Analysis Overview
SHA256
d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74
Threat Level: Shows suspicious behavior
The file d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious behavior: RenamesItself
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-25 23:43
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-25 23:43
Reported
2024-10-25 23:46
Platform
win7-20240903-en
Max time kernel
120s
Max time network
124s
Command Line
Signatures
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\Shohdi.hdi | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Shohdi.hdi | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe
"C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe"
Network
Files
C:\Windows\SysWOW64\Shohdi.hdi
| MD5 | 6c31b421bdb2c6b81f232eb6372f6390 |
| SHA1 | a2c3fbdef0254e404c552cf47129ba076766d3f9 |
| SHA256 | d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74 |
| SHA512 | d7785bb4d0d5dcc1dee2e8d53afbd02bd2b4ebae848d54d15f1d2f0a7f8a79fe062cfddb2b8f42903a6acb279cc79037ab309c7024a55ae6bba2e0bea00790e0 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
| MD5 | ff770d586e13c91bed490bccb6d32f44 |
| SHA1 | c1b717a80647fa60713c3abc2df863af9c7f332b |
| SHA256 | 8ca6788c055e9298de1c6225b1947876c0b67f6c5726b4b35d6d27fd1ae30e6c |
| SHA512 | 4e6413d9282936c66c2ef2b85c4d9326a357ff7882341fdca6bb63b029598f3f4a7777289c6a0fff8a0592b52140b6bac342e3ef77e1f19dcdae66476ca2cf4a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-25 23:43
Reported
2024-10-25 23:45
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
103s
Command Line
Signatures
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\Shohdi.hdi | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Shohdi.hdi | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | \??\c:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\7-Zip\7zFM.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk-1.8\jre\bin\javaw.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files\Mozilla Firefox\maintenanceservice.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Mozilla Firefox\maintenanceservice_installer.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files\Google\Chrome\Application\chrome.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\ONENOTEM.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\Wordconv.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\Source Engine\OSE.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\msedge.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler64.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Mozilla Firefox\plugin-container.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\msoia.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk-1.8\jre\bin\javaws.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\MSQRY32.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\PPTICO.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\Wordconv.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\cookie_exporter.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\MicrosoftEdgeUpdate.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateOnDemand.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk-1.8\bin\jconsole.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jre-1.8\bin\javacpl.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\cookie_exporter.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\pwahelper.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\msotd.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOICONS.EXE | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
| File opened for modification | \??\c:\Program Files\Mozilla Firefox\default-browser-agent.sho | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe
"C:\Users\Admin\AppData\Local\Temp\d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Windows\SysWOW64\Shohdi.hdi
| MD5 | 6c31b421bdb2c6b81f232eb6372f6390 |
| SHA1 | a2c3fbdef0254e404c552cf47129ba076766d3f9 |
| SHA256 | d0d729dcbc883e2e9ff252fe6acd3bb2fcb992f85167a30e924d871559938c74 |
| SHA512 | d7785bb4d0d5dcc1dee2e8d53afbd02bd2b4ebae848d54d15f1d2f0a7f8a79fe062cfddb2b8f42903a6acb279cc79037ab309c7024a55ae6bba2e0bea00790e0 |