Analysis Overview
SHA256
fb9ae84a92043881f12b83e048e6f4f2399317d0d5aba79570bcc4e7d7f91ea9
Threat Level: Likely malicious
The file 2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Adds Run key to start application
Sets desktop wallpaper using registry
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Modifies Control Panel
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-16 07:49
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 07:49
Reported
2024-10-16 07:52
Platform
win7-20240903-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\windows\SysWOW64\drivers\spo0lve.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\windows\SysWOW64\drivers\spo0lve.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\spron = "C:\\Users\\Admin\\AppData\\Local\\Temp/2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe"
Network
Files
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | 6f3974a59d6d457b85c3c64b65ea77ae |
| SHA1 | 418b6279983e7ac467fad0fb86d6263c6cdb8c38 |
| SHA256 | 08ed90627d48bc94edf6c96099254c3a0745ebc4c40407411fb7a3b82a16e57f |
| SHA512 | 87c7aee0f86e8bd0ae8bcb972335c04c123896c92a8d183cdf470ee34ec15b8ab13b625bb45f58c21d7155847eaefd12d65885017c8b1781b2933833e74e3282 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 07:49
Reported
2024-10-16 07:52
Platform
win10v2004-20241007-en
Max time kernel
138s
Max time network
143s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\windows\SysWOW64\drivers\spo0lve.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\windows\SysWOW64\drivers\spo0lve.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\spron = "C:\\Users\\Admin\\AppData\\Local\\Temp/2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pigdesk.bmp" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javapackager.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\policytool.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\helper.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\idlj.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File created | C:\Program Files\Windows Media Player\wmpconfig.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jjs.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\keytool.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File created | C:\Program Files\Windows Media Player\wmprph.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File created | C:\Program Files\Windows Mail\wab.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\xjc.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jinfo.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\java-rmi.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoia.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File created | C:\Program Files\Internet Explorer\ieinstal.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmic.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\java.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\policytool.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msotd.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\extcheck.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmid.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsgen.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\crashreporter.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File created | C:\Program Files\Windows Media Player\wmplayer.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\dotnet.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\tnameserv.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jhat.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File created | C:\Program Files\Internet Explorer\iexplore.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstatd.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pj11icon.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File created | C:\Program Files\Windows Media Player\setup_wm.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File created | C:\Program Files\Internet Explorer\ielowutil.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoev.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\WallpaperStyle = "2" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\TileWallpaper = "2" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | 6f3974a59d6d457b85c3c64b65ea77ae |
| SHA1 | 418b6279983e7ac467fad0fb86d6263c6cdb8c38 |
| SHA256 | 08ed90627d48bc94edf6c96099254c3a0745ebc4c40407411fb7a3b82a16e57f |
| SHA512 | 87c7aee0f86e8bd0ae8bcb972335c04c123896c92a8d183cdf470ee34ec15b8ab13b625bb45f58c21d7155847eaefd12d65885017c8b1781b2933833e74e3282 |