Analysis Overview
SHA256
004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705
Threat Level: Likely malicious
The file 004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705 was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (5029) files with added filename extension
Renames multiple (4072) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-16 18:03
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 18:03
Reported
2024-10-16 18:05
Platform
win7-20240903-en
Max time kernel
150s
Max time network
122s
Command Line
Signatures
Renames multiple (4072) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe
"C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp
| MD5 | 6651668a60208f0f31dcde5ff9ea2be7 |
| SHA1 | f7fe0398dbdee3e1587823e48ec8745ad1799e75 |
| SHA256 | d6e6911af5f1de920e196bd0928db81e652d3f9453f3e923034f3b6f89f03ced |
| SHA512 | fd5ac9544befec80c1f46b0458a86b3f658bdade8c3dae560639a35183db61020fb780c79ee117c71852aebb827dc828dead1c77f928bd82dd36b73f9b0d287f |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | c5b02e8d20e6f2aef421e8790d272aa5 |
| SHA1 | 1eddd5bbcd2ec59a3801d6afbc0a16dcc0b10d89 |
| SHA256 | 8485d112087e223708e2ea47935bb042fa800f7a471feae6faf27b4b1c645c57 |
| SHA512 | 2c297326329eb109706e5432790e8b7738fd87c6957bbeda837a96bdb772b790c933a58392f0bfb643f2a4dc494f53fb81e9ae4069b850762299e343d1dfd090 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 18:03
Reported
2024-10-16 18:05
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Renames multiple (5029) files with added filename extension
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Printing.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\it.txt.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationProvider.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-localization-l1-2-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.png.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\lib\ext\jfxrt.jar.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Common Files\System\ado\msador15.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Algorithms.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationNative_cor3.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Classic.dotx.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN096.XML.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.Wizard.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe
"C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | udp |
Files
C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp
| MD5 | c350339a570c643ab3922da08f72dbbc |
| SHA1 | 11399b6ff6496c4336f7e06749d0fbf2baf27aa5 |
| SHA256 | 6f2849cfbb6d0417f3b224dfdfe20112fe236c3d8d1c5675eb3d3db6f1a1562d |
| SHA512 | d5268efb3c1d3247168f5a21e3b228a48fe0747b2968df3e5ca76d20ed5707e88d3f91169cd10e191a5e2baf6267839d16ba275cf94c780c73bfb57c90c08fda |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | c49cad4080f5cbd1f715da1d5bda74ee |
| SHA1 | fc57ea4d86586729b448762bc8ff3ef8fa287709 |
| SHA256 | 56065e5c9b51554673e97b525535211951881967e04042fd3d40b649b2d8d2a9 |
| SHA512 | 068e4e65b550292ba6e0abc7ef1f13971f7934e4ccef516969a5827b9965d274ce51ebc28f9400ffb7ab37ef8a95bb4b55e28b32604b7191f15359dda8326ba2 |