Analysis Overview
SHA256
3d08732963ffdae8596f89cdfd34a2ec24865278c0763221c003254eeaf67554
Threat Level: Known bad
The file 3d08732963ffdae8596f89cdfd34a2ec24865278c0763221c003254eeaf67554 was found to be: Known bad.
Malicious Activity Summary
Conti Ransomware
Renames multiple (64) files with added filename extension
Drops desktop.ini file(s)
Drops file in Program Files directory
Program crash
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-08 15:32
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-08 15:32
Reported
2024-09-08 15:34
Platform
win10v2004-20240802-en
Max time kernel
94s
Max time network
96s
Command Line
Signatures
Conti Ransomware
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Mozilla Firefox\application.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\dependentlibs.list | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\RegisterTrace.emz | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\AppXManifest.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\ShowGroup.wmf | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.sfx | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\descript.ion | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Google\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Internet Explorer\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\RepairAssert.fon | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Microsoft Office 15\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\ThinAppXManifest.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\InstallFind.001 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\dotnet\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\installation_telemetry.json | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\locale.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\FileSystemMetadata.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.chm | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\crashreporter.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\omni.ja | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\BlockBackup.otf | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\TraceUnprotect.xlsm | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zCon.sfx | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Common Files\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Crashpad\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Crashpad\settings.dat | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\PingDisable.inf | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\UnlockInvoke.mhtml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\install.log | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\LICENSE.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Java\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files (x86)\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\License.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Crashpad\metadata | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaultagent.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\RevokeGroup.edrwx | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\RevokeRemove.mov | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.cfg | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\ThirdPartyNotices.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Microsoft Office\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\regsvr32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2816 wrote to memory of 1496 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 2816 wrote to memory of 1496 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 2816 wrote to memory of 1496 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3d08732963ffdae8596f89cdfd34a2ec24865278c0763221c003254eeaf67554.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\3d08732963ffdae8596f89cdfd34a2ec24865278c0763221c003254eeaf67554.dll
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1496 -ip 1496
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 2136
Network
| Country | Destination | Domain | Proto |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.52:445 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.66:445 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.63:445 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.56:445 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.59:445 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.47:445 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.0.61:445 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.55:445 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.49:445 | tcp | |
| N/A | 10.127.0.60:445 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.62:445 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.0.58:445 | tcp | |
| N/A | 10.127.0.46:445 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.53:445 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.50:445 | tcp | |
| N/A | 10.127.0.54:445 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.0.48:445 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.0.57:445 | tcp | |
| N/A | 10.127.0.51:445 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.64:445 | tcp | |
| N/A | 10.127.0.103:445 | tcp | |
| N/A | 10.127.0.112:445 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.72:445 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.70:445 | tcp | |
| N/A | 10.127.0.109:445 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.0.65:445 | tcp | |
| N/A | 10.127.0.105:445 | tcp | |
| N/A | 10.127.0.101:445 | tcp | |
| N/A | 10.127.0.86:445 | tcp | |
| N/A | 10.127.0.95:445 | tcp | |
| N/A | 10.127.0.75:445 | tcp | |
| N/A | 10.127.0.77:445 | tcp | |
| N/A | 10.127.0.79:445 | tcp | |
| N/A | 10.127.0.92:445 | tcp | |
| N/A | 10.127.0.71:445 | tcp | |
| N/A | 10.127.0.114:445 | tcp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| N/A | 10.127.0.85:445 | tcp | |
| N/A | 10.127.0.111:445 | tcp | |
| N/A | 10.127.0.89:445 | tcp | |
| N/A | 10.127.0.74:445 | tcp | |
| N/A | 10.127.0.108:445 | tcp | |
| N/A | 10.127.0.76:445 | tcp | |
| N/A | 10.127.0.88:445 | tcp | |
| N/A | 10.127.0.67:445 | tcp | |
| N/A | 10.127.0.110:445 | tcp | |
| N/A | 10.127.0.94:445 | tcp | |
| N/A | 10.127.0.96:445 | tcp | |
| N/A | 10.127.0.102:445 | tcp | |
| N/A | 10.127.0.118:445 | tcp | |
| N/A | 10.127.0.119:445 | tcp | |
| N/A | 10.127.0.91:445 | tcp | |
| N/A | 10.127.0.93:445 | tcp | |
| N/A | 10.127.0.99:445 | tcp | |
| N/A | 10.127.0.81:445 | tcp | |
| N/A | 10.127.0.83:445 | tcp | |
| N/A | 10.127.0.98:445 | tcp | |
| N/A | 10.127.0.97:445 | tcp | |
| N/A | 10.127.0.100:445 | tcp | |
| N/A | 10.127.0.115:445 | tcp | |
| N/A | 10.127.0.116:445 | tcp | |
| N/A | 10.127.0.113:445 | tcp | |
| N/A | 10.127.0.84:445 | tcp | |
| N/A | 10.127.0.106:445 | tcp | |
| N/A | 10.127.0.107:445 | tcp | |
| N/A | 10.127.0.68:445 | tcp | |
| N/A | 10.127.0.80:445 | tcp | |
| N/A | 10.127.0.104:445 | tcp | |
| N/A | 10.127.0.69:445 | tcp | |
| N/A | 10.127.0.117:445 | tcp | |
| N/A | 10.127.0.73:445 | tcp | |
| N/A | 10.127.0.78:445 | tcp | |
| N/A | 10.127.0.87:445 | tcp | |
| N/A | 10.127.0.90:445 | tcp | |
| N/A | 10.127.0.82:445 | tcp | |
| N/A | 10.127.0.154:445 | tcp | |
| N/A | 10.127.0.175:445 | tcp | |
| N/A | 10.127.0.156:445 | tcp | |
| N/A | 10.127.0.145:445 | tcp | |
| N/A | 10.127.0.157:445 | tcp | |
| N/A | 10.127.0.158:445 | tcp | |
| N/A | 10.127.0.149:445 | tcp | |
| N/A | 10.127.0.128:445 | tcp | |
| N/A | 10.127.0.178:445 | tcp | |
| N/A | 10.127.0.124:445 | tcp | |
| N/A | 10.127.0.136:445 | tcp | |
| N/A | 10.127.0.161:445 | tcp | |
| N/A | 10.127.0.152:445 | tcp | |
| N/A | 10.127.0.143:445 | tcp | |
| N/A | 10.127.0.137:445 | tcp | |
| N/A | 10.127.0.148:445 | tcp | |
| N/A | 10.127.0.169:445 | tcp | |
| N/A | 10.127.0.153:445 | tcp | |
| N/A | 10.127.0.172:445 | tcp | |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| N/A | 10.127.0.140:445 | tcp | |
| N/A | 10.127.0.121:445 | tcp | |
| N/A | 10.127.0.159:445 | tcp | |
| N/A | 10.127.0.176:445 | tcp | |
| N/A | 10.127.0.150:445 | tcp | |
| N/A | 10.127.0.129:445 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.0.120:445 | tcp | |
| N/A | 10.127.0.122:445 | tcp | |
| N/A | 10.127.0.123:445 | tcp | |
| N/A | 10.127.0.125:445 | tcp | |
| N/A | 10.127.0.126:445 | tcp | |
| N/A | 10.127.0.127:445 | tcp | |
| N/A | 10.127.0.130:445 | tcp | |
| N/A | 10.127.0.131:445 | tcp | |
| N/A | 10.127.0.132:445 | tcp | |
| N/A | 10.127.0.133:445 | tcp | |
| N/A | 10.127.0.134:445 | tcp | |
| N/A | 10.127.0.135:445 | tcp | |
| N/A | 10.127.0.138:445 | tcp | |
| N/A | 10.127.0.139:445 | tcp | |
| N/A | 10.127.0.141:445 | tcp | |
| N/A | 10.127.0.142:445 | tcp | |
| N/A | 10.127.0.144:445 | tcp | |
| N/A | 10.127.0.146:445 | tcp | |
| N/A | 10.127.0.147:445 | tcp | |
| N/A | 10.127.0.151:445 | tcp | |
| N/A | 10.127.0.155:445 | tcp | |
| N/A | 10.127.0.160:445 | tcp | |
| N/A | 10.127.0.162:445 | tcp | |
| N/A | 10.127.0.163:445 | tcp | |
| N/A | 10.127.0.164:445 | tcp | |
| N/A | 10.127.0.165:445 | tcp | |
| N/A | 10.127.0.166:445 | tcp | |
| N/A | 10.127.0.167:445 | tcp | |
| N/A | 10.127.0.168:445 | tcp | |
| N/A | 10.127.0.170:445 | tcp | |
| N/A | 10.127.0.171:445 | tcp | |
| N/A | 10.127.0.173:445 | tcp | |
| N/A | 10.127.0.174:445 | tcp | |
| N/A | 10.127.0.177:445 | tcp | |
| N/A | 10.127.0.179:445 | tcp | |
| N/A | 10.127.0.180:445 | tcp | |
| N/A | 10.127.0.181:445 | tcp | |
| N/A | 10.127.0.182:445 | tcp | |
| N/A | 10.127.0.183:445 | tcp | |
| N/A | 10.127.0.184:445 | tcp | |
| N/A | 10.127.0.185:445 | tcp | |
| N/A | 10.127.0.186:445 | tcp | |
| N/A | 10.127.0.187:445 | tcp | |
| N/A | 10.127.0.188:445 | tcp | |
| N/A | 10.127.0.189:445 | tcp | |
| N/A | 10.127.0.190:445 | tcp | |
| N/A | 10.127.0.191:445 | tcp | |
| N/A | 10.127.0.192:445 | tcp | |
| N/A | 10.127.0.193:445 | tcp | |
| N/A | 10.127.0.194:445 | tcp | |
| N/A | 10.127.0.195:445 | tcp | |
| N/A | 10.127.0.196:445 | tcp | |
| N/A | 10.127.0.197:445 | tcp | |
| N/A | 10.127.0.198:445 | tcp | |
| N/A | 10.127.0.199:445 | tcp | |
| N/A | 10.127.0.200:445 | tcp | |
| N/A | 10.127.0.201:445 | tcp | |
| N/A | 10.127.0.202:445 | tcp | |
| N/A | 10.127.0.203:445 | tcp | |
| N/A | 10.127.0.204:445 | tcp | |
| N/A | 10.127.0.205:445 | tcp | |
| N/A | 10.127.0.206:445 | tcp | |
| N/A | 10.127.0.207:445 | tcp | |
| N/A | 10.127.0.208:445 | tcp | |
| N/A | 10.127.0.209:445 | tcp | |
| N/A | 10.127.0.210:445 | tcp | |
| N/A | 10.127.0.211:445 | tcp | |
| N/A | 10.127.0.212:445 | tcp | |
| N/A | 10.127.0.213:445 | tcp | |
| N/A | 10.127.0.214:445 | tcp | |
| N/A | 10.127.0.215:445 | tcp | |
| N/A | 10.127.0.216:445 | tcp | |
| N/A | 10.127.0.217:445 | tcp | |
| N/A | 10.127.0.218:445 | tcp | |
| N/A | 10.127.0.219:445 | tcp | |
| N/A | 10.127.0.220:445 | tcp | |
| N/A | 10.127.0.221:445 | tcp | |
| N/A | 10.127.0.222:445 | tcp | |
| N/A | 10.127.0.223:445 | tcp | |
| N/A | 10.127.0.224:445 | tcp | |
| N/A | 10.127.0.225:445 | tcp | |
| N/A | 10.127.0.226:445 | tcp | |
| N/A | 10.127.0.227:445 | tcp | |
| N/A | 10.127.0.228:445 | tcp | |
| N/A | 10.127.0.229:445 | tcp | |
| N/A | 10.127.0.230:445 | tcp | |
| N/A | 10.127.0.231:445 | tcp | |
| N/A | 10.127.0.232:445 | tcp | |
| N/A | 10.127.0.233:445 | tcp | |
| N/A | 10.127.0.234:445 | tcp | |
| N/A | 10.127.0.235:445 | tcp | |
| N/A | 10.127.0.236:445 | tcp | |
| N/A | 10.127.0.237:445 | tcp | |
| N/A | 10.127.0.238:445 | tcp | |
| N/A | 10.127.0.239:445 | tcp | |
| N/A | 10.127.0.240:445 | tcp | |
| N/A | 10.127.0.241:445 | tcp | |
| N/A | 10.127.0.242:445 | tcp | |
| N/A | 10.127.0.243:445 | tcp | |
| N/A | 10.127.0.244:445 | tcp | |
| N/A | 10.127.0.245:445 | tcp | |
| N/A | 10.127.0.246:445 | tcp | |
| N/A | 10.127.0.247:445 | tcp | |
| N/A | 10.127.0.248:445 | tcp | |
| N/A | 10.127.0.249:445 | tcp | |
| N/A | 10.127.0.250:445 | tcp | |
| N/A | 10.127.0.251:445 | tcp | |
| N/A | 10.127.0.252:445 | tcp | |
| N/A | 10.127.0.253:445 | tcp | |
| N/A | 10.127.0.254:445 | tcp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
Files
C:\ProgramData\readme.txt
| MD5 | df7b95b1555951e1c1095ec1a913f78a |
| SHA1 | 076812ba99a65a76f6510824f9317c85b7a65bdb |
| SHA256 | 15ac17280f7e4b43eb21c090792465494eede0937897c271eb1cc14733dc371e |
| SHA512 | b85bee418326445ed0efd217cb92432138ad63b46ff41d98a85d2af648698448f1680a320669ec4d1a735c8a40d5747983652d02fafc5c9737747e659f4f8e30 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-08 15:32
Reported
2024-09-08 15:34
Platform
win7-20240903-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Conti Ransomware
Renames multiple (64) files with added filename extension
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Mozilla Firefox\dependentlibs.list | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\omni.ja | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\ConvertFromPing.xltm | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\fieldswitch.ax | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\rtstreamsource.ax | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Java\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\ProtectLimit.jpeg | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\SearchGet.nfo | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\SyncExit.htm | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Microsoft Office\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\ClearRead.xltm | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\DenyRequest.asx | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\UnlockWait.bmp | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\UnprotectClear.odp | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zCon.sfx | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Eurosti.TTF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\ConvertGet.7z | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\ProtectWrite.jpeg | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\directshowtap.ax | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\application.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\MountRegister.vsx | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\rtstreamsink.ax | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaultagent.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\installation_telemetry.json | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\locale.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\UndoResume.htm | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\UnprotectDisable.rtf | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\UpdateTest.vdw | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Common Files\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\Timeline.cpu.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Microsoft Games\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\ConfirmLimit.easmx | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\ConnectRename.dib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\EnableConvertFrom.vsw | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\PublishExport.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\SaveExit.wmx | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\License.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\BlockAssert.nfo | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\RequestSubmit.vstm | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\descript.ion | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\UseUnpublish.WTV | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\DVD Maker\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\audiodepthconverter.ax | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.cfg | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\InvokeDisconnect.mp4 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File created | C:\Program Files\Internet Explorer\readme.txt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\StopRestore.htm | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\offset.ax | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\soniccolorconverter.ax | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ie9props.propdesc | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\NewDisable.mp3 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files (x86)\desktop.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\SecretST.TTF | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\Accessible.tlb | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaultagent_localized.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\install.log | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\crashreporter.ini | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| File opened for modification | C:\Program Files\AddImport.gif | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\regsvr32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3d08732963ffdae8596f89cdfd34a2ec24865278c0763221c003254eeaf67554.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\3d08732963ffdae8596f89cdfd34a2ec24865278c0763221c003254eeaf67554.dll
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 1796
Network
| Country | Destination | Domain | Proto |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.0.60:445 | tcp | |
| N/A | 10.127.0.64:445 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.46:445 | tcp | |
| N/A | 10.127.0.59:445 | tcp | |
| N/A | 10.127.0.47:445 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.54:445 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.50:445 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.61:445 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.62:445 | tcp | |
| N/A | 10.127.0.48:445 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.57:445 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.0.53:445 | tcp | |
| N/A | 10.127.0.56:445 | tcp | |
| N/A | 10.127.0.58:445 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.49:445 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.0.51:445 | tcp | |
| N/A | 10.127.0.55:445 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.52:445 | tcp | |
| N/A | 10.127.0.65:445 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.63:445 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.106:445 | tcp | |
| N/A | 10.127.0.80:445 | tcp | |
| N/A | 10.127.0.90:445 | tcp | |
| N/A | 10.127.0.69:445 | tcp | |
| N/A | 10.127.0.83:445 | tcp | |
| N/A | 10.127.0.98:445 | tcp | |
| N/A | 10.127.0.99:445 | tcp | |
| N/A | 10.127.0.102:445 | tcp | |
| N/A | 10.127.0.109:445 | tcp | |
| N/A | 10.127.0.79:445 | tcp | |
| N/A | 10.127.0.92:445 | tcp | |
| N/A | 10.127.0.118:445 | tcp | |
| N/A | 10.127.0.110:445 | tcp | |
| N/A | 10.127.0.87:445 | tcp | |
| N/A | 10.127.0.94:445 | tcp | |
| N/A | 10.127.0.123:445 | tcp | |
| N/A | 10.127.0.91:445 | tcp | |
| N/A | 10.127.0.128:445 | tcp | |
| N/A | 10.127.0.77:445 | tcp | |
| N/A | 10.127.0.84:445 | tcp | |
| N/A | 10.127.0.81:445 | tcp | |
| N/A | 10.127.0.97:445 | tcp | |
| N/A | 10.127.0.101:445 | tcp | |
| N/A | 10.127.0.114:445 | tcp | |
| N/A | 10.127.0.66:445 | tcp | |
| N/A | 10.127.0.76:445 | tcp | |
| N/A | 10.127.0.103:445 | tcp | |
| N/A | 10.127.0.107:445 | tcp | |
| N/A | 10.127.0.78:445 | tcp | |
| N/A | 10.127.0.89:445 | tcp | |
| N/A | 10.127.0.117:445 | tcp | |
| N/A | 10.127.0.75:445 | tcp | |
| N/A | 10.127.0.119:445 | tcp | |
| N/A | 10.127.0.112:445 | tcp | |
| N/A | 10.127.0.72:445 | tcp | |
| N/A | 10.127.0.104:445 | tcp | |
| N/A | 10.127.0.73:445 | tcp | |
| N/A | 10.127.0.143:445 | tcp | |
| N/A | 10.127.0.67:445 | tcp | |
| N/A | 10.127.0.116:445 | tcp | |
| N/A | 10.127.0.159:445 | tcp | |
| N/A | 10.127.0.131:445 | tcp | |
| N/A | 10.127.0.162:445 | tcp | |
| N/A | 10.127.0.158:445 | tcp | |
| N/A | 10.127.0.125:445 | tcp | |
| N/A | 10.127.0.138:445 | tcp | |
| N/A | 10.127.0.105:445 | tcp | |
| N/A | 10.127.0.68:445 | tcp | |
| N/A | 10.127.0.70:445 | tcp | |
| N/A | 10.127.0.71:445 | tcp | |
| N/A | 10.127.0.74:445 | tcp | |
| N/A | 10.127.0.82:445 | tcp | |
| N/A | 10.127.0.85:445 | tcp | |
| N/A | 10.127.0.86:445 | tcp | |
| N/A | 10.127.0.88:445 | tcp | |
| N/A | 10.127.0.93:445 | tcp | |
| N/A | 10.127.0.95:445 | tcp | |
| N/A | 10.127.0.96:445 | tcp | |
| N/A | 10.127.0.100:445 | tcp | |
| N/A | 10.127.0.108:445 | tcp | |
| N/A | 10.127.0.111:445 | tcp | |
| N/A | 10.127.0.113:445 | tcp | |
| N/A | 10.127.0.115:445 | tcp | |
| N/A | 10.127.0.120:445 | tcp | |
| N/A | 10.127.0.121:445 | tcp | |
| N/A | 10.127.0.122:445 | tcp | |
| N/A | 10.127.0.124:445 | tcp | |
| N/A | 10.127.0.126:445 | tcp | |
| N/A | 10.127.0.127:445 | tcp | |
| N/A | 10.127.0.129:445 | tcp | |
| N/A | 10.127.0.130:445 | tcp | |
| N/A | 10.127.0.132:445 | tcp | |
| N/A | 10.127.0.133:445 | tcp | |
| N/A | 10.127.0.134:445 | tcp | |
| N/A | 10.127.0.135:445 | tcp | |
| N/A | 10.127.0.136:445 | tcp | |
| N/A | 10.127.0.137:445 | tcp | |
| N/A | 10.127.0.139:445 | tcp | |
| N/A | 10.127.0.140:445 | tcp | |
| N/A | 10.127.0.141:445 | tcp | |
| N/A | 10.127.0.142:445 | tcp | |
| N/A | 10.127.0.144:445 | tcp | |
| N/A | 10.127.0.145:445 | tcp | |
| N/A | 10.127.0.146:445 | tcp | |
| N/A | 10.127.0.147:445 | tcp | |
| N/A | 10.127.0.148:445 | tcp | |
| N/A | 10.127.0.149:445 | tcp | |
| N/A | 10.127.0.150:445 | tcp | |
| N/A | 10.127.0.151:445 | tcp | |
| N/A | 10.127.0.152:445 | tcp | |
| N/A | 10.127.0.153:445 | tcp | |
| N/A | 10.127.0.154:445 | tcp | |
| N/A | 10.127.0.155:445 | tcp | |
| N/A | 10.127.0.156:445 | tcp | |
| N/A | 10.127.0.157:445 | tcp | |
| N/A | 10.127.0.160:445 | tcp | |
| N/A | 10.127.0.161:445 | tcp | |
| N/A | 10.127.0.163:445 | tcp | |
| N/A | 10.127.0.164:445 | tcp | |
| N/A | 10.127.0.165:445 | tcp | |
| N/A | 10.127.0.166:445 | tcp | |
| N/A | 10.127.0.167:445 | tcp | |
| N/A | 10.127.0.168:445 | tcp | |
| N/A | 10.127.0.169:445 | tcp | |
| N/A | 10.127.0.170:445 | tcp | |
| N/A | 10.127.0.171:445 | tcp | |
| N/A | 10.127.0.172:445 | tcp | |
| N/A | 10.127.0.173:445 | tcp | |
| N/A | 10.127.0.174:445 | tcp | |
| N/A | 10.127.0.175:445 | tcp | |
| N/A | 10.127.0.176:445 | tcp | |
| N/A | 10.127.0.177:445 | tcp | |
| N/A | 10.127.0.178:445 | tcp | |
| N/A | 10.127.0.179:445 | tcp | |
| N/A | 10.127.0.180:445 | tcp | |
| N/A | 10.127.0.181:445 | tcp | |
| N/A | 10.127.0.182:445 | tcp | |
| N/A | 10.127.0.183:445 | tcp | |
| N/A | 10.127.0.184:445 | tcp | |
| N/A | 10.127.0.185:445 | tcp | |
| N/A | 10.127.0.186:445 | tcp | |
| N/A | 10.127.0.187:445 | tcp | |
| N/A | 10.127.0.188:445 | tcp | |
| N/A | 10.127.0.189:445 | tcp | |
| N/A | 10.127.0.190:445 | tcp | |
| N/A | 10.127.0.191:445 | tcp | |
| N/A | 10.127.0.192:445 | tcp | |
| N/A | 10.127.0.193:445 | tcp | |
| N/A | 10.127.0.194:445 | tcp | |
| N/A | 10.127.0.195:445 | tcp | |
| N/A | 10.127.0.196:445 | tcp | |
| N/A | 10.127.0.197:445 | tcp | |
| N/A | 10.127.0.198:445 | tcp | |
| N/A | 10.127.0.199:445 | tcp | |
| N/A | 10.127.0.200:445 | tcp | |
| N/A | 10.127.0.201:445 | tcp | |
| N/A | 10.127.0.202:445 | tcp | |
| N/A | 10.127.0.203:445 | tcp | |
| N/A | 10.127.0.204:445 | tcp | |
| N/A | 10.127.0.205:445 | tcp | |
| N/A | 10.127.0.206:445 | tcp | |
| N/A | 10.127.0.207:445 | tcp | |
| N/A | 10.127.0.208:445 | tcp | |
| N/A | 10.127.0.209:445 | tcp | |
| N/A | 10.127.0.210:445 | tcp | |
| N/A | 10.127.0.211:445 | tcp | |
| N/A | 10.127.0.212:445 | tcp | |
| N/A | 10.127.0.213:445 | tcp | |
| N/A | 10.127.0.214:445 | tcp | |
| N/A | 10.127.0.215:445 | tcp | |
| N/A | 10.127.0.216:445 | tcp | |
| N/A | 10.127.0.217:445 | tcp | |
| N/A | 10.127.0.218:445 | tcp | |
| N/A | 10.127.0.219:445 | tcp | |
| N/A | 10.127.0.220:445 | tcp | |
| N/A | 10.127.0.221:445 | tcp | |
| N/A | 10.127.0.222:445 | tcp | |
| N/A | 10.127.0.223:445 | tcp | |
| N/A | 10.127.0.224:445 | tcp | |
| N/A | 10.127.0.225:445 | tcp | |
| N/A | 10.127.0.226:445 | tcp | |
| N/A | 10.127.0.227:445 | tcp | |
| N/A | 10.127.0.228:445 | tcp | |
| N/A | 10.127.0.229:445 | tcp | |
| N/A | 10.127.0.230:445 | tcp | |
| N/A | 10.127.0.231:445 | tcp | |
| N/A | 10.127.0.232:445 | tcp | |
| N/A | 10.127.0.233:445 | tcp | |
| N/A | 10.127.0.234:445 | tcp | |
| N/A | 10.127.0.235:445 | tcp | |
| N/A | 10.127.0.236:445 | tcp | |
| N/A | 10.127.0.237:445 | tcp | |
| N/A | 10.127.0.238:445 | tcp | |
| N/A | 10.127.0.239:445 | tcp | |
| N/A | 10.127.0.240:445 | tcp | |
| N/A | 10.127.0.241:445 | tcp | |
| N/A | 10.127.0.242:445 | tcp | |
| N/A | 10.127.0.243:445 | tcp | |
| N/A | 10.127.0.244:445 | tcp | |
| N/A | 10.127.0.245:445 | tcp | |
| N/A | 10.127.0.246:445 | tcp | |
| N/A | 10.127.0.247:445 | tcp | |
| N/A | 10.127.0.248:445 | tcp | |
| N/A | 10.127.0.249:445 | tcp | |
| N/A | 10.127.0.250:445 | tcp | |
| N/A | 10.127.0.251:445 | tcp | |
| N/A | 10.127.0.252:445 | tcp | |
| N/A | 10.127.0.253:445 | tcp | |
| N/A | 10.127.0.254:445 | tcp |
Files
C:\Program Files (x86)\readme.txt
| MD5 | df7b95b1555951e1c1095ec1a913f78a |
| SHA1 | 076812ba99a65a76f6510824f9317c85b7a65bdb |
| SHA256 | 15ac17280f7e4b43eb21c090792465494eede0937897c271eb1cc14733dc371e |
| SHA512 | b85bee418326445ed0efd217cb92432138ad63b46ff41d98a85d2af648698448f1680a320669ec4d1a735c8a40d5747983652d02fafc5c9737747e659f4f8e30 |