<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Matthew,<div class=""><br class=""></div><div class="">Is this on the wired network, so that they’re sure that it is linked to the 4eyes lab?</div><div class=""><br class=""></div><div class="">I’ll forward the notice to folks in my lab to make sure it’s not assigned to one of our machines.</div><div class=""><br class=""></div><div class="">- Yon</div><div class=""><br class=""><div class="">
<div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;">_________________________________________________________<br class="">Yon Visell, PhD<br class="">Assistant Professor<br class=""><br class="">University of California, Santa Barbara  <br class=""><br class="">Department of Electrical and Computer Engineering<br class="">Media Arts & Technology Graduate Program<br class="">Department of Mechanical Engineering (by courtesy)<br class=""><br class=""><a href="http://www.re-touch-lab.com" class="">www.re-touch-lab.com</a><br class=""><br class="">Mobile: +1 267 800 8960<br class="">_________________________________________________________<br class=""><br class=""></div>

</div>
<br class=""><div><blockquote type="cite" class=""><div class="">On Jan 19, 2017, at 5:58 PM, Matthew Turk <<a href="mailto:mturk@cs.ucsb.edu" class="">mturk@cs.ucsb.edu</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">No one has claimed this machine yet. Please check yours and let me know. (There are usual suspects here, but I won't name names!)<br class=""><br class=""><span class="Apple-tab-span" style="white-space:pre">     </span>Matthew<br class=""><br class="">-----Original Message-----<br class="">From: Matthew Turk [<a href="mailto:mturk21@gmail.com" class="">mailto:mturk21@gmail.com</a>] On Behalf Of Matthew Turk<br class="">Sent: Wednesday, January 18, 2017 9:20 PM<br class="">To: <a href="mailto:ilab-users@lists.cs.ucsb.edu" class="">ilab-users@lists.cs.ucsb.edu</a><br class="">Subject: FW: [COE #74336] [UCSB-OIT #942765] 128.111.28.118: was compromised via its MySQL server<br class=""><br class="">Whose machine is 128.111.28.118? Please check - if it's yours, please let me know and see the info below.<br class=""><br class="">Thanks,<br class=""><span class="Apple-tab-span" style="white-space:pre">        </span>Matthew<br class=""><br class="">-----Original Message-----<br class="">From: Tier II Support Issues via CoE Support [<a href="mailto:help@engineering.ucsb.edu" class="">mailto:help@engineering.ucsb.edu</a>]<br class="">Sent: Wednesday, January 18, 2017 10:41 AM<br class="">To: <a href="mailto:holl@cs.ucsb.edu" class="">holl@cs.ucsb.edu</a>; <a href="mailto:mturk@cs.ucsb.edu" class="">mturk@cs.ucsb.edu</a><br class="">Subject: [COE #74336] [UCSB-OIT #942765] 128.111.28.118: was compromised via its MySQL server<br class=""><br class="">The following reply has been made regarding CoE Support ticket #74336:<br class=""><br class="">Hi Matt and Tobias,<br class=""><br class="">OIT has sent us this warning about ilab-118 machine that is compromised and needs to be looked into. Please read the information below.<br class=""><br class="">On Wed Jan 18 10:24:26 2017, <a href="mailto:security@ucsb.edu" class="">security@ucsb.edu</a> wrote:<br class=""><blockquote type="cite" class="">Greetings,<br class=""><br class="">128.111.28.118 has been compromised and has been blocked. The host was <br class="">compromised via its MySQL server.<br class=""><br class="">Before correcting any problems, please consider whether any sensitive <br class="">personal information is stored on this device. If this device contains <br class="">personal information and if it appears to have been compromised, <br class="">please contact the UCSB Chief Information Security Officer, at <br class=""><a href="mailto:CISO@oist.ucsb.edu" class="">CISO@oist.ucsb.edu</a> or 893-5005 immediately.<br class=""><br class="">To view the UCSB procedures when a device storing personal information <br class="">has been compromised, please visit:<br class=""><a href="http://www.ets.ucsb.edu/security/sb-1386-and-ab-1298-guideline" class="">http://www.ets.ucsb.edu/security/sb-1386-and-ab-1298-guideline</a><br class=""><br class="">Please investigate and advise. Here is a sample of traffic from the<br class="">trojan:<br class=""><br class="">----------sample----------<br class="">T 2017/01/18 02:45:47.091988 188.132.176.26:3549 -><br class="">128.111.28.118:3306 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:45:47.497391 128.111.28.118:3306 -><br class="">188.132.176.26:3549 [AP]<br class="">J...<br class="">5.5.11..+..EV``AdUY...!...............B~tMc*DXpHVW.mysql_native_password.<br class=""><br class="">T 2017/01/18 02:45:47.684113 188.132.176.26:3549 -><br class="">128.111.28.118:3306 [AP]<br class=""><br class=""></blockquote>V..........@........................root......Ndy....3......;.mysql.mysql_native_password.<br class=""><blockquote type="cite" class=""><br class="">T 2017/01/18 02:45:47.684972 128.111.28.118:3306 -><br class="">188.132.176.26:3549 [AP]<br class="">...........<br class=""><br class="">T 2017/01/18 02:45:47.878832 188.132.176.26:3549 -><br class="">128.111.28.118:3306 [AP]<br class="">.....SELECT @@max_allowed_packet;<br class=""><br class="">T 2017/01/18 02:45:47.899132 128.111.28.118:3306 -><br class="">188.132.176.26:3549 [AP]<br class=""><br class=""></blockquote>.....*....def....@@max_allowed_packet..?.........................1048576.........<br class=""><blockquote type="cite" class=""><br class="">T 2017/01/18 02:45:48.088029 188.132.176.26:3549 -><br class="">128.111.28.118:3306 [AP]<br class="">.....SHOW VARIABLES LIKE 'VERS%';<br class=""><br class="">T 2017/01/18 02:45:48.287569 128.111.28.118:3306 -><br class="">188.132.176.26:3549 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:45:48.331489 128.111.28.118:3306 -><br class="">188.132.176.26:3549 [AP]<br class=""><br class=""></blockquote>.....T....def.information_schema.VARIABLES.VARIABLES.Variable_name.VARIABLE_NAME...@.........M....def.information_schema.VARIABLES.VARIABLES.Value.VARIABLE_VALUE...................."......version.5.5.11-<br class=""><blockquote type="cite" class="">....version_comment.MySQL Community Server <br class="">(GPL).....version_compile_machine.x86.....version_compile_os.Win64.......".<br class=""><br class="">T 2017/01/18 02:45:48.682703 188.132.176.26:3549 -><br class="">128.111.28.118:3306 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:45:50.427705 188.132.176.26:3549 -><br class="">128.111.28.118:3306 [AP]<br class=""><br class="">....USE MYSQL<br class=""><br class="">T 2017/01/18 02:45:50.428403 128.111.28.118:3306 -><br class="">188.132.176.26:3549 [AP]<br class="">...........<br class=""><br class="">T 2017/01/18 02:45:50.613848 188.132.176.26:3549 -><br class="">128.111.28.118:3306 [AP]<br class="">.....SELECT @@version_compile_os;<br class=""><br class="">T 2017/01/18 02:45:50.614481 128.111.28.118:3306 -><br class="">188.132.176.26:3549 [AP]<br class=""><br class=""></blockquote>.....*....def....@@version_compile_os............................Win64.........<br class=""><blockquote type="cite" class=""><br class="">T 2017/01/18 02:45:50.800022 188.132.176.26:3549 -><br class="">128.111.28.118:3306 [AP]<br class="">.....SELECT @@plugin_dir;<br class=""><br class="">T 2017/01/18 02:45:50.800759 128.111.28.118:3306 -><br class="">188.132.176.26:3549 [AP]<br class="">....."....def....@@plugin_dir....2..................3...2C:\Program<br class="">Files\MySQL\MySQL Server 5.5\lib/plugin.........<br class=""><br class="">T 2017/01/18 02:45:50.990204 188.132.176.26:3549 -><br class="">128.111.28.118:3306 [A]<br class="">.l...SELECT<br class=""><br class=""></blockquote>'MZ.\0.\0\0\0.\0\0\0..\0\0.\0\0\0\0\0\0\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0.\0\0\0....\0...!..L.!This<br class=""><blockquote type="cite" class="">program cannot be run in DOS<br class=""><br class=""></blockquote>mode.\r\r\n$\0\0\0\0\0\0\0....[...[...[...R.\".G...R.%.3...R.5.\\...[...1...R.3.P...R./.Z...R.4.Z...R.7.Z...Rich[...\0\0\0\0\0\0\0\0PE\0\0d..\0?..M\0\0\0\0\0\0\0\0.\0\"<br class=""><blockquote type="cite" class=""><br class=""></blockquote>...\0\0.\0\0\0V\0\0\0\0\0\0D.\0\0\0.\0\0\0\0\0..\0\0\0\0.\0\0\0.\0\0.\0.\0\0\0\0\0.\0.\0\0\0\0\0\0..\0\0.\0\0...\0.\0\0\0\0\0.\0\0\0\0\0\0.\0\0\0\0\0\0\0\0.\0\0\0\0\0\0.\0\0\0\0\0\0\0\0\0\0.\0\0\0...\0..\0\0...\0P\0\0\0\0`.\0..\0\0\0P.\0..\0\0\0\0\0\0\0\0\0\0\0p.\0..\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0.\0\0..\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0.text\0\0\0p.\0\0\0.\0\0\0.\0\0\0.\0\0\0\0\0\0\0\0\0\0\0\0\0\0<br class=""><blockquote type="cite" class=""><br class=""></blockquote>\0\0`.rdata\0\0..\0\0\0.\0\0\00\0\0\0.\0\0\0\0\0\0\0\0\0\0\0\0\0\0@\0\0@.data\0\0\0.5\0\0\0..\0\0.\0\0\0.\0\0\0\0\0\0\0\0\0\0\0\0\0\0@\0\0..pdata\0\0!<br class=""><blockquote type="cite" class=""><br class=""></blockquote>..\0\0\0P.\0\0\n\0\0\0..\0\0\0\0\0\0\0\0\0\0\0\0\0@\0\0@.rsrc\0\0\0..\0\0\0`.\0\0.\0\0\0..\0\0\0\0\0\0\0\0\0\0\0\0\0@\0\0@.reloc\0\0..\0\0\0p.\0\0.\0\0\0..\0\0\0\0\0\0\0\0\0\0\0\0\0@\0\0B\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0<br class=""><blockquote type="cite" class=""><br class="">T 2017/01/18 02:45:50.990462 188.132.176.26:3549 -><br class="">128.111.28.118:3306 [A]<br class=""><br class=""></blockquote>\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0.:\0tPH..D.\0\0I.\0H..B.\0\0I.@.H..?.\0\0I.@.H..<.\0\0I.@.H..9.\0\0I.@<br class=""><blockquote type="cite" class=""><br class=""></blockquote>H..6.\0\0I.@(...3.\0\0fA.@0...2..........H..!.\0\0I.\0H....\0\0I.@.H....\0\0I.@...\Z.\0\0A.@......\0\0fA.@......\0\0A.@.A...\0\0\0I........:.u.H.B..8\0u....2..H....\0\0I.\0H....\0\0I.@.H....\0\0I.@.H....\0\0I.@.H....\0\0I.@<br class=""><blockquote type="cite" class="">.....\0\0fA.@(.....\0\0A.@*................\0\0.............@SH..<br class="">H.J.I..H.....\0\0L..H..u.H.L$P...H..<br class="">[.H.|$03.H...I....H.|$0I..H..H....H.. [................H.\\$.WH..<br class=""><br class=""></blockquote>.:.I..H..tUH.\rT...H....\0\0I.\0H....\0\0I.@.H....\0\0I.@.....\0\0A.@......\0\0fA.@......\0\0A.@...H.\\$0H..<br class=""><blockquote type="cite" class=""><br class=""></blockquote>_.H.B..8\0tJH.\r....H....\0\0I.\0H..\0.\0\0I.@.H....\0\0I.@.H....\0\0I.@.H....\0\0I.@<br class=""><blockquote type="cite" class="">..H.\\$0H.. _..@.\0\0\!<br class="">0\0H.B..H..\0.L.....\0\0H.G.H..u?H.\r....H..<br class="">.\0\0H..H..(.\0\0H.C.H..0.\0\0H.C....8.\0\0f.C...H.\\$0H..<br class="">_.2.H.\\$0H..<br class="">_......H..(H.I.H..t..^.\0\0H..(..........H.\\$.H.t$.WH..<br class=""><br class=""></blockquote>H.B.H.q.H..H.R.D.\0H..H..I.\\0....\0\0L._.H..A....0\0H.G.H.W.D.@.H.R..\\.\0\0L._.H..A.C.H.....\0....\0\0H.\\$0H.t$8H.H..<br class=""><blockquote type="cite" class=""><br class=""></blockquote>_...H..(H.J.H.....\0\0H.H..(...........:.u.H.B..8\0u.2..H....\0\0I.\0H....\0\0I.@.H....\0\0I.@.H....\0\0I.@.H....\0\0I.@<br class=""><blockquote type="cite" class="">.....\0\0fA.@(.....\0\0A.@*..................H.t$ WATA<br class=""><br class="">T 2017/01/18 02:45:50.990557 188.132.176.26:3549 -><br class="">128.111.28.118:3306 [A]<br class="">VH.. .\0.\0\0H.l$HM..L.l$PH...`.\0\0..\0\0\0L...S.\0\0E3.H..\r.\0\0D.<br class=""><br class=""></blockquote>H.O.H..H.....\0\0A.T$.I..L..H...p.\0\0H..tYH.\\$@f.H...3.I....H..B.\\!.H.y.H.....#.\0\0A..D..H..I..H.....\0\0L....\0\0\0I..D.....\0\0H..u.H.\\$@H....\r\0\0.>\0L.l$PH.l$Ht/H...A.D$.H....0\03...H..H..H..A..H.t$XH..<br class=""><blockquote type="cite" class="">A^A\\_.H.D$`.\0.H..H.t$XH..<br class=""><br class=""></blockquote>A^A\\_...............H.\\$.H.t$.WH..0H.z.H...3.H.?H..D.H@..A.\0.\0\0H..H..H.y.3.....\0\0H.V.L..H..H..H.....\0\0H.T$HL..B\0\0\0H.T$(L..3.3..D$<br class=""><blockquote type="cite" class=""><br class=""></blockquote>\0\0\0\0....\0\0...H......\0\0H.\\$@H.t$P3.H..0_...........H..(.\'.\0\0.\03.H..(...............@UVATH....\0\0H..\r.\0\0H3.H..$..\0\0H.....H.L$xD.EaE3.3.D.d$p.d(\0\03.H.D$XH.D$`L.d$PH......\0\0H..$..\0\0H..$..\0\0L..$..\0\0A..\0\0\0H..$.\0\0\0A....k.\0\0.^...>H.....\0\0.U.D.E.E3.A..D.d$(D.d$<br class=""><blockquote type="cite" class=""><br class=""></blockquote>..h.\0\0...H..3.H..$.\0\0\0fD..$.\0\0\0..$.\0\0\0H..$.\0\0\0..\".\0\0D.E.H..$.\0\0\0H..f..$.\0\0\0....\0\0H..$..\0\0H..$..\0\0.....\0\0\0H.L$p..:.\0\0H..$..\0\0H.\r3.\0\0A...\0\0.D$ph\0\0\0..$.\0\0\0..\0\0fD..$.\0\0\0H..$.\0\0\0H..$.\0\0\0H..$.!<br class=""><blockquote type="cite" class=""><br class=""></blockquote>\0\0\0....\0\0....x\0\0\0H.D$PH..$..\0\<a href="mailto:0E3.H.D$HH.D$pE3.H.D$@l.d$8l.d" class="">0E3.H.D$HH.D$pE3.H.D$@L.d$8L.d</a>$03..D$(.\0\0\0.D$<br class=""><blockquote type="cite" class=""><br class=""></blockquote>.\0\0\0....\0\0..t0A..H.L$P...\0\0....\0\0=..\0\0t.H.L$P..~.\0\0H.L$X..s.\0\0A..H......\0\0H......\0\0L..$..\0\0..H..$..\0\0H3....\0\0H....\0\0A\\^]..........:.u.H.B..8\0u..x.\0u.2..H..\Z.\0\0I.\0H....\0\0I.@.H....\0\0I.@.H....\0\0I.@.H....\0\0I.@<br class=""><blockquote type="cite" class=""><br class=""></blockquote>.....\0\0fA.@(.......H.\\$.WH..0..\0\0\0H....\n\0\0H..H..tUH.O.H....<.\0\0.C.H.O.H.I....\0\0L..-<br class=""><blockquote type="cite" class="">...L..f..3.3.H.D$(3..D$ ..z.\0\0H....i.<br class=""><br class="">T 2017/01/18 02:45:50.990690 188.132.176.26:3549 -><br class="">128.111.28.118:3306 [A]<br class=""><br class=""></blockquote>\0\03.H.\\$@H..0_.H..\0\0\0\0\0\0\0H.\\$@H..0_........2...............H.\\$.WH..PH.D$0....3..D$8.\0\0\0.D$D.\0\0\0..5.\0\0L.D$0.W(H......\0\0.....\0\0\0L.D$<H....\0\03.....\0\0....tHH.L$0L.D$8E3.3.H.|$(H.|$<br class=""><blockquote type="cite" class="">....\0\0....t#D.O.E3.3.3..D$<br class=""><br class=""></blockquote>.\0\0\0..d.\0\0....t.\0\0..H.L$0....\0\0..[.\0\0t...t\r3.H.\\$`H..P_.H..\0\0\0\0\0\0\0H.\\$`H..P_..UH..H.E...............ff...\0\0\0\0\0H;\r..\0\0u.H...f....u...H....U.\0\0.H..t7SH..<br class=""><blockquote type="cite" class="">L..H.\r...\03...L.\0\0..u....\0\0H......\0\0...k.\0\0..H..<br class=""><br class=""></blockquote>[....H..(L...\n.\0D...\n.\0M..I..I...M..M;.s.H9\nt.H...I;.r.I;.s.H...VH..uOA.@.A;.rF..H.........H;.s5D.A.I...e.\0\0L..H..t!.\r[\n.\0H..\\\n.\0H..H...I.....\rB\n.\0..3.H..(..H..H.X.H.H.VWATAUAVH..0.\0\0L..3.L..H.\\$h.X..X..X\Z.\\$`..H;....;.u&...\0\0.\0.\0\0\0H.\\$<br class=""><blockquote type="cite" class="">E3.E3.3.3....\0\03....\0\0..H;....;.u&...\0\0.\0.\0\0\0H.\\$<br class="">E3.E3.3.3....\0\03....\0\0.<br class="">8\nu...\0\0\0H..8\nt.....\0\0\0..<wt*<rt&.P.\0\0.\0.\0\0\0H.\\$<br class=""><br class=""></blockquote>E3.E3.3.3..Z.\0\03....\0\0..$p.\0\0H..8\nu.H..8\nt...:.t.<tt*<bt&...\0\0.\0.\0\0\0H.\\$<br class=""><blockquote type="cite" class="">E3.E3!<br class=""><br class=""></blockquote>.3.3....\0\03..:.\0\0..$q.\0\0<tu.A.\0@\0\0..D...\0.\0\0<bD.D.A.....\0.\0\0H.L$X..*\0\0.......\0\0..$p.\0\0wu...D....$x.\0\0.t$P....D....$x.\0\0.\\$P..\0\0\0..\Z\0\0;.u..L$X.Y)\0\0.L$\\.P)\0\03....\0\0..\0\0\0...\0\0..t$t.t$p....\0\0Ic.HcL.XH..H...L...&.\0...Hk.XI....D$0.\0\0\0.t$(.d$<br class=""><blockquote type="cite" class=""><br class=""></blockquote>\0L..$.\0\0\0L..H..\nH....z.\0\0......\0\0.L.X..(\0\0.d.p\0HcD$PH..$p.\0\0.L.X.\Z\"\0\0L..H..$.\0\0\0H......\0\03......H..$.\0\0\0H......\0\0L....\0\03.H.L$h.+\r\0\0....t\Z...u.H.d$<br class=""><blockquote type="cite" class="">\0E<br class=""><br class="">T 2017/01/18 02:45:50.990877 188.132.176.26:3549 -><br class="">128.111.28.118:3306 [A]<br class="">3.E3.3.3..c.\0\0..u\nL.l$hM..u.L.-..\0\0.h\0\0\0L..3.H..$.\0\0\0..<br class=""><br class=""></blockquote>\0\0..$.\0\0\0..$.\0\0\0\0.\0\0..u.H..$.\0\0\0H..H.\r.%.\0..H.\r.%.\0H..H..$.\0\0\0H..$..\0\0;.t.H.AXH..$..\0\0H...\0\0\0H..$<br class=""><blockquote type="cite" class=""><br class=""></blockquote>.\0\0I...x.\0\0H..I...m.\0\0H..H.\r..\0\0.^.\0\0H.\\..H..H.....\0\0L..3.H;.....\0\0M..H..H.....\0\0;.t.H.|$<br class=""><blockquote type="cite" class="">E3.E3.3.3..n.\0\0L....\0\0H..I.....\0\0;.t.H.|$<br class="">E3.E3.3.3..D.\0\0L..$`.\0\0H..I.....\0\0;.t.H.|$<br class=""><br class=""></blockquote>E3.E3.3.3....\0\0...\0\0....$`.\0\03.I...\r.\0\0;.uEH..$.\0\0\0H.D$HH..$.\0\0\0H.D$@H.|$8H.|$0.|$(.t$<br class=""><blockquote type="cite" class="">E3.E3.I..I......\0\0...D.\0\0H.|$xH.....\0\0...\0\0H..H..u-<br class=""><br class=""></blockquote>3......I.......H.L$h........\0\0..D..$x.\0\0.l.\0\0L....\0\03.H.L$x...\0\0....t\Z...u.H.d$<br class=""><blockquote type="cite" class=""><br class=""></blockquote>\0E3.E3.3.3..>.\0\0..t?H.L$x.L...H...D...I...<...H.L$h.2......\0\0..$`.\0\0..D..$x.\0\0...\0\0H.L$x3.A...\0\0H...6.\0\0H..$.\0\0\0H;...<.\0\08.....\0\0H...q.\0\0H.\\8..;\\uA.\\\0\0\0H....\Z\0\0H;.taL....\0\0...\0\0H...1.\0\0..tIH.d$<br class=""><blockquote type="cite" class="">\0E3.E3.3.3..|.\0\0.2.;/t-L....\0\0...\0\0H.....\0\0..t.H.d$<br class="">\0E3.E3.3.3..H.\0\0I.....\0\0H..H.....\0\0H..!<br class="">...\0\0H;....\0\0\0M..H..H.....\0\03.;.t.H.\\$<br class=""><br class=""></blockquote>E3.E3.3.3....\0\03.H....\Z\0\0;.uBH..$.\0\0\0H.D$HH..$.\0\0\0H.D$@H.\\$8H.\\$0.\\$(.t$<br class=""><blockquote type="cite" class=""><br class=""></blockquote>E3.E3.I..H......\0\0....H..$.\0\0\0......t$`.\n.t$`...t$`H.L$x.....H.........$`.\0\03.I.......H.L$h.~...H..$.\0\0\0....\0\0H..$.\0\0\0..r.\0\0.E.\0\0..;.t.H..$.\0\0\0H..$.\0\0\0H.A.L.1.mH..$.\0\0\0H.9D..$x.\0\0..D..$x.\0\0I...1.\0\0Hc|$P.d.p\0E3.L..$.\0\0\0.\n.|$P...|$PIc..|.p\0t..L.X..#\0\0Hc..|.p\0t\n.L.X..#\0\0...\0\0\0...\0\0I..H..<br class=""><blockquote type="cite" class=""><br class="">T 2017/01/18 02:45:50.990879 188.132.176.26:3549 -><br class="">128.111.28.118:3306 [AP]<br class=""><br class=""></blockquote>$h.\0\0H..0.\0\0A^A]A\\_^.H.t$.H.|$.ATH..0L..H...3.H.......u\'.l\r\0\0.\0.\0\0\0H.d$<br class=""><blockquote type="cite" class=""><br class=""></blockquote>\0E3.E3.3.3..u.\0\0....\0\0\0..\0\0\0...\0\0..u.....\0\0\0..\0\0\0...\0\0.I...z...H..H..u\r..\r\0\0.\0.\0\0\0.PI...5.\0\0.\0\r\0\0D.<br class=""><blockquote type="cite" class="">...\0\0.<br class="">\0A..\0\0\0H.V.H.L$@.9\'\0\0H;.u\n...\0\0.8.u..|$@...\0\0D.<br class="">H.&\0H.f.\0..\0\0\0...\0\0..H.t$HH.|$PH..0A\\.H.\\$.H.t$.WH..<br class="">H..H...w|..\0\0\0H..H.E.H.\r=..\0H..u .k-<br class=""><br class=""></blockquote>\0\0..\0\0\0.9+\0\0..\0\0\0..\'\0\0H.\r...\0L..3.....\0\0H..H..u,9....\0t.H...y-<br class=""><blockquote type="cite" class="">\0\0..t\r...\".\0\0.\0.\0\0\0...\0\0.\0.\0\0\0H.....S-<br class="">\0\0...\0\0.\0.\0\0\03.H.\\$0H.t$8H..<br class=""><br class=""></blockquote>_...3.D.B\n../\0\0.H.\\$.WH..PH..L....\0\0H.L$`3.3.H.\\$`.Y.\0\0;.t....u.E3.E3.3.3.H.\\$<br class=""><blockquote type="cite" class=""><br class=""></blockquote>...\0\0H.L$`H.L$0H;.u\ZH;....\0\0\03....\0\0;......\0\0\0H....\0\0H.|$@H.\\$HH.D$8H;.tM.O.\0\0.8.H.\0\0L.D$0..H.T$0E3.3...3\0\0.....t..&.\0\0.8.8...\0\0.8.t\n...\0\0.8\ru$...\0\0.8H..p.\0\0L.D$0E3.3.H.T$0.<br class=""><blockquote type="cite" class="">/\0\0..H.L$`.......H.\\$hH..P_.....<br class=""><br class="">T 2017/01/18 02:45:50.991064 128.111.28.118:3306 -><br class="">188.132.176.26:3549 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:45:50.991120 188.132.176.26:3549 -><br class="">128.111.28.118:3306 [A]<br class=""><br class=""></blockquote>.............ff...\0\0\0\0\0L..M..t$H+....t(..........\0\0\0H..I..t....u...I...H...H...H..I...r&I........~L..L..I...M3.I.\0.......M..t.I......\0\0\0........\0\0\0H..I..tx...$.tuH..I..tiH........tbH..I..tV...$.tSH..I..tGH........t@H..I..t4...$.t1H..I..t%........t.H..I..t....$.t.H..I....<...I...H..H3.I...rE...t\nH....I....I..<br class=""><blockquote type="cite" class="">r.H..H.Q.H.Q.H.Q.H.. I.. s.I..<br class=""><br class=""></blockquote>I...r.H..H.....I...I...r...H....I.....@SVWATAUH..@I....L..L..H..H..u*..t&.,.\0\0.\0.\0\0\0H!t$<br class=""><blockquote type="cite" class="">E3.E3.3.3..6.\0\03....\0\03........u\'...\0\0.\0.\0\0\0H.d$<br class="">\0E3.E3.3.3....\0\03..Y.\0\03.H.......u\'...\0\0.\0.\0\0\0H.d$<br class=""><br class=""></blockquote>\0E3.E3.3.3...\n\0\03..&.\0\0..u.3....\0\0H..$.\0\0\0H....3\0\0..C.@...\0\0\0H...P6\0\0...t*...t%Hc.H..H...L.....\0...Hk.XI...H.\r..\0\0..H.\r..\0\0H..L.....\0.B8.u%...t\Z...t.Hc.H..H......Hk.XI....A8.t\'...\0\0.\0.\0\0\0H.d$<br class=""><blockquote type="cite" class=""><br class=""></blockquote>\0E3.E3.3.3...\n\0\03.H.t$0H..tV....|$xtH.C..x.H.....H..H...\nH...84\0\0...L$p...u.M;.u.3.H.t$0..A..$I..L.d$8..\nt...A..$\0H....3\0\0H..H..@A]A\\_^[.H.\\$.H.t$.WH..<br class=""><blockquote type="cite" class="">H..H..H..u\nH........jH!<br class=""><br class=""></blockquote>..u..^....\\H...wCH.\r...\0..\0\0\0H..H.D.L..3.L......\0\0H..H..uo9....\0tPH...Q(\0\0..t+H...v.H...?(\0\0...\0\0.\0.\0\0\03.H.\\$0H.t$8H..<br class=""><blockquote type="cite" class=""><br class=""></blockquote>_....\0\0H......\0\0...y.\0\0.......\0\0H......\0\0...`.\0\0..H.....H.\\$.H.t$.WH..<br class=""><blockquote type="cite" class=""><br class=""></blockquote>.=...\0\0H.....\0H..tmH..u.H9....\0t_..5\0\0..uVH.....\0H..tJH..tEH.....\0\0H..H..H..t2...\0\0H;.v.H...<9=u.L..H...E5\0\0..t.H.....H..H.D8...3.H.\\$0H.t$8H..<br class=""><blockquote type="cite" class="">_....@SH..0H..3.H.......u$...\0\0.\0.\0\0\0H.d$<br class="">\0E3.E3.3.3....\0\03..`...\0\0..6\0\03.H=.<br class=""><br class="">T 2017/01/18 02:45:50.991124 188.132.176.26:3549 -><br class="">128.111.28.118:3306 [A]<br class="">.\0\0.....u$...\0\0.\0.\0\0\0H.d$<br class=""><br class=""></blockquote>\0E3.E3.3.3....\0\03..#..\0\0\0..\r\0\0.H.......H....\0\0\0...\0\0H..H..0[..H.\\$.H.t$.H.|$.ATH..0I..H..H....\0\0\0..\r\0\0.3.H.......u&.\".\0\0..\0\0\0..H.d$<br class=""><blockquote type="cite" class="">\0E3.E3.3.3..*.\0\0..\0\0\0H.\'\0H..t.H.#\03.H.......u#...\0\0..\0\0\0<br class="">..H.d$<br class=""><br class=""></blockquote>\0E3.E3.3.3....\0\0.zH.......H..H..u.3..fH...Q.\0\0..\0\0\0L.$.I....4\0\0H..H..u....\0\0.\0.\0\0\0...\0\0...1L..I..H.....\0\0..t.H.d$<br class=""><blockquote type="cite" class="">\0E3.E3.3.3..Q.\0\0H..t.L.#3...\0\0\0...\0\0..H.\\$@H.t$HH.|$PH..0A\\..@SH..<br class=""><br class=""></blockquote>I.....u......\0\0..u.3....\0\0..7\0\0..u....\0\0....=\0\0....\0\0H.....\0..;\0\0H..\Z.\0\0...\0\0..y..h4\0\0....:\0\0..x...7\0\0..x.3....\0\0..u.....\0\0..\0\0\0.i.\0\0....u9....\0\0....z.........\0\09..\0.\0u...!\0\0H..ux.6.\0\0..4\0\0.4.\0\0.g...uV..3\0\0...\0\0..\0\0\0.].\0\0H..H....*....\r..\0\0H......\0\0H....t.3...3\0\0....\0\0H.K.......<br class=""><blockquote type="cite" class="">...........u.3..O6\0\0..\0\0\0H..<br class=""><br class=""></blockquote>[.H.\\$.H.t$.H.|$.ATH..0I....L....\0\0\0..u.9...\0\0u.3...\0\0\0...t....u0L.\r&.\0\0M..t.A...D$<br class=""><blockquote type="cite" class="">..t.L....I...a....D$ .....\0\0\0!<br class="">L....I....>\0\0...D$<br class=""><br class=""></blockquote>...u5..u1L..3.I....>\0\0L..3.I.......L....\0\0M..t.L..3.I..A....t....u7L....I...........#....L$<br class=""><blockquote type="cite" class="">t.H....\0\0H..t.L....I.......D$<br class="">....3.H.\\$@H.t$HH.|$PH..0A\\.H.\\$.H.t$.WH..<br class="">I....H.....u...=\0\0L....H..H.\\$0H.t$8H..<br class=""><br class=""></blockquote>_........H.L$.H...\0\0\0H.\ry.\0\0..c.\0\0L..d.\0\0L.\\$XE3.H.T$`H.L$X.K.\0\0H.D$PH.|$P\0tAH.D$8\0\0\0\<a href="mailto:0H.D$HH.D$0H.D$@H.D" class="">0H.D$HH.D$0H.D$@H.D</a>$(H..$.\0\0H.D$<br class=""><blockquote type="cite" class=""><br class=""></blockquote>L.L$PL.D$XH.T$`3....\0\0.\"H..$.\0\0\0H....\0\0H..$.\0\0\0H...H..}.\0\0H....\0\0H..G.\0\0H..$.\<br class=""><blockquote type="cite" class=""><br class="">T 2017/01/18 02:45:50.991425 128.111.28.118:3306 -><br class="">188.132.176.26:3549 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:45:50.991744 128.111.28.118:3306 -><br class="">188.132.176.26:3549 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:45:51.015642 128.111.28.118:3306 -><br class="">188.132.176.26:3549 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:45:51.176555 188.132.176.26:3549 -><br class="">128.111.28.118:3306 [A]<br class=""><br class=""></blockquote>0\0\0H..H.\0\0....\0\0..\0.....\0\0.\0\0\0H....\0\0H.D$hH....\0\0H.D$p..n.\0\0....\0\0..\0\0\0.v=\0\03...N.\0\0H.\r..\0\0..9.\0\0.=b.\0\0\0u\n..\0\0\0.N=\0\0....\0\0...\0.H....\n.\0\0H...\0\0\0...L.\r9.\0\03.I..D.@.;\nt+..I....-<br class=""><blockquote type="cite" class=""><br class=""></blockquote>r..A....w..\r\0\0\0...D.....\0\0\0...A.F..H.A.D....H..(.o1\0\0H..u.H..K.\0\0..H...H..(.H..(.O1\0\0H..u.H../.\0\0..H...H..(.@SH..<br class=""><blockquote type="cite" class="">...+1\0\0H..u.H....\0\0..H.......1\0\0L....\0\0H..t.L.P....;...A..H..<br class=""><br class=""></blockquote>[....L$.H..(E3..\0.\0\03...X.\0\0H..!.\0\0H..t#L.D$0A..\0\0\03.H...D$0.\0\0\0..&.\0\0..\0\0\0H..(.H..(H.\r..\0\0....\0\0H.%..\0\0\0H..(...H.\r..\0\0.@SH....\0\0.d$p\0H.L$t3.A..\0\0\0.L\r\0\0L.\\$pH..$..\0\0H..$..\0\0L.\\$HH.D$P....\0\0H..$..\0\0H.T$@H..E3....\0\0H..t;H.d$8\<a href="mailto:0H.T$@h.l$`h.l$0h.l" class="">0H.T$@H.L$`H.L$0H.L</a>$XL..H.L$(H..$..\0\0L..H.L$<br class=""><blockquote type="cite" class="">3..Q.\0\0.<br class=""><br class=""></blockquote>H..$..\0\0H..$..\0\0H..$..\0\0H..$..\0\0H..$..\0\0.D$p..\0..D$t.\0\0\0H..$.\0\0\0....\0\03.......\0\0H.L$H....\0\0..u...u..H...:\0\0..N.\0\0...\0.H......\0\0H....\0\0[....H.\\$.H.l$.H.t$.WH..0H..H.\r..\0\0A..I..H...@.\0\0H..t\ZL.T!<br class=""><blockquote type="cite" class="">$`D..L..H..H..L.T$ ...%..\0\0\0.o:\0\0L.\\$`D..L..H..H..L.\\$<br class="">.h...H.\\$@H.l$HH.t$PH..0_....H.\\$.H.l$.H.t$.WH..<br class="">3.H.....H.......H..H..u(9...\0\0v ....<br class="">.\0\0D....\0\0D;...\0\0A...G.;.u.H.l$8H.t$@H..H.\\$0H..<br class="">_.H..H.X.H.h.H.p.H.x ATH..<br class=""><br class=""></blockquote>3.H..H..A...E3.H..H....9\0\0H..H..u*9...\0\0v\"......\0\0D....\0\0D;.g.\0\0A..A.G.A;.u.H.l$8H.t$@H.|$HH..H.\\$0H..<br class=""><blockquote type="cite" class="">A\\..H..H.X.H.h.H.p.H.x ATH..<br class=""><br class=""></blockquote>3.H..H..A...H..H.......H..H..u/H..t*9...\0\0v\"......\0\0D....\0\0D;...\0\0A..A.G.A;.u.H.l$<br class=""><blockquote type="cite" class=""><br class="">T 2017/01/18 02:45:54.767136 128.111.28.118:20138 -><br class="">188.132.176.26:4000 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:45:55.049876 128.111.28.118:20138 -><br class="">188.132.176.26:4000 [AP]<br class="">Microsoft Windows [Version 6.1.7601]<br class=""><br class="">T 2017/01/18 02:45:55.448211 188.132.176.26:4000 -><br class="">128.111.28.118:20138 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:45:55.448772 128.111.28.118:20138 -><br class="">188.132.176.26:4000 [AP]<br class="">.<br class="">Copyright (c) 2009 Microsoft Corporation. All rights reserved..<br class="">.<br class="">C:\ProgramData\MySQL\MySQL Server 5.5\data><br class=""><br class="">T 2017/01/18 02:45:55.776319 188.132.176.26:4000 -><br class="">128.111.28.118:20138 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:46:19.130812 188.132.176.26:4000 -><br class="">128.111.28.118:20138 [AP]<br class="">ipconfig<br class=""><br class=""><br class="">T 2017/01/18 02:46:19.131472 128.111.28.118:20138 -><br class="">188.132.176.26:4000 [AP]<br class="">ipconfig<br class=""><br class=""><br class="">T 2017/01/18 02:46:19.304083 128.111.28.118:20138 -><br class="">188.132.176.26:4000 [A]<br class="">.<br class="">Windows IP Configuration.<br class="">.<br class="">.<br class="">Ethernet adapter Local Area Connection:.<br class="">.<br class="">Connection-specific DNS Suffix . : <a href="http://cs.ucsb.edu" class="">cs.ucsb.edu</a>.<br class="">IPv4 Address. . . . . . . . . . . : 128.111.28.118.<br class="">Subnet Mask . . . . . . . . . . . : 255.255.255.192.<br class="">Default Gateway . . . . . . . . . : 128.111.28.65.<br class="">.<br class="">Ethernet adapter Local Area Connection 2:.<br class="">.<br class="">Connection-specific DNS Suffix . : .<br class="">IPv6 Address. . . . . . . . . . . : fdb2:2c26:f4e4::1.<br class="">Link-local IPv6 Address . . . . . : fe80::b57a:afce:a5c3:9380%15.<br class="">IPv4 Address. . . . . . . . . . . : 10.37.130.2.<br class="">Subnet Mask . . . . . . . . . . . : 255.255.255.0.<br class="">Default Gateway . . . . . . . . . : .<br class="">.<br class="">Ethernet adapter Local Area Connection 2:.<br class="">.<br class="">Connection-specific DNS Suffix . : .<br class="">IPv6 Address. . . . . . . . . . . : fdb2:2c26:f4e4:1::1.<br class="">Link-local IPv6 Address . . . . . : fe80::c9a9:464b:1f35:e7b3%17.<br class="">IPv4 Address. . . . . . . . . . . : 10.37.131.2.<br class="">Subnet Mask . . . . . . . . . . . : 255.255.255.0.<br class="">Default Gateway . . . . . . . . . : .<br class="">.<br class="">Tunnel adapter <a href="http://isatap.cs.ucsb.edu" class="">isatap.cs.ucsb.edu</a>:.<br class="">.<br class="">Media State . . . . . . . . . . . : Media disconnected.<br class="">Connection-specific DNS Suffix . : <a href="http://cs.ucsb.edu" class="">cs.ucsb.edu</a>.<br class="">.<br class="">Tunnel adapter isatap.{49BB9C41-C060-433B-BF91-9F104E841F11}:.<br class="">.<br class="">Media State . . . . . . . . . . . : Media disconnected.<br class="">Connection-specific DNS Suffix . : .<br class="">.<br class="">Tunnel adapter Local Area Connection* 11:.<br class="">.<br class="">Media State . . . . . . . . . . . : Media disconnected.<br class="">Connection-spec<br class=""><br class="">T 2017/01/18 02:46:19.304089 128.111.28.118:20138 -><br class="">188.132.176.26:4000 [AP]<br class="">ific DNS Suffix . : .<br class=""><br class=""><br class="">T 2017/01/18 02:46:19.500202 188.132.176.26:4000 -><br class="">128.111.28.118:20138 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:46:19.500764 128.111.28.118:20138 -><br class="">188.132.176.26:4000 [AP]<br class="">.<br class="">Tunnel adapter isatap.{EB59D303-0C84-4EF4-842B-01A57D775715}:.<br class="">.<br class="">Media State . . . . . . . . . . . : Media disconnected.<br class="">Connection-specific DNS Suffix . : .<br class="">.<br class="">C:\ProgramData\MySQL\MySQL Server 5.5\data><br class=""><br class="">T 2017/01/18 02:46:19.696722 188.132.176.26:4000 -><br class="">128.111.28.118:20138 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:46:44.733187 188.132.176.26:4000 -><br class="">128.111.28.118:20138 [AP]<br class="">reg.exe ADD<br class="">"HKEY_LOCAL_Machine\System\CurrentControlSet\Control\Terminal<br class="">Server" /v fDenyTSConnections /t REG_DWORD /d 0x0 /f<br class=""><br class=""><br class="">T 2017/01/18 02:46:44.733944 128.111.28.118:20138 -><br class="">188.132.176.26:4000 [AP]<br class="">reg.exe ADD<br class="">"HKEY_LOCAL_Machine\System\CurrentControlSet\Control\Terminal<br class="">Server" /v fDenyTSConnections /t REG_DWORD /d 0x0 /f<br class=""><br class=""><br class="">T 2017/01/18 02:46:45.104427 188.132.176.26:4000 -><br class="">128.111.28.118:20138 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:46:45.104905 128.111.28.118:20138 -><br class="">188.132.176.26:4000 [AP]<br class="">The operation completed successfully...<br class="">.<br class="">C:\ProgramData\MySQL\MySQL Server 5.5\data><br class=""><br class="">T 2017/01/18 02:46:45.432785 188.132.176.26:4000 -><br class="">128.111.28.118:20138 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:46:56.087756 188.132.176.26:4000 -><br class="">128.111.28.118:20138 [AP]<br class="">netsh advfirewall firewall add rule name = "Windows Service Host"<br class="">dir=in action=allow protocol=TCP localport=3389<br class=""><br class=""><br class="">T 2017/01/18 02:46:56.088487 128.111.28.118:20138 -><br class="">188.132.176.26:4000 [AP]<br class="">netsh advfirewall firewall add rule name = "Windows Service Host"<br class="">dir=in action=allow protocol=TCP localport=3389<br class=""><br class=""><br class="">T 2017/01/18 02:46:56.596211 188.132.176.26:4000 -><br class="">128.111.28.118:20138 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:46:59.117911 128.111.28.118:20138 -><br class="">188.132.176.26:4000 [AP]<br class="">Ok..<br class="">.<br class=""><br class="">T 2017/01/18 02:46:59.432046 188.132.176.26:4000 -><br class="">128.111.28.118:20138 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:46:59.432624 128.111.28.118:20138 -><br class="">188.132.176.26:4000 [AP]<br class="">.<br class="">.<br class="">C:\ProgramData\MySQL\MySQL Server 5.5\data><br class=""><br class="">T 2017/01/18 02:46:59.761298 188.132.176.26:4000 -><br class="">128.111.28.118:20138 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:47:16.188439 188.132.176.26:4000 -><br class="">128.111.28.118:20138 [AP]<br class="">net start<br class=""><br class=""><br class="">T 2017/01/18 02:47:16.189037 128.111.28.118:20138 -><br class="">188.132.176.26:4000 [AP]<br class="">net start<br class=""><br class=""><br class="">T 2017/01/18 02:47:16.385997 188.132.176.26:4000 -><br class="">128.111.28.118:20138 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:47:16.427758 128.111.28.118:20138 -><br class="">188.132.176.26:4000 [AP]<br class="">These Windows services are started:.<br class=""><br class=""><br class="">T 2017/01/18 02:47:16.428404 128.111.28.118:20138 -><br class="">188.132.176.26:4000 [A]<br class="">.<br class="">Adobe Acrobat Update Service.<br class="">AMD External Events Utility.<br class="">Apple Mobile Device.<br class="">Application Experience.<br class="">Application Information.<br class="">Background Intelligent Transfer Service.<br class="">Base Filtering Engine.<br class="">Bonjour Service.<br class="">Certificate Propagation.<br class="">COM+ Event System.<br class="">Computer Browser.<br class="">Credential Manager.<br class="">Cryptographic Services.<br class="">DCOM Server Process Launcher.<br class="">Desktop Window Manager Session Manager.<br class="">DHCP Client.<br class="">Diagnostic Policy Service.<br class="">Diagnostic Service Host.<br class="">Diagnostics Tracking Service.<br class="">Distributed Link Tracking Client.<br class="">DNS Client.<br class="">Function Discovery Provider Host.<br class="">Function Discovery Resource Publication.<br class="">Group Policy Client.<br class="">Human Interface Device Access.<br class="">IKE and AuthIP IPsec Keying Modules.<br class="">IP Helper.<br class="">iPod Service.<br class="">IPsec Policy Agent.<br class="">LMIGuardianSvc.<br class="">LogMeIn.<br class="">LogMeIn Maintenance Service.<br class="">Microsoft Antimalware Service.<br class="">Microsoft Network Inspection.<br class="">Microsoft Office Click-to-Run Service.<br class="">MT7 Registry Service.<br class="">MT7 Serial Search Service.<br class="">MySQL55.<br class="">Network Connections.<br class="">Network List Service.<br class="">Network Location Awareness.<br class="">Network Store Interface Service.<br class="">Office Software Protection Platform.<br class="">Offline Files.<br class="">Parallels Networking Service.<br class="">Parallels Virtualization Service.<br class="">Plug and Play.<br class="">Pml Driver HPZ12.<br class="">PnP-X IP Bus Enumerator.<br class="">Portable Device Enumerator Service.<br class="">Power.<br class="">Print Spooler.<br class="">Program Compati<br class=""><br class="">T 2017/01/18 02:47:16.428408 128.111.28.118:20138 -><br class="">188.132.176.26:4000 [AP]<br class="">bility Assistant Service<br class=""><br class="">T 2017/01/18 02:47:16.625665 188.132.176.26:4000 -><br class="">128.111.28.118:20138 [A]<br class="">......<br class=""><br class="">T 2017/01/18 02:47:16.626533 128.111.28.118:20138 -><br class="">188.132.176.26:4000 [AP]<br class="">.<br class="">Quality Windows Audio Video Experience.<br class="">Remote Access Connection Manager.<br class="">Remote Desktop Configuration.<br class="">Remote Desktop Services.<br class="">Remote Desktop Services UserMode Port Redirector.<br class="">Remote Procedure Call (RPC).<br class="">Routing and Remote Access.<br class="">RPC Endpoint Mapper.<br class="">Secondary Logon.<br class="">Secure Socket Tunneling Protocol Service.<br class="">Security Accounts Manager.<br class="">Security Center.<br class="">Server.<br class="">Shell Hardware Detection.<br class="">Skype C2C Service.<br class="">SQL Server (SQLEXPRESS).<br class="">SQL Server VSS Writer.<br class="">SSDP Discovery.<br class="">Superfetch.<br class="">System Event Notification Service.<br class="">Tablet PC Input Service.<br class="">TabletServicePen.<br class="">Task Scheduler.<br class="">TCP/IP NetBIOS Helper.<br class="">TeamViewer 11.<br class="">Telephony.<br class="">Themes.<br class="">UPnP Device Host.<br class="">User Profile Service.<br class="">Wacom Consumer Touch Service.<br class="">Windows App Certification Kit Fast User Switching Utility Service.<br class="">Windows Audio.<br class="">Windows Audio Endpoint Builder.<br class="">Windows Driver Foundation - User-mode Driver Framework.<br class="">Windows Event Log.<br class="">Windows Firewall.<br class="">Windows Font Cache Service.<br class="">Windows Image Acquisition (WIA).<br class="">Windows Management Instrumentation.<br class="">Windows Media Player Network Sharing Service.<br class="">Windows Presentation Foundation Font Cache 3.0.0.0.<br class="">Windows Search.<br class="">Windows Update.<br class="">WinHTTP Web Proxy Auto-Discovery Service.<br class="">Workstation.<br class="">.<br class="">The command completed successfully..<br class="">.<br class="">.<br class="">C:\ProgramData\MySQL\MySQL Server 5.5\data><br class=""><br class="">----------sample----------<br class="">--<br class="">E. Todd Atkins<br class="">Enterprise Technology Services<br class="">University of California, Santa Barbara <a href="http://www.security.ucsb.edu/" class="">http://www.security.ucsb.edu/</a><br class=""><br class="">**********************************************************************<br class="">The NOC's list of network contacts is used to determine who should <br class="">receive email such as this. Please direct any requests for changes to <br class="">this list of network contacts to <a href="mailto:noc@ucsb.edu" class="">noc@ucsb.edu</a>.<br class="">**********************************************************************<br class=""><br class=""></blockquote><br class=""><br class="">--<br class=""><br class="">Scott Kasai<br class="">User Support Specialist<br class="">Engineering Computing Infrastructure<br class="">University of California, Santa Barbara<br class=""><br class=""><br class=""><br class=""><br class="">_______________________________________________<br class="">Ilab-users mailing list<br class=""><a href="mailto:Ilab-users@lists.cs.ucsb.edu" class="">Ilab-users@lists.cs.ucsb.edu</a><br class="">https://lists.cs.ucsb.edu/mailman/listinfo/ilab-users<br class=""></div></div></blockquote></div><br class=""></div></body></html>