search for: 5923ea2e

...nd accessing applications on the Samba share. Server IP is 10.10.1.6, servername "india". The share is mounted with username "production" which is in smbpasswd: root# pdbedit -w -L production:1001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:43DEDBC664EA95353348102454C3BD:[U ]:LCT-5923EA2E: administration:1002:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:4FF63806DDD0952F97B03608A7FDC4:[U ]:LCT-5923EA5E: Here is a log snippet: [2017/05/23 10:51:59.104021, 3] ../source3/smbd/service.c:774(make_connection_snum) win8-13 (ipv4:10.10.1.63:51224) connect to service IPC$ initially as user...

On Tue, 23 May 2017 08:44:42 +0200 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > Did you TV/Radio broke?? ;-) > > This really smells like some malware/cryptoware. > Seen this ones on a network, and that was a cypto trying to write to > shares. And they to that really really fast. > > Increast the samba debug logs and track if this is