A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #29887  by maddog4012
 Thu Jan 26, 2017 7:07 pm
a different sample from the url
Code: Select all
hxxp://finestololoki.top/search.php
here is some info from the sample when it is executed
Code: Select all
File name	1
File type	WIN32 EXE
SHA-1	D7EE71CA343AF6DDCFA616CB30A9DCB1C77C3BF4
MD5	B8F78A8D0D0204608BD548922CE5D447
Size	247874 byte(s)
Risk Level	High risk

Threat characteristics	
Autostart or other system reconfiguration 
File drop, download, sharing, or replication
Hijack, redirection, or data theft
Malformed, defective, or with known malware traits 
Process, service, or memory object change 
Suspicious network or messaging activity
Notable Threat CharacteristicsNotable Threat Characteristics
Autostart or other system reconfiguration 
Characteristic	
Modifies file that can be used to infect systems	C:\documents\project.ppt
Modifies file that can be used to infect systems	C:\documents\agreement.doc
Modifies file that can be used to infect systems	C:\documents\account.xls
Modifies file that can be used to infect systems	F:\project.ppt
Modifies file that can be used to infect systems	F:\agreement.doc
Modifies file that can be used to infect systems	F:\account.xls
Modifies file that can be used to infect systems	E:\account.xlsx
Modifies file that can be used to infect systems	E:\account.xls
Modifies file that can be used to infect systems	E:\project.ppt
Modifies file that can be used to infect systems	E:\agreement.doc
Modifies file that can be used to infect systems	%TEMP%\nsh37C8.tmp\System.dll
Modifies file that can be used to infect systems	%APPDATA%\blindfolds.dll
File drop, download, sharing, or replication
Characteristic
Drops file that can be used to infect systems	
Dropping Process ID: 1780 File: C:\documents\8zloVkEov6.b956
Dropping Process ID: 1780 File: C:\documents\V4pDomgSnP.b956
Dropping Process ID: 1780 File: C:\documents\H-l7A3fkA3.b956
Dropping Process ID: 1780 File: F:\stz3GaviyF.b956
Dropping Process ID: 1780 File: F:\oAeDGVh6p3.b956
Dropping Process ID: 1780 File: F:\kE6kdy9wBz.b956
Dropping Process ID: 1780 File: E:\9sSLG-Hz3r.b956
Dropping Process ID: 1780 File: E:\aKW-wROVD-.b956
Dropping Process ID: 1780 File: E:\zaZVddetrg.b956
Dropping Process ID: 1780 File: E:\gtc6bKwv4z.b956
Dropping Process ID: 3536 File: %TEMP%\nsh37C8.tmp\System.dll
Dropping Process ID: 3536 File: %APPDATA%\blindfolds.dll

Deletes file to compromise the system or to remove traces of the infection	
Process ID: 3536 File: %TEMP%\nsh37C8.tmp
Process ID: 3536 File: %TEMP%\nsw36EC.tmp

Hijack, redirection, or data theft (30)
Characteristic
Accesses decoy file	
C:\documents\project.pptx
C:\documents\project.ppt
C:\documents\contact.pst
C:\documents\contact.pab
C:\documents\contact.ost
C:\documents\contact.oab
C:\documents\agreement.docx
C:\documents\agreement.doc
C:\documents\account.xlsx
C:\documents\account.xls
F:\project.pptx
F:\project.ppt
F:\contact.pst
F:\contact.pab
F:\contact.ost
F:\contact.oab
F:\agreement.docx
F:\agreement.doc
F:\account.xlsx
F:\account.xls
E:\contact.ost
E:\contact.oab
E:\contact.pst
E:\contact.pab
E:\account.xlsx
E:\account.xls
E:\project.pptx
E:\project.ppt
E:\agreement.docx
E:\agreement.doc

Malformed, defective, or with known malware traits
Characteristic	
Exhibits behavior associated with ransomware	Encrypts Files
Exhibits behavior associated with ransomware	
Process ID: 1780 Rare executable file Global Detections: 1

Process, service, or memory object change (7)
Characteristic	
Resides in memory to evade detection	
Injecting Process ID: 3536
Injected API: SetThreadContext
Target Process ID: 1780
Target Image Path: %WorkingDir%\1.exe
Resides in memory to evade detection	
Injecting Process ID: 3536
Target Process ID: 1780
Target Image Path: %WorkingDir%\1.exe
Injected Address: 0x0
Resides in memory to evade detection	
Injecting Process ID: 3536
Target Process ID: 1780
Target Image Path: %WorkingDir%\1.exe
Injected Content: jlhH0A
Resides in memory to evade detection	
Injecting Process ID: 3536
Target Process ID: 1780
Target Image Path: %WorkingDir%\1.exe
Injected Content: .@.
Resides in memory to evade detection	
Injecting Process ID: 3536
Target Process ID: 1780
Target Image Path: %WorkingDir%\1.exe
Injected Content:
Resides in memory to evade detection	
Injecting Process ID: 3536
Target Process ID: 1780
Target Image Path: %WorkingDir%\1.exe
Injected Content: MZ.
Injects memory with dropped files	
Injecting Process ID: 3536
Target Process ID: 1780
Target Image Path: %WorkingDir%\1.exe
File: MZ.
Suspicious network or messaging activity (192)
Characteristic	Details
Attempts to connect to malicious host	
Host: 91.239.24.48
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.192
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.61
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.2.1.29
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.204
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.19
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 91.239.24.34
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.104
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.125
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.80
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.183
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.137
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.131
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.107
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.203
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.90
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.3.1.2
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.69
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.59
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.11
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.3.1.10
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.44
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.71
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.50
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.2.1.31
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.2.1.10
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.209
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.125
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.30
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.92
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.114
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.108
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.66
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.184
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.10
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.3.1.30
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 91.239.25.9
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.38
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.84
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.2.1.25
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.2.1.13
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.52
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.18
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.31
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.113
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.86
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.49
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.64
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.3.1.13
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.12
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.207
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.39
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.246
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.63
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.41
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.233
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.14
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.21
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.202
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.48
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 90.3.1.18
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.3.1.7
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 91.239.24.198
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.157
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 91.239.24.39
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.240
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 91.239.25.95
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 91.239.24.254
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.235
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.243
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.56
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.72
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 91.239.25.195
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.149
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.155
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.3.1.31
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.138
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.161
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.8
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.245
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 91.239.24.173
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 91.239.24.6
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.24
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.85
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.251
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.147
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.174
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.64
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.230
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.33
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.102
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.2.1.12
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.154
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.127
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.164
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.191
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.69
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.150
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.115
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.181
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.4
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.172
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 91.239.24.70
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.146
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.22
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.132
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.136
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.2.1.6
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.2
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.127
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.142
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.194
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.164
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.32
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 91.239.25.74
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.18
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.2.1.26
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.103
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.19
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.34
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 91.239.24.185
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.124
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.85
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.139
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.187
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.44
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.238
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.156
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.2.1.2
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.20
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.134
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.191
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.156
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.2.1.17
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.175
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 91.239.24.30
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.100
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.177
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.242
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.209
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 91.239.25.173
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.201
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.217
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 90.2.1.0
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.66
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.43
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.213
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.2.1.30
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.224
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.234
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.214
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 90.2.1.4
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.168
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.175
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.4
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.247
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.46
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.236
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 90.2.1.14
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.230
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.184
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.228
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.229
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.145
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.198
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.252
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.185
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.20
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.220
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.252
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.241
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 90.2.1.3
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.13
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.47
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.128
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.222
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.65
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.99
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.153
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.36
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.143
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.174
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.115
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.171
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.211
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.98
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.135
Threat Name: CALLBACK_CERBER.WRS
Attempts to connect to malicious host	
Host: 91.239.24.194
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.77
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.219
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.25.7
Threat Name: CALLBACK_RANSOM.WRS
Attempts to connect to malicious host	
Host: 91.239.24.7
Threat Name: CALLBACK_RANSOM.WRS
Network DestinationsNetwork Destinations
IP Address	Port	Location	Risk Level	Threat	Accessed By
91.239.24.48	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.192	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.61	6892	-	High	CALLBACK_RANSOM.WRS	1
90.2.1.29	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.204	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.19	6892	-	High	CALLBACK_CERBER.WRS	1
91.239.24.34	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.104	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.125	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.80	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.183	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.137	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.131	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.107	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.203	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.90	6892	-	High	CALLBACK_RANSOM.WRS	1
90.3.1.2	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.69	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.59	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.11	6892	-	High	CALLBACK_RANSOM.WRS	1
90.3.1.10	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.44	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.71	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.50	6892	-	High	CALLBACK_RANSOM.WRS	1
90.2.1.31	6892	-	High	CALLBACK_RANSOM.WRS	1
90.2.1.10	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.209	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.125	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.30	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.92	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.114	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.108	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.66	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.184	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.10	6892	-	High	CALLBACK_RANSOM.WRS	1
90.3.1.30	6892	-	High	CALLBACK_CERBER.WRS	1
91.239.25.9	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.38	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.84	6892	-	High	CALLBACK_RANSOM.WRS	1
90.2.1.25	6892	-	High	CALLBACK_RANSOM.WRS	1
90.2.1.13	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.52	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.18	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.31	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.113	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.86	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.49	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.64	6892	-	High	CALLBACK_RANSOM.WRS	1
90.3.1.13	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.12	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.207	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.39	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.246	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.63	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.41	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.233	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.14	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.21	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.202	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.48	6892	-	High	CALLBACK_CERBER.WRS	1
90.3.1.18	6892	-	High	CALLBACK_RANSOM.WRS	1
90.3.1.7	6892	-	High	CALLBACK_CERBER.WRS	1
91.239.24.198	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.157	6892	-	High	CALLBACK_CERBER.WRS	1
91.239.24.39	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.240	6892	-	High	CALLBACK_CERBER.WRS	1
91.239.25.95	6892	-	High	CALLBACK_CERBER.WRS	1
91.239.24.254	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.235	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.243	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.56	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.72	6892	-	High	CALLBACK_CERBER.WRS	1
91.239.25.195	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.149	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.155	6892	-	High	CALLBACK_RANSOM.WRS	1
90.3.1.31	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.138	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.161	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.8	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.245	6892	-	High	CALLBACK_CERBER.WRS	1
91.239.24.173	6892	-	High	CALLBACK_CERBER.WRS	1
91.239.24.6	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.24	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.85	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.251	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.147	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.174	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.64	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.230	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.33	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.102	6892	-	High	CALLBACK_RANSOM.WRS	1
90.2.1.12	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.154	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.127	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.164	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.191	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.69	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.150	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.115	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.181	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.4	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.172	6892	-	High	CALLBACK_CERBER.WRS	1
91.239.24.70	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.146	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.22	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.132	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.136	6892	-	High	CALLBACK_RANSOM.WRS	1
90.2.1.6	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.2	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.127	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.142	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.194	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.164	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.32	6892	-	High	CALLBACK_CERBER.WRS	1
91.239.25.74	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.18	6892	-	High	CALLBACK_RANSOM.WRS	1
90.2.1.26	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.103	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.19	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.34	6892	-	High	CALLBACK_CERBER.WRS	1
91.239.24.185	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.124	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.85	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.139	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.187	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.44	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.238	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.156	6892	-	High	CALLBACK_RANSOM.WRS	1
90.2.1.2	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.20	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.134	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.191	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.156	6892	-	High	CALLBACK_RANSOM.WRS	1
90.2.1.17	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.175	6892	-	High	CALLBACK_CERBER.WRS	1
91.239.24.30	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.100	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.177	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.242	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.209	6892	-	High	CALLBACK_CERBER.WRS	1
91.239.25.173	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.201	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.217	6892	-	High	CALLBACK_CERBER.WRS	1
90.2.1.0	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.66	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.43	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.213	6892	-	High	CALLBACK_RANSOM.WRS	1
90.2.1.30	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.224	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.234	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.214	6892	-	High	CALLBACK_CERBER.WRS	1
90.2.1.4	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.168	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.175	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.4	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.247	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.46	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.236	6892	-	High	CALLBACK_CERBER.WRS	1
90.2.1.14	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.230	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.184	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.228	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.229	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.145	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.198	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.252	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.185	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.20	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.220	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.252	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.241	6892	-	High	CALLBACK_RANSOM.WRS	1
90.2.1.3	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.13	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.47	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.128	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.222	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.65	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.99	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.153	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.36	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.143	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.174	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.115	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.171	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.211	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.98	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.135	6892	-	High	CALLBACK_CERBER.WRS	1
91.239.24.194	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.77	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.219	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.7	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.24.7	6892	-	High	CALLBACK_RANSOM.WRS	1
91.239.25.244	6892	-	-	-	1
91.239.25.142	6892	-	-	-	1
91.239.25.93	6892	-	-	-	1
91.239.25.16	6892	-	-	-	1
91.239.24.214	6892	-	-	-	1
91.239.24.118	6892	-	-	-	1
91.239.25.117	6892	-	-	-	1
91.239.24.93	6892	-	-	-	1
91.239.24.122	6892	-	-	-	1
91.239.25.236	6892	-	-	-	1
90.3.1.19	6892	-	-	-	1
91.239.24.76	6892	-	-	-	1
91.239.25.97	6892	-	-	-	1
90.2.1.21	6892	-	-	-	1
91.239.24.205	6892	-	-	-	1
91.239.25.70	6892	-	-	-	1
91.239.24.57	6892	-	-	-	1
91.239.25.92	6892	-	-	-	1
91.239.24.229	6892	-	-	-	1
91.239.25.17	6892	-	-	-	1
91.239.25.104	6892	-	-	-	1
91.239.25.35	6892	-	-	-	1
91.239.25.108	6892	-	-	-	1
91.239.25.121	6892	-	-	-	1
91.239.24.74	6892	-	-	-	1
91.239.24.221	6892	-	-	-	1
90.3.1.28	6892	-	-	-	1
91.239.24.249	6892	-	-	-	1
91.239.25.208	6892	-	-	-	1
90.3.1.23	6892	-	-	-	1
90.2.1.18	6892	-	-	-	1
91.239.24.15	6892	-	-	-	1
91.239.24.45	6892	-	-	-	1
91.239.24.8	6892	-	-	-	1
91.239.25.27	6892	-	-	-	1
91.239.24.97	6892	-	-	-	1
91.239.25.89	6892	-	-	-	1
91.239.25.84	6892	-	-	-	1
91.239.24.67	6892	-	-	-	1
91.239.24.210	6892	-	-	-	1
91.239.24.95	6892	-	-	-	1
91.239.25.99	6892	-	-	-	1
91.239.25.215	6892	-	-	-	1
91.239.25.131	6892	-	-	-	1
91.239.25.158	6892	-	-	-	1
91.239.25.122	6892	-	-	-	1
91.239.24.218	6892	-	-	-	1
91.239.24.248	6892	-	-	-	1
91.239.24.31	6892	-	-	-	1
90.3.1.27	6892	-	-	-	1
91.239.25.26	6892	-	-	-	1
91.239.24.251	6892	-	-	-	1
91.239.24.87	6892	-	-	-	1
91.239.25.91	6892	-	-	-	1
91.239.24.58	6892	-	-	-	1
91.239.25.54	6892	-	-	-	1
91.239.25.237	6892	-	-	-	1
91.239.25.223	6892	-	-	-	1
91.239.24.199	6892	-	-	-	1
91.239.25.24	6892	-	-	-	1
91.239.24.247	6892	-	-	-	1
91.239.24.42	6892	-	-	-	1
91.239.25.86	6892	-	-	-	1
91.239.25.255	6892	-	-	-	1
91.239.24.200	6892	-	-	-	1
91.239.25.45	6892	-	-	-	1
91.239.25.15	6892	-	-	-	1
90.3.1.20	6892	-	-	-	1
91.239.25.160	6892	-	-	-	1
91.239.25.58	6892	-	-	-	1
91.239.25.37	6892	-	-	-	1
90.3.1.22	6892	-	-	-	1
91.239.25.132	6892	-	-	-	1
91.239.24.141	6892	-	-	-	1
91.239.25.168	6892	-	-	-	1
90.2.1.8	6892	-	-	-	1
91.239.24.154	6892	-	-	-	1
91.239.24.176	6892	-	-	-	1
91.239.24.160	6892	-	-	-	1
91.239.24.33	6892	-	-	-	1
91.239.24.96	6892	-	-	-	1
91.239.25.242	6892	-	-	-	1
91.239.24.1	6892	-	-	-	1
91.239.24.195	6892	-	-	-	1
91.239.24.167	6892	-	-	-	1
91.239.25.0	6892	-	-	-	1
91.239.25.141	6892	-	-	-	1
91.239.25.90	6892	-	-	-	1
91.239.25.111	6892	-	-	-	1
90.3.1.21	6892	-	-	-	1
91.239.25.75	6892	-	-	-	1
91.239.25.133	6892	-	-	-	1
91.239.25.101	6892	-	-	-	1
91.239.24.151	6892	-	-	-	1
91.239.24.197	6892	-	-	-	1
91.239.25.94	6892	-	-	-	1
91.239.25.186	6892	-	-	-	1
91.239.25.190	6892	-	-	-	1
91.239.24.102	6892	-	-	-	1
91.239.24.129	6892	-	-	-	1
91.239.25.165	6892	-	-	-	1
91.239.25.197	6892	-	-	-	1
91.239.25.12	6892	-	-	-	1
91.239.24.82	6892	-	-	-	1
91.239.25.109	6892	-	-	-	1
91.239.24.133	6892	-	-	-	1
91.239.25.57	6892	-	-	-	1
91.239.24.121	6892	-	-	-	1
91.239.25.143	6892	-	-	-	1
90.2.1.16	6892	-	-	-	1
91.239.24.26	6892	-	-	-	1
91.239.25.167	6892	-	-	-	1
91.239.25.40	6892	-	-	-	1
91.239.25.63	6892	-	-	-	1
91.239.24.170	6892	-	-	-	1
90.2.1.27	6892	-	-	-	1
91.239.25.46	6892	-	-	-	1
91.239.25.152	6892	-	-	-	1
91.239.24.149	6892	-	-	-	1
91.239.25.130	6892	-	-	-	1
91.239.24.178	6892	-	-	-	1
91.239.25.62	6892	-	-	-	1
91.239.25.116	6892	-	-	-	1
91.239.24.119	6892	-	-	-	1
91.239.25.100	6892	-	-	-	1
91.239.24.213	6892	-	-	-	1
91.239.24.40	6892	-	-	-	1
91.239.25.225	6892	-	-	-	1
91.239.25.180	6892	-	-	-	1
91.239.25.55	6892	-	-	-	1
91.239.24.22	6892	-	-	-	1
91.239.24.186	6892	-	-	-	1
91.239.24.112	6892	-	-	-	1
91.239.25.220	6892	-	-	-	1
91.239.25.188	6892	-	-	-	1
91.239.25.221	6892	-	-	-	1
91.239.24.29	6892	-	-	-	1
91.239.24.255	6892	-	-	-	1
91.239.25.76	6892	-	-	-	1
91.239.24.216	6892	-	-	-	1
91.239.25.234	6892	-	-	-	1
91.239.25.216	6892	-	-	-	1
91.239.24.79	6892	-	-	-	1
91.239.25.200	6892	-	-	-	1
91.239.24.237	6892	-	-	-	1
91.239.24.201	6892	-	-	-	1
91.239.25.207	6892	-	-	-	1
90.2.1.1	6892	-	-	-	1
91.239.25.176	6892	-	-	-	1
91.239.24.116	6892	-	-	-	1
91.239.24.166	6892	-	-	-	1
91.239.24.244	6892	-	-	-	1
91.239.25.123	6892	-	-	-	1
91.239.24.28	6892	-	-	-	1
91.239.25.68	6892	-	-	-	1
91.239.24.171	6892	-	-	-	1
91.239.24.55	6892	-	-	-	1
91.239.25.53	6892	-	-	-	1
91.239.24.203	6892	-	-	-	1
91.239.24.43	6892	-	-	-	1
91.239.24.148	6892	-	-	-	1
91.239.25.135	6892	-	-	-	1
91.239.25.10	6892	-	-	-	1
91.239.24.179	6892	-	-	-	1
91.239.24.21	6892	-	-	-	1
91.239.24.88	6892	-	-	-	1
91.239.25.249	6892	-	-	-	1
90.3.1.9	6892	-	-	-	1
91.239.25.72	6892	-	-	-	1
91.239.24.111	6892	-	-	-	1
91.239.25.161	6892	-	-	-	1
91.239.24.130	6892	-	-	-	1
91.239.25.253	6892	-	-	-	1
91.239.25.196	6892	-	-	-	1
91.239.24.37	6892	-	-	-	1
91.239.24.233	6892	-	-	-	1
91.239.25.241	6892	-	-	-	1
91.239.25.79	6892	-	-	-	1
91.239.24.2	6892	-	-	-	1
91.239.25.222	6892	-	-	-	1
91.239.25.181	6892	-	-	-	1
91.239.24.54	6892	-	-	-	1
91.239.24.231	6892	-	-	-	1
91.239.24.98	6892	-	-	-	1
91.239.24.23	6892	-	-	-	1
91.239.24.113	6892	-	-	-	1
91.239.25.29	6892	-	-	-	1
91.239.24.136	6892	-	-	-	1
91.239.25.189	6892	-	-	-	1
91.239.25.120	6892	-	-	-	1
91.239.24.144	6892	-	-	-	1
91.239.24.110	6892	-	-	-	1
91.239.25.210	6892	-	-	-	1
91.239.24.83	6892	-	-	-	1
91.239.24.126	6892	-	-	-	1
91.239.24.183	6892	-	-	-	1
91.239.24.109	6892	-	-	-	1
91.239.24.223	6892	-	-	-	1
90.2.1.24	6892	-	-	-	1
91.239.25.6	6892	-	-	-	1
90.3.1.25	6892	-	-	-	1
91.239.25.218	6892	-	-	-	1
91.239.25.205	6892	-	-	-	1
91.239.25.78	6892	-	-	-	1
91.239.25.126	6892	-	-	-	1
91.239.25.25	6892	-	-	-	1
90.2.1.22	6892	-	-	-	1
91.239.25.80	6892	-	-	-	1
91.239.24.9	6892	-	-	-	1
91.239.25.179	6892	-	-	-	1
91.239.24.0	6892	-	-	-	1
91.239.25.13	6892	-	-	-	1
91.239.24.81	6892	-	-	-	1
91.239.25.107	6892	-	-	-	1
91.239.25.159	6892	-	-	-	1
91.239.25.71	6892	-	-	-	1
91.239.24.38	6892	-	-	-	1
91.239.24.158	6892	-	-	-	1
91.239.24.73	6892	-	-	-	1
90.3.1.6	6892	-	-	-	1
91.239.25.67	6892	-	-	-	1
91.239.24.202	6892	-	-	-	1
91.239.24.62	6892	-	-	-	1
91.239.24.41	6892	-	-	-	1
91.239.24.17	6892	-	-	-	1
91.239.25.81	6892	-	-	-	1
91.239.25.73	6892	-	-	-	1
90.3.1.26	6892	-	-	-	1
91.239.25.204	6892	-	-	-	1
91.239.24.232	6892	-	-	-	1
91.239.25.88	6892	-	-	-	1
90.3.1.16	6892	-	-	-	1
91.239.24.56	6892	-	-	-	1
91.239.25.52	6892	-	-	-	1
91.239.25.206	6892	-	-	-	1
91.239.24.78	6892	-	-	-	1
91.239.25.105	6892	-	-	-	1
91.239.25.139	6892	-	-	-	1
91.239.25.211	6892	-	-	-	1
91.239.25.148	6892	-	-	-	1
91.239.25.144	6892	-	-	-	1
91.239.25.228	6892	-	-	-	1
91.239.24.75	6892	-	-	-	1
91.239.25.219	6892	-	-	-	1
90.3.1.12	6892	-	-	-	1
91.239.24.243	6892	-	-	-	1
91.239.24.226	6892	-	-	-	1
91.239.25.250	6892	-	-	-	1
91.239.24.94	6892	-	-	-	1
91.239.25.23	6892	-	-	-	1
91.239.25.82	6892	-	-	-	1
91.239.24.89	6892	-	-	-	1
91.239.25.32	6892	-	-	-	1
91.239.25.11	6892	-	-	-	1
91.239.25.47	6892	-	-	-	1
91.239.25.224	6892	-	-	-	1
91.239.25.118	6892	-	-	-	1
91.239.24.172	6892	-	-	-	1
91.239.25.231	6892	-	-	-	1
91.239.25.51	6892	-	-	-	1
91.239.24.250	6892	-	-	-	1
91.239.25.83	6892	-	-	-	1
91.239.24.189	6892	-	-	-	1
91.239.24.51	6892	-	-	-	1
91.239.25.246	6892	-	-	-	1
91.239.25.5	6892	-	-	-	1
91.239.24.5	6892	-	-	-	1
91.239.25.227	6892	-	-	-	1
90.3.1.15	6892	-	-	-	1
91.239.24.14	6892	-	-	-	1
91.239.25.28	6892	-	-	-	1
91.239.25.119	6892	-	-	-	1
90.2.1.9	6892	-	-	-	1
90.3.1.17	6892	-	-	-	1
91.239.25.147	6892	-	-	-	1
91.239.24.134	6892	-	-	-	1
91.239.24.177	6892	-	-	-	1
91.239.25.182	6892	-	-	-	1
91.239.24.165	6892	-	-	-	1
91.239.24.155	6892	-	-	-	1
91.239.25.3	6892	-	-	-	1
91.239.24.128	6892	-	-	-	1
91.239.24.196	6892	-	-	-	1
91.239.25.110	6892	-	-	-	1
91.239.25.42	6892	-	-	-	1
91.239.24.182	6892	-	-	-	1
91.239.24.152	6892	-	-	-	1
91.239.25.238	6892	-	-	-	1
91.239.25.59	6892	-	-	-	1
91.239.25.124	6892	-	-	-	1
90.3.1.14	6892	-	-	-	1
91.239.25.129	6892	-	-	-	1
91.239.25.146	6892	-	-	-	1
91.239.25.226	6892	-	-	-	1
90.3.1.4	6892	-	-	-	1
91.239.25.151	6892	-	-	-	1
91.239.25.112	6892	-	-	-	1
91.239.25.187	6892	-	-	-	1
91.239.24.180	6892	-	-	-	1
91.239.25.87	6892	-	-	-	1
91.239.24.25	6892	-	-	-	1
90.2.1.20	6892	-	-	-	1
91.239.25.166	6892	-	-	-	1
91.239.24.114	6892	-	-	-	1
91.239.24.159	6892	-	-	-	1
91.239.24.16	6892	-	-	-	1
91.239.24.49	6892	-	-	-	1
91.239.24.91	6892	-	-	-	1
91.239.24.120	6892	-	-	-	1
90.2.1.5	6892	-	-	-	1
91.239.24.192	6892	-	-	-	1
91.239.25.150	6892	-	-	-	1
91.239.24.137	6892	-	-	-	1
91.239.25.96	6892	-	-	-	1
91.239.24.190	6892	-	-	-	1
90.3.1.3	6892	-	-	-	1
90.3.1.11	6892	-	-	-	1
90.2.1.7	6892	-	-	-	1
91.239.25.170	6892	-	-	-	1
91.239.24.239	6892	-	-	-	1
91.239.25.60	6892	-	-	-	1
90.2.1.19	6892	-	-	-	1
91.239.24.157	6892	-	-	-	1
90.3.1.5	6892	-	-	-	1
91.239.24.163	6892	-	-	-	1
91.239.25.145	6892	-	-	-	1
91.239.25.162	6892	-	-	-	1
91.239.24.27	6892	-	-	-	1
91.239.24.117	6892	-	-	-	1
91.239.24.169	6892	-	-	-	1
91.239.25.103	6892	-	-	-	1
91.239.25.212	6892	-	-	-	1
91.239.24.208	6892	-	-	-	1
91.239.24.53	6892	-	-	-	1
91.239.24.212	6892	-	-	-	1
90.2.1.23	6892	-	-	-	1
91.239.25.193	6892	-	-	-	1
91.239.24.227	6892	-	-	-	1
91.239.24.215	6892	-	-	-	1
91.239.24.35	6892	-	-	-	1
90.2.1.28	6892	-	-	-	1
91.239.24.105	6892	-	-	-	1
91.239.24.138	6892	-	-	-	1
91.239.24.188	6892	-	-	-	1
91.239.25.199	6892	-	-	-	1
91.239.25.254	6892	-	-	-	1
91.239.25.61	6892	-	-	-	1
91.239.25.217	6892	-	-	-	1
91.239.24.225	6892	-	-	-	1
90.3.1.0	6892	-	-	-	1
91.239.25.235	6892	-	-	-	1
91.239.24.193	6892	-	-	-	1
91.239.25.248	6892	-	-	-	1
90.3.1.29	6892	-	-	-	1
91.239.25.232	6892	-	-	-	1
90.2.1.11	6892	-	-	-	1
91.239.25.169	6892	-	-	-	1
91.239.24.245	6892	-	-	-	1
91.239.24.101	6892	-	-	-	1
91.239.24.153	6892	-	-	-	1
91.239.24.253	6892	-	-	-	1
90.3.1.24	6892	-	-	-	1
91.239.25.77	6892	-	-	-	1
91.239.24.162	6892	-	-	-	1
91.239.25.240	6892	-	-	-	1
91.239.25.1	6892	-	-	-	1
91.239.24.60	6892	-	-	-	1
91.239.24.50	6892	-	-	-	1
91.239.25.178	6892	-	-	-	1
91.239.25.140	6892	-	-	-	1
91.239.25.163	6892	-	-	-	1
91.239.25.106	6892	-	-	-	1
90.3.1.1	6892	-	-	-	1
91.239.24.36	6892	-	-	-	1
91.239.25.239	6892	-	-	-	1
91.239.25.65	6892	-	-	-	1
91.239.24.106	6892	-	-	-	1
90.2.1.15	6892	-	-	-	1
91.239.24.140	6892	-	-	-	1
91.239.24.123	6892	-	-	-	1
91.239.24.3	6892	-	-	-	1
91.239.24.68	6892	-	-	-	1
91.239.24.206	6892	-	-	-	1
90.3.1.8	6892	-	-	-	1
Domain	IP Address	Port	Location	Risk Level	Threat	Accessed By
c.urs.microsoft.com	40.79.73.139	53	-	No risk	-	1
ctldl.windowsupdate.com	184.50.239.65	53	-	No risk	-	1
iecvlist.microsoft.com	72.21.81.200	53	-	No risk	-	1
ieonline.microsoft.com	204.79.197.200	53	-	No risk	-	1
sqm.telemetry.microsoft.com	65.55.252.93	53	-	No risk	-	1
iecvlist.microsoft.com	72.21.81.200	443	-	-	-	1
c.urs.microsoft.com	40.79.73.139	443	-	-	-	1
ieonline.microsoft.com	204.79.197.200	443	-	-	-	1
ctldl.windowsupdate.com	184.50.239.90	80	-	-	-	1
sqm.telemetry.microsoft.com	65.55.252.93	443	-	-	-	1
URL	Site Category	Risk Level	Threat	Accessed By
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0763192a75d3e713	Computers / Internet	No risk	-	1
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?bef5c90847ac95de	Computers / Internet	No risk	-	1
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?43d82ba0384a8fd7	Computers / Internet	No risk	-	1
Dropped or Downloaded FilesDropped or Downloaded Files
File	Threat	Size (bytes)	SHA-1
H-l7A3fkA3.b956	-	23972	9FEF1F22B80FCA6BB0BF1B76CD368A36127C9AE4
8zloVkEov6.b956	-	104356	994B35E64E2887ADDCAF70A6309F288865460454
V4pDomgSnP.b956	-	22440	2E6861A180F93D0D87BF30675A8EBC246F28F519
agreement.doc	-	22440	2E6861A180F93D0D87BF30675A8EBC246F28F519
account.xls	-	23972	9FEF1F22B80FCA6BB0BF1B76CD368A36127C9AE4
project.ppt	-	104356	994B35E64E2887ADDCAF70A6309F288865460454
System.dll	-	11264	523C87C98236CBC04430E87EC19B977595092AC8
blindfolds.dll	-	49152	E1761DFC906713CA21FFABA86FD483FC54F46036
_HELP_HELP_HELP_IWBA5.hta	-	75787	B3A99485B87A0ED9032635E1000A19A32A45C94B
_HELP_HELP_HELP_4VGUQCR7.hta	-	75787	B3A99485B87A0ED9032635E1000A19A32A45C94B
Suspicious ObjectsSuspicious Objects
Type	Object	Risk Level
IP address	91.239.24.108/6892	High
IP address	91.239.24.191/6892	High
IP address	90.3.1.31/6892	High
IP address	91.239.24.145/6892	High
IP address	91.239.24.219/6892	High
IP address	91.239.24.24/6892	High
IP address	91.239.25.137/6892	High
IP address	91.239.25.36/6892	High
IP address	91.239.25.98/6892	High
IP address	91.239.24.59/6892	High
IP address	91.239.25.113/6892	High
IP address	91.239.24.234/6892	High
IP address	91.239.25.39/6892	High
IP address	90.2.1.3/6892	High
IP address	91.239.24.228/6892	High
IP address	91.239.25.85/6892	High
IP address	91.239.24.194/6892	High
IP address	90.2.1.26/6892	High
IP address	91.239.25.184/6892	High
IP address	91.239.25.41/6892	High
IP address	91.239.25.4/6892	High
IP address	91.239.25.102/6892	High
IP address	91.239.24.44/6892	High
IP address	91.239.25.230/6892	High
IP address	91.239.24.131/6892	High
IP address	91.239.24.4/6892	High
IP address	90.2.1.13/6892	High
IP address	91.239.24.146/6892	High
IP address	91.239.24.99/6892	High
IP address	91.239.25.19/6892	High
IP address	91.239.25.56/6892	High
IP address	91.239.24.125/6892	High
IP address	91.239.25.192/6892	High
IP address	91.239.25.172/6892	High
IP address	91.239.24.10/6892	High
IP address	91.239.24.12/6892	High
IP address	91.239.25.136/6892	High
IP address	91.239.24.48/6892	High
IP address	91.239.24.103/6892	High
IP address	91.239.25.214/6892	High
IP address	91.239.24.13/6892	High
IP address	91.239.24.7/6892	High
IP address	91.239.24.127/6892	High
IP address	91.239.24.217/6892	High
IP address	91.239.25.198/6892	High
IP address	91.239.25.164/6892	High
IP address	91.239.25.185/6892	High
IP address	91.239.24.115/6892	High
IP address	91.239.24.47/6892	High
IP address	90.2.1.4/6892	High
IP address	91.239.25.74/6892	High
IP address	91.239.25.195/6892	High
IP address	91.239.24.6/6892	High
IP address	91.239.25.194/6892	High
IP address	91.239.24.147/6892	High
IP address	91.239.24.70/6892	High
IP address	91.239.24.240/6892	High
IP address	91.239.24.85/6892	High
IP address	90.2.1.2/6892	High
IP address	91.239.24.18/6892	High
IP address	91.239.24.175/6892	High
IP address	91.239.24.46/6892	High
IP address	90.3.1.10/6892	High
IP address	91.239.24.184/6892	High
IP address	91.239.24.84/6892	High
IP address	91.239.24.34/6892	High
IP address	91.239.24.124/6892	High
IP address	91.239.25.50/6892	High
IP address	90.3.1.30/6892	High
IP address	91.239.25.183/6892	High
IP address	91.239.25.66/6892	High
IP address	91.239.25.14/6892	High
IP address	91.239.24.242/6892	High
IP address	90.2.1.31/6892	High
IP address	91.239.24.230/6892	High
IP address	91.239.24.72/6892	High
IP address	90.2.1.14/6892	High
IP address	90.2.1.10/6892	High
IP address	91.239.25.175/6892	High
IP address	91.239.24.20/6892	High
IP address	90.2.1.25/6892	High
IP address	91.239.24.164/6892	High
IP address	91.239.24.132/6892	High
IP address	91.239.25.9/6892	High
IP address	91.239.24.80/6892	High
IP address	91.239.25.30/6892	High
IP address	91.239.24.64/6892	High
IP address	91.239.24.161/6892	High
IP address	91.239.24.235/6892	High
IP address	91.239.25.18/6892	High
IP address	90.2.1.17/6892	High
IP address	91.239.25.156/6892	High
IP address	90.3.1.7/6892	High
IP address	91.239.25.155/6892	High
IP address	91.239.24.241/6892	High
IP address	91.239.25.43/6892	High
IP address	91.239.25.171/6892	High
IP address	91.239.24.173/6892	High
IP address	90.3.1.13/6892	High
IP address	91.239.25.173/6892	High
IP address	91.239.25.247/6892	High
IP address	90.3.1.2/6892	High
IP address	90.2.1.29/6892	High
IP address	91.239.24.185/6892	High
IP address	91.239.24.236/6892	High
IP address	91.239.24.107/6892	High
IP address	91.239.25.229/6892	High
IP address	91.239.24.209/6892	High
IP address	91.239.25.177/6892	High
IP address	91.239.24.139/6892	High
IP address	91.239.25.20/6892	High
IP address	91.239.24.19/6892	High
IP address	91.239.24.32/6892	High
IP address	91.239.24.198/6892	High
IP address	91.239.25.48/6892	High
IP address	91.239.24.71/6892	High
IP address	91.239.25.243/6892	High
IP address	91.239.24.204/6892	High
IP address	91.239.24.168/6892	High
IP address	91.239.25.174/6892	High
IP address	91.239.25.64/6892	High
IP address	91.239.24.142/6892	High
IP address	91.239.24.254/6892	High
IP address	91.239.24.143/6892	High
IP address	91.239.24.181/6892	High
IP address	91.239.24.238/6892	High
IP address	91.239.24.150/6892	High
IP address	91.239.25.251/6892	High
IP address	91.239.24.52/6892	High
IP address	90.3.1.18/6892	High
IP address	90.2.1.0/6892	High
IP address	90.2.1.12/6892	High
IP address	91.239.25.154/6892	High
IP address	91.239.24.104/6892	High
IP address	91.239.24.63/6892	High
IP address	91.239.24.252/6892	High
IP address	90.2.1.30/6892	High
IP address	91.239.24.77/6892	High
IP address	91.239.25.245/6892	High
IP address	91.239.25.34/6892	High
IP address	91.239.24.39/6892	High
IP address	91.239.25.203/6892	High
IP address	91.239.25.31/6892	High
IP address	91.239.24.246/6892	High
IP address	91.239.25.44/6892	High
IP address	91.239.24.187/6892	High
IP address	91.239.24.174/6892	High
IP address	91.239.24.211/6892	High
IP address	91.239.25.38/6892	High
IP address	91.239.24.224/6892	High
IP address	91.239.24.30/6892	High
IP address	91.239.24.61/6892	High
IP address	91.239.24.86/6892	High
IP address	91.239.24.207/6892	High
IP address	91.239.25.8/6892	High
IP address	91.239.24.65/6892	High
IP address	91.239.24.66/6892	High
IP address	91.239.25.125/6892	High
IP address	91.239.25.127/6892	High
IP address	91.239.25.95/6892	High
IP address	91.239.25.153/6892	High
IP address	91.239.25.202/6892	High
IP address	91.239.25.49/6892	High
IP address	91.239.24.69/6892	High
IP address	91.239.25.191/6892	High
IP address	91.239.24.156/6892	High
IP address	91.239.25.22/6892	High
IP address	91.239.25.21/6892	High
IP address	91.239.24.222/6892	High
IP address	91.239.24.92/6892	High
IP address	91.239.25.233/6892	High
IP address	91.239.25.157/6892	High
IP address	91.239.24.11/6892	High
IP address	91.239.25.115/6892	High
IP address	90.2.1.6/6892	High
IP address	91.239.24.90/6892	High
File	D7EE71CA343AF6DDCFA616CB30A9DCB1C77C3BF4	High
IP address	91.239.25.33/6892	High
IP address	91.239.25.128/6892	High
IP address	91.239.25.7/6892	High
IP address	91.239.25.138/6892	High
IP address	91.239.25.252/6892	High
IP address	91.239.24.100/6892	High
IP address	91.239.25.149/6892	High
IP address	91.239.25.201/6892	High
IP address	91.239.25.69/6892	High
IP address	91.239.25.134/6892	High
IP address	91.239.24.220/6892	High
IP address	91.239.25.209/6892	High
IP address	91.239.25.114/6892	High
IP address	91.239.24.135/6892	High
IP address	91.239.25.2/6892	High
IP address	91.239.25.213/6892	High


Attachments
pw virus
(236.83 KiB) Downloaded 95 times
 #30310  by xors
 Fri May 05, 2017 8:30 pm
One more
Attachments
password:infected
(364.66 KiB) Downloaded 98 times
  • 1
  • 4
  • 5
  • 6
  • 7
  • 8