N/A 10.127.1.135:139 tcp
N/A 10.127.1.136:139 tcp
N/A 10.127.1.137:139 tcp
N/A 10.127.1.138:139 tcp
N/A 10.127.1.139:139 tcp
N/A 10.127.1.140:139 tcp
N/A 10.127.1.141:139 tcp
N/A 10.127.1.142:139 tcp
N/A 10.127.1.143:139 tcp
N/A 10.127.1.144:139 tcp
N/A 10.127.1.145:139 tcp
N/A 10.127.1.146:139 tcp
N/A 10.127.1.147:139 tcp
N/A 10.127.1.148:139 tcp
N/A 10.127.1.149:139 tcp
N/A 10.127.1.150:139 tcp
N/A 10.127.1.151:139 tcp
N/A 10.127.1.152:139 tcp
N/A 10.127.1.153:139 tcp
N/A 10.127.1.154:139 tcp
N/A 10.127.1.155:139 tcp
N/A 10.127.1.156:139 tcp
N/A 10.127.1.157:139 tcp
N/A 10.127.1.158:139 tcp
N/A 10.127.1.159:139 tcp
N/A 10.127.1.160:139 tcp
N/A 10.127.1.161:139 tcp
N/A 10.127.1.162:139 tcp
N/A 10.127.1.163:139 tcp
N/A 10.127.1.164:139 tcp
N/A 10.127.1.165:139 tcp
N/A 10.127.1.166:139 tcp
N/A 10.127.1.167:139 tcp
N/A 10.127.1.168:139 tcp
N/A 10.127.1.169:139 tcp
N/A 10.127.1.170:139 tcp
N/A 10.127.1.171:139 tcp
N/A 10.127.1.172:139 tcp
N/A 10.127.1.173:139 tcp
N/A 10.127.1.174:139 tcp
N/A 10.127.1.175:139 tcp
N/A 10.127.1.176:139 tcp
N/A 10.127.1.177:139 tcp
N/A 10.127.1.178:139 tcp
N/A 10.127.1.179:139 tcp
N/A 10.127.1.180:139 tcp
N/A 10.127.1.181:139 tcp
N/A 10.127.1.182:139 tcp
N/A 10.127.1.183:139 tcp
N/A 10.127.1.184:139 tcp
N/A 10.127.1.185:139 tcp
N/A 10.127.1.186:139 tcp
N/A 10.127.1.187:139 tcp
N/A 10.127.1.188:139 tcp
N/A 10.127.1.189:139 tcp
N/A 10.127.1.190:139 tcp
N/A 10.127.1.191:139 tcp
N/A 10.127.1.192:139 tcp
N/A 10.127.1.210:139 tcp
N/A 10.127.1.216:139 tcp
N/A 10.127.1.217:139 tcp
N/A 10.127.1.218:139 tcp
N/A 10.127.1.219:139 tcp
N/A 10.127.1.223:139 tcp
N/A 10.127.1.225:139 tcp
N/A 10.127.1.226:139 tcp
N/A 10.127.1.227:139 tcp
N/A 10.127.1.232:139 tcp
N/A 10.127.1.233:139 tcp
N/A 10.127.1.235:139 tcp
N/A 10.127.1.236:139 tcp
N/A 10.127.1.237:139 tcp
N/A 10.127.1.239:139 tcp
N/A 10.127.1.244:139 tcp
N/A 10.127.1.245:139 tcp
N/A 10.127.1.246:139 tcp
N/A 10.127.1.248:139 tcp
N/A 10.127.1.251:139 tcp
N/A 10.127.1.255:139 tcp
N/A 10.127.2.44:139 tcp
N/A 10.127.2.24:139 tcp
N/A 10.127.2.41:139 tcp
N/A 10.127.2.42:139 tcp
N/A 10.127.2.63:139 tcp
N/A 10.127.2.2:139 tcp
N/A 10.127.2.4:139 tcp
N/A 10.127.2.10:139 tcp
N/A 10.127.2.52:139 tcp
N/A 10.127.2.65:139 tcp
N/A 10.127.2.31:139 tcp
N/A 10.127.2.38:139 tcp
N/A 10.127.2.35:139 tcp
N/A 10.127.2.1:139 tcp
N/A 10.127.2.16:139 tcp
N/A 10.127.2.12:139 tcp
N/A 10.127.2.28:139 tcp
N/A 10.127.2.21:139 tcp
N/A 10.127.2.22:139 tcp
N/A 10.127.2.58:139 tcp
N/A 10.127.2.14:139 tcp
N/A 10.127.2.7:139 tcp
N/A 10.127.2.54:139 tcp
N/A 10.127.2.130:139 tcp
N/A 10.127.2.6:139 tcp
N/A 10.127.2.19:139 tcp
N/A 10.127.2.29:139 tcp
N/A 10.127.2.36:139 tcp
N/A 10.127.2.18:139 tcp
N/A 10.127.2.194:139 tcp
N/A 10.127.2.46:139 tcp
N/A 10.127.2.193:139 tcp
N/A 10.127.2.57:139 tcp
N/A 10.127.2.17:139 tcp
N/A 10.127.3.71:139 tcp
N/A 10.127.3.75:139 tcp
N/A 10.127.2.5:139 tcp
N/A 10.127.2.11:139 tcp
N/A 10.127.2.25:139 tcp
N/A 10.127.2.59:139 tcp
N/A 10.127.2.68:139 tcp
N/A 10.127.2.61:139 tcp
N/A 10.127.3.70:139 tcp
N/A 10.127.2.23:139 tcp
N/A 10.127.2.37:139 tcp
N/A 10.127.2.51:139 tcp
N/A 10.127.2.40:139 tcp
N/A 10.127.2.47:139 tcp
N/A 10.127.2.66:139 tcp
N/A 10.127.2.131:139 tcp
N/A 10.127.3.65:139 tcp
N/A 10.127.3.68:139 tcp
N/A 10.127.2.20:139 tcp
N/A 10.127.2.26:139 tcp
N/A 10.127.2.34:139 tcp
N/A 10.127.2.33:139 tcp
N/A 10.127.3.196:139 tcp
N/A 10.127.2.62:139 tcp
N/A 10.127.3.66:139 tcp
N/A 10.127.2.45:139 tcp
N/A 10.127.2.30:139 tcp
N/A 10.127.2.60:139 tcp
N/A 10.127.2.70:139 tcp
N/A 10.127.3.204:139 tcp
N/A 10.127.2.196:139 tcp
N/A 10.127.2.53:139 tcp
N/A 10.127.2.129:139 tcp
N/A 10.127.2.27:139 tcp
N/A 10.127.3.76:139 tcp
N/A 10.127.2.39:139 tcp
N/A 10.127.2.15:139 tcp
N/A 10.127.2.67:139 tcp
N/A 10.127.3.67:139 tcp
N/A 10.127.2.3:139 tcp
N/A 10.127.2.48:139 tcp
N/A 10.127.2.50:139 tcp
N/A 10.127.2.55:139 tcp
N/A 10.127.2.56:139 tcp
N/A 10.127.2.64:139 tcp
N/A 10.127.2.9:139 tcp
N/A 10.127.3.72:139 tcp
N/A 10.127.3.80:139 tcp
N/A 10.127.2.49:139 tcp
N/A 10.127.2.69:139 tcp
N/A 10.127.3.194:139 tcp
N/A 10.127.2.13:139 tcp
N/A 10.127.2.162:139 tcp
N/A 10.127.3.195:139 tcp
N/A 10.127.3.203:139 tcp
N/A 10.127.2.32:139 tcp
N/A 10.127.2.195:139 tcp
N/A 10.127.3.200:139 tcp
N/A 10.127.2.8:139 tcp
N/A 10.127.3.129:139 tcp
N/A 10.127.2.43:139 tcp
N/A 10.127.3.79:139 tcp
N/A 10.127.3.199:139 tcp
N/A 10.127.2.197:139 tcp
N/A 10.127.3.249:139 tcp
N/A 10.127.3.78:139 tcp
N/A 10.127.3.131:139 tcp
N/A 10.127.2.163:139 tcp
N/A 10.127.3.202:139 tcp
N/A 10.127.3.73:139 tcp
N/A 10.127.3.81:139 tcp
N/A 10.127.2.71:139 tcp
N/A 10.127.2.72:139 tcp
N/A 10.127.2.73:139 tcp
N/A 10.127.2.74:139 tcp
N/A 10.127.2.75:139 tcp
N/A 10.127.2.76:139 tcp
N/A 10.127.2.77:139 tcp
N/A 10.127.2.78:139 tcp
N/A 10.127.2.79:139 tcp
N/A 10.127.2.80:139 tcp
N/A 10.127.2.81:139 tcp
N/A 10.127.2.82:139 tcp
N/A 10.127.2.83:139 tcp
N/A 10.127.2.84:139 tcp
N/A 10.127.2.85:139 tcp
N/A 10.127.2.86:139 tcp
N/A 10.127.2.87:139 tcp
N/A 10.127.2.88:139 tcp
N/A 10.127.2.89:139 tcp
N/A 10.127.2.90:139 tcp
N/A 10.127.2.91:139 tcp
N/A 10.127.2.92:139 tcp
N/A 10.127.2.93:139 tcp
N/A 10.127.2.94:139 tcp
N/A 10.127.2.95:139 tcp
N/A 10.127.2.96:139 tcp
N/A 10.127.2.97:139 tcp
N/A 10.127.2.98:139 tcp
N/A 10.127.2.99:139 tcp
N/A 10.127.2.100:139 tcp
N/A 10.127.2.101:139 tcp
N/A 10.127.2.102:139 tcp
N/A 10.127.2.103:139 tcp
N/A 10.127.2.104:139 tcp
N/A 10.127.2.105:139 tcp
N/A 10.127.2.106:139 tcp
N/A 10.127.2.107:139 tcp
N/A 10.127.2.108:139 tcp
N/A 10.127.2.109:139 tcp
N/A 10.127.2.110:139 tcp
N/A 10.127.2.111:139 tcp
N/A 10.127.2.112:139 tcp
N/A 10.127.2.113:139 tcp
N/A 10.127.2.114:139 tcp
N/A 10.127.2.115:139 tcp
N/A 10.127.2.116:139 tcp
N/A 10.127.2.117:139 tcp
N/A 10.127.2.118:139 tcp
N/A 10.127.2.119:139 tcp
N/A 10.127.2.120:139 tcp
N/A 10.127.2.121:139 tcp
N/A 10.127.2.122:139 tcp
N/A 10.127.2.123:139 tcp
N/A 10.127.2.124:139 tcp
N/A 10.127.2.125:139 tcp
N/A 10.127.2.126:139 tcp
N/A 10.127.2.127:139 tcp
N/A 10.127.2.128:139 tcp
N/A 10.127.2.198:139 tcp
N/A 10.127.2.199:139 tcp
N/A 10.127.2.200:139 tcp
N/A 10.127.2.201:139 tcp
N/A 10.127.2.202:139 tcp
N/A 10.127.2.203:139 tcp
N/A 10.127.2.204:139 tcp
N/A 10.127.2.205:139 tcp
N/A 10.127.2.206:139 tcp
N/A 10.127.2.207:139 tcp
N/A 10.127.2.208:139 tcp
N/A 10.127.2.209:139 tcp
N/A 10.127.2.210:139 tcp
N/A 10.127.2.211:139 tcp
N/A 10.127.2.212:139 tcp
N/A 10.127.2.213:139 tcp
N/A 10.127.2.214:139 tcp
N/A 10.127.2.215:139 tcp
N/A 10.127.2.216:139 tcp
N/A 10.127.2.217:139 tcp
N/A 10.127.2.218:139 tcp
N/A 10.127.2.219:139 tcp
N/A 10.127.2.220:139 tcp
N/A 10.127.2.221:139 tcp
N/A 10.127.2.222:139 tcp
N/A 10.127.2.223:139 tcp
N/A 10.127.2.224:139 tcp
N/A 10.127.2.225:139 tcp
N/A 10.127.2.226:139 tcp
N/A 10.127.2.227:139 tcp
N/A 10.127.2.228:139 tcp
N/A 10.127.2.229:139 tcp
N/A 10.127.2.230:139 tcp
N/A 10.127.2.231:139 tcp
N/A 10.127.2.232:139 tcp
N/A 10.127.2.233:139 tcp
N/A 10.127.2.234:139 tcp
N/A 10.127.2.235:139 tcp
N/A 10.127.2.236:139 tcp
N/A 10.127.2.237:139 tcp
N/A 10.127.2.238:139 tcp
N/A 10.127.2.239:139 tcp
N/A 10.127.2.240:139 tcp
N/A 10.127.2.241:139 tcp
N/A 10.127.2.242:139 tcp
N/A 10.127.2.243:139 tcp
N/A 10.127.2.244:139 tcp
N/A 10.127.2.245:139 tcp
N/A 10.127.2.246:139 tcp
N/A 10.127.2.247:139 tcp
N/A 10.127.2.248:139 tcp
N/A 10.127.2.249:139 tcp
N/A 10.127.2.250:139 tcp
N/A 10.127.2.251:139 tcp
N/A 10.127.2.252:139 tcp
N/A 10.127.2.253:139 tcp
N/A 10.127.2.254:139 tcp
N/A 10.127.2.255:139 tcp
N/A 10.127.3.0:139 tcp
N/A 10.127.2.132:139 tcp
N/A 10.127.2.133:139 tcp
N/A 10.127.2.134:139 tcp
N/A 10.127.2.135:139 tcp
N/A 10.127.2.136:139 tcp
N/A 10.127.2.137:139 tcp
N/A 10.127.2.138:139 tcp
N/A 10.127.2.139:139 tcp
N/A 10.127.2.140:139 tcp
N/A 10.127.2.141:139 tcp
N/A 10.127.2.142:139 tcp
N/A 10.127.2.143:139 tcp
N/A 10.127.2.144:139 tcp
N/A 10.127.2.145:139 tcp
N/A 10.127.2.146:139 tcp
N/A 10.127.2.147:139 tcp
N/A 10.127.2.148:139 tcp
N/A 10.127.2.149:139 tcp
N/A 10.127.2.150:139 tcp
N/A 10.127.2.151:139 tcp
N/A 10.127.2.152:139 tcp
N/A 10.127.2.153:139 tcp
N/A 10.127.2.154:139 tcp
N/A 10.127.2.155:139 tcp
N/A 10.127.2.156:139 tcp
N/A 10.127.2.157:139 tcp
N/A 10.127.2.158:139 tcp
N/A 10.127.2.159:139 tcp
N/A 10.127.2.160:139 tcp
N/A 10.127.2.161:139 tcp
N/A 10.127.2.164:139 tcp
N/A 10.127.2.165:139 tcp
N/A 10.127.2.166:139 tcp
N/A 10.127.2.167:139 tcp
N/A 10.127.2.168:139 tcp
N/A 10.127.2.169:139 tcp
N/A 10.127.2.170:139 tcp
N/A 10.127.2.171:139 tcp
N/A 10.127.2.172:139 tcp
N/A 10.127.2.173:139 tcp
N/A 10.127.2.174:139 tcp
N/A 10.127.2.175:139 tcp
N/A 10.127.2.176:139 tcp
N/A 10.127.2.177:139 tcp
N/A 10.127.2.178:139 tcp
N/A 10.127.2.179:139 tcp
N/A 10.127.2.180:139 tcp
N/A 10.127.2.181:139 tcp
N/A 10.127.2.182:139 tcp
N/A 10.127.2.183:139 tcp
N/A 10.127.2.184:139 tcp
N/A 10.127.2.185:139 tcp
N/A 10.127.2.186:139 tcp
N/A 10.127.2.187:139 tcp
N/A 10.127.2.188:139 tcp
N/A 10.127.2.189:139 tcp
N/A 10.127.2.190:139 tcp
N/A 10.127.2.191:139 tcp
N/A 10.127.2.192:139 tcp
N/A 10.127.3.1:139 tcp
N/A 10.127.3.2:139 tcp
N/A 10.127.3.3:139 tcp
N/A 10.127.3.4:139 tcp
N/A 10.127.3.5:139 tcp
N/A 10.127.3.6:139 tcp
N/A 10.127.3.7:139 tcp
N/A 10.127.3.8:139 tcp
N/A 10.127.3.9:139 tcp
N/A 10.127.3.10:139 tcp
N/A 10.127.3.11:139 tcp
N/A 10.127.3.12:139 tcp
N/A 10.127.3.13:139 tcp
N/A 10.127.3.14:139 tcp
N/A 10.127.3.15:139 tcp
N/A 10.127.3.16:139 tcp
N/A 10.127.3.17:139 tcp
N/A 10.127.3.18:139 tcp
N/A 10.127.3.19:139 tcp
N/A 10.127.3.20:139 tcp
N/A 10.127.3.21:139 tcp
N/A 10.127.3.22:139 tcp
N/A 10.127.3.23:139 tcp
N/A 10.127.3.24:139 tcp
N/A 10.127.3.25:139 tcp
N/A 10.127.3.26:139 tcp
N/A 10.127.3.27:139 tcp
N/A 10.127.3.28:139 tcp
N/A 10.127.3.29:139 tcp
N/A 10.127.3.30:139 tcp
N/A 10.127.3.31:139 tcp
N/A 10.127.3.32:139 tcp
N/A 10.127.3.33:139 tcp
N/A 10.127.3.34:139 tcp
N/A 10.127.3.35:139 tcp
N/A 10.127.3.36:139 tcp
N/A 10.127.3.37:139 tcp
N/A 10.127.3.38:139 tcp
N/A 10.127.3.39:139 tcp
N/A 10.127.3.40:139 tcp
N/A 10.127.3.41:139 tcp
N/A 10.127.3.42:139 tcp
N/A 10.127.3.43:139 tcp
N/A 10.127.3.44:139 tcp
N/A 10.127.3.45:139 tcp
N/A 10.127.3.46:139 tcp
N/A 10.127.3.47:139 tcp
N/A 10.127.3.48:139 tcp
N/A 10.127.3.49:139 tcp
N/A 10.127.3.50:139 tcp
N/A 10.127.3.51:139 tcp
N/A 10.127.3.52:139 tcp
N/A 10.127.3.53:139 tcp
N/A 10.127.3.54:139 tcp
N/A 10.127.3.55:139 tcp
N/A 10.127.3.56:139 tcp
N/A 10.127.3.57:139 tcp
N/A 10.127.3.58:139 tcp
N/A 10.127.3.59:139 tcp
N/A 10.127.3.60:139 tcp
N/A 10.127.3.61:139 tcp
N/A 10.127.3.62:139 tcp
N/A 10.127.3.63:139 tcp
N/A 10.127.3.64:139 tcp
N/A 10.127.3.69:139 tcp
N/A 10.127.3.74:139 tcp
N/A 10.127.3.77:139 tcp
N/A 10.127.3.82:139 tcp
N/A 10.127.3.83:139 tcp
N/A 10.127.3.84:139 tcp
N/A 10.127.3.85:139 tcp
N/A 10.127.3.86:139 tcp
N/A 10.127.3.87:139 tcp
N/A 10.127.3.88:139 tcp
N/A 10.127.3.89:139 tcp
N/A 10.127.3.90:139 tcp
N/A 10.127.3.91:139 tcp
N/A 10.127.3.92:139 tcp
N/A 10.127.3.93:139 tcp
N/A 10.127.3.94:139 tcp
N/A 10.127.3.95:139 tcp
N/A 10.127.3.96:139 tcp
N/A 10.127.3.97:139 tcp
N/A 10.127.3.98:139 tcp
N/A 10.127.3.99:139 tcp
N/A 10.127.3.100:139 tcp
N/A 10.127.3.101:139 tcp
N/A 10.127.3.102:139 tcp
N/A 10.127.3.103:139 tcp
N/A 10.127.3.104:139 tcp
N/A 10.127.3.105:139 tcp
N/A 10.127.3.106:139 tcp
N/A 10.127.3.107:139 tcp
N/A 10.127.3.108:139 tcp
N/A 10.127.3.109:139 tcp
N/A 10.127.3.110:139 tcp
N/A 10.127.3.111:139 tcp
N/A 10.127.3.112:139 tcp
N/A 10.127.3.113:139 tcp
N/A 10.127.3.114:139 tcp
N/A 10.127.3.115:139 tcp
N/A 10.127.3.116:139 tcp
N/A 10.127.3.117:139 tcp
N/A 10.127.3.118:139 tcp
N/A 10.127.3.119:139 tcp
N/A 10.127.3.120:139 tcp
N/A 10.127.3.121:139 tcp
N/A 10.127.3.122:139 tcp
N/A 10.127.3.123:139 tcp
N/A 10.127.3.124:139 tcp
N/A 10.127.3.125:139 tcp
N/A 10.127.3.126:139 tcp
N/A 10.127.3.127:139 tcp
N/A 10.127.3.128:139 tcp
N/A 10.127.3.130:139 tcp
N/A 10.127.3.132:139 tcp
N/A 10.127.3.133:139 tcp
N/A 10.127.3.134:139 tcp
N/A 10.127.3.135:139 tcp
N/A 10.127.3.136:139 tcp
N/A 10.127.3.137:139 tcp
N/A 10.127.3.138:139 tcp
N/A 10.127.3.139:139 tcp
N/A 10.127.3.140:139 tcp
N/A 10.127.3.141:139 tcp
N/A 10.127.3.142:139 tcp
N/A 10.127.3.143:139 tcp
N/A 10.127.3.144:139 tcp
N/A 10.127.3.145:139 tcp
N/A 10.127.3.146:139 tcp
N/A 10.127.3.147:139 tcp
N/A 10.127.3.148:139 tcp
N/A 10.127.3.149:139 tcp
N/A 10.127.3.150:139 tcp
N/A 10.127.3.151:139 tcp
N/A 10.127.3.152:139 tcp
N/A 10.127.3.153:139 tcp
N/A 10.127.3.154:139 tcp
N/A 10.127.3.155:139 tcp
N/A 10.127.3.156:139 tcp
N/A 10.127.3.157:139 tcp
N/A 10.127.3.158:139 tcp
N/A 10.127.3.159:139 tcp
N/A 10.127.3.160:139 tcp
N/A 10.127.3.161:139 tcp
N/A 10.127.3.162:139 tcp
N/A 10.127.3.163:139 tcp
N/A 10.127.3.164:139 tcp
N/A 10.127.3.165:139 tcp
N/A 10.127.3.166:139 tcp
N/A 10.127.3.167:139 tcp
N/A 10.127.3.168:139 tcp
N/A 10.127.3.169:139 tcp
N/A 10.127.3.170:139 tcp
N/A 10.127.3.171:139 tcp
N/A 10.127.3.172:139 tcp
N/A 10.127.3.173:139 tcp
N/A 10.127.3.174:139 tcp
N/A 10.127.3.175:139 tcp
N/A 10.127.3.176:139 tcp
N/A 10.127.3.177:139 tcp
N/A 10.127.3.178:139 tcp
N/A 10.127.3.179:139 tcp
N/A 10.127.3.180:139 tcp
N/A 10.127.3.181:139 tcp
N/A 10.127.3.182:139 tcp
N/A 10.127.3.183:139 tcp
N/A 10.127.3.184:139 tcp
N/A 10.127.3.185:139 tcp
N/A 10.127.3.186:139 tcp
N/A 10.127.3.187:139 tcp
N/A 10.127.3.188:139 tcp
N/A 10.127.3.189:139 tcp
N/A 10.127.3.190:139 tcp
N/A 10.127.3.191:139 tcp
N/A 10.127.3.192:139 tcp
N/A 10.127.3.193:139 tcp
N/A 10.127.3.197:139 tcp
N/A 10.127.3.198:139 tcp
N/A 10.127.3.201:139 tcp
N/A 10.127.3.205:139 tcp
N/A 10.127.3.206:139 tcp
N/A 10.127.3.207:139 tcp
N/A 10.127.3.208:139 tcp
N/A 10.127.3.209:139 tcp
N/A 10.127.3.210:139 tcp
N/A 10.127.3.211:139 tcp
N/A 10.127.3.212:139 tcp
N/A 10.127.3.213:139 tcp
N/A 10.127.3.214:139 tcp
N/A 10.127.3.215:139 tcp
N/A 10.127.3.216:139 tcp
N/A 10.127.3.217:139 tcp
N/A 10.127.3.218:139 tcp
N/A 10.127.3.219:139 tcp
N/A 10.127.3.220:139 tcp
N/A 10.127.3.221:139 tcp
N/A 10.127.3.222:139 tcp
N/A 10.127.3.223:139 tcp
N/A 10.127.3.224:139 tcp
N/A 10.127.3.225:139 tcp
N/A 10.127.3.226:139 tcp
N/A 10.127.3.227:139 tcp
N/A 10.127.3.228:139 tcp
N/A 10.127.3.229:139 tcp
N/A 10.127.3.230:139 tcp
N/A 10.127.3.231:139 tcp
N/A 10.127.3.232:139 tcp
N/A 10.127.3.233:139 tcp
N/A 10.127.3.234:139 tcp
N/A 10.127.3.235:139 tcp
N/A 10.127.3.236:139 tcp
N/A 10.127.3.237:139 tcp
N/A 10.127.3.238:139 tcp
N/A 10.127.3.239:139 tcp
N/A 10.127.3.240:139 tcp
N/A 10.127.3.241:139 tcp
N/A 10.127.3.242:139 tcp
N/A 10.127.3.243:139 tcp
N/A 10.127.3.244:139 tcp
N/A 10.127.3.245:139 tcp
N/A 10.127.3.246:139 tcp
N/A 10.127.3.247:139 tcp
N/A 10.127.3.248:139 tcp
N/A 10.127.3.250:139 tcp
N/A 10.127.3.251:139 tcp
N/A 10.127.3.252:139 tcp
N/A 10.127.3.253:139 tcp
N/A 10.127.3.254:139 tcp
N/A 10.127.3.255:139 tcp
N/A 10.127.4.0:139 tcp
N/A 10.127.4.8:139 tcp
N/A 10.127.4.61:139 tcp
N/A 10.127.4.31:139 tcp
N/A 10.127.4.9:139 tcp
N/A 10.127.4.48:139 tcp
N/A 10.127.4.50:139 tcp
N/A 10.127.4.53:139 tcp
N/A 10.127.4.55:139 tcp
N/A 10.127.4.57:139 tcp
N/A 10.127.4.60:139 tcp
N/A 10.127.4.5:139 tcp
N/A 10.127.4.10:139 tcp
N/A 10.127.4.42:139 tcp
N/A 10.127.4.25:139 tcp
N/A 10.127.4.73:139 tcp
N/A 10.127.4.1:139 tcp
N/A 10.127.4.12:139 tcp
N/A 10.127.4.70:139 tcp
N/A 10.127.4.24:139 tcp
N/A 10.127.4.49:139 tcp
N/A 10.127.4.62:139 tcp
N/A 10.127.4.69:139 tcp
N/A 10.127.4.193:139 tcp
N/A 10.127.4.4:139 tcp
N/A 10.127.4.45:139 tcp
N/A 10.127.4.68:139 tcp
N/A 10.127.4.74:139 tcp
N/A 10.127.4.133:139 tcp
N/A 10.127.4.32:139 tcp
N/A 10.127.4.14:139 tcp
N/A 10.127.4.47:139 tcp
N/A 10.127.4.33:139 tcp
N/A 10.127.4.35:139 tcp
N/A 10.127.4.195:139 tcp
N/A 10.127.4.38:139 tcp
N/A 10.127.4.40:139 tcp
N/A 10.127.4.64:139 tcp
N/A 10.127.4.30:139 tcp
N/A 10.127.4.34:139 tcp
N/A 10.127.4.51:139 tcp
N/A 10.127.4.36:139 tcp
N/A 10.127.4.75:139 tcp
N/A 10.127.4.11:139 tcp
N/A 10.127.4.27:139 tcp
N/A 10.127.4.3:139 tcp
N/A 10.127.4.21:139 tcp
N/A 10.127.4.28:139 tcp
N/A 10.127.4.65:139 tcp
N/A 10.127.4.18:139 tcp
N/A 10.127.4.63:139 tcp
N/A 10.127.4.17:139 tcp
N/A 10.127.4.22:139 tcp
N/A 10.127.4.37:139 tcp
N/A 10.127.4.41:139 tcp
N/A 10.127.4.72:139 tcp
N/A 10.127.5.18:139 tcp
N/A 10.127.4.43:139 tcp
N/A 10.127.5.26:139 tcp
N/A 10.127.4.13:139 tcp
N/A 10.127.4.39:139 tcp
N/A 10.127.4.52:139 tcp
N/A 10.127.4.20:139 tcp
N/A 10.127.4.67:139 tcp
N/A 10.127.4.23:139 tcp
N/A 10.127.4.54:139 tcp
N/A 10.127.5.28:139 tcp
N/A 10.127.4.46:139 tcp
N/A 10.127.4.19:139 tcp
N/A 10.127.5.6:139 tcp
N/A 10.127.4.15:139 tcp
N/A 10.127.4.44:139 tcp
N/A 10.127.5.30:139 tcp
N/A 10.127.4.16:139 tcp
N/A 10.127.4.59:139 tcp
N/A 10.127.4.56:139 tcp
N/A 10.127.5.8:139 tcp
N/A 10.127.4.6:139 tcp
N/A 10.127.5.144:139 tcp
N/A 10.127.4.7:139 tcp
N/A 10.127.4.26:139 tcp
N/A 10.127.4.29:139 tcp
N/A 10.127.5.7:139 tcp
N/A 10.127.5.1:139 tcp
N/A 10.127.5.129:139 tcp
N/A 10.127.4.129:139 tcp
N/A 10.127.4.2:139 tcp
N/A 10.127.4.58:139 tcp
N/A 10.127.5.65:139 tcp
N/A 10.127.4.66:139 tcp
N/A 10.127.4.194:139 tcp
N/A 10.127.4.131:139 tcp
N/A 10.127.4.71:139 tcp
N/A 10.127.5.13:139 tcp
N/A 10.127.5.141:139 tcp
N/A 10.127.5.133:139 tcp
N/A 10.127.4.78:139 tcp
N/A 10.127.4.130:139 tcp
N/A 10.127.5.22:139 tcp
N/A 10.127.5.15:139 tcp
N/A 10.127.5.140:139 tcp
N/A 10.127.5.5:139 tcp
N/A 10.127.5.9:139 tcp
N/A 10.127.5.136:139 tcp
N/A 10.127.5.25:139 tcp
N/A 10.127.4.81:139 tcp
N/A 10.127.5.16:139 tcp
N/A 10.127.5.138:139 tcp
N/A 10.127.5.142:139 tcp
N/A 10.127.4.132:139 tcp
N/A 10.127.5.3:139 tcp
N/A 10.127.5.66:139 tcp
N/A 10.127.5.188:139 tcp
N/A 10.127.4.88:139 tcp
N/A 10.127.5.135:139 tcp
N/A 10.127.5.23:139 tcp
N/A 10.127.4.77:139 tcp
N/A 10.127.4.82:139 tcp
N/A 10.127.5.4:139 tcp
N/A 10.127.5.132:139 tcp
N/A 10.127.5.2:139 tcp
N/A 10.127.4.85:139 tcp
N/A 10.127.4.92:139 tcp
N/A 10.127.5.71:139 tcp
N/A 10.127.5.17:139 tcp
N/A 10.127.5.14:139 tcp
N/A 10.127.4.79:139 tcp
N/A 10.127.5.27:139 tcp
N/A 10.127.5.67:139 tcp
N/A 10.127.5.10:139 tcp
N/A 10.127.5.20:139 tcp
N/A 10.127.5.187:139 tcp
N/A 10.127.5.11:139 tcp
N/A 10.127.5.137:139 tcp
N/A 10.127.5.31:139 tcp
N/A 10.127.5.12:139 tcp
N/A 10.127.5.19:139 tcp
N/A 10.127.5.21:139 tcp
N/A 10.127.5.24:139 tcp
N/A 10.127.5.29:139 tcp
N/A 10.127.5.145:139 tcp
N/A 10.127.5.70:139 tcp
N/A 10.127.4.76:139 tcp
N/A 10.127.4.90:139 tcp
N/A 10.127.5.139:139 tcp
N/A 10.127.5.68:139 tcp
N/A 10.127.5.131:139 tcp
N/A 10.127.5.130:139 tcp
N/A 10.127.4.80:139 tcp
N/A 10.127.4.83:139 tcp
N/A 10.127.4.84:139 tcp
N/A 10.127.4.86:139 tcp
N/A 10.127.4.87:139 tcp
N/A 10.127.4.89:139 tcp
N/A 10.127.4.91:139 tcp
N/A 10.127.4.93:139 tcp
N/A 10.127.4.94:139 tcp
N/A 10.127.4.95:139 tcp
N/A 10.127.4.96:139 tcp
N/A 10.127.4.97:139 tcp
N/A 10.127.4.98:139 tcp
N/A 10.127.4.99:139 tcp
N/A 10.127.4.100:139 tcp
N/A 10.127.4.101:139 tcp
N/A 10.127.4.102:139 tcp
N/A 10.127.4.103:139 tcp
N/A 10.127.4.104:139 tcp
N/A 10.127.4.105:139 tcp
N/A 10.127.4.106:139 tcp
N/A 10.127.4.107:139 tcp
N/A 10.127.4.108:139 tcp
N/A 10.127.4.109:139 tcp
N/A 10.127.4.110:139 tcp
N/A 10.127.4.111:139 tcp
N/A 10.127.4.112:139 tcp
N/A 10.127.4.113:139 tcp
N/A 10.127.4.114:139 tcp
N/A 10.127.4.115:139 tcp
N/A 10.127.4.116:139 tcp
N/A 10.127.4.117:139 tcp
N/A 10.127.4.118:139 tcp
N/A 10.127.4.119:139 tcp
N/A 10.127.4.120:139 tcp
N/A 10.127.4.121:139 tcp
N/A 10.127.4.122:139 tcp
N/A 10.127.4.123:139 tcp
N/A 10.127.4.124:139 tcp
N/A 10.127.4.125:139 tcp
N/A 10.127.4.126:139 tcp
N/A 10.127.4.127:139 tcp
N/A 10.127.4.128:139 tcp
N/A 10.127.5.143:139 tcp
N/A 10.127.5.146:139 tcp
N/A 10.127.5.134:139 tcp
N/A 10.127.5.153:139 tcp
N/A 10.127.5.43:139 tcp
N/A 10.127.5.69:139 tcp
N/A 10.127.5.40:139 tcp
N/A 10.127.5.55:139 tcp
N/A 10.127.5.62:139 tcp
N/A 10.127.5.158:139 tcp
N/A 10.127.5.34:139 tcp
N/A 10.127.5.35:139 tcp
N/A 10.127.5.157:139 tcp
N/A 10.127.5.60:139 tcp
N/A 10.127.5.159:139 tcp
N/A 10.127.5.167:139 tcp
N/A 10.127.5.166:139 tcp
N/A 10.127.5.38:139 tcp
N/A 10.127.5.151:139 tcp
N/A 10.127.5.150:139 tcp
N/A 10.127.5.152:139 tcp
N/A 10.127.5.61:139 tcp
N/A 10.127.5.51:139 tcp
N/A 10.127.5.148:139 tcp
N/A 10.127.5.44:139 tcp
N/A 10.127.5.50:139 tcp
N/A 10.127.5.149:139 tcp
N/A 10.127.5.52:139 tcp
N/A 10.127.5.59:139 tcp
N/A 10.127.5.47:139 tcp
N/A 10.127.5.37:139 tcp
N/A 10.127.5.36:139 tcp
N/A 10.127.5.49:139 tcp
N/A 10.127.5.58:139 tcp
N/A 10.127.5.164:139 tcp
N/A 10.127.5.162:139 tcp
N/A 10.127.5.39:139 tcp
N/A 10.127.5.45:139 tcp
N/A 10.127.5.53:139 tcp
N/A 10.127.5.165:139 tcp
N/A 10.127.5.147:139 tcp
N/A 10.127.4.196:139 tcp
N/A 10.127.4.197:139 tcp
N/A 10.127.5.32:139 tcp
N/A 10.127.5.54:139 tcp
N/A 10.127.5.163:139 tcp
N/A 10.127.5.56:139 tcp
N/A 10.127.5.64:139 tcp
N/A 10.127.5.33:139 tcp
N/A 10.127.5.41:139 tcp
N/A 10.127.5.63:139 tcp
N/A 10.127.5.48:139 tcp
N/A 10.127.5.57:139 tcp
N/A 10.127.5.160:139 tcp
N/A 10.127.5.42:139 tcp
N/A 10.127.5.161:139 tcp
N/A 10.127.5.154:139 tcp
N/A 10.127.5.46:139 tcp
N/A 10.127.5.155:139 tcp
N/A 10.127.5.156:139 tcp
N/A 10.127.5.183:139 tcp
N/A 10.127.5.192:139 tcp
N/A 10.127.5.171:139 tcp
N/A 10.127.5.196:139 tcp
N/A 10.127.5.89:139 tcp
N/A 10.127.5.172:139 tcp
N/A 10.127.5.174:139 tcp
N/A 10.127.5.76:139 tcp
N/A 10.127.5.177:139 tcp
N/A 10.127.5.82:139 tcp
N/A 10.127.5.94:139 tcp
N/A 10.127.5.186:139 tcp
N/A 10.127.5.194:139 tcp
N/A 10.127.5.170:139 tcp
N/A 10.127.5.184:139 tcp
N/A 10.127.5.83:139 tcp
N/A 10.127.5.80:139 tcp
N/A 10.127.5.87:139 tcp
N/A 10.127.5.181:139 tcp
N/A 10.127.5.75:139 tcp
N/A 10.127.5.195:139 tcp
N/A 10.127.5.179:139 tcp
N/A 10.127.5.190:139 tcp
N/A 10.127.5.185:139 tcp
N/A 10.127.5.200:139 tcp
N/A 10.127.5.93:139 tcp
N/A 10.127.5.178:139 tcp
N/A 10.127.5.173:139 tcp
N/A 10.127.5.73:139 tcp
N/A 10.127.5.175:139 tcp
N/A 10.127.5.72:139 tcp
N/A 10.127.5.84:139 tcp
N/A 10.127.5.86:139 tcp
N/A 10.127.5.191:139 tcp
N/A 10.127.5.79:139 tcp
N/A 10.127.5.88:139 tcp
N/A 10.127.5.198:139 tcp
N/A 10.127.5.92:139 tcp
N/A 10.127.5.74:139 tcp
N/A 10.127.5.77:139 tcp
N/A 10.127.5.169:139 tcp
N/A 10.127.5.180:139 tcp
N/A 10.127.5.197:139 tcp
N/A 10.127.5.189:139 tcp
N/A 10.127.5.182:139 tcp
N/A 10.127.5.85:139 tcp
N/A 10.127.5.193:139 tcp
N/A 10.127.5.91:139 tcp
N/A 10.127.5.81:139 tcp
N/A 10.127.5.176:139 tcp
N/A 10.127.5.90:139 tcp
N/A 10.127.5.78:139 tcp
N/A 10.127.5.168:139 tcp
N/A 10.127.5.199:139 tcp
N/A 10.127.4.244:139 tcp
N/A 10.127.4.253:139 tcp
N/A 10.127.4.254:139 tcp
N/A 10.127.4.215:139 tcp
N/A 10.127.4.222:139 tcp
N/A 10.127.4.248:139 tcp
N/A 10.127.4.236:139 tcp
N/A 10.127.4.225:139 tcp
N/A 10.127.4.228:139 tcp
N/A 10.127.4.252:139 tcp
N/A 10.127.4.242:139 tcp
N/A 10.127.4.208:139 tcp
N/A 10.127.4.157:139 tcp
N/A 10.127.4.205:139 tcp
N/A 10.127.4.138:139 tcp
N/A 10.127.4.198:139 tcp
N/A 10.127.4.199:139 tcp
N/A 10.127.4.200:139 tcp
N/A 10.127.4.201:139 tcp
N/A 10.127.4.202:139 tcp
N/A 10.127.4.203:139 tcp
N/A 10.127.4.204:139 tcp
N/A 10.127.4.206:139 tcp
N/A 10.127.4.207:139 tcp
N/A 10.127.4.209:139 tcp
N/A 10.127.4.210:139 tcp
N/A 10.127.4.211:139 tcp
N/A 10.127.4.212:139 tcp
N/A 10.127.4.213:139 tcp
N/A 10.127.4.214:139 tcp
N/A 10.127.4.216:139 tcp
N/A 10.127.4.217:139 tcp
N/A 10.127.4.218:139 tcp
N/A 10.127.4.219:139 tcp
N/A 10.127.4.220:139 tcp
N/A 10.127.4.221:139 tcp
N/A 10.127.4.223:139 tcp
N/A 10.127.4.224:139 tcp
N/A 10.127.4.226:139 tcp
N/A 10.127.4.227:139 tcp
N/A 10.127.4.229:139 tcp
N/A 10.127.4.230:139 tcp
N/A 10.127.4.231:139 tcp
N/A 10.127.4.232:139 tcp
N/A 10.127.4.233:139 tcp
N/A 10.127.4.234:139 tcp
N/A 10.127.4.235:139 tcp
N/A 10.127.4.237:139 tcp
N/A 10.127.4.238:139 tcp
N/A 10.127.4.239:139 tcp
N/A 10.127.4.240:139 tcp
N/A 10.127.4.241:139 tcp
N/A 10.127.4.243:139 tcp
N/A 10.127.4.245:139 tcp
N/A 10.127.4.246:139 tcp
N/A 10.127.4.247:139 tcp
N/A 10.127.4.249:139 tcp
N/A 10.127.4.250:139 tcp
N/A 10.127.4.251:139 tcp
N/A 10.127.4.255:139 tcp
N/A 10.127.5.0:139 tcp
N/A 10.127.4.134:139 tcp
N/A 10.127.4.135:139 tcp
N/A 10.127.4.136:139 tcp
N/A 10.127.4.137:139 tcp
N/A 10.127.4.139:139 tcp
N/A 10.127.4.140:139 tcp
N/A 10.127.4.141:139 tcp
N/A 10.127.4.142:139 tcp
N/A 10.127.4.143:139 tcp
N/A 10.127.4.144:139 tcp
N/A 10.127.4.145:139 tcp
N/A 10.127.4.146:139 tcp
N/A 10.127.4.147:139 tcp
N/A 10.127.4.148:139 tcp
N/A 10.127.4.149:139 tcp
N/A 10.127.4.150:139 tcp
N/A 10.127.4.151:139 tcp
N/A 10.127.4.152:139 tcp
N/A 10.127.4.153:139 tcp
N/A 10.127.4.154:139 tcp
N/A 10.127.4.155:139 tcp
N/A 10.127.4.156:139 tcp
N/A 10.127.4.158:139 tcp
N/A 10.127.4.159:139 tcp
N/A 10.127.4.160:139 tcp
N/A 10.127.4.161:139 tcp
N/A 10.127.4.162:139 tcp
N/A 10.127.4.163:139 tcp
N/A 10.127.4.164:139 tcp
N/A 10.127.4.165:139 tcp
N/A 10.127.4.166:139 tcp
N/A 10.127.4.167:139 tcp
N/A 10.127.4.168:139 tcp
N/A 10.127.4.169:139 tcp
N/A 10.127.4.170:139 tcp
N/A 10.127.4.171:139 tcp
N/A 10.127.4.172:139 tcp
N/A 10.127.4.173:139 tcp
N/A 10.127.4.174:139 tcp
N/A 10.127.4.175:139 tcp
N/A 10.127.4.176:139 tcp
N/A 10.127.4.177:139 tcp
N/A 10.127.4.178:139 tcp
N/A 10.127.4.179:139 tcp
N/A 10.127.4.180:139 tcp
N/A 10.127.4.181:139 tcp
N/A 10.127.4.182:139 tcp
N/A 10.127.4.183:139 tcp
N/A 10.127.4.184:139 tcp
N/A 10.127.4.185:139 tcp
N/A 10.127.4.186:139 tcp
N/A 10.127.4.187:139 tcp
N/A 10.127.4.188:139 tcp
N/A 10.127.4.189:139 tcp
N/A 10.127.4.190:139 tcp
N/A 10.127.4.191:139 tcp
N/A 10.127.4.192:139 tcp
N/A 10.127.5.201:139 tcp
N/A 10.127.5.95:139 tcp
N/A 10.127.5.96:139 tcp
N/A 10.127.5.202:139 tcp
N/A 10.127.5.97:139 tcp
N/A 10.127.5.203:139 tcp
N/A 10.127.5.98:139 tcp
N/A 10.127.5.99:139 tcp
N/A 10.127.5.204:139 tcp
N/A 10.127.5.100:139 tcp
N/A 10.127.5.205:139 tcp
N/A 10.127.5.101:139 tcp
N/A 10.127.5.102:139 tcp
N/A 10.127.5.206:139 tcp
N/A 10.127.5.103:139 tcp
N/A 10.127.5.104:139 tcp
N/A 10.127.5.207:139 tcp
N/A 10.127.5.105:139 tcp
N/A 10.127.5.106:139 tcp
N/A 10.127.5.107:139 tcp
N/A 10.127.5.208:139 tcp
N/A 10.127.5.108:139 tcp
N/A 10.127.5.209:139 tcp
N/A 10.127.5.109:139 tcp
N/A 10.127.5.110:139 tcp
N/A 10.127.5.210:139 tcp
N/A 10.127.5.111:139 tcp
N/A 10.127.5.211:139 tcp
N/A 10.127.5.112:139 tcp
N/A 10.127.5.113:139 tcp
N/A 10.127.5.212:139 tcp
N/A 10.127.5.114:139 tcp
N/A 10.127.5.115:139 tcp
N/A 10.127.5.116:139 tcp
N/A 10.127.5.213:139 tcp
N/A 10.127.5.117:139 tcp
N/A 10.127.5.118:139 tcp
N/A 10.127.5.214:139 tcp
N/A 10.127.5.119:139 tcp
N/A 10.127.5.120:139 tcp
N/A 10.127.5.215:139 tcp
N/A 10.127.5.121:139 tcp
N/A 10.127.5.122:139 tcp
N/A 10.127.5.123:139 tcp
N/A 10.127.5.124:139 tcp
N/A 10.127.5.216:139 tcp
N/A 10.127.5.125:139 tcp
N/A 10.127.5.217:139 tcp
N/A 10.127.5.126:139 tcp
N/A 10.127.5.127:139 tcp
N/A 10.127.5.218:139 tcp
N/A 10.127.5.128:139 tcp
N/A 10.127.5.219:139 tcp
N/A 10.127.5.220:139 tcp
N/A 10.127.5.221:139 tcp
N/A 10.127.5.222:139 tcp
N/A 10.127.5.223:139 tcp
N/A 10.127.5.224:139 tcp
N/A 10.127.5.225:139 tcp
N/A 10.127.5.226:139 tcp
N/A 10.127.5.227:139 tcp
N/A 10.127.5.228:139 tcp
N/A 10.127.5.229:139 tcp
N/A 10.127.5.230:139 tcp
N/A 10.127.5.231:139 tcp
N/A 10.127.5.232:139 tcp
N/A 10.127.5.233:139 tcp
N/A 10.127.5.234:139 tcp
N/A 10.127.5.235:139 tcp
N/A 10.127.5.236:139 tcp
N/A 10.127.5.237:139 tcp
N/A 10.127.5.238:139 tcp
N/A 10.127.5.239:139 tcp
N/A 10.127.5.240:139 tcp
N/A 10.127.5.241:139 tcp
N/A 10.127.5.242:139 tcp
N/A 10.127.5.243:139 tcp
N/A 10.127.5.244:139 tcp
N/A 10.127.5.245:139 tcp
N/A 10.127.5.246:139 tcp
N/A 10.127.5.247:139 tcp
N/A 10.127.5.248:139 tcp
N/A 10.127.5.249:139 tcp
N/A 10.127.5.250:139 tcp
N/A 10.127.5.251:139 tcp
N/A 10.127.5.252:139 tcp
N/A 10.127.5.253:139 tcp
N/A 10.127.5.254:139 tcp
N/A 10.127.5.255:139 tcp
N/A 10.127.6.0:139 tcp
N/A 10.127.6.62:139 tcp
N/A 10.127.6.25:139 tcp
N/A 10.127.6.28:139 tcp
N/A 10.127.6.37:139 tcp
N/A 10.127.6.7:139 tcp
N/A 10.127.6.9:139 tcp
N/A 10.127.6.19:139 tcp
N/A 10.127.6.5:139 tcp
N/A 10.127.6.18:139 tcp
N/A 10.127.6.14:139 tcp
N/A 10.127.6.42:139 tcp
N/A 10.127.6.54:139 tcp
N/A 10.127.6.3:139 tcp
N/A 10.127.6.17:139 tcp
N/A 10.127.6.1:139 tcp
N/A 10.127.6.16:139 tcp
N/A 10.127.6.8:139 tcp
N/A 10.127.6.15:139 tcp
N/A 10.127.6.20:139 tcp
N/A 10.127.6.35:139 tcp
N/A 10.127.6.50:139 tcp
N/A 10.127.6.45:139 tcp
N/A 10.127.6.46:139 tcp
N/A 10.127.6.78:139 tcp
N/A 10.127.6.63:139 tcp
N/A 10.127.6.76:139 tcp
N/A 10.127.6.51:139 tcp
N/A 10.127.6.58:139 tcp
N/A 10.127.6.68:139 tcp
N/A 10.127.6.36:139 tcp
N/A 10.127.6.70:139 tcp
N/A 10.127.6.10:139 tcp
N/A 10.127.6.29:139 tcp
N/A 10.127.6.34:139 tcp
N/A 10.127.6.26:139 tcp
N/A 10.127.6.206:139 tcp
N/A 10.127.6.2:139 tcp
N/A 10.127.6.48:139 tcp
N/A 10.127.6.72:139 tcp
N/A 10.127.6.11:139 tcp
N/A 10.127.6.205:139 tcp
N/A 10.127.6.74:139 tcp
N/A 10.127.6.4:139 tcp
N/A 10.127.6.39:139 tcp
N/A 10.127.6.53:139 tcp
N/A 10.127.6.77:139 tcp
N/A 10.127.6.57:139 tcp
N/A 10.127.6.38:139 tcp
N/A 10.127.6.43:139 tcp
N/A 10.127.6.64:139 tcp
N/A 10.127.6.22:139 tcp
N/A 10.127.6.32:139 tcp
N/A 10.127.6.52:139 tcp
N/A 10.127.6.55:139 tcp
N/A 10.127.6.13:139 tcp
N/A 10.127.6.21:139 tcp
N/A 10.127.6.209:139 tcp
N/A 10.127.6.44:139 tcp
N/A 10.127.6.59:139 tcp
N/A 10.127.6.61:139 tcp
N/A 10.127.6.31:139 tcp
N/A 10.127.6.196:139 tcp
N/A 10.127.6.199:139 tcp
N/A 10.127.6.24:139 tcp
N/A 10.127.6.33:139 tcp
N/A 10.127.6.65:139 tcp
N/A 10.127.6.80:139 tcp
N/A 10.127.6.12:139 tcp
N/A 10.127.6.81:139 tcp
N/A 10.127.6.6:139 tcp
N/A 10.127.6.23:139 tcp
N/A 10.127.6.27:139 tcp
N/A 10.127.6.30:139 tcp
N/A 10.127.6.40:139 tcp
N/A 10.127.6.41:139 tcp
N/A 10.127.6.47:139 tcp
N/A 10.127.6.49:139 tcp
N/A 10.127.6.56:139 tcp
N/A 10.127.6.60:139 tcp
N/A 10.127.6.66:139 tcp
N/A 10.127.6.67:139 tcp
N/A 10.127.6.69:139 tcp
N/A 10.127.6.71:139 tcp
N/A 10.127.6.73:139 tcp
N/A 10.127.6.75:139 tcp
N/A 10.127.6.79:139 tcp
N/A 10.127.6.82:139 tcp
N/A 10.127.6.83:139 tcp
N/A 10.127.6.84:139 tcp
N/A 10.127.6.85:139 tcp
N/A 10.127.6.86:139 tcp
N/A 10.127.6.87:139 tcp
N/A 10.127.6.88:139 tcp
N/A 10.127.6.89:139 tcp
N/A 10.127.6.90:139 tcp
N/A 10.127.6.91:139 tcp
N/A 10.127.6.92:139 tcp
N/A 10.127.6.93:139 tcp
N/A 10.127.6.94:139 tcp
N/A 10.127.6.95:139 tcp
N/A 10.127.6.96:139 tcp
N/A 10.127.6.97:139 tcp
N/A 10.127.6.98:139 tcp
N/A 10.127.6.99:139 tcp
N/A 10.127.6.100:139 tcp
N/A 10.127.6.101:139 tcp
N/A 10.127.6.102:139 tcp
N/A 10.127.6.103:139 tcp
N/A 10.127.6.104:139 tcp
N/A 10.127.6.105:139 tcp
N/A 10.127.6.106:139 tcp
N/A 10.127.6.107:139 tcp
N/A 10.127.6.108:139 tcp
N/A 10.127.6.109:139 tcp
N/A 10.127.6.110:139 tcp
N/A 10.127.6.111:139 tcp
N/A 10.127.6.112:139 tcp
N/A 10.127.6.113:139 tcp
N/A 10.127.6.114:139 tcp
N/A 10.127.6.115:139 tcp
N/A 10.127.6.116:139 tcp
N/A 10.127.6.117:139 tcp
N/A 10.127.6.118:139 tcp
N/A 10.127.6.119:139 tcp
N/A 10.127.6.120:139 tcp
N/A 10.127.6.121:139 tcp
N/A 10.127.6.122:139 tcp
N/A 10.127.6.123:139 tcp
N/A 10.127.6.124:139 tcp
N/A 10.127.6.125:139 tcp
N/A 10.127.6.126:139 tcp
N/A 10.127.6.127:139 tcp
N/A 10.127.6.128:139 tcp
N/A 10.127.6.193:139 tcp
N/A 10.127.6.194:139 tcp
N/A 10.127.6.195:139 tcp
N/A 10.127.6.197:139 tcp
N/A 10.127.6.198:139 tcp
N/A 10.127.6.200:139 tcp
N/A 10.127.6.201:139 tcp
N/A 10.127.6.202:139 tcp
N/A 10.127.6.203:139 tcp
N/A 10.127.6.204:139 tcp
N/A 10.127.6.207:139 tcp
N/A 10.127.6.208:139 tcp
N/A 10.127.6.210:139 tcp
N/A 10.127.6.211:139 tcp
N/A 10.127.6.212:139 tcp
N/A 10.127.6.213:139 tcp
N/A 10.127.6.214:139 tcp
N/A 10.127.6.215:139 tcp
N/A 10.127.6.216:139 tcp
N/A 10.127.6.217:139 tcp
N/A 10.127.6.218:139 tcp
N/A 10.127.6.219:139 tcp
N/A 10.127.6.220:139 tcp
N/A 10.127.6.221:139 tcp
N/A 10.127.6.222:139 tcp
N/A 10.127.6.223:139 tcp
N/A 10.127.6.224:139 tcp
N/A 10.127.6.225:139 tcp
N/A 10.127.6.226:139 tcp
N/A 10.127.6.227:139 tcp
N/A 10.127.6.228:139 tcp
N/A 10.127.6.229:139 tcp
N/A 10.127.6.230:139 tcp
N/A 10.127.6.231:139 tcp
N/A 10.127.6.232:139 tcp
N/A 10.127.6.233:139 tcp
N/A 10.127.6.234:139 tcp
N/A 10.127.6.235:139 tcp
N/A 10.127.6.236:139 tcp
N/A 10.127.6.237:139 tcp
N/A 10.127.6.238:139 tcp
N/A 10.127.6.239:139 tcp
N/A 10.127.6.240:139 tcp
N/A 10.127.6.241:139 tcp
N/A 10.127.6.242:139 tcp
N/A 10.127.6.243:139 tcp
N/A 10.127.6.244:139 tcp
N/A 10.127.6.245:139 tcp
N/A 10.127.6.246:139 tcp
N/A 10.127.6.247:139 tcp
N/A 10.127.6.248:139 tcp
N/A 10.127.6.249:139 tcp
N/A 10.127.6.250:139 tcp
N/A 10.127.6.251:139 tcp
N/A 10.127.6.252:139 tcp
N/A 10.127.6.253:139 tcp
N/A 10.127.6.254:139 tcp
N/A 10.127.6.255:139 tcp
N/A 10.127.7.0:139 tcp
N/A 10.127.6.129:139 tcp
N/A 10.127.6.130:139 tcp
N/A 10.127.6.131:139 tcp
N/A 10.127.6.132:139 tcp
N/A 10.127.6.133:139 tcp
N/A 10.127.6.134:139 tcp
N/A 10.127.6.135:139 tcp
N/A 10.127.6.136:139 tcp
N/A 10.127.6.137:139 tcp
N/A 10.127.6.138:139 tcp
N/A 10.127.6.139:139 tcp
N/A 10.127.6.140:139 tcp
N/A 10.127.6.141:139 tcp
N/A 10.127.6.142:139 tcp
N/A 10.127.6.143:139 tcp
N/A 10.127.6.144:139 tcp
N/A 10.127.6.145:139 tcp
N/A 10.127.6.146:139 tcp
N/A 10.127.6.147:139 tcp
N/A 10.127.6.148:139 tcp
N/A 10.127.6.149:139 tcp
N/A 10.127.6.150:139 tcp
N/A 10.127.6.151:139 tcp
N/A 10.127.6.152:139 tcp
N/A 10.127.6.153:139 tcp
N/A 10.127.6.154:139 tcp
N/A 10.127.6.155:139 tcp
N/A 10.127.6.156:139 tcp
N/A 10.127.6.157:139 tcp
N/A 10.127.6.158:139 tcp
N/A 10.127.6.159:139 tcp
N/A 10.127.6.160:139 tcp
N/A 10.127.6.161:139 tcp
N/A 10.127.6.162:139 tcp
N/A 10.127.6.163:139 tcp
N/A 10.127.6.164:139 tcp
N/A 10.127.6.165:139 tcp
N/A 10.127.6.166:139 tcp
N/A 10.127.6.167:139 tcp
N/A 10.127.6.168:139 tcp
N/A 10.127.6.169:139 tcp
N/A 10.127.6.170:139 tcp
N/A 10.127.6.171:139 tcp
N/A 10.127.6.172:139 tcp
N/A 10.127.6.173:139 tcp
N/A 10.127.6.174:139 tcp
N/A 10.127.6.175:139 tcp
N/A 10.127.6.176:139 tcp
N/A 10.127.6.177:139 tcp
N/A 10.127.6.178:139 tcp
N/A 10.127.6.179:139 tcp
N/A 10.127.6.180:139 tcp
N/A 10.127.6.181:139 tcp
N/A 10.127.6.182:139 tcp
N/A 10.127.6.183:139 tcp
N/A 10.127.6.184:139 tcp
N/A 10.127.6.185:139 tcp
N/A 10.127.6.186:139 tcp
N/A 10.127.6.187:139 tcp
N/A 10.127.6.188:139 tcp
N/A 10.127.6.189:139 tcp
N/A 10.127.6.190:139 tcp
N/A 10.127.6.191:139 tcp
N/A 10.127.6.192:139 tcp
N/A 10.127.7.1:139 tcp
N/A 10.127.7.2:139 tcp
N/A 10.127.7.3:139 tcp
N/A 10.127.7.4:139 tcp
N/A 10.127.7.5:139 tcp
N/A 10.127.7.6:139 tcp
N/A 10.127.7.7:139 tcp
N/A 10.127.7.8:139 tcp
N/A 10.127.7.9:139 tcp
N/A 10.127.7.10:139 tcp
N/A 10.127.7.11:139 tcp
N/A 10.127.7.12:139 tcp
N/A 10.127.7.13:139 tcp
N/A 10.127.7.14:139 tcp
N/A 10.127.7.15:139 tcp
N/A 10.127.7.16:139 tcp
N/A 10.127.7.17:139 tcp
N/A 10.127.7.18:139 tcp
N/A 10.127.7.19:139 tcp
N/A 10.127.7.20:139 tcp
N/A 10.127.7.21:139 tcp
N/A 10.127.7.22:139 tcp
N/A 10.127.7.23:139 tcp
N/A 10.127.7.24:139 tcp
N/A 10.127.7.25:139 tcp
N/A 10.127.7.26:139 tcp
N/A 10.127.7.27:139 tcp
N/A 10.127.7.28:139 tcp
N/A 10.127.7.29:139 tcp
N/A 10.127.7.30:139 tcp
N/A 10.127.7.31:139 tcp
N/A 10.127.7.32:139 tcp
N/A 10.127.7.33:139 tcp
N/A 10.127.7.34:139 tcp
N/A 10.127.7.35:139 tcp
N/A 10.127.7.36:139 tcp
N/A 10.127.7.37:139 tcp
N/A 10.127.7.38:139 tcp
N/A 10.127.7.39:139 tcp
N/A 10.127.7.40:139 tcp
N/A 10.127.7.41:139 tcp
N/A 10.127.7.42:139 tcp
N/A 10.127.7.43:139 tcp
N/A 10.127.7.44:139 tcp
N/A 10.127.7.45:139 tcp
N/A 10.127.7.46:139 tcp
N/A 10.127.7.47:139 tcp
N/A 10.127.7.48:139 tcp
N/A 10.127.7.49:139 tcp
N/A 10.127.7.50:139 tcp
N/A 10.127.7.51:139 tcp
N/A 10.127.7.52:139 tcp
N/A 10.127.7.53:139 tcp
N/A 10.127.7.54:139 tcp
N/A 10.127.7.55:139 tcp
N/A 10.127.7.56:139 tcp
N/A 10.127.7.57:139 tcp
N/A 10.127.7.58:139 tcp
N/A 10.127.7.59:139 tcp
N/A 10.127.7.60:139 tcp
N/A 10.127.7.61:139 tcp
N/A 10.127.7.62:139 tcp
N/A 10.127.7.63:139 tcp
N/A 10.127.7.64:139 tcp
N/A 10.127.7.65:139 tcp
N/A 10.127.7.66:139 tcp
N/A 10.127.7.67:139 tcp
N/A 10.127.7.68:139 tcp
N/A 10.127.7.69:139 tcp
N/A 10.127.7.70:139 tcp
N/A 10.127.7.71:139 tcp
N/A 10.127.7.72:139 tcp
N/A 10.127.7.73:139 tcp
N/A 10.127.7.74:139 tcp
N/A 10.127.7.75:139 tcp
N/A 10.127.7.76:139 tcp
N/A 10.127.7.77:139 tcp
N/A 10.127.7.78:139 tcp
N/A 10.127.7.79:139 tcp
N/A 10.127.7.80:139 tcp
N/A 10.127.7.81:139 tcp
N/A 10.127.7.82:139 tcp
N/A 10.127.7.83:139 tcp
N/A 10.127.7.84:139 tcp
N/A 10.127.7.85:139 tcp
N/A 10.127.7.86:139 tcp
N/A 10.127.7.87:139 tcp
N/A 10.127.7.88:139 tcp
N/A 10.127.7.89:139 tcp
N/A 10.127.7.90:139 tcp
N/A 10.127.7.91:139 tcp
N/A 10.127.7.92:139 tcp
N/A 10.127.7.93:139 tcp
N/A 10.127.7.94:139 tcp
N/A 10.127.7.95:139 tcp
N/A 10.127.7.96:139 tcp
N/A 10.127.7.97:139 tcp
N/A 10.127.7.98:139 tcp
N/A 10.127.7.99:139 tcp
N/A 10.127.7.100:139 tcp
N/A 10.127.7.101:139 tcp
N/A 10.127.7.102:139 tcp
N/A 10.127.7.103:139 tcp
N/A 10.127.7.104:139 tcp
N/A 10.127.7.105:139 tcp
N/A 10.127.7.106:139 tcp
N/A 10.127.7.107:139 tcp
N/A 10.127.7.108:139 tcp
N/A 10.127.7.109:139 tcp
N/A 10.127.7.110:139 tcp
N/A 10.127.7.111:139 tcp
N/A 10.127.7.112:139 tcp
N/A 10.127.7.113:139 tcp
N/A 10.127.7.114:139 tcp
N/A 10.127.7.115:139 tcp
N/A 10.127.7.116:139 tcp
N/A 10.127.7.117:139 tcp
N/A 10.127.7.118:139 tcp
N/A 10.127.7.119:139 tcp
N/A 10.127.7.120:139 tcp
N/A 10.127.7.121:139 tcp
N/A 10.127.7.122:139 tcp
N/A 10.127.7.123:139 tcp
N/A 10.127.7.124:139 tcp
N/A 10.127.7.125:139 tcp
N/A 10.127.7.126:139 tcp
N/A 10.127.7.127:139 tcp
N/A 10.127.7.128:139 tcp
N/A 10.127.7.129:139 tcp
N/A 10.127.7.130:139 tcp
N/A 10.127.7.131:139 tcp
N/A 10.127.7.132:139 tcp
N/A 10.127.7.133:139 tcp
N/A 10.127.7.134:139 tcp
N/A 10.127.7.135:139 tcp
N/A 10.127.7.136:139 tcp
N/A 10.127.7.137:139 tcp
N/A 10.127.7.138:139 tcp
N/A 10.127.7.139:139 tcp
N/A 10.127.7.140:139 tcp
N/A 10.127.7.141:139 tcp
N/A 10.127.7.142:139 tcp
N/A 10.127.7.143:139 tcp
N/A 10.127.7.144:139 tcp
N/A 10.127.7.145:139 tcp
N/A 10.127.7.146:139 tcp
N/A 10.127.7.147:139 tcp
N/A 10.127.7.148:139 tcp
N/A 10.127.7.149:139 tcp
N/A 10.127.7.150:139 tcp
N/A 10.127.7.151:139 tcp
N/A 10.127.7.152:139 tcp
N/A 10.127.7.153:139 tcp
N/A 10.127.7.154:139 tcp
N/A 10.127.7.155:139 tcp
N/A 10.127.7.156:139 tcp
N/A 10.127.7.157:139 tcp
N/A 10.127.7.158:139 tcp
N/A 10.127.7.159:139 tcp
N/A 10.127.7.160:139 tcp
N/A 10.127.7.161:139 tcp
N/A 10.127.7.162:139 tcp
N/A 10.127.7.163:139 tcp
N/A 10.127.7.164:139 tcp
N/A 10.127.7.165:139 tcp
N/A 10.127.7.166:139 tcp
N/A 10.127.7.167:139 tcp
N/A 10.127.7.168:139 tcp
N/A 10.127.7.169:139 tcp
N/A 10.127.7.170:139 tcp
N/A 10.127.7.171:139 tcp
N/A 10.127.7.172:139 tcp
N/A 10.127.7.173:139 tcp
N/A 10.127.7.174:139 tcp
N/A 10.127.7.175:139 tcp
N/A 10.127.7.176:139 tcp
N/A 10.127.7.177:139 tcp
N/A 10.127.7.178:139 tcp
N/A 10.127.7.179:139 tcp
N/A 10.127.7.180:139 tcp
N/A 10.127.7.181:139 tcp
N/A 10.127.7.182:139 tcp
N/A 10.127.7.183:139 tcp
N/A 10.127.7.184:139 tcp
N/A 10.127.7.185:139 tcp
N/A 10.127.7.186:139 tcp
N/A 10.127.7.187:139 tcp
N/A 10.127.7.188:139 tcp
N/A 10.127.7.189:139 tcp
N/A 10.127.7.190:139 tcp
N/A 10.127.7.191:139 tcp
N/A 10.127.7.192:139 tcp
N/A 10.127.7.193:139 tcp
N/A 10.127.7.194:139 tcp
N/A 10.127.7.195:139 tcp
N/A 10.127.7.196:139 tcp
N/A 10.127.7.197:139 tcp
N/A 10.127.7.198:139 tcp
N/A 10.127.7.199:139 tcp
N/A 10.127.7.200:139 tcp
N/A 10.127.7.201:139 tcp
N/A 10.127.7.202:139 tcp
N/A 10.127.7.203:139 tcp
N/A 10.127.7.204:139 tcp
N/A 10.127.7.205:139 tcp
N/A 10.127.7.206:139 tcp
N/A 10.127.7.207:139 tcp
N/A 10.127.7.208:139 tcp
N/A 10.127.7.209:139 tcp
N/A 10.127.7.210:139 tcp
N/A 10.127.7.211:139 tcp
N/A 10.127.7.212:139 tcp
N/A 10.127.7.213:139 tcp
N/A 10.127.7.214:139 tcp
N/A 10.127.7.215:139 tcp
N/A 10.127.7.216:139 tcp
N/A 10.127.7.217:139 tcp
N/A 10.127.7.218:139 tcp
N/A 10.127.7.219:139 tcp
N/A 10.127.7.220:139 tcp
N/A 10.127.7.221:139 tcp
N/A 10.127.7.222:139 tcp
N/A 10.127.7.223:139 tcp
N/A 10.127.7.224:139 tcp
N/A 10.127.7.225:139 tcp
N/A 10.127.7.226:139 tcp
N/A 10.127.7.227:139 tcp
N/A 10.127.7.228:139 tcp
N/A 10.127.7.229:139 tcp
N/A 10.127.7.230:139 tcp
N/A 10.127.7.231:139 tcp
N/A 10.127.7.232:139 tcp
N/A 10.127.7.233:139 tcp
N/A 10.127.7.234:139 tcp
N/A 10.127.7.235:139 tcp
N/A 10.127.7.236:139 tcp
N/A 10.127.7.237:139 tcp
N/A 10.127.7.238:139 tcp
N/A 10.127.7.239:139 tcp
N/A 10.127.7.240:139 tcp
N/A 10.127.7.241:139 tcp
N/A 10.127.7.242:139 tcp
N/A 10.127.7.243:139 tcp
N/A 10.127.7.244:139 tcp
N/A 10.127.7.245:139 tcp
N/A 10.127.7.246:139 tcp
N/A 10.127.7.247:139 tcp
N/A 10.127.7.248:139 tcp
N/A 10.127.7.249:139 tcp
N/A 10.127.7.250:139 tcp
N/A 10.127.7.251:139 tcp
N/A 10.127.7.252:139 tcp
N/A 10.127.7.253:139 tcp
N/A 10.127.7.254:139 tcp
N/A 10.127.7.255:139 tcp
N/A 10.127.8.0:139 tcp
N/A 10.127.8.41:139 tcp
N/A 10.127.8.53:139 tcp
N/A 10.127.8.6:139 tcp
N/A 10.127.8.26:139 tcp
N/A 10.127.8.38:139 tcp
N/A 10.127.8.1:139 tcp
N/A 10.127.8.57:139 tcp
N/A 10.127.8.17:139 tcp
N/A 10.127.8.63:139 tcp
N/A 10.127.8.36:139 tcp
N/A 10.127.8.21:139 tcp
N/A 10.127.8.32:139 tcp
N/A 10.127.8.43:139 tcp
N/A 10.127.8.5:139 tcp
N/A 10.127.8.22:139 tcp
N/A 10.127.8.60:139 tcp
N/A 10.127.8.30:139 tcp
N/A 10.127.8.2:139 tcp
N/A 10.127.8.37:139 tcp
N/A 10.127.8.46:139 tcp
N/A 10.127.8.62:139 tcp
N/A 10.127.8.4:139 tcp
N/A 10.127.8.19:139 tcp
N/A 10.127.8.59:139 tcp
N/A 10.127.8.25:139 tcp
N/A 10.127.8.11:139 tcp
N/A 10.127.8.34:139 tcp
N/A 10.127.8.49:139 tcp
N/A 10.127.8.56:139 tcp
N/A 10.127.8.61:139 tcp
N/A 10.127.8.58:139 tcp
N/A 10.127.8.23:139 tcp
N/A 10.127.8.50:139 tcp
N/A 10.127.8.39:139 tcp
N/A 10.127.8.3:139 tcp
N/A 10.127.8.40:139 tcp
N/A 10.127.8.28:139 tcp
N/A 10.127.8.78:139 tcp
N/A 10.127.8.7:139 tcp
N/A 10.127.8.88:139 tcp
N/A 10.127.8.42:139 tcp
N/A 10.127.8.51:139 tcp
N/A 10.127.8.15:139 tcp
N/A 10.127.8.27:139 tcp
N/A 10.127.8.52:139 tcp
N/A 10.127.8.13:139 tcp
N/A 10.127.8.20:139 tcp
N/A 10.127.8.91:139 tcp
N/A 10.127.8.45:139 tcp
N/A 10.127.8.9:139 tcp
N/A 10.127.8.92:139 tcp
N/A 10.127.8.74:139 tcp
N/A 10.127.8.68:139 tcp
N/A 10.127.8.75:139 tcp
N/A 10.127.8.84:139 tcp
N/A 10.127.8.55:139 tcp
N/A 10.127.8.85:139 tcp
N/A 10.127.8.8:139 tcp
N/A 10.127.8.72:139 tcp
N/A 10.127.8.47:139 tcp
N/A 10.127.8.48:139 tcp
N/A 10.127.8.24:139 tcp
N/A 10.127.8.66:139 tcp
N/A 10.127.8.79:139 tcp
N/A 10.127.8.87:139 tcp
N/A 10.127.8.89:139 tcp
N/A 10.127.8.151:139 tcp
N/A 10.127.8.90:139 tcp
N/A 10.127.8.16:139 tcp
N/A 10.127.8.33:139 tcp
N/A 10.127.8.44:139 tcp
N/A 10.127.8.69:139 tcp
N/A 10.127.8.96:139 tcp
N/A 10.127.8.137:139 tcp
N/A 10.127.8.29:139 tcp
N/A 10.127.8.35:139 tcp
N/A 10.127.8.70:139 tcp
N/A 10.127.8.12:139 tcp
N/A 10.127.8.54:139 tcp
N/A 10.127.8.64:139 tcp
N/A 10.127.8.18:139 tcp
N/A 10.127.8.14:139 tcp
N/A 10.127.8.10:139 tcp
N/A 10.127.8.99:139 tcp
N/A 10.127.9.78:139 tcp
N/A 10.127.8.31:139 tcp
N/A 10.127.8.97:139 tcp
N/A 10.127.8.140:139 tcp
N/A 10.127.9.74:139 tcp
N/A 10.127.8.94:139 tcp
N/A 10.127.8.67:139 tcp
N/A 10.127.8.73:139 tcp
N/A 10.127.8.150:139 tcp
N/A 10.127.9.65:139 tcp
N/A 10.127.8.93:139 tcp
N/A 10.127.8.86:139 tcp
N/A 10.127.8.65:139 tcp
N/A 10.127.8.71:139 tcp
N/A 10.127.8.76:139 tcp
N/A 10.127.8.77:139 tcp
N/A 10.127.8.80:139 tcp
N/A 10.127.8.81:139 tcp
N/A 10.127.8.82:139 tcp
N/A 10.127.8.83:139 tcp
N/A 10.127.8.95:139 tcp
N/A 10.127.8.98:139 tcp
N/A 10.127.8.100:139 tcp
N/A 10.127.8.101:139 tcp
N/A 10.127.8.102:139 tcp
N/A 10.127.8.103:139 tcp
N/A 10.127.8.104:139 tcp
N/A 10.127.8.105:139 tcp
N/A 10.127.8.106:139 tcp
N/A 10.127.8.107:139 tcp
N/A 10.127.8.108:139 tcp
N/A 10.127.8.109:139 tcp
N/A 10.127.8.110:139 tcp
N/A 10.127.8.111:139 tcp
N/A 10.127.8.112:139 tcp
N/A 10.127.8.113:139 tcp
N/A 10.127.8.114:139 tcp
N/A 10.127.8.115:139 tcp
N/A 10.127.8.116:139 tcp
N/A 10.127.8.117:139 tcp
N/A 10.127.8.118:139 tcp
N/A 10.127.8.119:139 tcp
N/A 10.127.8.120:139 tcp
N/A 10.127.8.121:139 tcp
N/A 10.127.8.122:139 tcp
N/A 10.127.8.123:139 tcp
N/A 10.127.8.124:139 tcp
N/A 10.127.8.125:139 tcp
N/A 10.127.8.126:139 tcp
N/A 10.127.8.127:139 tcp
N/A 10.127.8.128:139 tcp
N/A 10.127.8.129:139 tcp
N/A 10.127.8.130:139 tcp
N/A 10.127.8.131:139 tcp
N/A 10.127.8.132:139 tcp
N/A 10.127.8.133:139 tcp
N/A 10.127.8.134:139 tcp
N/A 10.127.8.135:139 tcp
N/A 10.127.8.136:139 tcp
N/A 10.127.8.138:139 tcp
N/A 10.127.8.139:139 tcp
N/A 10.127.8.141:139 tcp
N/A 10.127.8.142:139 tcp
N/A 10.127.8.143:139 tcp
N/A 10.127.8.144:139 tcp
N/A 10.127.8.145:139 tcp
N/A 10.127.8.146:139 tcp
N/A 10.127.8.147:139 tcp
N/A 10.127.8.148:139 tcp
N/A 10.127.8.149:139 tcp
N/A 10.127.8.193:139 tcp
N/A 10.127.8.194:139 tcp
N/A 10.127.8.195:139 tcp
N/A 10.127.8.196:139 tcp
N/A 10.127.8.197:139 tcp
N/A 10.127.8.198:139 tcp
N/A 10.127.8.199:139 tcp
N/A 10.127.8.200:139 tcp
N/A 10.127.8.201:139 tcp
N/A 10.127.8.202:139 tcp
N/A 10.127.8.203:139 tcp
N/A 10.127.8.204:139 tcp
N/A 10.127.8.205:139 tcp
N/A 10.127.8.206:139 tcp
N/A 10.127.8.207:139 tcp
N/A 10.127.8.208:139 tcp
N/A 10.127.8.209:139 tcp
N/A 10.127.8.210:139 tcp
N/A 10.127.8.211:139 tcp
N/A 10.127.8.212:139 tcp
N/A 10.127.8.213:139 tcp
N/A 10.127.8.214:139 tcp
N/A 10.127.8.215:139 tcp
N/A 10.127.8.216:139 tcp
N/A 10.127.8.217:139 tcp
N/A 10.127.8.218:139 tcp
N/A 10.127.8.219:139 tcp
N/A 10.127.8.220:139 tcp
N/A 10.127.8.221:139 tcp
N/A 10.127.8.222:139 tcp
N/A 10.127.8.223:139 tcp
N/A 10.127.8.224:139 tcp
N/A 10.127.8.225:139 tcp
N/A 10.127.8.226:139 tcp
N/A 10.127.8.227:139 tcp
N/A 10.127.8.228:139 tcp
N/A 10.127.8.229:139 tcp
N/A 10.127.8.230:139 tcp
N/A 10.127.8.231:139 tcp
N/A 10.127.8.232:139 tcp
N/A 10.127.8.233:139 tcp
N/A 10.127.8.234:139 tcp
N/A 10.127.8.235:139 tcp
N/A 10.127.8.236:139 tcp
N/A 10.127.8.237:139 tcp
N/A 10.127.8.238:139 tcp
N/A 10.127.8.239:139 tcp
N/A 10.127.8.240:139 tcp
N/A 10.127.8.241:139 tcp
N/A 10.127.8.242:139 tcp
N/A 10.127.8.243:139 tcp
N/A 10.127.8.244:139 tcp
N/A 10.127.8.245:139 tcp
N/A 10.127.8.246:139 tcp
N/A 10.127.8.247:139 tcp
N/A 10.127.8.248:139 tcp
N/A 10.127.8.249:139 tcp
N/A 10.127.8.250:139 tcp
N/A 10.127.8.251:139 tcp
N/A 10.127.8.252:139 tcp
N/A 10.127.8.253:139 tcp
N/A 10.127.8.254:139 tcp
N/A 10.127.8.255:139 tcp
N/A 10.127.9.0:139 tcp
N/A 10.127.8.152:139 tcp
N/A 10.127.8.153:139 tcp
N/A 10.127.8.154:139 tcp
N/A 10.127.8.155:139 tcp
N/A 10.127.8.156:139 tcp
N/A 10.127.8.157:139 tcp
N/A 10.127.8.158:139 tcp
N/A 10.127.8.159:139 tcp
N/A 10.127.8.160:139 tcp
N/A 10.127.8.161:139 tcp
N/A 10.127.8.162:139 tcp
N/A 10.127.8.163:139 tcp
N/A 10.127.8.164:139 tcp
N/A 10.127.8.165:139 tcp
N/A 10.127.8.166:139 tcp
N/A 10.127.8.167:139 tcp
N/A 10.127.8.168:139 tcp
N/A 10.127.8.169:139 tcp
N/A 10.127.8.170:139 tcp
N/A 10.127.8.171:139 tcp
N/A 10.127.8.172:139 tcp
N/A 10.127.8.173:139 tcp
N/A 10.127.8.174:139 tcp
N/A 10.127.8.175:139 tcp
N/A 10.127.8.176:139 tcp
N/A 10.127.8.177:139 tcp
N/A 10.127.8.178:139 tcp
N/A 10.127.8.179:139 tcp
N/A 10.127.8.180:139 tcp
N/A 10.127.8.181:139 tcp
N/A 10.127.8.182:139 tcp
N/A 10.127.8.183:139 tcp
N/A 10.127.8.184:139 tcp
N/A 10.127.8.185:139 tcp
N/A 10.127.8.186:139 tcp
N/A 10.127.8.187:139 tcp
N/A 10.127.8.188:139 tcp
N/A 10.127.8.189:139 tcp
N/A 10.127.8.190:139 tcp
N/A 10.127.8.191:139 tcp
N/A 10.127.8.192:139 tcp
N/A 10.127.9.1:139 tcp
N/A 10.127.9.2:139 tcp
N/A 10.127.9.3:139 tcp
N/A 10.127.9.4:139 tcp
N/A 10.127.9.5:139 tcp
N/A 10.127.9.6:139 tcp
N/A 10.127.9.7:139 tcp
N/A 10.127.9.8:139 tcp
N/A 10.127.9.9:139 tcp
N/A 10.127.9.10:139 tcp
N/A 10.127.9.11:139 tcp
N/A 10.127.9.12:139 tcp
N/A 10.127.9.13:139 tcp
N/A 10.127.9.14:139 tcp
N/A 10.127.9.15:139 tcp
N/A 10.127.9.16:139 tcp
N/A 10.127.9.17:139 tcp
N/A 10.127.9.18:139 tcp
N/A 10.127.9.19:139 tcp
N/A 10.127.9.20:139 tcp
N/A 10.127.9.21:139 tcp
N/A 10.127.9.22:139 tcp
N/A 10.127.9.23:139 tcp
N/A 10.127.9.24:139 tcp
N/A 10.127.9.25:139 tcp
N/A 10.127.9.26:139 tcp
N/A 10.127.9.27:139 tcp
N/A 10.127.9.28:139 tcp
N/A 10.127.9.29:139 tcp
N/A 10.127.9.30:139 tcp
N/A 10.127.9.31:139 tcp
N/A 10.127.9.32:139 tcp
N/A 10.127.9.33:139 tcp
N/A 10.127.9.34:139 tcp
N/A 10.127.9.35:139 tcp
N/A 10.127.9.36:139 tcp
N/A 10.127.9.37:139 tcp
N/A 10.127.9.38:139 tcp
N/A 10.127.9.39:139 tcp
N/A 10.127.9.40:139 tcp
N/A 10.127.9.41:139 tcp
N/A 10.127.9.42:139 tcp
N/A 10.127.9.43:139 tcp
N/A 10.127.9.44:139 tcp
N/A 10.127.9.45:139 tcp
N/A 10.127.9.46:139 tcp
N/A 10.127.9.47:139 tcp
N/A 10.127.9.48:139 tcp
N/A 10.127.9.49:139 tcp
N/A 10.127.9.50:139 tcp
N/A 10.127.9.51:139 tcp
N/A 10.127.9.52:139 tcp
N/A 10.127.9.53:139 tcp
N/A 10.127.9.54:139 tcp
N/A 10.127.9.55:139 tcp
N/A 10.127.9.56:139 tcp
N/A 10.127.9.57:139 tcp
N/A 10.127.9.58:139 tcp
N/A 10.127.9.59:139 tcp
N/A 10.127.9.60:139 tcp
N/A 10.127.9.61:139 tcp
N/A 10.127.9.62:139 tcp
N/A 10.127.9.63:139 tcp
N/A 10.127.9.64:139 tcp
N/A 10.127.9.204:139 tcp
N/A 10.127.9.132:139 tcp
N/A 10.127.9.131:139 tcp
N/A 10.127.9.136:139 tcp
N/A 10.127.9.199:139 tcp
N/A 10.127.9.193:139 tcp
N/A 10.127.9.197:139 tcp
N/A 10.127.9.135:139 tcp
N/A 10.127.9.202:139 tcp
N/A 10.127.9.70:139 tcp
N/A 10.127.9.134:139 tcp
N/A 10.127.9.195:139 tcp
N/A 10.127.9.66:139 tcp
N/A 10.127.9.79:139 tcp
N/A 10.127.9.203:139 tcp
N/A 10.127.9.80:139 tcp
N/A 10.127.9.69:139 tcp
N/A 10.127.9.76:139 tcp
N/A 10.127.9.205:139 tcp
N/A 10.127.9.75:139 tcp
N/A 10.127.9.196:139 tcp
N/A 10.127.9.129:139 tcp
N/A 10.127.9.137:139 tcp
N/A 10.127.9.201:139 tcp
N/A 10.127.9.73:139 tcp
N/A 10.127.9.133:139 tcp
N/A 10.127.9.67:139 tcp
N/A 10.127.9.130:139 tcp
N/A 10.127.9.72:139 tcp
N/A 10.127.9.68:139 tcp
N/A 10.127.9.198:139 tcp
N/A 10.127.9.194:139 tcp
N/A 10.127.9.71:139 tcp
N/A 10.127.9.77:139 tcp
N/A 10.127.9.200:139 tcp
N/A 10.127.9.107:139 tcp
N/A 10.127.9.93:139 tcp
N/A 10.127.9.84:139 tcp
N/A 10.127.9.143:139 tcp
N/A 10.127.9.86:139 tcp
N/A 10.127.9.95:139 tcp
N/A 10.127.9.207:139 tcp
N/A 10.127.9.81:139 tcp
N/A 10.127.9.141:139 tcp
N/A 10.127.9.213:139 tcp
N/A 10.127.9.211:139 tcp
N/A 10.127.9.208:139 tcp
N/A 10.127.9.83:139 tcp
N/A 10.127.9.111:139 tcp
N/A 10.127.9.92:139 tcp
N/A 10.127.9.121:139 tcp
N/A 10.127.9.144:139 tcp
N/A 10.127.9.97:139 tcp
N/A 10.127.9.161:139 tcp
N/A 10.127.9.82:139 tcp
N/A 10.127.9.88:139 tcp
N/A 10.127.9.99:139 tcp
N/A 10.127.9.108:139 tcp
N/A 10.127.9.104:139 tcp
N/A 10.127.9.112:139 tcp
N/A 10.127.9.118:139 tcp
N/A 10.127.9.106:139 tcp
N/A 10.127.9.140:139 tcp
N/A 10.127.9.127:139 tcp
N/A 10.127.9.172:139 tcp
N/A 10.127.9.87:139 tcp
N/A 10.127.9.179:139 tcp
N/A 10.127.9.126:139 tcp
N/A 10.127.9.123:139 tcp
N/A 10.127.9.119:139 tcp
N/A 10.127.9.110:139 tcp
N/A 10.127.9.116:139 tcp
N/A 10.127.9.122:139 tcp
N/A 10.127.9.148:139 tcp
N/A 10.127.9.163:139 tcp
N/A 10.127.9.125:139 tcp
N/A 10.127.9.192:139 tcp
N/A 10.127.9.128:139 tcp
N/A 10.127.9.96:139 tcp
N/A 10.127.9.114:139 tcp
N/A 10.127.9.155:139 tcp
N/A 10.127.9.89:139 tcp
N/A 10.127.9.139:139 tcp
N/A 10.127.9.102:139 tcp
N/A 10.127.9.85:139 tcp
N/A 10.127.9.109:139 tcp
N/A 10.127.9.90:139 tcp
N/A 10.127.9.91:139 tcp
N/A 10.127.9.94:139 tcp
N/A 10.127.9.98:139 tcp
N/A 10.127.9.100:139 tcp
N/A 10.127.9.101:139 tcp
N/A 10.127.9.103:139 tcp
N/A 10.127.9.105:139 tcp
N/A 10.127.9.113:139 tcp
N/A 10.127.9.115:139 tcp
N/A 10.127.9.117:139 tcp
N/A 10.127.9.120:139 tcp
N/A 10.127.9.124:139 tcp
N/A 10.127.9.138:139 tcp
N/A 10.127.9.142:139 tcp
N/A 10.127.9.145:139 tcp
N/A 10.127.9.146:139 tcp
N/A 10.127.9.147:139 tcp
N/A 10.127.9.149:139 tcp
N/A 10.127.9.150:139 tcp
N/A 10.127.9.151:139 tcp
N/A 10.127.9.152:139 tcp
N/A 10.127.9.153:139 tcp
N/A 10.127.9.154:139 tcp
N/A 10.127.9.156:139 tcp
N/A 10.127.9.157:139 tcp
N/A 10.127.9.158:139 tcp
N/A 10.127.9.159:139 tcp
N/A 10.127.9.160:139 tcp
N/A 10.127.9.162:139 tcp
N/A 10.127.9.164:139 tcp
N/A 10.127.9.165:139 tcp
N/A 10.127.9.166:139 tcp
N/A 10.127.9.167:139 tcp
N/A 10.127.9.168:139 tcp
N/A 10.127.9.169:139 tcp
N/A 10.127.9.170:139 tcp
N/A 10.127.9.171:139 tcp
N/A 10.127.9.173:139 tcp
N/A 10.127.9.174:139 tcp
N/A 10.127.9.175:139 tcp
N/A 10.127.9.176:139 tcp
N/A 10.127.9.177:139 tcp
N/A 10.127.9.178:139 tcp
N/A 10.127.9.180:139 tcp
N/A 10.127.9.181:139 tcp
N/A 10.127.9.182:139 tcp
N/A 10.127.9.183:139 tcp
N/A 10.127.9.184:139 tcp
N/A 10.127.9.185:139 tcp
N/A 10.127.9.186:139 tcp
N/A 10.127.9.187:139 tcp
N/A 10.127.9.188:139 tcp
N/A 10.127.9.189:139 tcp
N/A 10.127.9.190:139 tcp
N/A 10.127.9.191:139 tcp
N/A 10.127.9.245:139 tcp
N/A 10.127.9.215:139 tcp
N/A 10.127.9.231:139 tcp
N/A 10.127.9.226:139 tcp
N/A 10.127.9.209:139 tcp
N/A 10.127.9.255:139 tcp
N/A 10.127.9.228:139 tcp
N/A 10.127.9.234:139 tcp
N/A 10.127.9.220:139 tcp
N/A 10.127.9.253:139 tcp
N/A 10.127.10.0:139 tcp
N/A 10.127.9.229:139 tcp
N/A 10.127.9.218:139 tcp
N/A 10.127.9.250:139 tcp
N/A 10.127.9.242:139 tcp
N/A 10.127.9.221:139 tcp
N/A 10.127.9.249:139 tcp
N/A 10.127.9.239:139 tcp
N/A 10.127.9.222:139 tcp
N/A 10.127.9.224:139 tcp
N/A 10.127.9.217:139 tcp
N/A 10.127.9.237:139 tcp
N/A 10.127.9.241:139 tcp
N/A 10.127.9.210:139 tcp
N/A 10.127.9.247:139 tcp
N/A 10.127.9.223:139 tcp
N/A 10.127.9.233:139 tcp
N/A 10.127.9.206:139 tcp
N/A 10.127.9.212:139 tcp
N/A 10.127.9.214:139 tcp
N/A 10.127.9.216:139 tcp
N/A 10.127.9.219:139 tcp
N/A 10.127.9.225:139 tcp
N/A 10.127.9.227:139 tcp
N/A 10.127.9.230:139 tcp
N/A 10.127.9.232:139 tcp
N/A 10.127.9.235:139 tcp
N/A 10.127.9.236:139 tcp
N/A 10.127.9.238:139 tcp
N/A 10.127.9.240:139 tcp
N/A 10.127.9.243:139 tcp
N/A 10.127.9.244:139 tcp
N/A 10.127.9.246:139 tcp
N/A 10.127.9.248:139 tcp
N/A 10.127.9.251:139 tcp
N/A 10.127.9.252:139 tcp
N/A 10.127.9.254:139 tcp
N/A 10.127.10.22:139 tcp
N/A 10.127.10.37:139 tcp
N/A 10.127.10.39:139 tcp
N/A 10.127.10.58:139 tcp
N/A 10.127.10.52:139 tcp
N/A 10.127.10.59:139 tcp
N/A 10.127.10.53:139 tcp
N/A 10.127.10.64:139 tcp
N/A 10.127.10.12:139 tcp
N/A 10.127.10.13:139 tcp
N/A 10.127.10.1:139 tcp
N/A 10.127.10.2:139 tcp
N/A 10.127.10.3:139 tcp
N/A 10.127.10.4:139 tcp
N/A 10.127.10.5:139 tcp
N/A 10.127.10.6:139 tcp
N/A 10.127.10.7:139 tcp
N/A 10.127.10.8:139 tcp
N/A 10.127.10.9:139 tcp
N/A 10.127.10.10:139 tcp
N/A 10.127.10.11:139 tcp
N/A 10.127.10.14:139 tcp
N/A 10.127.10.15:139 tcp
N/A 10.127.10.16:139 tcp
N/A 10.127.10.17:139 tcp
N/A 10.127.10.18:139 tcp
N/A 10.127.10.19:139 tcp
N/A 10.127.10.20:139 tcp
N/A 10.127.10.21:139 tcp
N/A 10.127.10.23:139 tcp
N/A 10.127.10.24:139 tcp
N/A 10.127.10.25:139 tcp
N/A 10.127.10.26:139 tcp
N/A 10.127.10.27:139 tcp
N/A 10.127.10.28:139 tcp
N/A 10.127.10.29:139 tcp
N/A 10.127.10.30:139 tcp
N/A 10.127.10.31:139 tcp
N/A 10.127.10.32:139 tcp
N/A 10.127.10.33:139 tcp
N/A 10.127.10.34:139 tcp
N/A 10.127.10.35:139 tcp
N/A 10.127.10.36:139 tcp
N/A 10.127.10.38:139 tcp
N/A 10.127.10.40:139 tcp
N/A 10.127.10.41:139 tcp
N/A 10.127.10.42:139 tcp
N/A 10.127.10.43:139 tcp
N/A 10.127.10.44:139 tcp
N/A 10.127.10.45:139 tcp
N/A 10.127.10.46:139 tcp
N/A 10.127.10.47:139 tcp
N/A 10.127.10.48:139 tcp
N/A 10.127.10.49:139 tcp
N/A 10.127.10.50:139 tcp
N/A 10.127.10.51:139 tcp
N/A 10.127.10.54:139 tcp
N/A 10.127.10.55:139 tcp
N/A 10.127.10.56:139 tcp
N/A 10.127.10.57:139 tcp
N/A 10.127.10.60:139 tcp
N/A 10.127.10.61:139 tcp
N/A 10.127.10.62:139 tcp
N/A 10.127.10.63:139 tcp
N/A 10.127.10.94:139 tcp
N/A 10.127.10.74:139 tcp
N/A 10.127.10.78:139 tcp
N/A 10.127.10.96:139 tcp
N/A 10.127.10.92:139 tcp
N/A 10.127.10.65:139 tcp
N/A 10.127.10.73:139 tcp
N/A 10.127.10.90:139 tcp
N/A 10.127.10.133:139 tcp
N/A 10.127.10.84:139 tcp
N/A 10.127.10.199:139 tcp
N/A 10.127.10.89:139 tcp
N/A 10.127.10.131:139 tcp
N/A 10.127.10.137:139 tcp
N/A 10.127.10.76:139 tcp
N/A 10.127.10.80:139 tcp
N/A 10.127.10.93:139 tcp
N/A 10.127.10.194:139 tcp
N/A 10.127.10.77:139 tcp
N/A 10.127.10.85:139 tcp
N/A 10.127.10.88:139 tcp
N/A 10.127.10.72:139 tcp
N/A 10.127.10.130:139 tcp
N/A 10.127.10.195:139 tcp
N/A 10.127.10.135:139 tcp
N/A 10.127.11.4:139 tcp
N/A 10.127.10.69:139 tcp
N/A 10.127.10.139:139 tcp
N/A 10.127.11.70:139 tcp
N/A 10.127.10.71:139 tcp
N/A 10.127.10.91:139 tcp
N/A 10.127.10.129:139 tcp
N/A 10.127.11.1:139 tcp
N/A 10.127.11.131:139 tcp
N/A 10.127.11.132:139 tcp
N/A 10.127.10.81:139 tcp
N/A 10.127.10.95:139 tcp
N/A 10.127.11.135:139 tcp
N/A 10.127.10.75:139 tcp
N/A 10.127.10.198:139 tcp
N/A 10.127.11.7:139 tcp
N/A 10.127.11.65:139 tcp
N/A 10.127.10.68:139 tcp
N/A 10.127.10.87:139 tcp
N/A 10.127.10.66:139 tcp
N/A 10.127.11.6:139 tcp
N/A 10.127.11.68:139 tcp
N/A 10.127.11.202:139 tcp
N/A 10.127.10.70:139 tcp
N/A 10.127.10.141:139 tcp
N/A 10.127.10.158:139 tcp
N/A 10.127.11.204:139 tcp
N/A 10.127.10.136:139 tcp
N/A 10.127.11.196:139 tcp
N/A 10.127.11.209:139 tcp
N/A 10.127.11.199:139 tcp
N/A 10.127.11.2:139 tcp
N/A 10.127.11.66:139 tcp
N/A 10.127.10.157:139 tcp
N/A 10.127.10.82:139 tcp
N/A 10.127.10.134:139 tcp
N/A 10.127.11.73:139 tcp
N/A 10.127.10.79:139 tcp
N/A 10.127.11.3:139 tcp
N/A 10.127.11.67:139 tcp
N/A 10.127.11.130:139 tcp
N/A 10.127.11.211:139 tcp
N/A 10.127.10.86:139 tcp
N/A 10.127.10.140:139 tcp
N/A 10.127.10.196:139 tcp
N/A 10.127.11.197:139 tcp
N/A 10.127.11.207:139 tcp
N/A 10.127.10.193:139 tcp
N/A 10.127.11.133:139 tcp
N/A 10.127.10.138:139 tcp
N/A 10.127.10.67:139 tcp
N/A 10.127.11.134:139 tcp
N/A 10.127.10.83:139 tcp
N/A 10.127.11.206:139 tcp
N/A 10.127.10.132:139 tcp
N/A 10.127.11.198:139 tcp
N/A 10.127.11.203:139 tcp
N/A 10.127.10.124:139 tcp
N/A 10.127.10.143:139 tcp
N/A 10.127.10.147:139 tcp
N/A 10.127.10.127:139 tcp
N/A 10.127.10.197:139 tcp
N/A 10.127.10.101:139 tcp
N/A 10.127.11.129:139 tcp
N/A 10.127.11.137:139 tcp
N/A 10.127.11.138:139 tcp
N/A 10.127.11.5:139 tcp
N/A 10.127.11.139:139 tcp
N/A 10.127.11.136:139 tcp
N/A 10.127.11.194:139 tcp
N/A 10.127.10.112:139 tcp
N/A 10.127.10.109:139 tcp
N/A 10.127.10.119:139 tcp
N/A 10.127.10.142:139 tcp
N/A 10.127.11.72:139 tcp
N/A 10.127.11.69:139 tcp
N/A 10.127.10.125:139 tcp
N/A 10.127.11.201:139 tcp
N/A 10.127.11.208:139 tcp
N/A 10.127.10.102:139 tcp
N/A 10.127.10.104:139 tcp
N/A 10.127.10.116:139 tcp
N/A 10.127.10.146:139 tcp
N/A 10.127.11.195:139 tcp
N/A 10.127.10.117:139 tcp
N/A 10.127.11.71:139 tcp
N/A 10.127.10.122:139 tcp
N/A 10.127.10.100:139 tcp
N/A 10.127.10.106:139 tcp
N/A 10.127.10.118:139 tcp
N/A 10.127.10.144:139 tcp
N/A 10.127.11.205:139 tcp
N/A 10.127.10.103:139 tcp
N/A 10.127.10.107:139 tcp
N/A 10.127.11.210:139 tcp
N/A 10.127.11.200:139 tcp
N/A 10.127.10.120:139 tcp
N/A 10.127.10.123:139 tcp
N/A 10.127.10.111:139 tcp
N/A 10.127.10.113:139 tcp
N/A 10.127.10.145:139 tcp
N/A 10.127.10.97:139 tcp
N/A 10.127.10.105:139 tcp
N/A 10.127.10.98:139 tcp
N/A 10.127.11.78:139 tcp
N/A 10.127.11.91:139 tcp
N/A 10.127.11.94:139 tcp
N/A 10.127.11.84:139 tcp
N/A 10.127.11.128:139 tcp
N/A 10.127.11.193:139 tcp
N/A 10.127.11.124:139 tcp
N/A 10.127.11.87:139 tcp
N/A 10.127.11.81:139 tcp
N/A 10.127.10.121:139 tcp
N/A 10.127.11.89:139 tcp
N/A 10.127.10.128:139 tcp
N/A 10.127.11.117:139 tcp
N/A 10.127.10.110:139 tcp
N/A 10.127.11.121:139 tcp
N/A 10.127.10.114:139 tcp
N/A 10.127.10.126:139 tcp
N/A 10.127.11.125:139 tcp
N/A 10.127.10.108:139 tcp
N/A 10.127.11.88:139 tcp
N/A 10.127.11.97:139 tcp
N/A 10.127.11.112:139 tcp
N/A 10.127.11.126:139 tcp
N/A 10.127.11.93:139 tcp
N/A 10.127.11.107:139 tcp
N/A 10.127.11.85:139 tcp
N/A 10.127.11.118:139 tcp
N/A 10.127.10.99:139 tcp
N/A 10.127.10.115:139 tcp
N/A 10.127.11.99:139 tcp
N/A 10.127.11.104:139 tcp
N/A 10.127.11.123:139 tcp
N/A 10.127.11.113:139 tcp
N/A 10.127.11.74:139 tcp
N/A 10.127.11.110:139 tcp
N/A 10.127.11.111:139 tcp
N/A 10.127.11.120:139 tcp
N/A 10.127.11.92:139 tcp
N/A 10.127.11.98:139 tcp
N/A 10.127.11.77:139 tcp
N/A 10.127.11.82:139 tcp
N/A 10.127.11.86:139 tcp
N/A 10.127.11.127:139 tcp
N/A 10.127.11.101:139 tcp
N/A 10.127.11.103:139 tcp
N/A 10.127.11.115:139 tcp
N/A 10.127.11.122:139 tcp
N/A 10.127.11.108:139 tcp
N/A 10.127.11.119:139 tcp
N/A 10.127.10.204:139 tcp
N/A 10.127.10.203:139 tcp
N/A 10.127.11.100:139 tcp
N/A 10.127.10.161:139 tcp
N/A 10.127.10.166:139 tcp
N/A 10.127.10.159:139 tcp
N/A 10.127.10.172:139 tcp
N/A 10.127.10.188:139 tcp
N/A 10.127.11.80:139 tcp
N/A 10.127.10.167:139 tcp
N/A 10.127.10.176:139 tcp
N/A 10.127.11.76:139 tcp
N/A 10.127.11.109:139 tcp
N/A 10.127.10.177:139 tcp
N/A 10.127.10.148:139 tcp
N/A 10.127.10.201:139 tcp
N/A 10.127.11.96:139 tcp
N/A 10.127.11.102:139 tcp
N/A 10.127.10.156:139 tcp
N/A 10.127.10.206:139 tcp
N/A 10.127.11.90:139 tcp
N/A 10.127.10.151:139 tcp
N/A 10.127.10.164:139 tcp
N/A 10.127.10.190:139 tcp
N/A 10.127.10.191:139 tcp
N/A 10.127.11.106:139 tcp
N/A 10.127.11.75:139 tcp
N/A 10.127.11.79:139 tcp
N/A 10.127.11.83:139 tcp
N/A 10.127.10.181:139 tcp
N/A 10.127.11.95:139 tcp
N/A 10.127.10.174:139 tcp
N/A 10.127.11.114:139 tcp
N/A 10.127.10.179:139 tcp
N/A 10.127.11.105:139 tcp
N/A 10.127.11.116:139 tcp
N/A 10.127.10.200:139 tcp
N/A 10.127.10.163:139 tcp
N/A 10.127.10.186:139 tcp
N/A 10.127.10.155:139 tcp
N/A 10.127.10.182:139 tcp
N/A 10.127.10.149:139 tcp
N/A 10.127.10.154:139 tcp
N/A 10.127.10.169:139 tcp
N/A 10.127.10.153:139 tcp
N/A 10.127.10.175:139 tcp
N/A 10.127.10.173:139 tcp
N/A 10.127.10.185:139 tcp
N/A 10.127.10.183:139 tcp
N/A 10.127.10.205:139 tcp
N/A 10.127.11.162:139 tcp
N/A 10.127.10.171:139 tcp
N/A 10.127.10.187:139 tcp
N/A 10.127.10.162:139 tcp
N/A 10.127.11.189:139 tcp
N/A 10.127.10.180:139 tcp
N/A 10.127.10.184:139 tcp
N/A 10.127.10.189:139 tcp
N/A 10.127.10.202:139 tcp
N/A 10.127.11.185:139 tcp
N/A 10.127.11.163:139 tcp
N/A 10.127.10.178:139 tcp
N/A 10.127.11.188:139 tcp
N/A 10.127.10.150:139 tcp
N/A 10.127.10.160:139 tcp
N/A 10.127.10.170:139 tcp
N/A 10.127.10.152:139 tcp
N/A 10.127.11.167:139 tcp
N/A 10.127.10.165:139 tcp
N/A 10.127.10.168:139 tcp
N/A 10.127.11.142:139 tcp
N/A 10.127.11.175:139 tcp
N/A 10.127.11.187:139 tcp
N/A 10.127.11.147:139 tcp
N/A 10.127.11.165:139 tcp
N/A 10.127.10.192:139 tcp
N/A 10.127.11.157:139 tcp
N/A 10.127.11.169:139 tcp
N/A 10.127.11.153:139 tcp
N/A 10.127.11.161:139 tcp
N/A 10.127.11.186:139 tcp
N/A 10.127.11.155:139 tcp
N/A 10.127.11.173:139 tcp
N/A 10.127.11.170:139 tcp
N/A 10.127.11.182:139 tcp
N/A 10.127.11.156:139 tcp
N/A 10.127.11.149:139 tcp
N/A 10.127.11.181:139 tcp
N/A 10.127.11.183:139 tcp
N/A 10.127.11.143:139 tcp
N/A 10.127.11.180:139 tcp
N/A 10.127.11.160:139 tcp
N/A 10.127.11.178:139 tcp
N/A 10.127.11.146:139 tcp
N/A 10.127.11.148:139 tcp
N/A 10.127.11.154:139 tcp
N/A 10.127.11.184:139 tcp
N/A 10.127.11.168:139 tcp
N/A 10.127.11.176:139 tcp
N/A 10.127.11.152:139 tcp
N/A 10.127.11.159:139 tcp
N/A 10.127.11.164:139 tcp
N/A 10.127.11.150:139 tcp
N/A 10.127.11.151:139 tcp
N/A 10.127.11.179:139 tcp
N/A 10.127.11.141:139 tcp
N/A 10.127.11.166:139 tcp
N/A 10.127.11.174:139 tcp
N/A 10.127.11.177:139 tcp
N/A 10.127.11.140:139 tcp
N/A 10.127.11.172:139 tcp
N/A 10.127.11.171:139 tcp
N/A 10.127.11.144:139 tcp
N/A 10.127.11.145:139 tcp
N/A 10.127.11.158:139 tcp
N/A 10.127.10.244:139 tcp
N/A 10.127.10.228:139 tcp
N/A 10.127.11.0:139 tcp
N/A 10.127.10.223:139 tcp
N/A 10.127.10.252:139 tcp
N/A 10.127.10.220:139 tcp
N/A 10.127.10.248:139 tcp
N/A 10.127.10.254:139 tcp
N/A 10.127.10.240:139 tcp
N/A 10.127.10.218:139 tcp
N/A 10.127.11.10:139 tcp
N/A 10.127.10.246:139 tcp
N/A 10.127.10.210:139 tcp
N/A 10.127.10.231:139 tcp
N/A 10.127.11.38:139 tcp
N/A 10.127.10.255:139 tcp
N/A 10.127.10.209:139 tcp
N/A 10.127.10.236:139 tcp
N/A 10.127.10.232:139 tcp
N/A 10.127.11.36:139 tcp
N/A 10.127.11.9:139 tcp
N/A 10.127.10.247:139 tcp
N/A 10.127.11.14:139 tcp
N/A 10.127.10.237:139 tcp
N/A 10.127.10.249:139 tcp
N/A 10.127.11.59:139 tcp
N/A 10.127.11.17:139 tcp
N/A 10.127.10.230:139 tcp
N/A 10.127.10.241:139 tcp
N/A 10.127.10.211:139 tcp
N/A 10.127.10.229:139 tcp
N/A 10.127.10.227:139 tcp
N/A 10.127.11.48:139 tcp
N/A 10.127.10.238:139 tcp
N/A 10.127.11.19:139 tcp
N/A 10.127.10.208:139 tcp
N/A 10.127.10.233:139 tcp
N/A 10.127.11.52:139 tcp
N/A 10.127.10.217:139 tcp
N/A 10.127.10.239:139 tcp
N/A 10.127.11.16:139 tcp
N/A 10.127.11.43:139 tcp
N/A 10.127.10.251:139 tcp
N/A 10.127.10.250:139 tcp
N/A 10.127.11.219:139 tcp
N/A 10.127.11.12:139 tcp
N/A 10.127.11.40:139 tcp
N/A 10.127.11.212:139 tcp
N/A 10.127.11.190:139 tcp
N/A 10.127.11.54:139 tcp
N/A 10.127.10.253:139 tcp
N/A 10.127.10.235:139 tcp
N/A 10.127.10.212:139 tcp
N/A 10.127.10.214:139 tcp
N/A 10.127.11.248:139 tcp
N/A 10.127.10.216:139 tcp
N/A 10.127.10.219:139 tcp
N/A 10.127.10.225:139 tcp
N/A 10.127.10.242:139 tcp
N/A 10.127.11.191:139 tcp
N/A 10.127.11.235:139 tcp
N/A 10.127.10.207:139 tcp
N/A 10.127.10.234:139 tcp
N/A 10.127.11.218:139 tcp
N/A 10.127.11.234:139 tcp
N/A 10.127.11.229:139 tcp
N/A 10.127.11.222:139 tcp
N/A 10.127.11.28:139 tcp
N/A 10.127.10.213:139 tcp
N/A 10.127.10.215:139 tcp
N/A 10.127.10.221:139 tcp
N/A 10.127.10.222:139 tcp
N/A 10.127.10.224:139 tcp
N/A 10.127.10.226:139 tcp
N/A 10.127.10.243:139 tcp
N/A 10.127.10.245:139 tcp
N/A 10.127.11.8:139 tcp
N/A 10.127.11.11:139 tcp
N/A 10.127.11.13:139 tcp
N/A 10.127.11.15:139 tcp
N/A 10.127.11.18:139 tcp
N/A 10.127.11.20:139 tcp
N/A 10.127.11.21:139 tcp
N/A 10.127.11.22:139 tcp
N/A 10.127.11.23:139 tcp
N/A 10.127.11.24:139 tcp
N/A 10.127.11.25:139 tcp
N/A 10.127.11.26:139 tcp
N/A 10.127.11.27:139 tcp
N/A 10.127.11.29:139 tcp
N/A 10.127.11.30:139 tcp
N/A 10.127.11.31:139 tcp
N/A 10.127.11.32:139 tcp
N/A 10.127.11.33:139 tcp
N/A 10.127.11.34:139 tcp
N/A 10.127.11.35:139 tcp
N/A 10.127.11.37:139 tcp
N/A 10.127.11.39:139 tcp
N/A 10.127.11.41:139 tcp
N/A 10.127.11.42:139 tcp
N/A 10.127.11.44:139 tcp
N/A 10.127.11.45:139 tcp
N/A 10.127.11.46:139 tcp
N/A 10.127.11.47:139 tcp
N/A 10.127.11.49:139 tcp
N/A 10.127.11.50:139 tcp
N/A 10.127.11.51:139 tcp
N/A 10.127.11.53:139 tcp
N/A 10.127.11.55:139 tcp
N/A 10.127.11.56:139 tcp
N/A 10.127.11.57:139 tcp
N/A 10.127.11.58:139 tcp
N/A 10.127.11.60:139 tcp
N/A 10.127.11.61:139 tcp
N/A 10.127.11.62:139 tcp
N/A 10.127.11.63:139 tcp
N/A 10.127.11.64:139 tcp
N/A 10.127.11.214:139 tcp
N/A 10.127.11.216:139 tcp
N/A 10.127.11.250:139 tcp
N/A 10.127.11.228:139 tcp
N/A 10.127.11.241:139 tcp
N/A 10.127.11.252:139 tcp
N/A 10.127.11.225:139 tcp
N/A 10.127.11.223:139 tcp
N/A 10.127.11.233:139 tcp
N/A 10.127.11.226:139 tcp
N/A 10.127.11.232:139 tcp
N/A 10.127.11.215:139 tcp
N/A 10.127.11.220:139 tcp
N/A 10.127.11.217:139 tcp
N/A 10.127.11.249:139 tcp
N/A 10.127.11.192:139 tcp
N/A 10.127.11.246:139 tcp
N/A 10.127.11.230:139 tcp
N/A 10.127.11.244:139 tcp
N/A 10.127.11.239:139 tcp
N/A 10.127.11.243:139 tcp
N/A 10.127.11.221:139 tcp
N/A 10.127.11.213:139 tcp
N/A 10.127.11.251:139 tcp
N/A 10.127.11.224:139 tcp
N/A 10.127.11.231:139 tcp
N/A 10.127.11.227:139 tcp
N/A 10.127.11.240:139 tcp
N/A 10.127.11.238:139 tcp
N/A 10.127.11.247:139 tcp
N/A 10.127.11.237:139 tcp
N/A 10.127.11.236:139 tcp
N/A 10.127.11.254:139 tcp
N/A 10.127.11.245:139 tcp
N/A 10.127.11.253:139 tcp
N/A 10.127.12.0:139 tcp
N/A 10.127.11.242:139 tcp
N/A 10.127.11.255:139 tcp
N/A 10.127.12.36:139 tcp
N/A 10.127.12.64:139 tcp
N/A 10.127.12.61:139 tcp
N/A 10.127.12.63:139 tcp
N/A 10.127.12.1:139 tcp
N/A 10.127.12.2:139 tcp
N/A 10.127.12.3:139 tcp
N/A 10.127.12.4:139 tcp
N/A 10.127.12.5:139 tcp
N/A 10.127.12.6:139 tcp
N/A 10.127.12.7:139 tcp
N/A 10.127.12.8:139 tcp
N/A 10.127.12.9:139 tcp
N/A 10.127.12.10:139 tcp
N/A 10.127.12.11:139 tcp
N/A 10.127.12.12:139 tcp
N/A 10.127.12.13:139 tcp
N/A 10.127.12.14:139 tcp
N/A 10.127.12.15:139 tcp
N/A 10.127.12.16:139 tcp
N/A 10.127.12.17:139 tcp
N/A 10.127.12.18:139 tcp
N/A 10.127.12.19:139 tcp
N/A 10.127.12.20:139 tcp
N/A 10.127.12.21:139 tcp
N/A 10.127.12.22:139 tcp
N/A 10.127.12.23:139 tcp
N/A 10.127.12.24:139 tcp
N/A 10.127.12.25:139 tcp
N/A 10.127.12.26:139 tcp
N/A 10.127.12.27:139 tcp
N/A 10.127.12.28:139 tcp
N/A 10.127.12.29:139 tcp
N/A 10.127.12.30:139 tcp
N/A 10.127.12.31:139 tcp
N/A 10.127.12.32:139 tcp
N/A 10.127.12.33:139 tcp
N/A 10.127.12.34:139 tcp
N/A 10.127.12.35:139 tcp
N/A 10.127.12.37:139 tcp
N/A 10.127.12.38:139 tcp
N/A 10.127.12.39:139 tcp
N/A 10.127.12.40:139 tcp
N/A 10.127.12.41:139 tcp
N/A 10.127.12.42:139 tcp
N/A 10.127.12.43:139 tcp
N/A 10.127.12.44:139 tcp
N/A 10.127.12.45:139 tcp
N/A 10.127.12.46:139 tcp
N/A 10.127.12.47:139 tcp
N/A 10.127.12.48:139 tcp
N/A 10.127.12.49:139 tcp
N/A 10.127.12.50:139 tcp
N/A 10.127.12.51:139 tcp
N/A 10.127.12.52:139 tcp
N/A 10.127.12.53:139 tcp
N/A 10.127.12.54:139 tcp
N/A 10.127.12.55:139 tcp
N/A 10.127.12.56:139 tcp
N/A 10.127.12.57:139 tcp
N/A 10.127.12.58:139 tcp
N/A 10.127.12.59:139 tcp
N/A 10.127.12.60:139 tcp
N/A 10.127.12.62:139 tcp
N/A 10.127.12.65:139 tcp
N/A 10.127.12.66:139 tcp
N/A 10.127.12.67:139 tcp
N/A 10.127.12.68:139 tcp
N/A 10.127.12.69:139 tcp
N/A 10.127.12.70:139 tcp
N/A 10.127.12.71:139 tcp
N/A 10.127.12.72:139 tcp
N/A 10.127.12.73:139 tcp
N/A 10.127.12.74:139 tcp
N/A 10.127.12.75:139 tcp
N/A 10.127.12.76:139 tcp
N/A 10.127.12.77:139 tcp
N/A 10.127.12.78:139 tcp
N/A 10.127.12.79:139 tcp
N/A 10.127.12.80:139 tcp
N/A 10.127.12.81:139 tcp
N/A 10.127.12.82:139 tcp
N/A 10.127.12.83:139 tcp
N/A 10.127.12.84:139 tcp
N/A 10.127.12.85:139 tcp
N/A 10.127.12.86:139 tcp
N/A 10.127.12.87:139 tcp
N/A 10.127.12.88:139 tcp
N/A 10.127.12.89:139 tcp
N/A 10.127.12.90:139 tcp
N/A 10.127.12.91:139 tcp
N/A 10.127.12.92:139 tcp
N/A 10.127.12.93:139 tcp
N/A 10.127.12.94:139 tcp
N/A 10.127.12.95:139 tcp
N/A 10.127.12.96:139 tcp
N/A 10.127.12.97:139 tcp
N/A 10.127.12.98:139 tcp
N/A 10.127.12.99:139 tcp
N/A 10.127.12.100:139 tcp
N/A 10.127.12.101:139 tcp
N/A 10.127.12.102:139 tcp
N/A 10.127.12.103:139 tcp
N/A 10.127.12.104:139 tcp
N/A 10.127.12.105:139 tcp
N/A 10.127.12.106:139 tcp
N/A 10.127.12.107:139 tcp
N/A 10.127.12.108:139 tcp
N/A 10.127.12.109:139 tcp
N/A 10.127.12.110:139 tcp
N/A 10.127.12.111:139 tcp
N/A 10.127.12.112:139 tcp
N/A 10.127.12.113:139 tcp
N/A 10.127.12.114:139 tcp
N/A 10.127.12.115:139 tcp
N/A 10.127.12.116:139 tcp
N/A 10.127.12.117:139 tcp
N/A 10.127.12.118:139 tcp
N/A 10.127.12.119:139 tcp
N/A 10.127.12.120:139 tcp
N/A 10.127.12.121:139 tcp
N/A 10.127.12.122:139 tcp
N/A 10.127.12.123:139 tcp
N/A 10.127.12.124:139 tcp
N/A 10.127.12.125:139 tcp
N/A 10.127.12.126:139 tcp
N/A 10.127.12.127:139 tcp
N/A 10.127.12.128:139 tcp
N/A 10.127.12.130:139 tcp
N/A 10.127.12.193:139 tcp
N/A 10.127.12.131:139 tcp
N/A 10.127.12.202:139 tcp
N/A 10.127.13.4:139 tcp
N/A 10.127.13.6:139 tcp
N/A 10.127.12.133:139 tcp
N/A 10.127.13.67:139 tcp
N/A 10.127.13.81:139 tcp
N/A 10.127.13.72:139 tcp
N/A 10.127.13.87:139 tcp
N/A 10.127.12.199:139 tcp
N/A 10.127.13.2:139 tcp
N/A 10.127.13.131:139 tcp
N/A 10.127.12.136:139 tcp
N/A 10.127.13.77:139 tcp
N/A 10.127.13.3:139 tcp
N/A 10.127.13.70:139 tcp
N/A 10.127.12.196:139 tcp
N/A 10.127.12.198:139 tcp
N/A 10.127.13.139:139 tcp
N/A 10.127.13.94:139 tcp
N/A 10.127.13.86:139 tcp
N/A 10.127.13.193:139 tcp
N/A 10.127.13.134:139 tcp
N/A 10.127.13.5:139 tcp
N/A 10.127.13.137:139 tcp
N/A 10.127.13.75:139 tcp
N/A 10.127.12.129:139 tcp
N/A 10.127.12.201:139 tcp
N/A 10.127.12.194:139 tcp
N/A 10.127.13.195:139 tcp
N/A 10.127.13.9:139 tcp
N/A 10.127.13.93:139 tcp
N/A 10.127.13.73:139 tcp
N/A 10.127.12.134:139 tcp
N/A 10.127.13.66:139 tcp
N/A 10.127.13.69:139 tcp
N/A 10.127.13.88:139 tcp
N/A 10.127.13.140:139 tcp
N/A 10.127.13.89:139 tcp
N/A 10.127.13.76:139 tcp
N/A 10.127.13.82:139 tcp
N/A 10.127.12.135:139 tcp
N/A 10.127.12.200:139 tcp
N/A 10.127.12.132:139 tcp
N/A 10.127.13.136:139 tcp
N/A 10.127.13.200:139 tcp
N/A 10.127.12.197:139 tcp
N/A 10.127.13.8:139 tcp
N/A 10.127.13.198:139 tcp
N/A 10.127.13.7:139 tcp
N/A 10.127.12.195:139 tcp
N/A 10.127.13.199:139 tcp
N/A 10.127.13.83:139 tcp
N/A 10.127.13.138:139 tcp
N/A 10.127.13.1:139 tcp
N/A 10.127.13.91:139 tcp
N/A 10.127.13.74:139 tcp
N/A 10.127.13.78:139 tcp
N/A 10.127.13.132:139 tcp
N/A 10.127.13.68:139 tcp
N/A 10.127.13.84:139 tcp
N/A 10.127.13.142:139 tcp
N/A 10.127.13.196:139 tcp
N/A 10.127.13.71:139 tcp
N/A 10.127.13.80:139 tcp
N/A 10.127.13.90:139 tcp
N/A 10.127.13.129:139 tcp
N/A 10.127.13.65:139 tcp
N/A 10.127.13.201:139 tcp
N/A 10.127.12.150:139 tcp
N/A 10.127.12.140:139 tcp
N/A 10.127.13.92:139 tcp
N/A 10.127.12.146:139 tcp
N/A 10.127.12.185:139 tcp
N/A 10.127.12.165:139 tcp
N/A 10.127.13.197:139 tcp
N/A 10.127.12.178:139 tcp
N/A 10.127.12.183:139 tcp
N/A 10.127.13.79:139 tcp
N/A 10.127.12.148:139 tcp
N/A 10.127.13.85:139 tcp
N/A 10.127.12.176:139 tcp
N/A 10.127.13.130:139 tcp
N/A 10.127.13.143:139 tcp
N/A 10.127.12.151:139 tcp
N/A 10.127.13.203:139 tcp
N/A 10.127.12.156:139 tcp
N/A 10.127.13.202:139 tcp
N/A 10.127.12.173:139 tcp
N/A 10.127.12.175:139 tcp
N/A 10.127.12.142:139 tcp
N/A 10.127.13.141:139 tcp
N/A 10.127.12.155:139 tcp
N/A 10.127.13.95:139 tcp
N/A 10.127.12.163:139 tcp
N/A 10.127.13.135:139 tcp
N/A 10.127.12.179:139 tcp
N/A 10.127.13.133:139 tcp
N/A 10.127.12.147:139 tcp
N/A 10.127.12.157:139 tcp
N/A 10.127.12.182:139 tcp
N/A 10.127.12.168:139 tcp
N/A 10.127.13.194:139 tcp
N/A 10.127.12.141:139 tcp
N/A 10.127.12.143:139 tcp
N/A 10.127.12.170:139 tcp
N/A 10.127.12.174:139 tcp
N/A 10.127.12.144:139 tcp
N/A 10.127.12.167:139 tcp
N/A 10.127.12.180:139 tcp
N/A 10.127.12.154:139 tcp
N/A 10.127.12.159:139 tcp
N/A 10.127.12.166:139 tcp
N/A 10.127.12.172:139 tcp
N/A 10.127.12.160:139 tcp
N/A 10.127.12.162:139 tcp
N/A 10.127.12.184:139 tcp
N/A 10.127.12.169:139 tcp
N/A 10.127.12.138:139 tcp
N/A 10.127.12.149:139 tcp
N/A 10.127.12.164:139 tcp
N/A 10.127.12.153:139 tcp
N/A 10.127.12.158:139 tcp
N/A 10.127.12.181:139 tcp
N/A 10.127.12.171:139 tcp
N/A 10.127.12.137:139 tcp
N/A 10.127.13.156:139 tcp
N/A 10.127.12.139:139 tcp
N/A 10.127.12.145:139 tcp
N/A 10.127.12.152:139 tcp
N/A 10.127.12.161:139 tcp
N/A 10.127.12.177:139 tcp
N/A 10.127.13.158:139 tcp
N/A 10.127.12.206:139 tcp
N/A 10.127.12.219:139 tcp
N/A 10.127.12.205:139 tcp
N/A 10.127.12.192:139 tcp
N/A 10.127.12.213:139 tcp
N/A 10.127.12.189:139 tcp
N/A 10.127.12.225:139 tcp
N/A 10.127.12.188:139 tcp
N/A 10.127.12.186:139 tcp
N/A 10.127.12.232:139 tcp
N/A 10.127.12.233:139 tcp
N/A 10.127.12.236:139 tcp
N/A 10.127.12.209:139 tcp
N/A 10.127.12.204:139 tcp
N/A 10.127.13.157:139 tcp
N/A 10.127.12.237:139 tcp
N/A 10.127.12.187:139 tcp
N/A 10.127.12.227:139 tcp
N/A 10.127.12.228:139 tcp
N/A 10.127.12.214:139 tcp
N/A 10.127.12.221:139 tcp
N/A 10.127.12.226:139 tcp
N/A 10.127.12.191:139 tcp
N/A 10.127.12.211:139 tcp
N/A 10.127.12.210:139 tcp
N/A 10.127.12.230:139 tcp
N/A 10.127.12.212:139 tcp
N/A 10.127.12.234:139 tcp
N/A 10.127.13.146:139 tcp
N/A 10.127.13.181:139 tcp
N/A 10.127.13.163:139 tcp
N/A 10.127.13.174:139 tcp
N/A 10.127.12.208:139 tcp
N/A 10.127.13.153:139 tcp
N/A 10.127.13.186:139 tcp
N/A 10.127.12.220:139 tcp
N/A 10.127.12.231:139 tcp
N/A 10.127.13.149:139 tcp
N/A 10.127.13.164:139 tcp
N/A 10.127.13.185:139 tcp
N/A 10.127.12.229:139 tcp
N/A 10.127.13.165:139 tcp
N/A 10.127.13.204:139 tcp
N/A 10.127.12.223:139 tcp
N/A 10.127.13.188:139 tcp
N/A 10.127.12.207:139 tcp
N/A 10.127.12.224:139 tcp
N/A 10.127.12.215:139 tcp
N/A 10.127.12.222:139 tcp
N/A 10.127.13.148:139 tcp
N/A 10.127.13.173:139 tcp
N/A 10.127.12.218:139 tcp
N/A 10.127.13.145:139 tcp
N/A 10.127.13.160:139 tcp
N/A 10.127.12.235:139 tcp
N/A 10.127.13.162:139 tcp
N/A 10.127.12.190:139 tcp
N/A 10.127.13.161:139 tcp
N/A 10.127.12.203:139 tcp
N/A 10.127.12.216:139 tcp
N/A 10.127.13.184:139 tcp
N/A 10.127.12.217:139 tcp
N/A 10.127.13.155:139 tcp
N/A 10.127.13.166:139 tcp
N/A 10.127.13.151:139 tcp
N/A 10.127.13.144:139 tcp
N/A 10.127.13.170:139 tcp
N/A 10.127.13.147:139 tcp
N/A 10.127.13.167:139 tcp
N/A 10.127.13.180:139 tcp
N/A 10.127.13.191:139 tcp
N/A 10.127.13.183:139 tcp
N/A 10.127.13.178:139 tcp
N/A 10.127.13.150:139 tcp
N/A 10.127.13.175:139 tcp
N/A 10.127.13.192:139 tcp
N/A 10.127.13.168:139 tcp
N/A 10.127.13.182:139 tcp
N/A 10.127.13.152:139 tcp
N/A 10.127.13.154:139 tcp
N/A 10.127.13.172:139 tcp
N/A 10.127.13.179:139 tcp
N/A 10.127.13.169:139 tcp
N/A 10.127.13.187:139 tcp
N/A 10.127.13.177:139 tcp
N/A 10.127.12.241:139 tcp
N/A 10.127.13.189:139 tcp
N/A 10.127.12.250:139 tcp
N/A 10.127.13.159:139 tcp
N/A 10.127.13.171:139 tcp
N/A 10.127.12.249:139 tcp
N/A 10.127.13.190:139 tcp
N/A 10.127.13.37:139 tcp
N/A 10.127.13.53:139 tcp
N/A 10.127.12.243:139 tcp
N/A 10.127.13.21:139 tcp
N/A 10.127.13.35:139 tcp
N/A 10.127.13.176:139 tcp
N/A 10.127.12.255:139 tcp
N/A 10.127.13.42:139 tcp
N/A 10.127.13.11:139 tcp
N/A 10.127.13.44:139 tcp
N/A 10.127.12.252:139 tcp
N/A 10.127.13.15:139 tcp
N/A 10.127.13.32:139 tcp
N/A 10.127.13.26:139 tcp
N/A 10.127.13.10:139 tcp
N/A 10.127.13.51:139 tcp
N/A 10.127.12.253:139 tcp
N/A 10.127.12.247:139 tcp
N/A 10.127.13.17:139 tcp
N/A 10.127.13.61:139 tcp
N/A 10.127.13.18:139 tcp
N/A 10.127.13.49:139 tcp
N/A 10.127.13.47:139 tcp
N/A 10.127.13.0:139 tcp
N/A 10.127.12.238:139 tcp
N/A 10.127.13.39:139 tcp
N/A 10.127.12.240:139 tcp
N/A 10.127.13.55:139 tcp
N/A 10.127.13.23:139 tcp
N/A 10.127.13.57:139 tcp
N/A 10.127.13.58:139 tcp
N/A 10.127.13.120:139 tcp
N/A 10.127.12.251:139 tcp
N/A 10.127.13.46:139 tcp
N/A 10.127.13.223:139 tcp
N/A 10.127.13.13:139 tcp
N/A 10.127.13.102:139 tcp
N/A 10.127.12.244:139 tcp
N/A 10.127.13.45:139 tcp
N/A 10.127.13.247:139 tcp
N/A 10.127.13.41:139 tcp
N/A 10.127.12.239:139 tcp
N/A 10.127.13.116:139 tcp
N/A 10.127.12.248:139 tcp
N/A 10.127.13.27:139 tcp
N/A 10.127.13.60:139 tcp
N/A 10.127.13.22:139 tcp
N/A 10.127.13.24:139 tcp
N/A 10.127.13.31:139 tcp
N/A 10.127.13.63:139 tcp
N/A 10.127.12.254:139 tcp
N/A 10.127.13.254:139 tcp
N/A 10.127.13.16:139 tcp
N/A 10.127.13.108:139 tcp
N/A 10.127.13.236:139 tcp
N/A 10.127.12.242:139 tcp
N/A 10.127.13.104:139 tcp
N/A 10.127.13.123:139 tcp
N/A 10.127.13.227:139 tcp
N/A 10.127.12.246:139 tcp
N/A 10.127.13.33:139 tcp
N/A 10.127.13.34:139 tcp
N/A 10.127.13.112:139 tcp
N/A 10.127.13.209:139 tcp
N/A 10.127.12.245:139 tcp
N/A 10.127.13.25:139 tcp
N/A 10.127.13.50:139 tcp
N/A 10.127.13.107:139 tcp
N/A 10.127.13.210:139 tcp
N/A 10.127.13.233:139 tcp
N/A 10.127.13.29:139 tcp
N/A 10.127.13.216:139 tcp
N/A 10.127.13.238:139 tcp
N/A 10.127.13.62:139 tcp
N/A 10.127.13.38:139 tcp
N/A 10.127.13.229:139 tcp
N/A 10.127.13.231:139 tcp
N/A 10.127.13.20:139 tcp
N/A 10.127.13.100:139 tcp
N/A 10.127.13.97:139 tcp
N/A 10.127.13.12:139 tcp
N/A 10.127.13.14:139 tcp
N/A 10.127.13.19:139 tcp
N/A 10.127.13.28:139 tcp
N/A 10.127.13.30:139 tcp
N/A 10.127.13.36:139 tcp
N/A 10.127.13.40:139 tcp
N/A 10.127.13.43:139 tcp
N/A 10.127.13.48:139 tcp
N/A 10.127.13.52:139 tcp
N/A 10.127.13.54:139 tcp
N/A 10.127.13.56:139 tcp
N/A 10.127.13.59:139 tcp
N/A 10.127.13.64:139 tcp
N/A 10.127.13.96:139 tcp
N/A 10.127.13.98:139 tcp
N/A 10.127.13.99:139 tcp
N/A 10.127.13.101:139 tcp
N/A 10.127.13.103:139 tcp
N/A 10.127.13.105:139 tcp
N/A 10.127.13.106:139 tcp
N/A 10.127.13.109:139 tcp
N/A 10.127.13.110:139 tcp
N/A 10.127.13.111:139 tcp
N/A 10.127.13.113:139 tcp
N/A 10.127.13.114:139 tcp
N/A 10.127.13.115:139 tcp
N/A 10.127.13.117:139 tcp
N/A 10.127.13.118:139 tcp
N/A 10.127.13.119:139 tcp
N/A 10.127.13.121:139 tcp
N/A 10.127.13.122:139 tcp
N/A 10.127.13.124:139 tcp
N/A 10.127.13.125:139 tcp
N/A 10.127.13.126:139 tcp
N/A 10.127.13.127:139 tcp
N/A 10.127.13.128:139 tcp
N/A 10.127.13.205:139 tcp
N/A 10.127.13.206:139 tcp
N/A 10.127.13.207:139 tcp
N/A 10.127.13.208:139 tcp
N/A 10.127.13.211:139 tcp
N/A 10.127.13.212:139 tcp
N/A 10.127.13.213:139 tcp
N/A 10.127.13.214:139 tcp
N/A 10.127.13.215:139 tcp
N/A 10.127.13.217:139 tcp
N/A 10.127.13.218:139 tcp
N/A 10.127.13.219:139 tcp
N/A 10.127.13.220:139 tcp
N/A 10.127.13.221:139 tcp
N/A 10.127.13.222:139 tcp
N/A 10.127.13.224:139 tcp
N/A 10.127.13.225:139 tcp
N/A 10.127.13.226:139 tcp
N/A 10.127.13.228:139 tcp
N/A 10.127.13.230:139 tcp
N/A 10.127.13.232:139 tcp
N/A 10.127.13.234:139 tcp
N/A 10.127.13.235:139 tcp
N/A 10.127.13.237:139 tcp
N/A 10.127.13.239:139 tcp
N/A 10.127.13.240:139 tcp
N/A 10.127.13.241:139 tcp
N/A 10.127.13.242:139 tcp
N/A 10.127.13.243:139 tcp
N/A 10.127.13.244:139 tcp
N/A 10.127.13.245:139 tcp
N/A 10.127.13.246:139 tcp
N/A 10.127.13.248:139 tcp
N/A 10.127.13.249:139 tcp
N/A 10.127.13.250:139 tcp
N/A 10.127.13.251:139 tcp
N/A 10.127.13.252:139 tcp
N/A 10.127.13.253:139 tcp
N/A 10.127.13.255:139 tcp
N/A 10.127.14.0:139 tcp
N/A 10.127.14.19:139 tcp
N/A 10.127.14.44:139 tcp
N/A 10.127.14.35:139 tcp
N/A 10.127.14.34:139 tcp
N/A 10.127.14.49:139 tcp
N/A 10.127.14.62:139 tcp
N/A 10.127.14.51:139 tcp
N/A 10.127.14.7:139 tcp
N/A 10.127.14.55:139 tcp
N/A 10.127.14.56:139 tcp
N/A 10.127.14.12:139 tcp
N/A 10.127.14.3:139 tcp
N/A 10.127.14.5:139 tcp
N/A 10.127.14.31:139 tcp
N/A 10.127.14.9:139 tcp
N/A 10.127.14.28:139 tcp
N/A 10.127.14.36:139 tcp
N/A 10.127.14.45:139 tcp
N/A 10.127.14.46:139 tcp
N/A 10.127.14.11:139 tcp
N/A 10.127.14.26:139 tcp
N/A 10.127.14.16:139 tcp
N/A 10.127.14.33:139 tcp
N/A 10.127.14.15:139 tcp
N/A 10.127.14.52:139 tcp
N/A 10.127.14.18:139 tcp
N/A 10.127.14.60:139 tcp
N/A 10.127.14.24:139 tcp
N/A 10.127.14.17:139 tcp
N/A 10.127.14.39:139 tcp
N/A 10.127.14.10:139 tcp
N/A 10.127.14.48:139 tcp
N/A 10.127.14.73:139 tcp
N/A 10.127.14.78:139 tcp
N/A 10.127.14.72:139 tcp
N/A 10.127.14.6:139 tcp
N/A 10.127.14.193:139 tcp
N/A 10.127.14.42:139 tcp
N/A 10.127.15.3:139 tcp
N/A 10.127.14.22:139 tcp
N/A 10.127.14.58:139 tcp
N/A 10.127.14.21:139 tcp
N/A 10.127.14.197:139 tcp
N/A 10.127.14.1:139 tcp
N/A 10.127.14.61:139 tcp
N/A 10.127.14.196:139 tcp
N/A 10.127.14.43:139 tcp
N/A 10.127.14.50:139 tcp
N/A 10.127.14.133:139 tcp
N/A 10.127.15.74:139 tcp
N/A 10.127.14.66:139 tcp
N/A 10.127.14.67:139 tcp
N/A 10.127.14.40:139 tcp
N/A 10.127.14.63:139 tcp
N/A 10.127.14.47:139 tcp
N/A 10.127.14.135:139 tcp
N/A 10.127.14.74:139 tcp
N/A 10.127.15.1:139 tcp
N/A 10.127.14.79:139 tcp
N/A 10.127.14.68:139 tcp
N/A 10.127.14.8:139 tcp
N/A 10.127.14.13:139 tcp
N/A 10.127.14.64:139 tcp
N/A 10.127.14.75:139 tcp
N/A 10.127.14.20:139 tcp
N/A 10.127.14.59:139 tcp
N/A 10.127.14.4:139 tcp
N/A 10.127.14.71:139 tcp
N/A 10.127.14.77:139 tcp
N/A 10.127.14.29:139 tcp
N/A 10.127.14.14:139 tcp
N/A 10.127.14.195:139 tcp
N/A 10.127.14.41:139 tcp
N/A 10.127.14.131:139 tcp
N/A 10.127.14.27:139 tcp
N/A 10.127.14.32:139 tcp
N/A 10.127.14.37:139 tcp
N/A 10.127.14.69:139 tcp
N/A 10.127.14.130:139 tcp
N/A 10.127.14.65:139 tcp
N/A 10.127.15.65:139 tcp
N/A 10.127.14.23:139 tcp
N/A 10.127.14.53:139 tcp
N/A 10.127.14.54:139 tcp
N/A 10.127.15.75:139 tcp
N/A 10.127.14.134:139 tcp
N/A 10.127.14.30:139 tcp
N/A 10.127.14.57:139 tcp
N/A 10.127.14.2:139 tcp
N/A 10.127.14.25:139 tcp
N/A 10.127.14.38:139 tcp
N/A 10.127.14.136:139 tcp
N/A 10.127.14.137:139 tcp
N/A 10.127.15.66:139 tcp
N/A 10.127.15.144:139 tcp
N/A 10.127.15.147:139 tcp
N/A 10.127.15.166:139 tcp
N/A 10.127.15.130:139 tcp
N/A 10.127.15.164:139 tcp
N/A 10.127.15.69:139 tcp
N/A 10.127.15.140:139 tcp
N/A 10.127.15.154:139 tcp
N/A 10.127.15.167:139 tcp
N/A 10.127.15.172:139 tcp
N/A 10.127.14.76:139 tcp
N/A 10.127.15.156:139 tcp
N/A 10.127.15.72:139 tcp
N/A 10.127.15.71:139 tcp
N/A 10.127.14.70:139 tcp
N/A 10.127.15.149:139 tcp
N/A 10.127.15.152:139 tcp
N/A 10.127.15.155:139 tcp
N/A 10.127.15.197:139 tcp
N/A 10.127.15.135:139 tcp
N/A 10.127.15.68:139 tcp
N/A 10.127.14.138:139 tcp
N/A 10.127.15.2:139 tcp
N/A 10.127.15.169:139 tcp
N/A 10.127.15.174:139 tcp
N/A 10.127.14.80:139 tcp
N/A 10.127.15.151:139 tcp
N/A 10.127.15.193:139 tcp
N/A 10.127.14.132:139 tcp
N/A 10.127.15.131:139 tcp
N/A 10.127.15.141:139 tcp
N/A 10.127.15.176:139 tcp
N/A 10.127.15.76:139 tcp
N/A 10.127.15.133:139 tcp
N/A 10.127.14.86:139 tcp
N/A 10.127.14.194:139 tcp
N/A 10.127.15.70:139 tcp
N/A 10.127.15.136:139 tcp
N/A 10.127.15.175:139 tcp
N/A 10.127.14.129:139 tcp
N/A 10.127.15.196:139 tcp
N/A 10.127.15.67:139 tcp
N/A 10.127.15.163:139 tcp
N/A 10.127.15.195:139 tcp
N/A 10.127.15.146:139 tcp
N/A 10.127.15.171:139 tcp
N/A 10.127.15.73:139 tcp
N/A 10.127.15.161:139 tcp
N/A 10.127.15.194:139 tcp
N/A 10.127.15.168:139 tcp
N/A 10.127.15.138:139 tcp
N/A 10.127.15.160:139 tcp
N/A 10.127.15.129:139 tcp
N/A 10.127.14.81:139 tcp
N/A 10.127.14.82:139 tcp
N/A 10.127.14.83:139 tcp
N/A 10.127.14.84:139 tcp
N/A 10.127.14.85:139 tcp
N/A 10.127.14.87:139 tcp
N/A 10.127.14.88:139 tcp
N/A 10.127.14.89:139 tcp
N/A 10.127.14.90:139 tcp
N/A 10.127.14.91:139 tcp
N/A 10.127.14.92:139 tcp
N/A 10.127.14.93:139 tcp
N/A 10.127.14.94:139 tcp
N/A 10.127.14.95:139 tcp
N/A 10.127.14.96:139 tcp
N/A 10.127.14.97:139 tcp
N/A 10.127.14.98:139 tcp
N/A 10.127.14.99:139 tcp
N/A 10.127.14.100:139 tcp
N/A 10.127.14.101:139 tcp
N/A 10.127.14.102:139 tcp
N/A 10.127.14.103:139 tcp
N/A 10.127.14.104:139 tcp
N/A 10.127.14.105:139 tcp
N/A 10.127.14.106:139 tcp
N/A 10.127.14.107:139 tcp
N/A 10.127.14.108:139 tcp
N/A 10.127.14.109:139 tcp
N/A 10.127.14.110:139 tcp
N/A 10.127.14.111:139 tcp
N/A 10.127.14.112:139 tcp
N/A 10.127.14.113:139 tcp
N/A 10.127.14.114:139 tcp
N/A 10.127.14.115:139 tcp
N/A 10.127.14.116:139 tcp
N/A 10.127.14.117:139 tcp
N/A 10.127.14.118:139 tcp
N/A 10.127.14.119:139 tcp
N/A 10.127.14.120:139 tcp
N/A 10.127.14.121:139 tcp
N/A 10.127.14.122:139 tcp
N/A 10.127.14.123:139 tcp
N/A 10.127.14.124:139 tcp
N/A 10.127.14.125:139 tcp
N/A 10.127.14.126:139 tcp
N/A 10.127.14.127:139 tcp
N/A 10.127.14.128:139 tcp
N/A 10.127.14.139:139 tcp
N/A 10.127.14.140:139 tcp
N/A 10.127.14.141:139 tcp
N/A 10.127.14.142:139 tcp
N/A 10.127.14.143:139 tcp
N/A 10.127.14.144:139 tcp
N/A 10.127.14.145:139 tcp
N/A 10.127.14.146:139 tcp
N/A 10.127.14.147:139 tcp
N/A 10.127.14.148:139 tcp
N/A 10.127.14.149:139 tcp
N/A 10.127.14.150:139 tcp
N/A 10.127.14.151:139 tcp
N/A 10.127.14.152:139 tcp
N/A 10.127.14.153:139 tcp
N/A 10.127.14.154:139 tcp
N/A 10.127.14.155:139 tcp
N/A 10.127.14.156:139 tcp
N/A 10.127.14.157:139 tcp
N/A 10.127.14.158:139 tcp
N/A 10.127.14.159:139 tcp
N/A 10.127.14.160:139 tcp
N/A 10.127.14.161:139 tcp
N/A 10.127.14.162:139 tcp
N/A 10.127.14.163:139 tcp
N/A 10.127.14.164:139 tcp
N/A 10.127.14.165:139 tcp
N/A 10.127.14.166:139 tcp
N/A 10.127.14.167:139 tcp
N/A 10.127.14.168:139 tcp
N/A 10.127.14.169:139 tcp
N/A 10.127.14.170:139 tcp
N/A 10.127.14.171:139 tcp
N/A 10.127.14.172:139 tcp
N/A 10.127.14.173:139 tcp
N/A 10.127.14.174:139 tcp
N/A 10.127.14.175:139 tcp
N/A 10.127.14.176:139 tcp
N/A 10.127.14.177:139 tcp
N/A 10.127.14.178:139 tcp
N/A 10.127.14.179:139 tcp
N/A 10.127.14.180:139 tcp
N/A 10.127.14.181:139 tcp
N/A 10.127.14.182:139 tcp
N/A 10.127.14.183:139 tcp
N/A 10.127.14.184:139 tcp
N/A 10.127.14.185:139 tcp
N/A 10.127.14.186:139 tcp
N/A 10.127.14.187:139 tcp
N/A 10.127.14.188:139 tcp
N/A 10.127.14.189:139 tcp
N/A 10.127.14.190:139 tcp
N/A 10.127.14.191:139 tcp
N/A 10.127.14.192:139 tcp
N/A 10.127.14.198:139 tcp
N/A 10.127.14.199:139 tcp
N/A 10.127.14.200:139 tcp
N/A 10.127.14.201:139 tcp
N/A 10.127.14.202:139 tcp
N/A 10.127.14.203:139 tcp
N/A 10.127.14.204:139 tcp
N/A 10.127.14.205:139 tcp
N/A 10.127.14.206:139 tcp
N/A 10.127.14.207:139 tcp
N/A 10.127.14.208:139 tcp
N/A 10.127.14.209:139 tcp
N/A 10.127.14.210:139 tcp
N/A 10.127.14.211:139 tcp
N/A 10.127.14.212:139 tcp
N/A 10.127.14.213:139 tcp
N/A 10.127.14.214:139 tcp
N/A 10.127.14.215:139 tcp
N/A 10.127.14.216:139 tcp
N/A 10.127.14.217:139 tcp
N/A 10.127.14.218:139 tcp
N/A 10.127.14.219:139 tcp
N/A 10.127.14.220:139 tcp
N/A 10.127.14.221:139 tcp
N/A 10.127.14.222:139 tcp
N/A 10.127.14.223:139 tcp
N/A 10.127.14.224:139 tcp
N/A 10.127.14.225:139 tcp
N/A 10.127.14.226:139 tcp
N/A 10.127.14.227:139 tcp
N/A 10.127.14.228:139 tcp
N/A 10.127.14.229:139 tcp
N/A 10.127.14.230:139 tcp
N/A 10.127.14.231:139 tcp
N/A 10.127.14.232:139 tcp
N/A 10.127.14.233:139 tcp
N/A 10.127.14.234:139 tcp
N/A 10.127.14.235:139 tcp
N/A 10.127.14.236:139 tcp
N/A 10.127.14.237:139 tcp
N/A 10.127.14.238:139 tcp
N/A 10.127.14.239:139 tcp
N/A 10.127.14.240:139 tcp
N/A 10.127.14.241:139 tcp
N/A 10.127.14.242:139 tcp
N/A 10.127.14.243:139 tcp
N/A 10.127.14.244:139 tcp
N/A 10.127.14.245:139 tcp
N/A 10.127.14.246:139 tcp
N/A 10.127.14.247:139 tcp
N/A 10.127.14.248:139 tcp
N/A 10.127.14.249:139 tcp
N/A 10.127.14.250:139 tcp
N/A 10.127.14.251:139 tcp
N/A 10.127.14.252:139 tcp
N/A 10.127.14.253:139 tcp
N/A 10.127.14.254:139 tcp
N/A 10.127.14.255:139 tcp
N/A 10.127.15.0:139 tcp
N/A 10.127.15.4:139 tcp
N/A 10.127.15.5:139 tcp
N/A 10.127.15.6:139 tcp
N/A 10.127.15.7:139 tcp
N/A 10.127.15.8:139 tcp
N/A 10.127.15.9:139 tcp
N/A 10.127.15.10:139 tcp
N/A 10.127.15.11:139 tcp
N/A 10.127.15.12:139 tcp
N/A 10.127.15.13:139 tcp
N/A 10.127.15.14:139 tcp
N/A 10.127.15.15:139 tcp
N/A 10.127.15.16:139 tcp
N/A 10.127.15.17:139 tcp
N/A 10.127.15.18:139 tcp
N/A 10.127.15.19:139 tcp
N/A 10.127.15.20:139 tcp
N/A 10.127.15.21:139 tcp
N/A 10.127.15.22:139 tcp
N/A 10.127.15.23:139 tcp
N/A 10.127.15.24:139 tcp
N/A 10.127.15.25:139 tcp
N/A 10.127.15.26:139 tcp
N/A 10.127.15.27:139 tcp
N/A 10.127.15.28:139 tcp
N/A 10.127.15.29:139 tcp
N/A 10.127.15.30:139 tcp
N/A 10.127.15.31:139 tcp
N/A 10.127.15.32:139 tcp
N/A 10.127.15.33:139 tcp
N/A 10.127.15.34:139 tcp
N/A 10.127.15.35:139 tcp
N/A 10.127.15.36:139 tcp
N/A 10.127.15.37:139 tcp
N/A 10.127.15.38:139 tcp
N/A 10.127.15.39:139 tcp
N/A 10.127.15.40:139 tcp
N/A 10.127.15.41:139 tcp
N/A 10.127.15.42:139 tcp
N/A 10.127.15.43:139 tcp
N/A 10.127.15.44:139 tcp
N/A 10.127.15.45:139 tcp
N/A 10.127.15.46:139 tcp
N/A 10.127.15.47:139 tcp
N/A 10.127.15.48:139 tcp
N/A 10.127.15.49:139 tcp
N/A 10.127.15.50:139 tcp
N/A 10.127.15.51:139 tcp
N/A 10.127.15.52:139 tcp
N/A 10.127.15.53:139 tcp
N/A 10.127.15.54:139 tcp
N/A 10.127.15.55:139 tcp
N/A 10.127.15.56:139 tcp
N/A 10.127.15.57:139 tcp
N/A 10.127.15.58:139 tcp
N/A 10.127.15.59:139 tcp
N/A 10.127.15.60:139 tcp
N/A 10.127.15.61:139 tcp
N/A 10.127.15.62:139 tcp
N/A 10.127.15.63:139 tcp
N/A 10.127.15.64:139 tcp
N/A 10.127.15.77:139 tcp
N/A 10.127.15.78:139 tcp
N/A 10.127.15.79:139 tcp
N/A 10.127.15.80:139 tcp
N/A 10.127.15.81:139 tcp
N/A 10.127.15.82:139 tcp
N/A 10.127.15.83:139 tcp
N/A 10.127.15.84:139 tcp
N/A 10.127.15.85:139 tcp
N/A 10.127.15.86:139 tcp
N/A 10.127.15.87:139 tcp
N/A 10.127.15.88:139 tcp
N/A 10.127.15.89:139 tcp
N/A 10.127.15.90:139 tcp
N/A 10.127.15.91:139 tcp
N/A 10.127.15.92:139 tcp
N/A 10.127.15.93:139 tcp
N/A 10.127.15.94:139 tcp
N/A 10.127.15.95:139 tcp
N/A 10.127.15.96:139 tcp
N/A 10.127.15.97:139 tcp
N/A 10.127.15.98:139 tcp
N/A 10.127.15.99:139 tcp
N/A 10.127.15.100:139 tcp
N/A 10.127.15.101:139 tcp
N/A 10.127.15.102:139 tcp
N/A 10.127.15.103:139 tcp
N/A 10.127.15.104:139 tcp
N/A 10.127.15.105:139 tcp
N/A 10.127.15.106:139 tcp
N/A 10.127.15.107:139 tcp
N/A 10.127.15.108:139 tcp
N/A 10.127.15.109:139 tcp
N/A 10.127.15.110:139 tcp
N/A 10.127.15.111:139 tcp
N/A 10.127.15.112:139 tcp
N/A 10.127.15.113:139 tcp
N/A 10.127.15.114:139 tcp
N/A 10.127.15.115:139 tcp
N/A 10.127.15.116:139 tcp
N/A 10.127.15.117:139 tcp
N/A 10.127.15.118:139 tcp
N/A 10.127.15.119:139 tcp
N/A 10.127.15.247:139 tcp
N/A 10.127.15.120:139 tcp
N/A 10.127.15.121:139 tcp
N/A 10.127.15.122:139 tcp
N/A 10.127.15.123:139 tcp
N/A 10.127.15.124:139 tcp
N/A 10.127.15.125:139 tcp
N/A 10.127.15.126:139 tcp
N/A 10.127.15.127:139 tcp
N/A 10.127.15.128:139 tcp
N/A 10.127.15.132:139 tcp
N/A 10.127.15.134:139 tcp
N/A 10.127.15.137:139 tcp
N/A 10.127.15.139:139 tcp
N/A 10.127.15.142:139 tcp
N/A 10.127.15.143:139 tcp
N/A 10.127.15.145:139 tcp
N/A 10.127.15.148:139 tcp
N/A 10.127.15.150:139 tcp
N/A 10.127.15.153:139 tcp
N/A 10.127.15.157:139 tcp
N/A 10.127.15.158:139 tcp
N/A 10.127.15.159:139 tcp
N/A 10.127.15.162:139 tcp
N/A 10.127.15.165:139 tcp
N/A 10.127.15.170:139 tcp
N/A 10.127.15.173:139 tcp
N/A 10.127.15.177:139 tcp
N/A 10.127.15.178:139 tcp
N/A 10.127.15.179:139 tcp
N/A 10.127.15.180:139 tcp
N/A 10.127.15.181:139 tcp
N/A 10.127.15.182:139 tcp
N/A 10.127.15.183:139 tcp
N/A 10.127.15.184:139 tcp
N/A 10.127.15.185:139 tcp
N/A 10.127.15.186:139 tcp
N/A 10.127.15.187:139 tcp
N/A 10.127.15.188:139 tcp
N/A 10.127.15.189:139 tcp
N/A 10.127.15.190:139 tcp
N/A 10.127.15.191:139 tcp
N/A 10.127.15.192:139 tcp
N/A 10.127.15.198:139 tcp
N/A 10.127.15.199:139 tcp
N/A 10.127.15.200:139 tcp
N/A 10.127.15.201:139 tcp
N/A 10.127.15.202:139 tcp
N/A 10.127.15.203:139 tcp
N/A 10.127.15.204:139 tcp
N/A 10.127.15.205:139 tcp
N/A 10.127.15.206:139 tcp
N/A 10.127.15.207:139 tcp
N/A 10.127.15.208:139 tcp
N/A 10.127.15.209:139 tcp
N/A 10.127.15.210:139 tcp
N/A 10.127.15.211:139 tcp
N/A 10.127.15.212:139 tcp
N/A 10.127.15.213:139 tcp
N/A 10.127.15.214:139 tcp
N/A 10.127.15.215:139 tcp
N/A 10.127.15.216:139 tcp
N/A 10.127.15.217:139 tcp
N/A 10.127.15.218:139 tcp
N/A 10.127.15.219:139 tcp
N/A 10.127.15.220:139 tcp
N/A 10.127.15.221:139 tcp
N/A 10.127.15.222:139 tcp
N/A 10.127.15.223:139 tcp
N/A 10.127.15.224:139 tcp
N/A 10.127.15.225:139 tcp
N/A 10.127.15.226:139 tcp
N/A 10.127.15.227:139 tcp
N/A 10.127.15.228:139 tcp
N/A 10.127.15.229:139 tcp
N/A 10.127.15.230:139 tcp
N/A 10.127.15.231:139 tcp
N/A 10.127.15.232:139 tcp
N/A 10.127.15.233:139 tcp
N/A 10.127.15.234:139 tcp
N/A 10.127.15.235:139 tcp
N/A 10.127.15.236:139 tcp
N/A 10.127.15.237:139 tcp
N/A 10.127.15.238:139 tcp
N/A 10.127.15.239:139 tcp
N/A 10.127.15.240:139 tcp
N/A 10.127.15.241:139 tcp
N/A 10.127.15.242:139 tcp
N/A 10.127.15.243:139 tcp
N/A 10.127.15.244:139 tcp
N/A 10.127.15.245:139 tcp
N/A 10.127.15.246:139 tcp
N/A 10.127.15.248:139 tcp
N/A 10.127.15.249:139 tcp
N/A 10.127.15.250:139 tcp
N/A 10.127.15.251:139 tcp
N/A 10.127.15.252:139 tcp
N/A 10.127.15.253:139 tcp
N/A 10.127.15.254:139 tcp
N/A 10.127.15.255:139 tcp
N/A 10.127.16.0:139 tcp
N/A 10.127.16.1:139 tcp
N/A 10.127.16.2:139 tcp
N/A 10.127.16.3:139 tcp
N/A 10.127.16.4:139 tcp
N/A 10.127.16.5:139 tcp
N/A 10.127.16.6:139 tcp
N/A 10.127.16.7:139 tcp
N/A 10.127.16.8:139 tcp
N/A 10.127.16.9:139 tcp
N/A 10.127.16.10:139 tcp
N/A 10.127.16.11:139 tcp
N/A 10.127.16.12:139 tcp
N/A 10.127.16.13:139 tcp
N/A 10.127.16.14:139 tcp
N/A 10.127.16.15:139 tcp
N/A 10.127.16.16:139 tcp
N/A 10.127.16.17:139 tcp
N/A 10.127.16.18:139 tcp
N/A 10.127.16.19:139 tcp
N/A 10.127.16.20:139 tcp
N/A 10.127.16.21:139 tcp
N/A 10.127.16.22:139 tcp
N/A 10.127.16.23:139 tcp
N/A 10.127.16.24:139 tcp
N/A 10.127.16.25:139 tcp
N/A 10.127.16.26:139 tcp
N/A 10.127.16.27:139 tcp
N/A 10.127.16.28:139 tcp
N/A 10.127.16.29:139 tcp
N/A 10.127.16.30:139 tcp
N/A 10.127.16.31:139 tcp
N/A 10.127.16.32:139 tcp
N/A 10.127.16.33:139 tcp
N/A 10.127.16.34:139 tcp
N/A 10.127.16.35:139 tcp
N/A 10.127.16.36:139 tcp
N/A 10.127.16.37:139 tcp
N/A 10.127.16.38:139 tcp
N/A 10.127.16.39:139 tcp
N/A 10.127.16.40:139 tcp
N/A 10.127.16.41:139 tcp
N/A 10.127.16.42:139 tcp
N/A 10.127.16.43:139 tcp
N/A 10.127.16.44:139 tcp
N/A 10.127.16.45:139 tcp
N/A 10.127.16.46:139 tcp
N/A 10.127.16.47:139 tcp
N/A 10.127.16.48:139 tcp
N/A 10.127.16.49:139 tcp
N/A 10.127.16.50:139 tcp
N/A 10.127.16.51:139 tcp
N/A 10.127.16.52:139 tcp
N/A 10.127.16.53:139 tcp
N/A 10.127.16.54:139 tcp
N/A 10.127.16.55:139 tcp
N/A 10.127.16.56:139 tcp
N/A 10.127.16.57:139 tcp
N/A 10.127.16.58:139 tcp
N/A 10.127.16.59:139 tcp
N/A 10.127.16.60:139 tcp
N/A 10.127.16.61:139 tcp
N/A 10.127.16.62:139 tcp
N/A 10.127.16.63:139 tcp
N/A 10.127.16.64:139 tcp
N/A 10.127.16.137:139 tcp
N/A 10.127.16.134:139 tcp
N/A 10.127.16.146:139 tcp
N/A 10.127.16.144:139 tcp
N/A 10.127.16.149:139 tcp
N/A 10.127.16.139:139 tcp
N/A 10.127.16.142:139 tcp
N/A 10.127.16.148:139 tcp
N/A 10.127.16.65:139 tcp
N/A 10.127.16.70:139 tcp
N/A 10.127.16.69:139 tcp
N/A 10.127.16.71:139 tcp
N/A 10.127.16.212:139 tcp
N/A 10.127.17.78:139 tcp
N/A 10.127.16.132:139 tcp
N/A 10.127.16.66:139 tcp
N/A 10.127.16.67:139 tcp
N/A 10.127.17.1:139 tcp
N/A 10.127.17.72:139 tcp
N/A 10.127.17.73:139 tcp
N/A 10.127.17.132:139 tcp
N/A 10.127.16.140:139 tcp
N/A 10.127.16.129:139 tcp
N/A 10.127.16.141:139 tcp
N/A 10.127.16.143:139 tcp
N/A 10.127.17.199:139 tcp
N/A 10.127.17.197:139 tcp
N/A 10.127.17.204:139 tcp
N/A 10.127.17.4:139 tcp
N/A 10.127.17.71:139 tcp
N/A 10.127.16.213:139 tcp
N/A 10.127.17.201:139 tcp
N/A 10.127.16.136:139 tcp
N/A 10.127.16.193:139 tcp
N/A 10.127.17.3:139 tcp
N/A 10.127.16.131:139 tcp
N/A 10.127.17.65:139 tcp
N/A 10.127.17.74:139 tcp
N/A 10.127.17.130:139 tcp
N/A 10.127.17.131:139 tcp
N/A 10.127.16.194:139 tcp
N/A 10.127.17.77:139 tcp
N/A 10.127.17.198:139 tcp
N/A 10.127.16.130:139 tcp
N/A 10.127.17.70:139 tcp
N/A 10.127.17.5:139 tcp
N/A 10.127.17.2:139 tcp
N/A 10.127.17.76:139 tcp
N/A 10.127.16.145:139 tcp
N/A 10.127.16.178:139 tcp
N/A 10.127.16.138:139 tcp
N/A 10.127.16.133:139 tcp
N/A 10.127.17.75:139 tcp
N/A 10.127.16.199:139 tcp
N/A 10.127.16.147:139 tcp
N/A 10.127.16.68:139 tcp
N/A 10.127.17.129:139 tcp
N/A 10.127.16.172:139 tcp
N/A 10.127.16.182:139 tcp
N/A 10.127.17.80:139 tcp
N/A 10.127.16.155:139 tcp
N/A 10.127.16.174:139 tcp
N/A 10.127.17.195:139 tcp
N/A 10.127.16.135:139 tcp
N/A 10.127.16.166:139 tcp
N/A 10.127.17.196:139 tcp
N/A 10.127.17.205:139 tcp
N/A 10.127.16.150:139 tcp
N/A 10.127.17.193:139 tcp
N/A 10.127.17.200:139 tcp
N/A 10.127.16.165:139 tcp
N/A 10.127.17.206:139 tcp
N/A 10.127.16.177:139 tcp
N/A 10.127.17.208:139 tcp
N/A 10.127.16.161:139 tcp
N/A 10.127.17.67:139 tcp
N/A 10.127.17.69:139 tcp
N/A 10.127.17.66:139 tcp
N/A 10.127.17.68:139 tcp
N/A 10.127.16.156:139 tcp
N/A 10.127.17.79:139 tcp
N/A 10.127.17.209:139 tcp
N/A 10.127.16.157:139 tcp
N/A 10.127.17.207:139 tcp
N/A 10.127.17.202:139 tcp
N/A 10.127.16.171:139 tcp
N/A 10.127.16.175:139 tcp
N/A 10.127.16.159:139 tcp
N/A 10.127.16.181:139 tcp
N/A 10.127.16.158:139 tcp
N/A 10.127.17.203:139 tcp
N/A 10.127.16.198:139 tcp
N/A 10.127.16.179:139 tcp
N/A 10.127.16.151:139 tcp
N/A 10.127.16.152:139 tcp
N/A 10.127.16.153:139 tcp
N/A 10.127.16.154:139 tcp
N/A 10.127.16.160:139 tcp
N/A 10.127.16.162:139 tcp
N/A 10.127.16.163:139 tcp
N/A 10.127.16.164:139 tcp
N/A 10.127.16.167:139 tcp
N/A 10.127.16.168:139 tcp
N/A 10.127.16.169:139 tcp
N/A 10.127.16.170:139 tcp
N/A 10.127.16.173:139 tcp
N/A 10.127.16.176:139 tcp
N/A 10.127.16.180:139 tcp
N/A 10.127.16.183:139 tcp
N/A 10.127.16.184:139 tcp
N/A 10.127.16.185:139 tcp
N/A 10.127.16.186:139 tcp
N/A 10.127.16.187:139 tcp
N/A 10.127.16.188:139 tcp
N/A 10.127.16.189:139 tcp
N/A 10.127.16.190:139 tcp
N/A 10.127.16.191:139 tcp
N/A 10.127.16.192:139 tcp
N/A 10.127.16.195:139 tcp
N/A 10.127.16.196:139 tcp
N/A 10.127.16.197:139 tcp
N/A 10.127.16.200:139 tcp
N/A 10.127.16.201:139 tcp
N/A 10.127.16.202:139 tcp
N/A 10.127.16.203:139 tcp
N/A 10.127.16.204:139 tcp
N/A 10.127.16.205:139 tcp
N/A 10.127.16.206:139 tcp
N/A 10.127.16.207:139 tcp
N/A 10.127.16.208:139 tcp
N/A 10.127.16.209:139 tcp
N/A 10.127.16.210:139 tcp
N/A 10.127.16.211:139 tcp
N/A 10.127.16.214:139 tcp
N/A 10.127.16.215:139 tcp
N/A 10.127.16.216:139 tcp
N/A 10.127.16.217:139 tcp
N/A 10.127.16.218:139 tcp
N/A 10.127.16.219:139 tcp
N/A 10.127.16.220:139 tcp
N/A 10.127.16.221:139 tcp
N/A 10.127.16.222:139 tcp
N/A 10.127.16.223:139 tcp
N/A 10.127.16.224:139 tcp
N/A 10.127.16.225:139 tcp
N/A 10.127.16.226:139 tcp
N/A 10.127.16.227:139 tcp
N/A 10.127.16.228:139 tcp
N/A 10.127.16.229:139 tcp
N/A 10.127.16.230:139 tcp
N/A 10.127.16.231:139 tcp
N/A 10.127.16.232:139 tcp
N/A 10.127.16.233:139 tcp
N/A 10.127.16.234:139 tcp
N/A 10.127.16.235:139 tcp
N/A 10.127.16.236:139 tcp
N/A 10.127.16.237:139 tcp
N/A 10.127.16.238:139 tcp
N/A 10.127.16.239:139 tcp
N/A 10.127.16.240:139 tcp
N/A 10.127.16.241:139 tcp
N/A 10.127.16.242:139 tcp
N/A 10.127.16.243:139 tcp
N/A 10.127.16.244:139 tcp
N/A 10.127.16.245:139 tcp
N/A 10.127.16.246:139 tcp
N/A 10.127.16.247:139 tcp
N/A 10.127.16.248:139 tcp
N/A 10.127.16.249:139 tcp
N/A 10.127.16.250:139 tcp
N/A 10.127.16.251:139 tcp
N/A 10.127.16.252:139 tcp
N/A 10.127.16.253:139 tcp
N/A 10.127.16.254:139 tcp
N/A 10.127.16.255:139 tcp
N/A 10.127.17.0:139 tcp
N/A 10.127.16.72:139 tcp
N/A 10.127.16.73:139 tcp
N/A 10.127.16.74:139 tcp
N/A 10.127.16.75:139 tcp
N/A 10.127.16.76:139 tcp
N/A 10.127.16.77:139 tcp
N/A 10.127.16.78:139 tcp
N/A 10.127.16.79:139 tcp
N/A 10.127.16.80:139 tcp
N/A 10.127.16.81:139 tcp
N/A 10.127.16.82:139 tcp
N/A 10.127.16.83:139 tcp
N/A 10.127.16.84:139 tcp
N/A 10.127.16.85:139 tcp
N/A 10.127.16.86:139 tcp
N/A 10.127.16.87:139 tcp
N/A 10.127.16.88:139 tcp
N/A 10.127.16.89:139 tcp
N/A 10.127.16.90:139 tcp
N/A 10.127.16.91:139 tcp
N/A 10.127.16.92:139 tcp
N/A 10.127.16.93:139 tcp
N/A 10.127.16.94:139 tcp
N/A 10.127.16.95:139 tcp
N/A 10.127.16.96:139 tcp
N/A 10.127.16.97:139 tcp
N/A 10.127.16.98:139 tcp
N/A 10.127.16.99:139 tcp
N/A 10.127.16.100:139 tcp
N/A 10.127.16.101:139 tcp
N/A 10.127.16.102:139 tcp
N/A 10.127.16.103:139 tcp
N/A 10.127.16.104:139 tcp
N/A 10.127.16.105:139 tcp
N/A 10.127.16.106:139 tcp
N/A 10.127.16.107:139 tcp
N/A 10.127.16.108:139 tcp
N/A 10.127.16.109:139 tcp
N/A 10.127.16.110:139 tcp
N/A 10.127.16.111:139 tcp
N/A 10.127.16.112:139 tcp
N/A 10.127.16.113:139 tcp
N/A 10.127.16.114:139 tcp
N/A 10.127.16.115:139 tcp
N/A 10.127.16.116:139 tcp
N/A 10.127.16.117:139 tcp
N/A 10.127.16.118:139 tcp
N/A 10.127.16.119:139 tcp
N/A 10.127.16.120:139 tcp
N/A 10.127.16.121:139 tcp
N/A 10.127.16.122:139 tcp
N/A 10.127.16.123:139 tcp
N/A 10.127.16.124:139 tcp
N/A 10.127.16.125:139 tcp
N/A 10.127.16.126:139 tcp
N/A 10.127.16.127:139 tcp
N/A 10.127.16.128:139 tcp
N/A 10.127.17.6:139 tcp
N/A 10.127.17.7:139 tcp
N/A 10.127.17.8:139 tcp
N/A 10.127.17.9:139 tcp
N/A 10.127.17.10:139 tcp
N/A 10.127.17.11:139 tcp
N/A 10.127.17.12:139 tcp
N/A 10.127.17.13:139 tcp
N/A 10.127.17.14:139 tcp
N/A 10.127.17.15:139 tcp
N/A 10.127.17.16:139 tcp
N/A 10.127.17.17:139 tcp
N/A 10.127.17.18:139 tcp
N/A 10.127.17.19:139 tcp
N/A 10.127.17.20:139 tcp
N/A 10.127.17.21:139 tcp
N/A 10.127.17.22:139 tcp
N/A 10.127.17.23:139 tcp
N/A 10.127.17.24:139 tcp
N/A 10.127.17.25:139 tcp
N/A 10.127.17.26:139 tcp
N/A 10.127.17.27:139 tcp
N/A 10.127.17.28:139 tcp
N/A 10.127.17.29:139 tcp
N/A 10.127.17.30:139 tcp
N/A 10.127.17.31:139 tcp
N/A 10.127.17.32:139 tcp
N/A 10.127.17.33:139 tcp
N/A 10.127.17.34:139 tcp
N/A 10.127.17.35:139 tcp
N/A 10.127.17.36:139 tcp
N/A 10.127.17.37:139 tcp
N/A 10.127.17.38:139 tcp
N/A 10.127.17.39:139 tcp
N/A 10.127.17.40:139 tcp
N/A 10.127.17.41:139 tcp
N/A 10.127.17.42:139 tcp
N/A 10.127.17.43:139 tcp
N/A 10.127.17.44:139 tcp
N/A 10.127.17.45:139 tcp
N/A 10.127.17.46:139 tcp
N/A 10.127.17.47:139 tcp
N/A 10.127.17.48:139 tcp
N/A 10.127.17.49:139 tcp
N/A 10.127.17.50:139 tcp
N/A 10.127.17.51:139 tcp
N/A 10.127.17.52:139 tcp
N/A 10.127.17.53:139 tcp
N/A 10.127.17.54:139 tcp
N/A 10.127.17.55:139 tcp
N/A 10.127.17.56:139 tcp
N/A 10.127.17.57:139 tcp
N/A 10.127.17.58:139 tcp
N/A 10.127.17.59:139 tcp
N/A 10.127.17.60:139 tcp
N/A 10.127.17.61:139 tcp
N/A 10.127.17.62:139 tcp
N/A 10.127.17.63:139 tcp
N/A 10.127.17.64:139 tcp
N/A 10.127.17.81:139 tcp
N/A 10.127.17.82:139 tcp
N/A 10.127.17.83:139 tcp
N/A 10.127.17.84:139 tcp
N/A 10.127.17.85:139 tcp
N/A 10.127.17.86:139 tcp
N/A 10.127.17.87:139 tcp
N/A 10.127.17.88:139 tcp
N/A 10.127.17.89:139 tcp
N/A 10.127.17.90:139 tcp
N/A 10.127.17.91:139 tcp
N/A 10.127.17.92:139 tcp
N/A 10.127.17.93:139 tcp
N/A 10.127.17.94:139 tcp
N/A 10.127.17.95:139 tcp
N/A 10.127.17.96:139 tcp
N/A 10.127.17.97:139 tcp
N/A 10.127.17.98:139 tcp
N/A 10.127.17.99:139 tcp
N/A 10.127.17.100:139 tcp
N/A 10.127.17.101:139 tcp
N/A 10.127.17.102:139 tcp
N/A 10.127.17.103:139 tcp
N/A 10.127.17.104:139 tcp
N/A 10.127.17.105:139 tcp
N/A 10.127.17.106:139 tcp
N/A 10.127.17.107:139 tcp
N/A 10.127.17.108:139 tcp
N/A 10.127.17.109:139 tcp
N/A 10.127.17.110:139 tcp
N/A 10.127.17.111:139 tcp
N/A 10.127.17.112:139 tcp
N/A 10.127.17.113:139 tcp
N/A 10.127.17.114:139 tcp
N/A 10.127.17.115:139 tcp
N/A 10.127.17.116:139 tcp
N/A 10.127.17.117:139 tcp
N/A 10.127.17.118:139 tcp
N/A 10.127.17.119:139 tcp
N/A 10.127.17.120:139 tcp
N/A 10.127.17.121:139 tcp
N/A 10.127.17.122:139 tcp
N/A 10.127.17.123:139 tcp
N/A 10.127.17.124:139 tcp
N/A 10.127.17.125:139 tcp
N/A 10.127.17.126:139 tcp
N/A 10.127.17.127:139 tcp
N/A 10.127.17.128:139 tcp
N/A 10.127.17.133:139 tcp
N/A 10.127.17.134:139 tcp
N/A 10.127.17.135:139 tcp
N/A 10.127.17.136:139 tcp
N/A 10.127.17.137:139 tcp
N/A 10.127.17.138:139 tcp
N/A 10.127.17.139:139 tcp
N/A 10.127.17.140:139 tcp
N/A 10.127.17.141:139 tcp
N/A 10.127.17.142:139 tcp
N/A 10.127.17.143:139 tcp
N/A 10.127.17.144:139 tcp
N/A 10.127.17.145:139 tcp
N/A 10.127.17.146:139 tcp
N/A 10.127.17.147:139 tcp
N/A 10.127.17.148:139 tcp
N/A 10.127.17.149:139 tcp
N/A 10.127.17.150:139 tcp
N/A 10.127.17.151:139 tcp
N/A 10.127.17.152:139 tcp
N/A 10.127.17.153:139 tcp
N/A 10.127.17.154:139 tcp
N/A 10.127.17.155:139 tcp
N/A 10.127.17.156:139 tcp
N/A 10.127.17.157:139 tcp
N/A 10.127.17.158:139 tcp
N/A 10.127.17.159:139 tcp
N/A 10.127.17.160:139 tcp
N/A 10.127.17.161:139 tcp
N/A 10.127.17.162:139 tcp
N/A 10.127.17.163:139 tcp
N/A 10.127.17.164:139 tcp
N/A 10.127.17.165:139 tcp
N/A 10.127.17.166:139 tcp
N/A 10.127.17.167:139 tcp
N/A 10.127.17.168:139 tcp
N/A 10.127.17.169:139 tcp
N/A 10.127.17.170:139 tcp
N/A 10.127.17.171:139 tcp
N/A 10.127.17.172:139 tcp
N/A 10.127.17.173:139 tcp
N/A 10.127.17.174:139 tcp
N/A 10.127.17.175:139 tcp
N/A 10.127.17.176:139 tcp
N/A 10.127.17.177:139 tcp
N/A 10.127.17.178:139 tcp
N/A 10.127.17.179:139 tcp
N/A 10.127.17.180:139 tcp
N/A 10.127.17.181:139 tcp
N/A 10.127.17.182:139 tcp
N/A 10.127.17.183:139 tcp
N/A 10.127.17.184:139 tcp
N/A 10.127.17.185:139 tcp
N/A 10.127.17.186:139 tcp
N/A 10.127.17.187:139 tcp
N/A 10.127.17.188:139 tcp
N/A 10.127.17.189:139 tcp
N/A 10.127.17.190:139 tcp
N/A 10.127.17.191:139 tcp
N/A 10.127.17.192:139 tcp
N/A 10.127.17.194:139 tcp
N/A 10.127.17.210:139 tcp
N/A 10.127.17.211:139 tcp
N/A 10.127.17.212:139 tcp
N/A 10.127.17.213:139 tcp
N/A 10.127.17.214:139 tcp
N/A 10.127.17.215:139 tcp
N/A 10.127.17.216:139 tcp
N/A 10.127.17.217:139 tcp
N/A 10.127.17.218:139 tcp
N/A 10.127.17.219:139 tcp
N/A 10.127.17.220:139 tcp
N/A 10.127.17.221:139 tcp
N/A 10.127.17.222:139 tcp
N/A 10.127.17.223:139 tcp
N/A 10.127.17.224:139 tcp
N/A 10.127.17.225:139 tcp
N/A 10.127.17.226:139 tcp
N/A 10.127.17.227:139 tcp
N/A 10.127.17.228:139 tcp
N/A 10.127.17.229:139 tcp
N/A 10.127.17.230:139 tcp
N/A 10.127.17.231:139 tcp
N/A 10.127.17.232:139 tcp
N/A 10.127.17.233:139 tcp
N/A 10.127.17.234:139 tcp
N/A 10.127.17.235:139 tcp
N/A 10.127.17.236:139 tcp
N/A 10.127.17.237:139 tcp
N/A 10.127.17.238:139 tcp
N/A 10.127.17.239:139 tcp
N/A 10.127.17.240:139 tcp
N/A 10.127.17.241:139 tcp
N/A 10.127.17.242:139 tcp
N/A 10.127.17.243:139 tcp
N/A 10.127.17.244:139 tcp
N/A 10.127.17.245:139 tcp
N/A 10.127.17.246:139 tcp
N/A 10.127.17.247:139 tcp
N/A 10.127.17.248:139 tcp
N/A 10.127.17.249:139 tcp
N/A 10.127.17.250:139 tcp
N/A 10.127.17.251:139 tcp
N/A 10.127.17.252:139 tcp
N/A 10.127.17.253:139 tcp
N/A 10.127.17.254:139 tcp
N/A 10.127.17.255:139 tcp
N/A 10.127.18.0:139 tcp
N/A 10.127.18.16:139 tcp
N/A 10.127.18.36:139 tcp
N/A 10.127.18.44:139 tcp
N/A 10.127.18.39:139 tcp
N/A 10.127.18.61:139 tcp
N/A 10.127.18.57:139 tcp
N/A 10.127.18.21:139 tcp
N/A 10.127.18.42:139 tcp
N/A 10.127.18.10:139 tcp
N/A 10.127.18.55:139 tcp
N/A 10.127.18.54:139 tcp
N/A 10.127.18.51:139 tcp
N/A 10.127.18.66:139 tcp
N/A 10.127.18.47:139 tcp
N/A 10.127.18.58:139 tcp
N/A 10.127.18.4:139 tcp
N/A 10.127.18.33:139 tcp
N/A 10.127.18.60:139 tcp
N/A 10.127.18.28:139 tcp
N/A 10.127.18.32:139 tcp
N/A 10.127.18.132:139 tcp
N/A 10.127.18.3:139 tcp
N/A 10.127.18.19:139 tcp
N/A 10.127.19.3:139 tcp
N/A 10.127.18.49:139 tcp
N/A 10.127.18.20:139 tcp
N/A 10.127.18.37:139 tcp
N/A 10.127.18.41:139 tcp
N/A 10.127.18.14:139 tcp
N/A 10.127.18.29:139 tcp
N/A 10.127.18.43:139 tcp
N/A 10.127.18.63:139 tcp
N/A 10.127.18.194:139 tcp
N/A 10.127.18.52:139 tcp
N/A 10.127.18.34:139 tcp
N/A 10.127.18.53:139 tcp
N/A 10.127.18.15:139 tcp
N/A 10.127.18.8:139 tcp
N/A 10.127.18.48:139 tcp
N/A 10.127.19.83:139 tcp
N/A 10.127.18.1:139 tcp
N/A 10.127.19.82:139 tcp
N/A 10.127.19.129:139 tcp
N/A 10.127.18.6:139 tcp
N/A 10.127.18.50:139 tcp
N/A 10.127.19.73:139 tcp
N/A 10.127.18.5:139 tcp
N/A 10.127.18.56:139 tcp
N/A 10.127.18.193:139 tcp
N/A 10.127.19.2:139 tcp
N/A 10.127.18.11:139 tcp
N/A 10.127.18.65:139 tcp
N/A 10.127.18.2:139 tcp
N/A 10.127.19.80:139 tcp
N/A 10.127.19.76:139 tcp
N/A 10.127.18.7:139 tcp
N/A 10.127.18.9:139 tcp
N/A 10.127.18.12:139 tcp
N/A 10.127.18.13:139 tcp
N/A 10.127.18.17:139 tcp
N/A 10.127.18.18:139 tcp
N/A 10.127.18.22:139 tcp
N/A 10.127.18.23:139 tcp
N/A 10.127.18.24:139 tcp
N/A 10.127.18.25:139 tcp
N/A 10.127.18.26:139 tcp
N/A 10.127.18.27:139 tcp
N/A 10.127.18.30:139 tcp
N/A 10.127.18.31:139 tcp
N/A 10.127.18.35:139 tcp
N/A 10.127.18.38:139 tcp
N/A 10.127.18.40:139 tcp
N/A 10.127.18.45:139 tcp
N/A 10.127.18.46:139 tcp
N/A 10.127.18.59:139 tcp
N/A 10.127.18.62:139 tcp
N/A 10.127.18.64:139 tcp
N/A 10.127.18.67:139 tcp
N/A 10.127.18.68:139 tcp
N/A 10.127.18.69:139 tcp
N/A 10.127.18.70:139 tcp
N/A 10.127.18.71:139 tcp
N/A 10.127.18.72:139 tcp
N/A 10.127.18.73:139 tcp
N/A 10.127.18.74:139 tcp
N/A 10.127.18.75:139 tcp
N/A 10.127.18.76:139 tcp
N/A 10.127.18.77:139 tcp
N/A 10.127.18.78:139 tcp
N/A 10.127.18.79:139 tcp
N/A 10.127.18.80:139 tcp
N/A 10.127.18.81:139 tcp
N/A 10.127.18.82:139 tcp
N/A 10.127.18.83:139 tcp
N/A 10.127.18.84:139 tcp
N/A 10.127.18.85:139 tcp
N/A 10.127.18.86:139 tcp
N/A 10.127.18.87:139 tcp
N/A 10.127.18.88:139 tcp
N/A 10.127.18.89:139 tcp
N/A 10.127.18.90:139 tcp
N/A 10.127.18.91:139 tcp
N/A 10.127.18.92:139 tcp
N/A 10.127.18.93:139 tcp
N/A 10.127.18.94:139 tcp
N/A 10.127.18.95:139 tcp
N/A 10.127.18.96:139 tcp
N/A 10.127.18.97:139 tcp
N/A 10.127.18.98:139 tcp
N/A 10.127.18.99:139 tcp
N/A 10.127.18.100:139 tcp
N/A 10.127.18.101:139 tcp
N/A 10.127.18.102:139 tcp
N/A 10.127.18.103:139 tcp
N/A 10.127.18.104:139 tcp
N/A 10.127.18.105:139 tcp
N/A 10.127.18.106:139 tcp
N/A 10.127.18.107:139 tcp
N/A 10.127.18.108:139 tcp
N/A 10.127.18.109:139 tcp
N/A 10.127.18.110:139 tcp
N/A 10.127.18.111:139 tcp
N/A 10.127.18.112:139 tcp
N/A 10.127.18.113:139 tcp
N/A 10.127.18.114:139 tcp
N/A 10.127.18.115:139 tcp
N/A 10.127.18.116:139 tcp
N/A 10.127.18.117:139 tcp
N/A 10.127.18.118:139 tcp
N/A 10.127.18.119:139 tcp
N/A 10.127.18.120:139 tcp
N/A 10.127.18.121:139 tcp
N/A 10.127.18.122:139 tcp
N/A 10.127.18.123:139 tcp
N/A 10.127.18.124:139 tcp
N/A 10.127.18.125:139 tcp
N/A 10.127.18.126:139 tcp
N/A 10.127.18.127:139 tcp
N/A 10.127.18.128:139 tcp
N/A 10.127.18.129:139 tcp
N/A 10.127.18.130:139 tcp
N/A 10.127.18.131:139 tcp
N/A 10.127.18.133:139 tcp
N/A 10.127.18.134:139 tcp
N/A 10.127.18.135:139 tcp
N/A 10.127.18.136:139 tcp
N/A 10.127.18.137:139 tcp
N/A 10.127.18.138:139 tcp
N/A 10.127.18.139:139 tcp
N/A 10.127.18.140:139 tcp
N/A 10.127.18.141:139 tcp
N/A 10.127.18.142:139 tcp
N/A 10.127.18.143:139 tcp
N/A 10.127.18.144:139 tcp
N/A 10.127.18.145:139 tcp
N/A 10.127.18.146:139 tcp
N/A 10.127.18.147:139 tcp
N/A 10.127.18.148:139 tcp
N/A 10.127.18.149:139 tcp
N/A 10.127.18.150:139 tcp
N/A 10.127.18.151:139 tcp
N/A 10.127.18.152:139 tcp
N/A 10.127.18.153:139 tcp
N/A 10.127.18.154:139 tcp
N/A 10.127.18.155:139 tcp
N/A 10.127.18.156:139 tcp
N/A 10.127.18.157:139 tcp
N/A 10.127.18.158:139 tcp
N/A 10.127.18.159:139 tcp
N/A 10.127.18.160:139 tcp
N/A 10.127.18.161:139 tcp
N/A 10.127.18.162:139 tcp
N/A 10.127.18.163:139 tcp
N/A 10.127.18.164:139 tcp
N/A 10.127.18.165:139 tcp
N/A 10.127.18.166:139 tcp
N/A 10.127.18.167:139 tcp
N/A 10.127.18.168:139 tcp
N/A 10.127.18.169:139 tcp
N/A 10.127.18.170:139 tcp
N/A 10.127.18.171:139 tcp
N/A 10.127.18.172:139 tcp
N/A 10.127.18.173:139 tcp
N/A 10.127.18.174:139 tcp
N/A 10.127.18.175:139 tcp
N/A 10.127.18.176:139 tcp
N/A 10.127.18.177:139 tcp
N/A 10.127.18.178:139 tcp
N/A 10.127.18.179:139 tcp
N/A 10.127.18.180:139 tcp
N/A 10.127.18.181:139 tcp
N/A 10.127.18.182:139 tcp
N/A 10.127.18.183:139 tcp
N/A 10.127.18.184:139 tcp
N/A 10.127.18.185:139 tcp
N/A 10.127.18.186:139 tcp
N/A 10.127.18.187:139 tcp
N/A 10.127.18.188:139 tcp
N/A 10.127.18.189:139 tcp
N/A 10.127.18.190:139 tcp
N/A 10.127.18.191:139 tcp
N/A 10.127.18.192:139 tcp
N/A 10.127.18.195:139 tcp
N/A 10.127.18.196:139 tcp
N/A 10.127.18.197:139 tcp
N/A 10.127.18.198:139 tcp
N/A 10.127.18.199:139 tcp
N/A 10.127.18.200:139 tcp
N/A 10.127.18.201:139 tcp
N/A 10.127.18.202:139 tcp
N/A 10.127.18.203:139 tcp
N/A 10.127.18.204:139 tcp
N/A 10.127.18.205:139 tcp
N/A 10.127.18.206:139 tcp
N/A 10.127.18.207:139 tcp
N/A 10.127.18.208:139 tcp
N/A 10.127.18.209:139 tcp
N/A 10.127.18.210:139 tcp
N/A 10.127.18.211:139 tcp
N/A 10.127.18.212:139 tcp
N/A 10.127.18.213:139 tcp
N/A 10.127.18.214:139 tcp
N/A 10.127.18.215:139 tcp
N/A 10.127.18.216:139 tcp
N/A 10.127.18.217:139 tcp
N/A 10.127.18.218:139 tcp
N/A 10.127.18.219:139 tcp
N/A 10.127.18.220:139 tcp
N/A 10.127.18.221:139 tcp
N/A 10.127.18.222:139 tcp
N/A 10.127.18.223:139 tcp
N/A 10.127.18.224:139 tcp
N/A 10.127.18.225:139 tcp
N/A 10.127.18.226:139 tcp
N/A 10.127.18.227:139 tcp
N/A 10.127.18.228:139 tcp
N/A 10.127.18.229:139 tcp
N/A 10.127.18.230:139 tcp
N/A 10.127.18.231:139 tcp
N/A 10.127.18.232:139 tcp
N/A 10.127.18.233:139 tcp
N/A 10.127.18.234:139 tcp
N/A 10.127.18.235:139 tcp
N/A 10.127.18.236:139 tcp
N/A 10.127.18.237:139 tcp
N/A 10.127.18.238:139 tcp
N/A 10.127.18.239:139 tcp
N/A 10.127.18.240:139 tcp
N/A 10.127.18.241:139 tcp
N/A 10.127.18.242:139 tcp
N/A 10.127.18.243:139 tcp
N/A 10.127.18.244:139 tcp
N/A 10.127.18.245:139 tcp
N/A 10.127.18.246:139 tcp
N/A 10.127.18.247:139 tcp
N/A 10.127.18.248:139 tcp
N/A 10.127.18.249:139 tcp
N/A 10.127.18.250:139 tcp
N/A 10.127.18.251:139 tcp
N/A 10.127.18.252:139 tcp
N/A 10.127.18.253:139 tcp
N/A 10.127.18.254:139 tcp
N/A 10.127.18.255:139 tcp
N/A 10.127.19.0:139 tcp
N/A 10.127.19.1:139 tcp
N/A 10.127.19.4:139 tcp
N/A 10.127.19.5:139 tcp
N/A 10.127.19.6:139 tcp
N/A 10.127.19.7:139 tcp
N/A 10.127.19.8:139 tcp
N/A 10.127.19.9:139 tcp
N/A 10.127.19.10:139 tcp
N/A 10.127.19.11:139 tcp
N/A 10.127.19.12:139 tcp
N/A 10.127.19.13:139 tcp
N/A 10.127.19.14:139 tcp
N/A 10.127.19.15:139 tcp
N/A 10.127.19.16:139 tcp
N/A 10.127.19.17:139 tcp
N/A 10.127.19.18:139 tcp
N/A 10.127.19.19:139 tcp
N/A 10.127.19.20:139 tcp
N/A 10.127.19.21:139 tcp
N/A 10.127.19.22:139 tcp
N/A 10.127.19.23:139 tcp
N/A 10.127.19.24:139 tcp
N/A 10.127.19.25:139 tcp
N/A 10.127.19.26:139 tcp
N/A 10.127.19.27:139 tcp
N/A 10.127.19.28:139 tcp
N/A 10.127.19.29:139 tcp
N/A 10.127.19.30:139 tcp
N/A 10.127.19.31:139 tcp
N/A 10.127.19.32:139 tcp
N/A 10.127.19.33:139 tcp
N/A 10.127.19.34:139 tcp
N/A 10.127.19.35:139 tcp
N/A 10.127.19.36:139 tcp
N/A 10.127.19.37:139 tcp
N/A 10.127.19.38:139 tcp
N/A 10.127.19.39:139 tcp
N/A 10.127.19.40:139 tcp
N/A 10.127.19.41:139 tcp
N/A 10.127.19.42:139 tcp
N/A 10.127.19.43:139 tcp
N/A 10.127.19.44:139 tcp
N/A 10.127.19.45:139 tcp
N/A 10.127.19.46:139 tcp
N/A 10.127.19.47:139 tcp
N/A 10.127.19.48:139 tcp
N/A 10.127.19.49:139 tcp
N/A 10.127.19.50:139 tcp
N/A 10.127.19.51:139 tcp
N/A 10.127.19.52:139 tcp
N/A 10.127.19.53:139 tcp
N/A 10.127.19.54:139 tcp
N/A 10.127.19.55:139 tcp
N/A 10.127.19.56:139 tcp
N/A 10.127.19.57:139 tcp
N/A 10.127.19.58:139 tcp
N/A 10.127.19.59:139 tcp
N/A 10.127.19.60:139 tcp
N/A 10.127.19.61:139 tcp
N/A 10.127.19.62:139 tcp
N/A 10.127.19.63:139 tcp
N/A 10.127.19.64:139 tcp
N/A 10.127.19.65:139 tcp
N/A 10.127.19.66:139 tcp
N/A 10.127.19.67:139 tcp
N/A 10.127.19.68:139 tcp
N/A 10.127.19.69:139 tcp
N/A 10.127.19.70:139 tcp
N/A 10.127.19.71:139 tcp
N/A 10.127.19.72:139 tcp
N/A 10.127.19.74:139 tcp
N/A 10.127.19.75:139 tcp
N/A 10.127.19.77:139 tcp
N/A 10.127.19.78:139 tcp
N/A 10.127.19.79:139 tcp
N/A 10.127.19.81:139 tcp
N/A 10.127.19.84:139 tcp
N/A 10.127.19.85:139 tcp
N/A 10.127.19.86:139 tcp
N/A 10.127.19.87:139 tcp
N/A 10.127.19.88:139 tcp
N/A 10.127.19.89:139 tcp
N/A 10.127.19.90:139 tcp
N/A 10.127.19.91:139 tcp
N/A 10.127.19.92:139 tcp
N/A 10.127.19.93:139 tcp
N/A 10.127.19.94:139 tcp
N/A 10.127.19.95:139 tcp
N/A 10.127.19.96:139 tcp
N/A 10.127.19.97:139 tcp
N/A 10.127.19.98:139 tcp
N/A 10.127.19.99:139 tcp
N/A 10.127.19.100:139 tcp
N/A 10.127.19.101:139 tcp
N/A 10.127.19.102:139 tcp
N/A 10.127.19.103:139 tcp
N/A 10.127.19.104:139 tcp
N/A 10.127.19.105:139 tcp
N/A 10.127.19.106:139 tcp
N/A 10.127.19.107:139 tcp
N/A 10.127.19.108:139 tcp
N/A 10.127.19.109:139 tcp
N/A 10.127.19.110:139 tcp
N/A 10.127.19.111:139 tcp
N/A 10.127.19.112:139 tcp
N/A 10.127.19.113:139 tcp
N/A 10.127.19.114:139 tcp
N/A 10.127.19.115:139 tcp
N/A 10.127.19.116:139 tcp
N/A 10.127.19.117:139 tcp
N/A 10.127.19.118:139 tcp
N/A 10.127.19.119:139 tcp
N/A 10.127.19.120:139 tcp
N/A 10.127.19.121:139 tcp
N/A 10.127.19.122:139 tcp
N/A 10.127.19.123:139 tcp
N/A 10.127.19.124:139 tcp
N/A 10.127.19.125:139 tcp
N/A 10.127.19.126:139 tcp
N/A 10.127.19.127:139 tcp
N/A 10.127.19.128:139 tcp
N/A 10.127.19.130:139 tcp
N/A 10.127.19.131:139 tcp
N/A 10.127.19.132:139 tcp
N/A 10.127.19.133:139 tcp
N/A 10.127.19.134:139 tcp
N/A 10.127.19.135:139 tcp
N/A 10.127.19.136:139 tcp
N/A 10.127.19.137:139 tcp
N/A 10.127.19.138:139 tcp
N/A 10.127.19.139:139 tcp
N/A 10.127.19.140:139 tcp
N/A 10.127.19.141:139 tcp
N/A 10.127.19.142:139 tcp
N/A 10.127.19.143:139 tcp
N/A 10.127.19.144:139 tcp
N/A 10.127.19.145:139 tcp
N/A 10.127.19.146:139 tcp
N/A 10.127.19.147:139 tcp
N/A 10.127.19.148:139 tcp
N/A 10.127.19.149:139 tcp
N/A 10.127.19.150:139 tcp
N/A 10.127.19.151:139 tcp
N/A 10.127.19.152:139 tcp
N/A 10.127.19.153:139 tcp
N/A 10.127.19.154:139 tcp
N/A 10.127.19.155:139 tcp
N/A 10.127.19.156:139 tcp
N/A 10.127.19.157:139 tcp
N/A 10.127.19.158:139 tcp
N/A 10.127.19.159:139 tcp
N/A 10.127.19.160:139 tcp
N/A 10.127.19.161:139 tcp
N/A 10.127.19.162:139 tcp
N/A 10.127.19.163:139 tcp
N/A 10.127.19.164:139 tcp
N/A 10.127.19.165:139 tcp
N/A 10.127.19.166:139 tcp
N/A 10.127.19.167:139 tcp
N/A 10.127.19.168:139 tcp
N/A 10.127.19.169:139 tcp
N/A 10.127.19.170:139 tcp
N/A 10.127.19.171:139 tcp
N/A 10.127.19.172:139 tcp
N/A 10.127.19.173:139 tcp
N/A 10.127.19.174:139 tcp
N/A 10.127.19.175:139 tcp
N/A 10.127.19.176:139 tcp
N/A 10.127.19.177:139 tcp
N/A 10.127.19.178:139 tcp
N/A 10.127.19.179:139 tcp
N/A 10.127.19.180:139 tcp
N/A 10.127.19.181:139 tcp
N/A 10.127.19.182:139 tcp
N/A 10.127.19.183:139 tcp
N/A 10.127.19.184:139 tcp
N/A 10.127.19.185:139 tcp
N/A 10.127.19.186:139 tcp
N/A 10.127.19.187:139 tcp
N/A 10.127.19.188:139 tcp
N/A 10.127.19.189:139 tcp
N/A 10.127.19.190:139 tcp
N/A 10.127.19.191:139 tcp
N/A 10.127.19.192:139 tcp
N/A 10.127.19.193:139 tcp
N/A 10.127.19.194:139 tcp
N/A 10.127.19.195:139 tcp
N/A 10.127.19.196:139 tcp
N/A 10.127.19.197:139 tcp
N/A 10.127.19.198:139 tcp
N/A 10.127.19.199:139 tcp
N/A 10.127.19.200:139 tcp
N/A 10.127.19.201:139 tcp
N/A 10.127.19.202:139 tcp
N/A 10.127.19.203:139 tcp
N/A 10.127.19.204:139 tcp
N/A 10.127.19.205:139 tcp
N/A 10.127.19.206:139 tcp
N/A 10.127.19.207:139 tcp
N/A 10.127.19.208:139 tcp
N/A 10.127.19.209:139 tcp
N/A 10.127.19.210:139 tcp
N/A 10.127.19.211:139 tcp
N/A 10.127.19.212:139 tcp
N/A 10.127.19.213:139 tcp
N/A 10.127.19.214:139 tcp
N/A 10.127.19.215:139 tcp
N/A 10.127.19.216:139 tcp
N/A 10.127.19.217:139 tcp
N/A 10.127.19.218:139 tcp
N/A 10.127.19.219:139 tcp
N/A 10.127.19.220:139 tcp
N/A 10.127.19.221:139 tcp
N/A 10.127.19.222:139 tcp
N/A 10.127.19.223:139 tcp
N/A 10.127.19.224:139 tcp
N/A 10.127.19.225:139 tcp
N/A 10.127.19.226:139 tcp
N/A 10.127.19.227:139 tcp
N/A 10.127.19.228:139 tcp
N/A 10.127.19.229:139 tcp
N/A 10.127.19.230:139 tcp
N/A 10.127.19.231:139 tcp
N/A 10.127.19.232:139 tcp
N/A 10.127.19.233:139 tcp
N/A 10.127.19.234:139 tcp
N/A 10.127.19.235:139 tcp
N/A 10.127.19.236:139 tcp
N/A 10.127.19.237:139 tcp
N/A 10.127.19.238:139 tcp
N/A 10.127.19.239:139 tcp
N/A 10.127.19.240:139 tcp
N/A 10.127.19.241:139 tcp
N/A 10.127.19.242:139 tcp
N/A 10.127.19.243:139 tcp
N/A 10.127.19.244:139 tcp
N/A 10.127.19.245:139 tcp
N/A 10.127.19.246:139 tcp
N/A 10.127.19.247:139 tcp
N/A 10.127.19.248:139 tcp
N/A 10.127.19.249:139 tcp
N/A 10.127.19.250:139 tcp
N/A 10.127.19.251:139 tcp
N/A 10.127.19.252:139 tcp
N/A 10.127.19.253:139 tcp
N/A 10.127.19.254:139 tcp
N/A 10.127.19.255:139 tcp
N/A 10.127.20.0:139 tcp
N/A 10.127.20.65:139 tcp
N/A 10.127.20.25:139 tcp
N/A 10.127.20.69:139 tcp
N/A 10.127.20.28:139 tcp
N/A 10.127.20.71:139 tcp
N/A 10.127.20.14:139 tcp
N/A 10.127.20.44:139 tcp
N/A 10.127.20.17:139 tcp
N/A 10.127.20.68:139 tcp
N/A 10.127.20.15:139 tcp
N/A 10.127.20.130:139 tcp
N/A 10.127.20.53:139 tcp
N/A 10.127.20.1:139 tcp
N/A 10.127.20.54:139 tcp
N/A 10.127.20.36:139 tcp
N/A 10.127.20.49:139 tcp
N/A 10.127.20.41:139 tcp
N/A 10.127.20.40:139 tcp
N/A 10.127.20.51:139 tcp
N/A 10.127.20.7:139 tcp
N/A 10.127.20.193:139 tcp
N/A 10.127.20.50:139 tcp
N/A 10.127.20.26:139 tcp
N/A 10.127.20.11:139 tcp
N/A 10.127.20.12:139 tcp
N/A 10.127.20.30:139 tcp
N/A 10.127.20.33:139 tcp
N/A 10.127.20.45:139 tcp
N/A 10.127.20.2:139 tcp
N/A 10.127.20.48:139 tcp
N/A 10.127.20.129:139 tcp
N/A 10.127.20.22:139 tcp
N/A 10.127.20.70:139 tcp
N/A 10.127.20.52:139 tcp
N/A 10.127.20.46:139 tcp
N/A 10.127.20.38:139 tcp
N/A 10.127.20.72:139 tcp
N/A 10.127.20.23:139 tcp
N/A 10.127.21.4:139 tcp
N/A 10.127.20.34:139 tcp
N/A 10.127.20.39:139 tcp
N/A 10.127.21.66:139 tcp
N/A 10.127.20.43:139 tcp
N/A 10.127.21.1:139 tcp
N/A 10.127.20.47:139 tcp
N/A 10.127.20.35:139 tcp
N/A 10.127.21.5:139 tcp
N/A 10.127.21.70:139 tcp
N/A 10.127.20.66:139 tcp
N/A 10.127.20.19:139 tcp
N/A 10.127.20.24:139 tcp
N/A 10.127.20.75:139 tcp
N/A 10.127.21.67:139 tcp
N/A 10.127.20.5:139 tcp
N/A 10.127.20.67:139 tcp
N/A 10.127.21.68:139 tcp
N/A 10.127.20.197:139 tcp
N/A 10.127.21.71:139 tcp
N/A 10.127.20.196:139 tcp
N/A 10.127.20.3:139 tcp
N/A 10.127.20.198:139 tcp
N/A 10.127.21.11:139 tcp
N/A 10.127.20.4:139 tcp
N/A 10.127.20.21:139 tcp
N/A 10.127.20.27:139 tcp
N/A 10.127.20.32:139 tcp
N/A 10.127.21.207:139 tcp
N/A 10.127.20.16:139 tcp
N/A 10.127.20.13:139 tcp
N/A 10.127.20.18:139 tcp
N/A 10.127.20.74:139 tcp
N/A 10.127.20.8:139 tcp
N/A 10.127.20.9:139 tcp
N/A 10.127.20.37:139 tcp
N/A 10.127.20.73:139 tcp
N/A 10.127.21.8:139 tcp
N/A 10.127.20.10:139 tcp
N/A 10.127.20.6:139 tcp
N/A 10.127.20.20:139 tcp
N/A 10.127.20.29:139 tcp
N/A 10.127.20.31:139 tcp
N/A 10.127.20.42:139 tcp
N/A 10.127.20.55:139 tcp
N/A 10.127.20.76:139 tcp
N/A 10.127.20.56:139 tcp
N/A 10.127.20.57:139 tcp
N/A 10.127.20.77:139 tcp
N/A 10.127.20.58:139 tcp
N/A 10.127.20.59:139 tcp
N/A 10.127.20.60:139 tcp
N/A 10.127.20.61:139 tcp
N/A 10.127.20.62:139 tcp
N/A 10.127.20.63:139 tcp
N/A 10.127.20.64:139 tcp
N/A 10.127.20.78:139 tcp
N/A 10.127.20.79:139 tcp
N/A 10.127.20.80:139 tcp
N/A 10.127.20.81:139 tcp
N/A 10.127.20.82:139 tcp
N/A 10.127.20.83:139 tcp
N/A 10.127.20.84:139 tcp
N/A 10.127.20.85:139 tcp
N/A 10.127.20.86:139 tcp
N/A 10.127.20.87:139 tcp
N/A 10.127.20.88:139 tcp
N/A 10.127.20.89:139 tcp
N/A 10.127.20.90:139 tcp
N/A 10.127.20.91:139 tcp
N/A 10.127.20.92:139 tcp
N/A 10.127.20.93:139 tcp
N/A 10.127.20.94:139 tcp
N/A 10.127.20.95:139 tcp
N/A 10.127.20.96:139 tcp
N/A 10.127.20.97:139 tcp
N/A 10.127.20.98:139 tcp
N/A 10.127.20.99:139 tcp
N/A 10.127.20.100:139 tcp
N/A 10.127.20.101:139 tcp
N/A 10.127.20.102:139 tcp
N/A 10.127.20.103:139 tcp
N/A 10.127.20.104:139 tcp
N/A 10.127.20.105:139 tcp
N/A 10.127.20.106:139 tcp
N/A 10.127.20.107:139 tcp
N/A 10.127.20.108:139 tcp
N/A 10.127.20.109:139 tcp
N/A 10.127.20.110:139 tcp
N/A 10.127.20.111:139 tcp
N/A 10.127.20.112:139 tcp
N/A 10.127.20.113:139 tcp
N/A 10.127.20.114:139 tcp
N/A 10.127.20.115:139 tcp
N/A 10.127.20.116:139 tcp
N/A 10.127.20.117:139 tcp
N/A 10.127.20.118:139 tcp
N/A 10.127.20.119:139 tcp
N/A 10.127.20.120:139 tcp
N/A 10.127.20.121:139 tcp
N/A 10.127.20.122:139 tcp
N/A 10.127.20.123:139 tcp
N/A 10.127.20.124:139 tcp
N/A 10.127.20.125:139 tcp
N/A 10.127.20.126:139 tcp
N/A 10.127.20.127:139 tcp
N/A 10.127.20.128:139 tcp
N/A 10.127.20.131:139 tcp
N/A 10.127.20.132:139 tcp
N/A 10.127.20.133:139 tcp
N/A 10.127.20.134:139 tcp
N/A 10.127.20.135:139 tcp
N/A 10.127.20.136:139 tcp
N/A 10.127.20.137:139 tcp
N/A 10.127.20.138:139 tcp
N/A 10.127.20.139:139 tcp
N/A 10.127.20.140:139 tcp
N/A 10.127.20.141:139 tcp
N/A 10.127.20.142:139 tcp
N/A 10.127.20.143:139 tcp
N/A 10.127.20.144:139 tcp
N/A 10.127.20.145:139 tcp
N/A 10.127.20.146:139 tcp
N/A 10.127.20.147:139 tcp
N/A 10.127.20.148:139 tcp
N/A 10.127.20.149:139 tcp
N/A 10.127.20.150:139 tcp
N/A 10.127.20.151:139 tcp
N/A 10.127.20.152:139 tcp
N/A 10.127.20.153:139 tcp
N/A 10.127.20.154:139 tcp
N/A 10.127.20.155:139 tcp
N/A 10.127.20.156:139 tcp
N/A 10.127.20.157:139 tcp
N/A 10.127.20.158:139 tcp
N/A 10.127.20.159:139 tcp
N/A 10.127.20.160:139 tcp
N/A 10.127.20.161:139 tcp
N/A 10.127.20.162:139 tcp
N/A 10.127.20.163:139 tcp
N/A 10.127.20.164:139 tcp
N/A 10.127.20.165:139 tcp
N/A 10.127.20.166:139 tcp
N/A 10.127.20.167:139 tcp
N/A 10.127.20.168:139 tcp
N/A 10.127.20.169:139 tcp
N/A 10.127.20.170:139 tcp
N/A 10.127.20.171:139 tcp
N/A 10.127.20.172:139 tcp
N/A 10.127.20.173:139 tcp
N/A 10.127.20.174:139 tcp
N/A 10.127.20.175:139 tcp
N/A 10.127.20.176:139 tcp
N/A 10.127.20.177:139 tcp
N/A 10.127.20.178:139 tcp
N/A 10.127.20.179:139 tcp
N/A 10.127.20.180:139 tcp
N/A 10.127.20.181:139 tcp
N/A 10.127.20.182:139 tcp
N/A 10.127.20.183:139 tcp
N/A 10.127.20.184:139 tcp
N/A 10.127.20.185:139 tcp
N/A 10.127.20.186:139 tcp
N/A 10.127.20.187:139 tcp
N/A 10.127.20.188:139 tcp
N/A 10.127.20.189:139 tcp
N/A 10.127.20.190:139 tcp
N/A 10.127.20.191:139 tcp
N/A 10.127.20.192:139 tcp
N/A 10.127.20.194:139 tcp
N/A 10.127.20.195:139 tcp
N/A 10.127.20.199:139 tcp
N/A 10.127.20.200:139 tcp
N/A 10.127.20.201:139 tcp
N/A 10.127.20.202:139 tcp
N/A 10.127.20.203:139 tcp
N/A 10.127.20.204:139 tcp
N/A 10.127.20.205:139 tcp
N/A 10.127.20.206:139 tcp
N/A 10.127.20.207:139 tcp
N/A 10.127.20.208:139 tcp
N/A 10.127.20.209:139 tcp
N/A 10.127.20.210:139 tcp
N/A 10.127.20.211:139 tcp
N/A 10.127.20.212:139 tcp
N/A 10.127.20.213:139 tcp
N/A 10.127.20.214:139 tcp
N/A 10.127.20.215:139 tcp
N/A 10.127.20.216:139 tcp
N/A 10.127.20.217:139 tcp
N/A 10.127.20.218:139 tcp
N/A 10.127.20.219:139 tcp
N/A 10.127.20.220:139 tcp
N/A 10.127.20.221:139 tcp
N/A 10.127.20.222:139 tcp
N/A 10.127.20.223:139 tcp
N/A 10.127.20.224:139 tcp
N/A 10.127.20.225:139 tcp
N/A 10.127.20.226:139 tcp
N/A 10.127.20.227:139 tcp
N/A 10.127.20.228:139 tcp
N/A 10.127.20.229:139 tcp
N/A 10.127.20.230:139 tcp
N/A 10.127.20.231:139 tcp
N/A 10.127.20.232:139 tcp
N/A 10.127.20.233:139 tcp
N/A 10.127.20.234:139 tcp
N/A 10.127.20.235:139 tcp
N/A 10.127.20.236:139 tcp
N/A 10.127.20.237:139 tcp
N/A 10.127.20.238:139 tcp
N/A 10.127.20.239:139 tcp
N/A 10.127.20.240:139 tcp
N/A 10.127.20.241:139 tcp
N/A 10.127.20.242:139 tcp
N/A 10.127.20.243:139 tcp
N/A 10.127.20.244:139 tcp
N/A 10.127.20.245:139 tcp
N/A 10.127.20.246:139 tcp
N/A 10.127.20.247:139 tcp
N/A 10.127.20.248:139 tcp
N/A 10.127.20.249:139 tcp
N/A 10.127.20.250:139 tcp
N/A 10.127.20.251:139 tcp
N/A 10.127.20.252:139 tcp
N/A 10.127.20.253:139 tcp
N/A 10.127.20.254:139 tcp
N/A 10.127.20.255:139 tcp
N/A 10.127.21.0:139 tcp
N/A 10.127.21.2:139 tcp
N/A 10.127.21.3:139 tcp
N/A 10.127.21.6:139 tcp
N/A 10.127.21.7:139 tcp
N/A 10.127.21.9:139 tcp
N/A 10.127.21.10:139 tcp
N/A 10.127.21.12:139 tcp
N/A 10.127.21.13:139 tcp
N/A 10.127.21.14:139 tcp
N/A 10.127.21.15:139 tcp
N/A 10.127.21.16:139 tcp
N/A 10.127.21.17:139 tcp
N/A 10.127.21.18:139 tcp
N/A 10.127.21.19:139 tcp
N/A 10.127.21.20:139 tcp
N/A 10.127.21.21:139 tcp
N/A 10.127.21.22:139 tcp
N/A 10.127.21.23:139 tcp
N/A 10.127.21.24:139 tcp
N/A 10.127.21.25:139 tcp
N/A 10.127.21.26:139 tcp
N/A 10.127.21.27:139 tcp
N/A 10.127.21.28:139 tcp
N/A 10.127.21.29:139 tcp
N/A 10.127.21.30:139 tcp
N/A 10.127.21.31:139 tcp
N/A 10.127.21.32:139 tcp
N/A 10.127.21.33:139 tcp
N/A 10.127.21.34:139 tcp
N/A 10.127.21.35:139 tcp
N/A 10.127.21.36:139 tcp
N/A 10.127.21.37:139 tcp
N/A 10.127.21.38:139 tcp
N/A 10.127.21.39:139 tcp
N/A 10.127.21.40:139 tcp
N/A 10.127.21.41:139 tcp
N/A 10.127.21.42:139 tcp
N/A 10.127.21.43:139 tcp
N/A 10.127.21.44:139 tcp
N/A 10.127.21.45:139 tcp
N/A 10.127.21.46:139 tcp
N/A 10.127.21.47:139 tcp
N/A 10.127.21.48:139 tcp
N/A 10.127.21.49:139 tcp
N/A 10.127.21.50:139 tcp
N/A 10.127.21.51:139 tcp
N/A 10.127.21.52:139 tcp
N/A 10.127.21.53:139 tcp
N/A 10.127.21.54:139 tcp
N/A 10.127.21.55:139 tcp
N/A 10.127.21.56:139 tcp
N/A 10.127.21.57:139 tcp
N/A 10.127.21.58:139 tcp
N/A 10.127.21.59:139 tcp
N/A 10.127.21.60:139 tcp
N/A 10.127.21.61:139 tcp
N/A 10.127.21.62:139 tcp
N/A 10.127.21.63:139 tcp
N/A 10.127.21.64:139 tcp
N/A 10.127.21.65:139 tcp
N/A 10.127.21.129:139 tcp
N/A 10.127.21.130:139 tcp
N/A 10.127.21.69:139 tcp
N/A 10.127.21.131:139 tcp
N/A 10.127.21.132:139 tcp
N/A 10.127.21.133:139 tcp
N/A 10.127.21.134:139 tcp
N/A 10.127.21.135:139 tcp
N/A 10.127.21.136:139 tcp
N/A 10.127.21.72:139 tcp
N/A 10.127.21.137:139 tcp
N/A 10.127.21.73:139 tcp
N/A 10.127.21.138:139 tcp
N/A 10.127.21.139:139 tcp
N/A 10.127.21.74:139 tcp
N/A 10.127.21.140:139 tcp
N/A 10.127.21.75:139 tcp
N/A 10.127.21.141:139 tcp
N/A 10.127.21.142:139 tcp
N/A 10.127.21.143:139 tcp
N/A 10.127.21.76:139 tcp
N/A 10.127.21.144:139 tcp
N/A 10.127.21.77:139 tcp
N/A 10.127.21.145:139 tcp
N/A 10.127.21.146:139 tcp
N/A 10.127.21.78:139 tcp
N/A 10.127.21.147:139 tcp
N/A 10.127.21.79:139 tcp
N/A 10.127.21.148:139 tcp
N/A 10.127.21.149:139 tcp
N/A 10.127.21.80:139 tcp
N/A 10.127.21.150:139 tcp
N/A 10.127.21.81:139 tcp
N/A 10.127.21.151:139 tcp
N/A 10.127.21.152:139 tcp
N/A 10.127.21.82:139 tcp
N/A 10.127.21.153:139 tcp
N/A 10.127.21.83:139 tcp
N/A 10.127.21.84:139 tcp
N/A 10.127.21.154:139 tcp
N/A 10.127.21.155:139 tcp
N/A 10.127.21.85:139 tcp
N/A 10.127.21.156:139 tcp
N/A 10.127.21.157:139 tcp
N/A 10.127.21.86:139 tcp
N/A 10.127.21.158:139 tcp
N/A 10.127.21.87:139 tcp
N/A 10.127.21.159:139 tcp
N/A 10.127.21.88:139 tcp
N/A 10.127.21.160:139 tcp
N/A 10.127.21.89:139 tcp
N/A 10.127.21.161:139 tcp
N/A 10.127.21.90:139 tcp
N/A 10.127.21.162:139 tcp
N/A 10.127.21.163:139 tcp
N/A 10.127.21.91:139 tcp
N/A 10.127.21.164:139 tcp
N/A 10.127.21.92:139 tcp
N/A 10.127.21.165:139 tcp
N/A 10.127.21.166:139 tcp
N/A 10.127.21.93:139 tcp
N/A 10.127.21.167:139 tcp
N/A 10.127.21.94:139 tcp
N/A 10.127.21.168:139 tcp
N/A 10.127.21.95:139 tcp
N/A 10.127.21.169:139 tcp
N/A 10.127.21.170:139 tcp
N/A 10.127.21.96:139 tcp
N/A 10.127.21.171:139 tcp
N/A 10.127.21.97:139 tcp
N/A 10.127.21.172:139 tcp
N/A 10.127.21.173:139 tcp
N/A 10.127.21.98:139 tcp
N/A 10.127.21.174:139 tcp
N/A 10.127.21.99:139 tcp
N/A 10.127.21.175:139 tcp
N/A 10.127.21.100:139 tcp
N/A 10.127.21.176:139 tcp
N/A 10.127.21.177:139 tcp
N/A 10.127.21.101:139 tcp
N/A 10.127.21.178:139 tcp
N/A 10.127.21.102:139 tcp
N/A 10.127.21.179:139 tcp
N/A 10.127.21.180:139 tcp
N/A 10.127.21.103:139 tcp
N/A 10.127.21.181:139 tcp
N/A 10.127.21.182:139 tcp
N/A 10.127.21.104:139 tcp
N/A 10.127.21.183:139 tcp
N/A 10.127.21.184:139 tcp
N/A 10.127.21.185:139 tcp
N/A 10.127.21.105:139 tcp
N/A 10.127.21.186:139 tcp
N/A 10.127.21.106:139 tcp
N/A 10.127.21.187:139 tcp
N/A 10.127.21.107:139 tcp
N/A 10.127.21.188:139 tcp
N/A 10.127.21.189:139 tcp
N/A 10.127.21.108:139 tcp
N/A 10.127.21.190:139 tcp
N/A 10.127.21.109:139 tcp
N/A 10.127.21.191:139 tcp
N/A 10.127.21.192:139 tcp
N/A 10.127.21.110:139 tcp
N/A 10.127.21.111:139 tcp
N/A 10.127.21.112:139 tcp
N/A 10.127.21.113:139 tcp
N/A 10.127.21.114:139 tcp
N/A 10.127.21.115:139 tcp
N/A 10.127.21.116:139 tcp
N/A 10.127.21.117:139 tcp
N/A 10.127.21.118:139 tcp
N/A 10.127.21.119:139 tcp
N/A 10.127.21.120:139 tcp
N/A 10.127.21.121:139 tcp
N/A 10.127.21.122:139 tcp
N/A 10.127.21.123:139 tcp
N/A 10.127.21.124:139 tcp
N/A 10.127.21.125:139 tcp
N/A 10.127.21.126:139 tcp
N/A 10.127.21.127:139 tcp
N/A 10.127.21.128:139 tcp
N/A 10.127.21.196:139 tcp
N/A 10.127.21.209:139 tcp
N/A 10.127.21.197:139 tcp
N/A 10.127.21.199:139 tcp
N/A 10.127.21.198:139 tcp
N/A 10.127.21.201:139 tcp
N/A 10.127.21.205:139 tcp
N/A 10.127.21.200:139 tcp
N/A 10.127.21.193:139 tcp
N/A 10.127.21.195:139 tcp
N/A 10.127.21.194:139 tcp
N/A 10.127.21.206:139 tcp
N/A 10.127.21.208:139 tcp
N/A 10.127.21.203:139 tcp
N/A 10.127.21.204:139 tcp
N/A 10.127.21.202:139 tcp
N/A 10.127.21.210:139 tcp
N/A 10.127.21.211:139 tcp
N/A 10.127.21.212:139 tcp
N/A 10.127.21.213:139 tcp
N/A 10.127.21.214:139 tcp
N/A 10.127.21.215:139 tcp
N/A 10.127.21.216:139 tcp
N/A 10.127.21.217:139 tcp
N/A 10.127.21.218:139 tcp
N/A 10.127.21.219:139 tcp
N/A 10.127.21.220:139 tcp
N/A 10.127.21.221:139 tcp
N/A 10.127.21.222:139 tcp
N/A 10.127.21.223:139 tcp
N/A 10.127.21.224:139 tcp
N/A 10.127.21.225:139 tcp
N/A 10.127.21.226:139 tcp
N/A 10.127.21.227:139 tcp
N/A 10.127.21.228:139 tcp
N/A 10.127.21.229:139 tcp
N/A 10.127.21.230:139 tcp
N/A 10.127.21.231:139 tcp
N/A 10.127.21.232:139 tcp
N/A 10.127.21.233:139 tcp
N/A 10.127.21.234:139 tcp
N/A 10.127.21.235:139 tcp
N/A 10.127.21.236:139 tcp
N/A 10.127.21.237:139 tcp
N/A 10.127.21.238:139 tcp
N/A 10.127.21.239:139 tcp
N/A 10.127.21.240:139 tcp
N/A 10.127.21.241:139 tcp
N/A 10.127.21.242:139 tcp
N/A 10.127.21.243:139 tcp
N/A 10.127.21.244:139 tcp
N/A 10.127.21.245:139 tcp
N/A 10.127.21.246:139 tcp
N/A 10.127.21.247:139 tcp
N/A 10.127.21.248:139 tcp
N/A 10.127.21.249:139 tcp
N/A 10.127.21.250:139 tcp
N/A 10.127.21.251:139 tcp
N/A 10.127.21.252:139 tcp
N/A 10.127.21.253:139 tcp
N/A 10.127.21.254:139 tcp
N/A 10.127.21.255:139 tcp
N/A 10.127.22.0:139 tcp
N/A 10.127.22.1:139 tcp
N/A 10.127.22.2:139 tcp
N/A 10.127.22.3:139 tcp
N/A 10.127.22.4:139 tcp
N/A 10.127.22.5:139 tcp
N/A 10.127.22.6:139 tcp
N/A 10.127.22.7:139 tcp
N/A 10.127.22.8:139 tcp
N/A 10.127.22.9:139 tcp
N/A 10.127.22.10:139 tcp
N/A 10.127.22.11:139 tcp
N/A 10.127.22.12:139 tcp
N/A 10.127.22.13:139 tcp
N/A 10.127.22.14:139 tcp
N/A 10.127.22.15:139 tcp
N/A 10.127.22.16:139 tcp
N/A 10.127.22.17:139 tcp
N/A 10.127.22.18:139 tcp
N/A 10.127.22.19:139 tcp
N/A 10.127.22.20:139 tcp
N/A 10.127.22.21:139 tcp
N/A 10.127.22.22:139 tcp
N/A 10.127.22.23:139 tcp
N/A 10.127.22.24:139 tcp
N/A 10.127.22.25:139 tcp
N/A 10.127.22.26:139 tcp
N/A 10.127.22.27:139 tcp
N/A 10.127.22.28:139 tcp
N/A 10.127.22.29:139 tcp
N/A 10.127.22.30:139 tcp
N/A 10.127.22.31:139 tcp
N/A 10.127.22.32:139 tcp
N/A 10.127.22.33:139 tcp
N/A 10.127.22.34:139 tcp
N/A 10.127.22.35:139 tcp
N/A 10.127.22.36:139 tcp
N/A 10.127.22.37:139 tcp
N/A 10.127.22.38:139 tcp
N/A 10.127.22.39:139 tcp
N/A 10.127.22.40:139 tcp
N/A 10.127.22.41:139 tcp
N/A 10.127.22.42:139 tcp
N/A 10.127.22.43:139 tcp
N/A 10.127.22.44:139 tcp
N/A 10.127.22.45:139 tcp
N/A 10.127.22.46:139 tcp
N/A 10.127.22.47:139 tcp
N/A 10.127.22.48:139 tcp
N/A 10.127.22.49:139 tcp
N/A 10.127.22.50:139 tcp
N/A 10.127.22.51:139 tcp
N/A 10.127.22.52:139 tcp
N/A 10.127.22.53:139 tcp
N/A 10.127.22.54:139 tcp
N/A 10.127.22.55:139 tcp
N/A 10.127.22.56:139 tcp
N/A 10.127.22.57:139 tcp
N/A 10.127.22.58:139 tcp
N/A 10.127.22.59:139 tcp
N/A 10.127.22.60:139 tcp
N/A 10.127.22.61:139 tcp
N/A 10.127.22.62:139 tcp
N/A 10.127.22.63:139 tcp
N/A 10.127.22.64:139 tcp
N/A 10.127.22.65:139 tcp
N/A 10.127.22.66:139 tcp
N/A 10.127.22.67:139 tcp
N/A 10.127.22.68:139 tcp
N/A 10.127.22.69:139 tcp
N/A 10.127.22.70:139 tcp
N/A 10.127.22.71:139 tcp
N/A 10.127.22.72:139 tcp
N/A 10.127.22.73:139 tcp
N/A 10.127.22.74:139 tcp
N/A 10.127.22.75:139 tcp
N/A 10.127.22.76:139 tcp
N/A 10.127.22.77:139 tcp
N/A 10.127.22.78:139 tcp
N/A 10.127.22.79:139 tcp
N/A 10.127.22.80:139 tcp
N/A 10.127.22.81:139 tcp
N/A 10.127.22.82:139 tcp
N/A 10.127.22.83:139 tcp
N/A 10.127.22.84:139 tcp
N/A 10.127.22.85:139 tcp
N/A 10.127.22.86:139 tcp
N/A 10.127.22.87:139 tcp
N/A 10.127.22.88:139 tcp
N/A 10.127.22.89:139 tcp
N/A 10.127.22.90:139 tcp
N/A 10.127.22.91:139 tcp
N/A 10.127.22.92:139 tcp
N/A 10.127.22.93:139 tcp
N/A 10.127.22.94:139 tcp
N/A 10.127.22.95:139 tcp
N/A 10.127.22.96:139 tcp
N/A 10.127.22.97:139 tcp
N/A 10.127.22.98:139 tcp
N/A 10.127.22.99:139 tcp
N/A 10.127.22.100:139 tcp
N/A 10.127.22.101:139 tcp
N/A 10.127.22.102:139 tcp
N/A 10.127.22.103:139 tcp
N/A 10.127.22.104:139 tcp
N/A 10.127.22.105:139 tcp
N/A 10.127.22.106:139 tcp
N/A 10.127.22.107:139 tcp
N/A 10.127.22.108:139 tcp
N/A 10.127.22.109:139 tcp
N/A 10.127.22.110:139 tcp
N/A 10.127.22.111:139 tcp
N/A 10.127.22.112:139 tcp
N/A 10.127.22.113:139 tcp
N/A 10.127.22.114:139 tcp
N/A 10.127.22.115:139 tcp
N/A 10.127.22.116:139 tcp
N/A 10.127.22.117:139 tcp
N/A 10.127.22.118:139 tcp
N/A 10.127.22.119:139 tcp
N/A 10.127.22.120:139 tcp
N/A 10.127.22.121:139 tcp
N/A 10.127.22.122:139 tcp
N/A 10.127.22.123:139 tcp
N/A 10.127.22.124:139 tcp
N/A 10.127.22.125:139 tcp
N/A 10.127.22.126:139 tcp
N/A 10.127.22.127:139 tcp
N/A 10.127.22.128:139 tcp
N/A 10.127.22.144:139 tcp
N/A 10.127.22.197:139 tcp
N/A 10.127.22.132:139 tcp
N/A 10.127.22.130:139 tcp
N/A 10.127.22.135:139 tcp
N/A 10.127.22.133:139 tcp
N/A 10.127.22.142:139 tcp
N/A 10.127.22.143:139 tcp
N/A 10.127.23.67:139 tcp
N/A 10.127.23.78:139 tcp
N/A 10.127.23.83:139 tcp
N/A 10.127.22.196:139 tcp
N/A 10.127.23.66:139 tcp
N/A 10.127.23.73:139 tcp
N/A 10.127.22.194:139 tcp
N/A 10.127.22.136:139 tcp
N/A 10.127.23.81:139 tcp
N/A 10.127.23.69:139 tcp
N/A 10.127.22.138:139 tcp
N/A 10.127.22.145:139 tcp
N/A 10.127.23.70:139 tcp
N/A 10.127.23.1:139 tcp
N/A 10.127.23.86:139 tcp
N/A 10.127.22.140:139 tcp
N/A 10.127.22.195:139 tcp
N/A 10.127.23.71:139 tcp
N/A 10.127.23.76:139 tcp
N/A 10.127.23.206:139 tcp
N/A 10.127.22.193:139 tcp
N/A 10.127.22.129:139 tcp
N/A 10.127.23.6:139 tcp
N/A 10.127.23.203:139 tcp
N/A 10.127.23.197:139 tcp
N/A 10.127.23.204:139 tcp
N/A 10.127.23.3:139 tcp
N/A 10.127.23.4:139 tcp
N/A 10.127.23.82:139 tcp
N/A 10.127.23.65:139 tcp
N/A 10.127.22.131:139 tcp
N/A 10.127.22.134:139 tcp
N/A 10.127.22.139:139 tcp
N/A 10.127.22.141:139 tcp
N/A 10.127.23.77:139 tcp
N/A 10.127.23.198:139 tcp
N/A 10.127.23.130:139 tcp
N/A 10.127.23.68:139 tcp
N/A 10.127.23.132:139 tcp
N/A 10.127.23.2:139 tcp
N/A 10.127.23.196:139 tcp
N/A 10.127.23.199:139 tcp
N/A 10.127.22.137:139 tcp
N/A 10.127.23.129:139 tcp
N/A 10.127.23.8:139 tcp
N/A 10.127.23.193:139 tcp
N/A 10.127.23.75:139 tcp
N/A 10.127.23.74:139 tcp
N/A 10.127.23.84:139 tcp
N/A 10.127.23.194:139 tcp
N/A 10.127.23.195:139 tcp
N/A 10.127.23.201:139 tcp
N/A 10.127.23.79:139 tcp
N/A 10.127.23.7:139 tcp
N/A 10.127.23.85:139 tcp
N/A 10.127.23.5:139 tcp
N/A 10.127.23.202:139 tcp
N/A 10.127.23.10:139 tcp
N/A 10.127.23.72:139 tcp
N/A 10.127.23.80:139 tcp
N/A 10.127.23.131:139 tcp
N/A 10.127.23.200:139 tcp
N/A 10.127.23.205:139 tcp
N/A 10.127.23.219:139 tcp
N/A 10.127.23.223:139 tcp
N/A 10.127.23.236:139 tcp
N/A 10.127.23.210:139 tcp
N/A 10.127.23.239:139 tcp
N/A 10.127.23.227:139 tcp
N/A 10.127.23.215:139 tcp
N/A 10.127.23.226:139 tcp
N/A 10.127.23.208:139 tcp
N/A 10.127.23.224:139 tcp
N/A 10.127.23.233:139 tcp
N/A 10.127.23.216:139 tcp
N/A 10.127.23.230:139 tcp
N/A 10.127.23.235:139 tcp
N/A 10.127.23.88:139 tcp
N/A 10.127.23.209:139 tcp
N/A 10.127.23.231:139 tcp
N/A 10.127.23.225:139 tcp
N/A 10.127.23.228:139 tcp
N/A 10.127.23.222:139 tcp
N/A 10.127.23.237:139 tcp
N/A 10.127.23.247:139 tcp
N/A 10.127.23.213:139 tcp
N/A 10.127.23.217:139 tcp
N/A 10.127.23.218:139 tcp
N/A 10.127.23.211:139 tcp
N/A 10.127.23.221:139 tcp
N/A 10.127.23.232:139 tcp
N/A 10.127.22.146:139 tcp
N/A 10.127.22.147:139 tcp
N/A 10.127.22.148:139 tcp
N/A 10.127.22.149:139 tcp
N/A 10.127.22.150:139 tcp
N/A 10.127.22.151:139 tcp
N/A 10.127.22.152:139 tcp
N/A 10.127.22.153:139 tcp
N/A 10.127.22.154:139 tcp
N/A 10.127.22.155:139 tcp
N/A 10.127.22.156:139 tcp
N/A 10.127.22.157:139 tcp
N/A 10.127.22.158:139 tcp
N/A 10.127.22.159:139 tcp
N/A 10.127.22.160:139 tcp
N/A 10.127.22.161:139 tcp
N/A 10.127.22.162:139 tcp
N/A 10.127.22.163:139 tcp
N/A 10.127.22.164:139 tcp
N/A 10.127.22.165:139 tcp
N/A 10.127.22.166:139 tcp
N/A 10.127.22.167:139 tcp
N/A 10.127.22.168:139 tcp
N/A 10.127.22.169:139 tcp
N/A 10.127.22.170:139 tcp
N/A 10.127.22.171:139 tcp
N/A 10.127.22.172:139 tcp
N/A 10.127.22.173:139 tcp
N/A 10.127.22.174:139 tcp
N/A 10.127.22.175:139 tcp
N/A 10.127.22.176:139 tcp
N/A 10.127.22.177:139 tcp
N/A 10.127.22.178:139 tcp
N/A 10.127.22.179:139 tcp
N/A 10.127.22.180:139 tcp
N/A 10.127.22.181:139 tcp
N/A 10.127.22.182:139 tcp
N/A 10.127.22.183:139 tcp
N/A 10.127.22.184:139 tcp
N/A 10.127.22.185:139 tcp
N/A 10.127.22.186:139 tcp
N/A 10.127.22.187:139 tcp
N/A 10.127.22.188:139 tcp
N/A 10.127.22.189:139 tcp
N/A 10.127.22.190:139 tcp
N/A 10.127.22.191:139 tcp
N/A 10.127.22.192:139 tcp
N/A 10.127.22.198:139 tcp
N/A 10.127.22.199:139 tcp
N/A 10.127.22.200:139 tcp
N/A 10.127.22.201:139 tcp
N/A 10.127.22.202:139 tcp
N/A 10.127.22.203:139 tcp
N/A 10.127.22.204:139 tcp
N/A 10.127.22.205:139 tcp
N/A 10.127.22.206:139 tcp
N/A 10.127.22.207:139 tcp
N/A 10.127.22.208:139 tcp
N/A 10.127.22.209:139 tcp
N/A 10.127.22.210:139 tcp
N/A 10.127.22.211:139 tcp
N/A 10.127.22.212:139 tcp
N/A 10.127.22.213:139 tcp
N/A 10.127.22.214:139 tcp
N/A 10.127.22.215:139 tcp
N/A 10.127.22.216:139 tcp
N/A 10.127.22.217:139 tcp
N/A 10.127.22.218:139 tcp
N/A 10.127.22.219:139 tcp
N/A 10.127.22.220:139 tcp
N/A 10.127.22.221:139 tcp
N/A 10.127.22.222:139 tcp
N/A 10.127.22.223:139 tcp
N/A 10.127.22.224:139 tcp
N/A 10.127.22.225:139 tcp
N/A 10.127.22.226:139 tcp
N/A 10.127.22.227:139 tcp
N/A 10.127.22.228:139 tcp
N/A 10.127.22.229:139 tcp
N/A 10.127.22.230:139 tcp
N/A 10.127.22.231:139 tcp
N/A 10.127.22.232:139 tcp
N/A 10.127.22.233:139 tcp
N/A 10.127.22.234:139 tcp
N/A 10.127.22.235:139 tcp
N/A 10.127.22.236:139 tcp
N/A 10.127.22.237:139 tcp
N/A 10.127.22.238:139 tcp
N/A 10.127.22.239:139 tcp
N/A 10.127.22.240:139 tcp
N/A 10.127.22.241:139 tcp
N/A 10.127.22.242:139 tcp
N/A 10.127.22.243:139 tcp
N/A 10.127.22.244:139 tcp
N/A 10.127.22.245:139 tcp
N/A 10.127.22.246:139 tcp
N/A 10.127.22.247:139 tcp
N/A 10.127.22.248:139 tcp
N/A 10.127.22.249:139 tcp
N/A 10.127.22.250:139 tcp
N/A 10.127.22.251:139 tcp
N/A 10.127.22.252:139 tcp
N/A 10.127.22.253:139 tcp
N/A 10.127.22.254:139 tcp
N/A 10.127.22.255:139 tcp
N/A 10.127.23.0:139 tcp
N/A 10.127.23.87:139 tcp
N/A 10.127.23.9:139 tcp
N/A 10.127.23.89:139 tcp
N/A 10.127.23.90:139 tcp
N/A 10.127.23.11:139 tcp
N/A 10.127.23.91:139 tcp
N/A 10.127.23.12:139 tcp
N/A 10.127.23.92:139 tcp
N/A 10.127.23.93:139 tcp
N/A 10.127.23.13:139 tcp
N/A 10.127.23.94:139 tcp
N/A 10.127.23.14:139 tcp
N/A 10.127.23.95:139 tcp
N/A 10.127.23.96:139 tcp
N/A 10.127.23.15:139 tcp
N/A 10.127.23.97:139 tcp
N/A 10.127.23.98:139 tcp
N/A 10.127.23.16:139 tcp
N/A 10.127.23.99:139 tcp
N/A 10.127.23.17:139 tcp
N/A 10.127.23.100:139 tcp
N/A 10.127.23.101:139 tcp
N/A 10.127.23.18:139 tcp
N/A 10.127.23.102:139 tcp
N/A 10.127.23.103:139 tcp
N/A 10.127.23.19:139 tcp
N/A 10.127.23.104:139 tcp
N/A 10.127.23.20:139 tcp
N/A 10.127.23.105:139 tcp
N/A 10.127.23.106:139 tcp
N/A 10.127.23.21:139 tcp
N/A 10.127.23.107:139 tcp
N/A 10.127.23.108:139 tcp
N/A 10.127.23.22:139 tcp
N/A 10.127.23.109:139 tcp
N/A 10.127.23.23:139 tcp
N/A 10.127.23.110:139 tcp
N/A 10.127.23.111:139 tcp
N/A 10.127.23.24:139 tcp
N/A 10.127.23.112:139 tcp
N/A 10.127.23.113:139 tcp
N/A 10.127.23.25:139 tcp
N/A 10.127.23.114:139 tcp
N/A 10.127.23.115:139 tcp
N/A 10.127.23.26:139 tcp
N/A 10.127.23.116:139 tcp
N/A 10.127.23.117:139 tcp
N/A 10.127.23.27:139 tcp
N/A 10.127.23.118:139 tcp
N/A 10.127.23.119:139 tcp
N/A 10.127.23.28:139 tcp
N/A 10.127.23.120:139 tcp
N/A 10.127.23.29:139 tcp
N/A 10.127.23.121:139 tcp
N/A 10.127.23.30:139 tcp
N/A 10.127.23.122:139 tcp
N/A 10.127.23.123:139 tcp
N/A 10.127.23.31:139 tcp
N/A 10.127.23.124:139 tcp
N/A 10.127.23.32:139 tcp
N/A 10.127.23.125:139 tcp
N/A 10.127.23.126:139 tcp
N/A 10.127.23.33:139 tcp
N/A 10.127.23.127:139 tcp
N/A 10.127.23.128:139 tcp
N/A 10.127.23.34:139 tcp
N/A 10.127.23.35:139 tcp
N/A 10.127.23.36:139 tcp
N/A 10.127.23.37:139 tcp
N/A 10.127.23.38:139 tcp
N/A 10.127.23.39:139 tcp
N/A 10.127.23.40:139 tcp
N/A 10.127.23.41:139 tcp
N/A 10.127.23.42:139 tcp
N/A 10.127.23.43:139 tcp
N/A 10.127.23.44:139 tcp
N/A 10.127.23.45:139 tcp
N/A 10.127.23.46:139 tcp
N/A 10.127.23.47:139 tcp
N/A 10.127.23.48:139 tcp
N/A 10.127.23.49:139 tcp
N/A 10.127.23.50:139 tcp
N/A 10.127.23.51:139 tcp
N/A 10.127.23.52:139 tcp
N/A 10.127.23.53:139 tcp
N/A 10.127.23.54:139 tcp
N/A 10.127.23.55:139 tcp
N/A 10.127.23.56:139 tcp
N/A 10.127.23.57:139 tcp
N/A 10.127.23.58:139 tcp
N/A 10.127.23.59:139 tcp
N/A 10.127.23.60:139 tcp
N/A 10.127.23.61:139 tcp
N/A 10.127.23.62:139 tcp
N/A 10.127.23.63:139 tcp
N/A 10.127.23.64:139 tcp
N/A 10.127.23.133:139 tcp
N/A 10.127.23.134:139 tcp
N/A 10.127.23.135:139 tcp
N/A 10.127.23.136:139 tcp
N/A 10.127.23.137:139 tcp
N/A 10.127.23.138:139 tcp
N/A 10.127.23.139:139 tcp
N/A 10.127.23.140:139 tcp
N/A 10.127.23.141:139 tcp
N/A 10.127.23.142:139 tcp
N/A 10.127.23.143:139 tcp
N/A 10.127.23.144:139 tcp
N/A 10.127.23.145:139 tcp
N/A 10.127.23.146:139 tcp
N/A 10.127.23.147:139 tcp
N/A 10.127.23.148:139 tcp
N/A 10.127.23.149:139 tcp
N/A 10.127.23.150:139 tcp
N/A 10.127.23.151:139 tcp
N/A 10.127.23.152:139 tcp
N/A 10.127.23.153:139 tcp
N/A 10.127.23.154:139 tcp
N/A 10.127.23.155:139 tcp
N/A 10.127.23.156:139 tcp
N/A 10.127.23.157:139 tcp
N/A 10.127.23.158:139 tcp
N/A 10.127.23.159:139 tcp
N/A 10.127.23.160:139 tcp
N/A 10.127.23.161:139 tcp
N/A 10.127.23.162:139 tcp
N/A 10.127.23.163:139 tcp
N/A 10.127.23.164:139 tcp
N/A 10.127.23.165:139 tcp
N/A 10.127.23.166:139 tcp
N/A 10.127.23.167:139 tcp
N/A 10.127.23.168:139 tcp
N/A 10.127.23.169:139 tcp
N/A 10.127.23.170:139 tcp
N/A 10.127.23.171:139 tcp
N/A 10.127.23.172:139 tcp
N/A 10.127.23.173:139 tcp
N/A 10.127.23.174:139 tcp
N/A 10.127.23.175:139 tcp
N/A 10.127.23.176:139 tcp
N/A 10.127.23.177:139 tcp
N/A 10.127.23.178:139 tcp
N/A 10.127.23.179:139 tcp
N/A 10.127.23.180:139 tcp
N/A 10.127.23.181:139 tcp
N/A 10.127.23.182:139 tcp
N/A 10.127.23.183:139 tcp
N/A 10.127.23.184:139 tcp
N/A 10.127.23.185:139 tcp
N/A 10.127.23.186:139 tcp
N/A 10.127.23.187:139 tcp
N/A 10.127.23.188:139 tcp
N/A 10.127.23.189:139 tcp
N/A 10.127.23.190:139 tcp
N/A 10.127.23.191:139 tcp
N/A 10.127.23.192:139 tcp
N/A 10.127.23.207:139 tcp
N/A 10.127.23.212:139 tcp
N/A 10.127.23.214:139 tcp
N/A 10.127.23.220:139 tcp
N/A 10.127.23.229:139 tcp
N/A 10.127.23.234:139 tcp
N/A 10.127.23.238:139 tcp
N/A 10.127.23.240:139 tcp
N/A 10.127.23.241:139 tcp
N/A 10.127.23.242:139 tcp
N/A 10.127.23.243:139 tcp
N/A 10.127.23.244:139 tcp
N/A 10.127.23.245:139 tcp
N/A 10.127.23.246:139 tcp
N/A 10.127.23.248:139 tcp
N/A 10.127.23.249:139 tcp
N/A 10.127.23.250:139 tcp
N/A 10.127.23.251:139 tcp
N/A 10.127.23.252:139 tcp
N/A 10.127.23.253:139 tcp
N/A 10.127.23.254:139 tcp
N/A 10.127.23.255:139 tcp
N/A 10.127.24.0:139 tcp
N/A 10.127.24.38:139 tcp
N/A 10.127.24.9:139 tcp
N/A 10.127.24.26:139 tcp
N/A 10.127.24.56:139 tcp
N/A 10.127.24.63:139 tcp
N/A 10.127.24.13:139 tcp
N/A 10.127.24.19:139 tcp
N/A 10.127.24.35:139 tcp
N/A 10.127.24.41:139 tcp
N/A 10.127.24.7:139 tcp
N/A 10.127.24.31:139 tcp
N/A 10.127.24.55:139 tcp
N/A 10.127.24.61:139 tcp
N/A 10.127.24.113:139 tcp
N/A 10.127.24.42:139 tcp
N/A 10.127.24.1:139 tcp
N/A 10.127.24.4:139 tcp
N/A 10.127.24.10:139 tcp
N/A 10.127.24.18:139 tcp
N/A 10.127.24.21:139 tcp
N/A 10.127.24.57:139 tcp
N/A 10.127.24.47:139 tcp
N/A 10.127.24.58:139 tcp
N/A 10.127.24.17:139 tcp
N/A 10.127.24.43:139 tcp
N/A 10.127.24.28:139 tcp
N/A 10.127.24.49:139 tcp
N/A 10.127.24.8:139 tcp
N/A 10.127.24.44:139 tcp
N/A 10.127.24.34:139 tcp
N/A 10.127.24.6:139 tcp
N/A 10.127.24.20:139 tcp
N/A 10.127.24.50:139 tcp
N/A 10.127.24.29:139 tcp
N/A 10.127.24.39:139 tcp
N/A 10.127.24.145:139 tcp
N/A 10.127.24.2:139 tcp
N/A 10.127.24.3:139 tcp
N/A 10.127.24.5:139 tcp
N/A 10.127.24.11:139 tcp
N/A 10.127.24.12:139 tcp
N/A 10.127.24.14:139 tcp
N/A 10.127.24.15:139 tcp
N/A 10.127.24.16:139 tcp
N/A 10.127.24.22:139 tcp
N/A 10.127.24.23:139 tcp
N/A 10.127.24.24:139 tcp
N/A 10.127.24.25:139 tcp
N/A 10.127.24.27:139 tcp
N/A 10.127.24.30:139 tcp
N/A 10.127.24.32:139 tcp
N/A 10.127.24.33:139 tcp
N/A 10.127.24.36:139 tcp
N/A 10.127.24.37:139 tcp
N/A 10.127.24.40:139 tcp
N/A 10.127.24.45:139 tcp
N/A 10.127.24.46:139 tcp
N/A 10.127.24.48:139 tcp
N/A 10.127.24.51:139 tcp
N/A 10.127.24.52:139 tcp
N/A 10.127.24.53:139 tcp
N/A 10.127.24.54:139 tcp
N/A 10.127.24.59:139 tcp
N/A 10.127.24.60:139 tcp
N/A 10.127.24.62:139 tcp
N/A 10.127.24.64:139 tcp
N/A 10.127.24.65:139 tcp
N/A 10.127.24.66:139 tcp
N/A 10.127.24.67:139 tcp
N/A 10.127.24.68:139 tcp
N/A 10.127.24.69:139 tcp
N/A 10.127.24.70:139 tcp
N/A 10.127.24.71:139 tcp
N/A 10.127.24.72:139 tcp
N/A 10.127.24.73:139 tcp
N/A 10.127.24.74:139 tcp
N/A 10.127.24.75:139 tcp
N/A 10.127.24.76:139 tcp
N/A 10.127.24.77:139 tcp
N/A 10.127.24.78:139 tcp
N/A 10.127.24.79:139 tcp
N/A 10.127.24.80:139 tcp
N/A 10.127.24.81:139 tcp
N/A 10.127.24.82:139 tcp
N/A 10.127.24.83:139 tcp
N/A 10.127.24.84:139 tcp
N/A 10.127.24.85:139 tcp
N/A 10.127.24.86:139 tcp
N/A 10.127.24.87:139 tcp
N/A 10.127.24.88:139 tcp
N/A 10.127.24.89:139 tcp
N/A 10.127.24.90:139 tcp
N/A 10.127.24.91:139 tcp
N/A 10.127.24.92:139 tcp
N/A 10.127.24.93:139 tcp
N/A 10.127.24.94:139 tcp
N/A 10.127.24.95:139 tcp
N/A 10.127.24.96:139 tcp
N/A 10.127.24.97:139 tcp
N/A 10.127.24.98:139 tcp
N/A 10.127.24.99:139 tcp
N/A 10.127.24.100:139 tcp
N/A 10.127.24.101:139 tcp
N/A 10.127.24.102:139 tcp
N/A 10.127.24.103:139 tcp
N/A 10.127.24.104:139 tcp
N/A 10.127.24.105:139 tcp
N/A 10.127.24.106:139 tcp
N/A 10.127.24.107:139 tcp
N/A 10.127.24.108:139 tcp
N/A 10.127.24.109:139 tcp
N/A 10.127.24.110:139 tcp
N/A 10.127.24.111:139 tcp
N/A 10.127.24.112:139 tcp
N/A 10.127.24.114:139 tcp
N/A 10.127.24.115:139 tcp
N/A 10.127.24.116:139 tcp
N/A 10.127.24.117:139 tcp
N/A 10.127.24.118:139 tcp
N/A 10.127.24.119:139 tcp
N/A 10.127.24.120:139 tcp
N/A 10.127.24.121:139 tcp
N/A 10.127.24.122:139 tcp
N/A 10.127.24.123:139 tcp
N/A 10.127.24.124:139 tcp
N/A 10.127.24.125:139 tcp
N/A 10.127.24.126:139 tcp
N/A 10.127.24.127:139 tcp
N/A 10.127.24.128:139 tcp
N/A 10.127.24.129:139 tcp
N/A 10.127.24.130:139 tcp
N/A 10.127.24.131:139 tcp
N/A 10.127.24.132:139 tcp
N/A 10.127.24.133:139 tcp
N/A 10.127.24.134:139 tcp
N/A 10.127.24.135:139 tcp
N/A 10.127.24.136:139 tcp
N/A 10.127.24.137:139 tcp
N/A 10.127.24.138:139 tcp
N/A 10.127.24.139:139 tcp
N/A 10.127.24.140:139 tcp
N/A 10.127.24.141:139 tcp
N/A 10.127.24.142:139 tcp
N/A 10.127.24.143:139 tcp
N/A 10.127.24.144:139 tcp
N/A 10.127.24.146:139 tcp
N/A 10.127.24.147:139 tcp
N/A 10.127.24.148:139 tcp
N/A 10.127.24.149:139 tcp
N/A 10.127.24.150:139 tcp
N/A 10.127.24.151:139 tcp
N/A 10.127.24.152:139 tcp
N/A 10.127.24.153:139 tcp
N/A 10.127.24.154:139 tcp
N/A 10.127.24.155:139 tcp
N/A 10.127.24.156:139 tcp
N/A 10.127.24.157:139 tcp
N/A 10.127.24.158:139 tcp
N/A 10.127.24.159:139 tcp
N/A 10.127.24.160:139 tcp
N/A 10.127.24.161:139 tcp
N/A 10.127.24.162:139 tcp
N/A 10.127.24.163:139 tcp
N/A 10.127.24.164:139 tcp
N/A 10.127.24.165:139 tcp
N/A 10.127.24.166:139 tcp
N/A 10.127.24.167:139 tcp
N/A 10.127.24.168:139 tcp
N/A 10.127.24.169:139 tcp
N/A 10.127.24.170:139 tcp
N/A 10.127.24.171:139 tcp
N/A 10.127.24.172:139 tcp
N/A 10.127.24.173:139 tcp
N/A 10.127.24.174:139 tcp
N/A 10.127.24.175:139 tcp
N/A 10.127.24.176:139 tcp
N/A 10.127.24.177:139 tcp
N/A 10.127.24.178:139 tcp
N/A 10.127.24.179:139 tcp
N/A 10.127.24.180:139 tcp
N/A 10.127.24.181:139 tcp
N/A 10.127.24.182:139 tcp
N/A 10.127.24.183:139 tcp
N/A 10.127.24.184:139 tcp
N/A 10.127.24.185:139 tcp
N/A 10.127.24.186:139 tcp
N/A 10.127.24.187:139 tcp
N/A 10.127.24.188:139 tcp
N/A 10.127.24.189:139 tcp
N/A 10.127.24.190:139 tcp
N/A 10.127.24.191:139 tcp
N/A 10.127.24.192:139 tcp
N/A 10.127.24.193:139 tcp
N/A 10.127.24.194:139 tcp
N/A 10.127.24.195:139 tcp
N/A 10.127.24.196:139 tcp
N/A 10.127.24.197:139 tcp
N/A 10.127.24.198:139 tcp
N/A 10.127.24.199:139 tcp
N/A 10.127.24.200:139 tcp
N/A 10.127.24.201:139 tcp
N/A 10.127.24.202:139 tcp
N/A 10.127.24.203:139 tcp
N/A 10.127.24.204:139 tcp
N/A 10.127.24.205:139 tcp
N/A 10.127.24.206:139 tcp
N/A 10.127.24.207:139 tcp
N/A 10.127.24.208:139 tcp
N/A 10.127.24.209:139 tcp
N/A 10.127.24.210:139 tcp
N/A 10.127.24.211:139 tcp
N/A 10.127.24.212:139 tcp
N/A 10.127.24.213:139 tcp
N/A 10.127.24.214:139 tcp
N/A 10.127.24.215:139 tcp
N/A 10.127.24.216:139 tcp
N/A 10.127.24.217:139 tcp
N/A 10.127.24.218:139 tcp
N/A 10.127.24.219:139 tcp
N/A 10.127.24.220:139 tcp
N/A 10.127.24.221:139 tcp
N/A 10.127.24.222:139 tcp
N/A 10.127.24.223:139 tcp
N/A 10.127.24.224:139 tcp
N/A 10.127.24.225:139 tcp
N/A 10.127.24.226:139 tcp
N/A 10.127.24.227:139 tcp
N/A 10.127.24.228:139 tcp
N/A 10.127.24.229:139 tcp
N/A 10.127.24.230:139 tcp
N/A 10.127.24.231:139 tcp
N/A 10.127.24.232:139 tcp
N/A 10.127.24.233:139 tcp
N/A 10.127.24.234:139 tcp
N/A 10.127.24.235:139 tcp
N/A 10.127.24.236:139 tcp
N/A 10.127.24.237:139 tcp
N/A 10.127.24.238:139 tcp
N/A 10.127.24.239:139 tcp
N/A 10.127.24.240:139 tcp
N/A 10.127.24.241:139 tcp
N/A 10.127.24.242:139 tcp
N/A 10.127.24.243:139 tcp
N/A 10.127.24.244:139 tcp
N/A 10.127.24.245:139 tcp
N/A 10.127.24.246:139 tcp
N/A 10.127.24.247:139 tcp
N/A 10.127.24.248:139 tcp
N/A 10.127.24.249:139 tcp
N/A 10.127.24.250:139 tcp
N/A 10.127.24.251:139 tcp
N/A 10.127.24.252:139 tcp
N/A 10.127.24.253:139 tcp
N/A 10.127.24.254:139 tcp
N/A 10.127.24.255:139 tcp
N/A 10.127.25.0:139 tcp
N/A 10.127.25.1:139 tcp
N/A 10.127.25.2:139 tcp
N/A 10.127.25.3:139 tcp
N/A 10.127.25.4:139 tcp
N/A 10.127.25.5:139 tcp
N/A 10.127.25.6:139 tcp
N/A 10.127.25.7:139 tcp
N/A 10.127.25.8:139 tcp
N/A 10.127.25.9:139 tcp
N/A 10.127.25.10:139 tcp
N/A 10.127.25.11:139 tcp
N/A 10.127.25.12:139 tcp
N/A 10.127.25.13:139 tcp
N/A 10.127.25.14:139 tcp
N/A 10.127.25.15:139 tcp
N/A 10.127.25.16:139 tcp
N/A 10.127.25.17:139 tcp
N/A 10.127.25.18:139 tcp
N/A 10.127.25.19:139 tcp
N/A 10.127.25.20:139 tcp
N/A 10.127.25.21:139 tcp
N/A 10.127.25.22:139 tcp
N/A 10.127.25.23:139 tcp
N/A 10.127.25.24:139 tcp
N/A 10.127.25.25:139 tcp
N/A 10.127.25.26:139 tcp
N/A 10.127.25.27:139 tcp
N/A 10.127.25.28:139 tcp
N/A 10.127.25.29:139 tcp
N/A 10.127.25.30:139 tcp
N/A 10.127.25.31:139 tcp
N/A 10.127.25.32:139 tcp
N/A 10.127.25.33:139 tcp
N/A 10.127.25.34:139 tcp
N/A 10.127.25.35:139 tcp
N/A 10.127.25.36:139 tcp
N/A 10.127.25.37:139 tcp
N/A 10.127.25.38:139 tcp
N/A 10.127.25.39:139 tcp
N/A 10.127.25.40:139 tcp
N/A 10.127.25.41:139 tcp
N/A 10.127.25.42:139 tcp
N/A 10.127.25.43:139 tcp
N/A 10.127.25.44:139 tcp
N/A 10.127.25.45:139 tcp
N/A 10.127.25.46:139 tcp
N/A 10.127.25.47:139 tcp
N/A 10.127.25.48:139 tcp
N/A 10.127.25.49:139 tcp
N/A 10.127.25.50:139 tcp
N/A 10.127.25.51:139 tcp
N/A 10.127.25.52:139 tcp
N/A 10.127.25.53:139 tcp
N/A 10.127.25.54:139 tcp
N/A 10.127.25.55:139 tcp
N/A 10.127.25.56:139 tcp
N/A 10.127.25.57:139 tcp
N/A 10.127.25.58:139 tcp
N/A 10.127.25.59:139 tcp
N/A 10.127.25.60:139 tcp
N/A 10.127.25.61:139 tcp
N/A 10.127.25.62:139 tcp
N/A 10.127.25.63:139 tcp
N/A 10.127.25.64:139 tcp
N/A 10.127.25.65:139 tcp
N/A 10.127.25.66:139 tcp
N/A 10.127.25.67:139 tcp
N/A 10.127.25.68:139 tcp
N/A 10.127.25.69:139 tcp
N/A 10.127.25.70:139 tcp
N/A 10.127.25.71:139 tcp
N/A 10.127.25.72:139 tcp
N/A 10.127.25.73:139 tcp
N/A 10.127.25.74:139 tcp
N/A 10.127.25.75:139 tcp
N/A 10.127.25.76:139 tcp
N/A 10.127.25.77:139 tcp
N/A 10.127.25.78:139 tcp
N/A 10.127.25.79:139 tcp
N/A 10.127.25.80:139 tcp
N/A 10.127.25.81:139 tcp
N/A 10.127.25.82:139 tcp
N/A 10.127.25.83:139 tcp
N/A 10.127.25.84:139 tcp
N/A 10.127.25.85:139 tcp
N/A 10.127.25.86:139 tcp
N/A 10.127.25.87:139 tcp
N/A 10.127.25.88:139 tcp
N/A 10.127.25.89:139 tcp
N/A 10.127.25.90:139 tcp
N/A 10.127.25.91:139 tcp
N/A 10.127.25.92:139 tcp
N/A 10.127.25.93:139 tcp
N/A 10.127.25.94:139 tcp
N/A 10.127.25.95:139 tcp
N/A 10.127.25.96:139 tcp
N/A 10.127.25.97:139 tcp
N/A 10.127.25.98:139 tcp
N/A 10.127.25.99:139 tcp
N/A 10.127.25.100:139 tcp
N/A 10.127.25.101:139 tcp
N/A 10.127.25.102:139 tcp
N/A 10.127.25.103:139 tcp
N/A 10.127.25.104:139 tcp
N/A 10.127.25.105:139 tcp
N/A 10.127.25.106:139 tcp
N/A 10.127.25.107:139 tcp
N/A 10.127.25.108:139 tcp
N/A 10.127.25.109:139 tcp
N/A 10.127.25.110:139 tcp
N/A 10.127.25.111:139 tcp
N/A 10.127.25.112:139 tcp
N/A 10.127.25.113:139 tcp
N/A 10.127.25.114:139 tcp
N/A 10.127.25.115:139 tcp
N/A 10.127.25.116:139 tcp
N/A 10.127.25.117:139 tcp
N/A 10.127.25.118:139 tcp
N/A 10.127.25.119:139 tcp
N/A 10.127.25.120:139 tcp
N/A 10.127.25.121:139 tcp
N/A 10.127.25.122:139 tcp
N/A 10.127.25.123:139 tcp
N/A 10.127.25.124:139 tcp
N/A 10.127.25.125:139 tcp
N/A 10.127.25.126:139 tcp
N/A 10.127.25.127:139 tcp
N/A 10.127.25.128:139 tcp
N/A 10.127.25.129:139 tcp
N/A 10.127.25.130:139 tcp
N/A 10.127.25.131:139 tcp
N/A 10.127.25.132:139 tcp
N/A 10.127.25.133:139 tcp
N/A 10.127.25.134:139 tcp
N/A 10.127.25.135:139 tcp
N/A 10.127.25.136:139 tcp
N/A 10.127.25.137:139 tcp
N/A 10.127.25.138:139 tcp
N/A 10.127.25.139:139 tcp
N/A 10.127.25.140:139 tcp
N/A 10.127.25.141:139 tcp
N/A 10.127.25.142:139 tcp
N/A 10.127.25.143:139 tcp
N/A 10.127.25.144:139 tcp
N/A 10.127.25.145:139 tcp
N/A 10.127.25.146:139 tcp
N/A 10.127.25.147:139 tcp
N/A 10.127.25.148:139 tcp
N/A 10.127.25.149:139 tcp
N/A 10.127.25.150:139 tcp
N/A 10.127.25.151:139 tcp
N/A 10.127.25.152:139 tcp
N/A 10.127.25.153:139 tcp
N/A 10.127.25.154:139 tcp
N/A 10.127.25.155:139 tcp
N/A 10.127.25.156:139 tcp
N/A 10.127.25.157:139 tcp
N/A 10.127.25.158:139 tcp
N/A 10.127.25.159:139 tcp
N/A 10.127.25.160:139 tcp
N/A 10.127.25.161:139 tcp
N/A 10.127.25.162:139 tcp
N/A 10.127.25.163:139 tcp
N/A 10.127.25.164:139 tcp
N/A 10.127.25.165:139 tcp
N/A 10.127.25.166:139 tcp
N/A 10.127.25.167:139 tcp
N/A 10.127.25.168:139 tcp
N/A 10.127.25.169:139 tcp
N/A 10.127.25.170:139 tcp
N/A 10.127.25.171:139 tcp
N/A 10.127.25.172:139 tcp
N/A 10.127.25.173:139 tcp
N/A 10.127.25.174:139 tcp
N/A 10.127.25.175:139 tcp
N/A 10.127.25.176:139 tcp
N/A 10.127.25.177:139 tcp
N/A 10.127.25.178:139 tcp
N/A 10.127.25.179:139 tcp
N/A 10.127.25.180:139 tcp
N/A 10.127.25.181:139 tcp
N/A 10.127.25.182:139 tcp
N/A 10.127.25.183:139 tcp
N/A 10.127.25.184:139 tcp
N/A 10.127.25.185:139 tcp
N/A 10.127.25.186:139 tcp
N/A 10.127.25.187:139 tcp
N/A 10.127.25.188:139 tcp
N/A 10.127.25.189:139 tcp
N/A 10.127.25.190:139 tcp
N/A 10.127.25.191:139 tcp
N/A 10.127.25.192:139 tcp
N/A 10.127.25.193:139 tcp
N/A 10.127.25.194:139 tcp
N/A 10.127.25.195:139 tcp
N/A 10.127.25.196:139 tcp
N/A 10.127.25.197:139 tcp
N/A 10.127.25.198:139 tcp
N/A 10.127.25.199:139 tcp
N/A 10.127.25.200:139 tcp
N/A 10.127.25.201:139 tcp
N/A 10.127.25.202:139 tcp
N/A 10.127.25.203:139 tcp
N/A 10.127.25.204:139 tcp
N/A 10.127.25.205:139 tcp
N/A 10.127.25.206:139 tcp
N/A 10.127.25.207:139 tcp
N/A 10.127.25.208:139 tcp
N/A 10.127.25.209:139 tcp
N/A 10.127.25.210:139 tcp
N/A 10.127.25.211:139 tcp
N/A 10.127.25.212:139 tcp
N/A 10.127.25.213:139 tcp
N/A 10.127.25.214:139 tcp
N/A 10.127.25.215:139 tcp
N/A 10.127.25.216:139 tcp
N/A 10.127.25.217:139 tcp
N/A 10.127.25.218:139 tcp
N/A 10.127.25.219:139 tcp
N/A 10.127.25.220:139 tcp
N/A 10.127.25.221:139 tcp
N/A 10.127.25.222:139 tcp
N/A 10.127.25.223:139 tcp
N/A 10.127.25.224:139 tcp
N/A 10.127.25.225:139 tcp
N/A 10.127.25.226:139 tcp
N/A 10.127.25.227:139 tcp
N/A 10.127.25.228:139 tcp
N/A 10.127.25.229:139 tcp
N/A 10.127.25.230:139 tcp
N/A 10.127.25.231:139 tcp
N/A 10.127.25.232:139 tcp
N/A 10.127.25.233:139 tcp
N/A 10.127.25.234:139 tcp
N/A 10.127.25.235:139 tcp
N/A 10.127.25.236:139 tcp
N/A 10.127.25.237:139 tcp
N/A 10.127.25.238:139 tcp
N/A 10.127.25.239:139 tcp
N/A 10.127.25.240:139 tcp
N/A 10.127.25.241:139 tcp
N/A 10.127.25.242:139 tcp
N/A 10.127.25.243:139 tcp
N/A 10.127.25.244:139 tcp
N/A 10.127.25.245:139 tcp
N/A 10.127.25.246:139 tcp
N/A 10.127.25.247:139 tcp
N/A 10.127.25.248:139 tcp
N/A 10.127.25.249:139 tcp
N/A 10.127.25.250:139 tcp
N/A 10.127.25.251:139 tcp
N/A 10.127.25.252:139 tcp
N/A 10.127.25.253:139 tcp
N/A 10.127.25.254:139 tcp
N/A 10.127.25.255:139 tcp
N/A 10.127.26.0:139 tcp
N/A 10.127.26.1:139 tcp
N/A 10.127.26.3:139 tcp
N/A 10.127.26.10:139 tcp
N/A 10.127.26.18:139 tcp
N/A 10.127.26.13:139 tcp
N/A 10.127.26.46:139 tcp
N/A 10.127.26.25:139 tcp
N/A 10.127.26.23:139 tcp
N/A 10.127.26.33:139 tcp
N/A 10.127.26.36:139 tcp
N/A 10.127.26.32:139 tcp
N/A 10.127.26.44:139 tcp
N/A 10.127.26.50:139 tcp
N/A 10.127.26.41:139 tcp
N/A 10.127.26.37:139 tcp
N/A 10.127.26.55:139 tcp
N/A 10.127.26.22:139 tcp
N/A 10.127.26.69:139 tcp
N/A 10.127.26.11:139 tcp
N/A 10.127.26.17:139 tcp
N/A 10.127.26.8:139 tcp
N/A 10.127.26.63:139 tcp
N/A 10.127.26.66:139 tcp
N/A 10.127.26.4:139 tcp
N/A 10.127.26.53:139 tcp
N/A 10.127.26.65:139 tcp
N/A 10.127.26.5:139 tcp
N/A 10.127.26.6:139 tcp
N/A 10.127.26.56:139 tcp
N/A 10.127.26.67:139 tcp
N/A 10.127.26.28:139 tcp
N/A 10.127.26.29:139 tcp
N/A 10.127.26.39:139 tcp
N/A 10.127.26.43:139 tcp
N/A 10.127.26.19:139 tcp
N/A 10.127.26.20:139 tcp
N/A 10.127.26.30:139 tcp
N/A 10.127.26.48:139 tcp
N/A 10.127.26.61:139 tcp
N/A 10.127.26.45:139 tcp
N/A 10.127.26.51:139 tcp
N/A 10.127.26.40:139 tcp
N/A 10.127.26.49:139 tcp
N/A 10.127.26.68:139 tcp
N/A 10.127.26.54:139 tcp
N/A 10.127.26.158:139 tcp
N/A 10.127.26.2:139 tcp
N/A 10.127.26.132:139 tcp
N/A 10.127.26.15:139 tcp
N/A 10.127.26.52:139 tcp
N/A 10.127.26.26:139 tcp
N/A 10.127.26.153:139 tcp
N/A 10.127.26.24:139 tcp
N/A 10.127.26.35:139 tcp
N/A 10.127.26.149:139 tcp
N/A 10.127.26.194:139 tcp
N/A 10.127.26.152:139 tcp
N/A 10.127.27.4:139 tcp
N/A 10.127.26.156:139 tcp
N/A 10.127.26.12:139 tcp
N/A 10.127.26.38:139 tcp
N/A 10.127.26.64:139 tcp
N/A 10.127.26.14:139 tcp
N/A 10.127.26.134:139 tcp
N/A 10.127.26.16:139 tcp
N/A 10.127.26.42:139 tcp
N/A 10.127.26.9:139 tcp
N/A 10.127.26.7:139 tcp
N/A 10.127.26.31:139 tcp
N/A 10.127.26.34:139 tcp
N/A 10.127.26.57:139 tcp
N/A 10.127.27.70:139 tcp
N/A 10.127.26.59:139 tcp
N/A 10.127.26.144:139 tcp
N/A 10.127.26.70:139 tcp
N/A 10.127.27.130:139 tcp
N/A 10.127.26.47:139 tcp
N/A 10.127.26.133:139 tcp
N/A 10.127.26.143:139 tcp
N/A 10.127.26.157:139 tcp
N/A 10.127.26.27:139 tcp
N/A 10.127.26.71:139 tcp
N/A 10.127.26.146:139 tcp
N/A 10.127.26.60:139 tcp
N/A 10.127.26.21:139 tcp
N/A 10.127.26.58:139 tcp
N/A 10.127.26.155:139 tcp
N/A 10.127.26.62:139 tcp
N/A 10.127.26.140:139 tcp
N/A 10.127.26.160:139 tcp
N/A 10.127.27.66:139 tcp
N/A 10.127.27.65:139 tcp
N/A 10.127.26.141:139 tcp
N/A 10.127.26.142:139 tcp
N/A 10.127.27.67:139 tcp
N/A 10.127.26.161:139 tcp
N/A 10.127.27.129:139 tcp
N/A 10.127.27.134:139 tcp
N/A 10.127.26.229:139 tcp
N/A 10.127.26.131:139 tcp
N/A 10.127.26.135:139 tcp
N/A 10.127.26.138:139 tcp
N/A 10.127.26.198:139 tcp
N/A 10.127.26.148:139 tcp
N/A 10.127.27.132:139 tcp
N/A 10.127.26.145:139 tcp
N/A 10.127.26.139:139 tcp
N/A 10.127.26.136:139 tcp
N/A 10.127.27.220:139 tcp
N/A 10.127.26.147:139 tcp
N/A 10.127.26.150:139 tcp
N/A 10.127.26.159:139 tcp
N/A 10.127.27.69:139 tcp
N/A 10.127.26.196:139 tcp
N/A 10.127.27.2:139 tcp
N/A 10.127.27.229:139 tcp
N/A 10.127.26.193:139 tcp
N/A 10.127.27.197:139 tcp
N/A 10.127.27.207:139 tcp
N/A 10.127.27.225:139 tcp
N/A 10.127.26.130:139 tcp
N/A 10.127.26.151:139 tcp
N/A 10.127.27.208:139 tcp
N/A 10.127.26.137:139 tcp
N/A 10.127.26.154:139 tcp
N/A 10.127.26.195:139 tcp
N/A 10.127.26.230:139 tcp
N/A 10.127.27.68:139 tcp
N/A 10.127.27.204:139 tcp
N/A 10.127.27.213:139 tcp
N/A 10.127.26.129:139 tcp
N/A 10.127.27.230:139 tcp
N/A 10.127.27.217:139 tcp
N/A 10.127.27.202:139 tcp
N/A 10.127.26.183:139 tcp
N/A 10.127.26.197:139 tcp
N/A 10.127.26.199:139 tcp
N/A 10.127.27.199:139 tcp
N/A 10.127.27.3:139 tcp
N/A 10.127.27.226:139 tcp
N/A 10.127.26.162:139 tcp
N/A 10.127.27.211:139 tcp
N/A 10.127.27.1:139 tcp
N/A 10.127.27.196:139 tcp
N/A 10.127.26.174:139 tcp
N/A 10.127.26.176:139 tcp
N/A 10.127.27.205:139 tcp
N/A 10.127.26.177:139 tcp
N/A 10.127.26.179:139 tcp
N/A 10.127.27.133:139 tcp
N/A 10.127.27.227:139 tcp
N/A 10.127.26.164:139 tcp
N/A 10.127.27.206:139 tcp
N/A 10.127.26.181:139 tcp
N/A 10.127.27.224:139 tcp
N/A 10.127.27.131:139 tcp
N/A 10.127.27.218:139 tcp
N/A 10.127.27.212:139 tcp
N/A 10.127.26.73:139 tcp
N/A 10.127.27.201:139 tcp
N/A 10.127.27.222:139 tcp
N/A 10.127.27.194:139 tcp
N/A 10.127.26.163:139 tcp
N/A 10.127.27.193:139 tcp
N/A 10.127.27.219:139 tcp
N/A 10.127.27.223:139 tcp
N/A 10.127.26.171:139 tcp
N/A 10.127.26.178:139 tcp
N/A 10.127.27.195:139 tcp
N/A 10.127.27.210:139 tcp
N/A 10.127.26.168:139 tcp
N/A 10.127.27.215:139 tcp
N/A 10.127.26.165:139 tcp
N/A 10.127.27.214:139 tcp
N/A 10.127.27.228:139 tcp
N/A 10.127.26.182:139 tcp
N/A 10.127.26.72:139 tcp
N/A 10.127.26.74:139 tcp
N/A 10.127.26.75:139 tcp
N/A 10.127.26.76:139 tcp
N/A 10.127.26.77:139 tcp
N/A 10.127.26.78:139 tcp
N/A 10.127.26.79:139 tcp
N/A 10.127.26.80:139 tcp
N/A 10.127.26.81:139 tcp
N/A 10.127.26.82:139 tcp
N/A 10.127.26.83:139 tcp
N/A 10.127.26.84:139 tcp
N/A 10.127.26.85:139 tcp
N/A 10.127.26.86:139 tcp
N/A 10.127.26.87:139 tcp
N/A 10.127.26.88:139 tcp
N/A 10.127.26.89:139 tcp
N/A 10.127.26.90:139 tcp
N/A 10.127.26.91:139 tcp
N/A 10.127.26.92:139 tcp
N/A 10.127.26.93:139 tcp
N/A 10.127.26.94:139 tcp
N/A 10.127.26.95:139 tcp
N/A 10.127.26.96:139 tcp
N/A 10.127.26.97:139 tcp
N/A 10.127.26.98:139 tcp
N/A 10.127.26.99:139 tcp
N/A 10.127.26.100:139 tcp
N/A 10.127.26.101:139 tcp
N/A 10.127.26.102:139 tcp
N/A 10.127.26.103:139 tcp
N/A 10.127.26.104:139 tcp
N/A 10.127.26.105:139 tcp
N/A 10.127.26.106:139 tcp
N/A 10.127.26.107:139 tcp
N/A 10.127.26.108:139 tcp
N/A 10.127.26.109:139 tcp
N/A 10.127.26.110:139 tcp
N/A 10.127.26.111:139 tcp
N/A 10.127.26.112:139 tcp
N/A 10.127.26.113:139 tcp
N/A 10.127.26.114:139 tcp
N/A 10.127.26.115:139 tcp
N/A 10.127.26.116:139 tcp
N/A 10.127.26.117:139 tcp
N/A 10.127.26.118:139 tcp
N/A 10.127.26.119:139 tcp
N/A 10.127.26.120:139 tcp
N/A 10.127.26.121:139 tcp
N/A 10.127.26.122:139 tcp
N/A 10.127.26.123:139 tcp
N/A 10.127.26.124:139 tcp
N/A 10.127.26.125:139 tcp
N/A 10.127.26.126:139 tcp
N/A 10.127.26.127:139 tcp
N/A 10.127.26.128:139 tcp
N/A 10.127.26.166:139 tcp
N/A 10.127.26.167:139 tcp
N/A 10.127.26.169:139 tcp
N/A 10.127.26.170:139 tcp
N/A 10.127.26.172:139 tcp
N/A 10.127.26.173:139 tcp
N/A 10.127.26.175:139 tcp
N/A 10.127.26.180:139 tcp
N/A 10.127.26.184:139 tcp
N/A 10.127.26.185:139 tcp
N/A 10.127.26.186:139 tcp
N/A 10.127.26.187:139 tcp
N/A 10.127.26.188:139 tcp
N/A 10.127.26.189:139 tcp
N/A 10.127.26.190:139 tcp
N/A 10.127.26.191:139 tcp
N/A 10.127.26.192:139 tcp
N/A 10.127.26.200:139 tcp
N/A 10.127.26.201:139 tcp
N/A 10.127.26.202:139 tcp
N/A 10.127.26.203:139 tcp
N/A 10.127.26.204:139 tcp
N/A 10.127.26.205:139 tcp
N/A 10.127.26.206:139 tcp
N/A 10.127.26.207:139 tcp
N/A 10.127.26.208:139 tcp
N/A 10.127.26.209:139 tcp
N/A 10.127.26.210:139 tcp
N/A 10.127.26.211:139 tcp
N/A 10.127.26.212:139 tcp
N/A 10.127.26.213:139 tcp
N/A 10.127.26.214:139 tcp
N/A 10.127.26.215:139 tcp
N/A 10.127.26.216:139 tcp
N/A 10.127.26.217:139 tcp
N/A 10.127.26.218:139 tcp
N/A 10.127.26.219:139 tcp
N/A 10.127.26.220:139 tcp
N/A 10.127.26.221:139 tcp
N/A 10.127.26.222:139 tcp
N/A 10.127.26.223:139 tcp
N/A 10.127.26.224:139 tcp
N/A 10.127.26.225:139 tcp
N/A 10.127.26.226:139 tcp
N/A 10.127.26.227:139 tcp
N/A 10.127.26.228:139 tcp
N/A 10.127.26.231:139 tcp
N/A 10.127.26.232:139 tcp
N/A 10.127.26.233:139 tcp
N/A 10.127.26.234:139 tcp
N/A 10.127.26.235:139 tcp
N/A 10.127.26.236:139 tcp
N/A 10.127.26.237:139 tcp
N/A 10.127.26.238:139 tcp
N/A 10.127.26.239:139 tcp
N/A 10.127.26.240:139 tcp
N/A 10.127.26.241:139 tcp
N/A 10.127.26.242:139 tcp
N/A 10.127.26.243:139 tcp
N/A 10.127.26.244:139 tcp
N/A 10.127.26.245:139 tcp
N/A 10.127.26.246:139 tcp
N/A 10.127.26.247:139 tcp
N/A 10.127.26.248:139 tcp
N/A 10.127.26.249:139 tcp
N/A 10.127.26.250:139 tcp
N/A 10.127.26.251:139 tcp
N/A 10.127.26.252:139 tcp
N/A 10.127.26.253:139 tcp
N/A 10.127.26.254:139 tcp
N/A 10.127.26.255:139 tcp
N/A 10.127.27.0:139 tcp
N/A 10.127.27.5:139 tcp
N/A 10.127.27.6:139 tcp
N/A 10.127.27.7:139 tcp
N/A 10.127.27.8:139 tcp
N/A 10.127.27.9:139 tcp
N/A 10.127.27.10:139 tcp
N/A 10.127.27.11:139 tcp
N/A 10.127.27.12:139 tcp
N/A 10.127.27.13:139 tcp
N/A 10.127.27.14:139 tcp
N/A 10.127.27.15:139 tcp
N/A 10.127.27.16:139 tcp
N/A 10.127.27.17:139 tcp
N/A 10.127.27.18:139 tcp
N/A 10.127.27.19:139 tcp
N/A 10.127.27.20:139 tcp
N/A 10.127.27.21:139 tcp
N/A 10.127.27.22:139 tcp
N/A 10.127.27.23:139 tcp
N/A 10.127.27.24:139 tcp
N/A 10.127.27.25:139 tcp
N/A 10.127.27.26:139 tcp
N/A 10.127.27.27:139 tcp
N/A 10.127.27.28:139 tcp
N/A 10.127.27.29:139 tcp
N/A 10.127.27.30:139 tcp
N/A 10.127.27.31:139 tcp
N/A 10.127.27.32:139 tcp
N/A 10.127.27.33:139 tcp
N/A 10.127.27.34:139 tcp
N/A 10.127.27.35:139 tcp
N/A 10.127.27.36:139 tcp
N/A 10.127.27.37:139 tcp
N/A 10.127.27.38:139 tcp
N/A 10.127.27.39:139 tcp
N/A 10.127.27.40:139 tcp
N/A 10.127.27.41:139 tcp
N/A 10.127.27.42:139 tcp
N/A 10.127.27.43:139 tcp
N/A 10.127.27.44:139 tcp
N/A 10.127.27.45:139 tcp
N/A 10.127.27.46:139 tcp
N/A 10.127.27.47:139 tcp
N/A 10.127.27.48:139 tcp
N/A 10.127.27.49:139 tcp
N/A 10.127.27.50:139 tcp
N/A 10.127.27.51:139 tcp
N/A 10.127.27.52:139 tcp
N/A 10.127.27.53:139 tcp
N/A 10.127.27.54:139 tcp
N/A 10.127.27.55:139 tcp
N/A 10.127.27.56:139 tcp
N/A 10.127.27.57:139 tcp
N/A 10.127.27.58:139 tcp
N/A 10.127.27.59:139 tcp
N/A 10.127.27.60:139 tcp
N/A 10.127.27.61:139 tcp
N/A 10.127.27.62:139 tcp
N/A 10.127.27.63:139 tcp
N/A 10.127.27.64:139 tcp
N/A 10.127.27.71:139 tcp
N/A 10.127.27.72:139 tcp
N/A 10.127.27.73:139 tcp
N/A 10.127.27.74:139 tcp
N/A 10.127.27.75:139 tcp
N/A 10.127.27.76:139 tcp
N/A 10.127.27.77:139 tcp
N/A 10.127.27.78:139 tcp
N/A 10.127.27.79:139 tcp
N/A 10.127.27.80:139 tcp
N/A 10.127.27.81:139 tcp
N/A 10.127.27.82:139 tcp
N/A 10.127.27.83:139 tcp
N/A 10.127.27.84:139 tcp
N/A 10.127.27.85:139 tcp
N/A 10.127.27.86:139 tcp
N/A 10.127.27.87:139 tcp
N/A 10.127.27.88:139 tcp
N/A 10.127.27.89:139 tcp
N/A 10.127.27.90:139 tcp
N/A 10.127.27.91:139 tcp
N/A 10.127.27.92:139 tcp
N/A 10.127.27.93:139 tcp
N/A 10.127.27.94:139 tcp
N/A 10.127.27.95:139 tcp
N/A 10.127.27.96:139 tcp
N/A 10.127.27.97:139 tcp
N/A 10.127.27.98:139 tcp
N/A 10.127.27.99:139 tcp
N/A 10.127.27.100:139 tcp
N/A 10.127.27.101:139 tcp
N/A 10.127.27.102:139 tcp
N/A 10.127.27.103:139 tcp
N/A 10.127.27.104:139 tcp
N/A 10.127.27.105:139 tcp
N/A 10.127.27.106:139 tcp
N/A 10.127.27.107:139 tcp
N/A 10.127.27.108:139 tcp
N/A 10.127.27.109:139 tcp
N/A 10.127.27.110:139 tcp
N/A 10.127.27.111:139 tcp
N/A 10.127.27.112:139 tcp
N/A 10.127.27.113:139 tcp
N/A 10.127.27.114:139 tcp
N/A 10.127.27.115:139 tcp
N/A 10.127.27.116:139 tcp
N/A 10.127.27.117:139 tcp
N/A 10.127.27.118:139 tcp
N/A 10.127.27.119:139 tcp
N/A 10.127.27.120:139 tcp
N/A 10.127.27.121:139 tcp
N/A 10.127.27.122:139 tcp
N/A 10.127.27.123:139 tcp
N/A 10.127.27.124:139 tcp
N/A 10.127.27.125:139 tcp
N/A 10.127.27.126:139 tcp
N/A 10.127.27.127:139 tcp
N/A 10.127.27.128:139 tcp
N/A 10.127.27.135:139 tcp
N/A 10.127.27.136:139 tcp
N/A 10.127.27.137:139 tcp
N/A 10.127.27.138:139 tcp
N/A 10.127.27.139:139 tcp
N/A 10.127.27.140:139 tcp
N/A 10.127.27.141:139 tcp
N/A 10.127.27.142:139 tcp
N/A 10.127.27.143:139 tcp
N/A 10.127.27.144:139 tcp
N/A 10.127.27.145:139 tcp
N/A 10.127.27.146:139 tcp
N/A 10.127.27.147:139 tcp
N/A 10.127.27.148:139 tcp
N/A 10.127.27.149:139 tcp
N/A 10.127.27.150:139 tcp
N/A 10.127.27.151:139 tcp
N/A 10.127.27.152:139 tcp
N/A 10.127.27.153:139 tcp
N/A 10.127.27.154:139 tcp
N/A 10.127.27.155:139 tcp
N/A 10.127.27.156:139 tcp
N/A 10.127.27.157:139 tcp
N/A 10.127.27.158:139 tcp
N/A 10.127.27.159:139 tcp
N/A 10.127.27.160:139 tcp
N/A 10.127.27.161:139 tcp
N/A 10.127.27.162:139 tcp
N/A 10.127.27.163:139 tcp
N/A 10.127.27.164:139 tcp
N/A 10.127.27.165:139 tcp
N/A 10.127.27.166:139 tcp
N/A 10.127.27.167:139 tcp
N/A 10.127.27.168:139 tcp
N/A 10.127.27.169:139 tcp
N/A 10.127.27.170:139 tcp
N/A 10.127.27.171:139 tcp
N/A 10.127.27.172:139 tcp
N/A 10.127.27.173:139 tcp
N/A 10.127.27.174:139 tcp
N/A 10.127.27.175:139 tcp
N/A 10.127.27.176:139 tcp
N/A 10.127.27.177:139 tcp
N/A 10.127.27.178:139 tcp
N/A 10.127.27.179:139 tcp
N/A 10.127.27.180:139 tcp
N/A 10.127.27.181:139 tcp
N/A 10.127.27.182:139 tcp
N/A 10.127.27.183:139 tcp
N/A 10.127.27.184:139 tcp
N/A 10.127.27.185:139 tcp
N/A 10.127.27.186:139 tcp
N/A 10.127.27.187:139 tcp
N/A 10.127.27.188:139 tcp
N/A 10.127.27.189:139 tcp
N/A 10.127.27.190:139 tcp
N/A 10.127.27.191:139 tcp
N/A 10.127.27.192:139 tcp
N/A 10.127.27.198:139 tcp
N/A 10.127.27.200:139 tcp
N/A 10.127.27.203:139 tcp
N/A 10.127.27.209:139 tcp
N/A 10.127.27.216:139 tcp
N/A 10.127.27.221:139 tcp
N/A 10.127.27.231:139 tcp
N/A 10.127.27.232:139 tcp
N/A 10.127.27.233:139 tcp
N/A 10.127.27.234:139 tcp
N/A 10.127.27.235:139 tcp
N/A 10.127.27.236:139 tcp
N/A 10.127.27.237:139 tcp
N/A 10.127.27.238:139 tcp
N/A 10.127.27.239:139 tcp
N/A 10.127.27.240:139 tcp
N/A 10.127.27.241:139 tcp
N/A 10.127.27.242:139 tcp
N/A 10.127.27.243:139 tcp
N/A 10.127.27.244:139 tcp
N/A 10.127.27.245:139 tcp
N/A 10.127.27.246:139 tcp
N/A 10.127.27.247:139 tcp
N/A 10.127.27.248:139 tcp
N/A 10.127.27.249:139 tcp
N/A 10.127.27.250:139 tcp
N/A 10.127.27.251:139 tcp
N/A 10.127.27.252:139 tcp
N/A 10.127.27.253:139 tcp
N/A 10.127.27.254:139 tcp
N/A 10.127.27.255:139 tcp
N/A 10.127.28.0:139 tcp
N/A 10.127.28.1:139 tcp
N/A 10.127.28.2:139 tcp
N/A 10.127.28.3:139 tcp
N/A 10.127.28.4:139 tcp
N/A 10.127.28.5:139 tcp
N/A 10.127.28.6:139 tcp
N/A 10.127.28.7:139 tcp
N/A 10.127.28.8:139 tcp
N/A 10.127.28.9:139 tcp
N/A 10.127.28.10:139 tcp
N/A 10.127.28.11:139 tcp
N/A 10.127.28.12:139 tcp
N/A 10.127.28.13:139 tcp
N/A 10.127.28.14:139 tcp
N/A 10.127.28.15:139 tcp
N/A 10.127.28.16:139 tcp
N/A 10.127.28.17:139 tcp
N/A 10.127.28.18:139 tcp
N/A 10.127.28.19:139 tcp
N/A 10.127.28.20:139 tcp
N/A 10.127.28.21:139 tcp
N/A 10.127.28.22:139 tcp
N/A 10.127.28.23:139 tcp
N/A 10.127.28.24:139 tcp
N/A 10.127.28.25:139 tcp
N/A 10.127.28.26:139 tcp
N/A 10.127.28.27:139 tcp
N/A 10.127.28.28:139 tcp
N/A 10.127.28.29:139 tcp
N/A 10.127.28.30:139 tcp
N/A 10.127.28.31:139 tcp
N/A 10.127.28.32:139 tcp
N/A 10.127.28.33:139 tcp
N/A 10.127.28.34:139 tcp
N/A 10.127.28.35:139 tcp
N/A 10.127.28.36:139 tcp
N/A 10.127.28.37:139 tcp
N/A 10.127.28.38:139 tcp
N/A 10.127.28.39:139 tcp
N/A 10.127.28.40:139 tcp
N/A 10.127.28.41:139 tcp
N/A 10.127.28.42:139 tcp
N/A 10.127.28.43:139 tcp
N/A 10.127.28.44:139 tcp
N/A 10.127.28.45:139 tcp
N/A 10.127.28.46:139 tcp
N/A 10.127.28.47:139 tcp
N/A 10.127.28.48:139 tcp
N/A 10.127.28.49:139 tcp
N/A 10.127.28.50:139 tcp
N/A 10.127.28.51:139 tcp
N/A 10.127.28.52:139 tcp
N/A 10.127.28.53:139 tcp
N/A 10.127.28.54:139 tcp
N/A 10.127.28.55:139 tcp
N/A 10.127.28.56:139 tcp
N/A 10.127.28.57:139 tcp
N/A 10.127.28.58:139 tcp
N/A 10.127.28.59:139 tcp
N/A 10.127.28.60:139 tcp
N/A 10.127.28.61:139 tcp
N/A 10.127.28.62:139 tcp
N/A 10.127.28.63:139 tcp
N/A 10.127.28.64:139 tcp
N/A 10.127.28.65:139 tcp
N/A 10.127.28.66:139 tcp
N/A 10.127.28.67:139 tcp
N/A 10.127.28.68:139 tcp
N/A 10.127.28.69:139 tcp
N/A 10.127.28.70:139 tcp
N/A 10.127.28.71:139 tcp
N/A 10.127.28.72:139 tcp
N/A 10.127.28.73:139 tcp
N/A 10.127.28.74:139 tcp
N/A 10.127.28.75:139 tcp
N/A 10.127.28.76:139 tcp
N/A 10.127.28.77:139 tcp
N/A 10.127.28.78:139 tcp
N/A 10.127.28.79:139 tcp
N/A 10.127.28.80:139 tcp
N/A 10.127.28.81:139 tcp
N/A 10.127.28.82:139 tcp
N/A 10.127.28.83:139 tcp
N/A 10.127.28.84:139 tcp
N/A 10.127.28.85:139 tcp
N/A 10.127.28.86:139 tcp
N/A 10.127.28.87:139 tcp
N/A 10.127.28.88:139 tcp
N/A 10.127.28.89:139 tcp
N/A 10.127.28.90:139 tcp
N/A 10.127.28.91:139 tcp
N/A 10.127.28.92:139 tcp
N/A 10.127.28.93:139 tcp
N/A 10.127.28.94:139 tcp
N/A 10.127.28.95:139 tcp
N/A 10.127.28.96:139 tcp
N/A 10.127.28.97:139 tcp
N/A 10.127.28.98:139 tcp
N/A 10.127.28.99:139 tcp
N/A 10.127.28.100:139 tcp
N/A 10.127.28.101:139 tcp
N/A 10.127.28.102:139 tcp
N/A 10.127.28.103:139 tcp
N/A 10.127.28.104:139 tcp
N/A 10.127.28.105:139 tcp
N/A 10.127.28.106:139 tcp
N/A 10.127.28.107:139 tcp
N/A 10.127.28.108:139 tcp
N/A 10.127.28.109:139 tcp
N/A 10.127.28.110:139 tcp
N/A 10.127.28.111:139 tcp
N/A 10.127.28.112:139 tcp
N/A 10.127.28.113:139 tcp
N/A 10.127.28.114:139 tcp
N/A 10.127.28.115:139 tcp
N/A 10.127.28.116:139 tcp
N/A 10.127.28.117:139 tcp
N/A 10.127.28.118:139 tcp
N/A 10.127.28.119:139 tcp
N/A 10.127.28.120:139 tcp
N/A 10.127.28.121:139 tcp
N/A 10.127.28.122:139 tcp
N/A 10.127.28.123:139 tcp
N/A 10.127.28.124:139 tcp
N/A 10.127.28.125:139 tcp
N/A 10.127.28.126:139 tcp
N/A 10.127.28.127:139 tcp
N/A 10.127.28.128:139 tcp
N/A 10.127.28.129:139 tcp
N/A 10.127.28.130:139 tcp
N/A 10.127.28.131:139 tcp
N/A 10.127.28.132:139 tcp
N/A 10.127.28.133:139 tcp
N/A 10.127.28.134:139 tcp
N/A 10.127.28.135:139 tcp
N/A 10.127.28.136:139 tcp
N/A 10.127.28.137:139 tcp
N/A 10.127.28.138:139 tcp
N/A 10.127.28.139:139 tcp
N/A 10.127.28.140:139 tcp
N/A 10.127.28.141:139 tcp
N/A 10.127.28.142:139 tcp
N/A 10.127.28.143:139 tcp
N/A 10.127.28.144:139 tcp
N/A 10.127.28.145:139 tcp
N/A 10.127.28.146:139 tcp
N/A 10.127.28.147:139 tcp
N/A 10.127.28.148:139 tcp
N/A 10.127.28.149:139 tcp
N/A 10.127.28.150:139 tcp
N/A 10.127.28.151:139 tcp
N/A 10.127.28.152:139 tcp
N/A 10.127.28.153:139 tcp
N/A 10.127.28.154:139 tcp
N/A 10.127.28.155:139 tcp
N/A 10.127.28.156:139 tcp
N/A 10.127.28.157:139 tcp
N/A 10.127.28.158:139 tcp
N/A 10.127.28.159:139 tcp
N/A 10.127.28.160:139 tcp
N/A 10.127.28.161:139 tcp
N/A 10.127.28.162:139 tcp
N/A 10.127.28.163:139 tcp
N/A 10.127.28.164:139 tcp
N/A 10.127.28.165:139 tcp
N/A 10.127.28.166:139 tcp
N/A 10.127.28.167:139 tcp
N/A 10.127.28.168:139 tcp
N/A 10.127.28.169:139 tcp
N/A 10.127.28.170:139 tcp
N/A 10.127.28.171:139 tcp
N/A 10.127.28.172:139 tcp
N/A 10.127.28.173:139 tcp
N/A 10.127.28.174:139 tcp
N/A 10.127.28.175:139 tcp
N/A 10.127.28.176:139 tcp
N/A 10.127.28.177:139 tcp
N/A 10.127.28.178:139 tcp
N/A 10.127.28.179:139 tcp
N/A 10.127.28.180:139 tcp
N/A 10.127.28.181:139 tcp
N/A 10.127.28.182:139 tcp
N/A 10.127.28.183:139 tcp
N/A 10.127.28.184:139 tcp
N/A 10.127.28.185:139 tcp
N/A 10.127.28.186:139 tcp
N/A 10.127.28.187:139 tcp
N/A 10.127.28.188:139 tcp
N/A 10.127.28.189:139 tcp
N/A 10.127.28.190:139 tcp
N/A 10.127.28.191:139 tcp
N/A 10.127.28.192:139 tcp
N/A 10.127.28.193:139 tcp
N/A 10.127.28.194:139 tcp
N/A 10.127.28.195:139 tcp
N/A 10.127.28.196:139 tcp
N/A 10.127.28.197:139 tcp
N/A 10.127.28.198:139 tcp
N/A 10.127.28.199:139 tcp
N/A 10.127.28.200:139 tcp
N/A 10.127.28.201:139 tcp
N/A 10.127.28.202:139 tcp
N/A 10.127.28.203:139 tcp
N/A 10.127.28.204:139 tcp
N/A 10.127.28.205:139 tcp
N/A 10.127.28.206:139 tcp
N/A 10.127.28.207:139 tcp
N/A 10.127.28.208:139 tcp
N/A 10.127.28.209:139 tcp
N/A 10.127.28.210:139 tcp
N/A 10.127.28.211:139 tcp
N/A 10.127.28.212:139 tcp
N/A 10.127.28.213:139 tcp
N/A 10.127.28.214:139 tcp
N/A 10.127.28.215:139 tcp
N/A 10.127.28.216:139 tcp
N/A 10.127.28.217:139 tcp
N/A 10.127.28.218:139 tcp
N/A 10.127.28.219:139 tcp
N/A 10.127.28.220:139 tcp
N/A 10.127.28.221:139 tcp
N/A 10.127.28.222:139 tcp
N/A 10.127.28.223:139 tcp
N/A 10.127.28.224:139 tcp
N/A 10.127.28.225:139 tcp
N/A 10.127.28.226:139 tcp
N/A 10.127.28.227:139 tcp
N/A 10.127.28.228:139 tcp
N/A 10.127.28.229:139 tcp
N/A 10.127.28.230:139 tcp
N/A 10.127.28.231:139 tcp
N/A 10.127.28.232:139 tcp
N/A 10.127.28.233:139 tcp
N/A 10.127.28.234:139 tcp
N/A 10.127.28.235:139 tcp
N/A 10.127.28.236:139 tcp
N/A 10.127.28.237:139 tcp
N/A 10.127.28.238:139 tcp
N/A 10.127.28.239:139 tcp
N/A 10.127.28.240:139 tcp
N/A 10.127.28.241:139 tcp
N/A 10.127.28.242:139 tcp
N/A 10.127.28.243:139 tcp
N/A 10.127.28.244:139 tcp
N/A 10.127.28.245:139 tcp
N/A 10.127.28.246:139 tcp
N/A 10.127.28.247:139 tcp
N/A 10.127.28.248:139 tcp
N/A 10.127.28.249:139 tcp
N/A 10.127.28.250:139 tcp
N/A 10.127.28.251:139 tcp
N/A 10.127.28.252:139 tcp
N/A 10.127.28.253:139 tcp
N/A 10.127.28.254:139 tcp
N/A 10.127.28.255:139 tcp
N/A 10.127.29.0:139 tcp
N/A 10.127.29.1:139 tcp
N/A 10.127.29.2:139 tcp
N/A 10.127.29.3:139 tcp
N/A 10.127.29.4:139 tcp
N/A 10.127.29.5:139 tcp
N/A 10.127.29.6:139 tcp
N/A 10.127.29.7:139 tcp
N/A 10.127.29.8:139 tcp
N/A 10.127.29.9:139 tcp
N/A 10.127.29.10:139 tcp
N/A 10.127.29.11:139 tcp
N/A 10.127.29.12:139 tcp
N/A 10.127.29.13:139 tcp
N/A 10.127.29.14:139 tcp
N/A 10.127.29.15:139 tcp
N/A 10.127.29.16:139 tcp
N/A 10.127.29.17:139 tcp
N/A 10.127.29.18:139 tcp
N/A 10.127.29.19:139 tcp
N/A 10.127.29.20:139 tcp
N/A 10.127.29.21:139 tcp
N/A 10.127.29.22:139 tcp
N/A 10.127.29.23:139 tcp
N/A 10.127.29.24:139 tcp
N/A 10.127.29.25:139 tcp
N/A 10.127.29.26:139 tcp
N/A 10.127.29.27:139 tcp
N/A 10.127.29.28:139 tcp
N/A 10.127.29.29:139 tcp
N/A 10.127.29.30:139 tcp
N/A 10.127.29.31:139 tcp
N/A 10.127.29.32:139 tcp
N/A 10.127.29.33:139 tcp
N/A 10.127.29.34:139 tcp
N/A 10.127.29.35:139 tcp
N/A 10.127.29.36:139 tcp
N/A 10.127.29.37:139 tcp
N/A 10.127.29.38:139 tcp
N/A 10.127.29.39:139 tcp
N/A 10.127.29.40:139 tcp
N/A 10.127.29.41:139 tcp
N/A 10.127.29.42:139 tcp
N/A 10.127.29.43:139 tcp
N/A 10.127.29.44:139 tcp
N/A 10.127.29.45:139 tcp
N/A 10.127.29.46:139 tcp
N/A 10.127.29.47:139 tcp
N/A 10.127.29.48:139 tcp
N/A 10.127.29.49:139 tcp
N/A 10.127.29.50:139 tcp
N/A 10.127.29.51:139 tcp
N/A 10.127.29.52:139 tcp
N/A 10.127.29.53:139 tcp
N/A 10.127.29.54:139 tcp
N/A 10.127.29.55:139 tcp
N/A 10.127.29.56:139 tcp
N/A 10.127.29.57:139 tcp
N/A 10.127.29.58:139 tcp
N/A 10.127.29.59:139 tcp
N/A 10.127.29.60:139 tcp
N/A 10.127.29.61:139 tcp
N/A 10.127.29.62:139 tcp
N/A 10.127.29.63:139 tcp
N/A 10.127.29.64:139 tcp
N/A 10.127.29.73:139 tcp
N/A 10.127.29.70:139 tcp
N/A 10.127.29.90:139 tcp
N/A 10.127.29.76:139 tcp
N/A 10.127.29.79:139 tcp
N/A 10.127.29.93:139 tcp
N/A 10.127.29.74:139 tcp
N/A 10.127.29.80:139 tcp
N/A 10.127.29.94:139 tcp
N/A 10.127.29.89:139 tcp
N/A 10.127.29.98:139 tcp
N/A 10.127.29.129:139 tcp
N/A 10.127.29.86:139 tcp
N/A 10.127.29.145:139 tcp
N/A 10.127.29.133:139 tcp
N/A 10.127.29.137:139 tcp
N/A 10.127.29.148:139 tcp
N/A 10.127.29.72:139 tcp
N/A 10.127.29.130:139 tcp
N/A 10.127.29.206:139 tcp
N/A 10.127.29.99:139 tcp
N/A 10.127.29.68:139 tcp
N/A 10.127.29.88:139 tcp
N/A 10.127.29.131:139 tcp
N/A 10.127.29.75:139 tcp
N/A 10.127.29.138:139 tcp
N/A 10.127.29.194:139 tcp
N/A 10.127.29.82:139 tcp
N/A 10.127.29.140:139 tcp
N/A 10.127.29.196:139 tcp
N/A 10.127.29.204:139 tcp
N/A 10.127.29.142:139 tcp
N/A 10.127.29.195:139 tcp
N/A 10.127.29.207:139 tcp
N/A 10.127.29.87:139 tcp
N/A 10.127.29.65:139 tcp
N/A 10.127.29.95:139 tcp
N/A 10.127.29.197:139 tcp
N/A 10.127.29.202:139 tcp
N/A 10.127.29.77:139 tcp
N/A 10.127.29.81:139 tcp
N/A 10.127.29.139:139 tcp
N/A 10.127.29.136:139 tcp
N/A 10.127.29.205:139 tcp
N/A 10.127.29.208:139 tcp
N/A 10.127.29.66:139 tcp
N/A 10.127.29.84:139 tcp
N/A 10.127.29.101:139 tcp
N/A 10.127.29.85:139 tcp
N/A 10.127.29.132:139 tcp
N/A 10.127.29.83:139 tcp
N/A 10.127.29.135:139 tcp
N/A 10.127.29.141:139 tcp
N/A 10.127.29.67:139 tcp
N/A 10.127.29.71:139 tcp
N/A 10.127.29.78:139 tcp
N/A 10.127.29.96:139 tcp
N/A 10.127.29.92:139 tcp
N/A 10.127.29.100:139 tcp
N/A 10.127.29.91:139 tcp
N/A 10.127.29.97:139 tcp
N/A 10.127.29.69:139 tcp
N/A 10.127.29.143:139 tcp
N/A 10.127.29.200:139 tcp
N/A 10.127.29.199:139 tcp
N/A 10.127.29.134:139 tcp
N/A 10.127.29.144:139 tcp
N/A 10.127.29.198:139 tcp
N/A 10.127.29.146:139 tcp
N/A 10.127.29.147:139 tcp
N/A 10.127.29.201:139 tcp
N/A 10.127.29.203:139 tcp
N/A 10.127.29.193:139 tcp
N/A 10.127.29.102:139 tcp
N/A 10.127.29.103:139 tcp
N/A 10.127.29.104:139 tcp
N/A 10.127.29.105:139 tcp
N/A 10.127.29.106:139 tcp
N/A 10.127.29.107:139 tcp
N/A 10.127.29.108:139 tcp
N/A 10.127.29.109:139 tcp
N/A 10.127.29.110:139 tcp
N/A 10.127.29.120:139 tcp
N/A 10.127.29.123:139 tcp
N/A 10.127.29.111:139 tcp
N/A 10.127.29.119:139 tcp
N/A 10.127.29.161:139 tcp
N/A 10.127.29.162:139 tcp
N/A 10.127.29.157:139 tcp
N/A 10.127.29.153:139 tcp
N/A 10.127.29.112:139 tcp
N/A 10.127.29.117:139 tcp
N/A 10.127.29.152:139 tcp
N/A 10.127.29.160:139 tcp
N/A 10.127.29.154:139 tcp
N/A 10.127.29.155:139 tcp
N/A 10.127.29.159:139 tcp
N/A 10.127.29.128:139 tcp
N/A 10.127.29.125:139 tcp
N/A 10.127.29.113:139 tcp
N/A 10.127.29.156:139 tcp
N/A 10.127.29.127:139 tcp
N/A 10.127.29.122:139 tcp
N/A 10.127.29.114:139 tcp
N/A 10.127.29.115:139 tcp
N/A 10.127.29.124:139 tcp
N/A 10.127.29.151:139 tcp
N/A 10.127.29.149:139 tcp
N/A 10.127.29.251:139 tcp
N/A 10.127.29.116:139 tcp
N/A 10.127.29.229:139 tcp
N/A 10.127.29.239:139 tcp
N/A 10.127.29.209:139 tcp
N/A 10.127.29.237:139 tcp
N/A 10.127.29.126:139 tcp
N/A 10.127.29.223:139 tcp
N/A 10.127.29.238:139 tcp
N/A 10.127.29.224:139 tcp
N/A 10.127.29.118:139 tcp
N/A 10.127.29.213:139 tcp
N/A 10.127.29.225:139 tcp
N/A 10.127.29.226:139 tcp
N/A 10.127.29.217:139 tcp
N/A 10.127.29.150:139 tcp
N/A 10.127.29.230:139 tcp
N/A 10.127.29.214:139 tcp
N/A 10.127.29.235:139 tcp
N/A 10.127.29.212:139 tcp
N/A 10.127.29.121:139 tcp
N/A 10.127.29.240:139 tcp
N/A 10.127.29.158:139 tcp
N/A 10.127.29.216:139 tcp
N/A 10.127.29.221:139 tcp
N/A 10.127.29.233:139 tcp
N/A 10.127.29.211:139 tcp
N/A 10.127.29.227:139 tcp
N/A 10.127.29.242:139 tcp
N/A 10.127.29.220:139 tcp
N/A 10.127.29.222:139 tcp
N/A 10.127.29.228:139 tcp
N/A 10.127.29.246:139 tcp
N/A 10.127.29.253:139 tcp
N/A 10.127.29.215:139 tcp
N/A 10.127.29.210:139 tcp
N/A 10.127.29.219:139 tcp
N/A 10.127.29.234:139 tcp
N/A 10.127.29.236:139 tcp
N/A 10.127.29.243:139 tcp
N/A 10.127.29.218:139 tcp
N/A 10.127.29.248:139 tcp
N/A 10.127.29.252:139 tcp
N/A 10.127.29.254:139 tcp
N/A 10.127.29.244:139 tcp
N/A 10.127.29.245:139 tcp
N/A 10.127.29.231:139 tcp
N/A 10.127.29.232:139 tcp
N/A 10.127.29.250:139 tcp
N/A 10.127.29.247:139 tcp
N/A 10.127.29.241:139 tcp
N/A 10.127.29.249:139 tcp
N/A 10.127.29.192:139 tcp
N/A 10.127.29.177:139 tcp
N/A 10.127.29.175:139 tcp
N/A 10.127.29.163:139 tcp
N/A 10.127.29.164:139 tcp
N/A 10.127.29.165:139 tcp
N/A 10.127.29.166:139 tcp
N/A 10.127.29.167:139 tcp
N/A 10.127.29.168:139 tcp
N/A 10.127.29.169:139 tcp
N/A 10.127.29.170:139 tcp
N/A 10.127.29.171:139 tcp
N/A 10.127.29.172:139 tcp
N/A 10.127.29.173:139 tcp
N/A 10.127.29.174:139 tcp
N/A 10.127.29.176:139 tcp
N/A 10.127.29.178:139 tcp
N/A 10.127.29.179:139 tcp
N/A 10.127.29.180:139 tcp
N/A 10.127.29.181:139 tcp
N/A 10.127.29.182:139 tcp
N/A 10.127.29.183:139 tcp
N/A 10.127.29.184:139 tcp
N/A 10.127.29.185:139 tcp
N/A 10.127.29.186:139 tcp
N/A 10.127.29.187:139 tcp
N/A 10.127.29.188:139 tcp
N/A 10.127.29.189:139 tcp
N/A 10.127.29.190:139 tcp
N/A 10.127.29.191:139 tcp
N/A 10.127.29.255:139 tcp
N/A 10.127.30.0:139 tcp
N/A 10.127.30.2:139 tcp
N/A 10.127.30.14:139 tcp
N/A 10.127.30.57:139 tcp
N/A 10.127.30.11:139 tcp
N/A 10.127.30.37:139 tcp
N/A 10.127.30.38:139 tcp
N/A 10.127.30.13:139 tcp
N/A 10.127.30.32:139 tcp
N/A 10.127.30.36:139 tcp
N/A 10.127.30.44:139 tcp
N/A 10.127.30.53:139 tcp
N/A 10.127.30.1:139 tcp
N/A 10.127.30.12:139 tcp
N/A 10.127.30.43:139 tcp
N/A 10.127.30.56:139 tcp
N/A 10.127.30.50:139 tcp
N/A 10.127.30.23:139 tcp
N/A 10.127.30.5:139 tcp
N/A 10.127.30.49:139 tcp
N/A 10.127.30.16:139 tcp
N/A 10.127.30.28:139 tcp
N/A 10.127.30.55:139 tcp
N/A 10.127.30.40:139 tcp
N/A 10.127.30.29:139 tcp
N/A 10.127.30.34:139 tcp
N/A 10.127.30.15:139 tcp
N/A 10.127.30.30:139 tcp
N/A 10.127.30.58:139 tcp
N/A 10.127.30.61:139 tcp
N/A 10.127.30.6:139 tcp
N/A 10.127.30.19:139 tcp
N/A 10.127.30.26:139 tcp
N/A 10.127.30.3:139 tcp
N/A 10.127.30.27:139 tcp
N/A 10.127.30.35:139 tcp
N/A 10.127.30.8:139 tcp
N/A 10.127.30.10:139 tcp
N/A 10.127.30.24:139 tcp
N/A 10.127.30.62:139 tcp
N/A 10.127.30.45:139 tcp
N/A 10.127.30.60:139 tcp
N/A 10.127.30.20:139 tcp
N/A 10.127.30.51:139 tcp
N/A 10.127.30.160:139 tcp
N/A 10.127.30.194:139 tcp
N/A 10.127.30.33:139 tcp
N/A 10.127.30.39:139 tcp
N/A 10.127.30.4:139 tcp
N/A 10.127.30.63:139 tcp
N/A 10.127.30.166:139 tcp
N/A 10.127.30.31:139 tcp
N/A 10.127.30.48:139 tcp
N/A 10.127.30.136:139 tcp
N/A 10.127.30.9:139 tcp
N/A 10.127.30.42:139 tcp
N/A 10.127.30.148:139 tcp
N/A 10.127.30.17:139 tcp
N/A 10.127.30.18:139 tcp
N/A 10.127.30.64:139 tcp
N/A 10.127.30.132:139 tcp
N/A 10.127.30.144:139 tcp
N/A 10.127.30.22:139 tcp
N/A 10.127.30.7:139 tcp
N/A 10.127.30.159:139 tcp
N/A 10.127.30.129:139 tcp
N/A 10.127.30.143:139 tcp
N/A 10.127.30.151:139 tcp
N/A 10.127.30.41:139 tcp
N/A 10.127.30.54:139 tcp
N/A 10.127.30.21:139 tcp
N/A 10.127.30.52:139 tcp
N/A 10.127.30.140:139 tcp
N/A 10.127.30.68:139 tcp
N/A 10.127.30.147:139 tcp
N/A 10.127.30.25:139 tcp
N/A 10.127.30.46:139 tcp
N/A 10.127.30.47:139 tcp
N/A 10.127.30.149:139 tcp
N/A 10.127.30.59:139 tcp
N/A 10.127.30.163:139 tcp
N/A 10.127.30.157:139 tcp
N/A 10.127.30.162:139 tcp
N/A 10.127.30.134:139 tcp
N/A 10.127.31.80:139 tcp
N/A 10.127.30.135:139 tcp
N/A 10.127.30.137:139 tcp
N/A 10.127.30.67:139 tcp
N/A 10.127.30.153:139 tcp
N/A 10.127.30.193:139 tcp
N/A 10.127.30.70:139 tcp
N/A 10.127.30.152:139 tcp
N/A 10.127.30.165:139 tcp
N/A 10.127.31.82:139 tcp
N/A 10.127.30.66:139 tcp
N/A 10.127.31.74:139 tcp
N/A 10.127.31.97:139 tcp
N/A 10.127.30.145:139 tcp
N/A 10.127.31.88:139 tcp
N/A 10.127.31.91:139 tcp
N/A 10.127.30.142:139 tcp
N/A 10.127.31.143:139 tcp
N/A 10.127.31.75:139 tcp
N/A 10.127.31.130:139 tcp
N/A 10.127.31.79:139 tcp
N/A 10.127.31.136:139 tcp
N/A 10.127.30.141:139 tcp
N/A 10.127.30.156:139 tcp
N/A 10.127.31.68:139 tcp
N/A 10.127.30.71:139 tcp
N/A 10.127.30.73:139 tcp
N/A 10.127.31.85:139 tcp
N/A 10.127.30.155:139 tcp
N/A 10.127.31.78:139 tcp
N/A 10.127.30.138:139 tcp
N/A 10.127.30.161:139 tcp
N/A 10.127.30.167:139 tcp
N/A 10.127.31.96:139 tcp
N/A 10.127.31.76:139 tcp
N/A 10.127.31.77:139 tcp
N/A 10.127.30.154:139 tcp
N/A 10.127.30.146:139 tcp
N/A 10.127.30.130:139 tcp
N/A 10.127.30.150:139 tcp
N/A 10.127.30.69:139 tcp
N/A 10.127.31.83:139 tcp
N/A 10.127.30.133:139 tcp
N/A 10.127.30.158:139 tcp
N/A 10.127.31.134:139 tcp
N/A 10.127.31.200:139 tcp
N/A 10.127.31.94:139 tcp
N/A 10.127.31.196:139 tcp
N/A 10.127.31.217:139 tcp
N/A 10.127.31.89:139 tcp
N/A 10.127.31.65:139 tcp
N/A 10.127.30.168:139 tcp
N/A 10.127.31.86:139 tcp
N/A 10.127.31.133:139 tcp
N/A 10.127.30.139:139 tcp
N/A 10.127.30.164:139 tcp
N/A 10.127.31.66:139 tcp
N/A 10.127.30.131:139 tcp
N/A 10.127.30.65:139 tcp
N/A 10.127.31.73:139 tcp
N/A 10.127.31.129:139 tcp
N/A 10.127.31.214:139 tcp
N/A 10.127.30.72:139 tcp
N/A 10.127.30.169:139 tcp
N/A 10.127.30.170:139 tcp
N/A 10.127.30.171:139 tcp
N/A 10.127.30.172:139 tcp
N/A 10.127.30.173:139 tcp
N/A 10.127.30.174:139 tcp
N/A 10.127.30.175:139 tcp
N/A 10.127.30.176:139 tcp
N/A 10.127.30.177:139 tcp
N/A 10.127.30.178:139 tcp
N/A 10.127.30.179:139 tcp
N/A 10.127.30.180:139 tcp
N/A 10.127.30.181:139 tcp
N/A 10.127.30.182:139 tcp
N/A 10.127.30.183:139 tcp
N/A 10.127.30.184:139 tcp
N/A 10.127.30.185:139 tcp
N/A 10.127.30.186:139 tcp
N/A 10.127.30.187:139 tcp
N/A 10.127.30.188:139 tcp
N/A 10.127.30.189:139 tcp
N/A 10.127.30.190:139 tcp
N/A 10.127.30.191:139 tcp
N/A 10.127.30.192:139 tcp
N/A 10.127.30.195:139 tcp
N/A 10.127.30.196:139 tcp
N/A 10.127.30.197:139 tcp
N/A 10.127.30.198:139 tcp
N/A 10.127.30.199:139 tcp
N/A 10.127.30.200:139 tcp
N/A 10.127.30.201:139 tcp
N/A 10.127.30.202:139 tcp
N/A 10.127.30.203:139 tcp
N/A 10.127.30.204:139 tcp
N/A 10.127.30.205:139 tcp
N/A 10.127.30.206:139 tcp
N/A 10.127.30.207:139 tcp
N/A 10.127.30.208:139 tcp
N/A 10.127.30.209:139 tcp
N/A 10.127.30.210:139 tcp
N/A 10.127.30.211:139 tcp
N/A 10.127.30.212:139 tcp
N/A 10.127.30.213:139 tcp
N/A 10.127.30.214:139 tcp
N/A 10.127.30.215:139 tcp
N/A 10.127.30.216:139 tcp
N/A 10.127.30.217:139 tcp
N/A 10.127.30.218:139 tcp
N/A 10.127.30.219:139 tcp
N/A 10.127.30.220:139 tcp
N/A 10.127.30.221:139 tcp
N/A 10.127.30.222:139 tcp
N/A 10.127.30.223:139 tcp
N/A 10.127.30.224:139 tcp
N/A 10.127.30.225:139 tcp
N/A 10.127.30.226:139 tcp
N/A 10.127.30.227:139 tcp
N/A 10.127.30.228:139 tcp
N/A 10.127.30.229:139 tcp
N/A 10.127.30.230:139 tcp
N/A 10.127.30.231:139 tcp
N/A 10.127.30.232:139 tcp
N/A 10.127.30.233:139 tcp
N/A 10.127.30.234:139 tcp
N/A 10.127.30.235:139 tcp
N/A 10.127.30.236:139 tcp
N/A 10.127.30.237:139 tcp
N/A 10.127.30.238:139 tcp
N/A 10.127.30.239:139 tcp
N/A 10.127.30.240:139 tcp
N/A 10.127.30.241:139 tcp
N/A 10.127.30.242:139 tcp
N/A 10.127.30.243:139 tcp
N/A 10.127.30.244:139 tcp
N/A 10.127.30.245:139 tcp
N/A 10.127.30.246:139 tcp
N/A 10.127.30.247:139 tcp
N/A 10.127.30.248:139 tcp
N/A 10.127.30.249:139 tcp
N/A 10.127.30.250:139 tcp
N/A 10.127.30.251:139 tcp
N/A 10.127.30.252:139 tcp
N/A 10.127.30.253:139 tcp
N/A 10.127.30.254:139 tcp
N/A 10.127.30.255:139 tcp
N/A 10.127.31.0:139 tcp
N/A 10.127.30.74:139 tcp
N/A 10.127.30.75:139 tcp
N/A 10.127.30.76:139 tcp
N/A 10.127.30.77:139 tcp
N/A 10.127.30.78:139 tcp
N/A 10.127.30.79:139 tcp
N/A 10.127.30.80:139 tcp
N/A 10.127.30.81:139 tcp
N/A 10.127.30.82:139 tcp
N/A 10.127.30.83:139 tcp
N/A 10.127.30.84:139 tcp
N/A 10.127.30.85:139 tcp
N/A 10.127.30.86:139 tcp
N/A 10.127.30.87:139 tcp
N/A 10.127.30.88:139 tcp
N/A 10.127.30.89:139 tcp
N/A 10.127.30.90:139 tcp
N/A 10.127.30.91:139 tcp
N/A 10.127.30.92:139 tcp
N/A 10.127.30.93:139 tcp
N/A 10.127.30.94:139 tcp
N/A 10.127.30.95:139 tcp
N/A 10.127.30.96:139 tcp
N/A 10.127.30.97:139 tcp
N/A 10.127.30.98:139 tcp
N/A 10.127.30.99:139 tcp
N/A 10.127.30.100:139 tcp
N/A 10.127.30.101:139 tcp
N/A 10.127.30.102:139 tcp
N/A 10.127.31.1:139 tcp
N/A 10.127.30.103:139 tcp
N/A 10.127.31.2:139 tcp
N/A 10.127.30.104:139 tcp
N/A 10.127.31.3:139 tcp
N/A 10.127.30.105:139 tcp
N/A 10.127.30.106:139 tcp
N/A 10.127.31.4:139 tcp
N/A 10.127.30.107:139 tcp
N/A 10.127.31.5:139 tcp
N/A 10.127.30.108:139 tcp
N/A 10.127.30.109:139 tcp
N/A 10.127.31.6:139 tcp
N/A 10.127.30.110:139 tcp
N/A 10.127.31.7:139 tcp
N/A 10.127.30.111:139 tcp
N/A 10.127.30.112:139 tcp
N/A 10.127.31.8:139 tcp
N/A 10.127.30.113:139 tcp
N/A 10.127.31.9:139 tcp
N/A 10.127.30.114:139 tcp
N/A 10.127.30.115:139 tcp
N/A 10.127.31.10:139 tcp
N/A 10.127.30.116:139 tcp
N/A 10.127.31.11:139 tcp
N/A 10.127.30.117:139 tcp
N/A 10.127.30.118:139 tcp
N/A 10.127.31.12:139 tcp
N/A 10.127.30.119:139 tcp
N/A 10.127.30.120:139 tcp
N/A 10.127.30.121:139 tcp
N/A 10.127.31.13:139 tcp
N/A 10.127.31.14:139 tcp
N/A 10.127.30.122:139 tcp
N/A 10.127.30.123:139 tcp
N/A 10.127.31.15:139 tcp
N/A 10.127.30.124:139 tcp
N/A 10.127.31.16:139 tcp
N/A 10.127.30.125:139 tcp
N/A 10.127.30.126:139 tcp
N/A 10.127.31.17:139 tcp
N/A 10.127.30.127:139 tcp
N/A 10.127.31.18:139 tcp
N/A 10.127.30.128:139 tcp
N/A 10.127.31.19:139 tcp
N/A 10.127.31.20:139 tcp
N/A 10.127.31.21:139 tcp
N/A 10.127.31.22:139 tcp
N/A 10.127.31.23:139 tcp
N/A 10.127.31.24:139 tcp
N/A 10.127.31.25:139 tcp
N/A 10.127.31.26:139 tcp
N/A 10.127.31.27:139 tcp
N/A 10.127.31.28:139 tcp
N/A 10.127.31.29:139 tcp
N/A 10.127.31.30:139 tcp
N/A 10.127.31.31:139 tcp
N/A 10.127.31.32:139 tcp
N/A 10.127.31.33:139 tcp
N/A 10.127.31.34:139 tcp
N/A 10.127.31.35:139 tcp
N/A 10.127.31.36:139 tcp
N/A 10.127.31.37:139 tcp
N/A 10.127.31.38:139 tcp
N/A 10.127.31.39:139 tcp
N/A 10.127.31.40:139 tcp
N/A 10.127.31.41:139 tcp
N/A 10.127.31.42:139 tcp
N/A 10.127.31.43:139 tcp
N/A 10.127.31.44:139 tcp
N/A 10.127.31.45:139 tcp
N/A 10.127.31.46:139 tcp
N/A 10.127.31.47:139 tcp
N/A 10.127.31.48:139 tcp
N/A 10.127.31.49:139 tcp
N/A 10.127.31.50:139 tcp
N/A 10.127.31.51:139 tcp
N/A 10.127.31.52:139 tcp
N/A 10.127.31.53:139 tcp
N/A 10.127.31.54:139 tcp
N/A 10.127.31.55:139 tcp
N/A 10.127.31.56:139 tcp
N/A 10.127.31.57:139 tcp
N/A 10.127.31.58:139 tcp
N/A 10.127.31.59:139 tcp
N/A 10.127.31.60:139 tcp
N/A 10.127.31.61:139 tcp
N/A 10.127.31.62:139 tcp
N/A 10.127.31.63:139 tcp
N/A 10.127.31.64:139 tcp
N/A 10.127.31.67:139 tcp
N/A 10.127.31.69:139 tcp
N/A 10.127.31.70:139 tcp
N/A 10.127.31.71:139 tcp
N/A 10.127.31.72:139 tcp
N/A 10.127.31.81:139 tcp
N/A 10.127.31.84:139 tcp
N/A 10.127.31.87:139 tcp
N/A 10.127.31.90:139 tcp
N/A 10.127.31.92:139 tcp
N/A 10.127.31.93:139 tcp
N/A 10.127.31.95:139 tcp
N/A 10.127.31.98:139 tcp
N/A 10.127.31.99:139 tcp
N/A 10.127.31.100:139 tcp
N/A 10.127.31.101:139 tcp
N/A 10.127.31.102:139 tcp
N/A 10.127.31.103:139 tcp
N/A 10.127.31.104:139 tcp
N/A 10.127.31.105:139 tcp
N/A 10.127.31.106:139 tcp
N/A 10.127.31.107:139 tcp
N/A 10.127.31.108:139 tcp
N/A 10.127.31.109:139 tcp
N/A 10.127.31.110:139 tcp
N/A 10.127.31.111:139 tcp
N/A 10.127.31.112:139 tcp
N/A 10.127.31.113:139 tcp
N/A 10.127.31.114:139 tcp
N/A 10.127.31.115:139 tcp
N/A 10.127.31.116:139 tcp
N/A 10.127.31.117:139 tcp
N/A 10.127.31.118:139 tcp
N/A 10.127.31.119:139 tcp
N/A 10.127.31.120:139 tcp
N/A 10.127.31.121:139 tcp
N/A 10.127.31.122:139 tcp
N/A 10.127.31.123:139 tcp
N/A 10.127.31.124:139 tcp
N/A 10.127.31.125:139 tcp
N/A 10.127.31.126:139 tcp
N/A 10.127.31.127:139 tcp
N/A 10.127.31.128:139 tcp
N/A 10.127.31.131:139 tcp
N/A 10.127.31.132:139 tcp
N/A 10.127.31.135:139 tcp
N/A 10.127.31.137:139 tcp
N/A 10.127.31.138:139 tcp
N/A 10.127.31.139:139 tcp
N/A 10.127.31.140:139 tcp
N/A 10.127.31.141:139 tcp
N/A 10.127.31.142:139 tcp
N/A 10.127.31.144:139 tcp
N/A 10.127.31.145:139 tcp
N/A 10.127.31.146:139 tcp
N/A 10.127.31.147:139 tcp
N/A 10.127.31.148:139 tcp
N/A 10.127.31.149:139 tcp
N/A 10.127.31.150:139 tcp
N/A 10.127.31.151:139 tcp
N/A 10.127.31.152:139 tcp
N/A 10.127.31.153:139 tcp
N/A 10.127.31.154:139 tcp
N/A 10.127.31.155:139 tcp
N/A 10.127.31.156:139 tcp
N/A 10.127.31.157:139 tcp
N/A 10.127.31.158:139 tcp
N/A 10.127.31.159:139 tcp
N/A 10.127.31.160:139 tcp
N/A 10.127.31.161:139 tcp
N/A 10.127.31.162:139 tcp
N/A 10.127.31.163:139 tcp
N/A 10.127.31.164:139 tcp
N/A 10.127.31.165:139 tcp
N/A 10.127.31.166:139 tcp
N/A 10.127.31.167:139 tcp
N/A 10.127.31.168:139 tcp
N/A 10.127.31.169:139 tcp
N/A 10.127.31.170:139 tcp
N/A 10.127.31.171:139 tcp
N/A 10.127.31.172:139 tcp
N/A 10.127.31.173:139 tcp
N/A 10.127.31.174:139 tcp
N/A 10.127.31.175:139 tcp
N/A 10.127.31.176:139 tcp
N/A 10.127.31.177:139 tcp
N/A 10.127.31.178:139 tcp
N/A 10.127.31.179:139 tcp
N/A 10.127.31.180:139 tcp
N/A 10.127.31.181:139 tcp
N/A 10.127.31.182:139 tcp
N/A 10.127.31.183:139 tcp
N/A 10.127.31.184:139 tcp
N/A 10.127.31.185:139 tcp
N/A 10.127.31.186:139 tcp
N/A 10.127.31.187:139 tcp
N/A 10.127.31.188:139 tcp
N/A 10.127.31.189:139 tcp
N/A 10.127.31.190:139 tcp
N/A 10.127.31.191:139 tcp
N/A 10.127.31.192:139 tcp
N/A 10.127.31.198:139 tcp
N/A 10.127.31.199:139 tcp
N/A 10.127.31.194:139 tcp
N/A 10.127.31.197:139 tcp
N/A 10.127.31.205:139 tcp
N/A 10.127.31.195:139 tcp
N/A 10.127.31.201:139 tcp
N/A 10.127.31.207:139 tcp
N/A 10.127.31.211:139 tcp
N/A 10.127.31.213:139 tcp
N/A 10.127.31.219:139 tcp
N/A 10.127.31.208:139 tcp
N/A 10.127.31.206:139 tcp
N/A 10.127.31.209:139 tcp
N/A 10.127.31.203:139 tcp
N/A 10.127.31.202:139 tcp
N/A 10.127.31.212:139 tcp
N/A 10.127.31.193:139 tcp
N/A 10.127.31.210:139 tcp
N/A 10.127.31.216:139 tcp
N/A 10.127.31.204:139 tcp
N/A 10.127.31.218:139 tcp
N/A 10.127.31.215:139 tcp
N/A 10.127.31.240:139 tcp
N/A 10.127.31.224:139 tcp
N/A 10.127.31.237:139 tcp
N/A 10.127.31.222:139 tcp
N/A 10.127.31.223:139 tcp
N/A 10.127.31.229:139 tcp
N/A 10.127.31.231:139 tcp
N/A 10.127.31.241:139 tcp
N/A 10.127.31.232:139 tcp
N/A 10.127.31.225:139 tcp
N/A 10.127.31.228:139 tcp
N/A 10.127.31.227:139 tcp
N/A 10.127.31.220:139 tcp
N/A 10.127.31.233:139 tcp
N/A 10.127.31.230:139 tcp
N/A 10.127.31.238:139 tcp
N/A 10.127.31.221:139 tcp
N/A 10.127.31.226:139 tcp
N/A 10.127.31.234:139 tcp
N/A 10.127.31.235:139 tcp
N/A 10.127.31.236:139 tcp
N/A 10.127.31.239:139 tcp
N/A 10.127.31.242:139 tcp
N/A 10.127.31.243:139 tcp
N/A 10.127.31.244:139 tcp
N/A 10.127.31.245:139 tcp
N/A 10.127.31.246:139 tcp
N/A 10.127.31.247:139 tcp
N/A 10.127.31.248:139 tcp
N/A 10.127.31.249:139 tcp
N/A 10.127.31.250:139 tcp
N/A 10.127.31.251:139 tcp
N/A 10.127.31.252:139 tcp
N/A 10.127.31.253:139 tcp
N/A 10.127.31.254:139 tcp
N/A 10.127.31.255:139 tcp
N/A 10.127.32.0:139 tcp
N/A 10.127.32.8:139 tcp
N/A 10.127.32.14:139 tcp
N/A 10.127.32.34:139 tcp
N/A 10.127.32.33:139 tcp
N/A 10.127.32.5:139 tcp
N/A 10.127.32.19:139 tcp
N/A 10.127.32.39:139 tcp
N/A 10.127.32.66:139 tcp
N/A 10.127.32.25:139 tcp
N/A 10.127.32.52:139 tcp
N/A 10.127.32.53:139 tcp
N/A 10.127.32.63:139 tcp
N/A 10.127.32.9:139 tcp
N/A 10.127.32.6:139 tcp
N/A 10.127.32.24:139 tcp
N/A 10.127.32.60:139 tcp
N/A 10.127.32.45:139 tcp
N/A 10.127.32.27:139 tcp
N/A 10.127.32.54:139 tcp
N/A 10.127.32.57:139 tcp
N/A 10.127.32.37:139 tcp
N/A 10.127.32.135:139 tcp
N/A 10.127.32.3:139 tcp
N/A 10.127.32.31:139 tcp
N/A 10.127.32.50:139 tcp
N/A 10.127.32.56:139 tcp
N/A 10.127.32.58:139 tcp
N/A 10.127.32.1:139 tcp
N/A 10.127.32.55:139 tcp
N/A 10.127.32.137:139 tcp
N/A 10.127.32.4:139 tcp
N/A 10.127.32.12:139 tcp
N/A 10.127.32.20:139 tcp
N/A 10.127.32.28:139 tcp
N/A 10.127.32.143:139 tcp
N/A 10.127.32.11:139 tcp
N/A 10.127.32.26:139 tcp
N/A 10.127.32.30:139 tcp
N/A 10.127.32.32:139 tcp
N/A 10.127.32.17:139 tcp
N/A 10.127.32.194:139 tcp
N/A 10.127.32.16:139 tcp
N/A 10.127.32.61:139 tcp
N/A 10.127.32.133:139 tcp
N/A 10.127.32.36:139 tcp
N/A 10.127.32.64:139 tcp
N/A 10.127.32.21:139 tcp
N/A 10.127.32.203:139 tcp
N/A 10.127.32.10:139 tcp
N/A 10.127.32.18:139 tcp
N/A 10.127.32.23:139 tcp
N/A 10.127.32.38:139 tcp
N/A 10.127.32.49:139 tcp
N/A 10.127.32.48:139 tcp
N/A 10.127.32.22:139 tcp
N/A 10.127.32.51:139 tcp
N/A 10.127.32.59:139 tcp
N/A 10.127.32.13:139 tcp
N/A 10.127.32.43:139 tcp
N/A 10.127.32.42:139 tcp
N/A 10.127.32.134:139 tcp
N/A 10.127.32.62:139 tcp
N/A 10.127.32.138:139 tcp
N/A 10.127.32.2:139 tcp
N/A 10.127.32.196:139 tcp
N/A 10.127.33.19:139 tcp
N/A 10.127.32.7:139 tcp
N/A 10.127.33.3:139 tcp
N/A 10.127.32.41:139 tcp
N/A 10.127.32.199:139 tcp
N/A 10.127.32.68:139 tcp
N/A 10.127.32.132:139 tcp
N/A 10.127.33.24:139 tcp
N/A 10.127.32.67:139 tcp
N/A 10.127.32.46:139 tcp
N/A 10.127.32.141:139 tcp
N/A 10.127.33.26:139 tcp
N/A 10.127.33.66:139 tcp
N/A 10.127.32.15:139 tcp
N/A 10.127.32.44:139 tcp
N/A 10.127.33.67:139 tcp
N/A 10.127.32.195:139 tcp
N/A 10.127.33.12:139 tcp
N/A 10.127.32.47:139 tcp
N/A 10.127.32.35:139 tcp
N/A 10.127.32.69:139 tcp
N/A 10.127.32.29:139 tcp
N/A 10.127.33.132:139 tcp
N/A 10.127.33.139:139 tcp
N/A 10.127.33.141:139 tcp
N/A 10.127.32.40:139 tcp
N/A 10.127.32.130:139 tcp
N/A 10.127.32.202:139 tcp
N/A 10.127.32.140:139 tcp
N/A 10.127.33.2:139 tcp
N/A 10.127.33.16:139 tcp
N/A 10.127.33.25:139 tcp
N/A 10.127.32.129:139 tcp
N/A 10.127.33.135:139 tcp
N/A 10.127.33.136:139 tcp
N/A 10.127.33.18:139 tcp
N/A 10.127.32.65:139 tcp
N/A 10.127.33.194:139 tcp
N/A 10.127.33.196:139 tcp
N/A 10.127.32.193:139 tcp
N/A 10.127.33.140:139 tcp
N/A 10.127.32.131:139 tcp
N/A 10.127.33.8:139 tcp
N/A 10.127.33.17:139 tcp
N/A 10.127.33.143:139 tcp
N/A 10.127.33.129:139 tcp
N/A 10.127.33.145:139 tcp
N/A 10.127.32.155:139 tcp
N/A 10.127.32.136:139 tcp
N/A 10.127.32.200:139 tcp
N/A 10.127.32.139:139 tcp
N/A 10.127.32.144:139 tcp
N/A 10.127.33.5:139 tcp
N/A 10.127.33.7:139 tcp
N/A 10.127.33.138:139 tcp
N/A 10.127.33.197:139 tcp
N/A 10.127.33.20:139 tcp
N/A 10.127.33.9:139 tcp
N/A 10.127.33.15:139 tcp
N/A 10.127.33.68:139 tcp
N/A 10.127.32.142:139 tcp
N/A 10.127.33.133:139 tcp
N/A 10.127.33.23:139 tcp
N/A 10.127.33.195:139 tcp
N/A 10.127.33.14:139 tcp
N/A 10.127.32.197:139 tcp
N/A 10.127.33.204:139 tcp
N/A 10.127.32.201:139 tcp
N/A 10.127.32.207:139 tcp
N/A 10.127.32.206:139 tcp
N/A 10.127.33.137:139 tcp
N/A 10.127.33.205:139 tcp
N/A 10.127.33.4:139 tcp
N/A 10.127.33.21:139 tcp
N/A 10.127.33.193:139 tcp
N/A 10.127.32.156:139 tcp
N/A 10.127.32.198:139 tcp
N/A 10.127.32.204:139 tcp
N/A 10.127.32.205:139 tcp
N/A 10.127.33.69:139 tcp
N/A 10.127.33.10:139 tcp
N/A 10.127.33.201:139 tcp
N/A 10.127.33.147:139 tcp
N/A 10.127.32.154:139 tcp
N/A 10.127.33.130:139 tcp
N/A 10.127.33.199:139 tcp
N/A 10.127.33.65:139 tcp
N/A 10.127.33.142:139 tcp
N/A 10.127.33.1:139 tcp
N/A 10.127.33.203:139 tcp
N/A 10.127.33.6:139 tcp
N/A 10.127.33.148:139 tcp
N/A 10.127.33.131:139 tcp
N/A 10.127.32.70:139 tcp
N/A 10.127.32.71:139 tcp
N/A 10.127.32.72:139 tcp
N/A 10.127.32.73:139 tcp
N/A 10.127.32.74:139 tcp
N/A 10.127.32.75:139 tcp
N/A 10.127.32.76:139 tcp
N/A 10.127.32.77:139 tcp
N/A 10.127.32.78:139 tcp
N/A 10.127.32.79:139 tcp
N/A 10.127.32.80:139 tcp
N/A 10.127.32.81:139 tcp
N/A 10.127.32.82:139 tcp
N/A 10.127.32.83:139 tcp
N/A 10.127.32.84:139 tcp
N/A 10.127.32.85:139 tcp
N/A 10.127.32.86:139 tcp
N/A 10.127.32.87:139 tcp
N/A 10.127.32.88:139 tcp
N/A 10.127.32.89:139 tcp
N/A 10.127.32.90:139 tcp
N/A 10.127.32.91:139 tcp
N/A 10.127.32.92:139 tcp
N/A 10.127.32.93:139 tcp
N/A 10.127.32.94:139 tcp
N/A 10.127.32.95:139 tcp
N/A 10.127.32.96:139 tcp
N/A 10.127.32.97:139 tcp
N/A 10.127.32.98:139 tcp
N/A 10.127.32.99:139 tcp
N/A 10.127.32.100:139 tcp
N/A 10.127.32.101:139 tcp
N/A 10.127.32.102:139 tcp
N/A 10.127.32.103:139 tcp
N/A 10.127.32.104:139 tcp
N/A 10.127.32.105:139 tcp
N/A 10.127.32.106:139 tcp
N/A 10.127.32.107:139 tcp
N/A 10.127.32.108:139 tcp
N/A 10.127.32.109:139 tcp
N/A 10.127.32.110:139 tcp
N/A 10.127.32.111:139 tcp
N/A 10.127.32.112:139 tcp
N/A 10.127.32.113:139 tcp
N/A 10.127.32.114:139 tcp
N/A 10.127.32.115:139 tcp
N/A 10.127.32.116:139 tcp
N/A 10.127.32.117:139 tcp
N/A 10.127.32.118:139 tcp
N/A 10.127.32.119:139 tcp
N/A 10.127.32.120:139 tcp
N/A 10.127.32.121:139 tcp
N/A 10.127.32.122:139 tcp
N/A 10.127.32.123:139 tcp
N/A 10.127.32.124:139 tcp
N/A 10.127.32.125:139 tcp
N/A 10.127.32.126:139 tcp
N/A 10.127.32.127:139 tcp
N/A 10.127.32.128:139 tcp
N/A 10.127.32.145:139 tcp
N/A 10.127.32.146:139 tcp
N/A 10.127.32.147:139 tcp
N/A 10.127.32.148:139 tcp
N/A 10.127.32.149:139 tcp
N/A 10.127.32.150:139 tcp
N/A 10.127.32.151:139 tcp
N/A 10.127.32.152:139 tcp
N/A 10.127.32.153:139 tcp
N/A 10.127.32.157:139 tcp
N/A 10.127.32.158:139 tcp
N/A 10.127.32.159:139 tcp
N/A 10.127.32.160:139 tcp
N/A 10.127.32.161:139 tcp
N/A 10.127.32.162:139 tcp
N/A 10.127.32.163:139 tcp
N/A 10.127.32.164:139 tcp
N/A 10.127.32.165:139 tcp
N/A 10.127.32.166:139 tcp
N/A 10.127.32.167:139 tcp
N/A 10.127.32.168:139 tcp
N/A 10.127.32.169:139 tcp
N/A 10.127.32.170:139 tcp
N/A 10.127.32.171:139 tcp
N/A 10.127.32.172:139 tcp
N/A 10.127.32.173:139 tcp
N/A 10.127.32.174:139 tcp
N/A 10.127.32.175:139 tcp
N/A 10.127.32.176:139 tcp
N/A 10.127.32.177:139 tcp
N/A 10.127.32.178:139 tcp
N/A 10.127.32.179:139 tcp
N/A 10.127.32.180:139 tcp
N/A 10.127.32.181:139 tcp
N/A 10.127.32.182:139 tcp
N/A 10.127.32.183:139 tcp
N/A 10.127.32.184:139 tcp
N/A 10.127.32.185:139 tcp
N/A 10.127.32.186:139 tcp
N/A 10.127.32.187:139 tcp
N/A 10.127.32.188:139 tcp
N/A 10.127.32.189:139 tcp
N/A 10.127.32.190:139 tcp
N/A 10.127.32.191:139 tcp
N/A 10.127.32.192:139 tcp
N/A 10.127.32.208:139 tcp
N/A 10.127.32.209:139 tcp
N/A 10.127.32.210:139 tcp
N/A 10.127.32.211:139 tcp
N/A 10.127.32.212:139 tcp
N/A 10.127.32.213:139 tcp
N/A 10.127.32.214:139 tcp
N/A 10.127.32.215:139 tcp
N/A 10.127.32.216:139 tcp
N/A 10.127.32.217:139 tcp
N/A 10.127.32.218:139 tcp
N/A 10.127.32.219:139 tcp
N/A 10.127.32.220:139 tcp
N/A 10.127.32.221:139 tcp
N/A 10.127.32.222:139 tcp
N/A 10.127.32.223:139 tcp
N/A 10.127.32.224:139 tcp
N/A 10.127.32.225:139 tcp
N/A 10.127.32.226:139 tcp
N/A 10.127.32.227:139 tcp
N/A 10.127.32.228:139 tcp
N/A 10.127.32.229:139 tcp
N/A 10.127.32.230:139 tcp
N/A 10.127.32.231:139 tcp
N/A 10.127.32.232:139 tcp
N/A 10.127.32.233:139 tcp
N/A 10.127.32.234:139 tcp
N/A 10.127.32.235:139 tcp
N/A 10.127.32.236:139 tcp
N/A 10.127.32.237:139 tcp
N/A 10.127.32.238:139 tcp
N/A 10.127.32.239:139 tcp
N/A 10.127.32.240:139 tcp
N/A 10.127.32.241:139 tcp
N/A 10.127.32.242:139 tcp
N/A 10.127.32.243:139 tcp
N/A 10.127.32.244:139 tcp
N/A 10.127.32.245:139 tcp
N/A 10.127.32.246:139 tcp
N/A 10.127.32.247:139 tcp
N/A 10.127.32.248:139 tcp
N/A 10.127.32.249:139 tcp
N/A 10.127.32.250:139 tcp
N/A 10.127.32.251:139 tcp
N/A 10.127.32.252:139 tcp
N/A 10.127.32.253:139 tcp
N/A 10.127.32.254:139 tcp
N/A 10.127.32.255:139 tcp
N/A 10.127.33.0:139 tcp
N/A 10.127.33.11:139 tcp
N/A 10.127.33.13:139 tcp
N/A 10.127.33.22:139 tcp
N/A 10.127.33.27:139 tcp
N/A 10.127.33.28:139 tcp
N/A 10.127.33.29:139 tcp
N/A 10.127.33.30:139 tcp
N/A 10.127.33.31:139 tcp
N/A 10.127.33.32:139 tcp
N/A 10.127.33.33:139 tcp
N/A 10.127.33.34:139 tcp
N/A 10.127.33.35:139 tcp
N/A 10.127.33.36:139 tcp
N/A 10.127.33.37:139 tcp
N/A 10.127.33.38:139 tcp
N/A 10.127.33.39:139 tcp
N/A 10.127.33.40:139 tcp
N/A 10.127.33.41:139 tcp
N/A 10.127.33.42:139 tcp
N/A 10.127.33.43:139 tcp
N/A 10.127.33.44:139 tcp
N/A 10.127.33.45:139 tcp
N/A 10.127.33.46:139 tcp
N/A 10.127.33.47:139 tcp
N/A 10.127.33.48:139 tcp
N/A 10.127.33.49:139 tcp
N/A 10.127.33.50:139 tcp
N/A 10.127.33.51:139 tcp
N/A 10.127.33.52:139 tcp
N/A 10.127.33.53:139 tcp
N/A 10.127.33.54:139 tcp
N/A 10.127.33.55:139 tcp
N/A 10.127.33.56:139 tcp
N/A 10.127.33.57:139 tcp
N/A 10.127.33.58:139 tcp
N/A 10.127.33.59:139 tcp
N/A 10.127.33.60:139 tcp
N/A 10.127.33.61:139 tcp
N/A 10.127.33.62:139 tcp
N/A 10.127.33.63:139 tcp
N/A 10.127.33.64:139 tcp
N/A 10.127.33.70:139 tcp
N/A 10.127.33.71:139 tcp
N/A 10.127.33.72:139 tcp
N/A 10.127.33.73:139 tcp
N/A 10.127.33.74:139 tcp
N/A 10.127.33.75:139 tcp
N/A 10.127.33.76:139 tcp
N/A 10.127.33.77:139 tcp
N/A 10.127.33.78:139 tcp
N/A 10.127.33.79:139 tcp
N/A 10.127.33.80:139 tcp
N/A 10.127.33.81:139 tcp
N/A 10.127.33.82:139 tcp
N/A 10.127.33.83:139 tcp
N/A 10.127.33.84:139 tcp
N/A 10.127.33.85:139 tcp
N/A 10.127.33.86:139 tcp
N/A 10.127.33.87:139 tcp
N/A 10.127.33.88:139 tcp
N/A 10.127.33.89:139 tcp
N/A 10.127.33.90:139 tcp
N/A 10.127.33.91:139 tcp
N/A 10.127.33.92:139 tcp
N/A 10.127.33.93:139 tcp
N/A 10.127.33.94:139 tcp
N/A 10.127.33.95:139 tcp
N/A 10.127.33.96:139 tcp
N/A 10.127.33.97:139 tcp
N/A 10.127.33.98:139 tcp
N/A 10.127.33.99:139 tcp
N/A 10.127.33.100:139 tcp
N/A 10.127.33.101:139 tcp
N/A 10.127.33.102:139 tcp
N/A 10.127.33.103:139 tcp
N/A 10.127.33.104:139 tcp
N/A 10.127.33.105:139 tcp
N/A 10.127.33.106:139 tcp
N/A 10.127.33.107:139 tcp
N/A 10.127.33.108:139 tcp
N/A 10.127.33.109:139 tcp
N/A 10.127.33.110:139 tcp
N/A 10.127.33.111:139 tcp
N/A 10.127.33.112:139 tcp
N/A 10.127.33.113:139 tcp
N/A 10.127.33.114:139 tcp
N/A 10.127.33.115:139 tcp
N/A 10.127.33.116:139 tcp
N/A 10.127.33.117:139 tcp
N/A 10.127.33.118:139 tcp
N/A 10.127.33.119:139 tcp
N/A 10.127.33.120:139 tcp
N/A 10.127.33.121:139 tcp
N/A 10.127.33.122:139 tcp
N/A 10.127.33.123:139 tcp
N/A 10.127.33.124:139 tcp
N/A 10.127.33.125:139 tcp
N/A 10.127.33.126:139 tcp
N/A 10.127.33.127:139 tcp
N/A 10.127.33.128:139 tcp
N/A 10.127.33.134:139 tcp
N/A 10.127.33.144:139 tcp
N/A 10.127.33.146:139 tcp
N/A 10.127.33.149:139 tcp
N/A 10.127.33.150:139 tcp
N/A 10.127.33.151:139 tcp
N/A 10.127.33.152:139 tcp
N/A 10.127.33.153:139 tcp
N/A 10.127.33.154:139 tcp
N/A 10.127.33.155:139 tcp
N/A 10.127.33.156:139 tcp
N/A 10.127.33.157:139 tcp
N/A 10.127.33.158:139 tcp
N/A 10.127.33.159:139 tcp
N/A 10.127.33.160:139 tcp
N/A 10.127.33.161:139 tcp
N/A 10.127.33.162:139 tcp
N/A 10.127.33.163:139 tcp
N/A 10.127.33.164:139 tcp
N/A 10.127.33.165:139 tcp
N/A 10.127.33.166:139 tcp
N/A 10.127.33.167:139 tcp
N/A 10.127.33.168:139 tcp
N/A 10.127.33.169:139 tcp
N/A 10.127.33.170:139 tcp
N/A 10.127.33.171:139 tcp
N/A 10.127.33.172:139 tcp
N/A 10.127.33.173:139 tcp
N/A 10.127.33.174:139 tcp
N/A 10.127.33.175:139 tcp
N/A 10.127.33.176:139 tcp
N/A 10.127.33.177:139 tcp
N/A 10.127.33.178:139 tcp
N/A 10.127.33.179:139 tcp
N/A 10.127.33.180:139 tcp
N/A 10.127.33.181:139 tcp
N/A 10.127.33.182:139 tcp
N/A 10.127.33.183:139 tcp
N/A 10.127.33.184:139 tcp
N/A 10.127.33.185:139 tcp
N/A 10.127.33.186:139 tcp
N/A 10.127.33.187:139 tcp
N/A 10.127.33.188:139 tcp
N/A 10.127.33.189:139 tcp
N/A 10.127.33.190:139 tcp
N/A 10.127.33.191:139 tcp
N/A 10.127.33.192:139 tcp
N/A 10.127.33.198:139 tcp
N/A 10.127.33.200:139 tcp
N/A 10.127.33.202:139 tcp
N/A 10.127.33.206:139 tcp
N/A 10.127.33.207:139 tcp
N/A 10.127.33.208:139 tcp
N/A 10.127.33.209:139 tcp
N/A 10.127.33.210:139 tcp
N/A 10.127.33.211:139 tcp
N/A 10.127.33.212:139 tcp
N/A 10.127.33.213:139 tcp
N/A 10.127.33.214:139 tcp
N/A 10.127.33.215:139 tcp
N/A 10.127.33.216:139 tcp
N/A 10.127.33.217:139 tcp
N/A 10.127.33.218:139 tcp
N/A 10.127.33.219:139 tcp
N/A 10.127.33.220:139 tcp
N/A 10.127.33.221:139 tcp
N/A 10.127.33.222:139 tcp
N/A 10.127.33.223:139 tcp
N/A 10.127.33.224:139 tcp
N/A 10.127.33.225:139 tcp
N/A 10.127.33.226:139 tcp
N/A 10.127.33.227:139 tcp
N/A 10.127.33.228:139 tcp
N/A 10.127.33.229:139 tcp
N/A 10.127.33.230:139 tcp
N/A 10.127.33.231:139 tcp
N/A 10.127.33.232:139 tcp
N/A 10.127.33.233:139 tcp
N/A 10.127.33.234:139 tcp
N/A 10.127.33.235:139 tcp
N/A 10.127.33.236:139 tcp
N/A 10.127.33.237:139 tcp
N/A 10.127.33.238:139 tcp
N/A 10.127.33.239:139 tcp
N/A 10.127.33.240:139 tcp
N/A 10.127.33.241:139 tcp
N/A 10.127.33.242:139 tcp
N/A 10.127.33.243:139 tcp
N/A 10.127.33.244:139 tcp
N/A 10.127.33.245:139 tcp
N/A 10.127.33.246:139 tcp
N/A 10.127.33.247:139 tcp
N/A 10.127.33.248:139 tcp
N/A 10.127.33.249:139 tcp
N/A 10.127.33.250:139 tcp
N/A 10.127.33.251:139 tcp
N/A 10.127.33.252:139 tcp
N/A 10.127.33.253:139 tcp
N/A 10.127.33.254:139 tcp
N/A 10.127.33.255:139 tcp
N/A 10.127.34.0:139 tcp
N/A 10.127.34.19:139 tcp
N/A 10.127.34.60:139 tcp
N/A 10.127.34.3:139 tcp
N/A 10.127.34.16:139 tcp
N/A 10.127.34.6:139 tcp
N/A 10.127.34.30:139 tcp
N/A 10.127.34.48:139 tcp
N/A 10.127.34.56:139 tcp
N/A 10.127.34.62:139 tcp
N/A 10.127.34.35:139 tcp
N/A 10.127.34.15:139 tcp
N/A 10.127.34.20:139 tcp
N/A 10.127.34.45:139 tcp
N/A 10.127.34.18:139 tcp
N/A 10.127.34.31:139 tcp
N/A 10.127.34.66:139 tcp
N/A 10.127.34.50:139 tcp
N/A 10.127.34.51:139 tcp
N/A 10.127.34.61:139 tcp
N/A 10.127.34.136:139 tcp
N/A 10.127.34.2:139 tcp
N/A 10.127.34.29:139 tcp
N/A 10.127.34.57:139 tcp
N/A 10.127.34.134:139 tcp
N/A 10.127.34.42:139 tcp
N/A 10.127.34.133:139 tcp
N/A 10.127.34.38:139 tcp
N/A 10.127.34.135:139 tcp
N/A 10.127.34.21:139 tcp
N/A 10.127.34.53:139 tcp
N/A 10.127.34.52:139 tcp
N/A 10.127.34.194:139 tcp
N/A 10.127.34.41:139 tcp
N/A 10.127.34.46:139 tcp
N/A 10.127.34.203:139 tcp
N/A 10.127.34.39:139 tcp
N/A 10.127.34.27:139 tcp
N/A 10.127.34.12:139 tcp
N/A 10.127.34.67:139 tcp
N/A 10.127.34.9:139 tcp
N/A 10.127.34.5:139 tcp
N/A 10.127.34.55:139 tcp
N/A 10.127.34.195:139 tcp
N/A 10.127.34.54:139 tcp
N/A 10.127.34.1:139 tcp
N/A 10.127.34.69:139 tcp
N/A 10.127.34.205:139 tcp
N/A 10.127.34.65:139 tcp
N/A 10.127.34.33:139 tcp
N/A 10.127.34.40:139 tcp
N/A 10.127.34.200:139 tcp
N/A 10.127.34.28:139 tcp
N/A 10.127.34.59:139 tcp
N/A 10.127.34.202:139 tcp
N/A 10.127.34.10:139 tcp
N/A 10.127.34.4:139 tcp
N/A 10.127.34.7:139 tcp
N/A 10.127.34.8:139 tcp
N/A 10.127.34.11:139 tcp
N/A 10.127.34.13:139 tcp
N/A 10.127.34.14:139 tcp
N/A 10.127.34.17:139 tcp
N/A 10.127.34.22:139 tcp
N/A 10.127.34.23:139 tcp
N/A 10.127.34.24:139 tcp
N/A 10.127.34.25:139 tcp
N/A 10.127.34.26:139 tcp
N/A 10.127.34.32:139 tcp
N/A 10.127.34.34:139 tcp
N/A 10.127.34.36:139 tcp
N/A 10.127.34.37:139 tcp
N/A 10.127.34.43:139 tcp
N/A 10.127.34.44:139 tcp
N/A 10.127.34.47:139 tcp
N/A 10.127.34.49:139 tcp
N/A 10.127.34.58:139 tcp
N/A 10.127.34.63:139 tcp
N/A 10.127.34.64:139 tcp
N/A 10.127.34.68:139 tcp
N/A 10.127.34.70:139 tcp
N/A 10.127.34.71:139 tcp
N/A 10.127.34.72:139 tcp
N/A 10.127.34.73:139 tcp
N/A 10.127.34.74:139 tcp
N/A 10.127.34.75:139 tcp
N/A 10.127.34.76:139 tcp
N/A 10.127.34.77:139 tcp
N/A 10.127.34.78:139 tcp
N/A 10.127.34.79:139 tcp
N/A 10.127.34.80:139 tcp
N/A 10.127.34.81:139 tcp
N/A 10.127.34.82:139 tcp
N/A 10.127.34.83:139 tcp
N/A 10.127.34.84:139 tcp
N/A 10.127.34.85:139 tcp
N/A 10.127.34.86:139 tcp
N/A 10.127.34.87:139 tcp
N/A 10.127.34.88:139 tcp
N/A 10.127.34.89:139 tcp
N/A 10.127.34.90:139 tcp
N/A 10.127.34.91:139 tcp
N/A 10.127.34.92:139 tcp
N/A 10.127.34.93:139 tcp
N/A 10.127.34.94:139 tcp
N/A 10.127.34.95:139 tcp
N/A 10.127.34.96:139 tcp
N/A 10.127.34.97:139 tcp
N/A 10.127.34.98:139 tcp
N/A 10.127.34.99:139 tcp
N/A 10.127.34.100:139 tcp
N/A 10.127.34.101:139 tcp
N/A 10.127.34.102:139 tcp
N/A 10.127.34.103:139 tcp
N/A 10.127.34.104:139 tcp
N/A 10.127.34.105:139 tcp
N/A 10.127.34.106:139 tcp
N/A 10.127.34.107:139 tcp
N/A 10.127.34.108:139 tcp
N/A 10.127.34.109:139 tcp
N/A 10.127.34.110:139 tcp
N/A 10.127.34.111:139 tcp
N/A 10.127.34.112:139 tcp
N/A 10.127.34.113:139 tcp
N/A 10.127.34.114:139 tcp
N/A 10.127.34.115:139 tcp
N/A 10.127.34.116:139 tcp
N/A 10.127.34.117:139 tcp
N/A 10.127.34.118:139 tcp
N/A 10.127.34.119:139 tcp
N/A 10.127.34.120:139 tcp
N/A 10.127.34.121:139 tcp
N/A 10.127.34.122:139 tcp
N/A 10.127.34.123:139 tcp
N/A 10.127.34.124:139 tcp
N/A 10.127.34.125:139 tcp
N/A 10.127.34.126:139 tcp
N/A 10.127.34.127:139 tcp
N/A 10.127.34.128:139 tcp
N/A 10.127.34.129:139 tcp
N/A 10.127.34.130:139 tcp
N/A 10.127.34.131:139 tcp
N/A 10.127.34.132:139 tcp
N/A 10.127.34.137:139 tcp
N/A 10.127.34.138:139 tcp
N/A 10.127.34.139:139 tcp
N/A 10.127.34.140:139 tcp
N/A 10.127.34.141:139 tcp
N/A 10.127.34.142:139 tcp
N/A 10.127.34.143:139 tcp
N/A 10.127.34.144:139 tcp
N/A 10.127.34.145:139 tcp
N/A 10.127.34.146:139 tcp
N/A 10.127.34.147:139 tcp
N/A 10.127.34.148:139 tcp
N/A 10.127.34.149:139 tcp
N/A 10.127.34.150:139 tcp
N/A 10.127.34.151:139 tcp
N/A 10.127.34.152:139 tcp
N/A 10.127.34.153:139 tcp
N/A 10.127.34.154:139 tcp
N/A 10.127.34.155:139 tcp
N/A 10.127.34.156:139 tcp
N/A 10.127.34.157:139 tcp
N/A 10.127.34.158:139 tcp
N/A 10.127.34.159:139 tcp
N/A 10.127.34.160:139 tcp
N/A 10.127.34.161:139 tcp
N/A 10.127.34.162:139 tcp
N/A 10.127.34.163:139 tcp
N/A 10.127.34.164:139 tcp
N/A 10.127.34.165:139 tcp
N/A 10.127.34.166:139 tcp
N/A 10.127.34.167:139 tcp
N/A 10.127.34.168:139 tcp
N/A 10.127.34.169:139 tcp
N/A 10.127.34.170:139 tcp
N/A 10.127.34.171:139 tcp
N/A 10.127.34.172:139 tcp
N/A 10.127.34.173:139 tcp
N/A 10.127.34.174:139 tcp
N/A 10.127.34.175:139 tcp
N/A 10.127.34.176:139 tcp
N/A 10.127.34.177:139 tcp
N/A 10.127.34.178:139 tcp
N/A 10.127.34.179:139 tcp
N/A 10.127.34.180:139 tcp
N/A 10.127.34.181:139 tcp
N/A 10.127.34.182:139 tcp
N/A 10.127.34.183:139 tcp
N/A 10.127.34.184:139 tcp
N/A 10.127.34.185:139 tcp
N/A 10.127.34.186:139 tcp
N/A 10.127.34.187:139 tcp
N/A 10.127.34.188:139 tcp
N/A 10.127.34.189:139 tcp
N/A 10.127.34.190:139 tcp
N/A 10.127.34.191:139 tcp
N/A 10.127.34.192:139 tcp
N/A 10.127.34.193:139 tcp
N/A 10.127.34.196:139 tcp
N/A 10.127.34.197:139 tcp
N/A 10.127.34.198:139 tcp
N/A 10.127.34.199:139 tcp
N/A 10.127.34.201:139 tcp
N/A 10.127.34.204:139 tcp
N/A 10.127.34.206:139 tcp
N/A 10.127.34.207:139 tcp
N/A 10.127.34.208:139 tcp
N/A 10.127.34.209:139 tcp
N/A 10.127.34.210:139 tcp
N/A 10.127.34.211:139 tcp
N/A 10.127.34.212:139 tcp
N/A 10.127.34.213:139 tcp
N/A 10.127.34.214:139 tcp
N/A 10.127.34.215:139 tcp
N/A 10.127.34.216:139 tcp
N/A 10.127.34.217:139 tcp
N/A 10.127.34.218:139 tcp
N/A 10.127.34.219:139 tcp
N/A 10.127.34.220:139 tcp
N/A 10.127.34.221:139 tcp
N/A 10.127.34.222:139 tcp
N/A 10.127.34.223:139 tcp
N/A 10.127.34.224:139 tcp
N/A 10.127.34.225:139 tcp
N/A 10.127.34.226:139 tcp
N/A 10.127.34.227:139 tcp
N/A 10.127.34.228:139 tcp
N/A 10.127.34.229:139 tcp
N/A 10.127.34.230:139 tcp
N/A 10.127.34.231:139 tcp
N/A 10.127.34.232:139 tcp
N/A 10.127.34.233:139 tcp
N/A 10.127.34.234:139 tcp
N/A 10.127.34.235:139 tcp
N/A 10.127.34.236:139 tcp
N/A 10.127.34.237:139 tcp
N/A 10.127.34.238:139 tcp
N/A 10.127.34.239:139 tcp
N/A 10.127.34.240:139 tcp
N/A 10.127.34.241:139 tcp
N/A 10.127.34.242:139 tcp
N/A 10.127.34.243:139 tcp
N/A 10.127.34.244:139 tcp
N/A 10.127.34.245:139 tcp
N/A 10.127.34.246:139 tcp
N/A 10.127.34.247:139 tcp
N/A 10.127.34.248:139 tcp
N/A 10.127.34.249:139 tcp
N/A 10.127.34.250:139 tcp
N/A 10.127.34.251:139 tcp
N/A 10.127.34.252:139 tcp
N/A 10.127.34.253:139 tcp
N/A 10.127.34.254:139 tcp
N/A 10.127.34.255:139 tcp
N/A 10.127.35.0:139 tcp
N/A 10.127.35.1:139 tcp
N/A 10.127.35.22:139 tcp
N/A 10.127.35.70:139 tcp
N/A 10.127.35.7:139 tcp
N/A 10.127.35.69:139 tcp
N/A 10.127.35.68:139 tcp
N/A 10.127.35.17:139 tcp
N/A 10.127.35.15:139 tcp
N/A 10.127.35.18:139 tcp
N/A 10.127.35.76:139 tcp
N/A 10.127.35.8:139 tcp
N/A 10.127.35.149:139 tcp
N/A 10.127.35.140:139 tcp
N/A 10.127.35.67:139 tcp
N/A 10.127.35.10:139 tcp
N/A 10.127.35.134:139 tcp
N/A 10.127.35.21:139 tcp
N/A 10.127.35.142:139 tcp
N/A 10.127.35.194:139 tcp
N/A 10.127.35.204:139 tcp
N/A 10.127.35.196:139 tcp
N/A 10.127.35.137:139 tcp
N/A 10.127.35.4:139 tcp
N/A 10.127.35.146:139 tcp
N/A 10.127.35.139:139 tcp
N/A 10.127.35.153:139 tcp
N/A 10.127.35.2:139 tcp
N/A 10.127.35.9:139 tcp
N/A 10.127.35.12:139 tcp
N/A 10.127.35.136:139 tcp
N/A 10.127.35.193:139 tcp
N/A 10.127.35.66:139 tcp
N/A 10.127.35.71:139 tcp
N/A 10.127.35.133:139 tcp
N/A 10.127.35.5:139 tcp
N/A 10.127.35.19:139 tcp
N/A 10.127.35.6:139 tcp
N/A 10.127.35.205:139 tcp
N/A 10.127.35.130:139 tcp
N/A 10.127.35.209:139 tcp
N/A 10.127.35.16:139 tcp
N/A 10.127.35.3:139 tcp
N/A 10.127.35.13:139 tcp
N/A 10.127.35.198:139 tcp
N/A 10.127.35.14:139 tcp
N/A 10.127.35.197:139 tcp
N/A 10.127.35.75:139 tcp
N/A 10.127.35.150:139 tcp
N/A 10.127.35.132:139 tcp
N/A 10.127.35.143:139 tcp
N/A 10.127.35.65:139 tcp
N/A 10.127.35.145:139 tcp
N/A 10.127.35.20:139 tcp
N/A 10.127.35.129:139 tcp
N/A 10.127.35.11:139 tcp
N/A 10.127.35.138:139 tcp
N/A 10.127.35.154:139 tcp
N/A 10.127.35.208:139 tcp
N/A 10.127.35.135:139 tcp
N/A 10.127.35.147:139 tcp
N/A 10.127.35.151:139 tcp
N/A 10.127.35.152:139 tcp
N/A 10.127.35.199:139 tcp
N/A 10.127.35.201:139 tcp
N/A 10.127.35.210:139 tcp
N/A 10.127.35.200:139 tcp
N/A 10.127.35.141:139 tcp
N/A 10.127.35.148:139 tcp
N/A 10.127.35.144:139 tcp
N/A 10.127.35.202:139 tcp
N/A 10.127.35.131:139 tcp
N/A 10.127.35.195:139 tcp
N/A 10.127.35.207:139 tcp
N/A 10.127.35.203:139 tcp
N/A 10.127.35.206:139 tcp
N/A 10.127.35.177:139 tcp
N/A 10.127.35.185:139 tcp
N/A 10.127.35.217:139 tcp
N/A 10.127.35.181:139 tcp
N/A 10.127.35.220:139 tcp
N/A 10.127.35.218:139 tcp
N/A 10.127.35.170:139 tcp
N/A 10.127.35.174:139 tcp
N/A 10.127.35.168:139 tcp
N/A 10.127.35.191:139 tcp
N/A 10.127.35.180:139 tcp
N/A 10.127.35.219:139 tcp
N/A 10.127.35.178:139 tcp
N/A 10.127.35.165:139 tcp
N/A 10.127.35.212:139 tcp
N/A 10.127.35.184:139 tcp
N/A 10.127.35.187:139 tcp
N/A 10.127.35.161:139 tcp
N/A 10.127.35.176:139 tcp
N/A 10.127.35.163:139 tcp
N/A 10.127.35.166:139 tcp
N/A 10.127.35.183:139 tcp
N/A 10.127.35.215:139 tcp
N/A 10.127.35.160:139 tcp
N/A 10.127.35.164:139 tcp
N/A 10.127.35.157:139 tcp
N/A 10.127.35.169:139 tcp
N/A 10.127.35.173:139 tcp
N/A 10.127.35.190:139 tcp
N/A 10.127.35.214:139 tcp
N/A 10.127.35.158:139 tcp
N/A 10.127.35.167:139 tcp
N/A 10.127.35.156:139 tcp
N/A 10.127.35.171:139 tcp
N/A 10.127.35.162:139 tcp
N/A 10.127.35.192:139 tcp
N/A 10.127.35.155:139 tcp
N/A 10.127.35.175:139 tcp
N/A 10.127.35.188:139 tcp
N/A 10.127.35.189:139 tcp
N/A 10.127.35.186:139 tcp
N/A 10.127.35.172:139 tcp
N/A 10.127.35.213:139 tcp
N/A 10.127.35.182:139 tcp
N/A 10.127.35.211:139 tcp
N/A 10.127.35.216:139 tcp
N/A 10.127.35.159:139 tcp
N/A 10.127.35.179:139 tcp
N/A 10.127.35.23:139 tcp
N/A 10.127.35.24:139 tcp
N/A 10.127.35.25:139 tcp
N/A 10.127.35.26:139 tcp
N/A 10.127.35.27:139 tcp
N/A 10.127.35.28:139 tcp
N/A 10.127.35.29:139 tcp
N/A 10.127.35.30:139 tcp
N/A 10.127.35.31:139 tcp
N/A 10.127.35.32:139 tcp
N/A 10.127.35.33:139 tcp
N/A 10.127.35.34:139 tcp
N/A 10.127.35.35:139 tcp
N/A 10.127.35.36:139 tcp
N/A 10.127.35.37:139 tcp
N/A 10.127.35.38:139 tcp
N/A 10.127.35.39:139 tcp
N/A 10.127.35.40:139 tcp
N/A 10.127.35.41:139 tcp
N/A 10.127.35.42:139 tcp
N/A 10.127.35.43:139 tcp
N/A 10.127.35.44:139 tcp
N/A 10.127.35.45:139 tcp
N/A 10.127.35.46:139 tcp
N/A 10.127.35.47:139 tcp
N/A 10.127.35.48:139 tcp
N/A 10.127.35.49:139 tcp
N/A 10.127.35.50:139 tcp
N/A 10.127.35.51:139 tcp
N/A 10.127.35.52:139 tcp
N/A 10.127.35.53:139 tcp
N/A 10.127.35.54:139 tcp
N/A 10.127.35.55:139 tcp
N/A 10.127.35.56:139 tcp
N/A 10.127.35.57:139 tcp
N/A 10.127.35.58:139 tcp
N/A 10.127.35.59:139 tcp
N/A 10.127.35.60:139 tcp
N/A 10.127.35.61:139 tcp
N/A 10.127.35.62:139 tcp
N/A 10.127.35.63:139 tcp
N/A 10.127.35.64:139 tcp
N/A 10.127.35.72:139 tcp
N/A 10.127.35.73:139 tcp
N/A 10.127.35.74:139 tcp
N/A 10.127.35.77:139 tcp
N/A 10.127.35.78:139 tcp
N/A 10.127.35.79:139 tcp
N/A 10.127.35.80:139 tcp
N/A 10.127.35.81:139 tcp
N/A 10.127.35.82:139 tcp
N/A 10.127.35.83:139 tcp
N/A 10.127.35.84:139 tcp
N/A 10.127.35.85:139 tcp
N/A 10.127.35.86:139 tcp
N/A 10.127.35.87:139 tcp
N/A 10.127.35.88:139 tcp
N/A 10.127.35.89:139 tcp
N/A 10.127.35.90:139 tcp
N/A 10.127.35.91:139 tcp
N/A 10.127.35.92:139 tcp
N/A 10.127.35.93:139 tcp
N/A 10.127.35.94:139 tcp
N/A 10.127.35.95:139 tcp
N/A 10.127.35.96:139 tcp
N/A 10.127.35.97:139 tcp
N/A 10.127.35.98:139 tcp
N/A 10.127.35.99:139 tcp
N/A 10.127.35.100:139 tcp
N/A 10.127.35.101:139 tcp
N/A 10.127.35.102:139 tcp
N/A 10.127.35.103:139 tcp
N/A 10.127.35.104:139 tcp
N/A 10.127.35.105:139 tcp
N/A 10.127.35.106:139 tcp
N/A 10.127.35.107:139 tcp
N/A 10.127.35.108:139 tcp
N/A 10.127.35.109:139 tcp
N/A 10.127.35.110:139 tcp
N/A 10.127.35.111:139 tcp
N/A 10.127.35.112:139 tcp
N/A 10.127.35.113:139 tcp
N/A 10.127.35.114:139 tcp
N/A 10.127.35.115:139 tcp
N/A 10.127.35.116:139 tcp
N/A 10.127.35.117:139 tcp
N/A 10.127.35.118:139 tcp
N/A 10.127.35.119:139 tcp
N/A 10.127.35.120:139 tcp
N/A 10.127.35.121:139 tcp
N/A 10.127.35.122:139 tcp
N/A 10.127.35.123:139 tcp
N/A 10.127.35.124:139 tcp
N/A 10.127.35.125:139 tcp
N/A 10.127.35.126:139 tcp
N/A 10.127.35.127:139 tcp
N/A 10.127.35.128:139 tcp
N/A 10.127.35.221:139 tcp
N/A 10.127.35.222:139 tcp
N/A 10.127.35.223:139 tcp
N/A 10.127.35.224:139 tcp
N/A 10.127.35.225:139 tcp
N/A 10.127.35.226:139 tcp
N/A 10.127.35.227:139 tcp
N/A 10.127.35.228:139 tcp
N/A 10.127.35.229:139 tcp
N/A 10.127.35.230:139 tcp
N/A 10.127.35.231:139 tcp
N/A 10.127.35.232:139 tcp
N/A 10.127.35.233:139 tcp
N/A 10.127.35.234:139 tcp
N/A 10.127.35.235:139 tcp
N/A 10.127.35.236:139 tcp
N/A 10.127.35.237:139 tcp
N/A 10.127.35.238:139 tcp
N/A 10.127.35.239:139 tcp
N/A 10.127.35.240:139 tcp
N/A 10.127.35.241:139 tcp
N/A 10.127.35.242:139 tcp
N/A 10.127.35.243:139 tcp
N/A 10.127.35.244:139 tcp
N/A 10.127.35.245:139 tcp
N/A 10.127.35.246:139 tcp
N/A 10.127.35.247:139 tcp
N/A 10.127.35.248:139 tcp
N/A 10.127.35.249:139 tcp
N/A 10.127.35.250:139 tcp
N/A 10.127.35.251:139 tcp
N/A 10.127.35.252:139 tcp
N/A 10.127.35.253:139 tcp
N/A 10.127.35.254:139 tcp
N/A 10.127.35.255:139 tcp
N/A 10.127.36.0:139 tcp

Files

memory/3044-11-0x00000000005D0000-0x00000000006CE000-memory.dmp

memory/3044-23-0x00000000005D0000-0x00000000006CE000-memory.dmp

memory/3044-24-0x00000000005D0000-0x00000000006CE000-memory.dmp

memory/3044-25-0x0000000002EC0000-0x0000000003083000-memory.dmp

memory/3044-28-0x0000000002EC0000-0x0000000003083000-memory.dmp

memory/3044-27-0x0000000002EC0000-0x0000000003083000-memory.dmp

memory/3044-26-0x0000000002EC0000-0x0000000003083000-memory.dmp

memory/3044-36-0x00000000005D0000-0x00000000006CE000-memory.dmp

memory/3044-37-0x0000000002EC0000-0x0000000003083000-memory.dmp

memory/3044-40-0x00000000005D0000-0x00000000006CE000-memory.dmp

memory/3044-77-0x00000000005D0000-0x00000000006CE000-memory.dmp

C:\Users\Public\!!! READ THIS - IMPORTANT !!!.txt

MD5 8327d435b0664d16db85ceb198339c03
SHA1 dcc875e8ba7cc6f4d9f10aeadfc5fb166da70619
SHA256 e691efd7d97f0c86e6a97d76d47ef36d340ac8303640ee6f4e0c3e45fab532bf
SHA512 53cd337a8605ab80183ba2f62600c46f231340f67cf24dce2a9ec77fdfda72566a45ea3102d73265b9bd773543d902388b97d81bcf83b28ff9bdb0fe918d1661

memory/3044-49-0x00000000005D0000-0x00000000006CE000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini

MD5 9b62c42562b3116717908966f21530b9
SHA1 eb7c6eabf32d10e8dc8b50cd60794da6d62ceba7
SHA256 fd736f4ae046b3a9877b658b9194fc2370619bcbf2f599aefd5d298c098d715f
SHA512 240cf086fa61e8358d0365ac3c000ebcc91ce6661b872ff4f9e05a1aaa28d2c045d37a15c53f01fa0bdc259b85b6f95b36c9b50d5a26860a4aa48348a03a2215

memory/3044-20984-0x00000000005D0000-0x00000000006CE000-memory.dmp

memory/3044-20993-0x00000000005D0000-0x00000000006CE000-memory.dmp

memory/3044-21001-0x00000000005D0000-0x00000000006CE000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-22 17:01

Platform

win7-20240729-en

Max time kernel

316s

Max time network

317s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Box (2).exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Box (2).exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Box (2).exe

"C:\Users\Admin\AppData\Local\Temp\Box (2).exe"

Network

N/A

Files

memory/2132-0-0x000000007421E000-0x000000007421F000-memory.dmp

memory/2132-1-0x0000000000AB0000-0x0000000000B24000-memory.dmp

memory/2132-2-0x0000000074210000-0x00000000748FE000-memory.dmp

memory/2132-3-0x0000000074210000-0x00000000748FE000-memory.dmp

memory/2132-4-0x0000000074210000-0x00000000748FE000-memory.dmp

Analysis: behavioral28

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:54

Platform

win7-20240903-en

Max time kernel

357s

Max time network

358s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\c325092750dd55898c47be7ec8a7622c3bf8d1a79c40b160ef7901c2ef18f5db.apk

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\c325092750dd55898c47be7ec8a7622c3bf8d1a79c40b160ef7901c2ef18f5db.apk

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\c325092750dd55898c47be7ec8a7622c3bf8d1a79c40b160ef7901c2ef18f5db.apk

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\c325092750dd55898c47be7ec8a7622c3bf8d1a79c40b160ef7901c2ef18f5db.apk"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 d8544f6661ed67e1ffdecba3ab356ebc
SHA1 4f918020e3fd90f44137fc47544f8998295b1958
SHA256 bf12ade7a2d5a01f16a345b49d79b2956c8abcb0a8271bf34d22b619c080df55
SHA512 21abe3def166472f036e1e64b7a67be39c44297a5aea93d02a3dd8d1c3f79d6995a0a3b54f58e5a60cadd28a2024240baf7dbffd2560e7200ad381a602a301d2

Analysis: behavioral29

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:54

Platform

win7-20240903-en

Max time kernel

359s

Max time network

363s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c36c46f4de045ef332decc006694db6e.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c36c46f4de045ef332decc006694db6e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c36c46f4de045ef332decc006694db6e.exe

"C:\Users\Admin\AppData\Local\Temp\c36c46f4de045ef332decc006694db6e.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 44

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:39

Platform

win7-20240903-en

Max time kernel

464s

Max time network

454s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe"

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A checkip.dyndns.org N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FBB4C161-A95B-11EF-8F55-D60C98DC526F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438501668" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe

"C:\Users\Admin\AppData\Local\Temp\aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 checkip.dyndns.org udp
DE 193.122.6.168:80 checkip.dyndns.org tcp
NL 109.236.82.8:80 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 109.236.82.8:80 tcp
NL 109.236.82.8:80 tcp
NL 109.236.82.8:80 tcp
NL 109.236.82.8:80 tcp
NL 109.236.82.8:80 tcp

Files

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1846800975-3917212583-2893086201-1000\0f5007522459c86e95ffcc62f32308f1_f9da27c9-c625-43c3-9b3a-b1344b01e128

MD5 edda92de4349e1e294d7dc8e596dd1a5
SHA1 8f26c376cec4778ef13af1331ca53d417dd1e2fa
SHA256 e4f294f8093c7060221601b0a46a0411ea3330cf23220cb691f5db12398bbc0c
SHA512 67bbfb471e2ba597d75d2c9b7970db66b87f3fbbe197c88660142615f3dbab8b7b6595e1edf91fb51c89a897d6fda4f0627645d29db37099773f10f7805034fa

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1846800975-3917212583-2893086201-1000\0f5007522459c86e95ffcc62f32308f1_f9da27c9-c625-43c3-9b3a-b1344b01e128

MD5 02890a92a36ea2e463f643360f63539d
SHA1 0af4029cd1ecdf9e0c52e92ba257f7c4847e130f
SHA256 87ee17a05df08ff8d67310f9f32e93a00972ea3fbf40d830786722a6c0073dae
SHA512 cb413dd9ac74a1388eda6b120a3e474c9204b9810506dd54087b6e13e2529c68b9ac6c5dac2cdd43414dca1880ff91eacc35192f9c3509b8f2e67ac62d23185e

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1846800975-3917212583-2893086201-1000\0f5007522459c86e95ffcc62f32308f1_f9da27c9-c625-43c3-9b3a-b1344b01e128

MD5 4a27792bbd9f964ca9978b5240d29e29
SHA1 af2c85152c5b44a068397d75f065b810cf4c196b
SHA256 f4b44ac8dc00e0600a0dd847b95c2b9728d67d62f1151837990c91e0ad7f9c4a
SHA512 eb29f94d9efa4a9d829b26670189f086598b15af27b6526aaea5c3e1ac5c34d12a6c949a5154e86db77da157ae370b6e3c4e250989a1e75813195f5ed9e270c3

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1846800975-3917212583-2893086201-1000\0f5007522459c86e95ffcc62f32308f1_f9da27c9-c625-43c3-9b3a-b1344b01e128

MD5 d22c3886e09afb3e11cea5fc3a1223f4
SHA1 c53c44b0c669f34648224657877d550ca0150380
SHA256 fab590081bd9a87229c3f0203b7bbfd7c7c76d4e362e090d47f573838fdb07c1
SHA512 10852b4e4bcafe86887f2698ad08cfb33e6357549dd12e2db048e64489d85713230c7bdb83253cd393f48c4c0a5663964a8467248e7199e9aa369c090af4d3fb

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1846800975-3917212583-2893086201-1000\0f5007522459c86e95ffcc62f32308f1_f9da27c9-c625-43c3-9b3a-b1344b01e128

MD5 9b4feec15d7b40e0e570680e16e87c8d
SHA1 b6cc87c44636da88cc38145fb489246ea0d46804
SHA256 7fa218b867158327aae32dd33a74ccd74b1e24930bd60dcb5bcc5818715afc66
SHA512 f3b112b17f9e964d5e21723536e1fc7825ba0b5c33306623908b4850c7a475db0cd17fc24f67a010e8f4b272f7a2bc4f02c3f9da4af6d6ea05b83f2c83781cd6

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1846800975-3917212583-2893086201-1000\0f5007522459c86e95ffcc62f32308f1_f9da27c9-c625-43c3-9b3a-b1344b01e128

MD5 525efebbe394ff257cf65eca6a5b3a38
SHA1 bc90b4e8fb2c205f7158ef6511f5bdb21b9d15ab
SHA256 cef3c058b71a418885afbf1268315189284a7baabb40b18c70fb6add7dc575c4
SHA512 7db12a914b8299cc723a4be0a33d8e0189d1d00959733042cee95c6d9611d2c632fb7f31938e8287912d78b9b37825942c3a623d68fa56f11994a75e6c4405a9

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1846800975-3917212583-2893086201-1000\0f5007522459c86e95ffcc62f32308f1_f9da27c9-c625-43c3-9b3a-b1344b01e128

MD5 0937d62afc596fb759c2a2fea303866b
SHA1 e44ca084b944efd9a21216b564fed69c567b2465
SHA256 0ba631a295753c1c255049c16969a841b8afabb3c5454a8286053dbe7c497f47
SHA512 2218f6be26cfbe93cbc0a306aa677b96218a63317f609db990e2a06e031fba116fb2d06a7831f4f5591c8b928b9760d12c220499b63c141397f863c702130c39

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1846800975-3917212583-2893086201-1000\0f5007522459c86e95ffcc62f32308f1_f9da27c9-c625-43c3-9b3a-b1344b01e128

MD5 7fe64ca0527d050a3f52a7b60537f1b7
SHA1 4c4b6a8b0c0dd7ebba3d94943da0a2feb7593399
SHA256 05dc890299d921189b50df79280b7b40a6fb3642a40f98a292606994ce7c382f
SHA512 5d93ee6a210fd8fdce1c16daa4c7f443ee95bb7f0d57e8e6f1498fdeb07ca656d101a49eeb9d6ad0300343578e1247b00a5d7cf9edd56f82096ed75831d27f44

memory/1400-134-0x00000000004A0000-0x00000000004A2000-memory.dmp

memory/1400-136-0x00000000004B0000-0x00000000004B1000-memory.dmp

memory/1400-135-0x0000000002B80000-0x0000000002BE0000-memory.dmp

memory/1400-137-0x00000000004B0000-0x00000000004B1000-memory.dmp

memory/1400-138-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1400-140-0x00000000004B0000-0x00000000004B1000-memory.dmp

memory/1400-141-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab6C89.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar6D0A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e6ce18fec8334d52ff8da5a06041cec
SHA1 8305bc806755a06367265f44a6b19069ece0d6ee
SHA256 19e39d873762c13008877a9130a019e5f818a881cacf1db9d005cc27543f1a23
SHA512 f284b8a11f0b72a8742cbbd206bfc388af91a94fec382d2ff5a38635c04acd09333e21c0f9789fa0c445001dfebf9bffec10a1a564ab82e17f432501c6086bc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f9f39fc88234d5e5f39984c0ef616a0
SHA1 ea8f3e44be3738e9bcec906b4317e9904de6294b
SHA256 42b311b114419d318f812c5103841a49a5e67ffae2221020786c42a1ad1e72d8
SHA512 f4eb74ddb42057c91f03200a63a7927e66f31a25803227837acb883d8b58ab926acdd76ca77680217ed4600785cdc3f0a22c95c2eb8cadd06bf1a13db6c48897

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc968bb7dec8daee9f187ef3030a4c70
SHA1 b47ee6243192e24de7599b07607ddcc11c5396da
SHA256 cc406ee28727b1cd35c2e01be7a255d740939ccee6d59a4ea80fbcb5d49940a3
SHA512 06018385c574f4ac2e8937ddb1d2867f1cafd461ad4344791f74da10590b3fac5b1dc7c9544604b436414e8cea1bf993f12dc8eb47ab793762eb701334829a16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35632ff9fa4a6c41e1040789b1c01198
SHA1 5b07f5f8f9b5663d27b207c13f18fb75de8e139c
SHA256 bf06fe5195ed52c5854178c678b8d4e55edd6f7ddb677e937417181b7716f7be
SHA512 8cbdf92dbc5cdfc1733270383f1c88156c7afba444a55efa3139b318138c74ba791216c673ed457f96986574a207705ee4941a31d21ad0ffeb6d05cb9c7e356b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 555b9717ee6a1140635afd44f79384b5
SHA1 59c38609eab3906a2564b01e19cbadc4675c2765
SHA256 21aba0dbd07880b321277075588139ff7f0d5a04bd65e200c7c91906f1c7e80c
SHA512 187015123377e8b9c4fb7b1a71014e6903541f0d816134793b981f74a143024db074d4f28a446dab8fb7c185ed07d7949a6bf22fbec29b5ddc9a3bf587e1050c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 206ec54566e6200034413730d5b67bd9
SHA1 fee1a18e7136f44ad17a119f486406878e38f903
SHA256 59986b1e7c87c73086ef8d39534236dabeebdbb40273dd6bb89e846f5108c162
SHA512 059da9c4db7c0fc1e96621dc9d605149f2f873a3a621e30c4d5f605c9b37f503699fdd2eea544dcacc2d443fa31f6ee3167bcef7cb6533a70959b9cf925ced95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81f3059996d12b00cee4f46487d6bba0
SHA1 f15863a1dce42b33e627ac75f589ddad15ac75ee
SHA256 2f685bff378815d5202cfcea1fe04dd3847459b9ef80c7f1b7ba640835ecd304
SHA512 17da6c8768b931d24595514b4b27dd9a5d356df357a2a6a17204127befbbf9f9d5da4ee6dccb7afe00c75c0789f23c4bde755bdfad955bcb8b8d89ecb5af6fca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b750126466e86eb47d7c14deb29327e3
SHA1 0cbee7bdfe47e4627d3921c7d939cf5649a4aa21
SHA256 263356329e4c31741d31ced139ec194edc9803cd821636fb86d0d36034d942e9
SHA512 d8b4745233a355f9bff758a2a0fad327376701fd65072776606f2cf629076372d354e6775f6df93b177d54065a548d541fedc983091439859c758fd56d5f13f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18a24858827e18f2a04e89f0e3c8b3b3
SHA1 15c054e5de8ca18f7ca5f40c9fce0b4da826a15d
SHA256 cec5cf42e77aa9bc8752a69e7e5d41acdb8ec2d7fbf2ebd97be1eb0910317f03
SHA512 be4b232f2631eb70c99b49ad8fd89497ceb4ab08c702893fe465360253c84cd9f6a552dd0c417ed5ad23d65f768da0ea28b3f9ef098ec2057b73d8c07308e72a

memory/1400-613-0x0000000000400000-0x000000000043B000-memory.dmp

Analysis: behavioral26

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:53

Platform

win7-20240903-en

Max time kernel

361s

Max time network

368s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bldjad2.exe"

Signatures

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2376 set thread context of 3004 N/A C:\Users\Admin\AppData\Local\Temp\bldjad2.exe C:\Users\Admin\AppData\Local\Temp\bldjad2.exe

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\bldjad2.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bldjad2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bldjad2.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bldjad2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2376 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\bldjad2.exe C:\Users\Admin\AppData\Local\Temp\bldjad2.exe
PID 2376 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\bldjad2.exe C:\Users\Admin\AppData\Local\Temp\bldjad2.exe
PID 2376 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\bldjad2.exe C:\Users\Admin\AppData\Local\Temp\bldjad2.exe
PID 2376 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\bldjad2.exe C:\Users\Admin\AppData\Local\Temp\bldjad2.exe
PID 2376 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\bldjad2.exe C:\Users\Admin\AppData\Local\Temp\bldjad2.exe
PID 2376 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\bldjad2.exe C:\Users\Admin\AppData\Local\Temp\bldjad2.exe
PID 2376 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\bldjad2.exe C:\Users\Admin\AppData\Local\Temp\bldjad2.exe
PID 2376 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\bldjad2.exe C:\Users\Admin\AppData\Local\Temp\bldjad2.exe
PID 2376 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\bldjad2.exe C:\Users\Admin\AppData\Local\Temp\bldjad2.exe
PID 2376 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\bldjad2.exe C:\Users\Admin\AppData\Local\Temp\bldjad2.exe
PID 3004 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\bldjad2.exe C:\Windows\SysWOW64\WerFault.exe
PID 3004 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\bldjad2.exe C:\Windows\SysWOW64\WerFault.exe
PID 3004 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\bldjad2.exe C:\Windows\SysWOW64\WerFault.exe
PID 3004 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\bldjad2.exe C:\Windows\SysWOW64\WerFault.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bldjad2.exe

"C:\Users\Admin\AppData\Local\Temp\bldjad2.exe"

C:\Users\Admin\AppData\Local\Temp\bldjad2.exe

"C:\Users\Admin\AppData\Local\Temp\bldjad2.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 136

Network

N/A

Files

memory/2376-0-0x0000000000400000-0x0000000000456000-memory.dmp

memory/2376-1-0x0000000000020000-0x0000000000023000-memory.dmp

memory/3004-4-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3004-6-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/3004-8-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2376-13-0x0000000000020000-0x0000000000023000-memory.dmp

memory/2376-12-0x0000000000400000-0x0000000000456000-memory.dmp

memory/3004-11-0x0000000000400000-0x0000000000435000-memory.dmp

Analysis: behavioral24

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:53

Platform

win7-20240903-en

Max time kernel

590s

Max time network

358s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bldjad.ex1.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bldjad.ex1.exe

"C:\Users\Admin\AppData\Local\Temp\bldjad.ex1.exe"

Network

N/A

Files

memory/2532-0-0x0000000000220000-0x0000000000250000-memory.dmp

memory/2532-1-0x0000000000400000-0x0000000000430000-memory.dmp

Analysis: behavioral22

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:50

Platform

win7-20241023-en

Max time kernel

590s

Max time network

498s

Command Line

"C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_TDS=4F90A68A.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_TDS=4F90A68A.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\viwfdzrbjxmjwfg = "C:\\ProgramData\\gifwnuvkuqurnykafgnd.exe" C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_TDS=4F90A68A.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\viwfdzrbjxmjwfg = "C:\\ProgramData\\gifwnuvkuqurnykafgnd.exe" C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_TDS=4F90A68A.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\viwfdzrbjxmjwfg = "C:\\Windows\\gifwnuvkuqurnykafgnd.exe" C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_TDS=4F90A68A.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\viwfdzrbjxmjwfg = "C:\\Windows\\gifwnuvkuqurnykafgnd.exe" C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_TDS=4F90A68A.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\gifwnuvkuqurnykafgnd.exe C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_TDS=4F90A68A.exe N/A
File opened for modification C:\Windows\gifwnuvkuqurnykafgnd.exe C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_TDS=4F90A68A.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_TDS=4F90A68A.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_TDS=4F90A68A.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_TDS=4F90A68A.exe

"C:\Users\Admin\AppData\Local\Temp\be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_TDS=4F90A68A.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 trybesmart.in udp

Files

memory/2132-1-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2132-0-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2132-2-0x0000000000400000-0x0000000000426000-memory.dmp

memory/2132-3-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2132-7-0x0000000000400000-0x0000000000426000-memory.dmp

C:\ProgramData\fzgayukhbwtduzhgynavplcptiyvpder

MD5 57d33a330a27b0b43a43b7a7963bcdf5
SHA1 a115c8139129b57969477a15e418f67aa2073885
SHA256 334d9d9854790482436ea05c250bd8d8663d33417e0161279c50c973e79df430
SHA512 0bc0c8550e185bea68d69dc6e18469c95598285d5db9f27a3a0b28c93ce560a0ae95a35ce79544830e96903f6e5643559e97087ad764fe195dae861d0e92b26b

memory/2132-59-0x0000000000400000-0x0000000000426000-memory.dmp

memory/2132-78-0x0000000000400000-0x0000000000426000-memory.dmp

Analysis: behavioral32

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-23 05:56

Platform

win7-20241010-en

Max time kernel

312s

Max time network

319s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2124 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe
PID 2124 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe
PID 2124 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe
PID 2124 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe
PID 2124 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe
PID 2124 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe
PID 2124 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe
PID 2124 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe
PID 2124 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe
PID 2124 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe
PID 2124 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe

"C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe"

C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe

"C:\Users\Admin\AppData\Local\Temp\c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe"

Network

N/A

Files

memory/2892-0-0x0000000000400000-0x00000000004A0000-memory.dmp

memory/2892-5-0x0000000000400000-0x00000000004A0000-memory.dmp

memory/2892-4-0x0000000000400000-0x00000000004A0000-memory.dmp

memory/2892-3-0x0000000000400000-0x00000000004A0000-memory.dmp

memory/2892-2-0x0000000000400000-0x00000000004A0000-memory.dmp

memory/2892-1-0x0000000000400000-0x00000000004A0000-memory.dmp

memory/2892-8-0x0000000000400000-0x00000000004A0000-memory.dmp

memory/2892-6-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2892-11-0x0000000000400000-0x00000000004A0000-memory.dmp

memory/2892-12-0x0000000000400000-0x00000000004A0000-memory.dmp

memory/2892-10-0x0000000000400000-0x00000000004A0000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-22 03:09

Reported

2024-11-22 17:01

Platform

win7-20240903-en

Max time kernel

599s

Max time network

601s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a66dde22983583da6d3b1e5b9eb1e8fb019f5157eda508305942292c0d10fa43.exe"

Signatures

Deletes shadow copies

ransomware defense_evasion impact execution

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\odyzywug = "\"C:\\Windows\\aposocyz.exe\"" C:\Windows\SysWOW64\explorer.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\a66dde22983583da6d3b1e5b9eb1e8fb019f5157eda508305942292c0d10fa43.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2572 set thread context of 2084 N/A C:\Users\Admin\AppData\Local\Temp\a66dde22983583da6d3b1e5b9eb1e8fb019f5157eda508305942292c0d10fa43.exe C:\Windows\SysWOW64\explorer.exe

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\aposocyz.exe C:\Windows\SysWOW64\explorer.exe N/A
File created C:\Windows\aposocyz.exe C:\Windows\SysWOW64\explorer.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a66dde22983583da6d3b1e5b9eb1e8fb019f5157eda508305942292c0d10fa43.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\vssadmin.exe N/A

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PhishingFilter\EnabledV8 = "0" C:\Windows\SysWOW64\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PhishingFilter\EnabledV9 = "0" C:\Windows\SysWOW64\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Windows\SysWOW64\explorer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\a66dde22983583da6d3b1e5b9eb1e8fb019f5157eda508305942292c0d10fa43.exe

"C:\Users\Admin\AppData\Local\Temp\a66dde22983583da6d3b1e5b9eb1e8fb019f5157eda508305942292c0d10fa43.exe"

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\system32\explorer.exe"

C:\Windows\SysWOW64\vssadmin.exe

vssadmin.exe Delete Shadows /All /Quiet

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 piglexer.com udp
US 8.8.8.8:53 bemopron.netnonalowe.org udp

Files

memory/2084-3-0x0000000000080000-0x00000000000B8000-memory.dmp

memory/2084-2-0x0000000000080000-0x00000000000B8000-memory.dmp

memory/2084-5-0x0000000000080000-0x00000000000B8000-memory.dmp

C:\ProgramData\abekelataheficij\01000000

MD5 d6d1c8fbb124b1fb48ebfee6ebbc30cb
SHA1 8aadacd8913e4c51a1a6630335d896cc7d6aea55
SHA256 67691b9abbfb53e5d4a755077749fccc637219f5d1bef4b248f51c2c89eaa00d
SHA512 456433369157acb4b48f4b5fc2c7dd22a4930fb79e70ddc87af30e8708f34d8dbac5690ad649eaa82a3024184b75f4d9e2c1c0497617d7f9def8f57b6b8b577c

memory/2084-10-0x0000000000080000-0x00000000000B8000-memory.dmp

memory/2084-14-0x0000000000080000-0x00000000000B8000-memory.dmp

memory/2084-13-0x0000000000080000-0x00000000000B8000-memory.dmp

memory/2084-15-0x0000000000080000-0x00000000000B8000-memory.dmp

memory/2084-16-0x0000000000080000-0x00000000000B8000-memory.dmp

memory/2084-17-0x0000000000080000-0x00000000000B8000-memory.dmp