Loading threats
Composite behavior identifying authenticated SMB access across administrative (ADMIN$, C$), backup, data, IPC$, and NETLOGON shares, combined with root directory reads, SAMR and SRVSVC RPC binding, and creation or overwrite of a delete.me file. This sequence is consistent with structured domain-level host and share reconnaissance followed by write-permission validation, commonly observed in automated post-authentication discovery and lateral movement tooling.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 88.123.132.148 | 82% | 9 | 9 | 🇫🇷 FR | AS12322 | 2026-03-25 |