Analysis Overview
SHA256
fca8d48afa7e5535fb71fd22225e86602d47dcfa5a4924fcbc33aecd9c945847
Threat Level: Known bad
The file fca8d48afa7e5535fb71fd22225e86602d47dcfa5a4924fcbc33aecd9c945847 was found to be: Known bad.
Malicious Activity Summary
Conti Ransomware
Modifies extensions of user files
Drops startup file
Sets desktop wallpaper using registry
Drops file in Program Files directory
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-03-04 15:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-03-04 15:10
Reported
2022-03-04 15:12
Platform
win7-20220223-en
Max time kernel
4294211s
Max time network
123s
Command Line
Signatures
Conti Ransomware
Modifies extensions of user files
| Description | Indicator | Process | Target |
| File renamed | C:\Users\Admin\Pictures\ConvertFromUnlock.raw => C:\Users\Admin\Pictures\ConvertFromUnlock.raw.fgM9X | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\DisableConfirm.png => C:\Users\Admin\Pictures\DisableConfirm.png.fgM9X | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ImportExport.png => C:\Users\Admin\Pictures\ImportExport.png.fgM9X | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\MoveResume.raw => C:\Users\Admin\Pictures\MoveResume.raw.fgM9X | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\RegisterSuspend.tif => C:\Users\Admin\Pictures\RegisterSuspend.tif.fgM9X | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1405931862-909307831-4085185274-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\conti.png" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1405931862-909307831-4085185274-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Pictures\\Wallpaper.jpg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0296277.WMF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400002.PNG | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\HST | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\Logo.png | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107514.WMF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Paper.eftx | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\master_preferences | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\System\msadc\handler.reg | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\LAYERS.ELM | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00633_.WMF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382942.JPG | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15156_.GIF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\es.pak | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\offset.ax | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Adobe\Updater6\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\DELETE.GIF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Tirane | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Zurich | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Common Files\System\msadc\es-ES\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR33F.GIF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR4B.GIF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00681_.WMF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN089.XML | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18197_.WMF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\vi.pak | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\IPIRMV.XML | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD00544_.WMF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\Hierarchy.xsl | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectStatusIcons.jpg | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SlateBlue.css | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099198.GIF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0186348.WMF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1036\MSO.ACL | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR21F.GIF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\CNFNOT.CFG | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107496.WMF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03011U.BMP | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIcon.jpg | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1128 wrote to memory of 1152 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 1128 wrote to memory of 1152 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 1128 wrote to memory of 1152 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 1128 wrote to memory of 1152 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 1128 wrote to memory of 1152 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 1128 wrote to memory of 1152 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 1128 wrote to memory of 1152 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fca8d48afa7e5535fb71fd22225e86602d47dcfa5a4924fcbc33aecd9c945847.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\fca8d48afa7e5535fb71fd22225e86602d47dcfa5a4924fcbc33aecd9c945847.dll
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe"
C:\Windows\System32\taskmgr.exe
"C:\Windows\System32\taskmgr.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Desktop\readme.txt
Network
| Country | Destination | Domain | Proto |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.52:445 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.59:445 | tcp | |
| N/A | 10.127.0.60:445 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.46:445 | tcp | |
| N/A | 10.127.0.66:445 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.57:445 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.150:445 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.51:445 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.0.48:445 | tcp | |
| N/A | 10.127.0.62:445 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.47:445 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.0.49:445 | tcp | |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.0.50:445 | tcp | |
| N/A | 10.127.0.53:445 | tcp | |
| N/A | 10.127.0.54:445 | tcp | |
| N/A | 10.127.0.55:445 | tcp | |
| N/A | 10.127.0.56:445 | tcp | |
| N/A | 10.127.0.58:445 | tcp | |
| N/A | 10.127.0.61:445 | tcp | |
| N/A | 10.127.0.63:445 | tcp | |
| N/A | 10.127.0.64:445 | tcp | |
| N/A | 10.127.0.65:445 | tcp | |
| N/A | 10.127.0.67:445 | tcp | |
| N/A | 10.127.0.68:445 | tcp | |
| N/A | 10.127.0.69:445 | tcp | |
| N/A | 10.127.0.70:445 | tcp | |
| N/A | 10.127.0.71:445 | tcp | |
| N/A | 10.127.0.72:445 | tcp | |
| N/A | 10.127.0.73:445 | tcp | |
| N/A | 10.127.0.74:445 | tcp | |
| N/A | 10.127.0.75:445 | tcp | |
| N/A | 10.127.0.76:445 | tcp | |
| N/A | 10.127.0.77:445 | tcp | |
| N/A | 10.127.0.78:445 | tcp | |
| N/A | 10.127.0.79:445 | tcp | |
| N/A | 10.127.0.80:445 | tcp | |
| N/A | 10.127.0.81:445 | tcp | |
| N/A | 10.127.0.82:445 | tcp | |
| N/A | 10.127.0.83:445 | tcp | |
| N/A | 10.127.0.84:445 | tcp | |
| N/A | 10.127.0.85:445 | tcp | |
| N/A | 10.127.0.86:445 | tcp | |
| N/A | 10.127.0.87:445 | tcp | |
| N/A | 10.127.0.88:445 | tcp | |
| N/A | 10.127.0.89:445 | tcp | |
| N/A | 10.127.0.90:445 | tcp | |
| N/A | 10.127.0.91:445 | tcp | |
| N/A | 10.127.0.92:445 | tcp | |
| N/A | 10.127.0.93:445 | tcp | |
| N/A | 10.127.0.94:445 | tcp | |
| N/A | 10.127.0.95:445 | tcp | |
| N/A | 10.127.0.96:445 | tcp | |
| N/A | 10.127.0.97:445 | tcp | |
| N/A | 10.127.0.98:445 | tcp | |
| N/A | 10.127.0.99:445 | tcp | |
| N/A | 10.127.0.100:445 | tcp | |
| N/A | 10.127.0.101:445 | tcp | |
| N/A | 10.127.0.102:445 | tcp | |
| N/A | 10.127.0.103:445 | tcp | |
| N/A | 10.127.0.104:445 | tcp | |
| N/A | 10.127.0.105:445 | tcp | |
| N/A | 10.127.0.106:445 | tcp | |
| N/A | 10.127.0.107:445 | tcp | |
| N/A | 10.127.0.108:445 | tcp | |
| N/A | 10.127.0.109:445 | tcp | |
| N/A | 10.127.0.110:445 | tcp | |
| N/A | 10.127.0.111:445 | tcp | |
| N/A | 10.127.0.112:445 | tcp | |
| N/A | 10.127.0.113:445 | tcp | |
| N/A | 10.127.0.114:445 | tcp | |
| N/A | 10.127.0.115:445 | tcp | |
| N/A | 10.127.0.116:445 | tcp | |
| N/A | 10.127.0.117:445 | tcp | |
| N/A | 10.127.0.118:445 | tcp | |
| N/A | 10.127.0.119:445 | tcp | |
| N/A | 10.127.0.120:445 | tcp | |
| N/A | 10.127.0.121:445 | tcp | |
| N/A | 10.127.0.122:445 | tcp | |
| N/A | 10.127.0.123:445 | tcp | |
| N/A | 10.127.0.124:445 | tcp | |
| N/A | 10.127.0.125:445 | tcp | |
| N/A | 10.127.0.126:445 | tcp | |
| N/A | 10.127.0.127:445 | tcp | |
| N/A | 10.127.0.128:445 | tcp | |
| N/A | 10.127.0.129:445 | tcp | |
| N/A | 10.127.0.130:445 | tcp | |
| N/A | 10.127.0.131:445 | tcp | |
| N/A | 10.127.0.132:445 | tcp | |
| N/A | 10.127.0.133:445 | tcp | |
| N/A | 10.127.0.134:445 | tcp | |
| N/A | 10.127.0.135:445 | tcp | |
| N/A | 10.127.0.136:445 | tcp | |
| N/A | 10.127.0.137:445 | tcp | |
| N/A | 10.127.0.138:445 | tcp | |
| N/A | 10.127.0.139:445 | tcp | |
| N/A | 10.127.0.140:445 | tcp | |
| N/A | 10.127.0.141:445 | tcp | |
| N/A | 10.127.0.142:445 | tcp | |
| N/A | 10.127.0.143:445 | tcp | |
| N/A | 10.127.0.144:445 | tcp | |
| N/A | 10.127.0.145:445 | tcp | |
| N/A | 10.127.0.146:445 | tcp | |
| N/A | 10.127.0.147:445 | tcp | |
| N/A | 10.127.0.148:445 | tcp | |
| N/A | 10.127.0.149:445 | tcp | |
| N/A | 10.127.0.151:445 | tcp | |
| N/A | 10.127.0.152:445 | tcp | |
| N/A | 10.127.0.153:445 | tcp | |
| N/A | 10.127.0.154:445 | tcp | |
| N/A | 10.127.0.155:445 | tcp | |
| N/A | 10.127.0.156:445 | tcp | |
| N/A | 10.127.0.157:445 | tcp | |
| N/A | 10.127.0.158:445 | tcp | |
| N/A | 10.127.0.159:445 | tcp | |
| N/A | 10.127.0.160:445 | tcp | |
| N/A | 10.127.0.161:445 | tcp | |
| N/A | 10.127.0.162:445 | tcp | |
| N/A | 10.127.0.163:445 | tcp | |
| N/A | 10.127.0.164:445 | tcp | |
| N/A | 10.127.0.165:445 | tcp | |
| N/A | 10.127.0.166:445 | tcp | |
| N/A | 10.127.0.167:445 | tcp | |
| N/A | 10.127.0.168:445 | tcp | |
| N/A | 10.127.0.169:445 | tcp | |
| N/A | 10.127.0.170:445 | tcp | |
| N/A | 10.127.0.171:445 | tcp | |
| N/A | 10.127.0.172:445 | tcp | |
| N/A | 10.127.0.173:445 | tcp | |
| N/A | 10.127.0.174:445 | tcp | |
| N/A | 10.127.0.175:445 | tcp | |
| N/A | 10.127.0.176:445 | tcp | |
| N/A | 10.127.0.177:445 | tcp | |
| N/A | 10.127.0.178:445 | tcp | |
| N/A | 10.127.0.179:445 | tcp | |
| N/A | 10.127.0.180:445 | tcp | |
| N/A | 10.127.0.181:445 | tcp | |
| N/A | 10.127.0.182:445 | tcp | |
| N/A | 10.127.0.183:445 | tcp | |
| N/A | 10.127.0.184:445 | tcp | |
| N/A | 10.127.0.185:445 | tcp | |
| N/A | 10.127.0.186:445 | tcp | |
| N/A | 10.127.0.187:445 | tcp | |
| N/A | 10.127.0.188:445 | tcp | |
| N/A | 10.127.0.189:445 | tcp | |
| N/A | 10.127.0.190:445 | tcp | |
| N/A | 10.127.0.191:445 | tcp | |
| N/A | 10.127.0.192:445 | tcp | |
| N/A | 10.127.0.193:445 | tcp | |
| N/A | 10.127.0.194:445 | tcp | |
| N/A | 10.127.0.195:445 | tcp | |
| N/A | 10.127.0.196:445 | tcp | |
| N/A | 10.127.0.197:445 | tcp | |
| N/A | 10.127.0.198:445 | tcp | |
| N/A | 10.127.0.199:445 | tcp | |
| N/A | 10.127.0.200:445 | tcp | |
| N/A | 10.127.0.201:445 | tcp | |
| N/A | 10.127.0.202:445 | tcp | |
| N/A | 10.127.0.203:445 | tcp | |
| N/A | 10.127.0.204:445 | tcp | |
| N/A | 10.127.0.205:445 | tcp | |
| N/A | 10.127.0.206:445 | tcp | |
| N/A | 10.127.0.207:445 | tcp | |
| N/A | 10.127.0.208:445 | tcp | |
| N/A | 10.127.0.209:445 | tcp | |
| N/A | 10.127.0.210:445 | tcp | |
| N/A | 10.127.0.211:445 | tcp | |
| N/A | 10.127.0.212:445 | tcp | |
| N/A | 10.127.0.213:445 | tcp | |
| N/A | 10.127.0.214:445 | tcp | |
| N/A | 10.127.0.215:445 | tcp | |
| N/A | 10.127.0.216:445 | tcp | |
| N/A | 10.127.0.217:445 | tcp | |
| N/A | 10.127.0.218:445 | tcp | |
| N/A | 10.127.0.219:445 | tcp | |
| N/A | 10.127.0.220:445 | tcp | |
| N/A | 10.127.0.221:445 | tcp | |
| N/A | 10.127.0.222:445 | tcp | |
| N/A | 10.127.0.223:445 | tcp | |
| N/A | 10.127.0.224:445 | tcp | |
| N/A | 10.127.0.225:445 | tcp | |
| N/A | 10.127.0.226:445 | tcp | |
| N/A | 10.127.0.227:445 | tcp | |
| N/A | 10.127.0.228:445 | tcp | |
| N/A | 10.127.0.229:445 | tcp | |
| N/A | 10.127.0.230:445 | tcp | |
| N/A | 10.127.0.231:445 | tcp | |
| N/A | 10.127.0.232:445 | tcp | |
| N/A | 10.127.0.233:445 | tcp | |
| N/A | 10.127.0.234:445 | tcp | |
| N/A | 10.127.0.235:445 | tcp | |
| N/A | 10.127.0.236:445 | tcp | |
| N/A | 10.127.0.237:445 | tcp | |
| N/A | 10.127.0.238:445 | tcp | |
| N/A | 10.127.0.239:445 | tcp | |
| N/A | 10.127.0.240:445 | tcp | |
| N/A | 10.127.0.241:445 | tcp | |
| N/A | 10.127.0.242:445 | tcp | |
| N/A | 10.127.0.243:445 | tcp | |
| N/A | 10.127.0.244:445 | tcp | |
| N/A | 10.127.0.245:445 | tcp | |
| N/A | 10.127.0.246:445 | tcp | |
| N/A | 10.127.0.247:445 | tcp | |
| N/A | 10.127.0.248:445 | tcp | |
| N/A | 10.127.0.249:445 | tcp | |
| N/A | 10.127.0.250:445 | tcp | |
| N/A | 10.127.0.251:445 | tcp | |
| N/A | 10.127.0.252:445 | tcp | |
| N/A | 10.127.0.253:445 | tcp | |
| N/A | 10.127.0.254:445 | tcp | |
| N/A | 10.127.255.28:445 | tcp | |
| N/A | 10.127.255.21:445 | tcp | |
| N/A | 10.127.255.57:445 | tcp | |
| N/A | 10.127.255.37:445 | tcp | |
| N/A | 10.127.255.48:445 | tcp | |
| N/A | 10.127.255.25:445 | tcp | |
| N/A | 10.127.255.35:445 | tcp | |
| N/A | 10.127.255.42:445 | tcp | |
| N/A | 10.127.255.12:445 | tcp | |
| N/A | 10.127.255.10:445 | tcp | |
| N/A | 10.127.255.30:445 | tcp | |
| N/A | 10.127.255.39:445 | tcp | |
| N/A | 10.127.255.1:445 | tcp | |
| N/A | 10.127.255.45:445 | tcp | |
| N/A | 10.127.255.6:445 | tcp | |
| N/A | 10.127.255.3:445 | tcp | |
| N/A | 10.127.255.36:445 | tcp | |
| N/A | 10.127.255.51:445 | tcp | |
| N/A | 10.127.255.7:445 | tcp | |
| N/A | 10.127.255.13:445 | tcp | |
| N/A | 10.127.255.22:445 | tcp | |
| N/A | 10.127.255.31:445 | tcp | |
| N/A | 10.127.255.46:445 | tcp | |
| N/A | 10.127.255.34:445 | tcp | |
| N/A | 10.127.255.5:445 | tcp | |
| N/A | 10.127.255.54:445 | tcp | |
| N/A | 10.127.255.43:445 | tcp | |
| N/A | 10.127.255.50:445 | tcp | |
| N/A | 10.127.255.60:445 | tcp | |
| N/A | 10.127.255.62:445 | tcp | |
| N/A | 10.127.255.47:445 | tcp | |
| N/A | 10.127.255.15:445 | tcp | |
| N/A | 10.127.255.52:445 | tcp | |
| N/A | 10.127.255.19:445 | tcp | |
| N/A | 10.127.255.2:445 | tcp | |
| N/A | 10.127.255.4:445 | tcp | |
| N/A | 10.127.255.17:445 | tcp | |
| N/A | 10.127.255.16:445 | tcp | |
| N/A | 10.127.255.56:445 | tcp | |
| N/A | 10.127.255.40:445 | tcp | |
| N/A | 10.127.255.20:445 | tcp | |
| N/A | 10.127.255.32:445 | tcp | |
| N/A | 10.127.255.58:445 | tcp | |
| N/A | 10.127.255.26:445 | tcp | |
| N/A | 10.127.255.44:445 | tcp | |
| N/A | 10.127.255.55:445 | tcp | |
| N/A | 10.127.255.33:445 | tcp | |
| N/A | 10.127.255.8:445 | tcp | |
| N/A | 10.127.255.59:445 | tcp | |
| N/A | 10.127.255.64:445 | tcp | |
| N/A | 10.127.255.27:445 | tcp | |
| N/A | 10.127.255.41:445 | tcp | |
| N/A | 10.127.255.49:445 | tcp | |
| N/A | 10.127.255.18:445 | tcp | |
| N/A | 10.127.255.38:445 | tcp | |
| N/A | 10.127.255.11:445 | tcp | |
| N/A | 10.127.255.61:445 | tcp | |
| N/A | 10.127.255.0:445 | tcp | |
| N/A | 10.127.255.9:445 | tcp | |
| N/A | 10.127.255.29:445 | tcp | |
| N/A | 10.127.255.53:445 | tcp | |
| N/A | 10.127.255.14:445 | tcp | |
| N/A | 10.127.255.23:445 | tcp | |
| N/A | 10.127.255.63:445 | tcp | |
| N/A | 10.127.255.24:445 | tcp | |
| N/A | 10.127.255.112:445 | tcp | |
| N/A | 10.127.255.116:445 | tcp | |
| N/A | 10.127.255.103:445 | tcp | |
| N/A | 10.127.255.113:445 | tcp | |
| N/A | 10.127.255.83:445 | tcp | |
| N/A | 10.127.255.100:445 | tcp | |
| N/A | 10.127.255.106:445 | tcp | |
| N/A | 10.127.255.89:445 | tcp | |
| N/A | 10.127.255.107:445 | tcp | |
| N/A | 10.127.255.65:445 | tcp | |
| N/A | 10.127.255.111:445 | tcp | |
| N/A | 10.127.255.130:445 | tcp | |
| N/A | 10.127.255.110:445 | tcp | |
| N/A | 10.127.255.108:445 | tcp | |
| N/A | 10.127.255.121:445 | tcp | |
| N/A | 10.127.255.119:445 | tcp | |
| N/A | 10.127.255.79:445 | tcp | |
| N/A | 10.127.255.98:445 | tcp | |
| N/A | 10.127.255.128:445 | tcp | |
| N/A | 10.127.255.129:445 | tcp | |
| N/A | 10.127.255.71:445 | tcp | |
| N/A | 10.127.255.67:445 | tcp | |
| N/A | 10.127.255.118:445 | tcp | |
| N/A | 10.127.255.90:445 | tcp | |
| N/A | 10.127.255.70:445 | tcp | |
| N/A | 10.127.255.66:445 | tcp | |
| N/A | 10.127.255.68:445 | tcp | |
| N/A | 10.127.255.69:445 | tcp | |
| N/A | 10.127.255.72:445 | tcp | |
| N/A | 10.127.255.73:445 | tcp | |
| N/A | 10.127.255.74:445 | tcp | |
| N/A | 10.127.255.75:445 | tcp | |
| N/A | 10.127.255.76:445 | tcp | |
| N/A | 10.127.255.77:445 | tcp | |
| N/A | 10.127.255.78:445 | tcp | |
| N/A | 10.127.255.80:445 | tcp | |
| N/A | 10.127.255.81:445 | tcp | |
| N/A | 10.127.255.82:445 | tcp | |
| N/A | 10.127.255.84:445 | tcp | |
| N/A | 10.127.255.85:445 | tcp | |
| N/A | 10.127.255.86:445 | tcp | |
| N/A | 10.127.255.87:445 | tcp | |
| N/A | 10.127.255.88:445 | tcp | |
| N/A | 10.127.255.91:445 | tcp | |
| N/A | 10.127.255.92:445 | tcp | |
| N/A | 10.127.255.93:445 | tcp | |
| N/A | 10.127.255.94:445 | tcp | |
| N/A | 10.127.255.95:445 | tcp | |
| N/A | 10.127.255.96:445 | tcp | |
| N/A | 10.127.255.97:445 | tcp | |
| N/A | 10.127.255.99:445 | tcp | |
| N/A | 10.127.255.101:445 | tcp | |
| N/A | 10.127.255.102:445 | tcp | |
| N/A | 10.127.255.104:445 | tcp | |
| N/A | 10.127.255.105:445 | tcp | |
| N/A | 10.127.255.109:445 | tcp | |
| N/A | 10.127.255.114:445 | tcp | |
| N/A | 10.127.255.115:445 | tcp | |
| N/A | 10.127.255.117:445 | tcp | |
| N/A | 10.127.255.120:445 | tcp | |
| N/A | 10.127.255.122:445 | tcp | |
| N/A | 10.127.255.123:445 | tcp | |
| N/A | 10.127.255.124:445 | tcp | |
| N/A | 10.127.255.125:445 | tcp | |
| N/A | 10.127.255.126:445 | tcp | |
| N/A | 10.127.255.127:445 | tcp | |
| N/A | 10.127.255.131:445 | tcp | |
| N/A | 10.127.255.132:445 | tcp | |
| N/A | 10.127.255.133:445 | tcp | |
| N/A | 10.127.255.134:445 | tcp | |
| N/A | 10.127.255.135:445 | tcp | |
| N/A | 10.127.255.136:445 | tcp | |
| N/A | 10.127.255.137:445 | tcp | |
| N/A | 10.127.255.138:445 | tcp | |
| N/A | 10.127.255.139:445 | tcp | |
| N/A | 10.127.255.140:445 | tcp | |
| N/A | 10.127.255.141:445 | tcp | |
| N/A | 10.127.255.142:445 | tcp | |
| N/A | 10.127.255.143:445 | tcp | |
| N/A | 10.127.255.144:445 | tcp | |
| N/A | 10.127.255.145:445 | tcp | |
| N/A | 10.127.255.146:445 | tcp | |
| N/A | 10.127.255.147:445 | tcp | |
| N/A | 10.127.255.148:445 | tcp | |
| N/A | 10.127.255.149:445 | tcp | |
| N/A | 10.127.255.150:445 | tcp | |
| N/A | 10.127.255.151:445 | tcp | |
| N/A | 10.127.255.152:445 | tcp | |
| N/A | 10.127.255.153:445 | tcp | |
| N/A | 10.127.255.154:445 | tcp | |
| N/A | 10.127.255.155:445 | tcp | |
| N/A | 10.127.255.156:445 | tcp | |
| N/A | 10.127.255.157:445 | tcp | |
| N/A | 10.127.255.158:445 | tcp | |
| N/A | 10.127.255.159:445 | tcp | |
| N/A | 10.127.255.160:445 | tcp | |
| N/A | 10.127.255.161:445 | tcp | |
| N/A | 10.127.255.162:445 | tcp | |
| N/A | 10.127.255.163:445 | tcp | |
| N/A | 10.127.255.164:445 | tcp | |
| N/A | 10.127.255.165:445 | tcp | |
| N/A | 10.127.255.166:445 | tcp | |
| N/A | 10.127.255.167:445 | tcp | |
| N/A | 10.127.255.168:445 | tcp | |
| N/A | 10.127.255.169:445 | tcp | |
| N/A | 10.127.255.170:445 | tcp | |
| N/A | 10.127.255.171:445 | tcp | |
| N/A | 10.127.255.172:445 | tcp | |
| N/A | 10.127.255.173:445 | tcp | |
| N/A | 10.127.255.174:445 | tcp | |
| N/A | 10.127.255.175:445 | tcp | |
| N/A | 10.127.255.176:445 | tcp | |
| N/A | 10.127.255.177:445 | tcp | |
| N/A | 10.127.255.178:445 | tcp | |
| N/A | 10.127.255.179:445 | tcp | |
| N/A | 10.127.255.180:445 | tcp | |
| N/A | 10.127.255.181:445 | tcp | |
| N/A | 10.127.255.182:445 | tcp | |
| N/A | 10.127.255.183:445 | tcp | |
| N/A | 10.127.255.184:445 | tcp | |
| N/A | 10.127.255.185:445 | tcp | |
| N/A | 10.127.255.186:445 | tcp | |
| N/A | 10.127.255.187:445 | tcp | |
| N/A | 10.127.255.188:445 | tcp | |
| N/A | 10.127.255.189:445 | tcp | |
| N/A | 10.127.255.190:445 | tcp | |
| N/A | 10.127.255.191:445 | tcp | |
| N/A | 10.127.255.192:445 | tcp | |
| N/A | 10.127.255.193:445 | tcp | |
| N/A | 10.127.255.194:445 | tcp | |
| N/A | 10.127.255.195:445 | tcp | |
| N/A | 10.127.255.196:445 | tcp | |
| N/A | 10.127.255.197:445 | tcp | |
| N/A | 10.127.255.198:445 | tcp | |
| N/A | 10.127.255.199:445 | tcp | |
| N/A | 10.127.255.200:445 | tcp | |
| N/A | 10.127.255.201:445 | tcp | |
| N/A | 10.127.255.202:445 | tcp | |
| N/A | 10.127.255.203:445 | tcp | |
| N/A | 10.127.255.204:445 | tcp | |
| N/A | 10.127.255.205:445 | tcp | |
| N/A | 10.127.255.206:445 | tcp | |
| N/A | 10.127.255.207:445 | tcp | |
| N/A | 10.127.255.208:445 | tcp | |
| N/A | 10.127.255.209:445 | tcp | |
| N/A | 10.127.255.210:445 | tcp | |
| N/A | 10.127.255.211:445 | tcp | |
| N/A | 10.127.255.212:445 | tcp | |
| N/A | 10.127.255.213:445 | tcp | |
| N/A | 10.127.255.214:445 | tcp | |
| N/A | 10.127.255.215:445 | tcp | |
| N/A | 10.127.255.216:445 | tcp | |
| N/A | 10.127.255.217:445 | tcp | |
| N/A | 10.127.255.218:445 | tcp | |
| N/A | 10.127.255.219:445 | tcp | |
| N/A | 10.127.255.220:445 | tcp | |
| N/A | 10.127.255.221:445 | tcp | |
| N/A | 10.127.255.222:445 | tcp | |
| N/A | 10.127.255.223:445 | tcp | |
| N/A | 10.127.255.224:445 | tcp | |
| N/A | 10.127.255.225:445 | tcp | |
| N/A | 10.127.255.226:445 | tcp | |
| N/A | 10.127.255.227:445 | tcp | |
| N/A | 10.127.255.228:445 | tcp | |
| N/A | 10.127.255.229:445 | tcp | |
| N/A | 10.127.255.230:445 | tcp | |
| N/A | 10.127.255.231:445 | tcp | |
| N/A | 10.127.255.232:445 | tcp | |
| N/A | 10.127.255.233:445 | tcp | |
| N/A | 10.127.255.234:445 | tcp | |
| N/A | 10.127.255.235:445 | tcp | |
| N/A | 10.127.255.236:445 | tcp | |
| N/A | 10.127.255.237:445 | tcp | |
| N/A | 10.127.255.238:445 | tcp | |
| N/A | 10.127.255.239:445 | tcp | |
| N/A | 10.127.255.240:445 | tcp | |
| N/A | 10.127.255.241:445 | tcp | |
| N/A | 10.127.255.242:445 | tcp | |
| N/A | 10.127.255.243:445 | tcp | |
| N/A | 10.127.255.244:445 | tcp | |
| N/A | 10.127.255.245:445 | tcp | |
| N/A | 10.127.255.246:445 | tcp | |
| N/A | 10.127.255.247:445 | tcp | |
| N/A | 10.127.255.248:445 | tcp | |
| N/A | 10.127.255.249:445 | tcp | |
| N/A | 10.127.255.250:445 | tcp | |
| N/A | 10.127.255.251:445 | tcp | |
| N/A | 10.127.255.252:445 | tcp | |
| N/A | 10.127.255.253:445 | tcp | |
| N/A | 10.127.255.254:445 | tcp |
Files
memory/1128-54-0x000007FEFB871000-0x000007FEFB873000-memory.dmp
memory/1152-55-0x0000000075281000-0x0000000075283000-memory.dmp
C:\Users\Public\Desktop\readme.txt
| MD5 | 35299df46141a15046afe84fe75b1156 |
| SHA1 | 8158d654bca3a0ff2692fa75fa3226f35816c8b7 |
| SHA256 | 6ad74453e832ad5b4155a7654fc4e4f083b05d82e0e84bf3d8374185d8e69a12 |
| SHA512 | 00cf36bcf86e3b6d5e60c38e65c8e36da06c41730af32525c9f2d6a9cee15eac07d5fee195fc5e4d69a2140379363d07f237421de61ff672f2d96ab81220602c |
Analysis: behavioral2
Detonation Overview
Submitted
2022-03-04 15:10
Reported
2022-03-04 15:12
Platform
win10v2004-en-20220112
Max time kernel
153s
Max time network
147s
Command Line
Signatures
Conti Ransomware
Modifies extensions of user files
| Description | Indicator | Process | Target |
| File renamed | C:\Users\Admin\Pictures\CompressGet.png => C:\Users\Admin\Pictures\CompressGet.png.fgM9X | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ImportRemove.png => C:\Users\Admin\Pictures\ImportRemove.png.fgM9X | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ResizeUnregister.tif => C:\Users\Admin\Pictures\ResizeUnregister.tif.fgM9X | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ResumeAssert.png => C:\Users\Admin\Pictures\ResumeAssert.png.fgM9X | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ResumeEnter.tif => C:\Users\Admin\Pictures\ResumeEnter.tif.fgM9X | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\UnblockCheckpoint.crw => C:\Users\Admin\Pictures\UnblockCheckpoint.crw.fgM9X | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmia32.msi | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\InvokeFind.png | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\he.pak | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\IRIS.INF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\next-arrow-hover.svg | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ppd.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PPT_WHATSNEW.XML | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOS.TTF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\Analytics | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART12.BDR | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\br\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\mai\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark.png | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ps.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\GRAY.pf | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\WidevineCdm\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\te.pak | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\THANKS.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\lv-LV\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_browser.gif | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-pl.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.153.55\EdgeUpdate.dat | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\intf\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\Interceptor.tlb | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ppd.xrm-ms | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\THMBNAIL.PNG | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-focus_32.svg | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\el.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 180 wrote to memory of 116 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 180 wrote to memory of 116 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 180 wrote to memory of 116 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fca8d48afa7e5535fb71fd22225e86602d47dcfa5a4924fcbc33aecd9c945847.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\fca8d48afa7e5535fb71fd22225e86602d47dcfa5a4924fcbc33aecd9c945847.dll
Network
| Country | Destination | Domain | Proto |
| NL | 104.110.191.140:80 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.0.56:445 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.0.212:445 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.0.51:445 | tcp | |
| N/A | 10.127.0.63:445 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.58:445 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.0.64:445 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.59:445 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.55:445 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.0.62:445 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.65:445 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.48:445 | tcp | |
| N/A | 10.127.0.66:445 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.47:445 | tcp | |
| N/A | 10.127.0.53:445 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.52:445 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.61:445 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.0.50:445 | tcp | |
| N/A | 10.127.0.54:445 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.60:445 | tcp | |
| N/A | 10.127.0.72:445 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.57:445 | tcp | |
| N/A | 10.127.0.75:445 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.79:445 | tcp | |
| N/A | 10.127.0.90:445 | tcp | |
| US | 8.8.8.8:53 | api.msn.com | udp |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.105:445 | tcp | |
| US | 131.253.33.203:443 | api.msn.com | tcp |
| N/A | 10.127.0.46:445 | tcp | |
| N/A | 10.127.0.49:445 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.99:445 | tcp | |
| N/A | 10.127.0.82:445 | tcp | |
| N/A | 10.127.0.149:445 | tcp | |
| N/A | 10.127.0.98:445 | tcp | |
| N/A | 10.127.0.97:445 | tcp | |
| N/A | 10.127.0.103:445 | tcp | |
| N/A | 10.127.0.78:445 | tcp | |
| N/A | 10.127.0.109:445 | tcp | |
| N/A | 10.127.0.88:445 | tcp | |
| N/A | 10.127.0.77:445 | tcp | |
| N/A | 10.127.0.95:445 | tcp | |
| N/A | 10.127.0.73:445 | tcp | |
| N/A | 10.127.0.92:445 | tcp | |
| N/A | 10.127.0.132:445 | tcp | |
| N/A | 10.127.0.100:445 | tcp | |
| N/A | 10.127.0.86:445 | tcp | |
| N/A | 10.127.0.108:445 | tcp | |
| N/A | 10.127.0.74:445 | tcp | |
| N/A | 10.127.0.87:445 | tcp | |
| N/A | 10.127.0.91:445 | tcp | |
| N/A | 10.127.0.93:445 | tcp | |
| N/A | 10.127.0.107:445 | tcp | |
| N/A | 10.127.0.76:445 | tcp | |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.0.67:445 | tcp | |
| N/A | 10.127.0.68:445 | tcp | |
| N/A | 10.127.0.69:445 | tcp | |
| N/A | 10.127.0.70:445 | tcp | |
| N/A | 10.127.0.71:445 | tcp | |
| N/A | 10.127.0.80:445 | tcp | |
| N/A | 10.127.0.81:445 | tcp | |
| N/A | 10.127.0.83:445 | tcp | |
| N/A | 10.127.0.84:445 | tcp | |
| N/A | 10.127.0.85:445 | tcp | |
| N/A | 10.127.0.89:445 | tcp | |
| N/A | 10.127.0.94:445 | tcp | |
| N/A | 10.127.0.96:445 | tcp | |
| N/A | 10.127.0.101:445 | tcp | |
| N/A | 10.127.0.102:445 | tcp | |
| N/A | 10.127.0.104:445 | tcp | |
| N/A | 10.127.0.106:445 | tcp | |
| N/A | 10.127.0.110:445 | tcp | |
| N/A | 10.127.0.111:445 | tcp | |
| N/A | 10.127.0.112:445 | tcp | |
| N/A | 10.127.0.113:445 | tcp | |
| N/A | 10.127.0.114:445 | tcp | |
| N/A | 10.127.0.115:445 | tcp | |
| N/A | 10.127.0.116:445 | tcp | |
| N/A | 10.127.0.117:445 | tcp | |
| N/A | 10.127.0.118:445 | tcp | |
| N/A | 10.127.0.119:445 | tcp | |
| N/A | 10.127.0.120:445 | tcp | |
| N/A | 10.127.0.121:445 | tcp | |
| N/A | 10.127.0.122:445 | tcp | |
| N/A | 10.127.0.123:445 | tcp | |
| N/A | 10.127.0.124:445 | tcp | |
| N/A | 10.127.0.125:445 | tcp | |
| N/A | 10.127.0.126:445 | tcp | |
| N/A | 10.127.0.127:445 | tcp | |
| N/A | 10.127.0.128:445 | tcp | |
| N/A | 10.127.0.129:445 | tcp | |
| N/A | 10.127.0.130:445 | tcp | |
| N/A | 10.127.0.131:445 | tcp | |
| N/A | 10.127.0.133:445 | tcp | |
| N/A | 10.127.0.134:445 | tcp | |
| N/A | 10.127.0.135:445 | tcp | |
| N/A | 10.127.0.136:445 | tcp | |
| N/A | 10.127.0.137:445 | tcp | |
| N/A | 10.127.0.138:445 | tcp | |
| N/A | 10.127.0.139:445 | tcp | |
| N/A | 10.127.0.140:445 | tcp | |
| N/A | 10.127.0.141:445 | tcp | |
| N/A | 10.127.0.142:445 | tcp | |
| N/A | 10.127.0.143:445 | tcp | |
| N/A | 10.127.0.144:445 | tcp | |
| N/A | 10.127.0.145:445 | tcp | |
| N/A | 10.127.0.146:445 | tcp | |
| N/A | 10.127.0.147:445 | tcp | |
| N/A | 10.127.0.148:445 | tcp | |
| N/A | 10.127.0.150:445 | tcp | |
| N/A | 10.127.0.151:445 | tcp | |
| N/A | 10.127.0.152:445 | tcp | |
| N/A | 10.127.0.153:445 | tcp | |
| N/A | 10.127.0.154:445 | tcp | |
| N/A | 10.127.0.155:445 | tcp | |
| N/A | 10.127.0.156:445 | tcp | |
| N/A | 10.127.0.157:445 | tcp | |
| N/A | 10.127.0.158:445 | tcp | |
| N/A | 10.127.0.159:445 | tcp | |
| N/A | 10.127.0.160:445 | tcp | |
| N/A | 10.127.0.161:445 | tcp | |
| N/A | 10.127.0.162:445 | tcp | |
| N/A | 10.127.0.163:445 | tcp | |
| N/A | 10.127.0.164:445 | tcp | |
| N/A | 10.127.0.165:445 | tcp | |
| N/A | 10.127.0.166:445 | tcp | |
| N/A | 10.127.0.167:445 | tcp | |
| N/A | 10.127.0.168:445 | tcp | |
| N/A | 10.127.0.169:445 | tcp | |
| N/A | 10.127.0.170:445 | tcp | |
| N/A | 10.127.0.171:445 | tcp | |
| N/A | 10.127.0.172:445 | tcp | |
| N/A | 10.127.0.173:445 | tcp | |
| N/A | 10.127.0.174:445 | tcp | |
| N/A | 10.127.0.175:445 | tcp | |
| N/A | 10.127.0.176:445 | tcp | |
| N/A | 10.127.0.177:445 | tcp | |
| N/A | 10.127.0.178:445 | tcp | |
| N/A | 10.127.0.179:445 | tcp | |
| N/A | 10.127.0.180:445 | tcp | |
| N/A | 10.127.0.181:445 | tcp | |
| N/A | 10.127.0.182:445 | tcp | |
| N/A | 10.127.0.183:445 | tcp | |
| N/A | 10.127.0.184:445 | tcp | |
| N/A | 10.127.0.185:445 | tcp | |
| N/A | 10.127.0.186:445 | tcp | |
| N/A | 10.127.0.187:445 | tcp | |
| N/A | 10.127.0.188:445 | tcp | |
| N/A | 10.127.0.189:445 | tcp | |
| N/A | 10.127.0.190:445 | tcp | |
| N/A | 10.127.0.191:445 | tcp | |
| N/A | 10.127.0.192:445 | tcp | |
| N/A | 10.127.0.193:445 | tcp | |
| N/A | 10.127.0.194:445 | tcp | |
| N/A | 10.127.0.195:445 | tcp | |
| N/A | 10.127.0.196:445 | tcp | |
| N/A | 10.127.0.197:445 | tcp | |
| N/A | 10.127.0.198:445 | tcp | |
| N/A | 10.127.0.199:445 | tcp | |
| N/A | 10.127.0.200:445 | tcp | |
| N/A | 10.127.0.201:445 | tcp | |
| N/A | 10.127.0.202:445 | tcp | |
| N/A | 10.127.0.203:445 | tcp | |
| N/A | 10.127.0.204:445 | tcp | |
| N/A | 10.127.0.205:445 | tcp | |
| N/A | 10.127.0.206:445 | tcp | |
| N/A | 10.127.0.207:445 | tcp | |
| N/A | 10.127.0.208:445 | tcp | |
| N/A | 10.127.0.209:445 | tcp | |
| N/A | 10.127.0.210:445 | tcp | |
| N/A | 10.127.0.211:445 | tcp | |
| N/A | 10.127.0.213:445 | tcp | |
| N/A | 10.127.0.214:445 | tcp | |
| N/A | 10.127.0.215:445 | tcp | |
| N/A | 10.127.0.216:445 | tcp | |
| N/A | 10.127.0.217:445 | tcp | |
| N/A | 10.127.0.218:445 | tcp | |
| N/A | 10.127.0.219:445 | tcp | |
| N/A | 10.127.0.220:445 | tcp | |
| N/A | 10.127.0.221:445 | tcp | |
| N/A | 10.127.0.222:445 | tcp | |
| N/A | 10.127.0.223:445 | tcp | |
| N/A | 10.127.0.224:445 | tcp | |
| N/A | 10.127.0.225:445 | tcp | |
| N/A | 10.127.0.226:445 | tcp | |
| N/A | 10.127.0.227:445 | tcp | |
| N/A | 10.127.0.228:445 | tcp | |
| N/A | 10.127.0.229:445 | tcp | |
| N/A | 10.127.0.230:445 | tcp | |
| N/A | 10.127.0.231:445 | tcp | |
| N/A | 10.127.0.232:445 | tcp | |
| N/A | 10.127.0.233:445 | tcp | |
| N/A | 10.127.0.234:445 | tcp | |
| N/A | 10.127.0.235:445 | tcp | |
| N/A | 10.127.0.236:445 | tcp | |
| N/A | 10.127.0.237:445 | tcp | |
| N/A | 10.127.0.238:445 | tcp | |
| N/A | 10.127.0.239:445 | tcp | |
| N/A | 10.127.0.240:445 | tcp | |
| N/A | 10.127.0.241:445 | tcp | |
| N/A | 10.127.0.242:445 | tcp | |
| N/A | 10.127.0.243:445 | tcp | |
| N/A | 10.127.0.244:445 | tcp | |
| N/A | 10.127.0.245:445 | tcp | |
| N/A | 10.127.0.246:445 | tcp | |
| N/A | 10.127.0.247:445 | tcp | |
| N/A | 10.127.0.248:445 | tcp | |
| N/A | 10.127.0.249:445 | tcp | |
| N/A | 10.127.0.250:445 | tcp | |
| N/A | 10.127.0.251:445 | tcp | |
| N/A | 10.127.0.252:445 | tcp | |
| N/A | 10.127.0.253:445 | tcp | |
| N/A | 10.127.0.254:445 | tcp | |
| US | 8.8.8.8:53 | geo.prod.do.dsp.mp.microsoft.com | udp |
| IE | 51.104.164.114:443 | geo.prod.do.dsp.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | kv801.prod.do.dsp.mp.microsoft.com | udp |
| NL | 184.29.205.60:443 | kv801.prod.do.dsp.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | cp801.prod.do.dsp.mp.microsoft.com | udp |
| NL | 184.29.205.60:443 | cp801.prod.do.dsp.mp.microsoft.com | tcp |
| NL | 184.29.205.60:443 | cp801.prod.do.dsp.mp.microsoft.com | tcp |
| N/A | 10.127.255.7:445 | tcp | |
| N/A | 10.127.255.18:445 | tcp | |
| N/A | 10.127.255.38:445 | tcp | |
| N/A | 10.127.255.50:445 | tcp | |
| N/A | 10.127.255.63:445 | tcp | |
| N/A | 10.127.255.54:445 | tcp | |
| N/A | 10.127.255.28:445 | tcp | |
| N/A | 10.127.255.44:445 | tcp | |
| N/A | 10.127.255.12:445 | tcp | |
| N/A | 10.127.255.23:445 | tcp | |
| N/A | 10.127.255.36:445 | tcp | |
| N/A | 10.127.255.35:445 | tcp | |
| N/A | 10.127.255.58:445 | tcp | |
| N/A | 10.127.255.62:445 | tcp | |
| N/A | 10.127.255.59:445 | tcp | |
| N/A | 10.127.255.27:445 | tcp | |
| N/A | 10.127.255.40:445 | tcp | |
| N/A | 10.127.255.41:445 | tcp | |
| N/A | 10.127.255.30:445 | tcp | |
| N/A | 10.127.255.3:445 | tcp | |
| N/A | 10.127.255.24:445 | tcp | |
| N/A | 10.127.255.29:445 | tcp | |
| N/A | 10.127.255.32:445 | tcp | |
| N/A | 10.127.255.57:445 | tcp | |
| N/A | 10.127.255.45:445 | tcp | |
| N/A | 10.127.255.240:445 | tcp | |
| N/A | 10.127.255.64:445 | tcp | |
| N/A | 10.127.255.241:445 | tcp | |
| N/A | 10.127.255.51:445 | tcp | |
| N/A | 10.127.255.135:445 | tcp | |
| N/A | 10.127.255.1:445 | tcp | |
| N/A | 10.127.255.6:445 | tcp | |
| N/A | 10.127.255.39:445 | tcp | |
| N/A | 10.127.255.0:445 | tcp | |
| N/A | 10.127.255.52:445 | tcp | |
| N/A | 10.127.255.61:445 | tcp | |
| N/A | 10.127.255.17:445 | tcp | |
| N/A | 10.127.255.60:445 | tcp | |
| N/A | 10.127.255.5:445 | tcp | |
| N/A | 10.127.255.65:445 | tcp | |
| N/A | 10.127.255.34:445 | tcp | |
| N/A | 10.127.255.8:445 | tcp | |
| N/A | 10.127.255.42:445 | tcp | |
| N/A | 10.127.255.55:445 | tcp | |
| N/A | 10.127.255.43:445 | tcp | |
| N/A | 10.127.255.37:445 | tcp | |
| N/A | 10.127.255.16:445 | tcp | |
| N/A | 10.127.255.21:445 | tcp | |
| N/A | 10.127.255.198:445 | tcp | |
| N/A | 10.127.255.53:445 | tcp | |
| N/A | 10.127.255.33:445 | tcp | |
| N/A | 10.127.255.49:445 | tcp | |
| N/A | 10.127.255.134:445 | tcp | |
| N/A | 10.127.255.11:445 | tcp | |
| N/A | 10.127.255.13:445 | tcp | |
| N/A | 10.127.255.20:445 | tcp | |
| N/A | 10.127.255.22:445 | tcp | |
| N/A | 10.127.255.86:445 | tcp | |
| N/A | 10.127.255.14:445 | tcp | |
| N/A | 10.127.255.47:445 | tcp | |
| N/A | 10.127.255.48:445 | tcp | |
| N/A | 10.127.255.10:445 | tcp | |
| N/A | 10.127.255.19:445 | tcp | |
| N/A | 10.127.255.75:445 | tcp | |
| N/A | 10.127.255.74:445 | tcp | |
| N/A | 10.127.255.88:445 | tcp | |
| N/A | 10.127.255.26:445 | tcp | |
| N/A | 10.127.255.56:445 | tcp | |
| N/A | 10.127.255.136:445 | tcp | |
| N/A | 10.127.255.15:445 | tcp | |
| N/A | 10.127.255.4:445 | tcp | |
| N/A | 10.127.255.66:445 | tcp | |
| N/A | 10.127.255.9:445 | tcp | |
| N/A | 10.127.255.81:445 | tcp | |
| N/A | 10.127.255.82:445 | tcp | |
| N/A | 10.127.255.83:445 | tcp | |
| N/A | 10.127.255.2:445 | tcp | |
| N/A | 10.127.255.31:445 | tcp | |
| N/A | 10.127.255.46:445 | tcp | |
| N/A | 10.127.255.68:445 | tcp | |
| N/A | 10.127.255.84:445 | tcp | |
| N/A | 10.127.255.25:445 | tcp | |
| N/A | 10.127.255.67:445 | tcp | |
| N/A | 10.127.255.69:445 | tcp | |
| N/A | 10.127.255.70:445 | tcp | |
| N/A | 10.127.255.71:445 | tcp | |
| N/A | 10.127.255.72:445 | tcp | |
| N/A | 10.127.255.73:445 | tcp | |
| N/A | 10.127.255.76:445 | tcp | |
| N/A | 10.127.255.77:445 | tcp | |
| N/A | 10.127.255.78:445 | tcp | |
| N/A | 10.127.255.79:445 | tcp | |
| N/A | 10.127.255.80:445 | tcp | |
| N/A | 10.127.255.85:445 | tcp | |
| N/A | 10.127.255.87:445 | tcp | |
| N/A | 10.127.255.89:445 | tcp | |
| N/A | 10.127.255.90:445 | tcp | |
| N/A | 10.127.255.91:445 | tcp | |
| N/A | 10.127.255.92:445 | tcp | |
| N/A | 10.127.255.93:445 | tcp | |
| N/A | 10.127.255.94:445 | tcp | |
| N/A | 10.127.255.95:445 | tcp | |
| N/A | 10.127.255.96:445 | tcp | |
| N/A | 10.127.255.97:445 | tcp | |
| N/A | 10.127.255.98:445 | tcp | |
| N/A | 10.127.255.99:445 | tcp | |
| N/A | 10.127.255.100:445 | tcp | |
| N/A | 10.127.255.101:445 | tcp | |
| N/A | 10.127.255.102:445 | tcp | |
| N/A | 10.127.255.103:445 | tcp | |
| N/A | 10.127.255.104:445 | tcp | |
| N/A | 10.127.255.105:445 | tcp | |
| N/A | 10.127.255.106:445 | tcp | |
| N/A | 10.127.255.107:445 | tcp | |
| N/A | 10.127.255.108:445 | tcp | |
| N/A | 10.127.255.109:445 | tcp | |
| N/A | 10.127.255.110:445 | tcp | |
| N/A | 10.127.255.111:445 | tcp | |
| N/A | 10.127.255.112:445 | tcp | |
| N/A | 10.127.255.113:445 | tcp | |
| N/A | 10.127.255.114:445 | tcp | |
| N/A | 10.127.255.115:445 | tcp | |
| N/A | 10.127.255.116:445 | tcp | |
| N/A | 10.127.255.117:445 | tcp | |
| N/A | 10.127.255.118:445 | tcp | |
| N/A | 10.127.255.119:445 | tcp | |
| N/A | 10.127.255.120:445 | tcp | |
| N/A | 10.127.255.121:445 | tcp | |
| N/A | 10.127.255.122:445 | tcp | |
| N/A | 10.127.255.123:445 | tcp | |
| N/A | 10.127.255.124:445 | tcp | |
| N/A | 10.127.255.125:445 | tcp | |
| N/A | 10.127.255.126:445 | tcp | |
| N/A | 10.127.255.127:445 | tcp | |
| N/A | 10.127.255.128:445 | tcp | |
| N/A | 10.127.255.129:445 | tcp | |
| N/A | 10.127.255.130:445 | tcp | |
| N/A | 10.127.255.131:445 | tcp | |
| N/A | 10.127.255.132:445 | tcp | |
| N/A | 10.127.255.133:445 | tcp | |
| N/A | 10.127.255.137:445 | tcp | |
| N/A | 10.127.255.138:445 | tcp | |
| N/A | 10.127.255.139:445 | tcp | |
| N/A | 10.127.255.140:445 | tcp | |
| N/A | 10.127.255.141:445 | tcp | |
| N/A | 10.127.255.142:445 | tcp | |
| N/A | 10.127.255.143:445 | tcp | |
| N/A | 10.127.255.144:445 | tcp | |
| N/A | 10.127.255.145:445 | tcp | |
| N/A | 10.127.255.146:445 | tcp | |
| N/A | 10.127.255.147:445 | tcp | |
| N/A | 10.127.255.148:445 | tcp | |
| N/A | 10.127.255.149:445 | tcp | |
| N/A | 10.127.255.150:445 | tcp | |
| N/A | 10.127.255.151:445 | tcp | |
| N/A | 10.127.255.152:445 | tcp | |
| N/A | 10.127.255.153:445 | tcp | |
| N/A | 10.127.255.154:445 | tcp | |
| N/A | 10.127.255.155:445 | tcp | |
| N/A | 10.127.255.156:445 | tcp | |
| N/A | 10.127.255.157:445 | tcp | |
| N/A | 10.127.255.158:445 | tcp | |
| N/A | 10.127.255.159:445 | tcp | |
| N/A | 10.127.255.160:445 | tcp | |
| N/A | 10.127.255.161:445 | tcp | |
| N/A | 10.127.255.162:445 | tcp | |
| N/A | 10.127.255.163:445 | tcp | |
| N/A | 10.127.255.164:445 | tcp | |
| N/A | 10.127.255.165:445 | tcp | |
| N/A | 10.127.255.166:445 | tcp | |
| N/A | 10.127.255.167:445 | tcp | |
| N/A | 10.127.255.168:445 | tcp | |
| N/A | 10.127.255.169:445 | tcp | |
| N/A | 10.127.255.170:445 | tcp | |
| N/A | 10.127.255.171:445 | tcp | |
| N/A | 10.127.255.172:445 | tcp | |
| N/A | 10.127.255.173:445 | tcp | |
| N/A | 10.127.255.174:445 | tcp | |
| N/A | 10.127.255.175:445 | tcp | |
| N/A | 10.127.255.176:445 | tcp | |
| N/A | 10.127.255.177:445 | tcp | |
| N/A | 10.127.255.178:445 | tcp | |
| N/A | 10.127.255.179:445 | tcp | |
| N/A | 10.127.255.180:445 | tcp | |
| N/A | 10.127.255.181:445 | tcp | |
| N/A | 10.127.255.182:445 | tcp | |
| N/A | 10.127.255.183:445 | tcp | |
| N/A | 10.127.255.184:445 | tcp | |
| N/A | 10.127.255.185:445 | tcp | |
| N/A | 10.127.255.186:445 | tcp | |
| N/A | 10.127.255.187:445 | tcp | |
| N/A | 10.127.255.188:445 | tcp | |
| N/A | 10.127.255.189:445 | tcp | |
| N/A | 10.127.255.190:445 | tcp | |
| N/A | 10.127.255.191:445 | tcp | |
| N/A | 10.127.255.192:445 | tcp | |
| N/A | 10.127.255.193:445 | tcp | |
| N/A | 10.127.255.194:445 | tcp | |
| N/A | 10.127.255.195:445 | tcp | |
| N/A | 10.127.255.196:445 | tcp | |
| N/A | 10.127.255.197:445 | tcp | |
| N/A | 10.127.255.199:445 | tcp | |
| N/A | 10.127.255.200:445 | tcp | |
| N/A | 10.127.255.201:445 | tcp | |
| N/A | 10.127.255.202:445 | tcp | |
| N/A | 10.127.255.203:445 | tcp | |
| N/A | 10.127.255.204:445 | tcp | |
| N/A | 10.127.255.205:445 | tcp | |
| N/A | 10.127.255.206:445 | tcp | |
| N/A | 10.127.255.207:445 | tcp | |
| N/A | 10.127.255.208:445 | tcp | |
| N/A | 10.127.255.209:445 | tcp | |
| N/A | 10.127.255.210:445 | tcp | |
| N/A | 10.127.255.211:445 | tcp | |
| N/A | 10.127.255.212:445 | tcp | |
| N/A | 10.127.255.213:445 | tcp | |
| N/A | 10.127.255.214:445 | tcp | |
| N/A | 10.127.255.215:445 | tcp | |
| N/A | 10.127.255.216:445 | tcp | |
| N/A | 10.127.255.217:445 | tcp | |
| N/A | 10.127.255.218:445 | tcp | |
| N/A | 10.127.255.219:445 | tcp | |
| N/A | 10.127.255.220:445 | tcp | |
| N/A | 10.127.255.221:445 | tcp | |
| N/A | 10.127.255.222:445 | tcp | |
| N/A | 10.127.255.223:445 | tcp | |
| N/A | 10.127.255.224:445 | tcp | |
| N/A | 10.127.255.225:445 | tcp | |
| N/A | 10.127.255.226:445 | tcp | |
| N/A | 10.127.255.227:445 | tcp | |
| N/A | 10.127.255.228:445 | tcp | |
| N/A | 10.127.255.229:445 | tcp | |
| N/A | 10.127.255.230:445 | tcp | |
| N/A | 10.127.255.231:445 | tcp | |
| N/A | 10.127.255.232:445 | tcp | |
| N/A | 10.127.255.233:445 | tcp | |
| N/A | 10.127.255.234:445 | tcp | |
| N/A | 10.127.255.235:445 | tcp | |
| N/A | 10.127.255.236:445 | tcp | |
| N/A | 10.127.255.237:445 | tcp | |
| N/A | 10.127.255.238:445 | tcp | |
| N/A | 10.127.255.239:445 | tcp | |
| N/A | 10.127.255.242:445 | tcp | |
| N/A | 10.127.255.243:445 | tcp | |
| N/A | 10.127.255.244:445 | tcp | |
| N/A | 10.127.255.245:445 | tcp | |
| N/A | 10.127.255.246:445 | tcp | |
| N/A | 10.127.255.247:445 | tcp | |
| N/A | 10.127.255.248:445 | tcp | |
| N/A | 10.127.255.249:445 | tcp | |
| N/A | 10.127.255.250:445 | tcp | |
| N/A | 10.127.255.251:445 | tcp | |
| N/A | 10.127.255.252:445 | tcp | |
| N/A | 10.127.255.253:445 | tcp | |
| N/A | 10.127.255.254:445 | tcp |