Trojan.Siggen28.63607

Техническая информация

Для обеспечения автозапуска и распространения

Модифицирует следующие ключи реестра

[HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\RunDllExe] 'Driver' = '%WINDIR%\Logs\RunDllExe.dll'

Устанавливает следующие настройки сервисов

[HKLM\System\CurrentControlSet\Services\clr_optimization_v3.0.30317_32] 'Start' = '00000002'
[HKLM\System\CurrentControlSet\Services\clr_optimization_v3.0.30317_32] 'ImagePath' = '%WINDIR%\Microsoft.Net\Framework\v3.5\mscorsvw.exe'
[HKLM\System\CurrentControlSet\Services\PolicyAgent] 'Start' = '00000002'
[HKLM\System\CurrentControlSet\Services\Spooler] 'Start' = '00000002'

Создает следующие сервисы

'clr_optimization_v3.0.30317_32' %WINDIR%\Microsoft.Net\Framework\v3.5\mscorsvw.exe

Вредоносные функции

Для затруднения выявления своего присутствия в системе

блокирует запуск следующих системных утилит:

Системный антивирус (Защитник Windows)

Запускает на исполнение

'%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="Microsoft.Net" dir=out program="%WINDIR%\Microsoft.NET\Framework\v3.5\mscorsvw.exe" action=allow
'%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="Microsoft.Net" dir=in program="%WINDIR%\Microsoft.NET\Framework\v3.5\mscorsvw.exe" action=allow

Внедряет код в

следующие системные процессы:

%WINDIR%\syswow64\svchost.exe

Изменения в файловой системе

Создает следующие файлы

%WINDIR%\microsoft.net\framework\v3.5\mscorsvw.exe
%WINDIR%\temp\libeay32.dll
%WINDIR%\temp\libxml2.dll
%WINDIR%\temp\posh-0.dll
%WINDIR%\temp\ssleay32.dll
%WINDIR%\temp\tibe-2.dll
%WINDIR%\temp\trch-1.dll
%WINDIR%\temp\tucl-1.dll
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\content.ie5\fzg8ckj5\hooks[1].jpg
%WINDIR%\temp\ucl.dll
%WINDIR%\temp\x64.dll
%WINDIR%\temp\x86.dll
%WINDIR%\temp\xdvl-0.dll
%WINDIR%\temp\zlib1.dll
%WINDIR%\temp\ip.txt
%WINDIR%\temp\exma-1.dll
%WINDIR%\temp\trfo-2.dll
%WINDIR%\temp\eternalromance-1.4.0.xml
%WINDIR%\temp\wmicc.exe
%WINDIR%\logs\rundllexe.dll
%WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\content.ie5\0ps72r2m\mpmgsvc[1].dll
%WINDIR%\temp\mpmgsvc.dll
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\content.ie5\lixmvqoa\mpmgsvc[1].jpg
%WINDIR%\temp\mpmgsvc.exe
%WINDIR%\temp\cnli-1.dll
%WINDIR%\temp\eternalblue-2.2.0.xml
%WINDIR%\temp\coli-0.dll
%WINDIR%\temp\crli-0.dll
%WINDIR%\temp\dmgd-4.dll
%WINDIR%\temp\doublepulsar-1.3.1.exe
%WINDIR%\temp\doublepulsar-1.3.1.xml
%WINDIR%\temp\eternalblue-2.2.0.exe
%WINDIR%\temp\eternalromance-1.4.0.exe
%WINDIR%\temp\hooks.exe

Удаляет следующие файлы

%WINDIR%\4455.exe

Самоперемещается

из <Полный путь к файлу> в %WINDIR%\syswow64\1220239.bak

Сетевая активность

Подключается к

'4i##.com':3306
'<LOCALNET>.0.30':1433
'<LOCALNET>.3.162':445
'<LOCALNET>.3.161':445
'<LOCALNET>.0.20':1433
'<LOCALNET>.0.17':1433
'<LOCALNET>.0.19':1433
'<LOCALNET>.0.18':1433
'<LOCALNET>.3.160':445
'<LOCALNET>.3.153':445
'<LOCALNET>.0.16':1433
'<LOCALNET>.3.159':445
'<LOCALNET>.0.15':1433
'<LOCALNET>.0.14':1433
'<LOCALNET>.3.157':445
'<LOCALNET>.0.13':1433
'<LOCALNET>.3.156':445
'<LOCALNET>.0.12':1433
'<LOCALNET>.3.155':445
'<LOCALNET>.3.158':445
'<LOCALNET>.0.11':1433
'<LOCALNET>.3.164':445
'<LOCALNET>.3.166':445
'<LOCALNET>.3.118':445
'<LOCALNET>.0.21':1433
'<LOCALNET>.3.174':445
'<LOCALNET>.3.173':445
'<LOCALNET>.3.172':445
'<LOCALNET>.0.29':1433
'<LOCALNET>.3.171':445
'<LOCALNET>.0.28':1433
'<LOCALNET>.3.165':445
'<LOCALNET>.3.169':445
'<LOCALNET>.0.27':1433
'<LOCALNET>.3.163':445
'<LOCALNET>.3.168':445
'<LOCALNET>.0.25':1433
'<LOCALNET>.3.167':445
'<LOCALNET>.0.24':1433
'<LOCALNET>.0.23':1433
'<LOCALNET>.0.22':1433
'<LOCALNET>.3.170':445
'<LOCALNET>.0.31':1433
'<LOCALNET>.3.154':445
'<LOCALNET>.0.10':1433
'<LOCALNET>.0.9':1433
'<LOCALNET>.3.137':445
'<LOCALNET>.3.136':445
'<LOCALNET>.3.135':445
'<LOCALNET>.3.134':445
'<LOCALNET>.3.133':445
'<LOCALNET>.3.132':445
'<LOCALNET>.3.131':445
'<LOCALNET>.3.152':445
'<LOCALNET>.3.130':445
'<LOCALNET>.3.128':445
'<LOCALNET>.3.127':445
'<LOCALNET>.3.126':445
'<LOCALNET>.3.125':445
'<LOCALNET>.3.124':445
'<LOCALNET>.3.123':445
'<LOCALNET>.3.122':445
'<LOCALNET>.3.121':445
'<LOCALNET>.3.129':445
'<LOCALNET>.0.26':1433
'<LOCALNET>.3.140':445
'<LOCALNET>.3.142':445
'<LOCALNET>.3.146':445
'<LOCALNET>.3.139':445
'<LOCALNET>.0.8':1433
'<LOCALNET>.3.151':445
'<LOCALNET>.0.7':1433
'<LOCALNET>.3.150':445
'<LOCALNET>.3.149':445
'<LOCALNET>.0.6':1433
'<LOCALNET>.3.141':445
'<LOCALNET>.3.148':445
'<LOCALNET>.3.147':445
'<LOCALNET>.3.138':445
'<LOCALNET>.0.4':1433
'<LOCALNET>.0.3':1433
'<LOCALNET>.0.2':1433
'<LOCALNET>.3.145':445
'<LOCALNET>.3.143':445
'<LOCALNET>.3.144':445
'<LOCALNET>.0.5':1433
'<LOCALNET>.3.120':445
'<LOCALNET>.0.33':1433
'<LOCALNET>.0.34':1433
'<LOCALNET>.0.56':1433
'<LOCALNET>.0.65':1433
'<LOCALNET>.0.64':1433
'<LOCALNET>.3.205':445
'<LOCALNET>.3.204':445
'<LOCALNET>.0.63':1433
'<LOCALNET>.0.62':1433
'<LOCALNET>.3.203':445
'<LOCALNET>.3.207':445
'<LOCALNET>.3.202':445
'<LOCALNET>.0.60':1433
'<LOCALNET>.3.201':445
'<LOCALNET>.0.59':1433
'<LOCALNET>.3.200':445
'<LOCALNET>.0.58':1433
'<LOCALNET>.0.57':1433
'<LOCALNET>.3.199':445
'<LOCALNET>.3.197':445
'<LOCALNET>.0.61':1433
'<LOCALNET>.0.55':1433
'<LOCALNET>.0.66':1433
'<LOCALNET>.3.208':445
'<LOCALNET>.0.76':1433
'<LOCALNET>.3.216':445
'<LOCALNET>.0.75':1433
'<LOCALNET>.0.74':1433
'<LOCALNET>.3.215':445
'<LOCALNET>.0.73':1433
'<LOCALNET>.3.214':445
'<LOCALNET>.0.72':1433
'<LOCALNET>.3.212':445
'<LOCALNET>.3.213':445
'<LOCALNET>.0.71':1433
'<LOCALNET>.3.211':445
'<LOCALNET>.0.70':1433
'<LOCALNET>.3.210':445
'<LOCALNET>.0.69':1433
'<LOCALNET>.3.209':445
'<LOCALNET>.0.68':1433
'<LOCALNET>.0.67':1433
'<LOCALNET>.3.206':445
'<LOCALNET>.3.179':445
'<LOCALNET>.3.198':445
'<LOCALNET>.3.196':445
'<LOCALNET>.0.42':1433
'<LOCALNET>.0.38':1433
'<LOCALNET>.3.183':445
'<LOCALNET>.0.41':1433
'<LOCALNET>.0.40':1433
'<LOCALNET>.3.182':445
'<LOCALNET>.3.181':445
'<LOCALNET>.0.39':1433
'<LOCALNET>.0.43':1433
'<LOCALNET>.3.180':445
'<LOCALNET>.0.37':1433
'<LOCALNET>.0.54':1433
'<LOCALNET>.0.36':1433
'<LOCALNET>.3.178':445
'<LOCALNET>.0.35':1433
'<LOCALNET>.3.177':445
'<LOCALNET>.3.176':445
'<LOCALNET>.3.175':445
'<LOCALNET>.3.184':445
'<LOCALNET>.0.32':1433
'<LOCALNET>.3.195':445
'<LOCALNET>.3.186':445
'<LOCALNET>.3.194':445
'<LOCALNET>.3.190':445
'<LOCALNET>.0.53':1433
'<LOCALNET>.0.52':1433
'<LOCALNET>.3.193':445
'<LOCALNET>.0.51':1433
'<LOCALNET>.3.192':445
'<LOCALNET>.3.191':445
'<LOCALNET>.0.49':1433
'<LOCALNET>.0.50':1433
'<LOCALNET>.0.48':1433
'<LOCALNET>.3.185':445
'<LOCALNET>.3.189':445
'<LOCALNET>.3.188':445
'<LOCALNET>.3.187':445
'<LOCALNET>.0.47':1433
'<LOCALNET>.0.46':1433
'<LOCALNET>.0.45':1433
'<LOCALNET>.0.44':1433
'<LOCALNET>.3.119':445
'<LOCALNET>.3.117':445
'<LOCALNET>.3.116':445
'<LOCALNET>.2.249':445
'<LOCALNET>.3.2':445
'<LOCALNET>.3.1':445
'<LOCALNET>.2.254':445
'<LOCALNET>.2.253':445
'<LOCALNET>.2.252':445
'<LOCALNET>.2.251':445
'<LOCALNET>.2.250':445
'<LOCALNET>.2.238':445
'<LOCALNET>.3.4':445
'<LOCALNET>.2.239':445
'<LOCALNET>.2.246':445
'<LOCALNET>.2.245':445
'<LOCALNET>.2.244':445
'<LOCALNET>.2.243':445
'<LOCALNET>.2.242':445
'<LOCALNET>.2.241':445
'<LOCALNET>.2.240':445
'<LOCALNET>.2.247':445
'<LOCALNET>.2.248':445
'<LOCALNET>.3.5':445
'<LOCALNET>.3.16':445
'<LOCALNET>.3.17':445
'<LOCALNET>.3.24':445
'<LOCALNET>.3.23':445
'<LOCALNET>.3.22':445
'<LOCALNET>.3.21':445
'<LOCALNET>.3.20':445
'<LOCALNET>.3.18':445
'<LOCALNET>.3.19':445
'<LOCALNET>.3.25':445
'<LOCALNET>.3.6':445
'<LOCALNET>.3.7':445
'<LOCALNET>.3.14':445
'<LOCALNET>.3.13':445
'<LOCALNET>.3.12':445
'<LOCALNET>.3.11':445
'<LOCALNET>.3.10':445
'<LOCALNET>.3.8':445
'<LOCALNET>.3.9':445
'<LOCALNET>.3.15':445
'<LOCALNET>.3.3':445
'<LOCALNET>.3.26':445
'<LOCALNET>.3.27':445
'<LOCALNET>.2.205':445
'<LOCALNET>.2.212':445
'<LOCALNET>.2.211':445
'<LOCALNET>.2.210':445
'<LOCALNET>.2.209':445
'<LOCALNET>.2.208':445
'<LOCALNET>.2.207':445
'<LOCALNET>.2.206':445
'<LOCALNET>.2.213':445
'<LOCALNET>.2.214':445
'<LOCALNET>.2.237':445
'<LOCALNET>.2.202':445
'<LOCALNET>.2.201':445
'<LOCALNET>.2.200':445
'<LOCALNET>.2.199':445
'<LOCALNET>.2.198':445
'<LOCALNET>.2.197':445
'<LOCALNET>.2.196':445
'<LOCALNET>.2.203':445
'<LOCALNET>.2.236':445
'<LOCALNET>.2.215':445
'<LOCALNET>.2.226':445
'<LOCALNET>.2.227':445
'<LOCALNET>.2.234':445
'<LOCALNET>.2.233':445
'<LOCALNET>.2.232':445
'<LOCALNET>.2.231':445
'<LOCALNET>.2.230':445
'<LOCALNET>.2.229':445
'<LOCALNET>.2.228':445
'<LOCALNET>.2.235':445
'<LOCALNET>.2.216':445
'<LOCALNET>.2.217':445
'<LOCALNET>.2.224':445
'<LOCALNET>.2.223':445
'<LOCALNET>.2.222':445
'<LOCALNET>.2.221':445
'<LOCALNET>.2.220':445
'<LOCALNET>.2.219':445
'<LOCALNET>.2.218':445
'<LOCALNET>.2.225':445
'<LOCALNET>.3.28':445
'<LOCALNET>.3.92':445
'<LOCALNET>.3.38':445
'<LOCALNET>.3.72':445
'<LOCALNET>.3.84':445
'<LOCALNET>.3.91':445
'<LOCALNET>.3.90':445
'<LOCALNET>.3.89':445
'<LOCALNET>.3.88':445
'<LOCALNET>.3.87':445
'<LOCALNET>.3.86':445
'<LOCALNET>.3.94':445
'<LOCALNET>.3.85':445
'<LOCALNET>.3.82':445
'<LOCALNET>.3.74':445
'<LOCALNET>.3.81':445
'<LOCALNET>.3.80':445
'<LOCALNET>.3.79':445
'<LOCALNET>.3.78':445
'<LOCALNET>.3.77':445
'<LOCALNET>.3.76':445
'<LOCALNET>.3.93':445
'<LOCALNET>.3.75':445
'<LOCALNET>.3.114':445
'<LOCALNET>.3.97':445
'<LOCALNET>.3.115':445
'<LOCALNET>.3.106':445
'<LOCALNET>.3.113':445
'<LOCALNET>.3.112':445
'<LOCALNET>.3.111':445
'<LOCALNET>.3.110':445
'<LOCALNET>.3.109':445
'<LOCALNET>.3.108':445
'<LOCALNET>.3.105':445
'<LOCALNET>.3.107':445
'<LOCALNET>.3.104':445
'<LOCALNET>.3.96':445
'<LOCALNET>.3.103':445
'<LOCALNET>.3.102':445
'<LOCALNET>.3.101':445
'<LOCALNET>.3.100':445
'<LOCALNET>.3.99':445
'<LOCALNET>.3.98':445
'<LOCALNET>.3.95':445
'<LOCALNET>.3.83':445
'<LOCALNET>.3.73':445
'<LOCALNET>.3.71':445
'<LOCALNET>.3.39':445
'<LOCALNET>.3.46':445
'<LOCALNET>.3.45':445
'<LOCALNET>.3.44':445
'<LOCALNET>.3.43':445
'<LOCALNET>.3.42':445
'<LOCALNET>.3.41':445
'<LOCALNET>.3.40':445
'<LOCALNET>.3.47':445
'<LOCALNET>.3.48':445
'<LOCALNET>.3.49':445
'<LOCALNET>.3.36':445
'<LOCALNET>.3.35':445
'<LOCALNET>.3.34':445
'<LOCALNET>.3.33':445
'<LOCALNET>.3.32':445
'<LOCALNET>.3.31':445
'<LOCALNET>.3.30':445
'<LOCALNET>.3.37':445
'<LOCALNET>.3.50':445
'<LOCALNET>.3.70':445
'<LOCALNET>.3.52':445
'<LOCALNET>.3.29':445
'<LOCALNET>.3.61':445
'<LOCALNET>.3.69':445
'<LOCALNET>.3.68':445
'<LOCALNET>.3.67':445
'<LOCALNET>.3.66':445
'<LOCALNET>.3.65':445
'<LOCALNET>.3.64':445
'<LOCALNET>.3.63':445
'<LOCALNET>.3.62':445
'<LOCALNET>.3.60':445
'<LOCALNET>.3.51':445
'<LOCALNET>.3.59':445
'<LOCALNET>.3.58':445
'<LOCALNET>.3.57':445
'<LOCALNET>.3.56':445
'<LOCALNET>.3.55':445
'<LOCALNET>.3.54':445
'<LOCALNET>.3.53':445
'<LOCALNET>.2.195':445
'<LOCALNET>.2.204':445
'<LOCALNET>.3.217':445
'<LOCALNET>.3.223':445
'<LOCALNET>.4.35':445
'<LOCALNET>.0.246':1433
'<LOCALNET>.4.34':445
'<LOCALNET>.0.245':1433
'<LOCALNET>.0.244':1433
'<LOCALNET>.4.33':445
'<LOCALNET>.4.32':445
'<LOCALNET>.0.243':1433
'<LOCALNET>.1.2':1433
'<LOCALNET>.0.242':1433
'<LOCALNET>.0.241':1433
'<LOCALNET>.4.30':445
'<LOCALNET>.0.240':1433
'<LOCALNET>.4.29':445
'<LOCALNET>.0.239':1433
'<LOCALNET>.4.28':445
'<LOCALNET>.4.27':445
'<LOCALNET>.0.238':1433
'<LOCALNET>.4.31':445
'<LOCALNET>.0.237':1433
'<LOCALNET>.4.26':445
'<LOCALNET>.4.37':445
'<LOCALNET>.0.248':1433
'<LOCALNET>.4.46':445
'<LOCALNET>.1.1':1433
'<LOCALNET>.4.45':445
'<LOCALNET>.4.44':445
'<LOCALNET>.0.255':1433
'<LOCALNET>.0.254':1433
'<LOCALNET>.4.43':445
'<LOCALNET>.4.36':445
'<LOCALNET>.0.253':1433
'<LOCALNET>.0.247':1433
'<LOCALNET>.0.252':1433
'<LOCALNET>.0.251':1433
'<LOCALNET>.4.40':445
'<LOCALNET>.4.39':445
'<LOCALNET>.0.250':1433
'<LOCALNET>.4.38':445
'<LOCALNET>.0.249':1433
'<LOCALNET>.4.42':445
'<LOCALNET>.4.4':445
'<LOCALNET>.4.41':445
'<LOCALNET>.0.230':1433
'<LOCALNET>.4.13':445
'<LOCALNET>.0.224':1433
'<LOCALNET>.0.223':1433
'<LOCALNET>.4.12':445
'<LOCALNET>.0.222':1433
'<LOCALNET>.4.11':445
'<LOCALNET>.0.221':1433
'<LOCALNET>.4.10':445
'<LOCALNET>.0.235':1433
'<LOCALNET>.0.220':1433
'<LOCALNET>.4.8':445
'<LOCALNET>.0.219':1433
'<LOCALNET>.0.218':1433
'<LOCALNET>.0.217':1433
'<LOCALNET>.4.7':445
'<LOCALNET>.4.6':445
'<LOCALNET>.4.5':445
'<LOCALNET>.0.216':1433
'<LOCALNET>.4.9':445
'<LOCALNET>.0.236':1433
'<LOCALNET>.4.25':445
'<LOCALNET>.0.226':1433
'<LOCALNET>.4.14':445
'<LOCALNET>.4.24':445
'<LOCALNET>.0.234':1433
'<LOCALNET>.4.23':445
'<LOCALNET>.0.233':1433
'<LOCALNET>.4.22':445
'<LOCALNET>.0.232':1433
'<LOCALNET>.4.21':445
'<LOCALNET>.4.15':445
'<LOCALNET>.0.231':1433
'<LOCALNET>.0.225':1433
'<LOCALNET>.4.19':445
'<LOCALNET>.4.18':445
'<LOCALNET>.0.229':1433
'<LOCALNET>.4.17':445
'<LOCALNET>.0.228':1433
'<LOCALNET>.0.227':1433
'<LOCALNET>.4.16':445
'<LOCALNET>.4.20':445
'<LOCALNET>.0.215':1433
'<LOCALNET>.4.47':445
'<LOCALNET>.1.8':1433
'<LOCALNET>.4.79':445
'<LOCALNET>.1.35':1433
'<LOCALNET>.4.78':445
'<LOCALNET>.1.34':1433
'<LOCALNET>.4.77':445
'<LOCALNET>.4.76':445
'<LOCALNET>.1.33':1433
'<LOCALNET>.4.75':445
'<LOCALNET>.1.26':1433
'<LOCALNET>.1.32':1433
'<LOCALNET>.4.74':445
'<LOCALNET>.4.73':445
'<LOCALNET>.1.30':1433
'<LOCALNET>.4.72':445
'<LOCALNET>.1.29':1433
'<LOCALNET>.4.71':445
'<LOCALNET>.1.28':1433
'<LOCALNET>.4.70':445
'<LOCALNET>.1.31':1433
'<LOCALNET>.1.27':1433
'<LOCALNET>.1.36':1433
'<LOCALNET>.4.84':445
'<LOCALNET>.1.47':1433
'<LOCALNET>.4.88':445
'<LOCALNET>.1.46':1433
'<LOCALNET>.1.45':1433
'<LOCALNET>.4.87':445
'<LOCALNET>.4.86':445
'<LOCALNET>.1.44':1433
'<LOCALNET>.4.85':445
'<LOCALNET>.4.80':445
'<LOCALNET>.1.37':1433
'<LOCALNET>.1.42':1433
'<LOCALNET>.1.41':1433
'<LOCALNET>.4.83':445
'<LOCALNET>.1.40':1433
'<LOCALNET>.4.82':445
'<LOCALNET>.1.39':1433
'<LOCALNET>.4.81':445
'<LOCALNET>.1.38':1433
'<LOCALNET>.1.43':1433
'<LOCALNET>.1.4':1433
'<LOCALNET>.1.3':1433
'<LOCALNET>.4.68':445
'<LOCALNET>.4.53':445
'<LOCALNET>.4.56':445
'<LOCALNET>.1.12':1433
'<LOCALNET>.4.55':445
'<LOCALNET>.4.54':445
'<LOCALNET>.1.11':1433
'<LOCALNET>.1.9':1433
'<LOCALNET>.1.10':1433
'<LOCALNET>.1.13':1433
'<LOCALNET>.4.57':445
'<LOCALNET>.1.25':1433
'<LOCALNET>.4.51':445
'<LOCALNET>.1.7':1433
'<LOCALNET>.1.6':1433
'<LOCALNET>.4.50':445
'<LOCALNET>.1.5':1433
'<LOCALNET>.4.49':445
'<LOCALNET>.4.48':445
'<LOCALNET>.4.52':445
'<LOCALNET>.4.69':445
'<LOCALNET>.1.14':1433
'<LOCALNET>.4.63':445
'<LOCALNET>.4.64':445
'<LOCALNET>.4.67':445
'<LOCALNET>.1.23':1433
'<LOCALNET>.4.66':445
'<LOCALNET>.1.22':1433
'<LOCALNET>.4.65':445
'<LOCALNET>.1.21':1433
'<LOCALNET>.1.20':1433
'<LOCALNET>.1.24':1433
'<LOCALNET>.4.58':445
'<LOCALNET>.4.59':445
'<LOCALNET>.4.62':445
'<LOCALNET>.1.18':1433
'<LOCALNET>.4.61':445
'<LOCALNET>.1.17':1433
'<LOCALNET>.1.16':1433
'<LOCALNET>.4.60':445
'<LOCALNET>.1.15':1433
'<LOCALNET>.1.19':1433
'<LOCALNET>.4.3':445
'<LOCALNET>.0.213':1433
'<LOCALNET>.2.16':445
'<LOCALNET>.0.111':1433
'<LOCALNET>.0.118':1433
'<LOCALNET>.0.117':1433
'<LOCALNET>.0.116':1433
'<LOCALNET>.0.115':1433
'<LOCALNET>.0.114':1433
'<LOCALNET>.0.113':1433
'<LOCALNET>.0.112':1433
'<LOCALNET>.0.100':1433
'<LOCALNET>.0.120':1433
'<LOCALNET>.0.101':1433
'<LOCALNET>.0.108':1433
'<LOCALNET>.0.107':1433
'<LOCALNET>.0.106':1433
'<LOCALNET>.0.105':1433
'<LOCALNET>.0.104':1433
'<LOCALNET>.0.103':1433
'<LOCALNET>.0.102':1433
'<LOCALNET>.0.109':1433
'<LOCALNET>.0.110':1433
'<LOCALNET>.0.121':1433
'<LOCALNET>.0.132':1433
'<LOCALNET>.0.133':1433
'<LOCALNET>.0.140':1433
'<LOCALNET>.0.139':1433
'<LOCALNET>.0.138':1433
'<LOCALNET>.0.137':1433
'<LOCALNET>.0.136':1433
'<LOCALNET>.0.135':1433
'<LOCALNET>.0.134':1433
'<LOCALNET>.0.141':1433
'<LOCALNET>.0.122':1433
'<LOCALNET>.0.123':1433
'<LOCALNET>.0.130':1433
'<LOCALNET>.0.129':1433
'<LOCALNET>.0.128':1433
'<LOCALNET>.0.127':1433
'<LOCALNET>.0.126':1433
'<LOCALNET>.0.125':1433
'<LOCALNET>.0.124':1433
'<LOCALNET>.0.131':1433
'<LOCALNET>.0.144':1433
'<LOCALNET>.0.142':1433
'<LOCALNET>.0.143':1433
'<LOCALNET>.0.82':1433
'<LOCALNET>.0.86':1433
'<LOCALNET>.0.85':1433
'<LOCALNET>.3.226':445
'<LOCALNET>.0.84':1433
'<LOCALNET>.3.225':445
'<LOCALNET>.3.224':445
'<LOCALNET>.0.83':1433
'<LOCALNET>.3.227':445
'<LOCALNET>.0.87':1433
'<LOCALNET>.0.99':1433
'<LOCALNET>.3.222':445
'<LOCALNET>.0.80':1433
'<LOCALNET>.3.221':445
'<LOCALNET>.3.220':445
'<LOCALNET>.0.79':1433
'<LOCALNET>.3.219':445
'<LOCALNET>.0.78':1433
'<LOCALNET>.0.81':1433
'<LOCALNET>.0.98':1433
'<LOCALNET>.3.228':445
'<LOCALNET>.0.93':1433
'<LOCALNET>.3.234':445
'<LOCALNET>.0.97':1433
'<LOCALNET>.3.237':445
'<LOCALNET>.0.95':1433
'<LOCALNET>.0.96':1433
'<LOCALNET>.3.236':445
'<LOCALNET>.0.94':1433
'<LOCALNET>.3.235':445
'<LOCALNET>.3.238':445
'<LOCALNET>.3.229':445
'<LOCALNET>.0.88':1433
'<LOCALNET>.3.233':445
'<LOCALNET>.3.232':445
'<LOCALNET>.0.91':1433
'<LOCALNET>.3.231':445
'<LOCALNET>.0.90':1433
'<LOCALNET>.3.230':445
'<LOCALNET>.0.89':1433
'<LOCALNET>.0.92':1433
'<LOCALNET>.0.145':1433
'<LOCALNET>.3.245':445
'<LOCALNET>.0.165':1433
'<LOCALNET>.0.203':1433
'<LOCALNET>.3.241':445
'<LOCALNET>.3.244':445
'<LOCALNET>.3.243':445
'<LOCALNET>.3.242':445
'<LOCALNET>.0.201':1433
'<LOCALNET>.0.200':1433
'<LOCALNET>.0.199':1433
'<LOCALNET>.0.204':1433
'<LOCALNET>.0.198':1433
'<LOCALNET>.0.197':1433
'<LOCALNET>.0.190':1433
'<LOCALNET>.3.239':445
'<LOCALNET>.0.196':1433
'<LOCALNET>.0.195':1433
'<LOCALNET>.0.194':1433
'<LOCALNET>.0.193':1433
'<LOCALNET>.0.192':1433
'<LOCALNET>.0.202':1433
'<LOCALNET>.0.191':1433
'<LOCALNET>.4.2':445
'<LOCALNET>.0.208':1433
'<LOCALNET>.0.119':1433
'<LOCALNET>.4.1':445
'<LOCALNET>.0.212':1433
'<LOCALNET>.0.211':1433
'<LOCALNET>.3.254':445
'<LOCALNET>.3.253':445
'<LOCALNET>.0.210':1433
'<LOCALNET>.0.209':1433
'<LOCALNET>.0.189':1433
'<LOCALNET>.3.246':445
'<LOCALNET>.3.251':445
'<LOCALNET>.0.207':1433
'<LOCALNET>.3.249':445
'<LOCALNET>.3.250':445
'<LOCALNET>.0.206':1433
'<LOCALNET>.0.205':1433
'<LOCALNET>.3.248':445
'<LOCALNET>.3.247':445
'<LOCALNET>.3.252':445
'<LOCALNET>.3.240':445
'<LOCALNET>.0.188':1433
'<LOCALNET>.0.187':1433
'<LOCALNET>.0.153':1433
'<LOCALNET>.0.161':1433
'<LOCALNET>.0.160':1433
'<LOCALNET>.0.159':1433
'<LOCALNET>.0.158':1433
'<LOCALNET>.0.157':1433
'<LOCALNET>.0.156':1433
'<LOCALNET>.0.164':1433
'<LOCALNET>.0.162':1433
'<LOCALNET>.0.155':1433
'<LOCALNET>.0.166':1433
'<LOCALNET>.0.151':1433
'<LOCALNET>.0.150':1433
'<LOCALNET>.0.149':1433
'<LOCALNET>.0.148':1433
'<LOCALNET>.0.147':1433
'<LOCALNET>.0.146':1433
'<LOCALNET>.0.154':1433
'<LOCALNET>.0.152':1433
'<LOCALNET>.0.167':1433
'<LOCALNET>.0.185':1433
'<LOCALNET>.0.77':1433
'<LOCALNET>.0.163':1433
'<LOCALNET>.0.176':1433
'<LOCALNET>.0.184':1433
'<LOCALNET>.0.183':1433
'<LOCALNET>.0.182':1433
'<LOCALNET>.0.181':1433
'<LOCALNET>.0.180':1433
'<LOCALNET>.0.179':1433
'<LOCALNET>.0.178':1433
'<LOCALNET>.0.177':1433
'<LOCALNET>.0.175':1433
'<LOCALNET>.0.186':1433
'<LOCALNET>.0.174':1433
'<LOCALNET>.0.173':1433
'<LOCALNET>.0.172':1433
'<LOCALNET>.0.171':1433
'<LOCALNET>.0.170':1433
'<LOCALNET>.0.169':1433
'<LOCALNET>.0.168':1433
'<LOCALNET>.3.218':445
'<LOCALNET>.2.194':445
'<LOCALNET>.2.193':445
'<LOCALNET>.2.192':445
'<LOCALNET>.0.227':445
'<LOCALNET>.0.234':445
'<LOCALNET>.0.233':445
'<LOCALNET>.0.232':445
'<LOCALNET>.0.231':445
'<LOCALNET>.0.230':445
'<LOCALNET>.0.229':445
'<LOCALNET>.0.228':445
'<LOCALNET>.0.216':445
'<LOCALNET>.0.236':445
'<LOCALNET>.0.218':445
'<LOCALNET>.0.224':445
'<LOCALNET>.0.223':445
'<LOCALNET>.0.222':445
'<LOCALNET>.0.221':445
'<LOCALNET>.0.220':445
'<LOCALNET>.0.219':445
'<LOCALNET>.0.217':445
'<LOCALNET>.0.225':445
'<LOCALNET>.0.226':445
'<LOCALNET>.0.237':445
'<LOCALNET>.0.248':445
'<LOCALNET>.0.249':445
'<LOCALNET>.1.2':445
'<LOCALNET>.1.1':445
'<LOCALNET>.0.254':445
'<LOCALNET>.0.253':445
'<LOCALNET>.0.252':445
'<LOCALNET>.0.251':445
'<LOCALNET>.0.250':445
'<LOCALNET>.1.3':445
'<LOCALNET>.0.238':445
'<LOCALNET>.0.239':445
'<LOCALNET>.0.246':445
'<LOCALNET>.0.245':445
'<LOCALNET>.0.244':445
'<LOCALNET>.0.243':445
'<LOCALNET>.0.242':445
'<LOCALNET>.0.241':445
'<LOCALNET>.0.240':445
'<LOCALNET>.0.247':445
'<LOCALNET>.1.5':445
'<LOCALNET>.1.4':445
'<LOCALNET>.0.173':445
'<LOCALNET>.0.183':445
'<LOCALNET>.0.190':445
'<LOCALNET>.0.189':445
'<LOCALNET>.0.188':445
'<LOCALNET>.0.187':445
'<LOCALNET>.0.186':445
'<LOCALNET>.0.185':445
'<LOCALNET>.0.184':445
'<LOCALNET>.0.191':445
'<LOCALNET>.0.192':445
'<LOCALNET>.0.215':445
'<LOCALNET>.0.180':445
'<LOCALNET>.0.179':445
'<LOCALNET>.0.178':445
'<LOCALNET>.0.177':445
'<LOCALNET>.0.176':445
'<LOCALNET>.0.175':445
'<LOCALNET>.0.174':445
'<LOCALNET>.0.181':445
'<LOCALNET>.0.214':445
'<LOCALNET>.0.193':445
'<LOCALNET>.0.203':445
'<LOCALNET>.0.205':445
'<LOCALNET>.0.212':445
'<LOCALNET>.0.211':445
'<LOCALNET>.0.210':445
'<LOCALNET>.0.209':445
'<LOCALNET>.0.207':445
'<LOCALNET>.0.208':445
'<LOCALNET>.0.206':445
'<LOCALNET>.0.213':445
'<LOCALNET>.0.194':445
'<LOCALNET>.0.195':445
'<LOCALNET>.0.202':445
'<LOCALNET>.0.201':445
'<LOCALNET>.0.200':445
'<LOCALNET>.0.199':445
'<LOCALNET>.0.198':445
'<LOCALNET>.0.197':445
'<LOCALNET>.0.196':445
'<LOCALNET>.0.204':445
'<LOCALNET>.0.182':445
'<LOCALNET>.1.7':445
'<LOCALNET>.1.49':445
'<LOCALNET>.1.61':445
'<LOCALNET>.1.68':445
'<LOCALNET>.1.67':445
'<LOCALNET>.1.66':445
'<LOCALNET>.1.65':445
'<LOCALNET>.1.64':445
'<LOCALNET>.1.63':445
'<LOCALNET>.1.62':445
'<LOCALNET>.1.71':445
'<LOCALNET>.1.70':445
'<LOCALNET>.1.51':445
'<LOCALNET>.1.58':445
'<LOCALNET>.1.57':445
'<LOCALNET>.1.56':445
'<LOCALNET>.1.55':445
'<LOCALNET>.1.54':445
'<LOCALNET>.1.53':445
'<LOCALNET>.1.52':445
'<LOCALNET>.1.59':445
'<LOCALNET>.1.60':445
'<LOCALNET>.1.73':445
'<LOCALNET>.1.6':445
'<LOCALNET>.1.90':445
'<LOCALNET>.1.89':445
'<LOCALNET>.1.88':445
'<LOCALNET>.1.87':445
'<LOCALNET>.1.86':445
'<LOCALNET>.1.85':445
'<LOCALNET>.1.84':445
'<LOCALNET>.1.72':445
'<LOCALNET>.1.91':445
'<LOCALNET>.1.83':445
'<LOCALNET>.1.80':445
'<LOCALNET>.1.79':445
'<LOCALNET>.1.78':445
'<LOCALNET>.1.77':445
'<LOCALNET>.1.76':445
'<LOCALNET>.1.75':445
'<LOCALNET>.1.74':445
'<LOCALNET>.1.82':445
'<LOCALNET>.1.81':445
'<LOCALNET>.1.69':445
'<LOCALNET>.1.50':445
'<LOCALNET>.1.25':445
'<LOCALNET>.1.15':445
'<LOCALNET>.1.23':445
'<LOCALNET>.1.22':445
'<LOCALNET>.1.21':445
'<LOCALNET>.1.20':445
'<LOCALNET>.1.19':445
'<LOCALNET>.1.18':445
'<LOCALNET>.1.26':445
'<LOCALNET>.1.24':445
'<LOCALNET>.1.17':445
'<LOCALNET>.1.27':445
'<LOCALNET>.1.13':445
'<LOCALNET>.1.12':445
'<LOCALNET>.1.11':445
'<LOCALNET>.1.10':445
'<LOCALNET>.1.9':445
'<LOCALNET>.1.8':445
'<LOCALNET>.1.16':445
'<LOCALNET>.1.14':445
'<LOCALNET>.1.48':445
'<LOCALNET>.1.29':445
'<LOCALNET>.0.172':445
'<LOCALNET>.1.37':445
'<LOCALNET>.1.45':445
'<LOCALNET>.1.44':445
'<LOCALNET>.1.43':445
'<LOCALNET>.1.42':445
'<LOCALNET>.1.41':445
'<LOCALNET>.1.40':445
'<LOCALNET>.1.28':445
'<LOCALNET>.1.46':445
'<LOCALNET>.1.39':445
'<LOCALNET>.1.47':445
'<LOCALNET>.1.35':445
'<LOCALNET>.1.34':445
'<LOCALNET>.1.33':445
'<LOCALNET>.1.32':445
'<LOCALNET>.1.31':445
'<LOCALNET>.1.30':445
'<LOCALNET>.1.38':445
'<LOCALNET>.1.36':445
'<LOCALNET>.0.171':445
'<LOCALNET>.0.170':445
'<LOCALNET>.0.58':445
'<LOCALNET>.0.56':445
'<LOCALNET>.0.55':445
'<LOCALNET>.0.54':445
'<LOCALNET>.0.53':445
'<LOCALNET>.0.52':445
'<LOCALNET>.0.51':445
'<LOCALNET>.0.59':445
'<LOCALNET>.0.50':445
'<LOCALNET>.0.48':445
'<LOCALNET>.0.47':445
'<LOCALNET>.0.46':445
'<LOCALNET>.0.45':445
'<LOCALNET>.0.44':445
'<LOCALNET>.0.43':445
'<LOCALNET>.0.42':445
'<LOCALNET>.0.41':445
'<LOCALNET>.0.49':445
'<LOCALNET>.0.40':445
'<LOCALNET>.0.60':445
'<LOCALNET>.0.39':445
'<LOCALNET>.0.37':445
'<LOCALNET>.0.79':445
'<LOCALNET>.0.78':445
'<LOCALNET>.0.77':445
'<LOCALNET>.0.76':445
'<LOCALNET>.0.75':445
'<LOCALNET>.0.74':445
'<LOCALNET>.0.73':445
'<LOCALNET>.0.61':445
'<LOCALNET>.0.72':445
'<LOCALNET>.0.62':445
'<LOCALNET>.0.69':445
'<LOCALNET>.0.68':445
'<LOCALNET>.0.67':445
'<LOCALNET>.0.66':445
'<LOCALNET>.0.65':445
'<LOCALNET>.0.64':445
'<LOCALNET>.0.63':445
'<LOCALNET>.0.71':445
'<LOCALNET>.0.81':445
'<LOCALNET>.0.80':445
'<LOCALNET>.0.70':445
'<LOCALNET>.0.14':445
'<LOCALNET>.0.26':445
'<LOCALNET>.0.12':445
'<LOCALNET>.0.11':445
'<LOCALNET>.0.10':445
'<LOCALNET>.0.9':445
'<LOCALNET>.0.8':445
'<LOCALNET>.0.7':445
'<LOCALNET>.0.15':445
'<LOCALNET>.0.6':445
'<LOCALNET>.0.4':445
'<LOCALNET>.0.3':445
'<LOCALNET>.0.2':445
'<LOCALNET_GATEWAY>':445
'op####ta.baidu.com':80
'me####s.3322.org':80
'ho##.ftp21.cc':80
'we#.#62-com.com':53
'<LOCALNET>.0.5':445
'<LOCALNET>.0.38':445
'<LOCALNET>.0.16':445
'<LOCALNET>.0.83':445
'<LOCALNET>.0.13':445
'<LOCALNET>.0.35':445
'<LOCALNET>.0.34':445
'<LOCALNET>.0.33':445
'<LOCALNET>.0.32':445
'<LOCALNET>.0.31':445
'<LOCALNET>.0.30':445
'<LOCALNET>.0.29':445
'<LOCALNET>.0.17':445
'<LOCALNET>.0.28':445
'<LOCALNET>.0.18':445
'<LOCALNET>.0.25':445
'<LOCALNET>.0.24':445
'<LOCALNET>.0.23':445
'<LOCALNET>.0.22':445
'<LOCALNET>.0.21':445
'<LOCALNET>.0.20':445
'<LOCALNET>.0.19':445
'<LOCALNET>.0.27':445
'<LOCALNET>.0.82':445
'<LOCALNET>.0.36':445
'<LOCALNET>.0.57':445
'<LOCALNET>.0.84':445
'<LOCALNET>.0.146':445
'<LOCALNET>.0.137':445
'<LOCALNET>.0.145':445
'<LOCALNET>.0.144':445
'<LOCALNET>.0.143':445
'<LOCALNET>.0.142':445
'<LOCALNET>.0.141':445
'<LOCALNET>.0.140':445
'<LOCALNET>.0.148':445
'<LOCALNET>.0.126':445
'<LOCALNET>.0.139':445
'<LOCALNET>.0.149':445
'<LOCALNET>.0.135':445
'<LOCALNET>.0.134':445
'<LOCALNET>.0.133':445
'<LOCALNET>.0.132':445
'<LOCALNET>.0.131':445
'<LOCALNET>.0.130':445
'<LOCALNET>.0.138':445
'<LOCALNET>.0.136':445
'<LOCALNET>.0.129':445
'<LOCALNET>.0.151':445
'<LOCALNET>.0.128':445
'<LOCALNET>.0.159':445
'<LOCALNET>.0.167':445
'<LOCALNET>.0.166':445
'<LOCALNET>.0.165':445
'<LOCALNET>.0.164':445
'<LOCALNET>.0.163':445
'<LOCALNET>.0.162':445
'<LOCALNET>.0.150':445
'<LOCALNET>.0.168':445
'<LOCALNET>.0.161':445
'<LOCALNET>.0.169':445
'<LOCALNET>.0.157':445
'<LOCALNET>.0.156':445
'<LOCALNET>.0.155':445
'<LOCALNET>.0.154':445
'<LOCALNET>.0.153':445
'<LOCALNET>.0.152':445
'<LOCALNET>.0.160':445
'<LOCALNET>.0.158':445
'<LOCALNET>.0.127':445
'<LOCALNET>.0.102':445
'<LOCALNET>.0.147':445
'<LOCALNET>.0.100':445
'<LOCALNET>.0.99':445
'<LOCALNET>.0.98':445
'<LOCALNET>.0.97':445
'<LOCALNET>.0.96':445
'<LOCALNET>.0.95':445
'<LOCALNET>.0.103':445
'<LOCALNET>.0.94':445
'<LOCALNET>.0.92':445
'<LOCALNET>.0.91':445
'<LOCALNET>.0.90':445
'<LOCALNET>.0.89':445
'<LOCALNET>.0.88':445
'<LOCALNET>.0.87':445
'<LOCALNET>.0.86':445
'<LOCALNET>.0.85':445
'<LOCALNET>.0.93':445
'<LOCALNET>.0.104':445
'<LOCALNET>.0.105':445
'<LOCALNET>.0.101':445
'<LOCALNET>.0.106':445
'<LOCALNET>.0.124':445
'<LOCALNET>.0.115':445
'<LOCALNET>.0.123':445
'<LOCALNET>.0.122':445
'<LOCALNET>.0.121':445
'<LOCALNET>.0.120':445
'<LOCALNET>.0.119':445
'<LOCALNET>.0.118':445
'<LOCALNET>.0.117':445
'<LOCALNET>.0.116':445
'<LOCALNET>.0.114':445
'<LOCALNET>.0.125':445
'<LOCALNET>.0.113':445
'<LOCALNET>.0.112':445
'<LOCALNET>.0.111':445
'<LOCALNET>.0.110':445
'<LOCALNET>.0.109':445
'<LOCALNET>.0.108':445
'<LOCALNET>.0.107':445
'<LOCALNET>.1.92':445
'<LOCALNET>.1.93':445
'<LOCALNET>.0.235':445
'<LOCALNET>.1.94':445
'<LOCALNET>.2.80':445
'<LOCALNET>.2.72':445
'<LOCALNET>.2.79':445
'<LOCALNET>.2.78':445
'<LOCALNET>.2.77':445
'<LOCALNET>.2.76':445
'<LOCALNET>.2.75':445
'<LOCALNET>.2.74':445
'<LOCALNET>.2.73':445
'<LOCALNET>.2.61':445
'<LOCALNET>.2.81':445
'<LOCALNET>.2.62':445
'<LOCALNET>.2.69':445
'<LOCALNET>.2.68':445
'<LOCALNET>.2.67':445
'<LOCALNET>.2.66':445
'<LOCALNET>.2.65':445
'<LOCALNET>.2.64':445
'<LOCALNET>.2.63':445
'<LOCALNET>.2.70':445
'<LOCALNET>.2.71':445
'<LOCALNET>.2.82':445
'<LOCALNET>.2.93':445
'<LOCALNET>.2.94':445
'<LOCALNET>.2.101':445
'<LOCALNET>.2.100':445
'<LOCALNET>.2.99':445
'<LOCALNET>.2.98':445
'<LOCALNET>.2.97':445
'<LOCALNET>.2.96':445
'<LOCALNET>.2.95':445
'<LOCALNET>.2.102':445
'<LOCALNET>.2.83':445
'<LOCALNET>.2.84':445
'<LOCALNET>.2.91':445
'<LOCALNET>.2.90':445
'<LOCALNET>.2.89':445
'<LOCALNET>.2.88':445
'<LOCALNET>.2.87':445
'<LOCALNET>.2.86':445
'<LOCALNET>.2.85':445
'<LOCALNET>.2.92':445
'<LOCALNET>.2.105':445
'<LOCALNET>.2.103':445
'<LOCALNET>.2.104':445
'<LOCALNET>.2.28':445
'<LOCALNET>.2.35':445
'<LOCALNET>.2.34':445
'<LOCALNET>.2.33':445
'<LOCALNET>.2.32':445
'<LOCALNET>.2.31':445
'<LOCALNET>.2.30':445
'<LOCALNET>.2.29':445
'<LOCALNET>.2.36':445
'<LOCALNET>.2.37':445
'<LOCALNET>.2.60':445
'<LOCALNET>.2.24':445
'<LOCALNET>.2.25':445
'<LOCALNET>.2.23':445
'<LOCALNET>.2.22':445
'<LOCALNET>.2.21':445
'<LOCALNET>.2.20':445
'<LOCALNET>.2.19':445
'<LOCALNET>.2.26':445
'<LOCALNET>.2.59':445
'<LOCALNET>.2.38':445
'<LOCALNET>.2.49':445
'<LOCALNET>.2.50':445
'<LOCALNET>.2.57':445
'<LOCALNET>.2.56':445
'<LOCALNET>.2.55':445
'<LOCALNET>.2.54':445
'<LOCALNET>.2.53':445
'<LOCALNET>.2.52':445
'<LOCALNET>.2.51':445
'<LOCALNET>.2.58':445
'<LOCALNET>.2.39':445
'<LOCALNET>.2.40':445
'<LOCALNET>.2.47':445
'<LOCALNET>.2.46':445
'<LOCALNET>.2.45':445
'<LOCALNET>.2.44':445
'<LOCALNET>.2.43':445
'<LOCALNET>.2.42':445
'<LOCALNET>.2.41':445
'<LOCALNET>.2.48':445
'<LOCALNET>.2.106':445
'<LOCALNET>.2.169':445
'<LOCALNET>.2.126':445
'<LOCALNET>.2.171':445
'<LOCALNET>.2.161':445
'<LOCALNET>.2.168':445
'<LOCALNET>.2.167':445
'<LOCALNET>.2.166':445
'<LOCALNET>.2.165':445
'<LOCALNET>.2.164':445
'<LOCALNET>.2.163':445
'<LOCALNET>.2.173':445
'<LOCALNET>.2.162':445
'<LOCALNET>.2.159':445
'<LOCALNET>.2.151':445
'<LOCALNET>.2.158':445
'<LOCALNET>.2.157':445
'<LOCALNET>.2.156':445
'<LOCALNET>.2.155':445
'<LOCALNET>.2.154':445
'<LOCALNET>.2.153':445
'<LOCALNET>.2.170':445
'<LOCALNET>.2.152':445
'<LOCALNET>.2.191':445
'<LOCALNET>.2.182':445
'<LOCALNET>.1.95':445
'<LOCALNET>.2.190':445
'<LOCALNET>.2.189':445
'<LOCALNET>.2.188':445
'<LOCALNET>.2.187':445
'<LOCALNET>.2.186':445
'<LOCALNET>.2.185':445
'<LOCALNET>.2.184':445
'<LOCALNET>.2.150':445
'<LOCALNET>.2.172':445
'<LOCALNET>.2.181':445
'<LOCALNET>.2.180':445
'<LOCALNET>.2.179':445
'<LOCALNET>.2.178':445
'<LOCALNET>.2.177':445
'<LOCALNET>.2.176':445
'<LOCALNET>.2.175':445
'<LOCALNET>.2.174':445
'<LOCALNET>.2.183':445
'<LOCALNET>.2.160':445
'<LOCALNET>.2.149':445
'<LOCALNET>.2.148':445
'<LOCALNET>.2.114':445
'<LOCALNET>.2.122':445
'<LOCALNET>.2.121':445
'<LOCALNET>.2.120':445
'<LOCALNET>.2.119':445
'<LOCALNET>.2.118':445
'<LOCALNET>.2.117':445
'<LOCALNET>.2.125':445
'<LOCALNET>.2.123':445
'<LOCALNET>.2.116':445
'<LOCALNET>.2.127':445
'<LOCALNET>.2.112':445
'<LOCALNET>.2.111':445
'<LOCALNET>.2.110':445
'<LOCALNET>.2.109':445
'<LOCALNET>.2.108':445
'<LOCALNET>.2.107':445
'<LOCALNET>.2.115':445
'<LOCALNET>.2.113':445
'<LOCALNET>.2.128':445
'<LOCALNET>.2.146':445
'<LOCALNET>.2.18':445
'<LOCALNET>.2.124':445
'<LOCALNET>.2.137':445
'<LOCALNET>.2.145':445
'<LOCALNET>.2.144':445
'<LOCALNET>.2.143':445
'<LOCALNET>.2.142':445
'<LOCALNET>.2.141':445
'<LOCALNET>.2.140':445
'<LOCALNET>.2.139':445
'<LOCALNET>.2.138':445
'<LOCALNET>.2.136':445
'<LOCALNET>.2.147':445
'<LOCALNET>.2.135':445
'<LOCALNET>.2.134':445
'<LOCALNET>.2.133':445
'<LOCALNET>.2.132':445
'<LOCALNET>.2.131':445
'<LOCALNET>.2.130':445
'<LOCALNET>.2.129':445
'<LOCALNET>.2.27':445
'<LOCALNET>.0.214':1433
'<LOCALNET>.4.89':445
'<LOCALNET>.2.15':445
'<LOCALNET>.1.156':445
'<LOCALNET>.1.155':445
'<LOCALNET>.1.154':445
'<LOCALNET>.1.153':445
'<LOCALNET>.1.152':445
'<LOCALNET>.1.151':445
'<LOCALNET>.1.150':445
'<LOCALNET>.1.158':445
'<LOCALNET>.1.149':445
'<LOCALNET>.1.147':445
'<LOCALNET>.1.146':445
'<LOCALNET>.1.145':445
'<LOCALNET>.1.144':445
'<LOCALNET>.1.143':445
'<LOCALNET>.1.142':445
'<LOCALNET>.1.141':445
'<LOCALNET>.1.140':445
'<LOCALNET>.1.148':445
'<LOCALNET>.1.139':445
'<LOCALNET>.1.180':445
'<LOCALNET>.1.138':445
'<LOCALNET>.1.179':445
'<LOCALNET>.1.178':445
'<LOCALNET>.1.177':445
'<LOCALNET>.1.176':445
'<LOCALNET>.1.175':445
'<LOCALNET>.1.174':445
'<LOCALNET>.1.173':445
'<LOCALNET>.1.172':445
'<LOCALNET>.1.160':445
'<LOCALNET>.1.159':445
'<LOCALNET>.1.169':445
'<LOCALNET>.1.168':445
'<LOCALNET>.1.167':445
'<LOCALNET>.1.166':445
'<LOCALNET>.1.165':445
'<LOCALNET>.1.164':445
'<LOCALNET>.1.163':445
'<LOCALNET>.1.162':445
'<LOCALNET>.1.170':445
'<LOCALNET>.1.161':445
'<LOCALNET>.1.171':445
'<LOCALNET>.1.136':445
'<LOCALNET>.1.127':445
'<LOCALNET>.1.112':445
'<LOCALNET>.1.111':445
'<LOCALNET>.1.110':445
'<LOCALNET>.1.109':445
'<LOCALNET>.1.108':445
'<LOCALNET>.1.107':445
'<LOCALNET>.1.106':445
'<LOCALNET>.1.113':445
'<LOCALNET>.1.105':445
'<LOCALNET>.1.103':445
'<LOCALNET>.1.102':445
'<LOCALNET>.1.101':445
'<LOCALNET>.1.100':445
'<LOCALNET>.1.99':445
'<LOCALNET>.1.98':445
'<LOCALNET>.1.97':445
'<LOCALNET>.1.96':445
'<LOCALNET>.1.104':445
'<LOCALNET>.1.137':445
'<LOCALNET>.1.181':445
'<LOCALNET>.1.114':445
'<LOCALNET>.1.135':445
'<LOCALNET>.1.134':445
'<LOCALNET>.1.133':445
'<LOCALNET>.1.132':445
'<LOCALNET>.1.131':445
'<LOCALNET>.1.130':445
'<LOCALNET>.1.129':445
'<LOCALNET>.1.128':445
'<LOCALNET>.1.116':445
'<LOCALNET>.1.115':445
'<LOCALNET>.1.125':445
'<LOCALNET>.1.124':445
'<LOCALNET>.1.123':445
'<LOCALNET>.1.122':445
'<LOCALNET>.1.121':445
'<LOCALNET>.1.120':445
'<LOCALNET>.1.119':445
'<LOCALNET>.1.118':445
'<LOCALNET>.1.126':445
'<LOCALNET>.1.117':445
'<LOCALNET>.1.157':445
'<LOCALNET>.1.182':445
'<LOCALNET>.1.246':445
'<LOCALNET>.1.238':445
'<LOCALNET>.1.245':445
'<LOCALNET>.1.244':445
'<LOCALNET>.1.243':445
'<LOCALNET>.1.242':445
'<LOCALNET>.1.241':445
'<LOCALNET>.1.240':445
'<LOCALNET>.1.239':445
'<LOCALNET>.1.226':445
'<LOCALNET>.1.247':445
'<LOCALNET>.1.228':445
'<LOCALNET>.1.235':445
'<LOCALNET>.1.234':445
'<LOCALNET>.1.233':445
'<LOCALNET>.1.231':445
'<LOCALNET>.1.232':445
'<LOCALNET>.1.230':445
'<LOCALNET>.1.229':445
'<LOCALNET>.1.236':445
'<LOCALNET>.1.237':445
'<LOCALNET>.1.248':445
'<LOCALNET>.2.5':445
'<LOCALNET>.2.6':445
'<LOCALNET>.2.13':445
'<LOCALNET>.2.12':445
'<LOCALNET>.2.11':445
'<LOCALNET>.2.10':445
'<LOCALNET>.2.9':445
'<LOCALNET>.2.8':445
'<LOCALNET>.2.7':445
'<LOCALNET>.2.14':445
'<LOCALNET>.1.250':445
'<LOCALNET>.1.249':445
'<LOCALNET>.2.3':445
'<LOCALNET>.2.2':445
'<LOCALNET>.2.1':445
'<LOCALNET>.1.254':445
'<LOCALNET>.1.253':445
'<LOCALNET>.1.252':445
'<LOCALNET>.1.251':445
'<LOCALNET>.2.4':445
'<LOCALNET>.1.227':445
'<LOCALNET>.1.225':445
'<LOCALNET>.1.183':445
'<LOCALNET>.1.200':445
'<LOCALNET>.1.199':445
'<LOCALNET>.1.198':445
'<LOCALNET>.1.197':445
'<LOCALNET>.1.196':445
'<LOCALNET>.1.195':445
'<LOCALNET>.1.194':445
'<LOCALNET>.1.202':445
'<LOCALNET>.1.193':445
'<LOCALNET>.1.191':445
'<LOCALNET>.1.190':445
'<LOCALNET>.1.189':445
'<LOCALNET>.1.188':445
'<LOCALNET>.1.187':445
'<LOCALNET>.1.186':445
'<LOCALNET>.1.185':445
'<LOCALNET>.1.184':445
'<LOCALNET>.1.192':445
'<LOCALNET>.1.203':445
'<LOCALNET>.1.201':445
'<LOCALNET>.1.204':445
'<LOCALNET>.1.224':445
'<LOCALNET>.1.215':445
'<LOCALNET>.1.223':445
'<LOCALNET>.1.222':445
'<LOCALNET>.1.221':445
'<LOCALNET>.1.220':445
'<LOCALNET>.1.219':445
'<LOCALNET>.1.218':445
'<LOCALNET>.1.217':445
'<LOCALNET>.1.216':445
'<LOCALNET>.1.214':445
'<LOCALNET>.1.205':445
'<LOCALNET>.1.213':445
'<LOCALNET>.1.212':445
'<LOCALNET>.1.211':445
'<LOCALNET>.1.210':445
'<LOCALNET>.1.209':445
'<LOCALNET>.1.208':445
'<LOCALNET>.1.207':445
'<LOCALNET>.1.206':445
'<LOCALNET>.2.17':445
'<LOCALNET>.4.90':445

TCP

Запросы HTTP GET

http://ho##.ftp21.cc/MpMgSvc.dll
http://ho##.ftp21.cc/MpMgSvc.jpg
http://11#.#84.169.48/dyndns/getip
http://45.##3.194.189/api.php?qu################################################
http://ho##.ftp21.cc/Hooks.jpg

UDP

DNS ASK 4i##.com
DNS ASK ss#.#tp21.cc
DNS ASK we#.#62-com.com
DNS ASK ho##.ftp21.cc
DNS ASK me####s.3322.org
DNS ASK op####ta.baidu.com

Другое

Создает и запускает на исполнение

'%WINDIR%\microsoft.net\framework\v3.5\mscorsvw.exe' Win7
'%WINDIR%\4455.exe'
'%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Start-Sleep -s 2;del "%WINDIR%\4455.exe"
'%WINDIR%\temp\mpmgsvc.exe'
'%WINDIR%\temp\wmicc.exe'

Запускает на исполнение

'%WINDIR%\syswow64\netsh.exe' ipsec static add policy name=Block (со скрытым окном)
'%WINDIR%\syswow64\netsh.exe' ipsec static add filterlist name=Filter1 (со скрытым окном)
'%WINDIR%\syswow64\netsh.exe' ipsec static add filter filterlist=Filter1 srcaddr=any dstaddr=Me dstport=135 protocol=TCP (со скрытым окном)
'%WINDIR%\syswow64\netsh.exe' ipsec static add filter filterlist=Filter1 srcaddr=any dstaddr=Me dstport=139 protocol=TCP (со скрытым окном)
'%WINDIR%\syswow64\netsh.exe' ipsec static add filter filterlist=Filter1 srcaddr=any dstaddr=Me dstport=445 protocol=TCP (со скрытым окном)
'%WINDIR%\syswow64\netsh.exe' ipsec static add filteraction name=FilteraAtion1 action=block (со скрытым окном)
'%WINDIR%\syswow64\netsh.exe' ipsec static add rule name=Rule1 policy=Block filterlist=Filter1 filteraction=FilteraAtion1 (со скрытым окном)
'%WINDIR%\syswow64\netsh.exe' ipsec static set policy name=Block assign=y (со скрытым окном)
'%WINDIR%\syswow64\svchost.exe'
'%WINDIR%\syswow64\cmd.exe' /c %WINDIR%\Temp\GetPassword.exe >%WINDIR%\Temp\PWD.txt (со скрытым окном)
'%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="Microsoft.Net" dir=out program="%WINDIR%\Microsoft.NET\Framework\v3.5\mscorsvw.exe" action=allow (со скрытым окном)
'%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="Microsoft.Net" dir=in program="%WINDIR%\Microsoft.NET\Framework\v3.5\mscorsvw.exe" action=allow (со скрытым окном)
'%WINDIR%\4455.exe' (со скрытым окном)
'%WINDIR%\temp\mpmgsvc.exe' (со скрытым окном)
'%WINDIR%\temp\wmicc.exe' (со скрытым окном)

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней