Analysis Overview
SHA256
3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384
Threat Level: Likely malicious
The file 3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (5000) files with added filename extension
Renames multiple (3635) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-20 03:27
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-20 03:27
Reported
2024-10-20 03:30
Platform
win7-20240903-en
Max time kernel
150s
Max time network
119s
Command Line
Signatures
Renames multiple (3635) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe
"C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp
| MD5 | 1716b79fd13fa113dcf7dba1738b1f28 |
| SHA1 | 28f18e87cc7049ba8c0996a7d223d0518d958277 |
| SHA256 | 16bf2338a4a3166780de50778359516193becbbc90a9ef2826931321948b93a1 |
| SHA512 | 30e22eece72a722cbaf14db0dbef4f931d300aa5b616c984efd9da5809596cd365e8c379405c3cf7674fc9e637015f0ad8c5dd50c3577ad697f5278474ee4c04 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | 4a35858a65d94b0344b33d96bf30724e |
| SHA1 | e7b67e08166af761a13b1a2e4012af39da91ca37 |
| SHA256 | f2df22c37d609922403bd34431f1c206065e13a1552dbfc6ee63bcfbd9744c4c |
| SHA512 | d209e1d2334172153207dd633f09c79e9eae97620bdaab7ee32e2359d7913401e05942bb119d4d7de5961f33f1c6c3b64bc409bf1a96570ae9e89634965dc67c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-20 03:27
Reported
2024-10-20 03:30
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
125s
Command Line
Signatures
Renames multiple (5000) files with added filename extension
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\MeasureRedo.sys.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-2-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Timer.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\include\jni.h.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Xaml.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationCore.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\PPINTL.DLL.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.Common.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationTypes.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Windows.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL093.XML.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\deploy\messages_ko.properties.tmp | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe
"C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp
| MD5 | 057713cb1bc5cd8eedc5cdf03fef72f6 |
| SHA1 | cfc16b6e06042eb453997137e0d664fb8aebb8b7 |
| SHA256 | 51c921df8cf0abdb01e5624672bf62a64c92091dd4936ba3dd679e36a9e02662 |
| SHA512 | dab02cdf43ce7517c5787ec20956c703440b24d63c0aa0b10d428e9e6b48842680af7f961341e27b0e800a70c917e38233c65da5c9a4b17ca480839e535de556 |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 8d3caaf5198105d5b20d49e491031797 |
| SHA1 | 2e6463c46e8ecf13cdddedc91bc64292b6c40522 |
| SHA256 | 00fa4807cb4f38092e40d4221851780d1146201950f1aa434ed71f4da76f7fa4 |
| SHA512 | 154d59856366ba9c24963bac955ca725a10bd795c5f561745c016037ede55506d89c144134fdbb14ce1e25c911276be44577386ebbb1dace06e14fdd3a91527a |