Analysis Overview
SHA256
3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742
Threat Level: Likely malicious
The file 3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (3349) files with added filename extension
Renames multiple (4658) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-16 06:48
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 06:48
Reported
2024-10-16 06:50
Platform
win7-20240903-en
Max time kernel
120s
Max time network
16s
Command Line
Signatures
Renames multiple (3349) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe
"C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe"
Network
Files
memory/2272-0-0x0000000000400000-0x0000000000408000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp
| MD5 | d12c9ada470d5b30607497f38032c19b |
| SHA1 | 742b864a7fab5ae18c9ef9bb606dd46b8ef3cd96 |
| SHA256 | 64960d1003eb49459c657239283bc19e83b9192784ef1546a186fe0fd90ad95d |
| SHA512 | 337485738e5b7e381b2a653f9db7e35367cf6259418add2d7a8d673e33b9dfa3c7e3ecb28a81d35ec9bdb5e37e1c61b78e2e7801df5b3ad84809ae87edc5a313 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | eba625572bf335dcb7886514643c1cb1 |
| SHA1 | 4944d4f85e6afa31337684bf737aaf541f1be119 |
| SHA256 | 4fce9c2554aedd14b6238672f479fefc4b1e5791675e30acd5dc3c4cc4f47f0e |
| SHA512 | 7888cba841ba08e9dbac058782fcef316ffbf2f42e62e981bacafe41af07b584011eb6df5bb1e58848a348c201fa816caaaa82ca5968efd3ac87e3d56d621278 |
memory/2272-74-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 06:48
Reported
2024-10-16 06:50
Platform
win10v2004-20241007-en
Max time kernel
119s
Max time network
103s
Command Line
Signatures
Renames multiple (4658) files with added filename extension
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationUI.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Parallel.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\deploy.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\hy.txt.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\it.pak.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Concurrent.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\et.txt.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.ja-jp.txt.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\msipc.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceProcess.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe
"C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
Files
memory/1244-0-0x0000000000400000-0x0000000000408000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp
| MD5 | fe85d58579c0b9de256c65f3a10b9ab2 |
| SHA1 | 496e1cd713b7d48b57e940d2cbbeb1d32f936c01 |
| SHA256 | 412991d4abc82aacf5ddd90eb73a54df5e97b82eb86dd8504d51f271b979634e |
| SHA512 | ae96e2bfa8da132fcf2c4a1deff875de25d7356d4d67164aa4fcd29274204c9ef08a787d5f1b021a53cc2135068d55db9dee27d031d3358b5eda34dd9fd08648 |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 4ebd05ab2ee57296e4a4bc40e95c5927 |
| SHA1 | 4c229e03df13af4f38178205a93614162ae759ce |
| SHA256 | 7000a5b31f02d17bb42c2653e8857152648d70464ee68ced405c5b8b1adee41c |
| SHA512 | b403ad94dee7f46745a581c05cc23bb7d2077473850daa57152ae4878388b8d916e9d9e914b9f016406d8cc5d42e858d0c9bd7a143c0b7d0c854ea379d9f8dca |
memory/1244-790-0x0000000000400000-0x0000000000408000-memory.dmp