UNC3944: SMS Phishing, SIM Swapping, and Ransomware Attacks

UNC3944, a financially motivated threat group, has been leveraging SMS phishing (smishing) campaigns to target organizations and gain unauthorized access to their systems. According to a detailed report by Mandiant, the group uses phone-based social engineering and smishing to obtain credentials, escalate access, and compromise victim organizations. Some UNC3944 threat actors are known to operate in underground communities, such as Telegram and underground forums, to acquire tools, services, and support for their operations.

Mandiant has identified at least three phishing kits used by UNC3944 in their campaigns, used to capture authentication credentials for Okta, Microsoft Office 365/Azure, VPNs, or edge devices. Between late 2021 and mid-2022, the group used a phishing kit called EIGHTBAIT, designed to send captured credentials to an actor-controlled Telegram channel EIGHTBAIT can also deploy AnyDesk to a victim’s system, indicating the kit’s potential use for remote access. After, other two phishing kits has been use in parallel with EIGHTBAIT.

UNC3944’s tactics include SMS phishing, SIM swapping, and impersonating users to trick customer support call centers and help desks into visiting attacker-controlled lookalike websites.

Further, UNC3944 avoids using unique malware: the group has primarily used a variety of legitimate remote management tools (e.g., AnyDesk) or tunneling tools (e.g., Chisel) to gain and maintain persistent access. In at least one case, it used the Remote Access Tools (RATs) ParallaxRAT and Ratty.

---

MITRE ATT&CK techniques

Tactic Name	Technique id	Technique name
Initial Access	t1078	Valid Accounts
	t1190	Exploit Public-Facing Application
	t1199	Trusted Relationship
	t1566	Phishing
	t1566.001	Spearphishing Attachment
	t1566.002	Spearphishing Link
Execution	t1047	Windows Management Instrumentation
	t1053	Scheduled Task/Job
	t1053.005	Scheduled Task
	t1059	Command and Scripting Interpreter
	t1059.001	PowerShell
	t1059.003	Windows Command Shell
	t1059.006	Python
	t1204	User Execution
	t1204.001	Malicious Link
	t1569	System Services
	t1569.002	Service Execution
Persistence	t1053	Scheduled Task/Job
	t1078	Valid Accounts
	t1098	Account Manipulation
	t1098.005	Device Registration
	t1136	Create Account
	t1136.001	Local Account
	t1136.002	Domain Account
	t1136.003	Cloud Account
	t1542	Pre-OS Boot
	t1542.003	Bootkit
	t1547	Boot or Logon Autostart Execution
	t1547.006	Kernel Modules and Extensions
Privilege Escalation	t1068	Exploitation for Privilege Escalation
	t1134	Access Token Manipulation
	t1484	Domain Policy Modification
	t1484.002	Domain Trust Modification
	t1547	Boot or Logon Autostart Execution
	t1547.006	Kernel Modules and Extensions
	t1548	Abuse Elevation Control Mechanism
	t1548.002	Bypass User Account Control
Defense Evasion	t1014	Rootkit
	t1027	Obfuscated Files or Information
	t1027.001	Binary Padding
	t1027.005	Indicator Removal from Tools
	t1036	Masquerading
	t1036.003	Rename System Utilities
	t1036.005	Match Legitimate Name or Location
	t1055.002	Portable Executable Injection
	t1078	Valid Accounts
	t1197	BITS Jobs
	t1211	Exploitation for Defense Evasion
	t1484	Domain Policy Modification
	t1484.002	Domain Trust Modification
	t1542	Pre-OS Boot
	t1542.003	Bootkit
	t1550	Use Alternate Authentication Material
	t1550.004	Web Session Cookie
	t1556	Modify Authentication Process
	t1562	Impair Defenses
	t1562.001	Disable or Modify Tools
	t1562.003	Impair Command History Logging
	t1562.004	Disable or Modify System Firewall
	t1562.008	Disable Cloud Logs
	t1562.009	Safe Mode Boot
	t1578	Modify Cloud Compute Infrastructure
	t1578.002	Create Cloud Instance
Credential Access	t1003	OS Credential Dumping
	t1003.001	LSASS Memory
	t1003.003	NTDS
	t1003.004	LSA Secrets
	t1003.006	DCSync
	t1056	Input Capture
	t1098	Account Manipulation
	t1111	Multi-Factor Authentication Interception
	t1552	Unsecured Credentials
	t1552.001	Credentials In Files
	t1552.005	Cloud Instance Metadata API
	t1555	Credentials from Password Stores
	t1621	Multi-Factor Authentication Request Generation
Discovery	t1016	System Network Configuration Discovery
	t1016.001	Internet Connection Discovery
	t1018	Remote System Discovery
	t1046	Network Service Discovery
	t1069	Permission Groups Discovery
	t1087	Account Discovery
	t1087.001	Local Account
	t1087.002	Domain Account
	t1087.004	Cloud Account
	t1482	Domain Trust Discovery
	t1526	Cloud Service Discovery
	t1580	Cloud Infrastructure Discovery
	t1615	Group Policy Discovery
	t1619	Cloud Storage Object Discovery
Lateral Movement	t1021	Remote Services
	t1021.001	Remote Desktop Protocol
	t1021.002	SMB/Windows Admin Shares
	t1021.004	SSH
	t1021.006	Windows Remote Management
Collection	t1005	Data from Local System
	t1114	Email Collection
	t1213	Data from Information Repositories
	t1213.002	Sharepoint
	t1213.003	Code Repositories
	t1530	Data from Cloud Storage
	t1567	Exfiltration Over Web Service
	t1567.002	Exfiltration to Cloud Storage
Command And Control	t1071	Application Layer Protocol
	t1071.001	Web Protocols
	t1090	Proxy
	t1090.002	External Proxy
	t1219	Remote Access Software
	t1571	Non-Standard Port
Impact	t1486	Data Encrypted for Impact
	t1529	System Shutdown/Reboot
	t1531	Account Access Removal
Resource Development	t1583	Acquire Infrastructure
	t1587	Develop Capabilities
	t1587.001	Malware
	t1588.002	Tool
	t1588.005	Exploits
	t1608.002	Upload Tool

---

Indicators of Compromise

Indicator	Type
internaifb.com	Domain
vzhelp.net	Domain
alorica-servicenow.net	Domain
kroll-help.com	Domain
windtre-aiuto.com	Domain
vzw-corp.com	Domain
vz-corp.com	Domain
vz-corp.net	Domain
mytmocenter.com	Domain
my-att.net	Domain
blockfi-help.com	Domain
shz.al	Domain
attheip.net	Domain
att-heip.com	Domain
singtel-schedule.com	Domain
rci-rogers.net	Domain
vodafone-schedules.com	Domain
sentinel-one.s3.us-east-005.backblazeb2.com	Domain
servicevnow.com	Domain
login.infosys-servicenow.com	Domain
okta.syniverse-sso.com	Domain
infocision.net	Domain
www.discord-sso.com	Domain
tmobble.us	Domain
www.zendesk-sso.net	Domain
usceiiuiar.com	Domain
att-cso.com	Domain
quaifone.net	Domain
sprlnt-sso.net	Domain
alorica-cms.net	Domain
login.infosys-servicenow.net	Domain
www.bnymellon-gateway.com	Domain
boxsso.com	Domain
onetouchsso.com	Domain
zd-corp.co	Domain
comcastschedule.com	Domain
login.discord-sso.com	Domain
tmobie.org	Domain
zdcorp.co	Domain
login.zendesk-sso.net	Domain
auth.syniverse-sso.com	Domain
transunion-sso.net	Domain
www.infosys-sso.com	Domain
zdsso.net	Domain
www.bnymellon-internal.com	Domain
login.syniverse-sso.com	Domain
login.infosys-sso.net	Domain
att-access.com	Domain
coxsso.com	Domain
icare-sprint.com	Domain
www.bnymellon-inc.com	Domain
nuance-helpdesk.com	Domain
servicenow-ibex.com	Domain
www.conduent-servicenow.com	Domain
www.pldt-servicenow.net	Domain
www.servicenow-conduent.com	Domain
wwww.lowes-sso.com	Domain
www.servicenow-infosysapps.com	Domain
oath-helpdesk.com	Domain
login.lowes-sso.com	Domain
airtel-servicenow.com	Domain
www.alticeusa-helpdesk.com	Domain
www.infosys-servicenow.net	Domain
lowes-sso.com	Domain
www.servicenow-ibex.com	Domain
login.zendesk-servicedesk.com	Domain
epic-servicedesk.com	Domain
login.servicenow-infosysapps.com	Domain
rogers-helpdesk.net	Domain
www.airtel-servicenow.com	Domain
www.snapchat-sso.com	Domain
www.rogers-helpdesk.net	Domain
login.snapchat-sso.com	Domain
buildabear-sso.com	Domain
mphasis-servicenow.com	Domain
suncor-sso.com	Domain
sso-frontier.net	Domain
riotgames-helpdesk.com	Domain
riot-helpdesk.com	Domain
ea-helpdesk.com	Domain
reddit-servicedesk.com	Domain
conduent-servicenow.com	Domain
tech-helpdesk.net	Domain
shopify-helpdesk.com	Domain
atlassian-helpdesk.com	Domain
servicenow-conduent.com	Domain
servicedesk-reddit.com	Domain
helpdesk-reddit.com	Domain
servicenow-nbrace.com	Domain
alticeusa-helpdesk.com	Domain
okta.ultra-secure.me	Domain
login.airtel-servicenow.com	Domain
login.cognizant-servicenow.com	Domain
id-sephora.com	Domain
zendesk-servicedesk.com	Domain
evolution-sso.com	Domain
paloaltonetworks-helpdesk.com	Domain
pldt-servicenow.net	Domain
sso-elba.com	Domain
sso-raiff.com	Domain
retail-tmo.com	Domain
robinhood-servicedesk.com	Domain
policy-freshworks.com	Domain
edwardjones-sso.com	Domain
airtel-sso.com	Domain
bnymellow-gateway.com	Domain
wellsfargo-sso.net	Domain
pldt-servicenow.com	Domain
sso-eu-edenred.com	Domain
perfect-tc.com	Domain
suite-freshworks.com	Domain
bnymellon-gateway.com	Domain
infosys-servicenow.com	Domain
servicenow-infosysapps.com	Domain
snapchat-sso.com	Domain
zendesk-sso.com	Domain
infosys-sso.com	Domain
bnymellon-inc.com	Domain
zendesk-sso.net	Domain
att-login.net	Domain
discord-sso.com	Domain
infosys-sso.net	Domain
infosys-servicenow.net	Domain
bnymellon-internal.com	Domain
sso-freshdesk.com	Domain
sso-capgemini.com	Domain
pacificlife-sso.net	Domain
fox-internal.com	Domain
relianceindustriesindia.com	Domain
employee.pacificlife-sso.net	Domain
login.tcs-consulting.net	Domain
login.fox-internal.com	Domain
fox-sso.com	Domain
nike-tickets.com	Domain
sso-sky.com	Domain
sso-wipro.com	Domain
sso-telus.com	Domain
sso-hgs.com	Domain
vpn-sinch.com	Domain
okta-messagebird.com	Domain
sso-sendinblue.com	Domain
corp-sinch.com	Domain
sso-twilio.com	Domain
sso-klaviyo.com	Domain
tpri-tmus.com	Domain
tap-tm-dispatch.com	Domain
tap-rebellion.com	Domain
corp-star-tek.com	Domain
tap-remo.com	Domain
tap-wrkspce.com	Domain
sso-star-tek.com	Domain
sso-qualfon.com	Domain
fbh.itsm-us1.comodo.com	Domain
remote-tm.com	Domain
syniverse-sso.net	Domain
syniverse-sso.com	Domain
sso-cntrx.com	Domain
info-logln.com	Domain
sso-compucom.com	Domain
tmus-corp.com	Domain
sso-techmahindra.com	Domain
employee-clouds.com	Domain
tmus-retail.com	Domain
att-ops.com	Domain
onetouchdlrect.co	Domain
blockfi.employee-clouds.com	Domain
tmus-sso.com	Domain
att-emp.com	Domain
sso-startek.com	Domain
mahindra-sso.com	Domain
corp-tmus.com	Domain
corp-dxc.com	Domain
blockfi-corp.com	Domain
simpleidentity.help	Domain
tracfone-hr.com	Domain
hcl-msft.com	Domain
tracfone-msft.com	Domain
sprint-corp.net	Domain
hcl-corp.com	Domain
login.startek-msft.com	Domain
startek-msft.com	Domain
edge-metropcs.com	Domain
corp-rogers.com	Domain
startek-corp.com	Domain
sprint-sso.net	Domain
tmo-rso.com	Domain
ctl-help.com	Domain
tmo-rss.com	Domain
login.resortsworld-okta.com	Domain
login.amd-sso.com	Domain
primecomms-corp.com	Domain
amd-sso.com	Domain
primecomms-sso.com	Domain
resortsworld-okta.com	Domain
mcointernal-sso.com	Domain
login.identityssohr.com	Domain
token-rogers.com	Domain
help-tdc.com	Domain
corp-ibex.com	Domain
dashboard-cbhq.com	Domain
login.sso-moonpay.com	Domain
sso-sasktel.com	Domain
sso-ibex.com	Domain
sso-teksystems.com	Domain
sso-cb.com	Domain
sso-dashboard.com	Domain
sso-telenor.com	Domain
ead-icare.com	Domain
cdc-mcointernal.com	Domain
networksolutions-corp.com	Domain
networksolutions-sso.com	Domain
stargate-sso.net	Domain
farmers-sso.com	Domain
sso-moonpay.com	Domain
corp-mailgun.com	Domain
travelers-sso.com	Domain
profile-teksystems.com	Domain
sso-accenture.com	Domain
sso-cbhq.com	Domain
resuits-cx.com	Domain
results-msft.com	Domain
dashboard-taskus.com	Domain
duo-cb.com	Domain
corporateid-se.com	Domain
hr-glarus.com	Domain
ffljkjsfalkjsfasjlkff.com	Domain
mcafee.enterprises	Domain
login.sso.charter.net.auth653.app	Domain
login.sso.charter.net.auth302.app	Domain
login.sso.charter.net.auth400.app	Domain
login.sso.charter.net.auth290.app	Domain
login.sso.charter.com.auth653.app	Domain
login.sso.charter.net.auth354.app	Domain
login.sso.chartercom.live	Domain
sso-logins.com	Domain
sonymuslc.net	Domain
gpglobal-protect.com	Domain
dropboxauth.com	Domain
rcs-sso.com	Domain
desk-prod.com	Domain
tmo-corp.com	Domain
employees-cloud.com	Domain
mcadmin-jira.com	Domain
grubhub-care.com	Domain
corp-signon.com	Domain
tmo-direct.com	Domain
corp-employees.com	Domain
digitalocean-otka.com	Domain
gate-sso.com	Domain
prod-sso.com	Domain
cloudsso-prod.com	Domain
logon-corp.com	Domain
intuit-mc.com	Domain
corp-active.com	Domain
employee-cloud.com	Domain
tm-testsso.com	Domain
intuit-corp.com	Domain
vpn-rbx.com	Domain
sso-rbx.com	Domain
www.mcadminlogon.com	Domain
grubhub.carebear-sso.com	Domain
cloudlogon-sso.com	Domain
comcastmsft.com	Domain
carebear-sso.com	Domain
adminmc-sso.com	Domain
mcadmin-sso.com	Domain
cgi-hr.com	Domain
calendar-tmo.com	Domain
schedule-tmo.com	Domain
coach-tmob.com	Domain
timetable-sparkpost.com	Domain
change-tmo.com	Domain
mca-mailchimp.com	Domain
approve-sparkpost.com	Domain
slack-tmo.com	Domain
profile-teleperformance.com	Domain
tmo-calendar.com	Domain
system-sendgrid.com	Domain
sso-sforce.com	Domain
vpn-xfin.com	Domain
sso-mailgun.com	Domain
sso-taskus.com	Domain
xfin-vpn.com	Domain
umg-tickets.com	Domain
sso-jumio.com	Domain
riot-inc.dev	Domain
sst-mo.net	Domain
n1ggers.work	Domain
comcast-schedule.com	Domain
serverdetails.click	Domain
vpn-general-tmus.com	Domain
xub07-fdexwgl.us	Domain
cgi-sso.com	Domain
egscorp.net	Domain
erdjknfweklsgwfmewfgref.com	Domain
harrysucksdick.com	Domain
cricketdesk.tools	Domain
chat-js.com	Domain
edge-metro.click	Domain
tmus-schedule.com	Domain
doordash.tools	Domain
magenta-workspace.com	Domain
acchub-smb.com	Domain
telus.menu	Domain
asurion-connect.com	Domain
eit.tools	Domain
tingsupport.tools	Domain
sso-mchimp.com	Domain
mailchimp.mcadmln.com	Domain
general-vpn-tmus.com	Domain
sso-mcvpn.com	Domain
intuit-hr.com	Domain
intuit-id.com	Domain
intuit-ping.com	Domain
valorglobal.link	Domain
login.ldapssonet.com	Domain
workingsolutions-corp.com	Domain
mailchimp-taskus.com	Domain
mailchimp-admin.com	Domain
intuit-sso.com	Domain
mailchlmp.com	Domain
victra-sso.com	Domain
icaresso.com	Domain
workingsolutions-sso.com	Domain
xfinity-schedule.com	Domain
sso-sprlnt.com	Domain
ultrasso.fi	Domain
einstein360.co	Domain
einstein-360.org	Domain
dropbox-corp.com	Domain
comcast-schedules.com	Domain
comcast360.com	Domain
einstein360.org	Domain
tmo.cx	Domain
ssotmo.com	Domain
einstein360.net	Domain
preventphishing.net	Domain
twilio-corp.com	Domain
alticersa.com	Domain
alticeusa-sso.com	Domain
alticesso.com	Domain
sykes-factor.com	Domain
genpact-corp.com	Domain
comcast-360.com	Domain
wipro-sso.com	Domain
beazley-sso.com	Domain
faneuli.com	Domain
hcl-sso.com	Domain
att-agents.com	Domain
sitei-sso.com	Domain
chimesoiutions.com	Domain
dxc-sso.com	Domain
fpsinc-sso.com	Domain
attuid.co	Domain
sso-att.net	Domain
taskus-id.com	Domain
blockfi-sso.com	Domain
sykes-agents.com	Domain
ibexsso.com	Domain
frontiersso.com	Domain
usceliuiar.com	Domain
recuriy.net	Domain
cognizant-sso.com	Domain
onetouchdlrect.net	Domain
fuckatt.s3.amazonaws.com	Domain
tracfone-sso.com	Domain
mailgun-sso.com	Domain
xenadm.com	Domain
avayax.com	Domain
tpusa.network	Domain
att-portal.com	Domain
twiiiosso.com	Domain
centerfieid.com	Domain
sutheriandgiobal.com	Domain
alorica-sso.net	Domain
sutheriand-sso.com	Domain
tcs-sso.com	Domain
ibex-sso.com	Domain
afni-mfa.com	Domain
genpact-sso.com	Domain
attuid.org	Domain
lqor-sso.com	Domain
ssoatt.com	Domain
intercom-sso.com	Domain
cricketwireiess.co	Domain
att-uid.org	Domain
assurant-sso.com	Domain
coinbase-sso.com	Domain
attuid.net	Domain
vzw-sso.com	Domain
accenture-sso.net	Domain
cricket-sso.com	Domain
capgemini-sso.com	Domain
servicenow-sso.com	Domain
vzwcorp-sso.com	Domain
vxi-sso.com	Domain
ustsso.com	Domain
umg-sso.com	Domain
sykes-mfa.net	Domain
o2sso.com	Domain
zd-corp.net	Domain
zendesksso.com	Domain
mongosso.com	Domain
ssorogers.com	Domain
yahoo-lnk.com	Domain
stargatesso.com	Domain
sprlnt.net	Domain
sso-sprint.com	Domain
cricketwlreless.com	Domain
mcolnteral.com	Domain
sprlnt.org	Domain
sprlntsso.com	Domain
charter-sso.com	Domain
one-login.co	Domain
www.service-sendgrid.com	Domain
tmobiler.net	Domain
kucoinpin.net	Domain
okta-tmobiie.net	Domain
epicgames-okta.com	Domain
opus-att.com	Domain
t-moblier.org	Domain
sutherlandglobal-vpn.com	Domain
t-mobilers.com	Domain
okta-hubspot.com	Domain
evernote-onelogin.com	Domain
att-opus.net	Domain
epicgames-vpn.com	Domain
twitter-okta.com	Domain
t-mobiie.net	Domain
mailchimp-help.com	Domain
okta-tmo.org	Domain
okta-oath.com	Domain
t-mobile-okta.org	Domain
coin-base-okta.com	Domain
tmobile-okta.com	Domain
tmobile-okta.net	Domain
riotgames-vpn.net	Domain
maiichlmp.com	Domain
t-mobiie.org	Domain
t-mobile-okta.us	Domain
kucoinpin.com	Domain
sitel-vpn.net	Domain
okta.tmobiie.net	Domain
taskus-vpn.com	Domain
att-citrix.net	Domain
alorica.pro	Domain
infosys-vpn.com	Domain
mytpusa.net	Domain
sendgrid-okta1.com	Domain
twit-vpn.com	Domain
tmoblle.net	Domain
service-sendgrid.com	Domain
tpusa-citrix.com	Domain
mytpusa.com	Domain
tmoble.net	Domain
tp-update.com	Domain
uid-att.com	Domain
microsoft-sso.net	Domain
hubspottrack.com	Domain
enter-alorica.com	Domain
rogers-rci.net	Domain
att-ctx.com	Domain
t-moblie.help	Domain
rogers-sso.net	Domain
ttec-help.com	Domain
iiveops.com	Domain
ups.hubspottrack.com	Domain
boxokta.com	Domain
telus-sso.com	Domain
okta-okta.com	Domain
quaifone.com	Domain
iqor-helpdesk.com	Domain
taskus-sso.com	Domain
t-moblie-okta.com	Domain
rogers-rci.com	Domain
alorlca.com	Domain
at-uid.com	Domain
t-mobile-sso.net	Domain
qualfon-sso.com	Domain
rogers-ssp.com	Domain
sykes-vpn.com	Domain
icloud-sso.com	Domain
kucoin-pin.com	Domain
cloudflare-okta.com	Domain
iqor-sso.net	Domain
iqor-duo.com	Domain
iqor-duo.net	Domain
startek-vpn.com	Domain
kucoin-sso.com	Domain
att-uid.co	Domain
twiiio-sso.com	Domain
verizon-sso.net	Domain
kucoin-sso.net	Domain
iqor-portal.com	Domain
box-okta.org	Domain
att-sso.net	Domain
cgslnc-okta.com	Domain
quaifon.com	Domain
rogers-help.net	Domain
rogers.help	Domain
startek-pin.com	Domain
iqor-vpn.com	Domain
manpowergroup-sso.com	Domain
klaviyo-sso.com	Domain
arise-okta.com	Domain
join-alorica.com	Domain
twlilo.net	Domain
ttecvpn.com	Domain
join-vzcorp.com	Domain
tmoblle.co	Domain
twilio-sso.com	Domain
t-moblle.org	Domain
activecampaign-okta.com	Domain
tmo-sso.com	Domain
twilio-okta.com	Domain
medailia-okta.com	Domain
kucoin-pin.net	Domain
tmosso.com	Domain
ouryahoo-okta.net	Domain
techmahindra-sso.com	Domain
internai-customer.io	Domain
tmo-sso.net	Domain
ouryahoo-okta.com	Domain
sykes-sso.com	Domain
oktateams.com	Domain
oktaconnection.com	Domain
okta.security	Domain
okta-connect.com	Domain
celowalletapp.com	Domain
oktapanel.com	Domain
157.230.128.156	IP
162.33.178.188	IP
45.76.59.181	IP
64.52.80.50	IP
162.33.179.97	IP
193.149.129.224	IP
162.33.177.31	IP
64.52.80.134	IP
193.149.187.232	IP
64.190.113.148	IP
45.61.136.151	IP
142.93.193.161	IP
64.52.80.199	IP
162.33.178.145	IP
193.149.185.13	IP
162.33.178.191	IP
193.149.176.45	IP
193.149.176.203	IP
178.128.64.18	IP
64.52.80.59	IP
64.52.80.250	IP
162.33.178.189	IP
162.33.178.26	IP
45.77.125.110	IP
149.28.73.193	IP
64.190.113.85	IP
45.63.60.113	IP
193.149.176.192	IP
185.8.106.150	IP
52.171.122.168	IP
104.21.11.96	IP
172.67.165.183	IP
162.33.179.55	IP
104.236.64.162	IP
193.149.176.32	IP
167.172.39.209	IP
188.166.10.191	IP
178.62.213.201	IP
162.33.178.132	IP
162.33.178.8	IP
159.223.208.47	IP
45.61.136.209	IP
159.89.144.101	IP
45.61.136.130	IP
64.52.80.174	IP
64.190.113.139	IP
68.183.160.167	IP
193.149.176.15	IP
168.100.11.204	IP
162.33.178.83	IP
159.223.177.29	IP
67.43.235.122	IP
35.175.153.217	IP
69.4.234.39	IP
157.245.142.68	IP
149.28.114.92	IP
192.241.156.64	IP
45.61.136.56	IP
193.149.176.124	IP
172.64.80.1	IP
64.52.80.225	IP
45.61.136.135	IP
64.52.80.160	IP
64.190.113.120	IP
137.220.51.245	IP
162.33.178.230	IP
162.33.177.74	IP
45.61.136.40	IP
b41f4b3417d4dfd2f5189aa4f67aa3e1	MD5
d0126371638e0f2feb9e5751495b4079	MD5
627766d8ae28d446df10b360bc5bfddd	MD5
c56fb37c0c2177169453718dc7b2cafa	MD5
2cea6565a9e86b11f3d966ab6d4d47ba	MD5
ebea6ddb2d96c75ff80abb57477961c1	MD5
8bb666554600c558931e3588718d2f44	MD5
dadf6d0b27e29ef096b3447ec19f19ef	MD5
cfd47c8b2b5d8ba5440e67339c20e1b4	MD5
1332efeefed3c88a34431403007e2196	MD5
631464a82023dbbb2c58440909685155	MD5
c7fa8eda1a57b3dbc07ca93de81d3e6b	MD5
0798171bde29d7caa56657467db2742b	MD5
1d541fb906c0183b7aba05d68aa14371	MD5
42b9f76a8ea919e722e4b53cf560d6db	MD5
31f97325778ffd3e70cfdf9c3d65263e	MD5
3cfc45f4d207b8c616ba3f1e93abaaf5	MD5
fa24961d6b6faf7c15f8d1aa8664ee8a	MD5
58302a229c5a3372a9dbed9d3a7c3a69	MD5
0915f113042460ad625950ff06cab044	MD5
b233ff9dcf5520d69f9b75e1424f3271	MD5
1e194e5dd0ee05790f2d04b3e8f5af0a	MD5
7ce7f292e592a6854bdb81d5c4448c3e	MD5
542884bc87b732e42c217f8b97926bac	MD5
d0b7ca7f75c9bd66f135560928239f62	MD5
f5271a6d909091527ed9f30eafa0ded6	MD5
1b003929aeed033ed8a60a8705f544b2	MD5
1e5ad5c2ffffac9d3ab7d179566a7844	MD5
6ce1fe4119ebbea3c1f9b65b91cc6f93	MD5
828699b4133acb69d34216dcd0a8376e	MD5
dfbcb6881fc22e9a52e80a2becdbf144	MD5
4fcb2be5e51264662ba0ebac66f806d8b6382355	SHA1
1975c08b47f97262debe7aa8899e979a2f693c6d	SHA1
f55fc29c8406d6727e849179c1a2fe6b0bb8d1d7	SHA1
d1ae76a0d1f8a09b7a3dc5e25028e3e759a77c9f	SHA1
f015e1f2ca7273c56611856eaca4c860e468adc7	SHA1
5f2cdeafc787431432e6f2b37d17fe65b75b44c5	SHA1
37839cd74437f162d239c65720829efc747ba70b	SHA1
33c948914b6e52ea8c1807809814398915a8af75	SHA1
164bb587109cfb20824303ad1609a65abb36c3e9	SHA1
aa36339b55d4e896f7f15b0a6c4a37e547b481a8	SHA1
d1bbaa3d408e944c70b3815471eed7fa9aee6425	SHA1
ab31bbf6e2f4d35d51f10b9e4177ad9cdb4710f8	SHA1
e6ba0842ec38800b8f044d233fa7038868ea75cd	SHA1
5c74d85de9873d3ef5c019938a78c3afa2ec235b	SHA1
cc5738cfcafc70ab7aa60b463d3948f1a8028551	SHA1
512c7cbfb462a67a6c0e540bf796ab53eef408db	SHA1
0efd1989bcb79ddbbfcb1c575dbf0aea3a9a3f07	SHA1
fa26a6ab663e0b806cbcff990b4ce11dda53d79b	SHA1
3919fb4078ad18735c48ff2e92b0b181ad681408	SHA1
f8d7907080f983038a76033259c94cac379b955b	SHA1
8b25880d3f8cfbde1aef12c0f7bb46fe020ed97a	SHA1
3ee9c69e1c7058422568c2bbf6d5509f4e21860c	SHA1
be9dc676304ac98b7db2a502dd4293dc42ea48a9	SHA1
f96f6418a00484da08f64b5177bfbba73a5679e4	SHA1
23300489a2ffa5c09551ddc82147ead35f490067	SHA1
9ec4c38394ea2048ca81d48b1bd66de48d8bd4e8	SHA1
d59172a51823928722ed4f1b8ba374b931706abe	SHA1
ec37d483c3c880fadc8d048c05777a91654e41d3	SHA1
02b7780ab873e94763cbc19f03f05bb4faaab703	SHA1
c812acb2b0b50c4b356dd4cfaaebee11af8420fa	SHA1
10b9da621a7f38a02fea26256db60364d600df85	SHA1
442e17b8518e264ee31f6f1c9eebcd1044b21b6433c0ad1feef2cc0f53dfaf12	SHA256
c1e26b13895dd6abf2db7e61c8458d2aa0bd8704ba934ad2b9722e6fdd62d779	SHA256
18fbcea5d970b67f8566460fe6fd47b244f177a0540095b15f9568e3f62ff254	SHA256
4d5d9d49d5e5754a1c54e8c83699618635a2a263624198968a668a2568cf7700	SHA256
1e47789f564e0beab5783847dc2e2d601bf8d5565e593e3a5f72190a07b22c81	SHA256
af1c9388e665fb4679a54b4cdc91911d17b3dce3cdd93b149cf38bcaa22afb7d	SHA256
40dbd5f592d6a8b8631dc0de41aa6a9ac79b26a4cfab0f5393c814a72d36060b	SHA256
56cc6a436f432a439d21465fdaec119fc60d9be78e7e097d681d682fcf9d0f20	SHA256
d9db31eae21c1db737e8a524726871de3b954950c0a748344063e170a0edaccf	SHA256
b15f0805dd9d1dd1c134164271b318b2c2131a00d8413ec77be95ea1a4b4553e	SHA256
5a48e76bb8ce503657daa55f84eeba9342b346821d4f76066dfe461c12d6b7d6	SHA256
c769330b4381788cf2909b49bbb0c3eb1bc28c638156015dbd69a2f9a3a32d94	SHA256
d08a1d493962b98d824c7a2ce5df44ea3d65ce5c8c7c61dea9b67a78626c56e1	SHA256
105ecc8b11cdae41b5b1b49d881411fc29f38b2c46d6b148e0009f7564311c6d	SHA256
d5ab64052df63bc012acd6533332d5ac30188b47b9bc253b63559d41a24eb18c	SHA256
cd816d73fe439ab8c50d442ff33302ba59ae291de2fb2952e69e4861ffe128f5	SHA256
4b8d3d6e379d70ccdc7afefb5da7eee7583f6f1405c98c8a452fb17490f4ba7c	SHA256
ce1ce6cbd9638a1e973b41d37b8156ec0a811eb3125948aa26d8dcc9ca4fee9a	SHA256
26df09ec78e348af7454bfdcd2a10c1d1c16a6302dcb19f5d541a4b2d97aa1e5	SHA256
d4e3dec371c0a40b7ea8f27e336542d2cec1a0779b29f39d38650dd65a97bd35	SHA256
b6e82a4e6d8b715588bf4252f896e40b766ef981d941d0968f29a3a444f68fef	SHA256
58bb6871ee37ac3aa2089bf1362ac66fbf8bd4cda762e079ad9c327a5b23814b	SHA256
34e8ad823e02a7ad577c931115f76104bf2719904632059c1ce796d4d702a436	SHA256
e92f18d788ceed579a08df8ffe3b84d50e3d738c3b7e667c29bf93aca8b7db6b	SHA256
bef3e8a4231b236d34556cf681020792d04b19e3e73c7507534ceb5042eec620	SHA256
a041404a8ee31b2d95c644cffa2c9c8e03d993127e376ea60aca699df6ca9faf	SHA256
38e3984a7335bbcf854df6b4a8630c3c8242ae46053b506a685f7d77c508d6b3	SHA256
691104de35037f78f086b968f35f2602f571a34a152b558cc8090e2b195ce65e	SHA256
e7f369b5ec70410d30a36bad723ae4ca8e6fb41130302db02fe3bb6e1e4ca3b0	SHA256
648c2067ef3d59eb94b54c43e798707b030e0383b3651bcc6840dae41808d3a9	SHA256
3ea2d190879c8933363b222c686009b81ba8af9eb6ae3696d2f420e187467f08	SHA256
4188736108d2b73b57f63c0b327fb5119f82e94ff2d6cd51e9ad92093023ec93	SHA256
53b7d5769d87ce6946efcba00805ddce65714a0d8045aeee532db4542c958b9f	SHA256
443dc750c35afc136bfea6db9b5ccbdb6adb63d3585533c0cf55271eddf29f58	SHA256
cce5e2ccb9836e780c6aa075ef8c0aeb8fec61f21bbef9e01bdee025d2892005	SHA256
hxxps://shz.al/F3Aj	URL
hxxps://sentinel-one.s3.us-east-005.backblazeb2.com/SentinelOneInstaller_windows_64bit_v23_1_2_400.exe	URL
hxxps://sentinel-one.s3.us-east-005.backblazeb2.com/SentinelInstaller_windows_64bit_v23_1_2_400.msi	URL
hxxp://syniverse-sso.net	URL
hxxps://syniverse-sso.net	URL