Analysis Overview
SHA256
555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907
Threat Level: Likely malicious
The file 555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (5104) files with added filename extension
Renames multiple (3784) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-20 16:49
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-20 16:49
Reported
2024-10-20 16:51
Platform
win7-20240903-en
Max time kernel
150s
Max time network
120s
Command Line
Signatures
Renames multiple (3784) files with added filename extension
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\vlc.exe.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEINTL.DLL.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jre7\bin\deploy.dll.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_flyout.png.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\currency.css.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent.png.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full.png.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\hxdsui.dll.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\management\management.properties.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\slideShow.css.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
| File created | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe
"C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp
| MD5 | 29f40ad0539538cca1a8227358fa08bf |
| SHA1 | 112be0697088dce5a9bffca6d57269df6e72f063 |
| SHA256 | a3fb2f1901a4f463fa0a3ea54ac89282a9daae59c21d35fc14eafcea585fa749 |
| SHA512 | 74b927bd23cac53d05ec23f570a7912cbde9567c02ca2f928290668bda5be93d2edba87daae7f08cfdb6ae3fa78c7f726905b1eb0d57b2d282fe22608acc6b0e |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | c305797072c4eb954cfc8bb7d9317852 |
| SHA1 | 86dcb3b536efaf7bb0eac3825a8a353d47e84762 |
| SHA256 | 80dcca52612771beae75a2e9b78cd5af54c096e65caecc0fce40a76e21cbefd1 |
| SHA512 | c434644190b8edf460d0f78320db5e47505b617fc45438c68042dc7155218d5c21cde4ffe19f93566776860ceaca113d22711d2ea14fd1eece18592604c1310b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-20 16:49
Reported
2024-10-20 16:51
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
147s
Command Line
Signatures
Renames multiple (5104) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe
"C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp
| MD5 | ae3b7a705401fdcc0b7cff7f3011e956 |
| SHA1 | c5e9174c8a0528f953bbd6f9f8f5ebf55aa5df73 |
| SHA256 | 58079cd543b27a656e75e6f185e121308ed0a2ca78e8234b54ecc4a8f0847f17 |
| SHA512 | cde22311dbf7f84e3d88476717475112eb728f40277ecf9022bdb11805af33ebd26d99cea9d9061bb74e22641c36bb65d1d9940f9f158fec651a761fe78b68ca |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 5bd5bf3464269ecca5c99d5d2e9ff301 |
| SHA1 | 16dfd14de380ec0d77eeeaeb2688846f1e745707 |
| SHA256 | 998fbebc6c365aa4f975c41072d595c429289a687ec503c5dd41b02bc3a9abe7 |
| SHA512 | f4c57b24445bf85bf8b4ae27f5e9654d16494af8f24c47b15c97fa4f4835afc53f0a076a86dec4242b249bd0baf5ecf9ad2dd5697a82adc820966b6b8b696bcc |