Malware Analysis Report

2025-04-03 19:49

Sample ID 241110-gsytxs1fle
Target 7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N
SHA256 7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9
Tags
discovery persistence upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9

Threat Level: Likely malicious

The file 7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence upx

Drops file in Drivers directory

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Network Share Discovery

Network Service Discovery

Adds Run key to start application

Enumerates processes with tasklist

UPX packed file

Launches sc.exe

System Location Discovery: System Language Discovery

System Network Configuration Discovery: Internet Connection Discovery

Unsigned PE

System Network Connections Discovery

Enumerates physical storage devices

Gathers system information

Suspicious behavior: LoadsDriver

Gathers network information

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies registry key

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 06:04

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 06:04

Reported

2024-11-10 06:06

Platform

win7-20240903-en

Max time kernel

118s

Max time network

75s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\hfile.sys C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Run\netwiz = "C:\\ProgramData\\Identities\\netwiz.exe" C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A

Network Service Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\ARP.EXE N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\ARP.EXE N/A

Network Share Discovery

discovery

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ipconfig.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ROUTE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ipconfig.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\systeminfo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Identities\netwiz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zivsuokcjr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\NETSTAT.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ARP.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ROUTE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ARP.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\PING.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\NETSTAT.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\PING.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\systeminfo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

System Network Connections Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A

Gathers system information

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\systeminfo.exe N/A
N/A N/A C:\Windows\SysWOW64\systeminfo.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
N/A N/A C:\ProgramData\Identities\bfcinfo.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2616 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe C:\Users\Admin\AppData\Local\Temp\zivsuokcjr.exe
PID 2616 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe C:\Users\Admin\AppData\Local\Temp\zivsuokcjr.exe
PID 2616 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe C:\Users\Admin\AppData\Local\Temp\zivsuokcjr.exe
PID 2616 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe C:\Users\Admin\AppData\Local\Temp\zivsuokcjr.exe
PID 2616 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe
PID 2616 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe
PID 2616 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe
PID 2616 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe
PID 2712 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\ProgramData\Identities\bfcinfo.exe
PID 2712 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\ProgramData\Identities\bfcinfo.exe
PID 2712 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\ProgramData\Identities\bfcinfo.exe
PID 2712 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\ProgramData\Identities\bfcinfo.exe
PID 2084 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\zivsuokcjr.exe C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe
PID 2084 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\zivsuokcjr.exe C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe
PID 2084 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\zivsuokcjr.exe C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe
PID 2084 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\zivsuokcjr.exe C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe
PID 2712 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2540 wrote to memory of 2700 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\systeminfo.exe
PID 2540 wrote to memory of 2700 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\systeminfo.exe
PID 2540 wrote to memory of 2700 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\systeminfo.exe
PID 2540 wrote to memory of 2700 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\systeminfo.exe
PID 2712 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 1728 wrote to memory of 868 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1728 wrote to memory of 868 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1728 wrote to memory of 868 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1728 wrote to memory of 868 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2712 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 1568 wrote to memory of 292 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 1568 wrote to memory of 292 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 1568 wrote to memory of 292 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 1568 wrote to memory of 292 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 2712 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2632 wrote to memory of 3004 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 2632 wrote to memory of 3004 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 2632 wrote to memory of 3004 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 2632 wrote to memory of 3004 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 2712 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2356 wrote to memory of 2988 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ROUTE.EXE
PID 2356 wrote to memory of 2988 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ROUTE.EXE
PID 2356 wrote to memory of 2988 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ROUTE.EXE
PID 2356 wrote to memory of 2988 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ROUTE.EXE
PID 2712 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2712 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe C:\Windows\SysWOW64\cmd.exe
PID 2944 wrote to memory of 1112 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ARP.EXE
PID 2944 wrote to memory of 1112 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ARP.EXE
PID 2944 wrote to memory of 1112 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ARP.EXE
PID 2944 wrote to memory of 1112 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ARP.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe

"C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe"

C:\Users\Admin\AppData\Local\Temp\zivsuokcjr.exe

"C:\Users\Admin\AppData\Local\Temp\zivsuokcjr.exe" "C:\Users\Admin\AppData\Local\Temp\qbesinyyta.exe" "C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe"

C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe

C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe

C:\ProgramData\Identities\bfcinfo.exe

"C:\ProgramData\Identities\bfcinfo.exe"

C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe

"C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe"

C:\Windows\SysWOW64\cmd.exe

/c systeminfo

C:\Windows\SysWOW64\systeminfo.exe

systeminfo

C:\Windows\SysWOW64\cmd.exe

/c "tasklist /v"

C:\Windows\SysWOW64\tasklist.exe

tasklist /v

C:\Windows\SysWOW64\cmd.exe

/c "netstat -ano"

C:\Windows\SysWOW64\NETSTAT.EXE

netstat -ano

C:\Windows\SysWOW64\cmd.exe

/c "ipconfig /all"

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /all

C:\Windows\SysWOW64\cmd.exe

/c "route print"

C:\Windows\SysWOW64\ROUTE.EXE

route print

C:\Windows\SysWOW64\cmd.exe

/c "arp -a"

C:\Windows\SysWOW64\ARP.EXE

arp -a

C:\Windows\SysWOW64\cmd.exe

/c "reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

C:\Windows\SysWOW64\reg.exe

reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

C:\Windows\SysWOW64\cmd.exe

/c "net share"

C:\Windows\SysWOW64\net.exe

net share

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 share

C:\Windows\SysWOW64\cmd.exe

/c "ping server"

C:\Windows\SysWOW64\PING.EXE

ping server

C:\Windows\SysWOW64\cmd.exe

/c "sc query hfile.sys"

C:\Windows\SysWOW64\sc.exe

sc query hfile.sys

C:\Windows\system32\taskeng.exe

taskeng.exe {0D8AEE16-9723-4694-AA49-94D5A0371724} S-1-5-21-1488793075-819845221-1497111674-1000:UPNECVIU\Admin:Interactive:[1]

C:\ProgramData\Identities\netwiz.exe

C:\ProgramData\Identities\netwiz.exe

C:\Windows\SysWOW64\cmd.exe

/c systeminfo

C:\Windows\SysWOW64\systeminfo.exe

systeminfo

C:\Windows\SysWOW64\cmd.exe

/c "tasklist /v"

C:\Windows\SysWOW64\tasklist.exe

tasklist /v

C:\Windows\SysWOW64\cmd.exe

/c "netstat -ano"

C:\Windows\SysWOW64\NETSTAT.EXE

netstat -ano

C:\Windows\SysWOW64\cmd.exe

/c "ipconfig /all"

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /all

C:\Windows\SysWOW64\cmd.exe

/c "route print"

C:\Windows\SysWOW64\ROUTE.EXE

route print

C:\Windows\SysWOW64\cmd.exe

/c "arp -a"

C:\Windows\SysWOW64\ARP.EXE

arp -a

C:\Windows\SysWOW64\cmd.exe

/c "reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

C:\Windows\SysWOW64\reg.exe

reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

C:\Windows\SysWOW64\cmd.exe

/c "net share"

C:\Windows\SysWOW64\net.exe

net share

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 share

C:\Windows\SysWOW64\cmd.exe

/c "ping server"

C:\Windows\SysWOW64\PING.EXE

ping server

C:\Windows\SysWOW64\cmd.exe

/c "sc query hfile.sys"

C:\Windows\SysWOW64\sc.exe

sc query hfile.sys

Network

Country Destination Domain Proto
N/A 10.127.0.1:445 tcp
N/A 10.127.0.2:445 tcp
N/A 10.127.0.4:445 tcp
N/A 10.127.0.5:445 tcp
N/A 10.127.0.11:445 tcp
N/A 10.127.0.10:445 tcp
N/A 10.127.0.3:445 tcp
N/A 10.127.0.6:445 tcp
N/A 10.127.0.7:445 tcp
N/A 10.127.0.8:445 tcp
N/A 10.127.0.9:445 tcp
N/A 10.127.0.12:445 tcp
N/A 10.127.0.13:445 tcp
N/A 10.127.0.14:445 tcp
N/A 10.127.0.15:445 tcp
N/A 10.127.0.16:445 tcp
N/A 10.127.0.17:445 tcp
N/A 10.127.0.27:445 tcp
N/A 10.127.0.18:445 tcp
N/A 10.127.0.19:445 tcp
N/A 10.127.0.20:445 tcp
N/A 10.127.0.21:445 tcp
N/A 10.127.0.22:445 tcp
N/A 10.127.0.23:445 tcp
N/A 10.127.0.24:445 tcp
N/A 10.127.0.34:445 tcp
N/A 10.127.0.25:445 tcp
N/A 10.127.0.26:445 tcp
N/A 10.127.0.28:445 tcp
N/A 10.127.0.29:445 tcp
N/A 10.127.0.39:445 tcp
N/A 10.127.0.30:445 tcp
N/A 10.127.0.41:445 tcp
N/A 10.127.0.31:445 tcp
N/A 10.127.0.32:445 tcp
N/A 10.127.0.42:445 tcp
N/A 10.127.0.33:445 tcp
N/A 10.127.0.43:445 tcp
N/A 10.127.0.35:445 tcp
N/A 10.127.0.36:445 tcp
N/A 10.127.0.37:445 tcp
N/A 10.127.0.47:445 tcp
N/A 10.127.0.38:445 tcp
N/A 10.127.0.50:445 tcp
N/A 10.127.0.40:445 tcp
N/A 10.127.0.44:445 tcp
N/A 10.127.0.45:445 tcp
N/A 10.127.0.46:445 tcp
N/A 10.127.0.48:445 tcp
N/A 10.127.0.49:445 tcp
N/A 10.127.0.51:445 tcp
N/A 10.127.0.61:445 tcp
N/A 10.127.0.52:445 tcp
N/A 10.127.0.53:445 tcp
N/A 10.127.0.54:445 tcp
N/A 10.127.0.55:445 tcp
N/A 10.127.0.56:445 tcp
N/A 10.127.0.57:445 tcp
N/A 10.127.0.58:445 tcp
N/A 10.127.0.59:445 tcp
N/A 10.127.0.69:445 tcp
N/A 10.127.0.60:445 tcp
N/A 10.127.0.70:445 tcp
N/A 10.127.0.71:445 tcp
N/A 10.127.0.62:445 tcp
N/A 10.127.0.63:445 tcp
N/A 10.127.0.74:445 tcp
N/A 10.127.0.64:445 tcp
N/A 10.127.0.65:445 tcp
N/A 10.127.0.66:445 tcp
N/A 10.127.0.67:445 tcp
N/A 10.127.0.68:445 tcp
N/A 10.127.0.79:445 tcp
N/A 10.127.0.78:445 tcp
N/A 10.127.0.72:445 tcp
N/A 10.127.0.73:445 tcp
N/A 10.127.0.75:445 tcp
N/A 10.127.0.76:445 tcp
N/A 10.127.0.77:445 tcp
N/A 10.127.0.80:445 tcp
N/A 10.127.0.81:445 tcp
N/A 10.127.0.82:445 tcp
N/A 10.127.0.92:445 tcp
N/A 10.127.0.83:445 tcp
N/A 10.127.0.94:445 tcp
N/A 10.127.0.84:445 tcp
N/A 10.127.0.85:445 tcp
N/A 10.127.0.95:445 tcp
N/A 10.127.0.86:445 tcp
N/A 10.127.0.96:445 tcp
N/A 10.127.0.87:445 tcp
N/A 10.127.0.88:445 tcp
N/A 10.127.0.89:445 tcp
N/A 10.127.0.90:445 tcp
N/A 10.127.0.91:445 tcp
N/A 10.127.0.103:445 tcp
N/A 10.127.0.93:445 tcp
N/A 10.127.0.97:445 tcp
N/A 10.127.0.98:445 tcp
N/A 10.127.0.108:445 tcp
N/A 10.127.0.109:445 tcp
N/A 10.127.0.100:445 tcp
N/A 10.127.0.101:445 tcp
N/A 10.127.0.102:445 tcp
N/A 10.127.0.104:445 tcp
N/A 10.127.0.105:445 tcp
N/A 10.127.0.106:445 tcp
N/A 10.127.0.107:445 tcp
N/A 10.127.0.110:445 tcp
N/A 10.127.0.111:445 tcp
N/A 10.127.0.112:445 tcp
N/A 10.127.0.113:445 tcp
N/A 10.127.0.123:445 tcp
N/A 10.127.0.114:445 tcp
N/A 10.127.0.125:445 tcp
N/A 10.127.0.115:445 tcp
N/A 10.127.0.116:445 tcp
N/A 10.127.0.117:445 tcp
N/A 10.127.0.128:445 tcp
N/A 10.127.0.118:445 tcp
N/A 10.127.0.119:445 tcp
N/A 10.127.0.120:445 tcp
N/A 10.127.0.121:445 tcp
N/A 10.127.0.122:445 tcp
N/A 10.127.0.132:445 tcp
N/A 10.127.0.134:445 tcp
N/A 10.127.0.124:445 tcp
N/A 10.127.0.126:445 tcp
N/A 10.127.0.127:445 tcp
N/A 10.127.0.137:445 tcp
N/A 10.127.0.129:445 tcp
N/A 10.127.0.130:445 tcp
N/A 10.127.0.131:445 tcp
N/A 10.127.0.133:445 tcp
N/A 10.127.0.135:445 tcp
N/A 10.127.0.145:445 tcp
N/A 10.127.0.136:445 tcp
N/A 10.127.0.138:445 tcp
N/A 10.127.0.139:445 tcp
N/A 10.127.0.140:445 tcp
N/A 10.127.0.141:445 tcp
N/A 10.127.0.151:445 tcp
N/A 10.127.0.142:445 tcp
N/A 10.127.0.152:445 tcp
N/A 10.127.0.143:445 tcp
N/A 10.127.0.144:445 tcp
N/A 10.127.0.146:445 tcp
N/A 10.127.0.147:445 tcp
N/A 10.127.0.148:445 tcp
N/A 10.127.0.149:445 tcp
N/A 10.127.0.150:445 tcp
N/A 10.127.0.162:445 tcp
N/A 10.127.0.153:445 tcp
N/A 10.127.0.154:445 tcp
N/A 10.127.0.155:445 tcp
N/A 10.127.0.156:445 tcp
N/A 10.127.0.157:445 tcp
N/A 10.127.0.158:445 tcp
N/A 10.127.0.159:445 tcp
N/A 10.127.0.169:445 tcp
N/A 10.127.0.160:445 tcp
N/A 10.127.0.161:445 tcp
N/A 10.127.0.163:445 tcp
N/A 10.127.0.173:445 tcp
N/A 10.127.0.164:445 tcp
N/A 10.127.0.165:445 tcp
N/A 10.127.0.166:445 tcp
N/A 10.127.0.167:445 tcp
N/A 10.127.0.168:445 tcp
N/A 10.127.0.170:445 tcp
N/A 10.127.0.171:445 tcp
N/A 10.127.0.172:445 tcp
N/A 10.127.0.174:445 tcp
N/A 10.127.0.175:445 tcp
N/A 10.127.0.176:445 tcp
N/A 10.127.0.177:445 tcp
N/A 10.127.0.178:445 tcp
N/A 10.127.0.179:445 tcp
N/A 10.127.0.180:445 tcp
N/A 10.127.0.192:445 tcp
N/A 10.127.0.183:445 tcp
N/A 10.127.0.193:445 tcp
N/A 10.127.0.184:445 tcp
N/A 10.127.0.194:445 tcp
N/A 10.127.0.185:445 tcp
N/A 10.127.0.186:445 tcp
N/A 10.127.0.187:445 tcp
N/A 10.127.0.188:445 tcp
N/A 10.127.0.189:445 tcp
N/A 10.127.0.190:445 tcp
N/A 10.127.0.181:445 tcp
N/A 10.127.0.200:445 tcp
N/A 10.127.0.191:445 tcp
N/A 10.127.0.182:445 tcp
N/A 10.127.0.195:445 tcp
N/A 10.127.0.206:445 tcp
N/A 10.127.0.196:445 tcp
N/A 10.127.0.197:445 tcp
N/A 10.127.0.198:445 tcp
N/A 10.127.0.199:445 tcp
N/A 10.127.0.201:445 tcp
N/A 10.127.0.211:445 tcp
N/A 10.127.0.202:445 tcp
N/A 10.127.0.203:445 tcp
N/A 10.127.0.204:445 tcp
N/A 10.127.0.205:445 tcp
N/A 10.127.0.215:445 tcp
N/A 10.127.0.207:445 tcp
N/A 10.127.0.217:445 tcp
N/A 10.127.0.208:445 tcp
N/A 10.127.0.209:445 tcp
N/A 10.127.0.210:445 tcp
N/A 10.127.0.212:445 tcp
N/A 10.127.0.213:445 tcp
N/A 10.127.0.214:445 tcp
N/A 10.127.0.216:445 tcp
N/A 10.127.0.218:445 tcp
N/A 10.127.0.219:445 tcp
N/A 10.127.0.220:445 tcp
N/A 10.127.0.221:445 tcp
N/A 10.127.0.222:445 tcp
N/A 10.127.0.232:445 tcp
N/A 10.127.0.223:445 tcp
N/A 10.127.0.224:445 tcp
N/A 10.127.0.225:445 tcp
N/A 10.127.0.226:445 tcp
N/A 10.127.0.227:445 tcp
N/A 10.127.0.228:445 tcp
N/A 10.127.0.229:445 tcp
N/A 10.127.0.230:445 tcp
N/A 10.127.0.240:445 tcp
N/A 10.127.0.231:445 tcp
N/A 10.127.0.233:445 tcp
N/A 10.127.0.234:445 tcp
N/A 10.127.0.235:445 tcp
N/A 10.127.0.236:445 tcp
N/A 10.127.0.1:445 tcp
N/A 10.127.0.237:445 tcp
N/A 10.127.0.248:445 tcp
N/A 10.127.0.238:445 tcp
N/A 10.127.0.239:445 tcp
N/A 10.127.0.241:445 tcp
N/A 10.127.0.251:445 tcp
N/A 10.127.0.242:445 tcp
N/A 10.127.0.243:445 tcp
N/A 10.127.0.244:445 tcp
N/A 10.127.0.245:445 tcp
N/A 10.127.0.10:445 tcp
N/A 10.127.0.246:445 tcp
N/A 10.127.0.247:445 tcp
N/A 10.127.0.2:445 tcp
N/A 10.127.0.249:445 tcp
N/A 10.127.0.3:445 tcp
N/A 10.127.0.250:445 tcp
N/A 10.127.0.4:445 tcp
N/A 10.127.0.5:445 tcp
N/A 10.127.0.252:445 tcp
N/A 10.127.0.6:445 tcp
N/A 10.127.0.253:445 tcp
N/A 10.127.0.7:445 tcp
N/A 10.127.0.18:445 tcp
N/A 10.127.0.254:445 tcp
N/A 10.127.0.8:445 tcp
N/A 10.127.0.255:445 tcp
N/A 10.127.0.9:445 tcp
N/A 10.127.1.0:445 tcp
N/A 10.127.0.11:445 tcp
N/A 10.127.0.22:445 tcp
N/A 10.127.0.12:445 tcp
N/A 10.127.0.13:445 tcp
N/A 10.127.0.14:445 tcp
N/A 10.127.0.15:445 tcp
N/A 10.127.0.25:445 tcp
N/A 10.127.0.16:445 tcp
N/A 10.127.0.17:445 tcp
N/A 10.127.0.19:445 tcp
N/A 10.127.0.20:445 tcp
N/A 10.127.0.21:445 tcp
N/A 10.127.0.23:445 tcp
N/A 10.127.0.24:445 tcp
N/A 10.127.0.27:445 tcp
N/A 10.127.0.28:445 tcp
N/A 10.127.0.29:445 tcp
N/A 10.127.0.30:445 tcp
N/A 10.127.0.31:445 tcp
N/A 10.127.0.32:445 tcp
N/A 10.127.0.33:445 tcp
N/A 10.127.0.34:445 tcp
N/A 10.127.0.35:445 tcp
N/A 10.127.0.26:445 tcp
N/A 10.127.0.36:445 tcp
N/A 10.127.0.37:445 tcp
N/A 10.127.0.38:445 tcp
N/A 10.127.0.39:445 tcp
N/A 10.127.0.40:445 tcp
N/A 10.127.0.50:445 tcp
N/A 10.127.0.41:445 tcp
N/A 10.127.0.51:445 tcp
N/A 10.127.0.42:445 tcp
N/A 10.127.0.52:445 tcp
N/A 10.127.0.43:445 tcp
N/A 10.127.0.53:445 tcp
N/A 10.127.0.44:445 tcp
N/A 10.127.0.45:445 tcp
N/A 10.127.0.46:445 tcp
N/A 10.127.0.47:445 tcp
N/A 10.127.0.48:445 tcp
N/A 10.127.0.49:445 tcp
N/A 10.127.0.56:445 tcp
N/A 10.127.0.67:445 tcp
N/A 10.127.0.57:445 tcp
N/A 10.127.0.58:445 tcp
N/A 10.127.0.68:445 tcp
N/A 10.127.0.59:445 tcp
N/A 10.127.0.69:445 tcp
N/A 10.127.0.60:445 tcp
N/A 10.127.0.61:445 tcp
N/A 10.127.0.62:445 tcp
N/A 10.127.0.63:445 tcp
N/A 10.127.0.54:445 tcp
N/A 10.127.0.64:445 tcp
N/A 10.127.0.55:445 tcp
N/A 10.127.0.65:445 tcp
N/A 10.127.0.66:445 tcp
N/A 10.127.0.76:445 tcp
N/A 10.127.0.70:445 tcp
N/A 10.127.0.80:445 tcp
N/A 10.127.0.71:445 tcp
N/A 10.127.0.72:445 tcp
N/A 10.127.0.73:445 tcp
N/A 10.127.0.75:445 tcp
N/A 10.127.0.85:445 tcp
N/A 10.127.0.77:445 tcp
N/A 10.127.0.78:445 tcp
N/A 10.127.0.88:445 tcp
N/A 10.127.0.79:445 tcp
N/A 10.127.0.81:445 tcp
N/A 10.127.0.82:445 tcp
N/A 10.127.0.83:445 tcp
N/A 10.127.0.74:445 tcp
N/A 10.127.0.84:445 tcp
N/A 10.127.0.95:445 tcp
N/A 10.127.0.86:445 tcp
N/A 10.127.0.87:445 tcp
N/A 10.127.0.89:445 tcp
N/A 10.127.0.90:445 tcp
N/A 10.127.0.91:445 tcp
N/A 10.127.0.92:445 tcp
N/A 10.127.0.102:445 tcp
N/A 10.127.0.93:445 tcp
N/A 10.127.0.94:445 tcp
N/A 10.127.0.96:445 tcp
N/A 10.127.0.106:445 tcp
N/A 10.127.0.97:445 tcp
N/A 10.127.0.98:445 tcp
N/A 10.127.0.100:445 tcp
N/A 10.127.0.101:445 tcp
N/A 10.127.0.103:445 tcp
N/A 10.127.0.104:445 tcp
N/A 10.127.0.105:445 tcp
N/A 10.127.0.107:445 tcp
N/A 10.127.0.108:445 tcp
N/A 10.127.0.109:445 tcp
N/A 10.127.0.110:445 tcp
N/A 10.127.0.111:445 tcp
N/A 10.127.0.112:445 tcp
N/A 10.127.0.113:445 tcp
N/A 10.127.0.114:445 tcp
N/A 10.127.0.115:445 tcp
N/A 10.127.0.116:445 tcp
N/A 10.127.0.117:445 tcp
N/A 10.127.0.118:445 tcp
N/A 10.127.0.128:445 tcp
N/A 10.127.0.119:445 tcp
N/A 10.127.0.120:445 tcp
N/A 10.127.0.130:445 tcp
N/A 10.127.0.121:445 tcp
N/A 10.127.0.122:445 tcp
N/A 10.127.0.123:445 tcp
N/A 10.127.0.124:445 tcp
N/A 10.127.0.125:445 tcp
N/A 10.127.0.126:445 tcp
N/A 10.127.0.127:445 tcp
N/A 10.127.0.129:445 tcp
N/A 10.127.0.140:445 tcp
N/A 10.127.0.131:445 tcp
N/A 10.127.0.141:445 tcp
N/A 10.127.0.132:445 tcp
N/A 10.127.0.143:445 tcp
N/A 10.127.0.133:445 tcp
N/A 10.127.0.134:445 tcp
N/A 10.127.0.135:445 tcp
N/A 10.127.0.136:445 tcp
N/A 10.127.0.146:445 tcp
N/A 10.127.0.137:445 tcp
N/A 10.127.0.147:445 tcp
N/A 10.127.0.138:445 tcp
N/A 10.127.0.148:445 tcp
N/A 10.127.0.139:445 tcp
N/A 10.127.0.142:445 tcp
N/A 10.127.0.152:445 tcp
N/A 10.127.0.144:445 tcp
N/A 10.127.0.145:445 tcp
N/A 10.127.0.149:445 tcp
N/A 10.127.0.150:445 tcp
N/A 10.127.0.151:445 tcp
N/A 10.127.0.161:445 tcp
N/A 10.127.0.162:445 tcp
N/A 10.127.0.153:445 tcp
N/A 10.127.0.154:445 tcp
N/A 10.127.0.155:445 tcp
N/A 10.127.0.156:445 tcp
N/A 10.127.0.157:445 tcp
N/A 10.127.0.158:445 tcp
N/A 10.127.0.159:445 tcp
N/A 10.127.0.160:445 tcp
N/A 10.127.0.170:445 tcp
N/A 10.127.0.171:445 tcp
N/A 10.127.0.163:445 tcp
N/A 10.127.0.164:445 tcp
N/A 10.127.0.174:445 tcp
N/A 10.127.0.165:445 tcp
N/A 10.127.0.166:445 tcp
N/A 10.127.0.167:445 tcp
N/A 10.127.0.177:445 tcp
N/A 10.127.0.168:445 tcp
N/A 10.127.0.169:445 tcp
N/A 10.127.0.172:445 tcp
N/A 10.127.0.173:445 tcp
N/A 10.127.0.175:445 tcp
N/A 10.127.0.176:445 tcp
N/A 10.127.0.178:445 tcp
N/A 10.127.0.188:445 tcp
N/A 10.127.0.179:445 tcp
N/A 10.127.0.180:445 tcp
N/A 10.127.0.181:445 tcp
N/A 10.127.0.182:445 tcp
N/A 10.127.0.183:445 tcp
N/A 10.127.0.184:445 tcp
N/A 10.127.0.185:445 tcp
N/A 10.127.0.186:445 tcp
N/A 10.127.0.187:445 tcp
N/A 10.127.0.189:445 tcp
N/A 10.127.0.190:445 tcp
N/A 10.127.0.191:445 tcp
N/A 10.127.0.192:445 tcp
N/A 10.127.0.193:445 tcp
N/A 10.127.0.194:445 tcp
N/A 10.127.0.195:445 tcp
N/A 10.127.0.196:445 tcp
N/A 10.127.0.197:445 tcp
N/A 10.127.0.207:445 tcp
N/A 10.127.0.198:445 tcp
N/A 10.127.0.199:445 tcp
N/A 10.127.0.200:445 tcp
N/A 10.127.0.201:445 tcp
N/A 10.127.0.202:445 tcp
N/A 10.127.0.203:445 tcp
N/A 10.127.0.204:445 tcp
N/A 10.127.0.214:445 tcp
N/A 10.127.0.205:445 tcp
N/A 10.127.0.206:445 tcp
N/A 10.127.0.208:445 tcp
N/A 10.127.0.218:445 tcp
N/A 10.127.0.209:445 tcp
N/A 10.127.0.210:445 tcp
N/A 10.127.0.211:445 tcp
N/A 10.127.0.212:445 tcp
N/A 10.127.0.213:445 tcp
N/A 10.127.0.215:445 tcp
N/A 10.127.0.225:445 tcp
N/A 10.127.0.216:445 tcp
N/A 10.127.0.226:445 tcp
N/A 10.127.0.217:445 tcp
N/A 10.127.0.219:445 tcp
N/A 10.127.0.220:445 tcp
N/A 10.127.0.221:445 tcp
N/A 10.127.0.222:445 tcp
N/A 10.127.0.223:445 tcp
N/A 10.127.0.224:445 tcp
N/A 10.127.0.227:445 tcp
N/A 10.127.0.228:445 tcp
N/A 10.127.0.229:445 tcp
N/A 10.127.0.230:445 tcp
N/A 10.127.0.231:445 tcp
N/A 10.127.0.232:445 tcp
N/A 10.127.0.242:445 tcp
N/A 10.127.0.233:445 tcp
N/A 10.127.0.234:445 tcp
N/A 10.127.0.235:445 tcp
N/A 10.127.0.236:445 tcp
N/A 10.127.0.237:445 tcp
N/A 10.127.0.238:445 tcp
N/A 10.127.0.239:445 tcp
N/A 10.127.0.240:445 tcp
N/A 10.127.0.241:445 tcp
N/A 10.127.0.243:445 tcp
N/A 10.127.0.244:445 tcp
N/A 10.127.0.255:445 tcp
N/A 10.127.0.245:445 tcp
N/A 10.127.0.246:445 tcp
N/A 10.127.1.0:445 tcp
N/A 10.127.0.247:445 tcp
N/A 10.127.0.248:445 tcp
N/A 10.127.0.249:445 tcp
N/A 10.127.0.250:445 tcp
N/A 10.127.0.251:445 tcp
N/A 10.127.0.252:445 tcp
N/A 10.127.0.253:445 tcp
N/A 10.127.0.254:445 tcp

Files

\Users\Admin\AppData\Local\Temp\zivsuokcjr.exe

MD5 6dcffb3265fd77fe158d3f5add751933
SHA1 72298838677c87daca885d39d0227a6ae3531812
SHA256 4deea5f53cecd04364ac0d6ecdc97e5c3909fe85ab72df8a0be2c93acbe70d21
SHA512 d901570626d889c4e5e4e5e16340dd5af67864b277d06ac8eea46b1deff876a363cdafde9ee99954a39c3b71e032b8048077a83ddb96e65356ee5bb82f6198bf

memory/2616-11-0x00000000009E0000-0x00000000009F3000-memory.dmp

memory/2084-13-0x0000000000AD0000-0x0000000000AE3000-memory.dmp

memory/2616-7-0x00000000009E0000-0x00000000009F3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\qbesinyyta.exe

MD5 29071cec246ff32c45ecb793a87b89cd
SHA1 bc0c159a7471cdb603bab4e0d9c84bebce95177b
SHA256 895e6de58b7911602a855df2f50af3da8b62262a8c325314c99b6cb7b07e61fd
SHA512 b983962ed8e9f947c76824de7af5f72a8a5d163440c0db26af765f8353939ffdbf98bf20dbdaecafdc6ca672c563acc578a54d10099b6c54a5a404e5cd182a5e

C:\Users\Admin\AppData\Local\Temp\dypshfafpw.exe

MD5 ab8da511c456e5e3f72f1af2cda84651
SHA1 64b56af80fcaf2de6d0cb1859fcfbc677b06f9da
SHA256 e6743de7d8521cb5d92e7b10cf0b41aa2d38c2912d3f24b678eb5d9a0f52ffd9
SHA512 e7cbfd5deddf8e5393ee963da4ce7e587aaa92e8aee689c21417d0d5082b42ad382073241fb9c1759c20228d62fb1f9f95a28cb820495b6cdbaaaf4e86a52ee3

memory/2616-22-0x0000000002EA0000-0x0000000002FFB000-memory.dmp

memory/2712-25-0x0000000000F40000-0x000000000109B000-memory.dmp

memory/2712-35-0x00000000001F0000-0x0000000000228000-memory.dmp

\ProgramData\Identities\bfcinfo.exe

MD5 668b4d9effb6a2d47e64106de04998a4
SHA1 b3e02a79c72fb0abe60c950e933b37c7c6a8ccf5
SHA256 c04341676f8b868e630de0eea760215375e020dee53cfdb86b30cf4751946385
SHA512 e276ce1972af7f87bd3572a36a9ba4a2bda5655e74acc66dde0b299189b827088079d72e9e111b822f3906db7eb1281593ed1b5133b638a68f9dcf5b99c85c28

memory/2372-43-0x0000000000120000-0x0000000000158000-memory.dmp

memory/2084-59-0x0000000000AD0000-0x0000000000AE3000-memory.dmp

memory/2616-84-0x0000000002EA0000-0x0000000002FFB000-memory.dmp

memory/2712-85-0x0000000000F40000-0x000000000109B000-memory.dmp

memory/2712-86-0x00000000001F0000-0x0000000000228000-memory.dmp

memory/2712-90-0x00000000001F0000-0x0000000000228000-memory.dmp

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 7d563f30e4ccd85c31791d4a6fadcba7
SHA1 45dba4df6f7b73498e772ce9d0f5914f92d75165
SHA256 dfdec49dcd0370daad96a95ade406721d688c00f71abbf7f7d10edebc837de7f
SHA512 1452db4684b7dcddf4fda2fe71be747fb5bd1f2c1d78a47d07d4e532fb161edeb4d86b8ffdd645f829112126b0d989c5eb62306cebfae9660de5209cef19c6cd

memory/2372-113-0x0000000000120000-0x0000000000158000-memory.dmp

memory/2712-111-0x0000000000F40000-0x000000000109B000-memory.dmp

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 e414aa6f10af1465b3113696e609a1b5
SHA1 b9404c96fd430c7fb04b6ef3c34477fa1b8ab39a
SHA256 24d6d5dc6523481107585e48362320ebf1e301de0f6ee46b5ed4bb409800a504
SHA512 c26205fd001cb439f8f199d3541133944502b29a290efd835bcb7fb498312b31421cfd0f661339d2af80ec3a2b4265a8a626b22682622a929ece89957fe6aca7

memory/328-172-0x0000000000C00000-0x0000000000D5B000-memory.dmp

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 da42a8349fedf5d94b79eeae7654575f
SHA1 c38b6844c77acba7928bfd47a5201e60cf560094
SHA256 72b0fd401a61d24416e02b646ff4caa8ad7c1395e1987314fa41676c3ae12277
SHA512 74e0540d78189115d88760a23f15d4ea64fc25f48663f2143eee4837cfdafd8e841f27688f91b19428c9e336cd56fc58291befbe7380a85ead5ac8792d1d7e4b

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 c8905628e9c7d8266eca960d2c173f07
SHA1 d70e4871fce1e2098a7b630a56d8d0da83bc3fe5
SHA256 1487bb2458771cbe7780b4c26fc2915c649eef781db9b66d1c95004cc934a366
SHA512 fff00cbeb684864c09181e53cb774ce396f906678ada0d68b30fe78775bf50be0af395dd84d7adbe350d6afec98fd36252d8df85ee92290e7e333cbbcc45f9b5

memory/2712-207-0x0000000000F40000-0x000000000109B000-memory.dmp

memory/328-270-0x0000000000C00000-0x0000000000D5B000-memory.dmp

C:\ProgramData\MediaCache\S-UPNECVIU-20241110_060443.rtt

MD5 0351fcf941ecd728ffea3c095182feaa
SHA1 25606bd53271c5554ef086e0302044db34dd10ad
SHA256 b48e8f16704f3deefbfdfd870aa9ccc66e474bd0d7660234fa3c66c37afb418d
SHA512 f87ad8cdf84c06f875d9300896184785405cef97f679ce9bfad0844fb5553b2d13b82ecdf00c6703133d2f5a50b436dee1051ec689a84538f06889b8712819b1

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 469133edd7b4e0016165ea906cecaf01
SHA1 347fa75c48455d0673a2ffaf7341b23b8c739632
SHA256 46884338421491aa2c973511ec019eac890447cf954a0e095ebf467e05a9e38e
SHA512 5b6f2cd1056b3e0863f760f504d1826fea87997b89c366888c91cba66a439bfd3a63a2f69a524efd632752548815c156f3a97918490d61ec9186f956f3d86279

C:\ProgramData\MediaCache\F__-20241110_060452.rtt

MD5 498ebc7c3c2031c9cd3a965110cfee45
SHA1 bb199eb946d9b627fad1d751de899f3d0eceeec2
SHA256 2d2dfbb476d71942e1d6c446352e588ff9265d9e206e08e30b27ce40dfe423f0
SHA512 d6bdda2d0da8206000650e7bb9a3a71223a2a448e85c28b7b40588efe50f9fb7633d3e667918cbc951823807c0273225efac2a652113c4ee77064dd042589fed

C:\ProgramData\MediaCache\D__-20241110_060452.rtt

MD5 03a16a0f9ebb4db05bed45aa764aa2ba
SHA1 201835e267153b674bc6e64a0af9a5ff4ccdf9bf
SHA256 a57dbbfd62cc181b95bc1a08db150b197840f479030efadd0e9a895800026107
SHA512 8b29b84ec76c74d7339b6b57754e5e9c965c137bf19323309c2c0043281954e4a8c22afa383c4f6fabc4b6117a4095d904048f5d5ab67d113e9bc8579b365ecf

C:\ProgramData\MediaCache\C__Users_Admin_Desktop-20241110_060452.rtt

MD5 4cfbbbdf142e045fa9f99ce418cc6c1d
SHA1 a177df0a10d73165f012a0d89b7b9d8a956ba43f
SHA256 bdf3e04614293c77a5a9aeaddbf85a5c45969ea3918d9ceac89dc4b819357286
SHA512 4399b3396ce95157e4f1e0a7d0b7090ca071d6f31b52619557ac0a401b0ce53086e6b8d8e48bc7b8d71ea89610249d2c84f44aeedda408a3c413aa6524bfd3e3

C:\ProgramData\MediaCache\C__ProgramData-20241110_060452.rtt

MD5 5547aba74421160be4400414c442aa15
SHA1 d57f944c68bb926c74d3101f96067b57cac39fe7
SHA256 11f382479a651ce315741f887f7e06ef3a97f7f16992f30b01596f26987f6b69
SHA512 5b76e2eaba51ff44633212b80a990d202f75add0c7d96b3ca75a8b2d50d85a1fe8f4e0b58a33beaad90e68e216fcbac7059447c15382cfbe59cc0dea3de5a27e

C:\ProgramData\MediaCache\C__Program Files (x86)-20241110_060452.rtt

MD5 741896d5b2bee1ccbdaeb1b617166a3b
SHA1 d4767802de8b8244a440523694f0f58f9fc415ed
SHA256 7826fdf19bb5aae5b92bd04d14ad21bdeacd6784bb51444614ee057c754633e8
SHA512 50b9e8d9a735c59e35cc9d8400179cd0013420b8a065a424dc54f65a3ded1703e0f7c20ad3f08f6f83e0015e74e556565256698f80d933dd750fe1e6c20fede0

memory/2372-297-0x0000000000120000-0x0000000000158000-memory.dmp

memory/2712-319-0x0000000000F40000-0x000000000109B000-memory.dmp

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 e1a2cc18eaee7c5814cc79a7b136d8bb
SHA1 d126232d3d62412da2591a5f003e15ff61a15840
SHA256 e6bb2e43afe4f0b8a4eb9d180943c5baddfea1664821a8b53cd5ea532db23a30
SHA512 89ea06ca3bc1936066befa455946d376df5bcbb423c2e34d993fff51f3c55fe0a8570bdb311ea2cff4a5e09c974883458deca7b795b61d1e98f825a56e099bab

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 b5236d3a8177de6a378472c92dafe363
SHA1 016489d2b847e85a36bf3b610e802475d9fc04b6
SHA256 615beafe01259ce4bb94a4a72e917e2ab9377924740690a08cd6495e17a23c8f
SHA512 64c4b065af4f36be751ff837b0b3bfe1cc8b3afdd631df540dc57bcdf36fdc70edb6091d00dad9c16196259358e2b6390c0fe97f7a0dbdb0df1a16d0694dcbe3

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 f5629655b764555c59ebf623164b92e8
SHA1 c2460838ca74d87a71a2b0259cebd8d8c5bdf995
SHA256 74f27bdb3c64070f97f57a852b4e5b1fde0c52ad6b2473bad87204f2f5b0a899
SHA512 21ce1e222c948f8de83a312689cca59dd0bf37bbfff5367c0d57ed7e2880a21a4b7c3640f048098db763ad6486f51920891955689674264912638ded7e20e2c5

memory/328-476-0x0000000000C00000-0x0000000000D5B000-memory.dmp

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 47a1d7e2aa369e4569baa514643141ba
SHA1 25481fdfd2a26f3ec780cdd24ff5e76c8df06aa6
SHA256 ec5babca5ec4bf2e84c6f6ccbc500418fd670a1e30d4a56fd7e383e07684a711
SHA512 6439d135fdce163478cf9d70a7d1e26d0aa363a49da9c1e77325495c952b7c0eb3b6d3719d9f97fca03a3b044de6076033425100d2320c76a4fcad5d34cab94e

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 69b09f42b7c2d32c07744a46ec0637d1
SHA1 0312c982e9feb5c8550245b465a84e499587c144
SHA256 8fe833eb807c0355f8c5b447b0e49165a7daa2ffac1e1a034747f8e496eef172
SHA512 c2e68ddb54e7163d72d5152b4ed89e23058758c869b4d224ae2a8674ac25b56cd3ecbb396ffe0837cb9560d9f18670d8fe9f1a6ba5808ae624e3d2d872154d30

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 aea13c44a9f8ca0e0049def97123ebed
SHA1 f12739af273a9bb9dc91288dd118918b2ecffb26
SHA256 c05c996e579d0a4978ef804b3bce9b2c661df8ecbdd4580704c19afebb4da4ff
SHA512 09ecd4f2478ff19a3fc28a3ed06b0dc198fb200f0967dddc326a166463492f37afae892d626127ead1df61b77dbedd474025daf15beadfac577e2e40a0e942c2

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 68ca633a301a3a69b5201ed11aec692e
SHA1 8a0b30c34a493215efabd4b6d5426ab7454e1262
SHA256 d98f3c86181159361f2a4afc74afc24130962861c31cda2015198b452113bdaf
SHA512 f1b775e9bea174f9a657c1ff0d813f8c0488a30c7591f71568cfb96c992b4c49417f7942e7cff50c374a7723177e180862ae753dfce3fe8b680ddaa8c8eaf02a

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 f36518c05cf2e65ea60dea1c82487157
SHA1 40c8a636035dec6879bee2d8eddffc08644a1bab
SHA256 33077966790adc6293f9ec0d827ab7f6e3ef8cd6743e80aab656abee94913352
SHA512 cc0a88451b059ff5e705aed1a0c1bd967b4f5a6ca74dcce7b92fba49fd1d1b2d08897f7b4283524cd011b3d7dd947b9e0f582c01bca86e672f103162c040de18

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 8150e1f636d294cd8c3a2185c240d9c7
SHA1 22ce8bbb9309213f06295210c48cd0d11a492f46
SHA256 53eae0d7b518b4a70c8548c621579ba67ed65a3fe31667c48c8755a602d5e80d
SHA512 cd1f02077d9de105962da49a6620c0923cafcec9141b5e98b832bf767e6640de77d8617982507435838579dc3465956a0d4973874ca9ab94e1cc8aa216213a24

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 ccb9aa7c1fece1800aecca1d0cd8564b
SHA1 55aed9f3b8ce3d49264264d0f2b3fd0dd0cca7a2
SHA256 ffb9ded8ba14c8e51940829a2b1e2acc66893f28c837f61e8522a1eadbdb90fd
SHA512 967a132f7c7a57a659570ce5a526c8c9b1ed461cb37eadddf9471f4a3ea7d0cbc7fae963301245be73bb07e695c5fa27c07a5b9ff0a3bc1b0bbb2b9e63d07b88

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 44f8fe6417f42184f3f91f1d4dc015bc
SHA1 9a9574513e6375955804d5691e828c9568b6f03d
SHA256 826fee8d2e3e168a5ff2a75fa9f8caa0099e9e7bb2ccdb63a6deee667e8fb4e6
SHA512 8ee636dbfdf1b7642c9cb9766429e4d3fab600db742b109133ee3e7e6d8a312304621f0795017a14321eb0a2de71a565048f546f176d3b2760d319c973ce82ae

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 19c22aa252df86cf945c788d19b8b79b
SHA1 39b646915b243fba691686ec1214b0152903c5b9
SHA256 2cd14bf79bf2ab7ca07bdcf3f831b169acfb5bf9b390baedd9a4c6fbe4eb57a5
SHA512 302e5e81531aa105cd39a6a8d273d7a9f078d6dc3b2083734a9983e470f53b22a46b7e1eae968a5d88e154ef05231b4ed0a39ff4eb8652a44a1cd619b9508fe1

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 d15a5c918ac4fd9df1069c815c0f6dfc
SHA1 328206a75441a28132409d56d208077620fed943
SHA256 86fa51cee39b15ef25d283a2553c9d0a22c078ccb16a41c7247774a523320fec
SHA512 c8bc5c38ac768ba5f91ed990eddb65179ea181b09bc892e6feb0d7cbe1c49cd2d613cdd6383e405f5875300bbd9cf6fbca60fbe1d6bb8ccfb0ab2c8607773699

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 4ee4ae8e1d0b704afddd3ec5f43ec60d
SHA1 73b06fa787b3c4980392b520913ee1c098602f5a
SHA256 5ff649e31b4989527d9c3e29c91818b6b1726bcdd682745b51f9d1bd135af6d3
SHA512 59c878230a4ae93b8788dc77a36fc4c07d97f48bc0a9c1d70217ae764a7a6ffd5475a09804cebc48e6a59f8c0b1cc1891d94396ea007e9941c00e8ec8518b0dd

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 f46d5210bfd1b6f3bbef60cf96edb354
SHA1 3bd919e4304d8092cfd91bb9bb73637a7bad6c25
SHA256 cc3edb01b072816d2fc16519091e02f4c2c90e91cc0a986429f5087be7ad7560
SHA512 f06df6a37b5253d325550e93b001e3271663184ee1383eea3e47325de64c4ae119dfdcc89e1f5d1a1eb1c886020f2abba1ea871a14646268a5495e170dbea76a

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 46529e8bf33b791f016957bc48ee98d2
SHA1 a1a40f1fcd253bb72f903c937c21a8f78043f10e
SHA256 52beea4845d5176b4b6e2843b55989e4e43d36b9a01aa318d297d6eb6cdf6d1f
SHA512 58efbfa26fe3eb86dd19c8a31049f4b3718fde5976e024a1849097fdd24453073835029509af307771c95ef53469295fab6b2a75983dc51439a997730402d941

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 033c11ac4153f2c19280ccf8240992a9
SHA1 a566435afa3c5a449ff77f998d6cf2fb4a4090f5
SHA256 8516cce6478c4e03382727ba00c7d2f94ef97b053b9ff9d8cd5280b31292ff29
SHA512 e8a2e64bcca293cc9e4bc5a2d562d2059b854de6895ac1b805a6fd627a7258c375067c20df3dffb0622555dcb141350ff8bf07381d2ba57a15acdd08d8354d17

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 7407430b99f1b1af98066f0d9026232e
SHA1 c291e1cc46b32451ec9361d55f08a7e26c36b83c
SHA256 6855c0b1a261332ab91d52a21b6eca1e1b64e999850837cdcede302b0b4284ee
SHA512 5d3598e77b67d50f234cee094e5d7e20c07aa319e1f455a78258fda623e1a84e85a8a3882e3d91fa32048f82eeea384ea96a949c7e7870bddd092fc85c86839b

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 90f472e371a08798923a611df180496f
SHA1 0059640d755bd9e4fc3281fe56497dce0f7039f4
SHA256 e2a4d46b764878551922c1ec79e86423800aa0002ef147ac42dffd328ff42256
SHA512 053e33184c3c7f39cfa5443ddff2022ed7e4c2de1825a1a6a573e1e20a72d3b809991c52383dcf1a4ec2d300dcc8de1cd4400c39ffdbb441e54a6f7a0284ee82

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 b03cc2663b367d73f77ab38dce8df48c
SHA1 13e8ed9f0a03b3e18711013ea4ff492f41a62fbf
SHA256 8e9c3edb73416075cd46a749fc476006a39b3f9511bd66eb42e84a8ff625f6be
SHA512 073dc266e98e228bedd43bca0a235f13162829d2201021e3c609c68511c1f391249c60c2845dcc6af62921a5226548242af98b5fe0695d1def22cd889b70869f

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 365bffc99e2dffa9adf400b0c8f37ab3
SHA1 e4476b024390c71804a803167f0c2132b701c7dc
SHA256 8a7c2d348542c7a680eecccdebfa59a0e177fd4d5b61daf2dfd140665a39e9fe
SHA512 f3b9cac975abd237c12cb60146226cb1c10c2ba2f6a4098513e9294ba0ec329983d965fb17642c0d1dc013f63bc40eaef273b7a94a690a7169d6b030b9c482c7

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 7b3ed873e424139909cfb9c1362ad683
SHA1 ec4a92abdee6c112a3fc71ff4982138e260c8ae9
SHA256 c3c826d3fd4e5a304dc51a490ae9448a1071c2b5ced708d66358ec098a16e6c7
SHA512 1353d143ad3a1a2fc39aaccf672a22250228163c391c542aca3d821e62fed464b8f9cae7cc0e0277f333315adba9a197f7a4a485a8f1055aba4f26b39becdd20

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 648f4750ddb98b15b98d68fcaf5c064d
SHA1 09045961db3c8dcabab107b007e6853de3f1efb4
SHA256 17178e6b56bf2fba8860ea444d40ba2f4d0a501648e8271031e1a5a68d8f7235
SHA512 b4ff74a5a90497f1c437c70abd9f7856a20fcfe903cf5fc20985e53ec2769440e76f46d556e1db1a9d841280873cad1050ddafd86b7f236af84350ffc2facc17

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 fb3e7cbd6d20b669e31750ee255ead1d
SHA1 e3f673c76bc83074c82ae208459cb61682e3a3a9
SHA256 3c3d1396a07faf41bbf9c44b68a2a6913180c1393e1b9445cf49fa48b6268845
SHA512 cf09ddb70dfc53cc110cc8ad7b993c0a73dccb2f0788e789124210b156b01bf511f7d68e1438b77c89f4399aebefc441ba6bd8d08f83830ac1820b51e355d712

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 9872223b0e56ca01282c8f987a20b33f
SHA1 434c4c7e557b276a669582a6f7e93a2666061a18
SHA256 b111e29e5c9924a5f4dbd498a32877a8fbb3dbf88a021d86efdcc77b701b7056
SHA512 c4d4d1e55fa22edeb3e83dc61414802de898cdf70f28258361a86369b29236af56e92da0c212ead3ecc4261586e68391f57c3f1b5d768f0006ef1b9596359c91

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 d9d92332612e3bf0fac1482986aa9380
SHA1 acce03c6c65fca112854d7c09e291abc32c1a015
SHA256 149bdbd27fc87165df1c34cb34c7e80e427e473b4a2613bd3c2734115bff5039
SHA512 188c988ef3e15c5416afb76a9a43b30d104494da034da6e2f6cc0b428acb86180df038ae71612c29709d55101e785e01a0e4eef75225c3f0987aaa00168e038b

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 8b571f7d714f02cdb11ba34221e50e1a
SHA1 052118e56241b4f3b3dc065302496178c735985a
SHA256 4131f9f57bbaa5f507063f71e0163303ebdad04a4e1144017b5ab2753e7cd112
SHA512 c934323f804b3f60458b40c4ffb7ece09931e8f72619d548699f93079b708c1781f3935a9d5c49fc33873e2b0219920a8847200c11bbb505f3473cb1eb115117

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 75f105517cfe9c02d434c8a8f3b4c4b5
SHA1 b907b88b756c918380711158df63ae00465ecc46
SHA256 a35997afb87831c168472b236905505b85f90ecf6bd913e105f967e12d9401b9
SHA512 60ccffdcbc50c1680954a1994ff3b69ce51d61df3b623aaabae7dc786265625c2ad951bec9750a117c2a84d6bee9e888ecd1d859411b925e0a86c087dde8b955

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 775e34af3513cad5eba1722e0eba95e9
SHA1 dc6eb235fe02f43565e9a11ba94bb1ef303ec0b8
SHA256 284da088cb56b2234220644e79710b7b02e35deda566d5393d57d7e4b4a74a55
SHA512 71f6018c36b0c1b2fdee3b6f7809997cc9902b214c6c04d6e5ed6ff894624e65ee40ba5ae2f5f172029afd199de93e4960a20838c09eb60631426ef0e5eee0c3

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 d292057be776e57b4d63426a62022c19
SHA1 1e75d21bf231f677be1172e2f00fe07325b8f6ea
SHA256 62bbcd103b73d8e91d679ca399db3356d7e4b5218b45509f7614a292eb69f495
SHA512 19a4b64bbd9c2d79a2c6d927df1b75ce5784e1b91bf887b0b704e0fda9fd4539843a9c393f441be966f5d4b3f7e192a5a1bd0ca0858306ecad3c89dcf6638e40

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 49ca0e9edb095acc03a4c6b58cc90604
SHA1 175237e094c2bff94a4fde76cb0954b9e4f23091
SHA256 64827e61ee95c87fc562f8b8d6dd5875a9c4c58f53e66c2576f791472b625b09
SHA512 c91d3c82b7c762cea1a08b559a30b0c1923d8cf51d6835adf2ba6f08ba0112583eb31d63f0b7cfe2eb4a6fd993987f424e71aabbd65668db6461d1779f9df0ff

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 61f78cff2b141e7c098d917c49597684
SHA1 7acab9779843cdce404b5f5238922a964075736c
SHA256 37e6af7e8bebc59dfc8270afe5bb462ea6507ab4fad7702c705c611f77a0fda5
SHA512 ddc841e8775d4177e20905dc54ea8a297461d4c7b3c8f227cba96b7b1e87b633a37b0a7089ab4112d472431bcb7d5986fb2802ab98069db4777ea694e5f4ecc0

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 af3b534ca785f1d4b0e1762e1d069504
SHA1 5221a673be96b2de47e245bf1f7906238eb90f13
SHA256 129534135e965d32aaba6144058ec3c647200f09aceb859dfc41f9e8e54f0656
SHA512 023b65531e1126f55f7f06d17f0053e4d3119547ba2a72e737e66eda9bb6f79ec498b7e940c0a1fe377ad62e075c146b72b7f7ed98bcf73f076af5132552e04f

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 5ef131c1f73bccfe198f59350bd163fe
SHA1 d62fd50a3bae4b834d1b7ed47920b7c83f764dbf
SHA256 1cff9c9d0989e11aa5677331f59414378178926372e69121037200b3b4bcdba5
SHA512 d01379954003323608b4a9f1d3b3f75e01397dec19c3a849b72a595877ac5b119da82ad49500c68c0cda7c343c4b9c3baaa2edd1931fb189ddb87c13bbc86ed9

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 fe5b067cbf77e1078d7dda6eddf23aa9
SHA1 1b1a559317867da1823f5da0dc152e57ea04f3b2
SHA256 47d0e287fbd86ea9e1d53f8288f6160532d1763189c0573395375d4a18de0b7b
SHA512 ea5c2fe79f8c4a3f83d6728667f1d24f3a516dffb68f616b4ebf5e68c940fdc822ba7bb1c8ebca2ca24976554b5b35a8ba7ad43fb5538467b3371fca1c8482b9

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 1c9be8cba9fe2996e82c0cb627e1f7d5
SHA1 cfa485492854b06121d99131dc246f879df0938b
SHA256 1e1269c60d2c900d7164c8419cf2568c02fffd1c8ec8a77230a499421974cb06
SHA512 6e490ccb4bc3c30dc9d7d4c938503f6ad13b661c0ada842537f90ac5d196a8e83381e69c24f59b0f32a8f68808df080e94be3b9b03a4edb5c431b4105b12310e

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 5379ebfe753b4476b65b283a677ed78b
SHA1 fbc51e8a068bed7534a50ec31d52750b5aa46d80
SHA256 c4c2c2cdf11ec053897d9951939dadaea7be702eb6f091d271abebaeceaf1b05
SHA512 d13a33db886829ffaca3f1e3d4be0af7cd5a8066691182ec4a201e5dd23dbfef16a596abbe3c078e725fc75d51fbf12298264e55cd7b0b35cca78ee5fa39967c

memory/2712-572-0x0000000000F40000-0x000000000109B000-memory.dmp

memory/328-707-0x0000000000C00000-0x0000000000D5B000-memory.dmp

memory/2712-760-0x0000000000F40000-0x000000000109B000-memory.dmp

memory/328-894-0x0000000000C00000-0x0000000000D5B000-memory.dmp

memory/2712-960-0x0000000000F40000-0x000000000109B000-memory.dmp

memory/328-1068-0x0000000000C00000-0x0000000000D5B000-memory.dmp

memory/328-1161-0x0000000000C00000-0x0000000000D5B000-memory.dmp

memory/328-1239-0x0000000000C00000-0x0000000000D5B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 06:04

Reported

2024-11-10 06:06

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\hfile.sys C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\splfivvolm.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netwiz = "C:\\ProgramData\\Identities\\netwiz.exe" C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A

Network Service Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\ARP.EXE N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\ARP.EXE N/A

Network Share Discovery

discovery

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\PING.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\NETSTAT.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ipconfig.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ROUTE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\wscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\wscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Identities\netwiz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\systeminfo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\splfivvolm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\PING.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ARP.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\systeminfo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ROUTE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ARP.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\wscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Identities\bfcinfo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\NETSTAT.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ipconfig.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

System Network Connections Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A

Gathers system information

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\systeminfo.exe N/A
N/A N/A C:\Windows\SysWOW64\systeminfo.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\ProgramData\Identities\bfcinfo.exe N/A
N/A N/A C:\ProgramData\Identities\bfcinfo.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A
N/A N/A C:\ProgramData\Identities\netwiz.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Identities\netwiz.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1552 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe C:\Users\Admin\AppData\Local\Temp\splfivvolm.exe
PID 1552 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe C:\Users\Admin\AppData\Local\Temp\splfivvolm.exe
PID 1552 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe C:\Users\Admin\AppData\Local\Temp\splfivvolm.exe
PID 1552 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe C:\Users\Admin\AppData\Local\Temp\blridincwk.exe
PID 1552 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe C:\Users\Admin\AppData\Local\Temp\blridincwk.exe
PID 1552 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe C:\Users\Admin\AppData\Local\Temp\blridincwk.exe
PID 912 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\ProgramData\Identities\bfcinfo.exe
PID 912 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\ProgramData\Identities\bfcinfo.exe
PID 912 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\ProgramData\Identities\bfcinfo.exe
PID 912 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 912 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 912 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 4052 wrote to memory of 5100 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\systeminfo.exe
PID 4052 wrote to memory of 5100 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\systeminfo.exe
PID 4052 wrote to memory of 5100 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\systeminfo.exe
PID 3744 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\splfivvolm.exe C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe
PID 3744 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\splfivvolm.exe C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe
PID 3744 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\splfivvolm.exe C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe
PID 912 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 912 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 912 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 4896 wrote to memory of 3600 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 4896 wrote to memory of 3600 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 4896 wrote to memory of 3600 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 912 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 912 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 912 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 2044 wrote to memory of 4064 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 2044 wrote to memory of 4064 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 2044 wrote to memory of 4064 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 912 wrote to memory of 3368 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 912 wrote to memory of 3368 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 912 wrote to memory of 3368 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 3368 wrote to memory of 5064 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 3368 wrote to memory of 5064 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 3368 wrote to memory of 5064 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ipconfig.exe
PID 912 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 912 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 912 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 2120 wrote to memory of 1940 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ROUTE.EXE
PID 2120 wrote to memory of 1940 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ROUTE.EXE
PID 2120 wrote to memory of 1940 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ROUTE.EXE
PID 912 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 912 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 912 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 1892 wrote to memory of 412 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ARP.EXE
PID 1892 wrote to memory of 412 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ARP.EXE
PID 1892 wrote to memory of 412 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ARP.EXE
PID 912 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 912 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 912 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 1544 wrote to memory of 2944 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1544 wrote to memory of 2944 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1544 wrote to memory of 2944 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 912 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 912 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 912 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe
PID 3968 wrote to memory of 1056 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\net.exe
PID 3968 wrote to memory of 1056 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\net.exe
PID 3968 wrote to memory of 1056 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\net.exe
PID 1056 wrote to memory of 2732 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 1056 wrote to memory of 2732 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 1056 wrote to memory of 2732 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 912 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\blridincwk.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe

"C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe"

C:\Users\Admin\AppData\Local\Temp\splfivvolm.exe

"C:\Users\Admin\AppData\Local\Temp\splfivvolm.exe" "C:\Users\Admin\AppData\Local\Temp\fwxpxpkaiu.exe" "C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe"

C:\Users\Admin\AppData\Local\Temp\blridincwk.exe

C:\Users\Admin\AppData\Local\Temp\blridincwk.exe

C:\ProgramData\Identities\bfcinfo.exe

"C:\ProgramData\Identities\bfcinfo.exe"

C:\Windows\SysWOW64\cmd.exe

/c systeminfo

C:\Windows\SysWOW64\systeminfo.exe

systeminfo

C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe

"C:\Users\Admin\AppData\Local\Temp\7836a9c30d894b7156eec2cc645ce88119717690a51192f160e5c9de848547c9N.exe"

C:\Windows\SysWOW64\cmd.exe

/c "tasklist /v"

C:\Windows\SysWOW64\tasklist.exe

tasklist /v

C:\Windows\SysWOW64\cmd.exe

/c "netstat -ano"

C:\Windows\SysWOW64\NETSTAT.EXE

netstat -ano

C:\Windows\SysWOW64\cmd.exe

/c "ipconfig /all"

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /all

C:\Windows\SysWOW64\cmd.exe

/c "route print"

C:\Windows\SysWOW64\ROUTE.EXE

route print

C:\Windows\SysWOW64\cmd.exe

/c "arp -a"

C:\Windows\SysWOW64\ARP.EXE

arp -a

C:\Windows\SysWOW64\cmd.exe

/c "reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

C:\Windows\SysWOW64\reg.exe

reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

C:\Windows\SysWOW64\cmd.exe

/c "net share"

C:\Windows\SysWOW64\net.exe

net share

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 share

C:\Windows\SysWOW64\cmd.exe

/c "ping server"

C:\Windows\SysWOW64\PING.EXE

ping server

C:\Windows\SysWOW64\cmd.exe

/c "sc query hfile.sys"

C:\Windows\SysWOW64\sc.exe

sc query hfile.sys

C:\Windows\SysWOW64\wscript.exe

C:\Windows\System32\wscript.exe C:\Users\Admin\AppData\Roaming\Microsoft\Word\winword.vbs C:\Users\Admin\AppData\Roaming\Microsoft\Word

C:\Windows\SysWOW64\wscript.exe

C:\Windows\System32\wscript.exe C:\Users\Admin\AppData\Roaming\Microsoft\Word\winword.vbs C:\Users\Admin\AppData\Roaming\Microsoft\Word

C:\Windows\SysWOW64\wscript.exe

C:\Windows\System32\wscript.exe C:\Users\Admin\AppData\Roaming\Microsoft\Word\winword.vbs C:\Users\Admin\AppData\Roaming\Microsoft\Word

C:\ProgramData\Identities\netwiz.exe

C:\ProgramData\Identities\netwiz.exe

C:\Windows\SysWOW64\cmd.exe

/c systeminfo

C:\Windows\SysWOW64\systeminfo.exe

systeminfo

C:\Windows\SysWOW64\cmd.exe

/c "tasklist /v"

C:\Windows\SysWOW64\tasklist.exe

tasklist /v

C:\Windows\SysWOW64\cmd.exe

/c "netstat -ano"

C:\Windows\SysWOW64\NETSTAT.EXE

netstat -ano

C:\Windows\SysWOW64\cmd.exe

/c "ipconfig /all"

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /all

C:\Windows\SysWOW64\cmd.exe

/c "route print"

C:\Windows\SysWOW64\ROUTE.EXE

route print

C:\Windows\SysWOW64\cmd.exe

/c "arp -a"

C:\Windows\SysWOW64\ARP.EXE

arp -a

C:\Windows\SysWOW64\cmd.exe

/c "reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

C:\Windows\SysWOW64\reg.exe

reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

C:\Windows\SysWOW64\cmd.exe

/c "net share"

C:\Windows\SysWOW64\net.exe

net share

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 share

C:\Windows\SysWOW64\cmd.exe

/c "ping server"

C:\Windows\SysWOW64\PING.EXE

ping server

C:\Windows\SysWOW64\cmd.exe

/c "sc query hfile.sys"

C:\Windows\SysWOW64\sc.exe

sc query hfile.sys

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 104.209.201.84.in-addr.arpa udp
N/A 10.127.0.1:445 tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 10.127.0.8:445 tcp
N/A 10.127.0.1:139 tcp
N/A 10.127.0.10:445 tcp
N/A 10.127.0.2:445 tcp
N/A 10.127.0.3:445 tcp
N/A 10.127.0.4:445 tcp
N/A 10.127.0.5:445 tcp
N/A 10.127.0.6:445 tcp
N/A 10.127.0.7:445 tcp
N/A 10.127.0.8:139 tcp
N/A 10.127.0.9:445 tcp
N/A 10.127.0.10:139 tcp
N/A 10.127.0.11:445 tcp
N/A 10.127.0.12:445 tcp
N/A 10.127.0.2:139 tcp
N/A 10.127.0.13:445 tcp
N/A 10.127.0.3:139 tcp
N/A 10.127.0.4:139 tcp
N/A 10.127.0.14:445 tcp
N/A 10.127.0.5:139 tcp
N/A 10.127.0.15:445 tcp
N/A 10.127.0.16:445 tcp
N/A 10.127.0.6:139 tcp
N/A 10.127.0.7:139 tcp
N/A 10.127.0.17:445 tcp
N/A 10.127.0.18:445 tcp
N/A 10.127.0.19:445 tcp
N/A 10.127.0.9:139 tcp
N/A 10.127.0.20:445 tcp
N/A 10.127.0.11:139 tcp
N/A 10.127.0.12:139 tcp
N/A 10.127.0.32:445 tcp
N/A 10.127.0.23:445 tcp
N/A 10.127.0.13:139 tcp
N/A 10.127.0.24:445 tcp
N/A 10.127.0.14:139 tcp
N/A 10.127.0.15:139 tcp
N/A 10.127.0.25:445 tcp
N/A 10.127.0.16:139 tcp
N/A 10.127.0.26:445 tcp
N/A 10.127.0.17:139 tcp
N/A 10.127.0.27:445 tcp
N/A 10.127.0.18:139 tcp
N/A 10.127.0.28:445 tcp
N/A 10.127.0.19:139 tcp
N/A 10.127.0.29:445 tcp
N/A 10.127.0.40:445 tcp
N/A 10.127.0.20:139 tcp
N/A 10.127.0.30:445 tcp
N/A 10.127.0.21:445 tcp
N/A 10.127.0.31:445 tcp
N/A 10.127.0.22:445 tcp
N/A 10.127.0.32:139 tcp
N/A 10.127.0.23:139 tcp
N/A 10.127.0.33:445 tcp
N/A 10.127.0.24:139 tcp
N/A 10.127.0.34:445 tcp
N/A 10.127.0.25:139 tcp
N/A 10.127.0.35:445 tcp
N/A 10.127.0.45:445 tcp
N/A 10.127.0.26:139 tcp
N/A 10.127.0.36:445 tcp
N/A 10.127.0.27:139 tcp
N/A 10.127.0.37:445 tcp
N/A 10.127.0.28:139 tcp
N/A 10.127.0.38:445 tcp
N/A 10.127.0.29:139 tcp
N/A 10.127.0.39:445 tcp
N/A 10.127.0.40:139 tcp
N/A 10.127.0.50:445 tcp
N/A 10.127.0.30:139 tcp
N/A 10.127.0.21:139 tcp
N/A 10.127.0.31:139 tcp
N/A 10.127.0.41:445 tcp
N/A 10.127.0.22:139 tcp
N/A 10.127.0.52:445 tcp
N/A 10.127.0.42:445 tcp
N/A 10.127.0.33:139 tcp
N/A 10.127.0.43:445 tcp
N/A 10.127.0.34:139 tcp
N/A 10.127.0.44:445 tcp
N/A 10.127.0.35:139 tcp
N/A 10.127.0.45:139 tcp
N/A 10.127.0.56:445 tcp
N/A 10.127.0.55:445 tcp
N/A 10.127.0.46:445 tcp
N/A 10.127.0.36:139 tcp
N/A 10.127.0.37:139 tcp
N/A 10.127.0.47:445 tcp
N/A 10.127.0.38:139 tcp
N/A 10.127.0.48:445 tcp
N/A 10.127.0.39:139 tcp
N/A 10.127.0.49:445 tcp
N/A 10.127.0.50:139 tcp
N/A 10.127.0.41:139 tcp
N/A 10.127.0.51:445 tcp
N/A 10.127.0.52:139 tcp
N/A 10.127.0.42:139 tcp
N/A 10.127.0.53:445 tcp
N/A 10.127.0.43:139 tcp
N/A 10.127.0.54:445 tcp
N/A 10.127.0.44:139 tcp
N/A 10.127.0.55:139 tcp
N/A 10.127.0.56:139 tcp
N/A 10.127.0.65:445 tcp
N/A 10.127.0.46:139 tcp
N/A 10.127.0.66:445 tcp
N/A 10.127.0.47:139 tcp
N/A 10.127.0.48:139 tcp
N/A 10.127.0.58:445 tcp
N/A 10.127.0.59:445 tcp
N/A 10.127.0.49:139 tcp
N/A 10.127.0.69:445 tcp
N/A 10.127.0.60:445 tcp
N/A 10.127.0.51:139 tcp
N/A 10.127.0.61:445 tcp
N/A 10.127.0.62:445 tcp
N/A 10.127.0.53:139 tcp
N/A 10.127.0.63:445 tcp
N/A 10.127.0.54:139 tcp
N/A 10.127.0.64:445 tcp
N/A 224.0.0.251:5353 udp
N/A 10.127.0.65:139 tcp
N/A 10.127.0.75:445 tcp
N/A 10.127.0.57:445 tcp
N/A 10.127.0.66:139 tcp
N/A 10.127.0.67:445 tcp
N/A 10.127.0.58:139 tcp
N/A 10.127.0.68:445 tcp
N/A 10.127.0.59:139 tcp
N/A 10.127.0.69:139 tcp
N/A 10.127.0.60:139 tcp
N/A 10.127.0.70:445 tcp
N/A 10.127.0.61:139 tcp
N/A 10.127.0.71:445 tcp
N/A 10.127.0.62:139 tcp
N/A 10.127.0.72:445 tcp
N/A 10.127.0.63:139 tcp
N/A 10.127.0.82:445 tcp
N/A 10.127.0.73:445 tcp
N/A 10.127.0.74:445 tcp
N/A 10.127.0.64:139 tcp
N/A 10.127.0.76:445 tcp
N/A 10.127.0.75:139 tcp
N/A 10.127.0.57:139 tcp
N/A 10.127.0.67:139 tcp
N/A 10.127.0.77:445 tcp
N/A 10.127.0.68:139 tcp
N/A 10.127.0.78:445 tcp
N/A 10.127.0.88:445 tcp
N/A 10.127.0.79:445 tcp
N/A 10.127.0.70:139 tcp
N/A 10.127.0.80:445 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
N/A 10.127.0.71:139 tcp
N/A 10.127.0.72:139 tcp
N/A 10.127.0.73:139 tcp
N/A 10.127.0.82:139 tcp
N/A 10.127.0.74:139 tcp
N/A 10.127.0.94:445 tcp
N/A 10.127.0.85:445 tcp
N/A 10.127.0.76:139 tcp
N/A 10.127.0.86:445 tcp
N/A 10.127.0.77:139 tcp
N/A 10.127.0.87:445 tcp
N/A 10.127.0.78:139 tcp
N/A 10.127.0.99:445 tcp
N/A 10.127.0.88:139 tcp
N/A 10.127.0.79:139 tcp
N/A 10.127.0.89:445 tcp
N/A 10.127.0.90:445 tcp
N/A 10.127.0.80:139 tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
N/A 10.127.0.81:445 tcp
N/A 10.127.0.1:445 tcp
N/A 10.127.0.91:445 tcp
N/A 10.127.0.92:445 tcp
N/A 10.127.0.83:445 tcp
N/A 10.127.0.93:445 tcp
N/A 10.127.0.84:445 tcp
N/A 10.127.0.94:139 tcp
N/A 10.127.0.85:139 tcp
N/A 10.127.0.95:445 tcp
N/A 10.127.0.86:139 tcp
N/A 10.127.0.96:445 tcp
N/A 10.127.0.87:139 tcp
N/A 10.127.0.97:445 tcp
N/A 10.127.0.98:445 tcp
N/A 10.127.0.99:139 tcp
N/A 10.127.0.108:445 tcp
N/A 10.127.0.89:139 tcp
N/A 10.127.0.90:139 tcp
N/A 10.127.0.100:445 tcp
N/A 10.127.0.81:139 tcp
N/A 10.127.0.101:445 tcp
N/A 10.127.0.91:139 tcp
N/A 10.127.0.92:139 tcp
N/A 10.127.0.102:445 tcp
N/A 10.127.0.2:445 tcp
N/A 10.127.0.83:139 tcp
N/A 10.127.0.93:139 tcp
N/A 10.127.0.84:139 tcp
N/A 10.127.0.103:445 tcp
N/A 10.127.0.3:445 tcp
N/A 10.127.0.104:445 tcp
N/A 10.127.0.4:445 tcp
N/A 10.127.0.95:139 tcp
N/A 10.127.0.5:445 tcp
N/A 10.127.0.105:445 tcp
N/A 10.127.0.115:445 tcp
N/A 10.127.0.96:139 tcp
N/A 10.127.0.106:445 tcp
N/A 10.127.0.6:445 tcp
N/A 10.127.0.97:139 tcp
N/A 10.127.0.7:445 tcp
N/A 10.127.0.107:445 tcp
N/A 10.127.0.98:139 tcp
N/A 10.127.0.108:139 tcp
N/A 10.127.0.117:445 tcp
N/A 10.127.0.8:445 tcp
N/A 10.127.0.118:445 tcp
N/A 10.127.0.109:445 tcp
N/A 10.127.0.9:445 tcp
N/A 10.127.0.100:139 tcp
N/A 10.127.0.110:445 tcp
N/A 10.127.0.10:445 tcp
N/A 10.127.0.101:139 tcp
N/A 10.127.0.111:445 tcp
N/A 10.127.0.11:445 tcp
N/A 10.127.0.102:139 tcp
N/A 10.127.0.12:445 tcp
N/A 10.127.0.112:445 tcp
N/A 10.127.0.113:445 tcp
N/A 10.127.0.103:139 tcp
N/A 10.127.0.104:139 tcp
N/A 10.127.0.13:445 tcp
N/A 10.127.0.14:445 tcp
N/A 10.127.0.114:445 tcp
N/A 10.127.0.105:139 tcp
N/A 10.127.0.115:139 tcp
N/A 10.127.0.106:139 tcp
N/A 10.127.0.15:445 tcp
N/A 10.127.0.116:445 tcp
N/A 10.127.0.16:445 tcp
N/A 10.127.0.107:139 tcp
N/A 10.127.0.17:445 tcp
N/A 10.127.0.117:139 tcp
N/A 10.127.0.118:139 tcp
N/A 10.127.0.109:139 tcp
N/A 10.127.0.18:445 tcp
N/A 10.127.0.19:445 tcp
N/A 10.127.0.119:445 tcp
N/A 10.127.0.120:445 tcp
N/A 10.127.0.110:139 tcp
N/A 10.127.0.20:445 tcp
N/A 10.127.0.121:445 tcp
N/A 10.127.0.111:139 tcp
N/A 10.127.0.21:445 tcp
N/A 10.127.0.122:445 tcp
N/A 10.127.0.22:445 tcp
N/A 10.127.0.112:139 tcp
N/A 10.127.0.113:139 tcp
N/A 10.127.0.23:445 tcp
N/A 10.127.0.124:445 tcp
N/A 10.127.0.24:445 tcp
N/A 10.127.0.114:139 tcp
N/A 10.127.0.25:445 tcp
N/A 10.127.0.125:445 tcp
N/A 10.127.0.116:139 tcp
N/A 10.127.0.126:445 tcp
N/A 10.127.0.26:445 tcp
N/A 10.127.0.128:445 tcp
N/A 10.127.0.28:445 tcp
N/A 10.127.0.39:445 tcp
N/A 10.127.0.129:445 tcp
N/A 10.127.0.29:445 tcp
N/A 10.127.0.119:139 tcp
N/A 10.127.0.40:445 tcp
N/A 10.127.0.120:139 tcp
N/A 10.127.0.130:445 tcp
N/A 10.127.0.30:445 tcp
N/A 10.127.0.31:445 tcp
N/A 10.127.0.32:445 tcp
N/A 10.127.0.33:445 tcp
N/A 10.127.0.34:445 tcp
N/A 10.127.0.121:139 tcp
N/A 10.127.0.131:445 tcp
N/A 10.127.0.122:139 tcp
N/A 10.127.0.132:445 tcp
N/A 10.127.0.123:445 tcp
N/A 10.127.0.133:445 tcp
N/A 10.127.0.144:445 tcp
N/A 10.127.0.124:139 tcp
N/A 10.127.0.134:445 tcp
N/A 10.127.0.35:445 tcp
N/A 10.127.0.135:445 tcp
N/A 10.127.0.125:139 tcp
N/A 10.127.0.126:139 tcp
N/A 10.127.0.36:445 tcp
N/A 10.127.0.127:445 tcp
N/A 10.127.0.136:445 tcp
N/A 10.127.0.27:445 tcp
N/A 10.127.0.146:445 tcp
N/A 10.127.0.37:445 tcp
N/A 10.127.0.137:445 tcp
N/A 10.127.0.47:445 tcp
N/A 10.127.0.128:139 tcp
N/A 10.127.0.138:445 tcp
N/A 10.127.0.38:445 tcp
N/A 10.127.0.129:139 tcp
N/A 10.127.0.139:445 tcp
N/A 10.127.0.149:445 tcp
N/A 10.127.0.130:139 tcp
N/A 10.127.0.140:445 tcp
N/A 10.127.0.41:445 tcp
N/A 10.127.0.141:445 tcp
N/A 10.127.0.131:139 tcp
N/A 10.127.0.132:139 tcp
N/A 10.127.0.142:445 tcp
N/A 10.127.0.42:445 tcp
N/A 10.127.0.123:139 tcp
N/A 10.127.0.53:445 tcp
N/A 10.127.0.52:445 tcp
N/A 10.127.0.133:139 tcp
N/A 10.127.0.43:445 tcp
N/A 10.127.0.143:445 tcp
N/A 10.127.0.144:139 tcp
N/A 10.127.0.153:445 tcp
N/A 10.127.0.134:139 tcp
N/A 10.127.0.44:445 tcp
N/A 10.127.0.154:445 tcp
N/A 10.127.0.45:445 tcp
N/A 10.127.0.145:445 tcp
N/A 10.127.0.135:139 tcp
N/A 10.127.0.46:445 tcp
N/A 10.127.0.127:139 tcp
N/A 10.127.0.136:139 tcp
N/A 10.127.0.146:139 tcp
N/A 10.127.0.156:445 tcp
N/A 10.127.0.147:445 tcp
N/A 10.127.0.137:139 tcp
N/A 10.127.0.148:445 tcp
N/A 10.127.0.48:445 tcp
N/A 10.127.0.138:139 tcp
N/A 10.127.0.139:139 tcp
N/A 10.127.0.49:445 tcp
N/A 10.127.0.50:445 tcp
N/A 10.127.0.51:445 tcp
N/A 10.127.0.149:139 tcp
N/A 10.127.0.150:445 tcp
N/A 10.127.0.140:139 tcp
N/A 10.127.0.141:139 tcp
N/A 10.127.0.151:445 tcp
N/A 10.127.0.142:139 tcp
N/A 10.127.0.152:445 tcp
N/A 10.127.0.63:445 tcp
N/A 10.127.0.143:139 tcp
N/A 10.127.0.153:139 tcp
N/A 10.127.0.54:445 tcp
N/A 10.127.0.154:139 tcp
N/A 10.127.0.145:139 tcp
N/A 10.127.0.155:445 tcp
N/A 10.127.0.55:445 tcp
N/A 10.127.0.56:445 tcp
N/A 10.127.0.156:139 tcp
N/A 10.127.0.147:139 tcp
N/A 10.127.0.157:445 tcp
N/A 10.127.0.57:445 tcp
N/A 10.127.0.148:139 tcp
N/A 10.127.0.58:445 tcp
N/A 10.127.0.59:445 tcp
N/A 10.127.0.159:445 tcp
N/A 10.127.0.150:139 tcp
N/A 10.127.0.160:445 tcp
N/A 10.127.0.60:445 tcp
N/A 10.127.0.170:445 tcp
N/A 10.127.0.151:139 tcp
N/A 10.127.0.161:445 tcp
N/A 10.127.0.61:445 tcp
N/A 10.127.0.152:139 tcp
N/A 10.127.0.62:445 tcp
N/A 10.127.0.162:445 tcp
N/A 10.127.0.163:445 tcp
N/A 10.127.0.164:445 tcp
N/A 10.127.0.64:445 tcp
N/A 10.127.0.65:445 tcp
N/A 10.127.0.155:139 tcp
N/A 10.127.0.165:445 tcp
N/A 10.127.0.166:445 tcp
N/A 10.127.0.66:445 tcp
N/A 10.127.0.77:445 tcp
N/A 10.127.0.67:445 tcp
N/A 10.127.0.157:139 tcp
N/A 10.127.0.167:445 tcp
N/A 10.127.0.158:445 tcp
N/A 10.127.0.177:445 tcp
N/A 10.127.0.68:445 tcp
N/A 10.127.0.69:445 tcp
N/A 10.127.0.168:445 tcp
N/A 10.127.0.70:445 tcp
N/A 10.127.0.159:139 tcp
N/A 10.127.0.169:445 tcp
N/A 10.127.0.160:139 tcp
N/A 10.127.0.170:139 tcp
N/A 10.127.0.161:139 tcp
N/A 10.127.0.171:445 tcp
N/A 10.127.0.71:445 tcp
N/A 10.127.0.72:445 tcp
N/A 10.127.0.172:445 tcp
N/A 10.127.0.162:139 tcp
N/A 10.127.0.182:445 tcp
N/A 10.127.0.163:139 tcp
N/A 10.127.0.73:445 tcp
N/A 10.127.0.173:445 tcp
N/A 10.127.0.164:139 tcp
N/A 10.127.0.174:445 tcp
N/A 10.127.0.74:445 tcp
N/A 10.127.0.165:139 tcp
N/A 10.127.0.185:445 tcp
N/A 10.127.0.166:139 tcp
N/A 10.127.0.76:445 tcp
N/A 10.127.0.176:445 tcp
N/A 10.127.0.186:445 tcp
N/A 10.127.0.86:445 tcp
N/A 10.127.0.167:139 tcp
N/A 10.127.0.158:139 tcp
N/A 10.127.0.177:139 tcp
N/A 10.127.0.168:139 tcp
N/A 10.127.0.169:139 tcp
N/A 10.127.0.179:445 tcp
N/A 10.127.0.180:445 tcp
N/A 10.127.0.80:445 tcp
N/A 10.127.0.90:445 tcp
N/A 10.127.0.171:139 tcp
N/A 10.127.0.81:445 tcp
N/A 10.127.0.181:445 tcp
N/A 10.127.0.91:445 tcp
N/A 10.127.0.172:139 tcp
N/A 10.127.0.82:445 tcp
N/A 10.127.0.182:139 tcp
N/A 10.127.0.93:445 tcp
N/A 10.127.0.173:139 tcp
N/A 10.127.0.183:445 tcp
N/A 10.127.0.83:445 tcp
N/A 10.127.0.174:139 tcp
N/A 10.127.0.184:445 tcp
N/A 10.127.0.84:445 tcp
N/A 10.127.0.75:445 tcp
N/A 10.127.0.175:445 tcp
N/A 10.127.0.85:445 tcp
N/A 10.127.0.185:139 tcp
N/A 10.127.0.176:139 tcp
N/A 10.127.0.87:445 tcp
N/A 10.127.0.78:445 tcp
N/A 10.127.0.97:445 tcp
N/A 10.127.0.88:445 tcp
N/A 10.127.0.79:445 tcp
N/A 10.127.0.186:139 tcp
N/A 10.127.0.187:445 tcp
N/A 10.127.0.178:445 tcp
N/A 10.127.0.188:445 tcp
N/A 10.127.0.179:139 tcp
N/A 10.127.0.189:445 tcp
N/A 10.127.0.89:445 tcp
N/A 10.127.0.180:139 tcp
N/A 10.127.0.190:445 tcp
N/A 10.127.0.181:139 tcp
N/A 10.127.0.191:445 tcp
N/A 10.127.0.92:445 tcp
N/A 10.127.0.192:445 tcp
N/A 10.127.0.183:139 tcp
N/A 10.127.0.193:445 tcp
N/A 10.127.0.94:445 tcp
N/A 10.127.0.184:139 tcp
N/A 10.127.0.194:445 tcp
N/A 10.127.0.175:139 tcp
N/A 10.127.0.195:445 tcp
N/A 10.127.0.95:445 tcp
N/A 10.127.0.96:445 tcp
N/A 10.127.0.196:445 tcp
N/A 10.127.0.187:139 tcp
N/A 10.127.0.197:445 tcp
N/A 10.127.0.178:139 tcp
N/A 10.127.0.198:445 tcp
N/A 10.127.0.188:139 tcp
N/A 10.127.0.98:445 tcp
N/A 10.127.0.208:445 tcp
N/A 10.127.0.189:139 tcp
N/A 10.127.0.199:445 tcp
N/A 10.127.0.99:445 tcp
N/A 10.127.0.190:139 tcp
N/A 10.127.0.200:445 tcp
N/A 10.127.0.100:445 tcp
N/A 10.127.0.191:139 tcp
N/A 10.127.0.201:445 tcp
N/A 10.127.0.101:445 tcp
N/A 10.127.0.192:139 tcp
N/A 10.127.0.202:445 tcp
N/A 10.127.0.102:445 tcp
N/A 10.127.0.193:139 tcp
N/A 10.127.0.203:445 tcp
N/A 10.127.0.103:445 tcp
N/A 10.127.0.194:139 tcp
N/A 10.127.0.204:445 tcp
N/A 10.127.0.104:445 tcp
N/A 10.127.0.195:139 tcp
N/A 10.127.0.205:445 tcp
N/A 10.127.0.105:445 tcp
N/A 10.127.0.106:445 tcp
N/A 10.127.0.196:139 tcp
N/A 10.127.0.206:445 tcp
N/A 10.127.0.197:139 tcp
N/A 10.127.0.207:445 tcp
N/A 10.127.0.107:445 tcp
N/A 10.127.0.198:139 tcp
N/A 10.127.0.108:445 tcp
N/A 10.127.0.208:139 tcp
N/A 10.127.0.199:139 tcp
N/A 10.127.0.209:445 tcp
N/A 10.127.0.109:445 tcp
US 8.8.8.8:53 8.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 10.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 2.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 3.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 4.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 5.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 6.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 7.0.127.10.in-addr.arpa udp
N/A 10.127.0.200:139 tcp
N/A 10.127.0.210:445 tcp
N/A 10.127.0.110:445 tcp
N/A 10.127.0.111:445 tcp
N/A 10.127.0.201:139 tcp
N/A 10.127.0.211:445 tcp
N/A 10.127.0.121:445 tcp
N/A 10.127.0.112:445 tcp
N/A 10.127.0.202:139 tcp
N/A 10.127.0.212:445 tcp
N/A 10.127.0.203:139 tcp
N/A 10.127.0.113:445 tcp
N/A 10.127.0.213:445 tcp
N/A 10.127.0.204:139 tcp
N/A 10.127.0.114:445 tcp
N/A 10.127.0.214:445 tcp
N/A 10.127.0.224:445 tcp
N/A 10.127.0.205:139 tcp
N/A 10.127.0.115:445 tcp
N/A 10.127.0.215:445 tcp
N/A 10.127.0.125:445 tcp
N/A 10.127.0.116:445 tcp
N/A 10.127.0.206:139 tcp
N/A 10.127.0.216:445 tcp
N/A 10.127.0.217:445 tcp
N/A 10.127.0.207:139 tcp
N/A 10.127.0.117:445 tcp
N/A 10.127.0.118:445 tcp
N/A 10.127.0.218:445 tcp
US 8.8.8.8:53 9.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 12.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 11.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 13.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 14.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 15.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 16.0.127.10.in-addr.arpa udp
N/A 10.127.0.209:139 tcp
N/A 10.127.0.119:445 tcp
N/A 10.127.0.219:445 tcp
N/A 10.127.0.210:139 tcp
N/A 10.127.0.120:445 tcp
N/A 10.127.0.220:445 tcp
N/A 10.127.0.211:139 tcp
N/A 10.127.0.221:445 tcp
N/A 10.127.0.232:445 tcp
N/A 10.127.0.212:139 tcp
N/A 10.127.0.222:445 tcp
N/A 10.127.0.122:445 tcp
N/A 10.127.0.133:445 tcp
N/A 10.127.0.213:139 tcp
N/A 10.127.0.223:445 tcp
N/A 10.127.0.123:445 tcp
N/A 10.127.0.124:445 tcp
N/A 10.127.0.214:139 tcp
N/A 10.127.0.224:139 tcp
N/A 10.127.0.215:139 tcp
N/A 10.127.0.225:445 tcp
N/A 10.127.0.126:445 tcp
N/A 10.127.0.216:139 tcp
N/A 10.127.0.226:445 tcp
N/A 10.127.0.217:139 tcp
N/A 10.127.0.236:445 tcp
N/A 10.127.0.136:445 tcp
N/A 10.127.0.127:445 tcp
N/A 10.127.0.227:445 tcp
N/A 10.127.0.228:445 tcp
N/A 10.127.0.128:445 tcp
N/A 10.127.0.137:445 tcp
US 8.8.8.8:53 18.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 17.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 20.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 19.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 32.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 23.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 25.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 24.0.127.10.in-addr.arpa udp
N/A 10.127.0.218:139 tcp
N/A 10.127.0.219:139 tcp
N/A 10.127.0.229:445 tcp
N/A 10.127.0.129:445 tcp
N/A 10.127.0.220:139 tcp
N/A 10.127.0.230:445 tcp
N/A 10.127.0.130:445 tcp
N/A 10.127.0.221:139 tcp
N/A 10.127.0.231:445 tcp
N/A 10.127.0.131:445 tcp
N/A 10.127.0.232:139 tcp
N/A 10.127.0.222:139 tcp
N/A 10.127.0.132:445 tcp
N/A 10.127.0.243:445 tcp
N/A 10.127.0.142:445 tcp
N/A 10.127.0.223:139 tcp
N/A 10.127.0.233:445 tcp
N/A 10.127.0.143:445 tcp
N/A 10.127.0.134:445 tcp
N/A 10.127.0.234:445 tcp
N/A 10.127.0.245:445 tcp
N/A 10.127.0.225:139 tcp
N/A 10.127.0.235:445 tcp
N/A 10.127.0.135:445 tcp
N/A 10.127.0.226:139 tcp
N/A 10.127.0.236:139 tcp
N/A 10.127.0.227:139 tcp
N/A 10.127.0.237:445 tcp
US 8.8.8.8:53 26.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 28.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 29.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 27.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 40.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 30.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 31.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 22.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 21.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 33.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 34.0.127.10.in-addr.arpa udp
N/A 10.127.0.228:139 tcp
N/A 10.127.0.238:445 tcp
N/A 10.127.0.138:445 tcp
N/A 10.127.0.229:139 tcp
N/A 10.127.0.239:445 tcp
N/A 10.127.0.139:445 tcp
N/A 10.127.0.230:139 tcp
N/A 10.127.0.240:445 tcp
N/A 10.127.0.140:445 tcp
N/A 10.127.0.231:139 tcp
N/A 10.127.0.141:445 tcp
N/A 10.127.0.241:445 tcp
N/A 10.127.0.242:445 tcp
N/A 10.127.0.243:139 tcp
N/A 10.127.0.233:139 tcp
N/A 10.127.0.234:139 tcp
N/A 10.127.0.144:445 tcp
N/A 10.127.0.245:139 tcp
N/A 10.127.0.235:139 tcp
N/A 10.127.0.145:445 tcp
N/A 10.127.0.146:445 tcp
N/A 10.127.0.246:445 tcp
US 8.8.8.8:53 35.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 36.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 45.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 38.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 37.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 39.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 50.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 41.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 42.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 52.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 43.0.127.10.in-addr.arpa udp
N/A 10.127.0.156:445 tcp
N/A 10.127.0.247:445 tcp
N/A 10.127.0.147:445 tcp
N/A 10.127.0.237:139 tcp
N/A 10.127.0.238:139 tcp
N/A 10.127.0.148:445 tcp
N/A 10.127.0.248:445 tcp
N/A 10.127.0.239:139 tcp
N/A 10.127.0.249:445 tcp
N/A 10.127.0.149:445 tcp
N/A 10.127.0.240:139 tcp
N/A 10.127.0.150:445 tcp
N/A 10.127.0.250:445 tcp
N/A 10.127.0.241:139 tcp
N/A 10.127.0.151:445 tcp
N/A 10.127.0.251:445 tcp
N/A 10.127.0.162:445 tcp
N/A 10.127.0.161:445 tcp
N/A 10.127.0.242:139 tcp
N/A 10.127.0.252:445 tcp
N/A 10.127.0.152:445 tcp
N/A 10.127.0.153:445 tcp
N/A 10.127.0.253:445 tcp
N/A 10.127.0.254:445 tcp
N/A 10.127.0.154:445 tcp
N/A 10.127.0.155:445 tcp
N/A 10.127.0.255:445 tcp
US 8.8.8.8:53 44.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 55.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 56.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 46.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 47.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 48.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 49.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 51.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 53.0.127.10.in-addr.arpa udp
N/A 10.127.0.246:139 tcp
N/A 10.127.1.0:445 tcp
N/A 10.127.0.247:139 tcp
N/A 10.127.0.157:445 tcp
N/A 10.127.0.167:445 tcp
N/A 10.127.0.248:139 tcp
N/A 10.127.0.158:445 tcp
N/A 10.127.0.169:445 tcp
N/A 10.127.0.168:445 tcp
N/A 10.127.0.249:139 tcp
N/A 10.127.0.159:445 tcp
N/A 10.127.0.250:139 tcp
N/A 10.127.0.160:445 tcp
N/A 10.127.0.251:139 tcp
N/A 10.127.0.252:139 tcp
N/A 10.127.0.253:139 tcp
N/A 10.127.0.163:445 tcp
N/A 10.127.0.254:139 tcp
N/A 10.127.0.164:445 tcp
N/A 10.127.0.174:445 tcp
N/A 10.127.0.255:139 tcp
N/A 10.127.0.165:445 tcp
US 8.8.8.8:53 54.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 65.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 66.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 58.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 59.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 69.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 60.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 61.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 62.0.127.10.in-addr.arpa udp
N/A 10.127.1.0:139 tcp
N/A 10.127.0.166:445 tcp
N/A 10.127.0.175:445 tcp
N/A 10.127.0.177:445 tcp
N/A 10.127.0.170:445 tcp
N/A 10.127.0.171:445 tcp
N/A 10.127.0.172:445 tcp
N/A 10.127.0.173:445 tcp
US 8.8.8.8:53 63.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 64.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 57.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 75.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 67.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 68.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 70.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 71.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 72.0.127.10.in-addr.arpa udp
N/A 10.127.0.178:445 tcp
N/A 10.127.0.188:445 tcp
N/A 10.127.0.179:445 tcp
N/A 10.127.0.190:445 tcp
N/A 10.127.0.180:445 tcp
N/A 10.127.0.181:445 tcp
N/A 10.127.0.182:445 tcp
N/A 10.127.0.183:445 tcp
US 8.8.8.8:53 73.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 82.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 74.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 76.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 77.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 88.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 80.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 79.0.127.10.in-addr.arpa udp
N/A 10.127.0.184:445 tcp
N/A 10.127.0.185:445 tcp
N/A 10.127.0.176:445 tcp
N/A 10.127.0.186:445 tcp
N/A 10.127.0.187:445 tcp
N/A 10.127.0.189:445 tcp
N/A 10.127.0.200:445 tcp
N/A 10.127.0.191:445 tcp
N/A 10.127.0.192:445 tcp
US 8.8.8.8:53 94.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 85.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 86.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 87.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 99.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 90.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 89.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 81.0.127.10.in-addr.arpa udp
N/A 10.127.0.193:445 tcp
N/A 10.127.0.194:445 tcp
N/A 10.127.0.195:445 tcp
N/A 10.127.0.196:445 tcp
N/A 10.127.0.197:445 tcp
N/A 10.127.0.198:445 tcp
N/A 10.127.0.199:445 tcp
N/A 10.127.0.201:445 tcp
US 8.8.8.8:53 91.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 92.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 83.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 93.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 84.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 95.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 96.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 97.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 98.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 108.0.127.10.in-addr.arpa udp
N/A 10.127.0.202:445 tcp
N/A 10.127.0.203:445 tcp
N/A 10.127.0.204:445 tcp
N/A 10.127.0.205:445 tcp
N/A 10.127.0.206:445 tcp
N/A 10.127.0.216:445 tcp
N/A 10.127.0.207:445 tcp
N/A 10.127.0.208:445 tcp
N/A 10.127.0.209:445 tcp
N/A 10.127.0.210:445 tcp
N/A 10.127.0.220:445 tcp
N/A 10.127.0.211:445 tcp
US 8.8.8.8:53 100.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 101.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 103.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 102.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 104.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 105.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 115.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 106.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 107.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 117.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 118.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 109.0.127.10.in-addr.arpa udp
N/A 10.127.0.212:445 tcp
N/A 10.127.0.213:445 tcp
N/A 10.127.0.214:445 tcp
N/A 10.127.0.215:445 tcp
N/A 10.127.0.217:445 tcp
N/A 10.127.0.218:445 tcp
N/A 10.127.0.228:445 tcp
N/A 10.127.0.219:445 tcp
US 8.8.8.8:53 110.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 111.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 112.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 113.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 114.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 116.0.127.10.in-addr.arpa udp
N/A 10.127.0.221:445 tcp
N/A 10.127.0.222:445 tcp
N/A 10.127.0.1:445 tcp
N/A 10.127.0.223:445 tcp
N/A 10.127.0.233:445 tcp
N/A 10.127.0.224:445 tcp
N/A 10.127.0.225:445 tcp
N/A 10.127.0.4:445 tcp
N/A 10.127.0.235:445 tcp
N/A 10.127.0.226:445 tcp
N/A 10.127.0.227:445 tcp
N/A 10.127.0.6:445 tcp
N/A 10.127.0.237:445 tcp
N/A 10.127.0.229:445 tcp
US 8.8.8.8:53 119.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 120.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 121.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 122.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 124.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 125.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 126.0.127.10.in-addr.arpa udp
N/A 10.127.0.230:445 tcp
N/A 10.127.0.231:445 tcp
N/A 10.127.0.232:445 tcp
N/A 10.127.0.2:445 tcp
N/A 10.127.0.3:445 tcp
N/A 10.127.0.234:445 tcp
N/A 10.127.0.13:445 tcp
N/A 10.127.0.5:445 tcp
N/A 10.127.0.236:445 tcp
N/A 10.127.0.247:445 tcp
N/A 10.127.0.7:445 tcp
N/A 10.127.0.238:445 tcp
N/A 10.127.0.8:445 tcp
US 8.8.8.8:53 128.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 129.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 130.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 131.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 132.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 123.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 133.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 144.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 134.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 135.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 127.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 136.0.127.10.in-addr.arpa udp
N/A 10.127.0.239:445 tcp
N/A 10.127.0.9:445 tcp
N/A 10.127.0.240:445 tcp
N/A 10.127.0.10:445 tcp
N/A 10.127.0.241:445 tcp
N/A 10.127.0.20:445 tcp
N/A 10.127.0.11:445 tcp
N/A 10.127.0.242:445 tcp
N/A 10.127.0.12:445 tcp
N/A 10.127.0.252:445 tcp
N/A 10.127.0.243:445 tcp
N/A 10.127.0.14:445 tcp
N/A 10.127.0.245:445 tcp
N/A 10.127.0.15:445 tcp
N/A 10.127.0.246:445 tcp
N/A 10.127.0.25:445 tcp
N/A 10.127.0.16:445 tcp
N/A 10.127.0.17:445 tcp
N/A 10.127.0.248:445 tcp
US 8.8.8.8:53 146.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 137.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 138.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 139.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 149.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 140.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 141.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 143.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 142.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 154.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 145.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 153.0.127.10.in-addr.arpa udp
N/A 10.127.0.18:445 tcp
N/A 10.127.0.249:445 tcp
N/A 10.127.0.19:445 tcp
N/A 10.127.0.250:445 tcp
N/A 10.127.0.251:445 tcp
N/A 10.127.0.21:445 tcp
N/A 10.127.0.22:445 tcp
N/A 10.127.0.253:445 tcp
N/A 10.127.0.23:445 tcp
N/A 10.127.0.254:445 tcp
N/A 10.127.0.24:445 tcp
N/A 10.127.0.255:445 tcp
N/A 10.127.0.34:445 tcp
N/A 10.127.1.0:445 tcp
N/A 10.127.0.26:445 tcp
US 8.8.8.8:53 156.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 147.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 148.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 150.0.127.10.in-addr.arpa udp
N/A 10.127.0.27:445 tcp
N/A 10.127.0.28:445 tcp
N/A 10.127.0.29:445 tcp
N/A 10.127.0.30:445 tcp
N/A 10.127.0.31:445 tcp
US 8.8.8.8:53 151.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 152.0.127.10.in-addr.arpa udp
N/A 10.127.0.32:445 tcp
N/A 10.127.0.33:445 tcp
N/A 10.127.0.35:445 tcp
N/A 10.127.0.46:445 tcp
US 8.8.8.8:53 155.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 157.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 159.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 160.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 170.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 161.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 162.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 164.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 163.0.127.10.in-addr.arpa udp
N/A 10.127.0.36:445 tcp
N/A 10.127.0.37:445 tcp
N/A 10.127.0.38:445 tcp
N/A 10.127.0.48:445 tcp
N/A 10.127.0.39:445 tcp
N/A 10.127.0.40:445 tcp
N/A 10.127.0.41:445 tcp
N/A 10.127.0.42:445 tcp
N/A 10.127.0.43:445 tcp
N/A 10.127.0.54:445 tcp
N/A 10.127.0.44:445 tcp
US 8.8.8.8:53 166.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 167.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 158.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 177.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 168.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 169.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 172.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 171.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 182.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 173.0.127.10.in-addr.arpa udp
N/A 10.127.0.45:445 tcp
N/A 10.127.0.47:445 tcp
N/A 10.127.0.49:445 tcp
N/A 10.127.0.50:445 tcp
N/A 10.127.0.60:445 tcp
N/A 10.127.0.51:445 tcp
N/A 10.127.0.61:445 tcp
N/A 10.127.0.52:445 tcp
N/A 10.127.0.53:445 tcp
N/A 10.127.0.64:445 tcp
N/A 10.127.0.63:445 tcp
US 8.8.8.8:53 174.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 176.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 185.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 179.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 186.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 180.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 181.0.127.10.in-addr.arpa udp
N/A 10.127.0.55:445 tcp
N/A 10.127.0.56:445 tcp
N/A 10.127.0.57:445 tcp
N/A 10.127.0.58:445 tcp
N/A 10.127.0.59:445 tcp
N/A 10.127.0.62:445 tcp
US 8.8.8.8:53 183.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 184.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 175.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 178.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 187.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 188.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 189.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 190.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 191.0.127.10.in-addr.arpa udp
N/A 10.127.0.65:445 tcp
N/A 10.127.0.66:445 tcp
N/A 10.127.0.67:445 tcp
N/A 10.127.0.68:445 tcp
N/A 10.127.0.69:445 tcp
N/A 10.127.0.70:445 tcp
N/A 10.127.0.71:445 tcp
N/A 10.127.0.72:445 tcp
US 8.8.8.8:53 192.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 193.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 194.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 195.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 196.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 198.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 208.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 199.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 200.0.127.10.in-addr.arpa udp
N/A 10.127.0.73:445 tcp
N/A 10.127.0.84:445 tcp
N/A 10.127.0.74:445 tcp
N/A 10.127.0.75:445 tcp
N/A 10.127.0.76:445 tcp
N/A 10.127.0.77:445 tcp
N/A 10.127.0.78:445 tcp
N/A 10.127.0.79:445 tcp
N/A 10.127.0.89:445 tcp
N/A 10.127.0.80:445 tcp
N/A 10.127.0.81:445 tcp
US 8.8.8.8:53 201.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 202.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 203.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 204.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 205.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 206.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 207.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 209.0.127.10.in-addr.arpa udp
N/A 10.127.0.82:445 tcp
N/A 10.127.0.83:445 tcp
N/A 10.127.0.94:445 tcp
N/A 10.127.0.85:445 tcp
N/A 10.127.0.86:445 tcp
N/A 10.127.0.87:445 tcp
N/A 10.127.0.88:445 tcp
N/A 10.127.0.98:445 tcp
N/A 10.127.0.90:445 tcp
N/A 10.127.0.91:445 tcp
US 8.8.8.8:53 210.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 211.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 212.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 213.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 224.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 214.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 215.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 216.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 217.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 218.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 219.0.127.10.in-addr.arpa udp
N/A 10.127.0.101:445 tcp
N/A 10.127.0.92:445 tcp
N/A 10.127.0.93:445 tcp
N/A 10.127.0.103:445 tcp
N/A 10.127.0.105:445 tcp
N/A 10.127.0.95:445 tcp
N/A 10.127.0.96:445 tcp
N/A 10.127.0.97:445 tcp
N/A 10.127.0.108:445 tcp
N/A 10.127.0.99:445 tcp
N/A 10.127.0.100:445 tcp
US 8.8.8.8:53 220.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 221.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 232.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 222.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 223.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 226.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 225.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 236.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 227.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 228.0.127.10.in-addr.arpa udp
N/A 10.127.0.110:445 tcp
N/A 10.127.0.102:445 tcp
N/A 10.127.0.104:445 tcp
N/A 10.127.0.114:445 tcp
N/A 10.127.0.106:445 tcp
N/A 10.127.0.107:445 tcp
N/A 10.127.0.109:445 tcp
US 8.8.8.8:53 229.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 230.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 231.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 243.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 233.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 234.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 245.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 237.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 235.0.127.10.in-addr.arpa udp
N/A 10.127.0.121:445 tcp
N/A 10.127.0.111:445 tcp
N/A 10.127.0.112:445 tcp
N/A 10.127.0.113:445 tcp
N/A 10.127.0.115:445 tcp
N/A 10.127.0.116:445 tcp
N/A 10.127.0.117:445 tcp
N/A 10.127.0.118:445 tcp
US 8.8.8.8:53 238.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 239.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 240.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 241.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 242.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 246.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 247.0.127.10.in-addr.arpa udp
N/A 10.127.0.119:445 tcp
N/A 10.127.0.120:445 tcp
N/A 10.127.0.122:445 tcp
N/A 10.127.0.123:445 tcp
N/A 10.127.0.124:445 tcp
N/A 10.127.0.125:445 tcp
N/A 10.127.0.135:445 tcp
N/A 10.127.0.126:445 tcp
N/A 10.127.0.127:445 tcp
US 8.8.8.8:53 248.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 250.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 251.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 252.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 253.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 254.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 255.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 0.1.127.10.in-addr.arpa udp
N/A 10.127.0.128:445 tcp
N/A 10.127.0.129:445 tcp
N/A 10.127.0.130:445 tcp
N/A 10.127.0.131:445 tcp
N/A 10.127.0.142:445 tcp
N/A 10.127.0.132:445 tcp
N/A 10.127.0.133:445 tcp
N/A 10.127.0.134:445 tcp
N/A 10.127.0.136:445 tcp
N/A 10.127.0.137:445 tcp
N/A 10.127.0.138:445 tcp
N/A 10.127.0.139:445 tcp
N/A 10.127.0.149:445 tcp
N/A 10.127.0.140:445 tcp
N/A 10.127.0.141:445 tcp
N/A 10.127.0.143:445 tcp
N/A 10.127.0.144:445 tcp
N/A 10.127.0.145:445 tcp
N/A 10.127.0.146:445 tcp
N/A 10.127.0.147:445 tcp
N/A 10.127.0.148:445 tcp
N/A 10.127.0.150:445 tcp
N/A 10.127.0.151:445 tcp
N/A 10.127.0.152:445 tcp
N/A 10.127.0.153:445 tcp
N/A 10.127.0.163:445 tcp
N/A 10.127.0.154:445 tcp
N/A 10.127.0.155:445 tcp
N/A 10.127.0.156:445 tcp
N/A 10.127.0.157:445 tcp
N/A 10.127.0.158:445 tcp
N/A 10.127.0.159:445 tcp
N/A 10.127.0.160:445 tcp
N/A 10.127.0.161:445 tcp
N/A 10.127.0.162:445 tcp
N/A 10.127.0.164:445 tcp
N/A 10.127.0.165:445 tcp
N/A 10.127.0.175:445 tcp
N/A 10.127.0.166:445 tcp
N/A 10.127.0.167:445 tcp
N/A 10.127.0.168:445 tcp
N/A 10.127.0.169:445 tcp
N/A 10.127.0.170:445 tcp
N/A 10.127.0.180:445 tcp
N/A 10.127.0.171:445 tcp
N/A 10.127.0.172:445 tcp
N/A 10.127.0.173:445 tcp
N/A 10.127.0.174:445 tcp
N/A 10.127.0.185:445 tcp
N/A 10.127.0.176:445 tcp
N/A 10.127.0.177:445 tcp
N/A 10.127.0.178:445 tcp
N/A 10.127.0.179:445 tcp
N/A 10.127.0.181:445 tcp
N/A 10.127.0.182:445 tcp
N/A 10.127.0.183:445 tcp
N/A 10.127.0.194:445 tcp
N/A 10.127.0.184:445 tcp
N/A 10.127.0.186:445 tcp
N/A 10.127.0.1:445 tcp
N/A 10.127.0.187:445 tcp
N/A 10.127.0.188:445 tcp
N/A 10.127.0.189:445 tcp
N/A 10.127.0.190:445 tcp
N/A 10.127.0.191:445 tcp
N/A 10.127.0.192:445 tcp
N/A 10.127.0.202:445 tcp
N/A 10.127.0.193:445 tcp
N/A 10.127.0.1:139 tcp
N/A 10.127.0.2:445 tcp
N/A 10.127.0.195:445 tcp
N/A 10.127.0.3:445 tcp
N/A 10.127.0.196:445 tcp
N/A 10.127.0.197:445 tcp
N/A 10.127.0.198:445 tcp
N/A 10.127.0.199:445 tcp
N/A 10.127.0.200:445 tcp
N/A 10.127.0.201:445 tcp
N/A 10.127.0.212:445 tcp
N/A 10.127.0.203:445 tcp
N/A 10.127.0.204:445 tcp
N/A 10.127.0.205:445 tcp
N/A 10.127.0.5:445 tcp
N/A 10.127.0.7:445 tcp
N/A 10.127.0.8:445 tcp
N/A 10.127.0.9:445 tcp
N/A 10.127.0.10:445 tcp
N/A 10.127.0.11:445 tcp
N/A 10.127.0.206:445 tcp
N/A 10.127.0.12:445 tcp
N/A 10.127.0.2:139 tcp
N/A 10.127.0.3:139 tcp
N/A 10.127.0.14:445 tcp
N/A 10.127.0.207:445 tcp
N/A 10.127.0.5:139 tcp
N/A 10.127.0.15:445 tcp
N/A 10.127.0.217:445 tcp
N/A 10.127.0.208:445 tcp
N/A 10.127.0.16:445 tcp
N/A 10.127.0.209:445 tcp
N/A 10.127.0.7:139 tcp
N/A 10.127.0.17:445 tcp
N/A 10.127.0.210:445 tcp
N/A 10.127.0.8:139 tcp
N/A 10.127.0.18:445 tcp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
N/A 10.127.0.211:445 tcp
N/A 10.127.0.19:445 tcp
N/A 10.127.0.9:139 tcp
N/A 10.127.0.10:139 tcp
N/A 10.127.0.213:445 tcp
N/A 10.127.0.11:139 tcp
N/A 10.127.0.214:445 tcp
N/A 10.127.0.12:139 tcp
N/A 10.127.0.215:445 tcp
N/A 10.127.0.216:445 tcp
N/A 10.127.0.218:445 tcp
N/A 10.127.0.219:445 tcp
N/A 10.127.0.220:445 tcp
N/A 10.127.0.231:445 tcp
N/A 10.127.0.221:445 tcp
N/A 10.127.0.222:445 tcp
N/A 10.127.0.223:445 tcp
N/A 10.127.0.23:445 tcp
N/A 10.127.0.14:139 tcp
N/A 10.127.0.24:445 tcp
N/A 10.127.0.15:139 tcp
N/A 10.127.0.16:139 tcp
N/A 10.127.0.224:445 tcp
N/A 10.127.0.26:445 tcp
N/A 10.127.0.27:445 tcp
N/A 10.127.0.17:139 tcp
N/A 10.127.0.18:139 tcp
N/A 10.127.0.28:445 tcp
N/A 10.127.0.29:445 tcp
N/A 10.127.0.19:139 tcp
N/A 10.127.0.30:445 tcp
N/A 10.127.0.31:445 tcp
N/A 10.127.0.32:445 tcp
N/A 10.127.0.225:445 tcp
N/A 10.127.0.33:445 tcp
N/A 10.127.0.23:139 tcp
N/A 10.127.0.226:445 tcp
N/A 10.127.0.24:139 tcp
N/A 10.127.0.227:445 tcp
N/A 10.127.0.35:445 tcp
N/A 10.127.0.237:445 tcp
N/A 10.127.0.228:445 tcp
N/A 10.127.0.36:445 tcp
N/A 10.127.0.26:139 tcp
N/A 10.127.0.229:445 tcp
N/A 10.127.0.27:139 tcp
N/A 10.127.0.37:445 tcp
N/A 10.127.0.230:445 tcp
N/A 10.127.0.28:139 tcp
N/A 10.127.0.38:445 tcp
N/A 10.127.0.29:139 tcp
N/A 10.127.0.39:445 tcp
N/A 10.127.0.232:445 tcp
N/A 10.127.0.40:445 tcp
N/A 10.127.0.30:139 tcp
N/A 10.127.0.233:445 tcp
N/A 10.127.0.31:139 tcp
N/A 10.127.0.41:445 tcp
N/A 10.127.0.234:445 tcp
N/A 10.127.0.42:445 tcp
N/A 10.127.0.235:445 tcp
N/A 10.127.0.236:445 tcp
N/A 10.127.0.238:445 tcp
N/A 10.127.0.239:445 tcp
N/A 10.127.0.240:445 tcp
N/A 10.127.0.241:445 tcp
N/A 10.127.0.32:139 tcp
N/A 10.127.0.33:139 tcp
N/A 10.127.0.43:445 tcp
N/A 10.127.0.44:445 tcp
N/A 10.127.0.45:445 tcp
N/A 10.127.0.35:139 tcp
N/A 10.127.0.36:139 tcp
N/A 10.127.0.47:445 tcp
N/A 10.127.0.37:139 tcp
N/A 10.127.0.38:139 tcp
N/A 10.127.0.242:445 tcp
N/A 10.127.0.49:445 tcp
N/A 10.127.0.39:139 tcp
N/A 10.127.0.40:139 tcp
N/A 10.127.0.50:445 tcp
N/A 10.127.0.252:445 tcp
N/A 10.127.0.243:445 tcp
N/A 10.127.0.41:139 tcp
N/A 10.127.0.51:445 tcp
N/A 10.127.0.42:139 tcp
N/A 10.127.0.52:445 tcp
N/A 10.127.0.245:445 tcp
N/A 10.127.0.53:445 tcp
N/A 10.127.0.43:139 tcp
N/A 10.127.0.246:445 tcp
N/A 10.127.0.44:139 tcp
N/A 10.127.0.247:445 tcp
N/A 10.127.0.45:139 tcp
N/A 10.127.0.55:445 tcp
N/A 10.127.0.248:445 tcp
N/A 10.127.0.56:445 tcp
N/A 10.127.0.249:445 tcp
N/A 10.127.0.47:139 tcp
N/A 10.127.0.58:445 tcp
N/A 10.127.0.251:445 tcp
N/A 10.127.0.59:445 tcp
N/A 10.127.0.49:139 tcp
N/A 10.127.0.50:139 tcp
N/A 10.127.0.254:445 tcp
N/A 10.127.0.255:445 tcp
N/A 10.127.1.0:445 tcp
N/A 10.127.0.250:445 tcp
N/A 10.127.0.51:139 tcp
N/A 10.127.0.52:139 tcp
N/A 10.127.0.62:445 tcp
N/A 10.127.0.53:139 tcp
N/A 10.127.0.65:445 tcp
N/A 10.127.0.55:139 tcp
N/A 10.127.0.66:445 tcp
N/A 10.127.0.56:139 tcp
N/A 10.127.0.67:445 tcp
N/A 10.127.0.58:139 tcp
N/A 10.127.0.68:445 tcp
N/A 10.127.0.59:139 tcp
N/A 10.127.0.69:445 tcp
N/A 10.127.0.253:445 tcp
N/A 10.127.0.70:445 tcp
N/A 10.127.0.71:445 tcp
N/A 10.127.0.72:445 tcp
N/A 10.127.0.62:139 tcp
N/A 10.127.0.73:445 tcp
N/A 10.127.0.74:445 tcp
N/A 10.127.0.65:139 tcp
N/A 10.127.0.75:445 tcp
N/A 10.127.0.66:139 tcp
N/A 10.127.0.76:445 tcp
N/A 10.127.0.67:139 tcp
N/A 10.127.0.77:445 tcp
N/A 10.127.0.68:139 tcp
N/A 10.127.0.78:445 tcp
N/A 10.127.0.69:139 tcp
N/A 10.127.0.79:445 tcp
N/A 10.127.0.80:445 tcp
N/A 10.127.0.70:139 tcp
N/A 10.127.0.71:139 tcp
N/A 10.127.0.72:139 tcp
N/A 10.127.0.82:445 tcp
N/A 10.127.0.73:139 tcp
N/A 10.127.0.94:445 tcp
N/A 10.127.0.74:139 tcp
N/A 10.127.0.75:139 tcp
N/A 10.127.0.85:445 tcp
N/A 10.127.0.76:139 tcp
N/A 10.127.0.86:445 tcp
N/A 10.127.0.77:139 tcp
N/A 10.127.0.87:445 tcp
N/A 10.127.0.88:445 tcp
N/A 10.127.0.78:139 tcp
N/A 10.127.0.79:139 tcp
N/A 10.127.0.80:139 tcp
N/A 10.127.0.90:445 tcp
N/A 10.127.0.91:445 tcp
N/A 10.127.0.92:445 tcp
N/A 10.127.0.82:139 tcp
N/A 10.127.0.93:445 tcp
N/A 10.127.0.94:139 tcp
N/A 10.127.0.95:445 tcp
N/A 10.127.0.85:139 tcp
N/A 10.127.0.96:445 tcp
N/A 10.127.0.86:139 tcp
N/A 10.127.0.97:445 tcp
N/A 10.127.0.87:139 tcp
N/A 10.127.0.108:445 tcp
N/A 10.127.0.88:139 tcp
N/A 10.127.0.99:445 tcp
N/A 10.127.0.90:139 tcp
N/A 10.127.0.100:445 tcp
N/A 10.127.0.91:139 tcp
N/A 10.127.0.92:139 tcp
N/A 10.127.0.102:445 tcp
N/A 10.127.0.93:139 tcp
N/A 10.127.0.104:445 tcp
N/A 10.127.0.95:139 tcp
N/A 10.127.0.106:445 tcp
N/A 10.127.0.96:139 tcp
N/A 10.127.0.97:139 tcp
N/A 10.127.0.107:445 tcp
N/A 10.127.0.108:139 tcp
N/A 10.127.0.99:139 tcp
N/A 10.127.0.109:445 tcp
N/A 10.127.0.100:139 tcp
N/A 10.127.0.111:445 tcp
N/A 10.127.0.112:445 tcp
N/A 10.127.0.102:139 tcp
N/A 10.127.0.113:445 tcp
N/A 10.127.0.104:139 tcp
N/A 10.127.0.115:445 tcp
N/A 10.127.0.106:139 tcp
N/A 10.127.0.116:445 tcp
N/A 10.127.0.107:139 tcp
N/A 10.127.0.117:445 tcp
N/A 10.127.0.118:445 tcp
N/A 10.127.0.119:445 tcp
N/A 10.127.0.109:139 tcp
N/A 10.127.0.120:445 tcp
N/A 10.127.0.111:139 tcp
N/A 10.127.0.112:139 tcp
N/A 10.127.0.122:445 tcp
N/A 10.127.0.113:139 tcp
N/A 10.127.0.124:445 tcp
N/A 10.127.0.115:139 tcp
N/A 10.127.0.125:445 tcp
N/A 10.127.0.116:139 tcp
N/A 10.127.0.126:445 tcp
N/A 10.127.0.117:139 tcp
N/A 10.127.0.118:139 tcp
N/A 10.127.0.128:445 tcp
N/A 10.127.0.119:139 tcp
N/A 10.127.0.129:445 tcp
N/A 10.127.0.130:445 tcp
N/A 10.127.0.120:139 tcp
N/A 10.127.0.131:445 tcp
N/A 10.127.0.122:139 tcp
N/A 10.127.0.132:445 tcp
N/A 10.127.0.133:445 tcp
N/A 10.127.0.124:139 tcp
N/A 10.127.0.134:445 tcp
N/A 10.127.0.125:139 tcp
N/A 10.127.0.136:445 tcp
N/A 10.127.0.126:139 tcp
N/A 10.127.0.137:445 tcp
N/A 10.127.0.138:445 tcp
N/A 10.127.0.128:139 tcp
N/A 10.127.0.139:445 tcp
N/A 10.127.0.129:139 tcp
N/A 10.127.0.130:139 tcp
N/A 10.127.0.149:445 tcp
N/A 10.127.0.140:445 tcp
N/A 10.127.0.131:139 tcp
N/A 10.127.0.141:445 tcp
N/A 10.127.0.132:139 tcp
N/A 10.127.0.133:139 tcp
N/A 10.127.0.143:445 tcp
N/A 10.127.0.144:445 tcp
N/A 10.127.0.134:139 tcp
N/A 10.127.0.145:445 tcp
N/A 10.127.0.136:139 tcp
N/A 10.127.0.146:445 tcp
N/A 10.127.0.147:445 tcp
N/A 10.127.0.137:139 tcp
N/A 10.127.0.138:139 tcp
N/A 10.127.0.148:445 tcp
N/A 10.127.0.139:139 tcp
N/A 10.127.0.149:139 tcp
N/A 10.127.0.140:139 tcp
N/A 10.127.0.150:445 tcp
N/A 10.127.0.141:139 tcp
N/A 10.127.0.151:445 tcp
N/A 10.127.0.152:445 tcp
N/A 10.127.0.143:139 tcp
N/A 10.127.0.153:445 tcp
N/A 10.127.0.154:445 tcp
N/A 10.127.0.144:139 tcp
N/A 10.127.0.155:445 tcp
N/A 10.127.0.145:139 tcp
N/A 10.127.0.146:139 tcp
N/A 10.127.0.156:445 tcp
N/A 10.127.0.157:445 tcp
N/A 10.127.0.147:139 tcp
N/A 10.127.0.148:139 tcp
N/A 10.127.0.159:445 tcp
N/A 10.127.0.150:139 tcp
N/A 10.127.0.160:445 tcp
N/A 10.127.0.151:139 tcp
N/A 10.127.0.161:445 tcp
N/A 10.127.0.162:445 tcp
N/A 10.127.0.152:139 tcp
N/A 10.127.0.153:139 tcp
N/A 10.127.0.154:139 tcp
N/A 10.127.0.164:445 tcp
N/A 10.127.0.155:139 tcp
N/A 10.127.0.165:445 tcp
N/A 10.127.0.156:139 tcp
N/A 10.127.0.166:445 tcp
N/A 10.127.0.157:139 tcp
N/A 10.127.0.167:445 tcp
N/A 10.127.0.168:445 tcp
N/A 10.127.0.159:139 tcp
N/A 10.127.0.169:445 tcp
N/A 10.127.0.170:445 tcp
N/A 10.127.0.160:139 tcp
N/A 10.127.0.171:445 tcp
N/A 10.127.0.161:139 tcp
N/A 10.127.0.162:139 tcp
N/A 10.127.0.172:445 tcp
N/A 10.127.0.173:445 tcp
N/A 10.127.0.164:139 tcp
N/A 10.127.0.174:445 tcp
N/A 10.127.0.165:139 tcp
N/A 10.127.0.185:445 tcp
N/A 10.127.0.176:445 tcp
N/A 10.127.0.166:139 tcp
N/A 10.127.0.177:445 tcp
N/A 10.127.0.167:139 tcp
N/A 10.127.0.168:139 tcp
N/A 10.127.0.179:445 tcp
N/A 10.127.0.169:139 tcp
N/A 10.127.0.170:139 tcp
N/A 10.127.0.171:139 tcp
N/A 10.127.0.181:445 tcp
N/A 10.127.0.172:139 tcp
N/A 10.127.0.182:445 tcp
N/A 10.127.0.183:445 tcp
N/A 10.127.0.173:139 tcp
N/A 10.127.0.184:445 tcp
N/A 10.127.0.174:139 tcp
N/A 10.127.0.185:139 tcp
N/A 10.127.0.186:445 tcp
N/A 10.127.0.176:139 tcp
N/A 10.127.0.177:139 tcp
N/A 10.127.0.187:445 tcp
N/A 10.127.0.188:445 tcp
N/A 10.127.0.179:139 tcp
N/A 10.127.0.189:445 tcp
N/A 10.127.0.190:445 tcp
N/A 10.127.0.181:139 tcp
N/A 10.127.0.191:445 tcp
N/A 10.127.0.192:445 tcp
N/A 10.127.0.182:139 tcp
N/A 10.127.0.183:139 tcp
N/A 10.127.0.193:445 tcp
N/A 10.127.0.184:139 tcp
N/A 10.127.0.195:445 tcp
N/A 10.127.0.186:139 tcp
N/A 10.127.0.196:445 tcp
N/A 10.127.0.187:139 tcp
N/A 10.127.0.197:445 tcp
N/A 10.127.0.198:445 tcp
N/A 10.127.0.188:139 tcp
N/A 10.127.0.199:445 tcp
N/A 10.127.0.189:139 tcp
N/A 10.127.0.190:139 tcp
N/A 10.127.0.200:445 tcp
N/A 10.127.0.201:445 tcp
N/A 10.127.0.191:139 tcp
N/A 10.127.0.192:139 tcp
N/A 10.127.0.203:445 tcp
N/A 10.127.0.193:139 tcp
N/A 10.127.0.204:445 tcp
N/A 10.127.0.195:139 tcp
N/A 10.127.0.205:445 tcp
N/A 10.127.0.196:139 tcp
N/A 10.127.0.206:445 tcp
N/A 10.127.0.197:139 tcp
N/A 10.127.0.207:445 tcp
N/A 10.127.0.198:139 tcp
N/A 10.127.0.208:445 tcp
N/A 10.127.0.199:139 tcp
N/A 10.127.0.209:445 tcp
N/A 10.127.0.210:445 tcp
N/A 10.127.0.200:139 tcp
N/A 10.127.0.201:139 tcp
N/A 10.127.0.211:445 tcp
N/A 10.127.0.203:139 tcp
N/A 10.127.0.213:445 tcp
N/A 10.127.0.204:139 tcp
N/A 10.127.0.214:445 tcp
N/A 10.127.0.205:139 tcp
N/A 10.127.0.215:445 tcp
N/A 10.127.0.206:139 tcp
N/A 10.127.0.216:445 tcp
N/A 10.127.0.207:139 tcp
N/A 10.127.0.218:445 tcp
N/A 10.127.0.208:139 tcp
N/A 10.127.0.219:445 tcp
N/A 10.127.0.209:139 tcp
N/A 10.127.0.210:139 tcp
N/A 10.127.0.220:445 tcp
N/A 10.127.0.211:139 tcp
N/A 10.127.0.221:445 tcp
N/A 10.127.0.222:445 tcp
N/A 10.127.0.223:445 tcp
N/A 10.127.0.213:139 tcp
N/A 10.127.0.224:445 tcp
N/A 10.127.0.214:139 tcp
N/A 10.127.0.215:139 tcp
N/A 10.127.0.225:445 tcp
N/A 10.127.0.226:445 tcp
N/A 10.127.0.216:139 tcp
N/A 10.127.0.227:445 tcp
N/A 10.127.0.218:139 tcp
N/A 10.127.0.228:445 tcp
N/A 10.127.0.219:139 tcp
N/A 10.127.0.229:445 tcp
N/A 10.127.0.220:139 tcp
N/A 10.127.0.230:445 tcp
N/A 10.127.0.221:139 tcp
N/A 10.127.0.232:445 tcp
N/A 10.127.0.222:139 tcp
N/A 10.127.0.223:139 tcp
N/A 10.127.0.233:445 tcp
N/A 10.127.0.234:445 tcp
N/A 10.127.0.224:139 tcp
N/A 10.127.0.235:445 tcp
N/A 10.127.0.225:139 tcp
N/A 10.127.0.226:139 tcp
N/A 10.127.0.236:445 tcp
N/A 10.127.0.227:139 tcp
N/A 10.127.0.228:139 tcp
N/A 10.127.0.238:445 tcp
N/A 10.127.0.239:445 tcp
N/A 10.127.0.229:139 tcp
N/A 10.127.0.240:445 tcp
N/A 10.127.0.230:139 tcp
N/A 10.127.0.241:445 tcp
N/A 10.127.0.242:445 tcp
N/A 10.127.0.232:139 tcp
N/A 10.127.0.243:445 tcp
N/A 10.127.0.233:139 tcp
N/A 10.127.0.234:139 tcp
N/A 10.127.0.235:139 tcp
N/A 10.127.0.245:445 tcp
N/A 10.127.0.236:139 tcp
N/A 10.127.0.246:445 tcp
N/A 10.127.0.247:445 tcp
N/A 10.127.0.248:445 tcp
N/A 10.127.0.238:139 tcp
N/A 10.127.0.239:139 tcp
N/A 10.127.0.249:445 tcp
N/A 10.127.0.240:139 tcp
N/A 10.127.0.251:445 tcp
N/A 10.127.0.241:139 tcp
N/A 10.127.0.242:139 tcp
N/A 10.127.0.243:139 tcp
N/A 10.127.0.254:445 tcp
N/A 10.127.0.245:139 tcp
N/A 10.127.0.255:445 tcp
N/A 10.127.1.0:445 tcp
N/A 10.127.0.246:139 tcp
N/A 10.127.0.247:139 tcp
N/A 10.127.0.248:139 tcp
N/A 10.127.0.249:139 tcp
N/A 10.127.0.250:445 tcp
N/A 10.127.0.251:139 tcp
N/A 10.127.0.253:445 tcp
N/A 10.127.0.254:139 tcp
N/A 10.127.0.255:139 tcp
N/A 10.127.1.0:139 tcp
N/A 10.127.0.250:139 tcp
N/A 10.127.0.253:139 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\splfivvolm.exe

MD5 6dcffb3265fd77fe158d3f5add751933
SHA1 72298838677c87daca885d39d0227a6ae3531812
SHA256 4deea5f53cecd04364ac0d6ecdc97e5c3909fe85ab72df8a0be2c93acbe70d21
SHA512 d901570626d889c4e5e4e5e16340dd5af67864b277d06ac8eea46b1deff876a363cdafde9ee99954a39c3b71e032b8048077a83ddb96e65356ee5bb82f6198bf

memory/3744-9-0x0000000000E10000-0x0000000000E23000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fwxpxpkaiu.exe

MD5 29071cec246ff32c45ecb793a87b89cd
SHA1 bc0c159a7471cdb603bab4e0d9c84bebce95177b
SHA256 895e6de58b7911602a855df2f50af3da8b62262a8c325314c99b6cb7b07e61fd
SHA512 b983962ed8e9f947c76824de7af5f72a8a5d163440c0db26af765f8353939ffdbf98bf20dbdaecafdc6ca672c563acc578a54d10099b6c54a5a404e5cd182a5e

C:\Users\Admin\AppData\Local\Temp\blridincwk.exe

MD5 ab8da511c456e5e3f72f1af2cda84651
SHA1 64b56af80fcaf2de6d0cb1859fcfbc677b06f9da
SHA256 e6743de7d8521cb5d92e7b10cf0b41aa2d38c2912d3f24b678eb5d9a0f52ffd9
SHA512 e7cbfd5deddf8e5393ee963da4ce7e587aaa92e8aee689c21417d0d5082b42ad382073241fb9c1759c20228d62fb1f9f95a28cb820495b6cdbaaaf4e86a52ee3

memory/912-15-0x00000000004C0000-0x000000000061B000-memory.dmp

C:\ProgramData\Identities\bfcinfo.exe

MD5 668b4d9effb6a2d47e64106de04998a4
SHA1 b3e02a79c72fb0abe60c950e933b37c7c6a8ccf5
SHA256 c04341676f8b868e630de0eea760215375e020dee53cfdb86b30cf4751946385
SHA512 e276ce1972af7f87bd3572a36a9ba4a2bda5655e74acc66dde0b299189b827088079d72e9e111b822f3906db7eb1281593ed1b5133b638a68f9dcf5b99c85c28

memory/1988-28-0x0000000000C10000-0x0000000000C48000-memory.dmp

memory/3744-45-0x0000000000E10000-0x0000000000E23000-memory.dmp

memory/912-70-0x00000000004C0000-0x000000000061B000-memory.dmp

memory/1988-72-0x0000000000C10000-0x0000000000C48000-memory.dmp

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 8541c23e7a4f850c364f7a6512f89ce0
SHA1 14b91630618287281d4797f7e051dc16f47fdca0
SHA256 7b16f32864a6033275ba1d92206fe15416a5a2f746182721533c63a8595efdae
SHA512 e468ed00da11399248bafd882d5901874cc08f7b4b364097f989156060edc0938d366fe22d4d0ce0031dae6ec95cabaf5200facb56917f0ddf030409fa8417a4

C:\Users\Admin\AppData\Roaming\Microsoft\Word\winword.vbs

MD5 3439318cedcf37c1bf5fe6d49ddbb2cb
SHA1 e075965bb3b38abdd80668fb6101a0d10b30f080
SHA256 6484a02c2db6c9afb5659ede4047cad10b7102c2bbc4c94bf8482f88d8fd83a8
SHA512 3dffcf24b052a7fffd50ab6c76d081b1c47ba64c20f21650e4bdcf19106518e8b342691711230ba9eea5489994b8ccec8ad11f54b1509b1cd518616254176b61

C:\Users\Admin\AppData\Roaming\Microsoft\Word\PingCheckpoint.docx

MD5 d14d0a8179f81c0064767838ba781516
SHA1 1d2a1350ec956d18a2e4dfbf63d873ac4c7626f0
SHA256 1e4fcbadeac292aa4ac49ed23eb2597826811db20246c8af58e3a451f1300590
SHA512 0c6a6deb0b4202786b7b5ebe9f66718bc4f9c419726dfd1bce20571f194c918f6a4bc22870e3fa4c970b80b969e647bbb8410e3e077bd8f449800440178db7a9

C:\Users\Admin\AppData\Roaming\Microsoft\Word\PingCheckpoint.txt

MD5 fbf3e37c7203d29b80da236b1fe7c6bf
SHA1 66c9eaf1ba30c624c9758220bafa38f022b896ed
SHA256 5948dcb446b5d80748d07ae31cdd4d11440589ca90357d70a9840882ca6ea1e4
SHA512 e0507f565a3812360c9730e963bd6ddf26120b0bd6d86db8d30c725eb1105bcda6fb92feccb80e13af3df49758f80f7bb4b99c448d83c8ea90fc457825b8fdd9

C:\Users\Admin\AppData\Roaming\Microsoft\Word\ReceiveSplit.docx

MD5 6028aa0e152912300c96b14b74f7b488
SHA1 5e24d701a8a09bc533cef122f6a4663ec77d14bd
SHA256 3c4a61bf55fe4d1040e4c253ebbe4a605b7addfb65037780f5018bef6fcdc37c
SHA512 6849d9dfa1b746bb9e57c19977c91f93b0625fec95c0b80066a62f419f3cb637698ec9a6e865347bc7c4397763f459c7d9842efd770c1496cc747828a72bfb6e

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 84c118b48260f895bd6436f6bdca8a28
SHA1 3db0cc8507f3e7011c24d430d603084736087ba7
SHA256 fa0ae016698703a61b082da6e7fb086bcaa7231cc86e252dcb252c9754708dc6
SHA512 ee21916c25799798154f68a8f2f926bb51eabfaf7d6e1f2977ceecb5b2a9070a1e3c8ccd3a26967b25dbe597a0f7bc73bca3cdcaef515dea8c229f884daceb51

C:\Users\Admin\AppData\Roaming\Microsoft\Word\ReceiveSplit.txt

MD5 cd93fe06bb7bfcb4683564ab2c80572d
SHA1 4b203306dc7a9f382922f260f18035ad72299e1b
SHA256 e99c48b67227117b0fcccfbed12f47b5ef9c146228185fe5d6707f69d1308c0a
SHA512 3bf060486f960aad43c6867f884f4d70c02b91b83ee71cb86244618023366efe31810cf13b48cd188b3e9bd45f6c1af3f6c9b984f4e8b26f761547213f00537e

C:\Users\Admin\AppData\Roaming\Microsoft\Word\SetOut.docx

MD5 a576d878b9f492c93e2829f28f53abdd
SHA1 7a0033dd45a9322ddb91f47c25d6eb615b5754c3
SHA256 355cd3e3054d484a401e80344aa6dc79954c718ac560449e31dceedba2d4c53d
SHA512 385bd10c3b9a0c8230c0e2bc0070b0bfda76e363e77ddb1535b216761e3358d03528b2967360441019c198d8a007ea6195eac302ebf976630521ae1a630ad4ed

C:\Users\Admin\AppData\Roaming\Microsoft\Word\SetOut.txt

MD5 bfe5fb2923db299f6ea24fd5be7bc56c
SHA1 65faa50e7fb375a9fefdf833ff979e9b0eadb11c
SHA256 a16f92820bf362da90f6dfb3f1270cf2489109dfa5c7a0d2722413272ceaf646
SHA512 e3574e10f8a586de4b77c167b6198d6c74da8aab903dc1d38e1079a0b159fcbaf44c38fe1b917a52d62ac68eefe278ee6ec63878e5eb83fcbd286171064a2064

memory/1824-350-0x0000000000750000-0x00000000008AB000-memory.dmp

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 1b63bcdcfc2a028cfbdbcb9698cf6162
SHA1 7d392a1f12712b21015c7b1dc9b2f2c546de77c9
SHA256 14e889a61a30ac126a3658aac445ef003b31dde106a4e62f1f75f78e3f8cc849
SHA512 ee30d7070f949b35ef925188d3c863d67d260add5a6537080158ec4a7239fe9e979658032706276f3c16effb679a60cfe541d87324ce9707948731b83d0e47a0

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 13df781ff57e80000b0333765c3645ad
SHA1 653e20650d99693dda198a2c4600882548c13997
SHA256 6a617d7386438040480d1e61c9a9c1c865b88b2720e442fbf44821fb1ea4e839
SHA512 b740021fc4c7995e9ff754ca02f19e3036f5c88cf15c312b3d4313a88d4ee0fe5c6b7d5620c094dc0b31f6aa07378df9aa255e377856714fa8c0c17880975992

memory/912-401-0x00000000004C0000-0x000000000061B000-memory.dmp

memory/1824-451-0x0000000000750000-0x00000000008AB000-memory.dmp

C:\ProgramData\MediaCache\C__Program Files (x86)-20241110_060457.rtt

MD5 1a4ad6d6e1fbb794a3e6e47d89beb8e6
SHA1 216c87d9cadfbfd8c4bd65f0b62c81a85660e60f
SHA256 58e10815dcf73e3200c132dbbef9e913c0706f64def6a5916c2afe06e8f6975c
SHA512 e8f0060ebec19df20778314cc6c0540d8f378dadf3d0e785fa47e4581ed96024ac81df285cdcf0cba8ded45dde39f3dbc88a15bd0d266ce3fd06f27b00039693

C:\ProgramData\MediaCache\C__ProgramData-20241110_060457.rtt

MD5 955629a88487850cfb27b4db64058224
SHA1 6af2eea41f2868f6cba1a6512711e5b753d30463
SHA256 a1b61924ba11a5fce2fdcf6f7a289222e9115773e1392d6c08857be9a6f4b856
SHA512 ba60c93215bb5e27a235cdf11a3b23b620e47e60454d44c835345f866dcd30f50aa7fefa108a1035ca1e27094b8fa336e797c2166df3e14eb3e7e2f11b98b647

C:\ProgramData\MediaCache\C__Users_Admin_Desktop-20241110_060457.rtt

MD5 9e5372974c6164e38bfdd53edff26dab
SHA1 a55fc57f25b6e05ab6e9d16cf2033bcff2c31eb9
SHA256 84dbd10147f721500b34c9d5142a521a5d1db94db1196458d0662bf179962621
SHA512 8738f757b3d0e63bd3cdd8911442792f1809bec1f597339456c553bb6643158bec085a429db7b94811cb05b6d7db9bcfb5cb1ab277e3ada0716382490ad559b0

C:\ProgramData\MediaCache\D__-20241110_060457.rtt

MD5 03a16a0f9ebb4db05bed45aa764aa2ba
SHA1 201835e267153b674bc6e64a0af9a5ff4ccdf9bf
SHA256 a57dbbfd62cc181b95bc1a08db150b197840f479030efadd0e9a895800026107
SHA512 8b29b84ec76c74d7339b6b57754e5e9c965c137bf19323309c2c0043281954e4a8c22afa383c4f6fabc4b6117a4095d904048f5d5ab67d113e9bc8579b365ecf

C:\ProgramData\MediaCache\F__-20241110_060457.rtt

MD5 f76c9a5bfdfecccd67c2b0bdff791ea3
SHA1 6794e2606b58ad2b64af7c117bb08a904b01d69d
SHA256 1c27b5b20b05e0cf70fcc117c0be3113f887e504bbee1b83a832c8a47f748d33
SHA512 ae4afc910d3e1229abe39a2ae71ab5472fb76f0cf736b14e8302815e4bac4d824aa4ee1e6a919db55314230fc64e7988c1571d1e269ee8d81422456eccd6018c

C:\ProgramData\RV34A54d.dat

MD5 b06af2bc494b3009c5a8d87e17004aca
SHA1 09292232ea0ab1e50a53ad993e5100c6bb85c3a8
SHA256 7e40dd9f5b07d4ddadf43e72705f81a266f97be6ea518f43a30be149d691e52a
SHA512 8912bf3837db14a00bb28a3e60955da67644f15546aa01da7cedf491e4f29f44484f15a35ec6e1d758907b2e1246dc7ee3bdcb954ddc2d365ea0489e62e8c73a

C:\ProgramData\MediaCache\S-GLZCSNLK-20241110_060446.rtt

MD5 b68824fe6e2c3fcb2fe4d537e5ae22c2
SHA1 4eaf3dccf09aca3b375bf1918d9ee19ab3b878ed
SHA256 c012b9bac29ef0acd54c0349685755764ba400670a1871046855c520a1a1acbf
SHA512 2fd3ecab14a1e235ad87213081c458b1e97fc8e9f2fd15e8a8d11c7ff9ecc5575ab6a5449cc86f0c1990650dddcf0a161bfd967e4920aaab801f39ea1906c646

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 c92d9bf4260900ff2ad3759a156a0471
SHA1 2433813dfcc5b70a1428f480d84a4f1def205795
SHA256 19ee52f72385f8ef712dc677738f3e8b8f7364a5d9261ba33d35681975d19225
SHA512 f59db6f32782073bf992411d94a5bd7b6047ab97862e3136bbce400cefae383ea8938123c0a83deaf56e13bec9422e9469914ff2d8e7ba394b3db2dca25eb3b3

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 dfd8cbc8ddf4f0f7f748a841972122ae
SHA1 49c779cbf78def957e581c636b6fcdfedfa1f85f
SHA256 38db7be7abbc69bc790c7e8168219ec961df0ff254b1ccce3c1f9c218f562c02
SHA512 fcd696d2af0e000df9def4cf74f8451a2a8ce4da3aef6ac7e349c762c2dedfbf55bb65b292ae4f164c3946c7676595d63ed9b774bb13ab515051d91b197b7114

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 ff2ca9a919e052088570784ec35cc03d
SHA1 9e3a58db51a01554d1472b82abcc456a6c1a5e5d
SHA256 d5e8d22ae7a7096b4bca91f9272615687ddc1bc1be15249711ee84195f4416c8
SHA512 6908e433cb336a469154f8a15474efb11ed0961f326cc0b05e79035d245b3d1339cfa3487d807b0899e0aac39dab4485c9b1dfc81c0ea2c368b477f3e0666078

memory/912-520-0x00000000004C0000-0x000000000061B000-memory.dmp

memory/1824-601-0x0000000000750000-0x00000000008AB000-memory.dmp

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 177254c66f9e8ccb73597f91508745f2
SHA1 1c459db3a6944e5d6737ad53caf9f128bff4fae4
SHA256 edcdaf196d17e298f6dbebc7b08afe5c48945f215bd90988f4d79ef7a7c047cb
SHA512 907595bd74d316f0ed15157e016327dd0d5a939ae8c3c883d1fa2ffd84fc55d4a1990ea73c4844c8b4248a3e93dbd370a86776c4243d18a2194192348bc642a4

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 5af91566b667382570f604b6e084f89b
SHA1 4eb453684b20a7327e0a4d58cab5520d7659e26b
SHA256 43c0a8e560a973e5e02fc0aed92a525b9b048e7b2fdd0a314b713b6032db3f69
SHA512 f7024e242d52b79349567669c8fcca3477596765f9bff22fdbeab082beb747fd21799f71115dd068a4f0a84c0494df9d4552356785f8c2d097328d28d0b9c1fc

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 80acea85e7f3a5f5cf96454736fe893c
SHA1 a6b0c64dc91b849feca04737f5a77083a1d9c629
SHA256 f9cabecf7d7d594e9d029a12eb05237218bb64fc554af7dd48bbafd2adaf51b5
SHA512 9068f3922b11069426d99337ebec3d434ce4f3e0aa4d416e1cfb5b5eaf2fa762a6436484c8d26922932d0786ddf0b4749a568cd06268d9e921ee2cf7541b4a77

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 010017613f44d44b9dcb34edfdfebfa2
SHA1 985027f4dc749b2df63af8eb17127bfebb18cd2b
SHA256 9b9b7e7deb7aa3959b8cb92240d2da7219711be37f6c4117f99f370ea69268c7
SHA512 d40f318de3f67b5eae53707c3a3061bb5075fa7eafa7debca6d8b106a2af787d8480f2b4c17e12c841b10b79a89dd7bd18c097f53c38abf0f5b046ed54630832

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 6b3efdc7f8bc0b2447cf93f8f694ae22
SHA1 d5901ca1a1fc8a43697bc3d241bc2df01d9d14b6
SHA256 59fca288b433d108ba1c2fdfb9edb0717167aac96f3880c989fee6e2ea73b1c4
SHA512 6044ac8e8c0ec78e4041ad603718a1b2622e896e0faa321c19764fff7a57a1e2f9d1237e3d51d3395ea37d335681247d6f05b9fbef2ff1b3729c3515d0a8a32e

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 431472b7e0712044d572205b0777992a
SHA1 d11560ac91376aabe1491ef06e1632e15a994ef9
SHA256 d8ccec576074056c6c19b3f715b00cb0682a4035283b721a7cb09b0b4502f889
SHA512 07b22416f6b4b258668787d0ac652abd4434b21b07bf62140788608b2e966be08556f4aa1305717bf4102d22c07c3c5de93a76bbf5a2d02cacbe0da6472e1c53

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 1ee302bb124ccd57aa56ecd050d1e475
SHA1 1e989154b21c96a5b3ad4bcbceae36477e3c065d
SHA256 88366a62dc260fb3abfbfaf68fd1302a3a0dbe720049a5e4bac9496efa254283
SHA512 8947fb6edd5b5b9506d9a0d2ac97c3c99f01aa12468161491f4682e763ddcffff08f19bbc93c4856468b4b5a13c54332b544c123fcb18b789045d978a1aff0f6

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 2e43c0abbbf306de695e1ead715a50b8
SHA1 cc809f77b2c92c89a76ad48f20f2db38f2d33e34
SHA256 da528c58ee9af6397f1f78e1e2121dff475e41bef0f07e2aaffc28227a914886
SHA512 c1d1246e091ff572723cba1df1ad10ec6382d1ab561e137c1c2fceddbc5f2a3de284ad26c8f8a0f8d6fb5842235ffd80fc098ce61b7fc8b4bff68a8bce6302b4

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 e697f6b96d4a430b5219e1997888fde5
SHA1 c0694a877db5939ca308a356e1b5094072427d79
SHA256 2ae541ca87e4b3e9e7249921daa4da05851c81277fbd16a5c9f4a9afba6ff6b6
SHA512 0222a39a91721183186a6c2cd5aa9881114b03a94ca1558b9d40c10d167ae739a56109795cbff119b10e03669c5e122e1fd130d48a3cc34c38bd29cd62ef5449

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 a8082fd40568353167ecd8a997da43a0
SHA1 26ea272b363b4eae1f4e055223bb11a0f3c3495a
SHA256 08d5c82151e0a31ee0dc0f1a97467aa52f9a969f865fcf839c43579da9535542
SHA512 228c972fb3566d7392e016f3aaedbbbe8e1804a9933b6ce9303182b7e20715475190141a4b75c31e28057e07e399591b16ddcdadcea9c6481b9127b502116f2a

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 f3083232e943a5fee4b767aecb7450ea
SHA1 132a2f86c546b2544a40445dc779d90e87c6a202
SHA256 31d39d87a1111c0b2667e86afd263a6630587b6578597aacb15a4a766e3e0ab1
SHA512 a5edda7f2ff8739ac0c15b2098228cce17e3656332ef02b5e31dd3d9f9b582f7930658dfba8b969bc2d0524d4540671c69bf4604bf6837f1adcb27787326f9b4

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 5ff912821ce096df49be6f64a8d561a0
SHA1 a28bbd0f78e28a1811ed5eebee69b9bfb0213f8d
SHA256 0fd85183b4c16bcf45fa46cc520e00edcb102b29711fa0bae63816b88db699b1
SHA512 fb39f4b06e7652f862de7fe38932f14e5f3eb0a785cb9c61011fbc0aad283b500bee8ac01f8ea01bc25af527c2ba4e79edccafcec1cd42844dcc53280c505cc9

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 e638b439dc96c3cd3c245371ced11060
SHA1 70c6c43818e85b38caef7402c690873cfbabd9c4
SHA256 e374dc25699674d36fbeebea53997302ec4930dd2ffdc9a3d92902526e62fa1e
SHA512 41092e0998662b7020b0351d2aa62638f646ab50dc45153914ff2151722d0f08c172ea8a439d572f90731cd753e648a8ff2e0e3385da0372be6f54185482c337

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 b653ff75ad1274351f6ce41583c1ef64
SHA1 a6b40e4813523c6e3dd01b63beb6616506f3b192
SHA256 05c2146aa25047e70c49998626185601766e2d06397a42393ab6a08c98cd8952
SHA512 19f85f67e101a7bc1e716e3b496a75ff35ad336fdb8c80dfa5cdf35df96183da878d7a332e8246e8d580fc3f41260a305c0ecf4b4b28b11519a630112867c5c7

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 1ed421f2d77e194f2dadbfda23d2e7f6
SHA1 911c8a8381136103c751a8fe72ced3b1ace011b7
SHA256 115cc5e2ff70596113db634bcb999adf3ff2453ef188daff85bef28755170319
SHA512 0aef106f1c78479fc284bf1f975c036f9c092db4eb07bbe7a6713db30f668e7303ff5d6798b202ad996287c1f25b9a812e4146b1bc31267001408a8be69fd939

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 7571160f0afe50a8613de2a922903d01
SHA1 aa9c12fd760b4add501603d35aa61496c4ebdc67
SHA256 1539c40b471c7b8b314f6a5377b678f40bdb1fb636eba18c6db030036d40b285
SHA512 c25ade8fac94fbf0c32fdfefad0d76b8cfe14b95c1f0a239b033418a662ea8a30ce769da89c75a0fa25e61af228e62f50c5f55457c03a81736f27dc749482bfd

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 b383c8d0c8f79e14d99ca1ecada47774
SHA1 63cdc0d2041ccc22f2e10e22a5b7c385276fd46b
SHA256 807c1e1be4e5179ecffa68c1d63415b5378bd5f46870189a04f39f5c2f6233d8
SHA512 9abf082ba5407386125c70a2ce0d3495c5b7977621fe9c65ac27e294bde23c09a38d0c6177390d3e11edd2b6160e052473415192ba06f147c2428217cf1ec29a

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 aa8eefcf636964d8707a2daa7f623052
SHA1 b4ae97451893f203a5e8e41f475e3515838abae6
SHA256 8e478c150906d718324a3296199fdc16b2f65a2c99eeac437a068bf90a31b8a6
SHA512 701dabdc9f49fe89666c554b817f460dc89e62fcc319e1aa6d3ceac50598759811e3086831e4dbca3ad3971386fca0a6ebbe2d017248c2393a68f5c530ba418e

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 71078252831c191e69fe3e6e75091cc9
SHA1 8507674f36edc0e0c1f75df866fdbca6621a0586
SHA256 d6fb15ff383c295efbcc036252320661054f9582fa364cf70d6dcfc0159aa5d5
SHA512 6dc2b15f5d490c4f69c9432601eff647513a7c1903bb88a3e15b4ab404d86bdeaea969049a6110cac38a2999d1b32972de927faa7799bc9408195b80c56e5d72

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 03ff84ecfca48931d9df44218c900289
SHA1 92be45ec0f2f0c113daff7bcab2342341d914027
SHA256 939e76e92a33938e39a422e223d9cad2401e43ae610035031c43a62c9aad2f44
SHA512 b7f4ed797e149b1fd21607c36a6030f8c4182ddc28d3c48c49562da6542fe0f4e0d5e8487a74b1333e4fe8a8e8cee2a910d5797300c025738897596ad7d2ccf9

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 937eccf350824dcd9a3ba60af4cff585
SHA1 fd4a71cdbd217cb0a1446d969395244b73d403c8
SHA256 51aca97680a0a22dcc86c97febd67729902c55ff6871d1158c7d1ad53eaf6651
SHA512 e545844b7d91186f5fdd363eef18d20275fa5070295c5250c7f16bf64f416224ac132067efd933b4f56ec4d24a6e9ed493a66ef67b11f707d02aa38d665e02b2

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 7d1d5de3028967a007b07d40e8af3fb8
SHA1 da0fd8c41d7d4bd5dc9adea651a58a8b1e13843d
SHA256 8e342538aa65d0016c8357ad793f4dde62a92c77ba6d09f715050eeadee3de16
SHA512 b08f655765333251d18a174c5d7d26452c62674296985080368f06f970a4b749206df4df042839916a88855901c531ed12fdb532111f5ceb4e18aa22083b2455

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 f53a1ab71d459878638110a66cc7d655
SHA1 12bed843a0cd3683aac92f4800b33c39557cacfb
SHA256 373904aadd83a2e360177c40a00cd1d7b99d744f54c5b9521c3bbc4d1521006c
SHA512 c329474dd660e07e89967188939b687dd2960e095fbab3e2a22ec760989dabac1f2a903f4209addd32dd8f592d0b5b3048c536ae2309747ea76a06f78b7eadd7

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 85878bae6228ce98892ae251d43b36b7
SHA1 e826b88b7d7a291fb5505a6f9af7b683dba0b3be
SHA256 a320f8cca745224b590f2562d7d2504b473db15248cf999f6d56f49b07156c78
SHA512 580ede90bcdbf48abcb899931bc0da4a36a0b14c4c853c23aecd5d820fa6577329f1c40d678fb7dbff1296f2659b26be1a2805d43a595e7c302d0c5b22a2cc60

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 14413fa5daaeddd29afea2a1566b5568
SHA1 584e92bfeca44d668c26429a243bbb54ac62a2dc
SHA256 5849881bf40481c413ee1533da4ffe848b4ec6fb4f8b101d3668329e0e42a120
SHA512 eb83fdf069c146d9e05254f8e122203f5ce69466628e422fd215b7e478d0e6a607509a8ef4a645c72bbd8f1eda91b60cb0a33aa82811988f9c894c72f26bd486

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 2decc168b70e115ccfb5429f38f95b63
SHA1 be0f2cb86e433b01d8194352161d4c0d93754ee2
SHA256 99f389eba99e50e4450dd685a1d13e2a43becafc0af386fa6aaab1706f7a4645
SHA512 8bb987e03a4159b88f1fa52e98dd9b709cdea31e887ac1a186ca3c7a24e963a26bce7270233bd668078b62e6d348dd01a8f5273ef6a20ce4c555683981d08aac

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 fe0bb91c81f1222794e6bb4db26a981d
SHA1 7b8e29e61c67674ee8fbd00704ce408845b0485d
SHA256 778d49121c8cfed18e137e3dfbf92190cd824d65bcd2afa7e498a8dc949033af
SHA512 b8e692819ebc84d412753f1c30bf4f71137d465384f262219ef6890ade2107cffb9b81a73b866acd804742622d406f24f0c8d45151c3382033bd48a3bc0c1ef6

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 49cc3e7d30dbcfbc7f6079934253c37c
SHA1 a533cff4c5747a48916005006745a93cfd3191e5
SHA256 ef4df44a551f2321e90a8c80b27042af1decc5d93d6c589e61a0098257b5e89a
SHA512 2eba19c1517d532e813c68ae971c61c0fcddfbf15503e2fa70b975ee0afad0328a830475d3a6208758d3acc24ed4afa0794e52f98771e67adcfcb32a569a8d06

C:\ProgramData\MediaCache\ramdisk.sdb

MD5 3a5fd7602e65e8c2581854367b2dc594
SHA1 e9f255e069f07e429629542451c5c14b4efc2056
SHA256 a37700a4d58f41c53bb01e642c22024e24bb79eb14716913ee0b08b90f6a9e8a
SHA512 3fa60f6492f8ed390353cd756b60ca05e5d9b4ea84f5dda1c4de2d43c302bd9f6a032ef92eeba475b74a87e9cd2c17b75690adec8aefc8fd49fb26af46550e6f

memory/912-767-0x00000000004C0000-0x000000000061B000-memory.dmp

memory/1824-861-0x0000000000750000-0x00000000008AB000-memory.dmp

memory/912-957-0x00000000004C0000-0x000000000061B000-memory.dmp

memory/1824-1049-0x0000000000750000-0x00000000008AB000-memory.dmp

memory/1988-1064-0x0000000000C10000-0x0000000000C48000-memory.dmp

memory/912-1168-0x00000000004C0000-0x000000000061B000-memory.dmp

memory/1824-1260-0x0000000000750000-0x00000000008AB000-memory.dmp

memory/912-1310-0x00000000004C0000-0x000000000061B000-memory.dmp

memory/1824-1357-0x0000000000750000-0x00000000008AB000-memory.dmp

memory/1824-1451-0x0000000000750000-0x00000000008AB000-memory.dmp

memory/1824-1459-0x0000000000750000-0x00000000008AB000-memory.dmp

memory/1824-1461-0x0000000000750000-0x00000000008AB000-memory.dmp

memory/1824-1463-0x0000000000750000-0x00000000008AB000-memory.dmp