28d344aa33b60dbae5419bb764c57a5c
This report is generated from a file or URL submitted to this webservice on June 1st 2018 17:30:16 (UTC) and action script Heavy Anti-Evasion
Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.10 © Hybrid Analysis
Incident Response
Risk Assessment
- Remote Access
-
Reads terminal service related keys (often RDP related)
Uses network protocols on unusual ports - Fingerprint
-
Reads the active computer name
Reads the cryptographic machine GUID - Spreading
- Detected a large number of ARP broadcast requests (network device lookup)
- Network Behavior
- Contacts 1 domain and 2648 hosts. View all details
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 13
-
External Systems
-
Detected Suricata Alert
- details
- Detected alert "ETPRO TROJAN Observed WannaCry Domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff .com in DNS Lookup)" (SID: 2830018, Rev: 1, Severity: 1) categorized as "A Network Trojan was detected" (Backdoor, ransomware, trojans, etc.)
- source
- Suricata Alerts
- relevance
- 10/10
-
Sample was identified as malicious by a large number of Antivirus engines
- details
- 54/66 Antivirus vendors marked sample as malicious (81% detection rate)
- source
- External System
- relevance
- 10/10
-
Sample was identified as malicious by at least one Antivirus engine
- details
- 54/66 Antivirus vendors marked sample as malicious (81% detection rate)
- source
- External System
- relevance
- 8/10
-
Detected Suricata Alert
-
Installation/Persistance
-
Creates a system file in windows directory
- details
-
"rundll32.exe" created file "%WINDIR%\mssecsvr.exe"
"mssecsvr.exe" created file "%WINDIR%\tasksche.exe" - source
- API Call
- relevance
- 7/10
-
Drops executable files to the Windows system directory
- details
-
File type "PE32 executable (GUI) Intel 80386 for MS Windows" was dropped at "%WINDIR%\mssecsvr.exe"
File type "PE32 executable (GUI) Intel 80386 for MS Windows" was dropped at "%WINDIR%\tasksche.exe" - source
- Binary File
- relevance
- 7/10
-
Spawns a process via the service control manager
- details
- Process "mssecsvr.exe" with commandline "-m security" (Show Process)
- source
- Monitored Target
- relevance
- 3/10
-
Creates a system file in windows directory
-
Network Related
-
Contacts very many different hosts
- details
- Contacted 60 (or more) hosts in at least 19 different countries
- source
- Network Traffic
- relevance
- 9/10
-
Detected a large number of ARP broadcast requests (network device lookup)
- details
- Attempt to find devices in networks: "192.168.56.1/32, 192.168.56.2/31, 192.168.56.4/30, 192.168.56.8/29, 192.168.56.16/28, 192.168.56.32/27, 192.168.56.64/26, 192.168.56.128/26, 192.168.56.192/27, 192.168.56.224/28, 192.168.56.240/29, 192.168.56.248/30, 192.168.56.252/31, 192.168.56.254/32"
- source
- Network Traffic
- relevance
- 10/10
-
Malicious artifacts seen in the context of a contacted host
- details
-
Found malicious artifacts related to "72.5.65.99": ...
URL: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/ (AV positives: 2/68 scanned on 05/31/2018 17:02:01)
URL: http://iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/ (AV positives: 1/67 scanned on 05/21/2018 14:34:19)
File SHA256: d4bd7f3241c2ef1924389d648de690cf11fbe6893ce3ecdfd521cc17cbbdcbea (AV positives: 56/65 scanned on 06/01/2018 14:47:56)
File SHA256: c7b5ec01eb8aaaa560fa3ff36bee415a25b200b7bccfe99685c82fb49831c6e4 (AV positives: 57/66 scanned on 06/01/2018 04:33:17)
File SHA256: 3f1c0fa478d499c31abd5065f82fc4cd7ca3711d9a943f45aff11922c44059be (AV positives: 57/65 scanned on 06/01/2018 04:32:38)
File SHA256: 798dc2b121be588c807b1e45420f6a760d2afaad82e2e4c7737465ea1cf85ef9 (AV positives: 58/66 scanned on 06/01/2018 02:33:36)
File SHA256: 3a3d4557f2947bc8140184c287c32c2905f2009930f61767296b010b6cc77d7e (AV positives: 58/66 scanned on 05/31/2018 19:12:56)
File SHA256: caea162e3be49493dc23423facee1eb0a1ab7667ab730ea524a041180525b470 (Date: 05/30/2018 13:56:00)
File SHA256: 60778aae3901e2fdb9d44bd101648256316cf89a58e09ddc7f6fed778ef040f1 (Date: 05/29/2018 17:05:04)
File SHA256: 45ea72b2819ce122584d9e5384e616914cb8e58af30a924439e5e14edb973697 (Date: 05/29/2018 08:43:23)
File SHA256: eddafc07f927d2b129408ae25fd4c813b952e0b86c73f4bc42fa0954a35dfb46 (Date: 05/28/2018 15:53:23)
File SHA256: 0d2ad5983ce5c9499fe0496e9e04664bdeec8fbfd0323f1dd8bda628809976d6 (Date: 05/28/2018 11:22:13) - source
- Network Traffic
- relevance
- 10/10
-
Uses network protocols on unusual ports
- details
-
TCP traffic to 202.151.171.37 on port 62464
TCP traffic to 81.94.214.80 on port 62476
TCP traffic to 208.62.225.68 on port 62485
TCP traffic to 108.40.206.111 on port 62489
TCP traffic to 203.249.143.191 on port 62497
TCP traffic to 48.58.72.204 on port 62502
TCP traffic to 165.60.21.177 on port 62510
TCP traffic to 62.95.59.226 on port 62511
TCP traffic to 150.209.225.245 on port 62512
TCP traffic to 28.220.230.36 on port 62522
TCP traffic to 219.162.37.153 on port 62525
TCP traffic to 202.72.35.114 on port 62526
TCP traffic to 35.14.23.142 on port 62531
TCP traffic to 24.10.215.65 on port 62535
TCP traffic to 199.125.118.1 on port 62539
TCP traffic to 97.40.254.95 on port 62541
TCP traffic to 31.107.133.123 on port 62544
TCP traffic to 24.144.17.26 on port 62546
TCP traffic to 144.117.153.156 on port 62550
TCP traffic to 142.69.169.10 on port 62553
TCP traffic to 177.232.154.209 on port 62557
TCP traffic to 66.133.67.107 on port 62558
TCP traffic to 86.140.112.155 on port 62560
TCP traffic to 45.220.170.131 on port 62562
TCP traffic to 66.233.136.69 on port 62565
TCP traffic to 70.65.53.153 on port 62567
TCP traffic to 115.158.142.20 on port 62573
TCP traffic to 210.84.219.196 on port 62577
TCP traffic to 108.114.97.223 on port 62578
TCP traffic to 97.73.169.49 on port 62580
TCP traffic to 6.85.4.21 on port 62581
TCP traffic to 180.155.19.136 on port 62584
TCP traffic to 74.198.175.211 on port 62589
TCP traffic to 173.251.130.214 on port 62591
TCP traffic to 57.220.37.114 on port 62593
TCP traffic to 99.133.144.127 on port 62594
TCP traffic to 82.243.116.113 on port 62596
TCP traffic to 104.31.68.113 on port 62598
TCP traffic to 59.85.188.60 on port 62606
TCP traffic to 178.59.115.254 on port 62607
TCP traffic to 100.185.20.208 on port 62609
TCP traffic to 209.85.7.19 on port 62610
TCP traffic to 165.251.52.115 on port 62611
TCP traffic to 31.212.46.70 on port 62612
TCP traffic to 31.161.123.241 on port 62615
TCP traffic to 33.142.253.129 on port 62624
TCP traffic to 209.50.239.234 on port 62625
TCP traffic to 22.25.170.147 on port 62626
TCP traffic to 9.38.77.63 on port 62627
TCP traffic to 198.6.67.208 on port 62628 - source
- Network Traffic
- relevance
- 7/10
-
Contacts very many different hosts
-
Pattern Matching
-
YARA signature match
- details
-
YARA signature "MS17_010_WanaCry_worm" classified file "28d344aa33b60dbae5419bb764c57a5c.dll.bin" as "ransomware,wcry,wannacry,wanacrypt0r" based on indicators: "PC NETWORK PROGRAM 1.0,LANMAN1.0,Windows for Workgroups 3.1a,__TREEID__PLACEHOLDER__,__USERID__PLACEHOLDER__,h6agLCqPqVyXi2VSQ8O6Yb9ijBX54j,h54WfF9cGigWFEx92bzmOd0UOaZlM,tpGFEoLOU6+5I78Toh/nHs/RAP" (Reference: https://www.exploit-db.com/exploits/41987/, Author: Felipe Molina (@felmoltor))
YARA signature "WannaDecryptor" classified file "28d344aa33b60dbae5419bb764c57a5c.dll.bin" as "ransomware,wcry,wannacry,wanacrypt0r" based on indicators: "r.wnry,s.wnry,t.wnry,msg/m_"
YARA signature "WannaCry_RansomwareEx" classified file "28d344aa33b60dbae5419bb764c57a5c.dll.bin" as "ransomware,wcry,wannacry,wanacrypt0r" based on indicators: "icacls . /grant Everyone:F /T /C /Q,tasksche.exe,Global\MsWinZonesCacheCounterMutexA,WNcry@2ol7,C:\%s\qeriuwjhrf,C:\%s\%s,cmd.exe /c "%s",msg/m_portuguese.wnry,5c005c003100390032002e003100360038002e00350036002e00320030005c004900500043002400,5c005c003100370032002e00310036002e00390039002e0035005c004900500043002400,10ac720d3dffff1fac7706b801000000,4424648ac64424650ec644246680c644,18df6c2414dc64242cdc6c245cdc1588" (Reference: https://goo.gl/HG2j5T, Author: Florian Roth (with the help of binar.ly))
YARA signature "WannaDecryptor" classified file "tasksche.exe" as "ransomware,wcry,wannacry,wanacrypt0r" based on indicators: "r.wnry,s.wnry,t.wnry,msg/m_"
YARA signature "MS17_010_WanaCry_worm" classified file "mssecsvr.exe" as "ransomware,wcry,wannacry,wanacrypt0r" based on indicators: "PC NETWORK PROGRAM 1.0,LANMAN1.0,Windows for Workgroups 3.1a,__TREEID__PLACEHOLDER__,__USERID__PLACEHOLDER__,h6agLCqPqVyXi2VSQ8O6Yb9ijBX54j,h54WfF9cGigWFEx92bzmOd0UOaZlM,tpGFEoLOU6+5I78Toh/nHs/RAP" (Reference: https://www.exploit-db.com/exploits/41987/, Author: Felipe Molina (@felmoltor))
YARA signature "WannaDecryptor" classified file "mssecsvr.exe" as "ransomware,wcry,wannacry,wanacrypt0r" based on indicators: "r.wnry,s.wnry,t.wnry,msg/m_"
YARA signature "WannaCry_RansomwareEx" classified file "mssecsvr.exe" as "ransomware,wcry,wannacry,wanacrypt0r" based on indicators: "icacls . /grant Everyone:F /T /C /Q,tasksche.exe,Global\MsWinZonesCacheCounterMutexA,WNcry@2ol7,C:\%s\qeriuwjhrf,C:\%s\%s,cmd.exe /c "%s",msg/m_portuguese.wnry,5c005c003100390032002e003100360038002e00350036002e00320030005c004900500043002400,5c005c003100370032002e00310036002e00390039002e0035005c004900500043002400,10ac720d3dffff1fac7706b801000000,4424648ac64424650ec644246680c644,18df6c2414dc64242cdc6c245cdc1588" (Reference: https://goo.gl/HG2j5T, Author: Florian Roth (with the help of binar.ly))
YARA signature "WannaCry_Ransomware_Gen" classified file "mssecsvr.exe" as "ransomware,wcry,wannacry,wanacrypt0r" based on indicators: "__TREEID__PLACEHOLDER__,__USERID__PLACEHOLDER__,Windows for Workgroups 3.1a,PC NETWORK PROGRAM 1.0,LANMAN1.0" (Reference: https://www.us-cert.gov/ncas/alerts/TA17-132A, Author: Florian Roth (based on rule by US CERT))
YARA signature "MS17_010_WanaCry_worm" classified file "all.bstring" as "ransomware,wcry,wannacry,wanacrypt0r" based on indicators: "PC NETWORK PROGRAM 1.0,LANMAN1.0,Windows for Workgroups 3.1a,__TREEID__PLACEHOLDER__,__USERID__PLACEHOLDER__,h6agLCqPqVyXi2VSQ8O6Yb9ijBX54j,h54WfF9cGigWFEx92bzmOd0UOaZlM,tpGFEoLOU6+5I78Toh/nHs/RAP" (Reference: https://www.exploit-db.com/exploits/41987/, Author: Felipe Molina (@felmoltor))
YARA signature "WannaCry_Ransomware_Gen" classified file "all.bstring" as "ransomware,wcry,wannacry,wanacrypt0r" based on indicators: "__TREEID__PLACEHOLDER__,__USERID__PLACEHOLDER__,Windows for Workgroups 3.1a,PC NETWORK PROGRAM 1.0,LANMAN1.0" (Reference: https://www.us-cert.gov/ncas/alerts/TA17-132A, Author: Florian Roth (based on rule by US CERT)) - source
- YARA Signature
- relevance
- 10/10
-
YARA signature match
-
Unusual Characteristics
-
Checks for a resource fork (ADS) file
- details
- "mssecsvr.exe" checked file "C:"
- source
- API Call
- relevance
- 5/10
-
Checks for a resource fork (ADS) file
-
Hiding 1 Malicious Indicators
- All indicators are available only in the private webservice or standalone version
-
Suspicious Indicators 25
-
Anti-Detection/Stealthyness
-
Contains ability to open/control a service
- details
-
OpenServiceA@ADVAPI32.DLL from mssecsvr.exe (PID: 3404) (Show Stream)
OpenServiceA@ADVAPI32.DLL from mssecsvr.exe (PID: 2072) (Show Stream)
OpenServiceA@ADVAPI32.DLL from mssecsvr.exe (PID: 2072) (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 8/10
-
Queries kernel debugger information
- details
-
"mssecsvr.exe" at 00015115-00003404-00000105-34315130148
"mssecsvr.exe" at 00015637-00002072-00000105-48302271299 - source
- API Call
- relevance
- 6/10
-
Queries the internet cache settings (often used to hide footprints in index.dat or internet cache)
- details
- "mssecsvr.exe" (Access type: "QUERYVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "DISABLECACHINGOFSSLPAGES"; Value: "00000000040000000400000000000000")
- source
- Registry Access
- relevance
- 3/10
-
Contains ability to open/control a service
-
Anti-Reverse Engineering
-
PE file has unusual entropy sections
- details
-
.rsrc
.text
.rdata
.data
.rsrc with unusual entropies 7.37195711977
7.6297562238
7.99151554424
7.96571647895
7.98770497221 - source
- Static Parser
- relevance
- 10/10
-
PE file has unusual entropy sections
-
Environment Awareness
-
Reads the active computer name
- details
- "mssecsvr.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
- source
- Registry Access
- relevance
- 5/10
-
Reads the cryptographic machine GUID
- details
- "mssecsvr.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
- source
- Registry Access
- relevance
- 10/10
-
Reads the active computer name
-
External Systems
-
Found an IP/URL artifact that was identified as malicious by at least one reputation engine
- details
- 2/68 reputation engines marked "http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com" as malicious (2% detection rate)
- source
- External System
- relevance
- 10/10
-
Found an IP/URL artifact that was identified as malicious by at least one reputation engine
-
General
-
Contains ability to find and load resources of a specific module
- details
-
FindResourceA@KERNEL32.DLL from mssecsvr.exe (PID: 3404) (Show Stream)
FindResourceA@KERNEL32.DLL from mssecsvr.exe (PID: 2072) (Show Stream)
FindResourceA@KERNEL32.DLL from mssecsvr.exe (PID: 2072) (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 1/10
-
Contains ability to find and load resources of a specific module
-
Installation/Persistance
-
Drops executable files
- details
-
"mssecsvr.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"tasksche.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows" - source
- Binary File
- relevance
- 10/10
-
Drops executable files
-
Network Related
-
Detected increased number of ARP broadcast requests (network device lookup)
- details
- Attempt to find devices in networks: "192.168.56.2/31, 192.168.56.4/30, 192.168.56.8/29, 192.168.56.16/31, 192.168.56.18/32, ..."
- source
- Network Traffic
- relevance
- 10/10
-
Found potential IP address in binary/memory
- details
-
Heuristic match: "\\192.168.56.20\IPC$"
Heuristic match: "\\172.16.99.5\IPC$" - source
- File/Memory
- relevance
- 3/10
-
Detected increased number of ARP broadcast requests (network device lookup)
-
Pattern Matching
-
Contains ability to download files from the internet
- details
-
recv@WS2_32.DLL from mssecsvr.exe (PID: 3404) (Show Stream)
recv@WS2_32.DLL from mssecsvr.exe (PID: 3404) (Show Stream)
recv@WS2_32.DLL from mssecsvr.exe (PID: 3404) (Show Stream)
recv@WS2_32.DLL from mssecsvr.exe (PID: 3404) (Show Stream)
recv@WS2_32.DLL from mssecsvr.exe (PID: 3404) (Show Stream)
recv@WS2_32.DLL from mssecsvr.exe (PID: 2072) (Show Stream)
recv@WS2_32.DLL from mssecsvr.exe (PID: 2072) (Show Stream)
recv@WS2_32.DLL from mssecsvr.exe (PID: 2072) (Show Stream)
recv@WS2_32.DLL from mssecsvr.exe (PID: 2072) (Show Stream)
recv@WS2_32.DLL from mssecsvr.exe (PID: 2072) (Show Stream)
recv@WS2_32.DLL from mssecsvr.exe (PID: 2072) (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 10/10
-
Contains ability to download files from the internet
-
Ransomware/Banking
-
Contains many references to file extensions (often found in ransomware)
- details
-
Found reference to a lot of file extensions: .sqlitedb
.der
.key
.csr
.pem
.ott
.stw
.3ds
.3dm
.ots
.stc
.slk
.odp
.sxd
.uop
.otg
.mml
.lay6
.sqlite3
.accdb
.db
.odb
.myd
.ibd
.ldf
.cpp
.asm
.cmd
.vb
.dip
.sch
.asp
.java
.class
.mp3
.swf
.wmv
.vob
.avi
.mp4
.mkv
.flv
.mid
.m4u
.ai
.nef
.cgm
.gif
.bmp
.jpeg
.rar
.gz
.tar
.tbk
.PAQ
.aes
.vmx
.sldm
.sti
.602
.pdf
.wks
.rtf
.txt
.edb - source
- File/Memory
- relevance
- 10/10
-
Contains many references to file extensions (often found in ransomware)
-
Remote Access Related
-
Reads terminal service related keys (often RDP related)
- details
- "mssecsvr.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
- source
- Registry Access
- relevance
- 10/10
-
Reads terminal service related keys (often RDP related)
-
Spyware/Information Retrieval
-
Found an instsant messenger related domain
- details
- "||jiwire.com^$third-party" (Indicator: "wire.com"; File: "28d344aa33b60dbae5419bb764c57a5c.dll.bin")
- source
- File/Memory
- relevance
- 10/10
-
Found an instsant messenger related domain
-
System Destruction
-
Opens file with deletion access rights
- details
- "mssecsvr.exe" opened "%WINDIR%\tasksche.exe" with delete access
- source
- API Call
- relevance
- 7/10
-
Opens file with deletion access rights
-
System Security
-
Modifies proxy settings
- details
-
"mssecsvr.exe" (Access type: "SETVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYENABLE"; Value: "00000000")
"mssecsvr.exe" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYSERVER")
"mssecsvr.exe" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYOVERRIDE")
"mssecsvr.exe" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
"mssecsvr.exe" (Access type: "DELETEVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
"mssecsvr.exe" (Access type: "SETVAL"; Path: "HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYENABLE"; Value: "00000000")
"mssecsvr.exe" (Access type: "DELETEVAL"; Path: "HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYSERVER")
"mssecsvr.exe" (Access type: "DELETEVAL"; Path: "HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYOVERRIDE")
"mssecsvr.exe" (Access type: "DELETEVAL"; Path: "HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS") - source
- Registry Access
- relevance
- 10/10
-
Queries sensitive IE security settings
- details
- "mssecsvr.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY"; Key: "DISABLESECURITYSETTINGSCHECK")
- source
- Registry Access
- relevance
- 8/10
-
Modifies proxy settings
-
Unusual Characteristics
-
Imports suspicious APIs
- details
-
CreateProcessA
LockResource
WriteFile
CreateFileA
FindResourceA
CreateServiceA
StartServiceA
StartServiceCtrlDispatcherA
GetModuleFileNameA
GetStartupInfoA
GetFileSize
GetProcAddress
GetModuleHandleA
GetModuleHandleW
Sleep
GetTickCount
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
socket
recv
send
WSAStartup
connect
closesocket - source
- Static Parser
- relevance
- 1/10
-
Installs hooks/patches the running process
- details
-
"rundll32.exe" wrote bytes "88eaa6751656a77581eca6754557a6753105a675ca9ea675cda6a6758220a275000000009498a47651c1a476ee9ca476ec32ae7654d3a57600000000" to virtual address "0x10002000" (part of module "28D344AA33B60DBAE5419BB764C57A5C.DLL")
"mssecsvr.exe" wrote bytes "fae6f076e1a6f5762e71f576ee29f57685e2f0766da0f57626e4f076d16df576003df376804bf37600000000ad374c758b2d4c75b6414c7500000000" to virtual address "0x742A1000" (part of module "WSHTCPIP.DLL")
"mssecsvr.exe" wrote bytes "c04ef3762054f476e065f476b538f5760000000000d0a67500000000c5eaa6750000000088eaa67500000000e968ec748228f576ee29f57600000000d269ec74000000007dbba6750000000009beec7400000000ba18a67500000000" to virtual address "0x77051000" (part of module "NSI.DLL")
"mssecsvr.exe" wrote bytes "e739f176e1a6f5762e71f576ee29f57685e2f0766da0f5769064f4763ad5fb7626e4f076d16df576003df376804bf37600000000ad374c758b2d4c75b6414c7500000000" to virtual address "0x747C1000" (part of module "WSHIP6.DLL") - source
- Hook Detection
- relevance
- 10/10
-
Imports suspicious APIs
-
Hiding 5 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version
-
Informative 14
-
External Systems
-
Detected Suricata Alert
- details
- Detected alert "ET INFO Windows OS Submitting USB Metadata to Microsoft" (SID: 2025275, Rev: 1, Severity: 3) categorized as "Misc activity"
- source
- Suricata Alerts
- relevance
- 10/10
-
Detected Suricata Alert
-
General
-
Contacts domains
- details
- "www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com"
- source
- Network Traffic
- relevance
- 1/10
-
Contacts server
- details
-
"72.5.65.99:80"
"202.151.171.37:62464"
"81.94.214.80:62476"
"208.62.225.68:62485"
"108.40.206.111:62489"
"203.249.143.191:62497"
"48.58.72.204:62502"
"165.60.21.177:62510"
"62.95.59.226:62511"
"150.209.225.245:62512"
"28.220.230.36:62522"
"219.162.37.153:62525"
"202.72.35.114:62526"
"35.14.23.142:62531"
"24.10.215.65:62535"
"199.125.118.1:62539"
"97.40.254.95:62541"
"31.107.133.123:62544"
"24.144.17.26:62546"
"144.117.153.156:62550" - source
- Network Traffic
- relevance
- 1/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
"Local\ZonesCacheCounterMutex"
"Local\ZonesLockedCacheCounterMutex"
"\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex" - source
- Created Mutant
- relevance
- 3/10
-
GETs files from a webserver
- details
- "GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cache"
- source
- Network Traffic
- relevance
- 5/10
-
Process launched with changed environment
- details
-
Process "mssecsvr.exe" (Show Process) was launched with modified environment variables: "LOCALAPPDATA, TMP, USERDOMAIN, USERNAME, Path, USERPROFILE, TEMP, APPDATA"
Process "mssecsvr.exe" (Show Process) was launched with missing environment variables: "PROMPT, LOGONSERVER, HOMEPATH, HOMEDRIVE" - source
- Monitored Target
- relevance
- 10/10
-
Spawns new processes
- details
-
Spawned process "rundll32.exe" with commandline ""C:\28d344aa33b60dbae5419bb764c57a5c.dll",PlayGame" (Show Process)
Spawned process "mssecsvr.exe" (Show Process)
Spawned process "mssecsvr.exe" with commandline "-m security" (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Contacts domains
-
Installation/Persistance
-
Dropped files
- details
-
"mssecsvr.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"tasksche.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows" - source
- Binary File
- relevance
- 3/10
-
Touches files in the Windows directory
- details
-
"mssecsvr.exe" touched file "C:\Windows\Globalization\Sorting\SortDefault.nls"
"mssecsvr.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\counters.dat"
"mssecsvr.exe" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files"
"mssecsvr.exe" touched file "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Cookies"
"mssecsvr.exe" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\History"
"mssecsvr.exe" touched file "C:\Windows\System32\rsaenh.dll"
"mssecsvr.exe" touched file "C:\Windows\System32\wshqos.dll"
"mssecsvr.exe" touched file "C:\Windows\tasksche.exe"
"mssecsvr.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\counters.dat"
"mssecsvr.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files"
"mssecsvr.exe" touched file "%APPDATA%\Microsoft\Windows\Cookies"
"mssecsvr.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\History"
"mssecsvr.exe" touched file "%WINDIR%\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat"
"mssecsvr.exe" touched file "%WINDIR%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files"
"mssecsvr.exe" touched file "%WINDIR%\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies"
"mssecsvr.exe" touched file "%WINDIR%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History" - source
- API Call
- relevance
- 7/10
-
Dropped files
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com"
Pattern match: "ssp.kshb/$third-party"
Pattern match: "doubleclick.net/N6872/pfadx/shaw.mylifetimetv.ca/$third-party"
Pattern match: "doubleclick.net/pfadx/*.ABC.com/$third-party"
Pattern match: "doubleclick.net/pfadx/*.BLIPTV/$third-party"
Pattern match: "doubleclick.net/pfadx/*.ESPN/$third-party"
Pattern match: "doubleclick.net/pfadx/*.MCNONLINE/$third-party"
Pattern match: "doubleclick.net/pfadx/*.MTV-Viacom/$third-party"
Pattern match: "doubleclick.net/pfadx/*.mtvi$third-party"
Pattern match: "doubleclick.net/pfadx/*.muzu/$third-party"
Pattern match: "doubleclick.net/pfadx/*.nbc.com/$third-party"
Pattern match: "doubleclick.net/pfadx/*.NBCUNI.COM/$third-party"
Pattern match: "doubleclick.net/pfadx/*.NBCUNIVERSAL-CNBC/$third-party"
Pattern match: "doubleclick.net/pfadx/*.NBCUNIVERSAL/$third-party"
Pattern match: "doubleclick.net/pfadx/*.reuters/$third-party"
Pattern match: "doubleclick.net/pfadx/*.sevenload.com_$third-party"
Pattern match: "doubleclick.net/pfadx/*.VIACOMINTERNATIONAL/$third-party"
Pattern match: "doubleclick.net/pfadx/*.WALTDISNEYINTERNETGROU/$third-party"
Pattern match: "doubleclick.net/pfadx/*/kidstv/$third-party"
Pattern match: "doubleclick.net/pfadx/*adcat=$third-party"
Pattern match: "doubleclick.net/pfadx/*CBSINTERACTIVE/$third-party"
Pattern match: "doubleclick.net/pfadx/aetn.aetv.shows/$third-party"
Pattern match: "doubleclick.net/pfadx/belo.king5.pre/$third-party"
Pattern match: "doubleclick.net/pfadx/bet.com/$third-party"
Pattern match: "doubleclick.net/pfadx/blp.video/midroll$third-party"
Pattern match: "doubleclick.net/pfadx/bzj.bizjournals/$third-party"
Pattern match: "doubleclick.net/pfadx/cblvsn.nwsd.videogallery/$third-party"
Pattern match: "doubleclick.net/pfadx/CBS.$third-party"
Pattern match: "doubleclick.net/pfadx/ccr.$third-party"
Pattern match: "doubleclick.net/pfadx/comedycentral.$third-party"
Pattern match: "doubleclick.net/pfadx/csn.$third-party"
Pattern match: "doubleclick.net/pfadx/ctv.ctvwatch.ca/$third-party"
Pattern match: "doubleclick.net/pfadx/ctv.muchmusic.com/$third-party"
Pattern match: "doubleclick.net/pfadx/ctv.spacecast/$third-party"
Pattern match: "doubleclick.net/pfadx/ddm.ksl/$third-party"
Pattern match: "doubleclick.net/pfadx/gn.movieweb.com/$third-party"
Pattern match: "doubleclick.net/pfadx/intl.sps.com/$third-party"
Pattern match: "doubleclick.net/pfadx/ltv.wtvr.video/$third-party"
Pattern match: "doubleclick.net/pfadx/mc.channelnewsasia.com^$third-party"
Pattern match: "doubleclick.net/pfadx/miniclip.midvideo/$third-party"
Pattern match: "doubleclick.net/pfadx/miniclip.prevideo/$third-party"
Pattern match: "doubleclick.net/pfadx/muzumain/$third-party"
Pattern match: "doubleclick.net/pfadx/muzuoffsite/$third-party"
Pattern match: "doubleclick.net/pfadx/nbcu.nbc/$third-party"
Pattern match: "doubleclick.net/pfadx/nbcu.nhl.$third-party"
Pattern match: "doubleclick.net/pfadx/nbcu.nhl/$third-party"
Pattern match: "doubleclick.net/pfadx/ndm.tcm/$third-party"
Pattern match: "doubleclick.net/pfadx/nfl.$third-party"
Pattern match: "doubleclick.net/pfadx/ng.videoplayer/$third-party"
Pattern match: "doubleclick.net/pfadx/ssp.kgtv/$third-party"
Pattern match: "doubleclick.net/pfadx/storm.no/$third-party"
Pattern match: "doubleclick.net/pfadx/sugar.poptv/$third-party"
Pattern match: "doubleclick.net/pfadx/tmg.telegraph.$third-party"
Pattern match: "doubleclick.net/pfadx/tmz.video.wb.dart/$third-party"
Pattern match: "doubleclick.net/pfadx/trb.$third-party"
Pattern match: "doubleclick.net/pfadx/ugo.gv.1up/$third-party"
Pattern match: "doubleclick.net/pfadx/video.marketwatch.com/$third-party"
Pattern match: "doubleclick.net/pfadx/video.wsj.com/$third-party"
Pattern match: "doubleclick.net/pfadx/www.tv3.co.nz$third-party"
Pattern match: "doubleclick.net/xbbe/creative/vast"
Heuristic match: "||doubleclick.net^$third-party,domain=3news.co.nz|92q.com|abc-7.com|addictinggames.com|allbusiness.com|bizjournals.com|bloomberg.com|bnn.ca|boom92houston.com|boom945.com|boomphilly.com|break.com|cbc.ca|cbs19.tv|cbs3springfield.com|cbslocal.com|complex.com|"
Heuristic match: "|radio.com|radionowindy.com|rottentomatoes.com|sbsun.com|shacknews.com|sk-gaming.com|ted.com|thebeatdfw.com|theboxhouston.com|theglobeandmail.com|timesnow.tv|tv2.no|twitch.tv|ustream.tv|wapt.com|washingtonpost.com|wate.com|wbaltv.com|wcvb.com|wdrb.com|wdsu"
Pattern match: "ibs.orl.news/$third-party"
Pattern match: "ssp.wews/$third-party"
Pattern match: "team.car/$third-party"
Pattern match: "team.dal/$third-party"
Pattern match: "team.sd/$third-party"
Pattern match: "http://cdn.c.ooyala.com/$third-party"
Pattern match: "dpbolvw.net/image-$third-party"
Pattern match: "dpbolvw.net/placeholder-$third-party"
Heuristic match: "||dt00.net^$third-party,domain=~marketgid.com|~marketgid.ru|~marketgid.ua|~mgid.com|~thechive.com"
Heuristic match: "||dt07.net^$third-party,domain=~marketgid.com|~marketgid.ru|~marketgid.ua|~mgid.com|~thechive.com"
Pattern match: "googletagservices.com/tag/js/gpt_$third-party"
Pattern match: "googletagservices.com/tag/static/$third-party"
Heuristic match: "||helotero.com^$third-party,domain=~streamcloud.eu"
Pattern match: "jdoqocy.com/image-$third-party"
Pattern match: "jdoqocy.com/placeholder-$third-party"
Pattern match: "kqzyfj.com/image-$third-party"
Pattern match: "kqzyfj.com/placeholder-$third-party"
Pattern match: "ltassrv.com/goads.swf"
Pattern match: "ltassrv.com/serve/"
Heuristic match: "||metaffiliation.com^$~image,~subdocument,third-party,domain=~netaffiliation.com"
Heuristic match: "||mgid.com^$third-party,domain=~marketgid.com|~marketgid.com.ua"
Heuristic match: "||nster.net^$third-party,domain=~nster.com"
Heuristic match: "||oldtiger.ne"
Pattern match: "www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com"
Pattern match: "http://dmd.metaservices.microsoft.com/dms/metadata.svc"
Pattern match: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Heuristic match: "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?5f71afa1d914c0d7 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ctldl.windowsupdate.com"
Pattern match: "http://www.symauth.com/cps0"
Pattern match: "http://www.symauth.com/rpa0"
Heuristic match: "GET /sv.crl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: sv.symcb.com"
Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEBuN56dlW1Lzehhu%2FtdSD3U%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: sv.symcd.com"
Heuristic match: "GET /pca3-g5.crl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: s1.symcb.com"
Pattern match: "http://www.symauth.com/cps0*"
Heuristic match: "GET /CRL/Omniroot2025.crl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: cdp1.public-trust.com"
Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAt%2BEJA8OEkP%2Bi9nmoehp7k%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.digicert.com"
Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSLIycRsoI3J6zPns4K1aQgAqaqHgQUZ50PIAkMzIo65YJGcmL88cyQ5UACEAG2Yem3HYLmNssdMr3TCFk%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.digicert.com"
Heuristic match: "GET /DigiCertHighAssuranceEVRootCA.crl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: crl4.digicert.com"
Pattern match: "www.digicert.com1+0"
Heuristic match: "GET /sha2-ha-cs-g1.crl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: crl3.digicert.com"
Heuristic match: "GET /DigiCertHighAssuranceEVRootCA.crl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: crl3.digicert.com"
Pattern match: "www.digicert.com1503"
Pattern match: "http://crl3.digicert.com/sha2-ha-cs-g1.crl0"
Heuristic match: "GET /sha2-ha-cs-g1.crl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: crl4.digicert.com"
Heuristic match: "p9ifjaposdfjhgosurijfaewrwergwff.com" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
Spyware/Information Retrieval
-
Found a reference to a known community page
- details
- "|radio.com|radionowindy.com|rottentomatoes.com|sbsun.com|shacknews.com|sk-gaming.com|ted.com|thebeatdfw.com|theboxhouston.com|theglobeandmail.com|timesnow.tv|tv2.no|twitch.tv|ustream.tv|wapt.com|washingtonpost.com|wate.com|wbaltv.com|wcvb.com|wdrb.com|wdsu.com|wflx.com|wfmz.com|wfsb.com|wgal.com|whdh.com|wired.com|wisn.com|wiznation.com|wlky.com|wlns.com|wlwt.com|wmur.com|wnem.com|wowt.com|wral.com|wsj.com|wsmv.com|wsvn.com|wtae.com|wthr.com|wxii12.com|wyff4.com|yahoo.com|youtube-nocookie.com|youtube.com|zhiphopcleveland.com" (Indicator: "youtube")
- source
- File/Memory
- relevance
- 7/10
-
Found a reference to a known community page
-
System Security
-
Creates or modifies windows services
- details
- "mssecsvr.exe" (Access type: "CREATE"; Path: "HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS")
- source
- Registry Access
- relevance
- 10/10
-
Opens the Kernel Security Device Driver (KsecDD) of Windows
- details
- "mssecsvr.exe" opened "\Device\KsecDD"
- source
- API Call
- relevance
- 10/10
-
Creates or modifies windows services
-
Unusual Characteristics
-
Matched Compiler/Packer signature
- details
-
"28d344aa33b60dbae5419bb764c57a5c.dll.bin" was detected as "Microsoft visual C++ 6.0 DLL"
"mssecsvr.exe" was detected as "Microsoft visual C++ 5.0" - source
- Static Parser
- relevance
- 10/10
-
Matched Compiler/Packer signature
File Details
28d344aa33b60dbae5419bb764c57a5c
- Filename
- 28d344aa33b60dbae5419bb764c57a5c
- Size
- 5MiB (5267459 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- Architecture
- WINDOWS
- SHA256
- bac1fc3743d5d7e0771b843ee3c3f56f782b81a8ec23cf1430653a451ef7d932
- MD5
- 28d344aa33b60dbae5419bb764c57a5c
- SHA1
- c755b4a359f0c324a54796303a3c6ad014227229
- ssdeep
- 49152:RnsQqMSPbcBu1aQejFx+TSqTdX1HkQo6SAARdhnv:1/qPoBNhxcSUDk36SAEdhv
- imphash
- 2e5708ae5fed0403e8117c645fb23e5b
- authentihash
- 30f2e4d364aaceb1462c654a37cc1626a5469a8c5820d0e4558e1855668b8883
- Compiler/Packer
- Microsoft visual C++ 6.0 DLL
Classification (TrID)
- 42.2% (.EXE) Win32 Executable MS Visual C++ (generic)
- 37.3% (.EXE) Win64 Executable (generic)
- 8.8% (.DLL) Win32 Dynamic Link Library (generic)
- 6.0% (.EXE) Win32 Executable (generic)
- 2.7% (.EXE) Generic Win/DOS Executable
File Metadata
- 3 .OBJ Files (COFF) linked with LINK.EXE 6.00 (Visual Studio 6) (build: 8168)
- 1 .RES Files linked with CVTRES.EXE 5.00 (Visual Studio 5) (build: 1720)
- 1 .CPP Files compiled with CL.EXE 12.00 (Visual Studio 6) (build: 8168)
- 3 .LIB Files generated with LIB.EXE 7.10 (Visual Studio .NET 2003) (build: 4035)
- 4 .C Files compiled with CL.EXE 12.00 (Visual Studio 6) (build: 8168)
- File contains C++ code
- File appears to contain raw COFF/OMF content
- File is the product of a small codebase (1 files)
File Sections
Details | ||||||
---|---|---|---|---|---|---|
File Resources
Details | ||||
---|---|---|---|---|
File Imports
File Exports
Name | Ordinal | Address |
---|---|---|
PlayGame | #1 | 0x10001114 |
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 3 processes in total (System Resource Monitor).
-
<Ignored Process>
-
rundll32.exe
"C:\28d344aa33b60dbae5419bb764c57a5c.dll",PlayGame
(PID: 3176)
- mssecsvr.exe (PID: 3404)
-
rundll32.exe
"C:\28d344aa33b60dbae5419bb764c57a5c.dll",PlayGame
(PID: 3176)
- mssecsvr.exe -m security (PID: 2072)
- ... and some more processes with no relevance.
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
OSINT |
72.5.65.99
TTL: 3599 |
- | United States |
Contacted Hosts
Displaying the first 1000 contacted hosts. The remaining 1648 entries are available in the full HTML report, but download of the full report is disabled.
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
72.5.65.99 |
80
TCP |
mssecsvr.exe PID: 3404 mssecsvr.exe PID: 2072 |
United States |
202.151.171.37 |
62464
TCP |
mssecsvr.exe PID: 2072 |
Viet Nam |
81.94.214.80 |
62476
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
208.62.225.68 |
62485
TCP |
mssecsvr.exe PID: 2072 |
United States |
108.40.206.111 |
62489
TCP |
mssecsvr.exe PID: 2072 |
United States |
203.249.143.191 |
62497
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
48.58.72.204 |
62502
TCP |
mssecsvr.exe PID: 2072 |
United States |
165.60.21.177 |
62510
TCP |
mssecsvr.exe PID: 2072 |
Zambia |
62.95.59.226 |
62511
TCP |
mssecsvr.exe PID: 2072 |
Sweden |
150.209.225.245 |
62512
TCP |
mssecsvr.exe PID: 2072 |
United States |
28.220.230.36 |
62522
TCP |
mssecsvr.exe PID: 2072 |
United States |
219.162.37.153 |
62525
TCP |
mssecsvr.exe PID: 2072 |
Japan |
202.72.35.114 |
62526
TCP |
mssecsvr.exe PID: 2072 |
Australia |
35.14.23.142 |
62531
TCP |
mssecsvr.exe PID: 2072 |
United States |
24.10.215.65 |
62535
TCP |
mssecsvr.exe PID: 2072 |
United States |
199.125.118.1 |
62539
TCP |
mssecsvr.exe PID: 2072 |
United States |
97.40.254.95 |
62541
TCP |
mssecsvr.exe PID: 2072 |
United States |
31.107.133.123 |
62544
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
24.144.17.26 |
62546
TCP |
mssecsvr.exe PID: 2072 |
United States |
144.117.153.156 |
62550
TCP |
mssecsvr.exe PID: 2072 |
United States |
142.69.169.10 |
62553
TCP |
mssecsvr.exe PID: 2072 |
Canada |
177.232.154.209 |
62557
TCP |
mssecsvr.exe PID: 2072 |
Mexico |
66.133.67.107 |
62558
TCP |
mssecsvr.exe PID: 2072 |
United States |
86.140.112.155 |
62560
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
45.220.170.131 |
62562
TCP |
mssecsvr.exe PID: 2072 |
South Africa |
66.233.136.69 |
62565
TCP |
mssecsvr.exe PID: 2072 |
United States |
70.65.53.153 |
62567
TCP |
mssecsvr.exe PID: 2072 |
Canada |
115.158.142.20 |
62573
TCP |
mssecsvr.exe PID: 2072 |
China |
210.84.219.196 |
62577
TCP |
mssecsvr.exe PID: 2072 |
Australia |
108.114.97.223 |
62578
TCP |
mssecsvr.exe PID: 2072 |
United States |
97.73.169.49 |
62580
TCP |
mssecsvr.exe PID: 2072 |
United States |
6.85.4.21 |
62581
TCP |
mssecsvr.exe PID: 2072 |
United States |
180.155.19.136 |
62584
TCP |
mssecsvr.exe PID: 2072 |
China |
74.198.175.211 |
62589
TCP |
mssecsvr.exe PID: 2072 |
Canada |
173.251.130.214 |
62591
TCP |
mssecsvr.exe PID: 2072 |
United States |
57.220.37.114 |
62593
TCP |
mssecsvr.exe PID: 2072 |
Belgium |
99.133.144.127 |
62594
TCP |
mssecsvr.exe PID: 2072 |
United States |
82.243.116.113 |
62596
TCP |
mssecsvr.exe PID: 2072 |
France |
104.31.68.113 |
62598
TCP |
mssecsvr.exe PID: 2072 |
United States |
59.85.188.60 |
62606
TCP |
mssecsvr.exe PID: 2072 |
Japan |
178.59.115.254 |
62607
TCP |
mssecsvr.exe PID: 2072 |
Cyprus |
100.185.20.208 |
62609
TCP |
mssecsvr.exe PID: 2072 |
United States |
209.85.7.19 |
62610
TCP |
mssecsvr.exe PID: 2072 |
United States |
165.251.52.115 |
62611
TCP |
mssecsvr.exe PID: 2072 |
United States |
31.212.46.70 |
62612
TCP |
mssecsvr.exe PID: 2072 |
Germany |
31.161.123.241 |
62615
TCP |
mssecsvr.exe PID: 2072 |
Netherlands |
33.142.253.129 |
62624
TCP |
mssecsvr.exe PID: 2072 |
United States |
209.50.239.234 |
62625
TCP |
mssecsvr.exe PID: 2072 |
United States |
22.25.170.147 |
62626
TCP |
mssecsvr.exe PID: 2072 |
United States |
9.38.77.63 |
62627
TCP |
mssecsvr.exe PID: 2072 |
United States |
198.6.67.208 |
62628
TCP |
mssecsvr.exe PID: 2072 |
United States |
192.188.115.215 |
62629
TCP |
mssecsvr.exe PID: 2072 |
Australia |
180.223.245.144 |
62633
TCP |
mssecsvr.exe PID: 2072 |
China |
159.3.88.174 |
62638
TCP |
mssecsvr.exe PID: 2072 |
United States |
99.40.156.222 |
62643
TCP |
mssecsvr.exe PID: 2072 |
United States |
163.21.137.247 |
62644
TCP |
mssecsvr.exe PID: 2072 |
Taiwan; Republic of China (ROC) |
60.119.238.106 |
62645
TCP |
mssecsvr.exe PID: 2072 |
Japan |
24.173.85.54 |
62646
TCP |
mssecsvr.exe PID: 2072 |
United States |
34.218.4.215 |
62647
TCP |
mssecsvr.exe PID: 2072 |
United States |
190.204.97.67 |
62648
TCP |
mssecsvr.exe PID: 2072 |
Venezuela |
91.132.164.156 |
62652
TCP |
mssecsvr.exe PID: 2072 |
Austria |
118.170.182.248 |
62657
TCP |
mssecsvr.exe PID: 2072 |
Taiwan; Republic of China (ROC) |
174.44.82.148 |
62661
TCP |
mssecsvr.exe PID: 2072 |
United States |
196.253.85.21 |
62662
TCP |
mssecsvr.exe PID: 2072 |
South Africa |
36.185.181.227 |
62664
TCP |
mssecsvr.exe PID: 2072 |
China |
168.66.182.175 |
62665
TCP |
mssecsvr.exe PID: 2072 |
United States |
88.214.85.90 |
62666
TCP |
mssecsvr.exe PID: 2072 |
Ukraine |
133.6.86.91 |
62667
TCP |
mssecsvr.exe PID: 2072 |
Japan |
94.34.204.23 |
62670
TCP |
mssecsvr.exe PID: 2072 |
Italy |
202.238.9.186 |
62671
TCP |
mssecsvr.exe PID: 2072 |
Japan |
115.127.130.139 |
62674
TCP |
mssecsvr.exe PID: 2072 |
Bangladesh |
11.115.32.126 |
62678
TCP |
mssecsvr.exe PID: 2072 |
United States |
2.15.238.86 |
62679
TCP |
mssecsvr.exe PID: 2072 |
France |
158.10.141.90 |
62681
TCP |
mssecsvr.exe PID: 2072 |
United States |
75.161.173.100 |
62682
TCP |
mssecsvr.exe PID: 2072 |
United States |
189.96.243.51 |
62683
TCP |
mssecsvr.exe PID: 2072 |
Brazil |
175.64.113.211 |
62684
TCP |
mssecsvr.exe PID: 2072 |
China |
63.83.104.207 |
62688
TCP |
mssecsvr.exe PID: 2072 |
United States |
181.45.201.215 |
62689
TCP |
mssecsvr.exe PID: 2072 |
Argentina |
213.195.145.116 |
62692
TCP |
mssecsvr.exe PID: 2072 |
Poland |
119.190.24.160 |
62697
TCP |
mssecsvr.exe PID: 2072 |
China |
36.198.193.121 |
62698
TCP |
mssecsvr.exe PID: 2072 |
China |
110.151.50.165 |
62700
TCP |
mssecsvr.exe PID: 2072 |
Australia |
165.55.195.214 |
62701
TCP |
mssecsvr.exe PID: 2072 |
South Africa |
82.28.207.121 |
62703
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
65.199.97.5 |
62704
TCP |
mssecsvr.exe PID: 2072 |
United States |
177.159.151.161 |
62707
TCP |
mssecsvr.exe PID: 2072 |
Brazil |
219.74.177.57 |
62710
TCP |
mssecsvr.exe PID: 2072 |
Singapore |
82.200.39.163 |
62711
TCP |
mssecsvr.exe PID: 2072 |
Russian Federation |
129.49.179.68 |
62712
TCP |
mssecsvr.exe PID: 2072 |
United States |
78.177.141.156 |
62715
TCP |
mssecsvr.exe PID: 2072 |
Turkey |
208.118.218.140 |
62716
TCP |
mssecsvr.exe PID: 2072 |
Canada |
100.108.161.145 |
62717
TCP |
mssecsvr.exe PID: 2072 |
Reserved |
76.136.158.87 |
62718
TCP |
mssecsvr.exe PID: 2072 |
United States |
93.208.100.6 |
62719
TCP |
mssecsvr.exe PID: 2072 |
Germany |
214.124.235.130 |
62720
TCP |
mssecsvr.exe PID: 2072 |
United States |
131.205.226.114 |
62725
TCP |
mssecsvr.exe PID: 2072 |
Sweden |
110.122.19.48 |
62729
TCP |
mssecsvr.exe PID: 2072 |
China |
153.77.183.143 |
62730
TCP |
mssecsvr.exe PID: 2072 |
United States |
39.66.165.129 |
62731
TCP |
mssecsvr.exe PID: 2072 |
China |
23.120.105.195 |
62734
TCP |
mssecsvr.exe PID: 2072 |
United States |
222.192.123.147 |
62735
TCP |
mssecsvr.exe PID: 2072 |
China |
134.175.175.50 |
62736
TCP |
mssecsvr.exe PID: 2072 |
China |
56.58.147.226 |
62738
TCP |
mssecsvr.exe PID: 2072 |
United States |
76.6.186.115 |
62739
TCP |
mssecsvr.exe PID: 2072 |
United States |
223.82.156.44 |
62740
TCP |
mssecsvr.exe PID: 2072 |
China |
189.118.15.103 |
62741
TCP |
mssecsvr.exe PID: 2072 |
Brazil |
39.13.36.66 |
62745
TCP |
mssecsvr.exe PID: 2072 |
Taiwan; Republic of China (ROC) |
95.98.37.86 |
62750
TCP |
mssecsvr.exe PID: 2072 |
Netherlands |
61.18.59.116 |
62751
TCP |
mssecsvr.exe PID: 2072 |
Hong Kong |
90.137.41.222 |
62753
TCP |
mssecsvr.exe PID: 2072 |
Sweden |
89.231.146.245 |
62757
TCP |
mssecsvr.exe PID: 2072 |
Poland |
72.214.90.217 |
62758
TCP |
mssecsvr.exe PID: 2072 |
United States |
218.19.96.238 |
62759
TCP |
mssecsvr.exe PID: 2072 |
China |
133.113.57.95 |
62761
TCP |
mssecsvr.exe PID: 2072 |
Japan |
174.178.113.223 |
62762
TCP |
mssecsvr.exe PID: 2072 |
United States |
143.225.60.132 |
62763
TCP |
mssecsvr.exe PID: 2072 |
Italy |
140.121.0.103 |
62765
TCP |
mssecsvr.exe PID: 2072 |
Taiwan; Republic of China (ROC) |
125.96.37.98 |
62767
TCP |
mssecsvr.exe PID: 2072 |
China |
45.90.105.247 |
62771
TCP |
mssecsvr.exe PID: 2072 |
United States |
31.145.188.107 |
62772
TCP |
mssecsvr.exe PID: 2072 |
Turkey |
163.118.236.247 |
62774
TCP |
mssecsvr.exe PID: 2072 |
United States |
62.50.74.96 |
62778
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
24.103.222.84 |
62779
TCP |
mssecsvr.exe PID: 2072 |
United States |
70.111.51.13 |
62780
TCP |
mssecsvr.exe PID: 2072 |
United States |
70.158.50.77 |
62781
TCP |
mssecsvr.exe PID: 2072 |
United States |
48.190.64.157 |
62782
TCP |
mssecsvr.exe PID: 2072 |
United States |
115.216.182.34 |
62784
TCP |
mssecsvr.exe PID: 2072 |
China |
94.185.55.128 |
62785
TCP |
mssecsvr.exe PID: 2072 |
Oman |
79.39.97.124 |
62786
TCP |
mssecsvr.exe PID: 2072 |
Italy |
33.246.25.48 |
62789
TCP |
mssecsvr.exe PID: 2072 |
United States |
148.227.65.16 |
62794
TCP |
mssecsvr.exe PID: 2072 |
Mexico |
90.215.26.203 |
62795
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
12.40.254.120 |
62796
TCP |
mssecsvr.exe PID: 2072 |
United States |
130.30.98.200 |
62800
TCP |
mssecsvr.exe PID: 2072 |
United States |
162.169.184.34 |
62801
TCP |
mssecsvr.exe PID: 2072 |
United States |
166.212.14.34 |
62802
TCP |
mssecsvr.exe PID: 2072 |
United States |
192.216.118.238 |
62803
TCP |
mssecsvr.exe PID: 2072 |
United States |
20.175.225.163 |
62804
TCP |
mssecsvr.exe PID: 2072 |
United States |
215.149.197.169 |
62805
TCP |
mssecsvr.exe PID: 2072 |
United States |
5.233.0.84 |
62807
TCP |
mssecsvr.exe PID: 2072 |
Iran (ISLAMIC Republic Of) |
137.150.185.254 |
62808
TCP |
mssecsvr.exe PID: 2072 |
United States |
41.185.126.4 |
62810
TCP |
mssecsvr.exe PID: 2072 |
South Africa |
14.111.181.13 |
62815
TCP |
mssecsvr.exe PID: 2072 |
China |
116.68.171.20 |
62816
TCP |
mssecsvr.exe PID: 2072 |
Indonesia |
15.129.181.243 |
62817
TCP |
mssecsvr.exe PID: 2072 |
United States |
202.7.225.212 |
62820
TCP |
mssecsvr.exe PID: 2072 |
Australia |
139.205.200.6 |
62822
TCP |
mssecsvr.exe PID: 2072 |
China |
57.55.105.38 |
62823
TCP |
mssecsvr.exe PID: 2072 |
Belgium |
194.116.36.30 |
62824
TCP |
mssecsvr.exe PID: 2072 |
Italy |
192.203.29.19 |
62827
TCP |
mssecsvr.exe PID: 2072 |
United States |
193.190.146.35 |
62828
TCP |
mssecsvr.exe PID: 2072 |
Belgium |
199.160.104.75 |
62829
TCP |
mssecsvr.exe PID: 2072 |
United States |
182.182.201.124 |
62830
TCP |
mssecsvr.exe PID: 2072 |
Pakistan |
48.233.74.173 |
62831
TCP |
mssecsvr.exe PID: 2072 |
United States |
179.128.141.155 |
62832
TCP |
mssecsvr.exe PID: 2072 |
Brazil |
146.114.132.254 |
62837
TCP |
mssecsvr.exe PID: 2072 |
United States |
7.26.209.174 |
62838
TCP |
mssecsvr.exe PID: 2072 |
United States |
29.95.116.160 |
62840
TCP |
mssecsvr.exe PID: 2072 |
United States |
67.206.63.24 |
62847
TCP |
mssecsvr.exe PID: 2072 |
United States |
12.49.229.214 |
62848
TCP |
mssecsvr.exe PID: 2072 |
United States |
9.160.124.239 |
62849
TCP |
mssecsvr.exe PID: 2072 |
United States |
156.113.70.20 |
62851
TCP |
mssecsvr.exe PID: 2072 |
United States |
84.150.172.188 |
62852
TCP |
mssecsvr.exe PID: 2072 |
Germany |
213.6.159.108 |
62854
TCP |
mssecsvr.exe PID: 2072 |
Palestinian Territory Occupied |
2.224.115.134 |
62855
TCP |
mssecsvr.exe PID: 2072 |
Italy |
55.122.153.165 |
62856
TCP |
mssecsvr.exe PID: 2072 |
United States |
126.141.184.230 |
62857
TCP |
mssecsvr.exe PID: 2072 |
Japan |
220.99.70.198 |
62858
TCP |
mssecsvr.exe PID: 2072 |
Japan |
6.148.56.49 |
62859
TCP |
mssecsvr.exe PID: 2072 |
United States |
179.223.102.236 |
62860
TCP |
mssecsvr.exe PID: 2072 |
Brazil |
148.252.216.233 |
62861
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
165.56.163.55 |
62863
TCP |
mssecsvr.exe PID: 2072 |
Zambia |
201.226.0.150 |
62872
TCP |
mssecsvr.exe PID: 2072 |
Panama |
95.125.78.46 |
62873
TCP |
mssecsvr.exe PID: 2072 |
Spain |
173.24.174.93 |
62874
TCP |
mssecsvr.exe PID: 2072 |
United States |
200.237.170.92 |
62875
TCP |
mssecsvr.exe PID: 2072 |
Brazil |
223.209.90.150 |
62876
TCP |
mssecsvr.exe PID: 2072 |
China |
104.0.97.102 |
62878
TCP |
mssecsvr.exe PID: 2072 |
United States |
193.235.231.27 |
62879
TCP |
mssecsvr.exe PID: 2072 |
Sweden |
117.139.244.51 |
62880
TCP |
mssecsvr.exe PID: 2072 |
China |
144.179.2.225 |
62881
TCP |
mssecsvr.exe PID: 2072 |
Norway |
147.53.54.178 |
62882
TCP |
mssecsvr.exe PID: 2072 |
United States |
84.123.116.196 |
62883
TCP |
mssecsvr.exe PID: 2072 |
Spain |
12.67.12.208 |
62884
TCP |
mssecsvr.exe PID: 2072 |
United States |
169.184.30.196 |
62885
TCP |
mssecsvr.exe PID: 2072 |
United States |
152.0.238.65 |
62888
TCP |
mssecsvr.exe PID: 2072 |
Dominican Republic |
219.226.92.30 |
62897
TCP |
mssecsvr.exe PID: 2072 |
China |
166.245.200.8 |
62900
TCP |
mssecsvr.exe PID: 2072 |
United States |
8.59.88.190 |
62901
TCP |
mssecsvr.exe PID: 2072 |
United States |
186.107.62.10 |
62902
TCP |
mssecsvr.exe PID: 2072 |
Chile |
36.12.221.239 |
62903
TCP |
mssecsvr.exe PID: 2072 |
Japan |
94.186.253.87 |
62904
TCP |
mssecsvr.exe PID: 2072 |
Germany |
167.149.185.137 |
62905
TCP |
mssecsvr.exe PID: 2072 |
Switzerland |
78.114.166.204 |
62906
TCP |
mssecsvr.exe PID: 2072 |
France |
1.4.197.63 |
62907
TCP |
mssecsvr.exe PID: 2072 |
Thailand |
186.222.254.248 |
62908
TCP |
mssecsvr.exe PID: 2072 |
Brazil |
187.207.177.204 |
62909
TCP |
mssecsvr.exe PID: 2072 |
Mexico |
215.146.129.39 |
62910
TCP |
mssecsvr.exe PID: 2072 |
United States |
95.46.9.15 |
62911
TCP |
mssecsvr.exe PID: 2072 |
Czech Republic |
24.58.161.125 |
62912
TCP |
mssecsvr.exe PID: 2072 |
United States |
168.15.4.203 |
62914
TCP |
mssecsvr.exe PID: 2072 |
United States |
27.171.33.15 |
62923
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
81.230.228.65 |
62925
TCP |
mssecsvr.exe PID: 2072 |
Sweden |
97.223.15.21 |
62926
TCP |
mssecsvr.exe PID: 2072 |
United States |
68.123.54.146 |
62927
TCP |
mssecsvr.exe PID: 2072 |
United States |
156.47.202.166 |
62928
TCP |
mssecsvr.exe PID: 2072 |
United States |
9.72.133.48 |
62929
TCP |
mssecsvr.exe PID: 2072 |
United States |
28.159.207.237 |
62930
TCP |
mssecsvr.exe PID: 2072 |
United States |
60.136.9.157 |
62931
TCP |
mssecsvr.exe PID: 2072 |
Japan |
218.6.118.49 |
62932
TCP |
mssecsvr.exe PID: 2072 |
China |
9.77.211.67 |
62933
TCP |
mssecsvr.exe PID: 2072 |
United States |
89.142.213.188 |
62934
TCP |
mssecsvr.exe PID: 2072 |
Slovenia |
29.125.192.17 |
62935
TCP |
mssecsvr.exe PID: 2072 |
United States |
85.80.251.167 |
62936
TCP |
mssecsvr.exe PID: 2072 |
Denmark |
152.141.24.39 |
62937
TCP |
mssecsvr.exe PID: 2072 |
United States |
185.36.185.85 |
62938
TCP |
mssecsvr.exe PID: 2072 |
Denmark |
4.174.77.47 |
62939
TCP |
mssecsvr.exe PID: 2072 |
United States |
169.161.68.253 |
62940
TCP |
mssecsvr.exe PID: 2072 |
United States |
106.94.190.181 |
62941
TCP |
mssecsvr.exe PID: 2072 |
China |
51.207.15.88 |
62942
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
158.193.86.140 |
62943
TCP |
mssecsvr.exe PID: 2072 |
Slovakia (SLOVAK Republic) |
200.37.224.241 |
62944
TCP |
mssecsvr.exe PID: 2072 |
Peru |
19.154.211.136 |
62945
TCP |
mssecsvr.exe PID: 2072 |
United States |
163.145.251.234 |
62946
TCP |
mssecsvr.exe PID: 2072 |
Japan |
37.72.216.253 |
62947
TCP |
mssecsvr.exe PID: 2072 |
France |
118.153.74.16 |
62948
TCP |
mssecsvr.exe PID: 2072 |
Japan |
99.178.190.5 |
62949
TCP |
mssecsvr.exe PID: 2072 |
United States |
39.53.45.224 |
62950
TCP |
mssecsvr.exe PID: 2072 |
Pakistan |
164.145.74.48 |
62951
TCP |
mssecsvr.exe PID: 2072 |
United States |
193.139.10.38 |
62952
TCP |
mssecsvr.exe PID: 2072 |
France |
22.139.122.147 |
62953
TCP |
mssecsvr.exe PID: 2072 |
United States |
179.164.57.176 |
62954
TCP |
mssecsvr.exe PID: 2072 |
Brazil |
17.117.134.14 |
62955
TCP |
mssecsvr.exe PID: 2072 |
United States |
30.119.154.46 |
62956
TCP |
mssecsvr.exe PID: 2072 |
United States |
213.108.148.16 |
62957
TCP |
mssecsvr.exe PID: 2072 |
Russian Federation |
81.200.78.17 |
62958
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
87.171.180.10 |
62959
TCP |
mssecsvr.exe PID: 2072 |
Germany |
63.143.196.56 |
62960
TCP |
mssecsvr.exe PID: 2072 |
United States |
123.13.231.52 |
62961
TCP |
mssecsvr.exe PID: 2072 |
China |
192.54.247.174 |
62962
TCP |
mssecsvr.exe PID: 2072 |
United States |
214.243.200.228 |
62963
TCP |
mssecsvr.exe PID: 2072 |
United States |
41.101.76.126 |
62964
TCP |
mssecsvr.exe PID: 2072 |
Algeria |
51.168.177.187 |
62965
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
147.52.70.187 |
62966
TCP |
mssecsvr.exe PID: 2072 |
Greece |
135.48.229.38 |
62967
TCP |
mssecsvr.exe PID: 2072 |
United States |
89.38.85.128 |
62968
TCP |
mssecsvr.exe PID: 2072 |
Iran (ISLAMIC Republic Of) |
119.215.123.30 |
62969
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
175.167.97.212 |
62970
TCP |
mssecsvr.exe PID: 2072 |
China |
171.25.121.127 |
62971
TCP |
mssecsvr.exe PID: 2072 |
Switzerland |
173.122.198.68 |
62972
TCP |
mssecsvr.exe PID: 2072 |
United States |
219.64.48.196 |
62973
TCP |
mssecsvr.exe PID: 2072 |
India |
176.107.113.30 |
62974
TCP |
mssecsvr.exe PID: 2072 |
Poland |
48.18.103.174 |
62975
TCP |
mssecsvr.exe PID: 2072 |
United States |
162.125.114.240 |
62976
TCP |
mssecsvr.exe PID: 2072 |
United States |
112.95.249.51 |
62977
TCP |
mssecsvr.exe PID: 2072 |
China |
176.176.205.24 |
62978
TCP |
mssecsvr.exe PID: 2072 |
France |
102.99.132.119 |
62979
TCP |
mssecsvr.exe PID: 2072 |
Indonesia |
131.28.206.253 |
62980
TCP |
mssecsvr.exe PID: 2072 |
United States |
18.237.168.121 |
62981
TCP |
mssecsvr.exe PID: 2072 |
United States |
203.101.102.0 |
62982
TCP |
mssecsvr.exe PID: 2072 |
India |
93.174.128.36 |
62983
TCP |
mssecsvr.exe PID: 2072 |
Russian Federation |
183.33.57.38 |
62984
TCP |
mssecsvr.exe PID: 2072 |
China |
159.123.74.210 |
62985
TCP |
mssecsvr.exe PID: 2072 |
United States |
97.122.233.34 |
62986
TCP |
mssecsvr.exe PID: 2072 |
United States |
201.233.149.56 |
62987
TCP |
mssecsvr.exe PID: 2072 |
Colombia |
139.122.192.143 |
62988
TCP |
mssecsvr.exe PID: 2072 |
Netherlands |
38.10.105.9 |
62989
TCP |
mssecsvr.exe PID: 2072 |
United States |
139.103.68.191 |
62990
TCP |
mssecsvr.exe PID: 2072 |
Canada |
29.132.63.238 |
62991
TCP |
mssecsvr.exe PID: 2072 |
United States |
48.60.65.246 |
62992
TCP |
mssecsvr.exe PID: 2072 |
United States |
18.132.39.110 |
62993
TCP |
mssecsvr.exe PID: 2072 |
United States |
43.123.152.42 |
62994
TCP |
mssecsvr.exe PID: 2072 |
Japan |
30.120.254.112 |
62995
TCP |
mssecsvr.exe PID: 2072 |
United States |
120.195.31.85 |
62996
TCP |
mssecsvr.exe PID: 2072 |
China |
157.149.149.165 |
62997
TCP |
mssecsvr.exe PID: 2072 |
United States |
7.27.104.183 |
62998
TCP |
mssecsvr.exe PID: 2072 |
United States |
211.118.198.211 |
62999
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
24.250.184.112 |
63000
TCP |
mssecsvr.exe PID: 2072 |
United States |
138.43.24.128 |
63001
TCP |
mssecsvr.exe PID: 2072 |
United States |
137.247.192.147 |
63002
TCP |
mssecsvr.exe PID: 2072 |
United States |
104.237.57.160 |
63003
TCP |
mssecsvr.exe PID: 2072 |
United States |
215.178.2.163 |
63004
TCP |
mssecsvr.exe PID: 2072 |
United States |
177.5.150.1 |
63005
TCP |
mssecsvr.exe PID: 2072 |
Brazil |
122.219.226.117 |
63006
TCP |
mssecsvr.exe PID: 2072 |
Japan |
192.208.208.124 |
63007
TCP |
mssecsvr.exe PID: 2072 |
United States |
96.73.251.70 |
63008
TCP |
mssecsvr.exe PID: 2072 |
United States |
112.116.79.106 |
63009
TCP |
mssecsvr.exe PID: 2072 |
China |
123.233.232.190 |
63010
TCP |
mssecsvr.exe PID: 2072 |
China |
135.177.21.218 |
63011
TCP |
mssecsvr.exe PID: 2072 |
United States |
100.148.90.29 |
63012
TCP |
mssecsvr.exe PID: 2072 |
United States |
215.178.188.236 |
63013
TCP |
mssecsvr.exe PID: 2072 |
United States |
212.156.218.26 |
63014
TCP |
mssecsvr.exe PID: 2072 |
Turkey |
21.79.117.15 |
63015
TCP |
mssecsvr.exe PID: 2072 |
United States |
20.63.92.244 |
63016
TCP |
mssecsvr.exe PID: 2072 |
United States |
138.23.151.145 |
63017
TCP |
mssecsvr.exe PID: 2072 |
United States |
8.174.45.145 |
63018
TCP |
mssecsvr.exe PID: 2072 |
United States |
141.202.112.82 |
63019
TCP |
mssecsvr.exe PID: 2072 |
United States |
210.87.52.59 |
63020
TCP |
mssecsvr.exe PID: 2072 |
Australia |
137.247.58.3 |
63021
TCP |
mssecsvr.exe PID: 2072 |
United States |
144.57.175.232 |
63022
TCP |
mssecsvr.exe PID: 2072 |
Sweden |
22.182.145.168 |
63023
TCP |
mssecsvr.exe PID: 2072 |
United States |
71.31.164.154 |
63024
TCP |
mssecsvr.exe PID: 2072 |
United States |
180.152.198.62 |
63025
TCP |
mssecsvr.exe PID: 2072 |
China |
107.4.189.169 |
63026
TCP |
mssecsvr.exe PID: 2072 |
United States |
59.51.9.74 |
63027
TCP |
mssecsvr.exe PID: 2072 |
China |
145.15.27.18 |
63028
TCP |
mssecsvr.exe PID: 2072 |
Netherlands |
57.122.74.239 |
63029
TCP |
mssecsvr.exe PID: 2072 |
Belgium |
116.165.122.116 |
63030
TCP |
mssecsvr.exe PID: 2072 |
China |
166.49.217.14 |
63032
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
69.53.58.114 |
63033
TCP |
mssecsvr.exe PID: 2072 |
United States |
62.197.158.232 |
63034
TCP |
mssecsvr.exe PID: 2072 |
Netherlands |
136.150.224.164 |
63035
TCP |
mssecsvr.exe PID: 2072 |
United States |
180.180.50.162 |
63036
TCP |
mssecsvr.exe PID: 2072 |
Thailand |
150.230.4.70 |
63037
TCP |
mssecsvr.exe PID: 2072 |
United States |
20.246.31.52 |
63038
TCP |
mssecsvr.exe PID: 2072 |
United States |
46.99.141.100 |
63039
TCP |
mssecsvr.exe PID: 2072 |
Albania |
20.73.220.97 |
63040
TCP |
mssecsvr.exe PID: 2072 |
United States |
56.159.161.91 |
63041
TCP |
mssecsvr.exe PID: 2072 |
United States |
135.45.39.117 |
63042
TCP |
mssecsvr.exe PID: 2072 |
United States |
140.30.236.12 |
63043
TCP |
mssecsvr.exe PID: 2072 |
United States |
117.91.147.232 |
63044
TCP |
mssecsvr.exe PID: 2072 |
China |
93.246.243.65 |
63045
TCP |
mssecsvr.exe PID: 2072 |
Germany |
40.153.62.209 |
63046
TCP |
mssecsvr.exe PID: 2072 |
United States |
122.58.68.52 |
63047
TCP |
mssecsvr.exe PID: 2072 |
New Zealand |
182.47.218.0 |
63048
TCP |
mssecsvr.exe PID: 2072 |
China |
64.94.24.241 |
63049
TCP |
mssecsvr.exe PID: 2072 |
United States |
50.134.201.247 |
63050
TCP |
mssecsvr.exe PID: 2072 |
United States |
55.93.28.242 |
63051
TCP |
mssecsvr.exe PID: 2072 |
United States |
94.9.52.250 |
63052
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
67.125.75.216 |
63053
TCP |
mssecsvr.exe PID: 2072 |
United States |
140.226.251.9 |
63054
TCP |
mssecsvr.exe PID: 2072 |
United States |
91.74.166.140 |
63055
TCP |
mssecsvr.exe PID: 2072 |
United Arab Emirates |
165.202.183.30 |
63056
TCP |
mssecsvr.exe PID: 2072 |
Hong Kong |
83.186.23.105 |
63057
TCP |
mssecsvr.exe PID: 2072 |
Sweden |
35.123.153.26 |
63058
TCP |
mssecsvr.exe PID: 2072 |
United States |
138.56.151.231 |
63059
TCP |
mssecsvr.exe PID: 2072 |
United States |
62.243.7.11 |
63060
TCP |
mssecsvr.exe PID: 2072 |
Denmark |
186.242.102.208 |
63061
TCP |
mssecsvr.exe PID: 2072 |
Brazil |
62.148.30.27 |
63062
TCP |
mssecsvr.exe PID: 2072 |
Russian Federation |
1.111.7.184 |
63063
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
44.3.251.108 |
63064
TCP |
mssecsvr.exe PID: 2072 |
United States |
211.194.180.11 |
63065
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
162.229.211.119 |
63066
TCP |
mssecsvr.exe PID: 2072 |
United States |
113.48.14.46 |
63067
TCP |
mssecsvr.exe PID: 2072 |
China |
135.109.63.144 |
63068
TCP |
mssecsvr.exe PID: 2072 |
United States |
117.118.163.106 |
63069
TCP |
mssecsvr.exe PID: 2072 |
China |
62.228.214.58 |
63070
TCP |
mssecsvr.exe PID: 2072 |
Greece |
182.49.73.45 |
63071
TCP |
mssecsvr.exe PID: 2072 |
China |
22.22.96.131 |
63072
TCP |
mssecsvr.exe PID: 2072 |
United States |
154.195.70.148 |
63073
TCP |
mssecsvr.exe PID: 2072 |
Seychelles |
15.179.53.45 |
63074
TCP |
mssecsvr.exe PID: 2072 |
United States |
184.120.202.107 |
63075
TCP |
mssecsvr.exe PID: 2072 |
United States |
188.38.232.117 |
63076
TCP |
mssecsvr.exe PID: 2072 |
Turkey |
12.0.75.196 |
63077
TCP |
mssecsvr.exe PID: 2072 |
United States |
124.113.246.174 |
63078
TCP |
mssecsvr.exe PID: 2072 |
China |
217.97.89.200 |
63079
TCP |
mssecsvr.exe PID: 2072 |
Poland |
30.18.30.174 |
63080
TCP |
mssecsvr.exe PID: 2072 |
United States |
105.87.178.222 |
63081
TCP |
mssecsvr.exe PID: 2072 |
Egypt |
177.55.52.50 |
63082
TCP |
mssecsvr.exe PID: 2072 |
Brazil |
221.15.166.141 |
63083
TCP |
mssecsvr.exe PID: 2072 |
China |
141.105.164.160 |
63084
TCP |
mssecsvr.exe PID: 2072 |
United Arab Emirates |
39.213.95.198 |
63085
TCP |
mssecsvr.exe PID: 2072 |
Indonesia |
49.106.111.128 |
63086
TCP |
mssecsvr.exe PID: 2072 |
Japan |
194.208.27.138 |
63087
TCP |
mssecsvr.exe PID: 2072 |
Austria |
39.98.242.133 |
63088
TCP |
mssecsvr.exe PID: 2072 |
China |
43.150.108.46 |
63089
TCP |
mssecsvr.exe PID: 2072 |
Japan |
65.136.47.250 |
63090
TCP |
mssecsvr.exe PID: 2072 |
United States |
53.122.245.210 |
63091
TCP |
mssecsvr.exe PID: 2072 |
Germany |
50.227.218.72 |
63092
TCP |
mssecsvr.exe PID: 2072 |
United States |
44.209.181.129 |
63093
TCP |
mssecsvr.exe PID: 2072 |
United States |
173.95.193.97 |
63094
TCP |
mssecsvr.exe PID: 2072 |
United States |
93.71.41.58 |
63095
TCP |
mssecsvr.exe PID: 2072 |
Italy |
191.134.225.138 |
63096
TCP |
mssecsvr.exe PID: 2072 |
Brazil |
220.222.215.80 |
63097
TCP |
mssecsvr.exe PID: 2072 |
Japan |
202.120.39.148 |
63098
TCP |
mssecsvr.exe PID: 2072 |
China |
69.37.153.158 |
63099
TCP |
mssecsvr.exe PID: 2072 |
United States |
107.177.58.36 |
63101
TCP |
mssecsvr.exe PID: 2072 |
United States |
94.87.100.139 |
63102
TCP |
mssecsvr.exe PID: 2072 |
Italy |
105.148.241.119 |
63103
TCP |
mssecsvr.exe PID: 2072 |
Morocco |
70.227.47.118 |
63104
TCP |
mssecsvr.exe PID: 2072 |
United States |
81.161.253.165 |
63105
TCP |
mssecsvr.exe PID: 2072 |
Bulgaria |
12.148.97.37 |
63106
TCP |
mssecsvr.exe PID: 2072 |
United States |
182.182.124.116 |
63107
TCP |
mssecsvr.exe PID: 2072 |
Pakistan |
158.20.157.113 |
63108
TCP |
mssecsvr.exe PID: 2072 |
United States |
159.82.111.16 |
63109
TCP |
mssecsvr.exe PID: 2072 |
United States |
211.22.220.26 |
63110
TCP |
mssecsvr.exe PID: 2072 |
Taiwan; Republic of China (ROC) |
143.121.213.67 |
63111
TCP |
mssecsvr.exe PID: 2072 |
Netherlands |
37.103.227.98 |
63112
TCP |
mssecsvr.exe PID: 2072 |
Italy |
96.127.2.213 |
63113
TCP |
mssecsvr.exe PID: 2072 |
United States |
7.243.43.106 |
63114
TCP |
mssecsvr.exe PID: 2072 |
United States |
172.37.114.97 |
63115
TCP |
mssecsvr.exe PID: 2072 |
United States |
206.133.30.227 |
63116
TCP |
mssecsvr.exe PID: 2072 |
United States |
130.178.155.46 |
63117
TCP |
mssecsvr.exe PID: 2072 |
United States |
83.99.202.200 |
63118
TCP |
mssecsvr.exe PID: 2072 |
Latvia |
138.19.15.78 |
63119
TCP |
mssecsvr.exe PID: 2072 |
Hong Kong |
1.243.15.169 |
63120
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
219.181.250.109 |
63121
TCP |
mssecsvr.exe PID: 2072 |
Japan |
34.137.99.187 |
63122
TCP |
mssecsvr.exe PID: 2072 |
United States |
64.67.248.228 |
63123
TCP |
mssecsvr.exe PID: 2072 |
United States |
153.102.14.97 |
63124
TCP |
mssecsvr.exe PID: 2072 |
United States |
87.86.217.222 |
63125
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
188.134.103.52 |
63126
TCP |
mssecsvr.exe PID: 2072 |
Russian Federation |
163.30.66.226 |
63127
TCP |
mssecsvr.exe PID: 2072 |
Taiwan; Republic of China (ROC) |
126.171.120.131 |
63129
TCP |
mssecsvr.exe PID: 2072 |
Japan |
64.215.213.64 |
63130
TCP |
mssecsvr.exe PID: 2072 |
United States |
196.249.195.182 |
63131
TCP |
mssecsvr.exe PID: 2072 |
Angola |
131.80.57.216 |
63132
TCP |
mssecsvr.exe PID: 2072 |
United States |
72.32.230.197 |
63133
TCP |
mssecsvr.exe PID: 2072 |
United States |
144.204.47.121 |
63134
TCP |
mssecsvr.exe PID: 2072 |
France |
199.130.0.153 |
63135
TCP |
mssecsvr.exe PID: 2072 |
United States |
162.176.130.123 |
63136
TCP |
mssecsvr.exe PID: 2072 |
United States |
154.232.1.98 |
63137
TCP |
mssecsvr.exe PID: 2072 |
Cote D'ivoire |
3.247.218.51 |
63138
TCP |
mssecsvr.exe PID: 2072 |
United States |
20.240.42.79 |
63139
TCP |
mssecsvr.exe PID: 2072 |
United States |
205.41.68.221 |
63140
TCP |
mssecsvr.exe PID: 2072 |
United States |
50.159.12.126 |
63141
TCP |
mssecsvr.exe PID: 2072 |
United States |
12.144.249.113 |
63142
TCP |
mssecsvr.exe PID: 2072 |
United States |
199.14.119.13 |
63143
TCP |
mssecsvr.exe PID: 2072 |
United States |
177.43.108.242 |
63144
TCP |
mssecsvr.exe PID: 2072 |
Brazil |
223.151.236.19 |
63145
TCP |
mssecsvr.exe PID: 2072 |
China |
28.167.50.77 |
63146
TCP |
mssecsvr.exe PID: 2072 |
United States |
54.53.219.160 |
63147
TCP |
mssecsvr.exe PID: 2072 |
United States |
45.162.38.200 |
63148
TCP |
mssecsvr.exe PID: 2072 |
Viet Nam |
211.242.107.75 |
63149
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
116.239.106.243 |
63150
TCP |
mssecsvr.exe PID: 2072 |
China |
84.94.167.194 |
63152
TCP |
mssecsvr.exe PID: 2072 |
Israel |
68.165.133.61 |
63153
TCP |
mssecsvr.exe PID: 2072 |
United States |
221.166.88.66 |
63154
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
67.159.151.158 |
63155
TCP |
mssecsvr.exe PID: 2072 |
United States |
93.51.241.212 |
63156
TCP |
mssecsvr.exe PID: 2072 |
Italy |
18.136.140.201 |
63157
TCP |
mssecsvr.exe PID: 2072 |
United States |
113.60.119.243 |
63158
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
17.115.223.242 |
63159
TCP |
mssecsvr.exe PID: 2072 |
United States |
106.40.58.227 |
63160
TCP |
mssecsvr.exe PID: 2072 |
China |
149.61.218.40 |
63161
TCP |
mssecsvr.exe PID: 2072 |
United States |
133.25.161.29 |
63162
TCP |
mssecsvr.exe PID: 2072 |
Japan |
172.214.146.125 |
63163
TCP |
mssecsvr.exe PID: 2072 |
United States |
180.199.59.44 |
63164
TCP |
mssecsvr.exe PID: 2072 |
Japan |
89.184.11.29 |
63165
TCP |
mssecsvr.exe PID: 2072 |
Russian Federation |
150.79.238.25 |
63166
TCP |
mssecsvr.exe PID: 2072 |
Japan |
2.213.79.116 |
63167
TCP |
mssecsvr.exe PID: 2072 |
Germany |
193.79.23.120 |
63168
TCP |
mssecsvr.exe PID: 2072 |
Netherlands |
84.92.0.121 |
63169
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
38.97.157.178 |
63170
TCP |
mssecsvr.exe PID: 2072 |
United States |
165.34.80.131 |
63171
TCP |
mssecsvr.exe PID: 2072 |
United States |
214.230.26.31 |
63172
TCP |
mssecsvr.exe PID: 2072 |
United States |
59.61.32.201 |
63173
TCP |
mssecsvr.exe PID: 2072 |
China |
180.41.240.64 |
63174
TCP |
mssecsvr.exe PID: 2072 |
Japan |
36.134.182.34 |
63175
TCP |
mssecsvr.exe PID: 2072 |
China |
185.109.141.118 |
63176
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
211.234.69.201 |
63177
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
63.67.157.152 |
63178
TCP |
mssecsvr.exe PID: 2072 |
United States |
155.77.63.106 |
63179
TCP |
mssecsvr.exe PID: 2072 |
United States |
145.237.40.21 |
63180
TCP |
mssecsvr.exe PID: 2072 |
Poland |
143.182.14.227 |
63181
TCP |
mssecsvr.exe PID: 2072 |
United States |
60.212.75.41 |
63182
TCP |
mssecsvr.exe PID: 2072 |
China |
182.131.242.68 |
63183
TCP |
mssecsvr.exe PID: 2072 |
China |
81.160.129.100 |
63184
TCP |
mssecsvr.exe PID: 2072 |
Hungary |
136.215.143.54 |
63185
TCP |
mssecsvr.exe PID: 2072 |
United States |
175.195.2.121 |
63186
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
136.9.90.20 |
63187
TCP |
mssecsvr.exe PID: 2072 |
United States |
70.236.29.115 |
63188
TCP |
mssecsvr.exe PID: 2072 |
United States |
5.135.142.95 |
63189
TCP |
mssecsvr.exe PID: 2072 |
France |
198.26.126.144 |
63190
TCP |
mssecsvr.exe PID: 2072 |
United States |
145.240.83.198 |
63191
TCP |
mssecsvr.exe PID: 2072 |
France |
9.195.157.42 |
63192
TCP |
mssecsvr.exe PID: 2072 |
United States |
210.150.209.247 |
63193
TCP |
mssecsvr.exe PID: 2072 |
Japan |
61.87.41.143 |
63194
TCP |
mssecsvr.exe PID: 2072 |
Japan |
135.102.170.108 |
63195
TCP |
mssecsvr.exe PID: 2072 |
United States |
43.149.147.236 |
63196
TCP |
mssecsvr.exe PID: 2072 |
Japan |
184.130.110.212 |
63197
TCP |
mssecsvr.exe PID: 2072 |
United States |
75.139.197.101 |
63198
TCP |
mssecsvr.exe PID: 2072 |
United States |
90.204.230.73 |
63199
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
44.11.197.246 |
63200
TCP |
mssecsvr.exe PID: 2072 |
United States |
155.82.19.143 |
63201
TCP |
mssecsvr.exe PID: 2072 |
United States |
44.140.89.189 |
63202
TCP |
mssecsvr.exe PID: 2072 |
United States |
64.35.15.161 |
63203
TCP |
mssecsvr.exe PID: 2072 |
United States |
40.131.94.103 |
63204
TCP |
mssecsvr.exe PID: 2072 |
United States |
134.126.246.74 |
63205
TCP |
mssecsvr.exe PID: 2072 |
United States |
221.132.155.17 |
63206
TCP |
mssecsvr.exe PID: 2072 |
Japan |
196.89.201.201 |
63207
TCP |
mssecsvr.exe PID: 2072 |
Morocco |
163.73.33.156 |
63208
TCP |
mssecsvr.exe PID: 2072 |
France |
108.62.57.11 |
63209
TCP |
mssecsvr.exe PID: 2072 |
United States |
70.5.81.233 |
63210
TCP |
mssecsvr.exe PID: 2072 |
United States |
205.42.44.76 |
63211
TCP |
mssecsvr.exe PID: 2072 |
United States |
97.7.201.234 |
63212
TCP |
mssecsvr.exe PID: 2072 |
United States |
215.182.74.242 |
63213
TCP |
mssecsvr.exe PID: 2072 |
United States |
45.125.15.176 |
63214
TCP |
mssecsvr.exe PID: 2072 |
China |
119.47.175.53 |
63215
TCP |
mssecsvr.exe PID: 2072 |
Japan |
204.247.182.228 |
63216
TCP |
mssecsvr.exe PID: 2072 |
United States |
12.201.142.248 |
63217
TCP |
mssecsvr.exe PID: 2072 |
United States |
160.35.185.249 |
63218
TCP |
mssecsvr.exe PID: 2072 |
United States |
166.71.44.106 |
63219
TCP |
mssecsvr.exe PID: 2072 |
United States |
17.75.108.193 |
63220
TCP |
mssecsvr.exe PID: 2072 |
United States |
198.151.213.201 |
63221
TCP |
mssecsvr.exe PID: 2072 |
United States |
142.52.130.158 |
63222
TCP |
mssecsvr.exe PID: 2072 |
Canada |
45.75.97.184 |
63223
TCP |
mssecsvr.exe PID: 2072 |
Japan |
181.241.134.131 |
63224
TCP |
mssecsvr.exe PID: 2072 |
Colombia |
209.124.36.223 |
63225
TCP |
mssecsvr.exe PID: 2072 |
United States |
162.82.67.234 |
63226
TCP |
mssecsvr.exe PID: 2072 |
United States |
147.246.75.89 |
63227
TCP |
mssecsvr.exe PID: 2072 |
United States |
216.149.29.228 |
63228
TCP |
mssecsvr.exe PID: 2072 |
United States |
137.59.25.146 |
63229
TCP |
mssecsvr.exe PID: 2072 |
Viet Nam |
3.50.116.87 |
63230
TCP |
mssecsvr.exe PID: 2072 |
United States |
195.209.220.213 |
63231
TCP |
mssecsvr.exe PID: 2072 |
Russian Federation |
184.74.79.107 |
63232
TCP |
mssecsvr.exe PID: 2072 |
United States |
139.225.79.119 |
63233
TCP |
mssecsvr.exe PID: 2072 |
United States |
69.40.178.120 |
63234
TCP |
mssecsvr.exe PID: 2072 |
United States |
20.2.96.23 |
63236
TCP |
mssecsvr.exe PID: 2072 |
United States |
120.89.136.238 |
63237
TCP |
mssecsvr.exe PID: 2072 |
Japan |
28.205.6.112 |
63238
TCP |
mssecsvr.exe PID: 2072 |
United States |
30.15.212.58 |
63239
TCP |
mssecsvr.exe PID: 2072 |
United States |
161.51.57.30 |
63240
TCP |
mssecsvr.exe PID: 2072 |
United States |
90.171.158.190 |
63241
TCP |
mssecsvr.exe PID: 2072 |
Spain |
190.237.42.172 |
63242
TCP |
mssecsvr.exe PID: 2072 |
Peru |
185.4.91.125 |
63243
TCP |
mssecsvr.exe PID: 2072 |
Greece |
193.6.102.29 |
63244
TCP |
mssecsvr.exe PID: 2072 |
Hungary |
137.9.128.110 |
63245
TCP |
mssecsvr.exe PID: 2072 |
United States |
163.11.13.238 |
63246
TCP |
mssecsvr.exe PID: 2072 |
United States |
12.148.97.235 |
63247
TCP |
mssecsvr.exe PID: 2072 |
United States |
131.205.145.99 |
63248
TCP |
mssecsvr.exe PID: 2072 |
Sweden |
12.116.192.194 |
63249
TCP |
mssecsvr.exe PID: 2072 |
United States |
95.183.121.250 |
63250
TCP |
mssecsvr.exe PID: 2072 |
Russian Federation |
156.69.187.206 |
63251
TCP |
mssecsvr.exe PID: 2072 |
New Zealand |
39.99.171.248 |
63252
TCP |
mssecsvr.exe PID: 2072 |
China |
97.200.87.209 |
63253
TCP |
mssecsvr.exe PID: 2072 |
United States |
155.28.84.153 |
63254
TCP |
mssecsvr.exe PID: 2072 |
United States |
222.104.14.203 |
63255
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
37.139.131.148 |
63256
TCP |
mssecsvr.exe PID: 2072 |
Spain |
86.60.86.150 |
63257
TCP |
mssecsvr.exe PID: 2072 |
Saudi Arabia |
219.161.53.186 |
63258
TCP |
mssecsvr.exe PID: 2072 |
Japan |
189.239.113.205 |
63259
TCP |
mssecsvr.exe PID: 2072 |
Mexico |
138.132.238.114 |
63260
TCP |
mssecsvr.exe PID: 2072 |
Italy |
29.87.19.165 |
63261
TCP |
mssecsvr.exe PID: 2072 |
United States |
62.177.244.234 |
63262
TCP |
mssecsvr.exe PID: 2072 |
Netherlands |
92.9.36.111 |
63263
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
80.207.33.202 |
63264
TCP |
mssecsvr.exe PID: 2072 |
Italy |
175.120.37.104 |
63265
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
174.114.25.190 |
63266
TCP |
mssecsvr.exe PID: 2072 |
Canada |
27.135.175.120 |
63267
TCP |
mssecsvr.exe PID: 2072 |
Japan |
151.196.193.155 |
63268
TCP |
mssecsvr.exe PID: 2072 |
United States |
221.49.115.247 |
63269
TCP |
mssecsvr.exe PID: 2072 |
Japan |
173.62.9.12 |
63270
TCP |
mssecsvr.exe PID: 2072 |
United States |
94.70.196.172 |
63271
TCP |
mssecsvr.exe PID: 2072 |
Greece |
139.214.47.49 |
63272
TCP |
mssecsvr.exe PID: 2072 |
China |
190.138.162.239 |
63273
TCP |
mssecsvr.exe PID: 2072 |
Argentina |
216.50.218.245 |
63274
TCP |
mssecsvr.exe PID: 2072 |
United States |
219.125.131.175 |
63275
TCP |
mssecsvr.exe PID: 2072 |
Japan |
99.20.151.190 |
63276
TCP |
mssecsvr.exe PID: 2072 |
United States |
140.54.220.107 |
63277
TCP |
mssecsvr.exe PID: 2072 |
United States |
154.146.84.25 |
63278
TCP |
mssecsvr.exe PID: 2072 |
Morocco |
193.176.62.147 |
63279
TCP |
mssecsvr.exe PID: 2072 |
Netherlands |
213.250.60.152 |
63280
TCP |
mssecsvr.exe PID: 2072 |
Slovenia |
23.146.234.123 |
63281
TCP |
mssecsvr.exe PID: 2072 |
Reserved |
222.196.84.38 |
63282
TCP |
mssecsvr.exe PID: 2072 |
China |
68.85.175.190 |
63283
TCP |
mssecsvr.exe PID: 2072 |
United States |
144.1.150.105 |
63284
TCP |
mssecsvr.exe PID: 2072 |
China |
91.205.145.163 |
63285
TCP |
mssecsvr.exe PID: 2072 |
Russian Federation |
15.221.23.76 |
63286
TCP |
mssecsvr.exe PID: 2072 |
United States |
75.25.57.153 |
63287
TCP |
mssecsvr.exe PID: 2072 |
United States |
185.77.25.144 |
63288
TCP |
mssecsvr.exe PID: 2072 |
Netherlands |
198.141.106.169 |
63289
TCP |
mssecsvr.exe PID: 2072 |
Czech Republic |
195.250.110.254 |
63290
TCP |
mssecsvr.exe PID: 2072 |
Serbia |
125.237.217.91 |
63291
TCP |
mssecsvr.exe PID: 2072 |
New Zealand |
70.36.138.57 |
63292
TCP |
mssecsvr.exe PID: 2072 |
United States |
62.24.174.240 |
63293
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
178.227.158.234 |
63294
TCP |
mssecsvr.exe PID: 2072 |
Netherlands |
11.68.94.229 |
63295
TCP |
mssecsvr.exe PID: 2072 |
United States |
133.1.117.156 |
63296
TCP |
mssecsvr.exe PID: 2072 |
Japan |
187.12.180.125 |
63297
TCP |
mssecsvr.exe PID: 2072 |
Brazil |
47.186.221.199 |
63298
TCP |
mssecsvr.exe PID: 2072 |
United States |
218.252.142.119 |
63299
TCP |
mssecsvr.exe PID: 2072 |
Hong Kong |
132.51.100.193 |
63300
TCP |
mssecsvr.exe PID: 2072 |
United States |
82.24.1.121 |
63301
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
174.164.122.176 |
63302
TCP |
mssecsvr.exe PID: 2072 |
United States |
88.174.35.60 |
63303
TCP |
mssecsvr.exe PID: 2072 |
France |
199.143.113.227 |
63304
TCP |
mssecsvr.exe PID: 2072 |
United States |
130.93.169.228 |
63305
TCP |
mssecsvr.exe PID: 2072 |
France |
142.50.11.213 |
63306
TCP |
mssecsvr.exe PID: 2072 |
Canada |
147.62.51.48 |
63307
TCP |
mssecsvr.exe PID: 2072 |
United States |
141.150.15.64 |
63308
TCP |
mssecsvr.exe PID: 2072 |
United States |
175.202.185.99 |
63309
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
26.165.88.117 |
63310
TCP |
mssecsvr.exe PID: 2072 |
United States |
54.107.192.57 |
63311
TCP |
mssecsvr.exe PID: 2072 |
United States |
113.68.80.4 |
63312
TCP |
mssecsvr.exe PID: 2072 |
China |
132.108.121.167 |
63313
TCP |
mssecsvr.exe PID: 2072 |
United States |
42.66.174.254 |
63314
TCP |
mssecsvr.exe PID: 2072 |
Taiwan; Republic of China (ROC) |
175.203.90.181 |
63315
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
54.25.45.99 |
63316
TCP |
mssecsvr.exe PID: 2072 |
United States |
28.45.190.33 |
63319
TCP |
mssecsvr.exe PID: 2072 |
United States |
208.156.106.249 |
63320
TCP |
mssecsvr.exe PID: 2072 |
United States |
6.226.123.221 |
63321
TCP |
mssecsvr.exe PID: 2072 |
United States |
180.103.43.156 |
63322
TCP |
mssecsvr.exe PID: 2072 |
China |
74.176.67.250 |
63323
TCP |
mssecsvr.exe PID: 2072 |
United States |
107.200.239.154 |
63324
TCP |
mssecsvr.exe PID: 2072 |
United States |
204.251.73.171 |
63325
TCP |
mssecsvr.exe PID: 2072 |
United States |
116.17.137.82 |
63326
TCP |
mssecsvr.exe PID: 2072 |
China |
109.145.131.67 |
63327
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
132.99.12.51 |
63328
TCP |
mssecsvr.exe PID: 2072 |
United States |
131.166.245.67 |
63329
TCP |
mssecsvr.exe PID: 2072 |
Denmark |
90.60.172.38 |
63330
TCP |
mssecsvr.exe PID: 2072 |
France |
222.82.123.112 |
63331
TCP |
mssecsvr.exe PID: 2072 |
China |
215.37.29.91 |
63332
TCP |
mssecsvr.exe PID: 2072 |
United States |
159.4.158.99 |
63333
TCP |
mssecsvr.exe PID: 2072 |
United States |
196.142.55.7 |
63334
TCP |
mssecsvr.exe PID: 2072 |
Egypt |
22.93.249.32 |
63335
TCP |
mssecsvr.exe PID: 2072 |
United States |
56.159.24.159 |
63336
TCP |
mssecsvr.exe PID: 2072 |
United States |
34.179.86.20 |
63337
TCP |
mssecsvr.exe PID: 2072 |
United States |
15.26.91.70 |
63338
TCP |
mssecsvr.exe PID: 2072 |
United States |
82.77.175.229 |
63339
TCP |
mssecsvr.exe PID: 2072 |
Romania |
112.84.148.182 |
63340
TCP |
mssecsvr.exe PID: 2072 |
China |
134.34.117.91 |
63341
TCP |
mssecsvr.exe PID: 2072 |
Germany |
181.234.108.158 |
63342
TCP |
mssecsvr.exe PID: 2072 |
Colombia |
215.253.244.146 |
63343
TCP |
mssecsvr.exe PID: 2072 |
United States |
77.142.98.176 |
63344
TCP |
mssecsvr.exe PID: 2072 |
France |
53.62.163.40 |
63345
TCP |
mssecsvr.exe PID: 2072 |
Germany |
204.242.160.36 |
63346
TCP |
mssecsvr.exe PID: 2072 |
United States |
90.162.36.153 |
63347
TCP |
mssecsvr.exe PID: 2072 |
Spain |
22.230.14.192 |
63348
TCP |
mssecsvr.exe PID: 2072 |
United States |
60.172.244.40 |
63349
TCP |
mssecsvr.exe PID: 2072 |
China |
110.218.178.142 |
63350
TCP |
mssecsvr.exe PID: 2072 |
China |
214.65.112.13 |
63351
TCP |
mssecsvr.exe PID: 2072 |
United States |
97.206.57.72 |
63352
TCP |
mssecsvr.exe PID: 2072 |
United States |
112.166.238.225 |
63353
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
119.211.214.202 |
63354
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
84.57.70.120 |
63355
TCP |
mssecsvr.exe PID: 2072 |
Germany |
119.61.189.123 |
63356
TCP |
mssecsvr.exe PID: 2072 |
China |
6.225.30.60 |
63357
TCP |
mssecsvr.exe PID: 2072 |
United States |
161.36.165.73 |
63358
TCP |
mssecsvr.exe PID: 2072 |
United States |
165.36.197.173 |
63359
TCP |
mssecsvr.exe PID: 2072 |
United States |
215.46.45.99 |
63360
TCP |
mssecsvr.exe PID: 2072 |
United States |
150.102.149.193 |
63361
TCP |
mssecsvr.exe PID: 2072 |
United States |
191.122.165.87 |
63362
TCP |
mssecsvr.exe PID: 2072 |
Brazil |
161.25.79.89 |
63363
TCP |
mssecsvr.exe PID: 2072 |
Chile |
81.161.57.93 |
63364
TCP |
mssecsvr.exe PID: 2072 |
Liechtenstein |
200.108.97.193 |
63365
TCP |
mssecsvr.exe PID: 2072 |
Peru |
172.47.117.248 |
63366
TCP |
mssecsvr.exe PID: 2072 |
United States |
38.198.166.42 |
63367
TCP |
mssecsvr.exe PID: 2072 |
United States |
148.42.186.213 |
63368
TCP |
mssecsvr.exe PID: 2072 |
United States |
45.104.53.162 |
63369
TCP |
mssecsvr.exe PID: 2072 |
Egypt |
223.207.53.16 |
63370
TCP |
mssecsvr.exe PID: 2072 |
Thailand |
81.100.193.167 |
63371
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
172.120.32.128 |
63372
TCP |
mssecsvr.exe PID: 2072 |
United States |
115.74.235.145 |
63373
TCP |
mssecsvr.exe PID: 2072 |
Viet Nam |
97.79.117.72 |
63374
TCP |
mssecsvr.exe PID: 2072 |
United States |
169.6.36.162 |
63375
TCP |
mssecsvr.exe PID: 2072 |
United States |
137.172.140.26 |
63376
TCP |
mssecsvr.exe PID: 2072 |
Australia |
15.116.166.40 |
63377
TCP |
mssecsvr.exe PID: 2072 |
United States |
87.17.240.80 |
63378
TCP |
mssecsvr.exe PID: 2072 |
Italy |
220.193.20.131 |
63379
TCP |
mssecsvr.exe PID: 2072 |
China |
110.100.200.214 |
63380
TCP |
mssecsvr.exe PID: 2072 |
China |
32.150.23.212 |
63381
TCP |
mssecsvr.exe PID: 2072 |
United States |
63.129.253.1 |
63382
TCP |
mssecsvr.exe PID: 2072 |
United States |
163.7.110.83 |
63383
TCP |
mssecsvr.exe PID: 2072 |
New Zealand |
144.161.252.151 |
63384
TCP |
mssecsvr.exe PID: 2072 |
United States |
209.253.165.230 |
63385
TCP |
mssecsvr.exe PID: 2072 |
United States |
71.32.18.86 |
63386
TCP |
mssecsvr.exe PID: 2072 |
United States |
65.55.213.41 |
63387
TCP |
mssecsvr.exe PID: 2072 |
United States |
141.184.75.9 |
63388
TCP |
mssecsvr.exe PID: 2072 |
United States |
58.120.198.215 |
63389
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
200.77.25.92 |
63390
TCP |
mssecsvr.exe PID: 2072 |
Mexico |
131.117.97.14 |
63391
TCP |
mssecsvr.exe PID: 2072 |
Switzerland |
18.41.233.18 |
63392
TCP |
mssecsvr.exe PID: 2072 |
United States |
146.2.84.6 |
63393
TCP |
mssecsvr.exe PID: 2072 |
Norway |
175.63.65.175 |
63394
TCP |
mssecsvr.exe PID: 2072 |
China |
74.60.75.108 |
63395
TCP |
mssecsvr.exe PID: 2072 |
United States |
202.173.152.243 |
63396
TCP |
mssecsvr.exe PID: 2072 |
Australia |
100.213.19.100 |
63397
TCP |
mssecsvr.exe PID: 2072 |
United States |
114.64.98.101 |
63398
TCP |
mssecsvr.exe PID: 2072 |
China |
187.236.238.0 |
63399
TCP |
mssecsvr.exe PID: 2072 |
Mexico |
44.170.162.183 |
63400
TCP |
mssecsvr.exe PID: 2072 |
United States |
212.124.168.93 |
63401
TCP |
mssecsvr.exe PID: 2072 |
Italy |
151.43.95.136 |
63402
TCP |
mssecsvr.exe PID: 2072 |
Italy |
17.63.124.110 |
63403
TCP |
mssecsvr.exe PID: 2072 |
United States |
113.197.88.17 |
63404
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
75.204.65.241 |
63405
TCP |
mssecsvr.exe PID: 2072 |
United States |
12.176.30.36 |
63406
TCP |
mssecsvr.exe PID: 2072 |
United States |
198.13.181.181 |
63407
TCP |
mssecsvr.exe PID: 2072 |
United States |
49.94.196.43 |
63408
TCP |
mssecsvr.exe PID: 2072 |
China |
116.103.242.109 |
63409
TCP |
mssecsvr.exe PID: 2072 |
Viet Nam |
78.37.252.183 |
63410
TCP |
mssecsvr.exe PID: 2072 |
Russian Federation |
101.13.46.235 |
63411
TCP |
mssecsvr.exe PID: 2072 |
Taiwan; Republic of China (ROC) |
207.55.41.141 |
63412
TCP |
mssecsvr.exe PID: 2072 |
United States |
8.148.24.243 |
63413
TCP |
mssecsvr.exe PID: 2072 |
United States |
82.60.169.101 |
63414
TCP |
mssecsvr.exe PID: 2072 |
Italy |
143.64.61.64 |
63415
TCP |
mssecsvr.exe PID: 2072 |
United States |
58.15.114.53 |
63416
TCP |
mssecsvr.exe PID: 2072 |
China |
70.189.208.155 |
63417
TCP |
mssecsvr.exe PID: 2072 |
United States |
194.139.251.228 |
63418
TCP |
mssecsvr.exe PID: 2072 |
Germany |
168.39.167.60 |
63419
TCP |
mssecsvr.exe PID: 2072 |
United States |
112.195.215.74 |
63420
TCP |
mssecsvr.exe PID: 2072 |
China |
211.63.115.104 |
63421
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
87.156.31.245 |
63422
TCP |
mssecsvr.exe PID: 2072 |
Germany |
216.143.248.179 |
63423
TCP |
mssecsvr.exe PID: 2072 |
United States |
203.205.210.211 |
63424
TCP |
mssecsvr.exe PID: 2072 |
China |
48.182.111.49 |
63425
TCP |
mssecsvr.exe PID: 2072 |
United States |
199.19.218.82 |
63426
TCP |
mssecsvr.exe PID: 2072 |
Canada |
30.120.207.152 |
63427
TCP |
mssecsvr.exe PID: 2072 |
United States |
121.67.6.65 |
63428
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
75.172.58.103 |
63429
TCP |
mssecsvr.exe PID: 2072 |
United States |
51.146.54.100 |
63430
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
113.162.68.182 |
63431
TCP |
mssecsvr.exe PID: 2072 |
Viet Nam |
134.6.252.110 |
63432
TCP |
mssecsvr.exe PID: 2072 |
United States |
31.64.19.165 |
63433
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
97.190.201.22 |
63434
TCP |
mssecsvr.exe PID: 2072 |
United States |
162.156.118.123 |
63435
TCP |
mssecsvr.exe PID: 2072 |
Canada |
155.28.240.99 |
63436
TCP |
mssecsvr.exe PID: 2072 |
United States |
204.145.188.100 |
63437
TCP |
mssecsvr.exe PID: 2072 |
United States |
217.202.154.253 |
63438
TCP |
mssecsvr.exe PID: 2072 |
Italy |
125.92.138.141 |
63439
TCP |
mssecsvr.exe PID: 2072 |
China |
119.250.76.111 |
63440
TCP |
mssecsvr.exe PID: 2072 |
China |
2.44.94.64 |
63441
TCP |
mssecsvr.exe PID: 2072 |
Italy |
35.188.169.86 |
63442
TCP |
mssecsvr.exe PID: 2072 |
United States |
75.29.233.147 |
63443
TCP |
mssecsvr.exe PID: 2072 |
United States |
157.30.175.149 |
63444
TCP |
mssecsvr.exe PID: 2072 |
United States |
163.197.115.67 |
63445
TCP |
mssecsvr.exe PID: 2072 |
South Africa |
18.69.142.19 |
63446
TCP |
mssecsvr.exe PID: 2072 |
United States |
64.78.153.225 |
63447
TCP |
mssecsvr.exe PID: 2072 |
United States |
74.171.59.18 |
63448
TCP |
mssecsvr.exe PID: 2072 |
United States |
97.75.134.132 |
63449
TCP |
mssecsvr.exe PID: 2072 |
United States |
133.131.157.97 |
63450
TCP |
mssecsvr.exe PID: 2072 |
Japan |
4.207.178.29 |
63451
TCP |
mssecsvr.exe PID: 2072 |
United States |
176.209.164.156 |
63452
TCP |
mssecsvr.exe PID: 2072 |
Russian Federation |
99.176.33.74 |
63453
TCP |
mssecsvr.exe PID: 2072 |
United States |
170.162.18.114 |
63454
TCP |
mssecsvr.exe PID: 2072 |
United States |
194.196.179.21 |
63455
TCP |
mssecsvr.exe PID: 2072 |
European Union |
178.143.66.147 |
63456
TCP |
mssecsvr.exe PID: 2072 |
Slovakia (SLOVAK Republic) |
40.221.193.201 |
63457
TCP |
mssecsvr.exe PID: 2072 |
United States |
37.54.216.5 |
63458
TCP |
mssecsvr.exe PID: 2072 |
Ukraine |
159.62.225.93 |
63459
TCP |
mssecsvr.exe PID: 2072 |
United States |
129.125.116.155 |
63460
TCP |
mssecsvr.exe PID: 2072 |
Netherlands |
112.35.65.205 |
63461
TCP |
mssecsvr.exe PID: 2072 |
China |
27.169.107.12 |
63462
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
27.7.171.171 |
63463
TCP |
mssecsvr.exe PID: 2072 |
India |
130.40.182.105 |
63464
TCP |
mssecsvr.exe PID: 2072 |
United States |
157.241.11.156 |
63465
TCP |
mssecsvr.exe PID: 2072 |
United States |
48.129.176.202 |
63466
TCP |
mssecsvr.exe PID: 2072 |
United States |
111.241.97.104 |
63467
TCP |
mssecsvr.exe PID: 2072 |
Taiwan; Republic of China (ROC) |
114.223.53.34 |
63468
TCP |
mssecsvr.exe PID: 2072 |
China |
56.118.187.233 |
63469
TCP |
mssecsvr.exe PID: 2072 |
United States |
202.47.167.234 |
63470
TCP |
mssecsvr.exe PID: 2072 |
Malaysia |
24.250.68.44 |
63471
TCP |
mssecsvr.exe PID: 2072 |
United States |
138.104.81.25 |
63472
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
210.195.39.128 |
63473
TCP |
mssecsvr.exe PID: 2072 |
Malaysia |
175.210.140.23 |
63474
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
166.224.217.220 |
63475
TCP |
mssecsvr.exe PID: 2072 |
United States |
66.6.226.151 |
63476
TCP |
mssecsvr.exe PID: 2072 |
United States |
76.34.101.187 |
63477
TCP |
mssecsvr.exe PID: 2072 |
United States |
93.41.80.124 |
63478
TCP |
mssecsvr.exe PID: 2072 |
Italy |
166.47.74.3 |
63479
TCP |
mssecsvr.exe PID: 2072 |
United States |
9.51.159.184 |
63480
TCP |
mssecsvr.exe PID: 2072 |
United States |
100.192.11.158 |
63481
TCP |
mssecsvr.exe PID: 2072 |
United States |
116.24.147.81 |
63482
TCP |
mssecsvr.exe PID: 2072 |
China |
81.76.212.122 |
63483
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
209.136.151.61 |
63485
TCP |
mssecsvr.exe PID: 2072 |
United States |
128.215.204.75 |
63487
TCP |
mssecsvr.exe PID: 2072 |
United States |
5.181.204.4 |
63489
TCP |
mssecsvr.exe PID: 2072 |
Germany |
190.107.16.44 |
63491
TCP |
mssecsvr.exe PID: 2072 |
Colombia |
40.248.16.137 |
63492
TCP |
mssecsvr.exe PID: 2072 |
United States |
132.72.203.165 |
63493
TCP |
mssecsvr.exe PID: 2072 |
Israel |
79.218.53.89 |
63495
TCP |
mssecsvr.exe PID: 2072 |
Germany |
96.6.240.218 |
63496
TCP |
mssecsvr.exe PID: 2072 |
United States |
114.28.38.245 |
63497
TCP |
mssecsvr.exe PID: 2072 |
China |
31.211.12.41 |
63498
TCP |
mssecsvr.exe PID: 2072 |
Russian Federation |
55.175.32.80 |
63499
TCP |
mssecsvr.exe PID: 2072 |
United States |
39.246.133.47 |
63500
TCP |
mssecsvr.exe PID: 2072 |
Indonesia |
214.239.133.147 |
63501
TCP |
mssecsvr.exe PID: 2072 |
United States |
222.51.232.61 |
63502
TCP |
mssecsvr.exe PID: 2072 |
China |
217.152.240.106 |
63503
TCP |
mssecsvr.exe PID: 2072 |
Finland |
74.115.140.131 |
63504
TCP |
mssecsvr.exe PID: 2072 |
United States |
40.37.85.84 |
63505
TCP |
mssecsvr.exe PID: 2072 |
United States |
121.10.58.188 |
63506
TCP |
mssecsvr.exe PID: 2072 |
China |
8.6.132.93 |
63507
TCP |
mssecsvr.exe PID: 2072 |
United States |
5.180.216.91 |
63508
TCP |
mssecsvr.exe PID: 2072 |
Germany |
198.65.218.127 |
63509
TCP |
mssecsvr.exe PID: 2072 |
United States |
56.146.109.187 |
63510
TCP |
mssecsvr.exe PID: 2072 |
United States |
132.46.80.246 |
63511
TCP |
mssecsvr.exe PID: 2072 |
United States |
109.251.120.54 |
63512
TCP |
mssecsvr.exe PID: 2072 |
Ukraine |
118.175.107.207 |
63513
TCP |
mssecsvr.exe PID: 2072 |
Thailand |
207.34.174.46 |
63514
TCP |
mssecsvr.exe PID: 2072 |
Canada |
103.141.170.121 |
63515
TCP |
mssecsvr.exe PID: 2072 |
India |
137.12.93.191 |
63516
TCP |
mssecsvr.exe PID: 2072 |
United States |
222.30.48.146 |
63517
TCP |
mssecsvr.exe PID: 2072 |
China |
188.229.201.64 |
63518
TCP |
mssecsvr.exe PID: 2072 |
Syrian Arab Republic |
8.122.78.159 |
63519
TCP |
mssecsvr.exe PID: 2072 |
United States |
99.123.167.105 |
63520
TCP |
mssecsvr.exe PID: 2072 |
United States |
201.129.42.230 |
63521
TCP |
mssecsvr.exe PID: 2072 |
Mexico |
16.46.81.157 |
63522
TCP |
mssecsvr.exe PID: 2072 |
United States |
130.60.137.41 |
63523
TCP |
mssecsvr.exe PID: 2072 |
Switzerland |
126.203.162.126 |
63524
TCP |
mssecsvr.exe PID: 2072 |
Japan |
139.215.67.214 |
63525
TCP |
mssecsvr.exe PID: 2072 |
China |
169.227.29.135 |
63526
TCP |
mssecsvr.exe PID: 2072 |
United States |
74.160.215.25 |
63527
TCP |
mssecsvr.exe PID: 2072 |
United States |
157.80.125.214 |
63528
TCP |
mssecsvr.exe PID: 2072 |
Japan |
155.63.192.24 |
63529
TCP |
mssecsvr.exe PID: 2072 |
United States |
54.81.218.36 |
63530
TCP |
mssecsvr.exe PID: 2072 |
United States |
148.15.55.85 |
63531
TCP |
mssecsvr.exe PID: 2072 |
United States |
144.18.196.84 |
63532
TCP |
mssecsvr.exe PID: 2072 |
United States |
12.153.84.71 |
63533
TCP |
mssecsvr.exe PID: 2072 |
United States |
46.207.39.177 |
63534
TCP |
mssecsvr.exe PID: 2072 |
Austria |
77.5.236.122 |
63535
TCP |
mssecsvr.exe PID: 2072 |
Germany |
182.225.64.154 |
63536
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
197.85.163.12 |
63537
TCP |
mssecsvr.exe PID: 2072 |
South Africa |
39.184.180.9 |
63538
TCP |
mssecsvr.exe PID: 2072 |
China |
167.2.104.199 |
63539
TCP |
mssecsvr.exe PID: 2072 |
United States |
73.14.243.151 |
63540
TCP |
mssecsvr.exe PID: 2072 |
United States |
114.20.203.168 |
63541
TCP |
mssecsvr.exe PID: 2072 |
Japan |
85.190.12.43 |
63542
TCP |
mssecsvr.exe PID: 2072 |
Germany |
210.100.109.30 |
63543
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
69.120.154.180 |
63544
TCP |
mssecsvr.exe PID: 2072 |
United States |
83.232.34.212 |
63545
TCP |
mssecsvr.exe PID: 2072 |
Netherlands |
106.232.173.213 |
63546
TCP |
mssecsvr.exe PID: 2072 |
China |
118.88.34.2 |
63547
TCP |
mssecsvr.exe PID: 2072 |
China |
159.188.230.190 |
63548
TCP |
mssecsvr.exe PID: 2072 |
United States |
197.171.35.208 |
63549
TCP |
mssecsvr.exe PID: 2072 |
South Africa |
63.82.192.243 |
63550
TCP |
mssecsvr.exe PID: 2072 |
United States |
16.125.116.98 |
63551
TCP |
mssecsvr.exe PID: 2072 |
United States |
145.128.175.180 |
63552
TCP |
mssecsvr.exe PID: 2072 |
Netherlands |
113.58.57.59 |
63553
TCP |
mssecsvr.exe PID: 2072 |
China |
170.221.223.197 |
63554
TCP |
mssecsvr.exe PID: 2072 |
United States |
128.121.183.146 |
63555
TCP |
mssecsvr.exe PID: 2072 |
United States |
57.68.134.106 |
63556
TCP |
mssecsvr.exe PID: 2072 |
Belgium |
104.183.26.189 |
63557
TCP |
mssecsvr.exe PID: 2072 |
United States |
54.248.20.229 |
63558
TCP |
mssecsvr.exe PID: 2072 |
United States |
137.83.170.6 |
63559
TCP |
mssecsvr.exe PID: 2072 |
United States |
25.253.97.220 |
63560
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
39.44.132.85 |
63561
TCP |
mssecsvr.exe PID: 2072 |
Pakistan |
192.21.118.209 |
63562
TCP |
mssecsvr.exe PID: 2072 |
United States |
39.243.163.201 |
63563
TCP |
mssecsvr.exe PID: 2072 |
Indonesia |
78.27.149.207 |
63564
TCP |
mssecsvr.exe PID: 2072 |
Ukraine |
186.99.11.19 |
63565
TCP |
mssecsvr.exe PID: 2072 |
Colombia |
216.246.149.184 |
63566
TCP |
mssecsvr.exe PID: 2072 |
United States |
162.235.96.129 |
63567
TCP |
mssecsvr.exe PID: 2072 |
United States |
122.124.119.26 |
63568
TCP |
mssecsvr.exe PID: 2072 |
Taiwan; Republic of China (ROC) |
55.60.7.16 |
63569
TCP |
mssecsvr.exe PID: 2072 |
United States |
204.2.41.168 |
63570
TCP |
mssecsvr.exe PID: 2072 |
United States |
40.210.20.75 |
63571
TCP |
mssecsvr.exe PID: 2072 |
United States |
118.247.215.74 |
63572
TCP |
mssecsvr.exe PID: 2072 |
China |
192.68.65.56 |
63573
TCP |
mssecsvr.exe PID: 2072 |
Canada |
36.247.37.74 |
63574
TCP |
mssecsvr.exe PID: 2072 |
Japan |
45.245.222.125 |
63575
TCP |
mssecsvr.exe PID: 2072 |
Egypt |
41.36.186.67 |
63576
TCP |
mssecsvr.exe PID: 2072 |
Egypt |
5.225.23.10 |
63577
TCP |
mssecsvr.exe PID: 2072 |
Spain |
165.25.244.17 |
63578
TCP |
mssecsvr.exe PID: 2072 |
South Africa |
115.147.156.214 |
63579
TCP |
mssecsvr.exe PID: 2072 |
Philippines |
180.25.237.201 |
63580
TCP |
mssecsvr.exe PID: 2072 |
Japan |
97.66.142.131 |
63581
TCP |
mssecsvr.exe PID: 2072 |
United States |
75.122.247.51 |
63582
TCP |
mssecsvr.exe PID: 2072 |
United States |
77.147.189.207 |
63583
TCP |
mssecsvr.exe PID: 2072 |
France |
151.170.8.87 |
63584
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
152.249.75.25 |
63585
TCP |
mssecsvr.exe PID: 2072 |
Brazil |
171.215.150.184 |
63586
TCP |
mssecsvr.exe PID: 2072 |
China |
22.156.84.60 |
63587
TCP |
mssecsvr.exe PID: 2072 |
United States |
180.47.128.246 |
63588
TCP |
mssecsvr.exe PID: 2072 |
Japan |
159.45.201.14 |
63589
TCP |
mssecsvr.exe PID: 2072 |
United States |
49.52.205.192 |
63590
TCP |
mssecsvr.exe PID: 2072 |
China |
14.53.168.72 |
63591
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
168.185.87.108 |
63592
TCP |
mssecsvr.exe PID: 2072 |
United States |
63.33.41.237 |
63593
TCP |
mssecsvr.exe PID: 2072 |
United States |
68.10.79.179 |
63594
TCP |
mssecsvr.exe PID: 2072 |
United States |
158.83.125.150 |
63595
TCP |
mssecsvr.exe PID: 2072 |
United States |
32.188.234.63 |
63596
TCP |
mssecsvr.exe PID: 2072 |
United States |
147.230.52.73 |
63597
TCP |
mssecsvr.exe PID: 2072 |
Czech Republic |
41.220.99.40 |
63598
TCP |
mssecsvr.exe PID: 2072 |
Seychelles |
78.223.211.163 |
63599
TCP |
mssecsvr.exe PID: 2072 |
France |
144.197.45.105 |
63600
TCP |
mssecsvr.exe PID: 2072 |
United States |
30.5.61.101 |
63601
TCP |
mssecsvr.exe PID: 2072 |
United States |
134.138.10.32 |
63602
TCP |
mssecsvr.exe PID: 2072 |
Sweden |
85.207.35.43 |
63603
TCP |
mssecsvr.exe PID: 2072 |
Czech Republic |
181.232.183.4 |
63604
TCP |
mssecsvr.exe PID: 2072 |
Costa Rica |
165.94.123.233 |
63605
TCP |
mssecsvr.exe PID: 2072 |
United States |
132.86.35.160 |
63606
TCP |
mssecsvr.exe PID: 2072 |
United States |
138.102.71.198 |
63607
TCP |
mssecsvr.exe PID: 2072 |
France |
99.48.241.93 |
63608
TCP |
mssecsvr.exe PID: 2072 |
United States |
74.152.82.16 |
63609
TCP |
mssecsvr.exe PID: 2072 |
United States |
208.113.42.36 |
63610
TCP |
mssecsvr.exe PID: 2072 |
Canada |
89.172.175.110 |
63611
TCP |
mssecsvr.exe PID: 2072 |
Croatia (LOCAL Name: Hrvatska) |
81.72.119.87 |
63612
TCP |
mssecsvr.exe PID: 2072 |
Italy |
102.83.160.173 |
63613
TCP |
mssecsvr.exe PID: 2072 |
Indonesia |
176.17.78.179 |
63614
TCP |
mssecsvr.exe PID: 2072 |
Saudi Arabia |
198.126.183.231 |
63615
TCP |
mssecsvr.exe PID: 2072 |
United States |
17.21.125.252 |
63616
TCP |
mssecsvr.exe PID: 2072 |
United States |
141.15.98.149 |
63617
TCP |
mssecsvr.exe PID: 2072 |
Germany |
77.196.71.38 |
63618
TCP |
mssecsvr.exe PID: 2072 |
France |
101.157.207.182 |
63619
TCP |
mssecsvr.exe PID: 2072 |
China |
103.107.147.80 |
63620
TCP |
mssecsvr.exe PID: 2072 |
India |
93.139.16.218 |
63621
TCP |
mssecsvr.exe PID: 2072 |
Croatia (LOCAL Name: Hrvatska) |
50.99.52.79 |
63622
TCP |
mssecsvr.exe PID: 2072 |
Canada |
44.162.44.120 |
63623
TCP |
mssecsvr.exe PID: 2072 |
United States |
142.168.129.168 |
63624
TCP |
mssecsvr.exe PID: 2072 |
Canada |
90.76.169.50 |
63625
TCP |
mssecsvr.exe PID: 2072 |
France |
100.149.4.210 |
63626
TCP |
mssecsvr.exe PID: 2072 |
United States |
23.148.147.232 |
63627
TCP |
mssecsvr.exe PID: 2072 |
Reserved |
14.115.26.22 |
63628
TCP |
mssecsvr.exe PID: 2072 |
China |
151.78.153.242 |
63629
TCP |
mssecsvr.exe PID: 2072 |
Italy |
84.135.107.242 |
63630
TCP |
mssecsvr.exe PID: 2072 |
Germany |
31.206.168.8 |
63631
TCP |
mssecsvr.exe PID: 2072 |
Turkey |
106.6.190.250 |
63632
TCP |
mssecsvr.exe PID: 2072 |
China |
163.125.77.173 |
63633
TCP |
mssecsvr.exe PID: 2072 |
China |
96.159.76.234 |
63634
TCP |
mssecsvr.exe PID: 2072 |
United States |
222.183.162.238 |
63636
TCP |
mssecsvr.exe PID: 2072 |
China |
52.55.209.117 |
63635
TCP |
mssecsvr.exe PID: 2072 |
United States |
123.192.108.115 |
63637
TCP |
mssecsvr.exe PID: 2072 |
Taiwan; Republic of China (ROC) |
41.95.197.56 |
63638
TCP |
mssecsvr.exe PID: 2072 |
Sudan |
20.0.199.66 |
63639
TCP |
mssecsvr.exe PID: 2072 |
United States |
180.75.128.178 |
63640
TCP |
mssecsvr.exe PID: 2072 |
Malaysia |
108.234.150.223 |
63641
TCP |
mssecsvr.exe PID: 2072 |
United States |
72.82.4.205 |
63642
TCP |
mssecsvr.exe PID: 2072 |
United States |
124.224.137.52 |
63643
TCP |
mssecsvr.exe PID: 2072 |
China |
109.250.102.164 |
63644
TCP |
mssecsvr.exe PID: 2072 |
Germany |
168.128.86.111 |
63645
TCP |
mssecsvr.exe PID: 2072 |
South Africa |
183.185.174.131 |
63646
TCP |
mssecsvr.exe PID: 2072 |
China |
207.208.65.42 |
63647
TCP |
mssecsvr.exe PID: 2072 |
United States |
221.238.138.153 |
63648
TCP |
mssecsvr.exe PID: 2072 |
China |
15.85.127.71 |
63649
TCP |
mssecsvr.exe PID: 2072 |
United States |
22.93.185.189 |
63650
TCP |
mssecsvr.exe PID: 2072 |
United States |
16.129.241.227 |
63651
TCP |
mssecsvr.exe PID: 2072 |
United States |
17.240.67.77 |
63652
TCP |
mssecsvr.exe PID: 2072 |
United States |
90.46.169.212 |
63653
TCP |
mssecsvr.exe PID: 2072 |
France |
165.48.174.247 |
63654
TCP |
mssecsvr.exe PID: 2072 |
United States |
154.57.46.72 |
63655
TCP |
mssecsvr.exe PID: 2072 |
United States |
132.68.128.12 |
63656
TCP |
mssecsvr.exe PID: 2072 |
Israel |
122.142.167.68 |
63657
TCP |
mssecsvr.exe PID: 2072 |
China |
97.10.155.19 |
63658
TCP |
mssecsvr.exe PID: 2072 |
United States |
150.9.81.197 |
63659
TCP |
mssecsvr.exe PID: 2072 |
Japan |
77.232.65.156 |
63660
TCP |
mssecsvr.exe PID: 2072 |
European Union |
190.233.156.180 |
63661
TCP |
mssecsvr.exe PID: 2072 |
Peru |
2.220.206.224 |
63662
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
48.22.154.142 |
63663
TCP |
mssecsvr.exe PID: 2072 |
United States |
107.12.95.198 |
63664
TCP |
mssecsvr.exe PID: 2072 |
United States |
193.76.107.201 |
63665
TCP |
mssecsvr.exe PID: 2072 |
Italy |
35.79.112.181 |
63666
TCP |
mssecsvr.exe PID: 2072 |
United States |
181.214.172.95 |
63667
TCP |
mssecsvr.exe PID: 2072 |
Chile |
140.4.224.70 |
63668
TCP |
mssecsvr.exe PID: 2072 |
United States |
128.67.130.65 |
63669
TCP |
mssecsvr.exe PID: 2072 |
Italy |
74.41.22.162 |
63670
TCP |
mssecsvr.exe PID: 2072 |
United States |
187.186.109.0 |
63671
TCP |
mssecsvr.exe PID: 2072 |
Mexico |
11.0.244.66 |
63672
TCP |
mssecsvr.exe PID: 2072 |
United States |
83.114.24.188 |
63673
TCP |
mssecsvr.exe PID: 2072 |
France |
26.7.188.244 |
63674
TCP |
mssecsvr.exe PID: 2072 |
United States |
174.44.69.183 |
63675
TCP |
mssecsvr.exe PID: 2072 |
United States |
180.21.61.154 |
63676
TCP |
mssecsvr.exe PID: 2072 |
Japan |
173.68.209.30 |
63677
TCP |
mssecsvr.exe PID: 2072 |
United States |
197.63.40.185 |
63678
TCP |
mssecsvr.exe PID: 2072 |
Egypt |
62.1.126.235 |
63679
TCP |
mssecsvr.exe PID: 2072 |
Greece |
165.178.168.44 |
63680
TCP |
mssecsvr.exe PID: 2072 |
Canada |
38.12.84.233 |
63681
TCP |
mssecsvr.exe PID: 2072 |
United States |
218.83.45.175 |
63682
TCP |
mssecsvr.exe PID: 2072 |
China |
49.163.141.100 |
63683
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
95.93.109.19 |
63684
TCP |
mssecsvr.exe PID: 2072 |
Portugal |
187.141.143.152 |
63685
TCP |
mssecsvr.exe PID: 2072 |
Mexico |
201.115.121.58 |
63686
TCP |
mssecsvr.exe PID: 2072 |
Mexico |
5.92.86.188 |
63687
TCP |
mssecsvr.exe PID: 2072 |
Italy |
214.5.237.137 |
63688
TCP |
mssecsvr.exe PID: 2072 |
United States |
16.192.7.0 |
63689
TCP |
mssecsvr.exe PID: 2072 |
United States |
204.12.222.143 |
63690
TCP |
mssecsvr.exe PID: 2072 |
United States |
111.28.104.225 |
63691
TCP |
mssecsvr.exe PID: 2072 |
China |
101.179.3.176 |
63692
TCP |
mssecsvr.exe PID: 2072 |
Australia |
131.217.176.182 |
63693
TCP |
mssecsvr.exe PID: 2072 |
Australia |
32.168.79.10 |
63694
TCP |
mssecsvr.exe PID: 2072 |
United States |
94.251.101.5 |
63695
TCP |
mssecsvr.exe PID: 2072 |
Russian Federation |
151.143.172.176 |
63696
TCP |
mssecsvr.exe PID: 2072 |
United States |
186.2.152.180 |
63698
TCP |
mssecsvr.exe PID: 2072 |
Honduras |
6.163.80.100 |
63699
TCP |
mssecsvr.exe PID: 2072 |
United States |
76.206.26.252 |
63700
TCP |
mssecsvr.exe PID: 2072 |
United States |
169.171.141.69 |
63701
TCP |
mssecsvr.exe PID: 2072 |
United States |
155.108.71.227 |
63702
TCP |
mssecsvr.exe PID: 2072 |
United States |
193.111.115.30 |
63703
TCP |
mssecsvr.exe PID: 2072 |
Ukraine |
52.93.124.249 |
63704
TCP |
mssecsvr.exe PID: 2072 |
United States |
122.38.118.213 |
63705
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
6.1.88.52 |
63706
TCP |
mssecsvr.exe PID: 2072 |
United States |
134.63.7.245 |
63707
TCP |
mssecsvr.exe PID: 2072 |
United States |
204.176.26.9 |
63708
TCP |
mssecsvr.exe PID: 2072 |
United States |
172.214.18.171 |
63709
TCP |
mssecsvr.exe PID: 2072 |
United States |
141.87.56.163 |
63710
TCP |
mssecsvr.exe PID: 2072 |
Germany |
120.73.30.129 |
63711
TCP |
mssecsvr.exe PID: 2072 |
Korea Republic of |
129.32.118.239 |
63712
TCP |
mssecsvr.exe PID: 2072 |
United States |
174.27.33.241 |
63713
TCP |
mssecsvr.exe PID: 2072 |
United States |
60.183.190.194 |
63714
TCP |
mssecsvr.exe PID: 2072 |
China |
28.111.157.155 |
63715
TCP |
mssecsvr.exe PID: 2072 |
United States |
144.173.62.251 |
63716
TCP |
mssecsvr.exe PID: 2072 |
United Kingdom |
112.113.71.129 |
63717
TCP |
mssecsvr.exe PID: 2072 |
China |
198.57.56.193 |
63718
TCP |
mssecsvr.exe PID: 2072 |
United States |
50.189.24.170 |
63719
TCP |
mssecsvr.exe PID: 2072 |
United States |
66.124.140.166 |
63720
TCP |
mssecsvr.exe PID: 2072 |
United States |
2.241.106.52 |
63721
TCP |
mssecsvr.exe PID: 2072 |
Germany |
93.210.41.162 |
63722
TCP |
mssecsvr.exe PID: 2072 |
Germany |
136.22.128.71 |
63723
TCP |
mssecsvr.exe PID: 2072 |
United States |
134.13.198.212 |
63724
TCP |
mssecsvr.exe PID: 2072 |
United States |
164.72.38.177 |
63725
TCP |
mssecsvr.exe PID: 2072 |
United States |
72.158.210.113 |
63726
TCP |
mssecsvr.exe PID: 2072 |
United States |
156.196.88.129 |
63727
TCP |
mssecsvr.exe PID: 2072 |
Egypt |
160.185.63.217 |
63729
TCP |
mssecsvr.exe PID: 2072 |
Japan |
74.208.105.39 |
63730
TCP |
mssecsvr.exe PID: 2072 |
United States |
107.18.219.151 |
63731
TCP |
mssecsvr.exe PID: 2072 |
United States |
195.130.133.117 |
63732
TCP |
mssecsvr.exe PID: 2072 |
Belgium |
27.38.216.91 |
63733
TCP |
mssecsvr.exe PID: 2072 |
China |
95.75.232.198 |
63734
TCP |
mssecsvr.exe PID: 2072 |
Italy |
29.213.202.145 |
63735
TCP |
mssecsvr.exe PID: 2072 |
United States |
Contacted Countries
HTTP Traffic
Endpoint | Request | URL | |
---|---|---|---|
72.5.65.99:80 (www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com) | GET | www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/ | GET / HTTP/1.1
Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
Cache-Control: no-cache More Details |
72.5.65.99:80 (www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com) | GET | www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/ | GET / HTTP/1.1
Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
Cache-Control: no-cache More Details |
Memory Forensics
String | Context | Stream UID |
---|---|---|
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | Domain/IP reference | 00015637-00002072-47450-2-00408140 |
Suricata Alerts
Event | Category | Description | SID |
---|---|---|---|
local -> 8.8.8.8:53 (UDP) | A Network Trojan was detected | ETPRO TROJAN Observed WannaCry Domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff .com in DNS Lookup) | 2830018 |
local -> 52.138.148.89:80 (TCP) | Misc activity | ET INFO Windows OS Submitting USB Metadata to Microsoft | 2025275 |
local -> 52.138.148.89:80 (TCP) | Misc activity | ET INFO Windows OS Submitting USB Metadata to Microsoft | 2025275 |
local -> 52.138.148.89:80 (TCP) | Misc activity | ET INFO Windows OS Submitting USB Metadata to Microsoft | 2025275 |
local -> 52.138.148.89:80 (TCP) | Misc activity | ET INFO Windows OS Submitting USB Metadata to Microsoft | 2025275 |
Extracted Strings
Extracted Files
-
Informative 2
-
-
mssecsvr.exe
- Size
- 2.2MiB (2281472 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Runtime Process
- mssecsvr.exe (PID: 2072)
- MD5
- e0b312a4b510ee7b9e556c537bf78ad6
- SHA1
- 39831c434c9ddd517d6581772e0988d751923fae
- SHA256
- 56f02c7087c752df81d0db83abdd48ae63968e60ad628ea4edcdd46ceade7635
-
tasksche.exe
- Size
- 2MiB (2061938 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Runtime Process
- mssecsvr.exe (PID: 3404)
- MD5
- 9340d8fb4a250f392a125e011a1fd6fa
- SHA1
- ef0beded3f3a1b1d2acf08b5101dfee42e68e577
- SHA256
- 1aaef8f49ee20cb0a4dc3432e526db96c6bb18b9943610d35b78e9f9af9b04b1
-
Notifications
-
Runtime
- Added comment to Virus Total report
- Enforcing malicious verdict, as a reliable source indicates high confidence
- Not all IP/URL string resources were checked online
- Not all sources for indicator ID "api-55" are available in the report
- Not all sources for indicator ID "network-1" are available in the report
- Not all sources for indicator ID "network-17" are available in the report
- Not all sources for indicator ID "network-32" are available in the report
- Not all sources for indicator ID "network-7" are available in the report
- Some low-level data is hidden, as this is only a slim report