Analysis Overview
SHA256
67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90
Threat Level: Likely malicious
The file 67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (4539) files with added filename extension
Renames multiple (3070) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-16 20:57
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 20:57
Reported
2024-10-16 20:59
Platform
win7-20240708-en
Max time kernel
120s
Max time network
17s
Command Line
Signatures
Renames multiple (3070) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe
"C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe"
Network
Files
memory/2292-0-0x0000000000400000-0x0000000000408000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
| MD5 | 83e0614428630c967e99b41c1161a448 |
| SHA1 | 760ce2d76225453fa8db2d77b98230ff661c3bd4 |
| SHA256 | 559e27cb52fa8817727a2d3fc733a716c267cd4279db6d914d537bc84837897c |
| SHA512 | 837d72a93941976900c28d5cfbdc8cfd3ce3c9b04b726d4d6a76eb6dbcec7d21fbc8f7f652a0fa3cea277cd9f46ced3a2e35361a275de07af90d7ef21ca06bb1 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | 9e1f09dff7e3432fb7643c0f24eebc9e |
| SHA1 | 23d0e9376a46d5148907c0e1052afc2dcb0756c7 |
| SHA256 | a14b7f8d5ae48931b871b48b1c0b8aac9683ee05294a71d51b4102f859fb7347 |
| SHA512 | c81ae4fc95aeef958b2c87218c6971d627a3a0479aa9508a1084a8c00ffc07d854c435dd756635f5cf6ec3e942b88d4abe38dfb4bd4312aaf32ab8b7d043ddc5 |
memory/2292-70-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 20:57
Reported
2024-10-16 20:59
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
107s
Command Line
Signatures
Renames multiple (4539) files with added filename extension
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.Json.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Expressions.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationCore.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.X509Certificates.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationTypes.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\lib\net.properties.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fil.pak.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ms.pak.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\nl.txt.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellLayoutModel.bin.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Design.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.ILGeneration.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll.tmp | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe
"C:\Users\Admin\AppData\Local\Temp\67427fb698bb1e036aae96af5d72cf03edeff0b08946c48ae47fe4b4f3c9fc90N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
memory/3336-0-0x0000000000400000-0x0000000000408000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp
| MD5 | 34ca04c95912b1ecb3d42a3790404d69 |
| SHA1 | 2dc502f79b9820d3ef85af2929494cd77070f5ae |
| SHA256 | 5eb2088b0370963c8169c6d6f2f9060a0b101ed2aaa848e34ffddeb2188a8d30 |
| SHA512 | 411f58bf78d2d29a63ffc599cc897d38c14f1be0d2dbb6ccc2669280764be4a956762d770d302ebfba70c6ef1a7d7c431c4c87505c12ff0dd0464e07fcb7956c |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | c8ef7bde76f2cdc49d78ed1d9f51ce0e |
| SHA1 | 618c8e73e4b799b863e169d0c647aed3f64f834c |
| SHA256 | f9f3c68019030bb4e3aba53509700171fc2992073167666a3fb050f7fdfb0add |
| SHA512 | a6f0f631467dc6f06cfb012401463103a60cfc9ac7ffbf51b75e3e7b771fc38de2a1f1566231f46c654e079e421f5fbf68b85ce19c79d8ec54557186b1462d47 |
memory/3336-784-0x0000000000400000-0x0000000000408000-memory.dmp