Analysis Overview
SHA256
5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9
Threat Level: Likely malicious
The file 5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9 was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (4852) files with added filename extension
Renames multiple (1028) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-16 21:10
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 21:10
Reported
2024-10-16 21:13
Platform
win7-20241010-en
Max time kernel
149s
Max time network
19s
Command Line
Signatures
Renames multiple (1028) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe
"C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp
| MD5 | 65ad02911097c67dcc62eaf63c0b3823 |
| SHA1 | e82efe78e2dccd1455eb3095d288ef9c9da2e91e |
| SHA256 | ed174479a8ac1c39f7b437776abb9d2ef5195f867f35b845db0b5a113afe47ed |
| SHA512 | e0282c665e3bc29f5606b70039cd62cf7cf1672e734260ee7b5288e5054edffe42c3c6f75bcc955c6ae457dd5a4df2df96bf86fdd1ce9cc45e67f627117849f2 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | 3a2d64366ade0d709b82751ac22fe07b |
| SHA1 | aa4a94001ba332e8f7de8ef2fd92e2db44ca4aeb |
| SHA256 | b1bad342f99ac5377a78332cd372521d6500930e528d465c6ac3991b2218f719 |
| SHA512 | aec3a9f55dc30015b7589170921bf9a7cac69900c60c5a3eb5e24f2055be223a659388a4e9bff85379c09c2a2402450170bc22d86b47950cc02c300213c23d2d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 21:10
Reported
2024-10-16 21:13
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
126s
Command Line
Signatures
Renames multiple (4852) files with added filename extension
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Common Files\System\ado\msador28.tlb.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Common Files\System\ado\msadox.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\mlib_image.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\javafx_iio.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL083.XML.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Candara.xml.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsFormsIntegration.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\lib\hijrah-config-umalqura.properties.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\nl.txt.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXC.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.NetFX35.dll.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe
"C:\Users\Admin\AppData\Local\Temp\5c32c878d70b7cf190f7a4595ea0713eb05c1eb02b1d883912eb04a8499a4be9.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp
| MD5 | 1202144caae350645b5af84d84a5bd6c |
| SHA1 | 37c6baf8169c1046da2a13c8de24d8a64a2a00e6 |
| SHA256 | 3ce3ba415d638cda66e5f807130d6cc45578302c724025edbd668ab1210c2d4e |
| SHA512 | 69224b93875189cbac5b0afd7448824ae1176d3888fd9fb12bb3651a52ab968dc6f2c6e88e175c22185582fcc254ec1b417f41e172a3f3b9c3142139ae5cb81c |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 0a0f67de7391abcbf7f3cfd938409800 |
| SHA1 | ff11cb5feb03100cc64e78303fb9ac2370de8d9a |
| SHA256 | bbdfb2079f59ff8ed0a09c79d7f8674148d5ac6bd8c0c2c08b3d0ef207643f19 |
| SHA512 | bdfa311f415154063048d6749fa72434e968055c3757c9b34b0c9afa3201aa339b6f690df8695ca2d5e849f0c53de6b1b38d20065d0332a01f9518c7d22b8b3e |