Analysis Overview
SHA256
5e54dfc50c22a8cd92c5d05598bbafc75b999b93224d900017b892a4d9f22077
Threat Level: Known bad
The file 2f76c2801b2bac498e94d68e99117c5367af97e0 was found to be: Known bad.
Malicious Activity Summary
Conti Ransomware
Modifies extensions of user files
Drops startup file
Drops desktop.ini file(s)
Drops file in Windows directory
Drops file in Program Files directory
Program crash
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-01-27 17:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-01-27 17:20
Reported
2022-01-27 17:23
Platform
win10-en-20211208
Max time kernel
133s
Max time network
131s
Command Line
Signatures
Conti Ransomware
Modifies extensions of user files
| Description | Indicator | Process | Target |
| File renamed | C:\Users\Admin\Pictures\SuspendStep.png => C:\Users\Admin\Pictures\SuspendStep.png.SACUR | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\UnprotectProtect.crw => C:\Users\Admin\Pictures\UnprotectProtect.crw.SACUR | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\MergeRename.tif => C:\Users\Admin\Pictures\MergeRename.tif.SACUR | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\PopResolve.raw => C:\Users\Admin\Pictures\PopResolve.raw.SACUR | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\ClearClose.tiff | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ClearClose.tiff => C:\Users\Admin\Pictures\ClearClose.tiff.SACUR | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\GetProtect.crw => C:\Users\Admin\Pictures\GetProtect.crw.SACUR | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\OptimizeCopy.png => C:\Users\Admin\Pictures\OptimizeCopy.png.SACUR | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\RequestMeasure.crw => C:\Users\Admin\Pictures\RequestMeasure.crw.SACUR | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ResumeUnprotect.raw => C:\Users\Admin\Pictures\ResumeUnprotect.raw.SACUR | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\CheckpointUndo.tiff | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\CheckpointUndo.tiff => C:\Users\Admin\Pictures\CheckpointUndo.tiff.SACUR | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\Links\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\OneDrive\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\Saved Games\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\AccountPictures\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\Searches\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Camera Roll\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Downloads\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\Links\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\Contacts\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Libraries\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\sv-se\PlayStore_icon.svg | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\trdtv2r41.xsl | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\info.png | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ja-jp\ui-strings.js | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\es-es\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-ma\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fur.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\Xusage.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ja-jp\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaSansRegular.ttf | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvDX9.x3d | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\hr-hr\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\pl-pl\ui-strings.js | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\pl-pl\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\en-GB.pak | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_reminders_18.svg | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sv-se\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\zh-cn\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\editvideoimage.png | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-ja_jp_2x.gif | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\zh-tw\ui-strings.js | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\skin.dtd | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\RIPPLE.INF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\hscroll-thumb.png | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sv-se\ui-strings.js | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL044.XML | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\OWSHLP10.CHM | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ui-strings.js | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\cstm_brand_preview.png | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sv-se\ui-strings.js | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Common Files\System\msadc\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYM.TTF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\end_review.gif | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\win.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Windows\rescache\_merged\4183903823\97717462.pri | C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe | N/A |
| File created | C:\Windows\rescache\_merged\4032412167\2701812693.pri | C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\system32\svchost.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\regsvr32.exe |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2628 wrote to memory of 2696 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 2628 wrote to memory of 2696 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 2628 wrote to memory of 2696 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2f76c2801b2bac498e94d68e99117c5367af97e0.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\2f76c2801b2bac498e94d68e99117c5367af97e0.dll
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 2004
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.0.50:445 | tcp | |
| N/A | 10.127.0.60:445 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.63:445 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.46:445 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.0.66:445 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.0.48:445 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.53:445 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.0.55:445 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.52:445 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.58:445 | tcp | |
| N/A | 10.127.0.64:445 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.213:445 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.0.54:445 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.49:445 | tcp | |
| N/A | 10.127.0.59:445 | tcp | |
| N/A | 10.127.0.56:445 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.47:445 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.62:445 | tcp | |
| N/A | 10.127.0.61:445 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.65:445 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.51:445 | tcp | |
| N/A | 10.127.0.67:445 | tcp | |
| N/A | 10.127.0.98:445 | tcp | |
| N/A | 10.127.0.106:445 | tcp | |
| N/A | 10.127.0.74:445 | tcp | |
| N/A | 10.127.0.114:445 | tcp | |
| N/A | 10.127.0.117:445 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.57:445 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.76:445 | tcp | |
| N/A | 10.127.0.82:445 | tcp | |
| N/A | 10.127.0.90:445 | tcp | |
| N/A | 10.127.0.94:445 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.71:445 | tcp | |
| N/A | 10.127.0.80:445 | tcp | |
| N/A | 10.127.0.84:445 | tcp | |
| N/A | 10.127.0.86:445 | tcp | |
| N/A | 10.127.0.111:445 | tcp | |
| N/A | 10.127.0.220:445 | tcp | |
| N/A | 10.127.0.95:445 | tcp | |
| N/A | 10.127.0.69:445 | tcp | |
| N/A | 10.127.0.104:445 | tcp | |
| N/A | 10.127.0.75:445 | tcp | |
| N/A | 10.127.0.81:445 | tcp | |
| N/A | 10.127.0.68:445 | tcp | |
| N/A | 10.127.0.93:445 | tcp | |
| N/A | 10.127.0.108:445 | tcp | |
| N/A | 10.127.0.112:445 | tcp | |
| N/A | 10.127.0.92:445 | tcp | |
| N/A | 10.127.0.118:445 | tcp | |
| N/A | 10.127.0.139:445 | tcp | |
| N/A | 10.127.0.107:445 | tcp | |
| N/A | 10.127.0.109:445 | tcp | |
| N/A | 10.127.0.77:445 | tcp | |
| N/A | 10.127.0.73:445 | tcp | |
| N/A | 10.127.0.115:445 | tcp | |
| N/A | 10.127.0.70:445 | tcp | |
| N/A | 10.127.0.88:445 | tcp | |
| N/A | 10.127.0.100:445 | tcp | |
| N/A | 10.127.0.103:445 | tcp | |
| N/A | 10.127.0.85:445 | tcp | |
| N/A | 10.127.0.91:445 | tcp | |
| N/A | 10.127.0.101:445 | tcp | |
| N/A | 10.127.0.99:445 | tcp | |
| N/A | 10.127.0.110:445 | tcp | |
| N/A | 10.127.0.219:445 | tcp | |
| N/A | 10.127.0.96:445 | tcp | |
| N/A | 10.127.0.89:445 | tcp | |
| N/A | 10.127.0.87:445 | tcp | |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.0.72:445 | tcp | |
| N/A | 10.127.0.78:445 | tcp | |
| N/A | 10.127.0.79:445 | tcp | |
| N/A | 10.127.0.83:445 | tcp | |
| N/A | 10.127.0.97:445 | tcp | |
| N/A | 10.127.0.102:445 | tcp | |
| N/A | 10.127.0.105:445 | tcp | |
| N/A | 10.127.0.113:445 | tcp | |
| N/A | 10.127.0.116:445 | tcp | |
| N/A | 10.127.0.119:445 | tcp | |
| N/A | 10.127.0.120:445 | tcp | |
| N/A | 10.127.0.121:445 | tcp | |
| N/A | 10.127.0.122:445 | tcp | |
| N/A | 10.127.0.123:445 | tcp | |
| N/A | 10.127.0.124:445 | tcp | |
| N/A | 10.127.0.125:445 | tcp | |
| N/A | 10.127.0.126:445 | tcp | |
| N/A | 10.127.0.127:445 | tcp | |
| N/A | 10.127.0.128:445 | tcp | |
| N/A | 10.127.0.129:445 | tcp | |
| N/A | 10.127.0.130:445 | tcp | |
| N/A | 10.127.0.131:445 | tcp | |
| N/A | 10.127.0.132:445 | tcp | |
| N/A | 10.127.0.133:445 | tcp | |
| N/A | 10.127.0.134:445 | tcp | |
| N/A | 10.127.0.135:445 | tcp | |
| N/A | 10.127.0.136:445 | tcp | |
| N/A | 10.127.0.137:445 | tcp | |
| N/A | 10.127.0.138:445 | tcp | |
| N/A | 10.127.0.140:445 | tcp | |
| N/A | 10.127.0.141:445 | tcp | |
| N/A | 10.127.0.142:445 | tcp | |
| N/A | 10.127.0.143:445 | tcp | |
| N/A | 10.127.0.144:445 | tcp | |
| N/A | 10.127.0.145:445 | tcp | |
| N/A | 10.127.0.146:445 | tcp | |
| N/A | 10.127.0.147:445 | tcp | |
| N/A | 10.127.0.148:445 | tcp | |
| N/A | 10.127.0.149:445 | tcp | |
| N/A | 10.127.0.150:445 | tcp | |
| N/A | 10.127.0.151:445 | tcp | |
| N/A | 10.127.0.152:445 | tcp | |
| N/A | 10.127.0.153:445 | tcp | |
| N/A | 10.127.0.154:445 | tcp | |
| N/A | 10.127.0.155:445 | tcp | |
| N/A | 10.127.0.156:445 | tcp | |
| N/A | 10.127.0.157:445 | tcp | |
| N/A | 10.127.0.158:445 | tcp | |
| N/A | 10.127.0.159:445 | tcp | |
| N/A | 10.127.0.160:445 | tcp | |
| N/A | 10.127.0.161:445 | tcp | |
| N/A | 10.127.0.162:445 | tcp | |
| N/A | 10.127.0.163:445 | tcp | |
| N/A | 10.127.0.164:445 | tcp | |
| N/A | 10.127.0.165:445 | tcp | |
| N/A | 10.127.0.166:445 | tcp | |
| N/A | 10.127.0.167:445 | tcp | |
| N/A | 10.127.0.168:445 | tcp | |
| N/A | 10.127.0.169:445 | tcp | |
| N/A | 10.127.0.170:445 | tcp | |
| N/A | 10.127.0.171:445 | tcp | |
| N/A | 10.127.0.172:445 | tcp | |
| N/A | 10.127.0.173:445 | tcp | |
| N/A | 10.127.0.174:445 | tcp | |
| N/A | 10.127.0.175:445 | tcp | |
| N/A | 10.127.0.176:445 | tcp | |
| N/A | 10.127.0.177:445 | tcp | |
| N/A | 10.127.0.178:445 | tcp | |
| N/A | 10.127.0.179:445 | tcp | |
| N/A | 10.127.0.180:445 | tcp | |
| N/A | 10.127.0.181:445 | tcp | |
| N/A | 10.127.0.182:445 | tcp | |
| N/A | 10.127.0.183:445 | tcp | |
| N/A | 10.127.0.184:445 | tcp | |
| N/A | 10.127.0.185:445 | tcp | |
| N/A | 10.127.0.186:445 | tcp | |
| N/A | 10.127.0.187:445 | tcp | |
| N/A | 10.127.0.188:445 | tcp | |
| N/A | 10.127.0.189:445 | tcp | |
| N/A | 10.127.0.190:445 | tcp | |
| N/A | 10.127.0.191:445 | tcp | |
| N/A | 10.127.0.192:445 | tcp | |
| N/A | 10.127.0.193:445 | tcp | |
| N/A | 10.127.0.194:445 | tcp | |
| N/A | 10.127.0.195:445 | tcp | |
| N/A | 10.127.0.196:445 | tcp | |
| N/A | 10.127.0.197:445 | tcp | |
| N/A | 10.127.0.198:445 | tcp | |
| N/A | 10.127.0.199:445 | tcp | |
| N/A | 10.127.0.200:445 | tcp | |
| N/A | 10.127.0.201:445 | tcp | |
| N/A | 10.127.0.202:445 | tcp | |
| N/A | 10.127.0.203:445 | tcp | |
| N/A | 10.127.0.204:445 | tcp | |
| N/A | 10.127.0.205:445 | tcp | |
| N/A | 10.127.0.206:445 | tcp | |
| N/A | 10.127.0.207:445 | tcp | |
| N/A | 10.127.0.208:445 | tcp | |
| N/A | 10.127.0.209:445 | tcp | |
| N/A | 10.127.0.210:445 | tcp | |
| N/A | 10.127.0.211:445 | tcp | |
| N/A | 10.127.0.212:445 | tcp | |
| N/A | 10.127.0.214:445 | tcp | |
| N/A | 10.127.0.215:445 | tcp | |
| N/A | 10.127.0.216:445 | tcp | |
| N/A | 10.127.0.217:445 | tcp | |
| N/A | 10.127.0.218:445 | tcp | |
| N/A | 10.127.0.221:445 | tcp | |
| N/A | 10.127.0.222:445 | tcp | |
| N/A | 10.127.0.223:445 | tcp | |
| N/A | 10.127.0.224:445 | tcp | |
| N/A | 10.127.0.225:445 | tcp | |
| N/A | 10.127.0.226:445 | tcp | |
| N/A | 10.127.0.227:445 | tcp | |
| N/A | 10.127.0.228:445 | tcp | |
| N/A | 10.127.0.229:445 | tcp | |
| N/A | 10.127.0.230:445 | tcp | |
| N/A | 10.127.0.231:445 | tcp | |
| N/A | 10.127.0.232:445 | tcp | |
| N/A | 10.127.0.233:445 | tcp | |
| N/A | 10.127.0.234:445 | tcp | |
| N/A | 10.127.0.235:445 | tcp | |
| N/A | 10.127.0.236:445 | tcp | |
| N/A | 10.127.0.237:445 | tcp | |
| N/A | 10.127.0.238:445 | tcp | |
| N/A | 10.127.0.239:445 | tcp | |
| N/A | 10.127.0.240:445 | tcp | |
| N/A | 10.127.0.241:445 | tcp | |
| N/A | 10.127.0.242:445 | tcp | |
| N/A | 10.127.0.243:445 | tcp | |
| N/A | 10.127.0.244:445 | tcp | |
| N/A | 10.127.0.245:445 | tcp | |
| N/A | 10.127.0.246:445 | tcp | |
| N/A | 10.127.0.247:445 | tcp | |
| N/A | 10.127.0.248:445 | tcp | |
| N/A | 10.127.0.249:445 | tcp | |
| N/A | 10.127.0.250:445 | tcp | |
| N/A | 10.127.0.251:445 | tcp | |
| N/A | 10.127.0.252:445 | tcp | |
| N/A | 10.127.0.253:445 | tcp | |
| N/A | 10.127.0.254:445 | tcp | |
| N/A | 10.127.255.1:445 | tcp | |
| N/A | 10.127.255.48:445 | tcp | |
| N/A | 10.127.255.0:445 | tcp | |
| N/A | 10.127.255.26:445 | tcp | |
| N/A | 10.127.255.28:445 | tcp | |
| N/A | 10.127.255.31:445 | tcp | |
| N/A | 10.127.255.6:445 | tcp | |
| N/A | 10.127.255.10:445 | tcp | |
| N/A | 10.127.255.19:445 | tcp | |
| N/A | 10.127.255.49:445 | tcp | |
| N/A | 10.127.255.59:445 | tcp | |
| N/A | 10.127.255.32:445 | tcp | |
| N/A | 10.127.255.30:445 | tcp | |
| N/A | 10.127.255.62:445 | tcp | |
| N/A | 10.127.255.3:445 | tcp | |
| N/A | 10.127.255.43:445 | tcp | |
| N/A | 10.127.255.21:445 | tcp | |
| N/A | 10.127.255.25:445 | tcp | |
| N/A | 10.127.255.9:445 | tcp | |
| N/A | 10.127.255.60:445 | tcp | |
| N/A | 10.127.255.22:445 | tcp | |
| N/A | 10.127.255.7:445 | tcp | |
| N/A | 10.127.255.42:445 | tcp | |
| N/A | 10.127.255.53:445 | tcp | |
| N/A | 10.127.255.56:445 | tcp | |
| N/A | 10.127.255.65:445 | tcp | |
| N/A | 10.127.255.4:445 | tcp | |
| N/A | 10.127.255.17:445 | tcp | |
| N/A | 10.127.255.37:445 | tcp | |
| N/A | 10.127.255.5:445 | tcp | |
| N/A | 10.127.255.12:445 | tcp | |
| N/A | 10.127.255.35:445 | tcp | |
| N/A | 10.127.255.16:445 | tcp | |
| N/A | 10.127.255.29:445 | tcp | |
| N/A | 10.127.255.44:445 | tcp | |
| N/A | 10.127.255.23:445 | tcp | |
| N/A | 10.127.255.27:445 | tcp | |
| N/A | 10.127.255.34:445 | tcp | |
| N/A | 10.127.255.58:445 | tcp | |
| N/A | 10.127.255.24:445 | tcp | |
| N/A | 10.127.255.33:445 | tcp | |
| N/A | 10.127.255.13:445 | tcp | |
| N/A | 10.127.255.63:445 | tcp | |
| N/A | 10.127.255.20:445 | tcp | |
| N/A | 10.127.255.38:445 | tcp | |
| N/A | 10.127.255.64:445 | tcp | |
| N/A | 10.127.255.47:445 | tcp | |
| N/A | 10.127.255.57:445 | tcp | |
| N/A | 10.127.255.52:445 | tcp | |
| N/A | 10.127.255.18:445 | tcp | |
| N/A | 10.127.255.45:445 | tcp | |
| N/A | 10.127.255.55:445 | tcp | |
| N/A | 10.127.255.36:445 | tcp | |
| N/A | 10.127.255.54:445 | tcp | |
| N/A | 10.127.255.2:445 | tcp | |
| N/A | 10.127.255.15:445 | tcp | |
| N/A | 10.127.255.8:445 | tcp | |
| N/A | 10.127.255.46:445 | tcp | |
| N/A | 10.127.255.51:445 | tcp | |
| N/A | 10.127.255.86:445 | tcp | |
| N/A | 10.127.255.50:445 | tcp | |
| N/A | 10.127.255.88:445 | tcp | |
| N/A | 10.127.255.108:445 | tcp | |
| N/A | 10.127.255.40:445 | tcp | |
| N/A | 10.127.255.61:445 | tcp | |
| N/A | 10.127.255.41:445 | tcp | |
| N/A | 10.127.255.69:445 | tcp | |
| N/A | 10.127.255.95:445 | tcp | |
| N/A | 10.127.255.11:445 | tcp | |
| N/A | 10.127.255.66:445 | tcp | |
| N/A | 10.127.255.80:445 | tcp | |
| N/A | 10.127.255.14:445 | tcp | |
| N/A | 10.127.255.39:445 | tcp | |
| N/A | 10.127.255.103:445 | tcp | |
| N/A | 10.127.255.68:445 | tcp | |
| N/A | 10.127.255.76:445 | tcp | |
| N/A | 10.127.255.87:445 | tcp | |
| N/A | 10.127.255.67:445 | tcp | |
| N/A | 10.127.255.83:445 | tcp | |
| N/A | 10.127.255.102:445 | tcp | |
| N/A | 10.127.255.81:445 | tcp | |
| N/A | 10.127.255.106:445 | tcp | |
| N/A | 10.127.255.78:445 | tcp | |
| N/A | 10.127.255.105:445 | tcp | |
| N/A | 10.127.255.89:445 | tcp | |
| N/A | 10.127.255.94:445 | tcp | |
| N/A | 10.127.255.70:445 | tcp | |
| N/A | 10.127.255.71:445 | tcp | |
| N/A | 10.127.255.72:445 | tcp | |
| N/A | 10.127.255.73:445 | tcp | |
| N/A | 10.127.255.74:445 | tcp | |
| N/A | 10.127.255.75:445 | tcp | |
| N/A | 10.127.255.77:445 | tcp | |
| N/A | 10.127.255.79:445 | tcp | |
| N/A | 10.127.255.82:445 | tcp | |
| N/A | 10.127.255.84:445 | tcp | |
| N/A | 10.127.255.85:445 | tcp | |
| N/A | 10.127.255.90:445 | tcp | |
| N/A | 10.127.255.91:445 | tcp | |
| N/A | 10.127.255.92:445 | tcp | |
| N/A | 10.127.255.93:445 | tcp | |
| N/A | 10.127.255.96:445 | tcp | |
| N/A | 10.127.255.97:445 | tcp | |
| N/A | 10.127.255.98:445 | tcp | |
| N/A | 10.127.255.99:445 | tcp | |
| N/A | 10.127.255.100:445 | tcp | |
| N/A | 10.127.255.101:445 | tcp | |
| N/A | 10.127.255.104:445 | tcp | |
| N/A | 10.127.255.107:445 | tcp | |
| N/A | 10.127.255.109:445 | tcp | |
| N/A | 10.127.255.110:445 | tcp | |
| N/A | 10.127.255.111:445 | tcp | |
| N/A | 10.127.255.112:445 | tcp | |
| N/A | 10.127.255.113:445 | tcp | |
| N/A | 10.127.255.114:445 | tcp | |
| N/A | 10.127.255.115:445 | tcp | |
| N/A | 10.127.255.116:445 | tcp | |
| N/A | 10.127.255.117:445 | tcp | |
| N/A | 10.127.255.118:445 | tcp | |
| N/A | 10.127.255.119:445 | tcp | |
| N/A | 10.127.255.120:445 | tcp | |
| N/A | 10.127.255.121:445 | tcp | |
| N/A | 10.127.255.122:445 | tcp | |
| N/A | 10.127.255.123:445 | tcp | |
| N/A | 10.127.255.124:445 | tcp | |
| N/A | 10.127.255.125:445 | tcp | |
| N/A | 10.127.255.126:445 | tcp | |
| N/A | 10.127.255.127:445 | tcp | |
| N/A | 10.127.255.128:445 | tcp | |
| N/A | 10.127.255.129:445 | tcp | |
| N/A | 10.127.255.130:445 | tcp | |
| N/A | 10.127.255.131:445 | tcp | |
| N/A | 10.127.255.132:445 | tcp | |
| N/A | 10.127.255.133:445 | tcp | |
| N/A | 10.127.255.134:445 | tcp | |
| N/A | 10.127.255.135:445 | tcp | |
| N/A | 10.127.255.136:445 | tcp | |
| N/A | 10.127.255.137:445 | tcp | |
| N/A | 10.127.255.138:445 | tcp | |
| N/A | 10.127.255.139:445 | tcp | |
| N/A | 10.127.255.140:445 | tcp | |
| N/A | 10.127.255.141:445 | tcp | |
| N/A | 10.127.255.142:445 | tcp | |
| N/A | 10.127.255.143:445 | tcp | |
| N/A | 10.127.255.144:445 | tcp | |
| N/A | 10.127.255.145:445 | tcp | |
| N/A | 10.127.255.146:445 | tcp | |
| N/A | 10.127.255.147:445 | tcp | |
| N/A | 10.127.255.148:445 | tcp | |
| N/A | 10.127.255.149:445 | tcp | |
| N/A | 10.127.255.150:445 | tcp | |
| N/A | 10.127.255.151:445 | tcp | |
| N/A | 10.127.255.152:445 | tcp | |
| N/A | 10.127.255.153:445 | tcp | |
| N/A | 10.127.255.154:445 | tcp | |
| N/A | 10.127.255.155:445 | tcp | |
| N/A | 10.127.255.156:445 | tcp | |
| N/A | 10.127.255.157:445 | tcp | |
| N/A | 10.127.255.158:445 | tcp | |
| N/A | 10.127.255.159:445 | tcp | |
| N/A | 10.127.255.160:445 | tcp | |
| N/A | 10.127.255.161:445 | tcp | |
| N/A | 10.127.255.162:445 | tcp | |
| N/A | 10.127.255.163:445 | tcp | |
| N/A | 10.127.255.164:445 | tcp | |
| N/A | 10.127.255.165:445 | tcp | |
| N/A | 10.127.255.166:445 | tcp | |
| N/A | 10.127.255.167:445 | tcp | |
| N/A | 10.127.255.168:445 | tcp | |
| N/A | 10.127.255.169:445 | tcp | |
| N/A | 10.127.255.170:445 | tcp | |
| N/A | 10.127.255.171:445 | tcp | |
| N/A | 10.127.255.172:445 | tcp | |
| N/A | 10.127.255.173:445 | tcp | |
| N/A | 10.127.255.174:445 | tcp | |
| N/A | 10.127.255.175:445 | tcp | |
| N/A | 10.127.255.176:445 | tcp | |
| N/A | 10.127.255.177:445 | tcp | |
| N/A | 10.127.255.178:445 | tcp | |
| N/A | 10.127.255.179:445 | tcp | |
| N/A | 10.127.255.180:445 | tcp | |
| N/A | 10.127.255.181:445 | tcp | |
| N/A | 10.127.255.182:445 | tcp | |
| N/A | 10.127.255.183:445 | tcp | |
| N/A | 10.127.255.184:445 | tcp | |
| N/A | 10.127.255.185:445 | tcp | |
| N/A | 10.127.255.186:445 | tcp | |
| N/A | 10.127.255.187:445 | tcp | |
| N/A | 10.127.255.188:445 | tcp | |
| N/A | 10.127.255.189:445 | tcp | |
| N/A | 10.127.255.190:445 | tcp | |
| N/A | 10.127.255.191:445 | tcp | |
| N/A | 10.127.255.192:445 | tcp | |
| N/A | 10.127.255.193:445 | tcp | |
| N/A | 10.127.255.194:445 | tcp | |
| N/A | 10.127.255.195:445 | tcp | |
| N/A | 10.127.255.196:445 | tcp | |
| N/A | 10.127.255.197:445 | tcp | |
| N/A | 10.127.255.198:445 | tcp | |
| N/A | 10.127.255.199:445 | tcp | |
| N/A | 10.127.255.200:445 | tcp | |
| N/A | 10.127.255.201:445 | tcp | |
| N/A | 10.127.255.202:445 | tcp | |
| N/A | 10.127.255.203:445 | tcp | |
| N/A | 10.127.255.204:445 | tcp | |
| N/A | 10.127.255.205:445 | tcp | |
| N/A | 10.127.255.206:445 | tcp | |
| N/A | 10.127.255.207:445 | tcp | |
| N/A | 10.127.255.208:445 | tcp | |
| N/A | 10.127.255.209:445 | tcp | |
| N/A | 10.127.255.210:445 | tcp | |
| N/A | 10.127.255.211:445 | tcp | |
| N/A | 10.127.255.212:445 | tcp | |
| N/A | 10.127.255.213:445 | tcp | |
| N/A | 10.127.255.214:445 | tcp | |
| N/A | 10.127.255.215:445 | tcp | |
| N/A | 10.127.255.216:445 | tcp | |
| N/A | 10.127.255.217:445 | tcp | |
| N/A | 10.127.255.218:445 | tcp | |
| N/A | 10.127.255.219:445 | tcp | |
| N/A | 10.127.255.220:445 | tcp | |
| N/A | 10.127.255.221:445 | tcp | |
| N/A | 10.127.255.222:445 | tcp | |
| N/A | 10.127.255.223:445 | tcp | |
| N/A | 10.127.255.224:445 | tcp | |
| N/A | 10.127.255.225:445 | tcp | |
| N/A | 10.127.255.226:445 | tcp | |
| N/A | 10.127.255.227:445 | tcp | |
| N/A | 10.127.255.228:445 | tcp | |
| N/A | 10.127.255.229:445 | tcp | |
| N/A | 10.127.255.230:445 | tcp | |
| N/A | 10.127.255.231:445 | tcp | |
| N/A | 10.127.255.232:445 | tcp | |
| N/A | 10.127.255.233:445 | tcp | |
| N/A | 10.127.255.234:445 | tcp | |
| N/A | 10.127.255.235:445 | tcp | |
| N/A | 10.127.255.236:445 | tcp | |
| N/A | 10.127.255.237:445 | tcp | |
| N/A | 10.127.255.238:445 | tcp | |
| N/A | 10.127.255.239:445 | tcp | |
| N/A | 10.127.255.240:445 | tcp | |
| N/A | 10.127.255.241:445 | tcp | |
| N/A | 10.127.255.242:445 | tcp | |
| N/A | 10.127.255.243:445 | tcp | |
| N/A | 10.127.255.244:445 | tcp | |
| N/A | 10.127.255.245:445 | tcp | |
| N/A | 10.127.255.246:445 | tcp | |
| N/A | 10.127.255.247:445 | tcp | |
| N/A | 10.127.255.248:445 | tcp | |
| N/A | 10.127.255.249:445 | tcp | |
| N/A | 10.127.255.250:445 | tcp | |
| N/A | 10.127.255.251:445 | tcp | |
| N/A | 10.127.255.252:445 | tcp | |
| N/A | 10.127.255.253:445 | tcp | |
| N/A | 10.127.255.254:445 | tcp |
Files
memory/1140-122-0x000001D011BA0000-0x000001D011BB0000-memory.dmp
memory/1140-123-0x000001D011DD0000-0x000001D011DE0000-memory.dmp
memory/2696-143-0x0000000010000000-0x00000000100D3000-memory.dmp
memory/2696-144-0x00000000025F0000-0x00000000025F1000-memory.dmp
memory/2696-145-0x0000000010000000-0x00000000100D3000-memory.dmp