Analysis Overview
SHA256
adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554c
Threat Level: Likely malicious
The file adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (4653) files with added filename extension
Renames multiple (3140) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-16 18:49
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 18:49
Reported
2024-10-16 18:51
Platform
win7-20240708-en
Max time kernel
119s
Max time network
17s
Command Line
Signatures
Renames multiple (3140) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe
"C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp
| MD5 | f319b21d70596a3e65e243e4be1af80c |
| SHA1 | 7034c2f493f70d853373d5472739c680eddd47c2 |
| SHA256 | 7aff24a0939d0900ab7cacf3ac95a4884fc94578b7440a4a1e8f5bce17b8b3eb |
| SHA512 | d3ba1baff179c21c463ae8ee7c1a6999d8f40db3010eae63a85532f2278a3c043b87b27acf52ff718c9acf9a7eafd885bfca55eaf26a78959a2bdcda7bab67e7 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | 0dcfbb9d7b6305754b217028b1c812f6 |
| SHA1 | c7e44b5468a25d2bd0bdd025c997900a72f131f8 |
| SHA256 | 3a84d40ba09c19d489dca8361ded1ac678ac16af22bfe0aa297620754358b2ee |
| SHA512 | 8e99eb6b5c6f9998a46de0bab19435805f9a5783de9c5c9750df45bab4da6e625919d4900cd601902fadcf660678ad96da32a9c5907c0fc3a7e53f305148df55 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 18:49
Reported
2024-10-16 18:51
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
119s
Command Line
Signatures
Renames multiple (4653) files with added filename extension
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fr.pak.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationCore.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Xaml.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encodings.Web.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\tk.txt.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\LICENSE.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\Invite or Link.one.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorlib.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClient.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ru.pak.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
| File created | C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe
"C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp
| MD5 | ba9c6a17bf0249179e4d5870e07ca442 |
| SHA1 | fb6d5c72a0cd82137bcaf9d3c7d4d68165fa6ce8 |
| SHA256 | 0b1ad75e22fb6387d6b9da501a0c627de3aca428b4a131036cd1b96960fa3f2d |
| SHA512 | 7eb138bf48e98d4c9e22bf0df42009e396ff06ac5f4b76457cf4b8c9fd7ab30deeed2ee97753725e53497e123e9b186bfcec806dda35c83fc6431ce758adcad5 |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | bb12a64151ce4e09644727fc127ecb45 |
| SHA1 | 98c721b8cba6f58717f67a5796850ce1f8155b3d |
| SHA256 | f94fb6a57e09314c679e2e50de5cae69d10d8d11cdbc1a2df874ebafe7a774c1 |
| SHA512 | 5064b33fb0a66f0d78885df10f4153f3b3bcd4fa7a9004a456758af9967da48d23c5151ef796067aa7618b05b697f106f0cd5c120093bf719181a647b81c93aa |