Last active
February 6, 2017 19:52
-
-
Save Rurik/d6d30c34a8dca1538ca00be510565c24 to your computer and use it in GitHub Desktop.
Noriben 1.7.0 Example Output (ZA)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -=] Sandbox Analysis Report generated by Noriben v1.7.0 | |
| -=] Developed by Brian Baskin: brian @@ thebaskins.com @bbaskin | |
| -=] The latest release can be found at https://github.com/Rurik/Noriben | |
| -=] Analysis time: 61.84 seconds | |
| Processes Created: | |
| ================== | |
| [CreateProcess] python.exe:2420 > "C:\malware\hehda.exe" [Child PID: 1764] | |
| [CreateProcess] hehda.exe:1764 > "%WinDir%\system32\cmd.exe" [Child PID: 692] | |
| [CreateProcess] services.exe:500 > "%WinDir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [Child PID: 1872] | |
| File Activity: | |
| ================== | |
| [CreateFolder] hehda.exe:1764 > C:\$Recycle.Bin\S-1-5-21-2905866499-540305738-3985726813-1000\$a8caf0b8de44cf9788e65a608c597466 | |
| [CreateFolder] hehda.exe:1764 > C:\$Recycle.Bin\S-1-5-21-2905866499-540305738-3985726813-1000\$a8caf0b8de44cf9788e65a608c597466\L | |
| [CreateFolder] hehda.exe:1764 > C:\$Recycle.Bin\S-1-5-21-2905866499-540305738-3985726813-1000\$a8caf0b8de44cf9788e65a608c597466\U | |
| [CreateFile] hehda.exe:1764 > C:\$Recycle.Bin\S-1-5-21-2905866499-540305738-3985726813-1000\$a8caf0b8de44cf9788e65a608c597466\@ [SHA256: 424861994c613a8840b7f8ef2dd9d044a4bf47b6dcaa63c3e60398e52d8096dd] | |
| [CreateFile] hehda.exe:1764 > C:\$Recycle.Bin\S-1-5-21-2905866499-540305738-3985726813-1000\$a8caf0b8de44cf9788e65a608c597466\n [SHA256: 8244ddfcba327a3f67a5582642c53241ee5e58d75808547cd74808bcded272d0] | |
| [CreateFolder] hehda.exe:1764 > C:\$Recycle.Bin\S-1-5-18 | |
| [CreateFolder] hehda.exe:1764 > C:\$Recycle.Bin\S-1-5-18\$a8caf0b8de44cf9788e65a608c597466 | |
| [CreateFolder] hehda.exe:1764 > C:\$Recycle.Bin\S-1-5-18\$a8caf0b8de44cf9788e65a608c597466\L | |
| [CreateFolder] hehda.exe:1764 > C:\$Recycle.Bin\S-1-5-18\$a8caf0b8de44cf9788e65a608c597466\U | |
| [CreateFile] hehda.exe:1764 > C:\$Recycle.Bin\S-1-5-18\$a8caf0b8de44cf9788e65a608c597466\@ [SHA256: 424861994c613a8840b7f8ef2dd9d044a4bf47b6dcaa63c3e60398e52d8096dd] | |
| [CreateFile] hehda.exe:1764 > C:\$Recycle.Bin\S-1-5-18\$a8caf0b8de44cf9788e65a608c597466\n [SHA256: 8244ddfcba327a3f67a5582642c53241ee5e58d75808547cd74808bcded272d0] | |
| [CreateFile] services.exe:500 > C:\$Recycle.Bin\S-1-5-18\$a8caf0b8de44cf9788e65a608c597466\@ [SHA256: 424861994c613a8840b7f8ef2dd9d044a4bf47b6dcaa63c3e60398e52d8096dd] | |
| [CreateFolder] services.exe:500 > C:\$Recycle.Bin\S-1-5-18\$a8caf0b8de44cf9788e65a608c597466\U | |
| [CreateFile] hehda.exe:1764 > C:\malware\hehda.exe [File no longer exists] | |
| [DeleteFile] cmd.exe:692 > C:\malware\hehda.exe | |
| [CreateFile] svchost.exe:860 > %WinDir%\Tasks\GoogleUpdateTaskMachineUA.job [SHA256: 98bee3ccb78de52e81f6daf28c5c4c7f7d004028d6f4ad39d747e4b661582bf8] | |
| Registry Activity: | |
| ================== | |
| [RegSetValue] hehda.exe:1764 > HKCU\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32\ThreadingModel = Both | |
| [RegSetValue] hehda.exe:1764 > HKCU\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32\(Default) = C:\$Recycle.Bin\S-1-5-21-2905866499-540305738-3985726813-1000\$a8caf0b8de44cf9788e65a608c597466\n. | |
| [RegDeleteKey] hehda.exe:1764 > HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} | |
| [RegDeleteValue] hehda.exe:1764 > HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\WinDefend\Type = 32 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\WinDefend\Start = 4 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\WinDefend\ErrorControl = 0 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\WinDefend\DeleteFlag = 1 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\WinDefend\Start = 4 | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\WinDefend\Parameters | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\WinDefend\Security | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\WinDefend\TriggerInfo\0 | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\WinDefend\TriggerInfo | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\WinDefend | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Type = 32 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Start = 4 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\ErrorControl = 0 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\DeleteFlag = 1 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Start = 4 | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\DomainProfile | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\PublicProfile | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\StandardProfile | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Defaults | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Epoch | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Epoch2 | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess\Parameters | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\SharedAccess | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\iphlpsvc\Type = 32 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\iphlpsvc\Start = 4 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\iphlpsvc\ErrorControl = 0 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\iphlpsvc\DeleteFlag = 1 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\iphlpsvc\Start = 4 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\wscsvc\Type = 32 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\wscsvc\Start = 4 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\wscsvc\ErrorControl = 0 | |
| [RegSetValue] svchost.exe:760 > HKLM\SOFTWARE\Microsoft\Security Center\cval = 0 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\wscsvc\DeleteFlag = 1 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\wscsvc\Start = 4 | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\iphlpsvc\config | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\iphlpsvc\Interfaces | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\iphlpsvc\Parameters\IPHTTPS | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{38D1F7D0-E838-449F-939D-3B85C5668161} | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3ADA1176-3FAF-468A-81A4-07673001A32D} | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{51F2B049-9BEE-402F-9048-6C2A3090E616} | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\iphlpsvc\Parameters\Isatap | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\iphlpsvc\Parameters\Teredo\{D720F9A5-495A-4E90-9F20-C20D5D91E5EB} | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\iphlpsvc\Parameters\Teredo | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\iphlpsvc\Parameters | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\iphlpsvc\Teredo | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\iphlpsvc | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\MpsSvc\Type = 32 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\MpsSvc\Start = 4 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\MpsSvc\ErrorControl = 0 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\MpsSvc\DeleteFlag = 1 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\MpsSvc\Start = 4 | |
| [RegSetValue] Explorer.EXE:1564 > HKCU\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.106\CheckSetting = 23 00 41 00 43 00 42 00 6C 00 6F 00 62 00 00 00 | |
| [RegSetValue] Explorer.EXE:1564 > HKCU\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101\CheckSetting = 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 | |
| [RegSetValue] Explorer.EXE:1564 > HKCU\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.103\CheckSetting = 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 | |
| [RegSetValue] Explorer.EXE:1564 > HKCU\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.100\CheckSetting = 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\MpsSvc\Parameters\PortKeywords\DHCP | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\MpsSvc\Parameters\PortKeywords\IPTLSIn | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\MpsSvc\Parameters\PortKeywords\IPTLSOut | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\MpsSvc\Parameters\PortKeywords\RPC-EPMap | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\MpsSvc\Parameters\PortKeywords\Teredo | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\MpsSvc\Parameters\PortKeywords | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\MpsSvc\Parameters | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\MpsSvc\Security | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\MpsSvc | |
| [RegSetValue] Explorer.EXE:1564 > HKCU\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102\CheckSetting = 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 | |
| [RegSetValue] Explorer.EXE:1564 > HKCU\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.104\CheckSetting = 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\wscsvc\Parameters | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\wscsvc\Security | |
| [RegDeleteKey] services.exe:500 > HKLM\System\CurrentControlSet\services\wscsvc | |
| [RegSetValue] hehda.exe:1764 > HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\(Default) = C:\$Recycle.Bin\S-1-5-18\$a8caf0b8de44cf9788e65a608c597466\n. | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\BFE\Type = 32 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\BFE\Start = 4 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\BFE\ErrorControl = 0 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\BFE\DeleteFlag = 1 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\BFE\Start = 4 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\Browser\Start = 2 | |
| [RegSetValue] services.exe:500 > HKLM\System\CurrentControlSet\services\PolicyAgent\Start = 2 | |
| [RegDeleteValue] GoogleUpdate.exe:1204 > HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass | |
| [RegDeleteValue] GoogleUpdate.exe:1204 > HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass | |
| [RegDeleteValue] GoogleUpdate.exe:1204 > HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName | |
| [RegDeleteValue] GoogleUpdate.exe:1204 > HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName | |
| [RegSetValue] GoogleUpdate.exe:1204 > HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = 0 | |
| [RegSetValue] GoogleUpdate.exe:1204 > HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = 1 | |
| [RegDeleteValue] GoogleUpdate.exe:1204 > HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass | |
| [RegDeleteValue] GoogleUpdate.exe:1204 > HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass | |
| [RegDeleteValue] GoogleUpdate.exe:1204 > HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName | |
| [RegDeleteValue] GoogleUpdate.exe:1204 > HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName | |
| [RegSetValue] GoogleUpdate.exe:1204 > HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = 0 | |
| [RegSetValue] GoogleUpdate.exe:1204 > HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = 1 | |
| [RegSetValue] svchost.exe:860 > HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3DE4B94-2532-4E1C-AD53-C8C9D04FF4B2}\DynamicInfo = 03 00 00 00 12 36 2A 05 1C 7A CF 01 93 F8 42 44 | |
| Network Traffic: | |
| ================== | |
| [UDP] System:4 > 192.168.1.255:137 | |
| [UDP] 192.168.1.102:137 > System:4 | |
| [UDP] svchost.exe:336 > 224.0.0.252:5355 | |
| [UDP] svchost.exe:336 > 192.168.1.1:53 | |
| [UDP] hehda.exe:1764 > 8.8.8.8:53 | |
| [UDP] hehda.exe:1764 > 83.133.123.20:53 | |
| [UDP] System:4 > 224.0.0.252:137 | |
| [UDP] System:4 > 192.168.1.1:137 | |
| [UDP] services.exe:500 > 75.202.94.7:16470 | |
| [UDP] services.exe:500 > 98.28.36.10:16470 | |
| [UDP] services.exe:500 > 173.28.32.12:16470 | |
| [UDP] services.exe:500 > 96.24.206.12:16470 | |
| [UDP] services.exe:500 > 174.140.125.252:16470 | |
| [UDP] services.exe:500 > 76.100.222.13:16470 | |
| [UDP] System:4 > 8.8.8.8:137 | |
| [UDP] services.exe:500 > 117.231.58.251:16470 | |
| [UDP] services.exe:500 > 24.209.162.250:16470 | |
| [UDP] services.exe:500 > 71.230.226.15:16470 | |
| [UDP] services.exe:500 > 68.197.73.246:16470 | |
| [UDP] System:4 > 83.133.123.20:137 | |
| [UDP] services.exe:500 > 76.177.76.18:16470 | |
| [UDP] services.exe:500 > 70.122.97.23:16470 | |
| [UDP] services.exe:500 > 220.100.0.245:16470 | |
| [UDP] services.exe:500 > 109.98.104.242:16470 | |
| [UDP] System:4 > 98.28.36.10:137 | |
| [UDP] System:4 > 75.202.94.7:137 | |
| [UDP] services.exe:500 > 190.44.192.241:16470 | |
| [UDP] services.exe:500 > 24.129.52.241:16470 | |
| [UDP] System:4 > 173.28.32.12:137 | |
| [UDP] System:4 > 96.24.206.12:137 | |
| [UDP] services.exe:500 > 24.239.44.241:16470 | |
| [UDP] services.exe:500 > 178.121.22.240:16470 | |
| [UDP] System:4 > 174.140.125.252:137 | |
| [UDP] System:4 > 76.100.222.13:137 | |
| [UDP] services.exe:500 > 67.191.145.23:16470 | |
| [UDP] services.exe:500 > 114.24.128.28:16470 | |
| [UDP] System:4 > 117.231.58.251:137 | |
| [UDP] System:4 > 24.209.162.250:137 | |
| [UDP] services.exe:500 > 83.154.37.239:16470 | |
| [UDP] services.exe:500 > 82.57.4.239:16470 | |
| [UDP] System:4 > 68.197.73.246:137 | |
| [UDP] System:4 > 71.230.226.15:137 | |
| [UDP] services.exe:500 > 68.35.193.237:16470 | |
| [UDP] services.exe:500 > 117.223.99.237:16470 | |
| [UDP] System:4 > 70.122.97.23:137 | |
| [UDP] System:4 > 76.177.76.18:137 | |
| [UDP] services.exe:500 > 112.163.106.236:16470 | |
| [UDP] services.exe:500 > 130.194.164.235:16470 | |
| [UDP] System:4 > 220.100.0.245:137 | |
| [UDP] System:4 > 109.98.104.242:137 | |
| [UDP] services.exe:500 > 67.166.35.234:16470 | |
| [UDP] services.exe:500 > 113.34.216.233:16470 | |
| [UDP] System:4 > 24.129.52.241:137 | |
| [UDP] System:4 > 190.44.192.241:137 | |
| [UDP] services.exe:500 > 71.42.126.232:16470 | |
| [UDP] services.exe:500 > 71.91.124.232:16470 | |
| [UDP] System:4 > 24.239.44.241:137 | |
| [UDP] System:4 > 178.121.22.240:137 | |
| [UDP] services.exe:500 > 86.122.45.232:16470 | |
| [UDP] services.exe:500 > 113.39.134.28:16470 | |
| [UDP] System:4 > 114.24.128.28:137 | |
| [UDP] System:4 > 67.191.145.23:137 | |
| [UDP] services.exe:500 > 89.102.154.29:16470 | |
| [UDP] services.exe:500 > 72.205.250.29:16470 | |
| [UDP] System:4 > 82.57.4.239:137 | |
| [UDP] System:4 > 83.154.37.239:137 | |
| [UDP] services.exe:500 > 109.238.108.226:16470 | |
| [UDP] services.exe:500 > 208.99.130.31:16470 | |
| [UDP] System:4 > 117.223.99.237:137 | |
| [UDP] System:4 > 68.35.193.237:137 | |
| [UDP] services.exe:500 > 108.183.77.224:16470 | |
| [UDP] services.exe:500 > 24.136.171.32:16470 | |
| [UDP] System:4 > 130.194.164.235:137 | |
| [UDP] System:4 > 112.163.106.236:137 | |
| [UDP] services.exe:500 > 68.207.82.33:16470 | |
| [UDP] services.exe:500 > 78.54.188.33:16470 | |
| [UDP] System:4 > 67.166.35.234:137 | |
| [UDP] System:4 > 113.34.216.233:137 | |
| [UDP] System:4 > 192.168.1.69:137 | |
| [UDP] services.exe:500 > 174.45.173.219:16470 | |
| [UDP] services.exe:500 > 78.63.213.218:16470 | |
| Unique Hosts: | |
| ================== | |
| 108.183.77.224 | |
| 109.238.108.226 | |
| 109.98.104.242 | |
| 112.163.106.236 | |
| 113.34.216.233 | |
| 113.39.134.28 | |
| 114.24.128.28 | |
| 117.223.99.237 | |
| 117.231.58.251 | |
| 130.194.164.235 | |
| 173.28.32.12 | |
| 174.140.125.252 | |
| 174.45.173.219 | |
| 178.121.22.240 | |
| 190.44.192.241 | |
| 192.168.1.1 | |
| 192.168.1.102 | |
| 192.168.1.255 | |
| 192.168.1.69 | |
| 208.99.130.31 | |
| 220.100.0.245 | |
| 224.0.0.252 | |
| 24.129.52.241 | |
| 24.136.171.32 | |
| 24.209.162.250 | |
| 24.239.44.241 | |
| 67.166.35.234 | |
| 67.191.145.23 | |
| 68.197.73.246 | |
| 68.207.82.33 | |
| 68.35.193.237 | |
| 70.122.97.23 | |
| 71.230.226.15 | |
| 71.42.126.232 | |
| 71.91.124.232 | |
| 72.205.250.29 | |
| 75.202.94.7 | |
| 76.100.222.13 | |
| 76.177.76.18 | |
| 78.54.188.33 | |
| 78.63.213.218 | |
| 8.8.8.8 | |
| 82.57.4.239 | |
| 83.133.123.20 | |
| 83.154.37.239 | |
| 86.122.45.232 | |
| 89.102.154.29 | |
| 96.24.206.12 | |
| 98.28.36.10 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment