c25408557a61839c2c10d497309adc2f7179136be3126b02b41f77ee6b795746

Analysis

max time kernel
216s
max time network
641s
platform
windows7_x64
resource
win7-20230831-es
resource tags

arch:x64arch:x86image:win7-20230831-eslocale:es-esos:windows7-x64systemwindows
submitted
01-09-2023 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SPAM .msg
Size

163KB
MD5

af1f88c0cd4fcd819c06f760792be197
SHA1

bc18a19dbca492acf727972877384e03ca98e7d2
SHA256

c25408557a61839c2c10d497309adc2f7179136be3126b02b41f77ee6b795746
SHA512

a00f1e8aa6425502736a55b74413e68648dafd7d39fc4689bf2eadafa5d95c440b4696805bc6408f7f0630e0caae4e331583e57b35bab152383c17a3a8640592
SSDEEP

1536:vbh8/qvIJmsaFNNWzL+TFNSuM4WIWy+7LaaNFGTfiLWIWfAm/y1d+KWIWTf:96msaFNNyLMFNSuY7zNFCfRAL1dkf

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 14 IoCs

description	ioc	Process
File created	C:\Windows\system32\perfh007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00A.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00C.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc010.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc011.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc009.dat	OUTLOOK.EXE
File created	C:\Windows\SysWOW64\PerfStringBackup.TMP	OUTLOOK.EXE
File created	C:\Windows\system32\perfc007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00C.dat	OUTLOOK.EXE
File opened for modification	C:\Windows\SysWOW64\PerfStringBackup.INI	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00A.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh010.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh011.dat	OUTLOOK.EXE

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File opened for modification	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File created	C:\Windows\inf\Outlook\0009\outlperf.ini	OUTLOOK.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar	OUTLOOK.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	OUTLOOK.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	OUTLOOK.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	OUTLOOK.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\MenuExt	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	OUTLOOK.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit"	OUTLOOK.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit"	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	OUTLOOK.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application\ = "Excel"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Codepage	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\ = "[open(\"%1\")]"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Charset	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\ = "&Print"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\ShellEx	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ = "&Open"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\htmlfile	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ = "&Open"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application\ = "Excel"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic\ = "system"	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application\ = "Excel"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\ = "[open(\"%1\")]"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application\ = "Excel"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open"	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\ShellEx	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\ = "&Open"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\mhtmlfile	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\ = "&Open"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" /p %1"	OUTLOOK.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2772	OUTLOOK.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1312	chrome.exe
1312	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2772	OUTLOOK.EXE

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2772	OUTLOOK.EXE
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE
2772	OUTLOOK.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 1792	1312	chrome.exe	34
PID 1312 wrote to memory of 1792	1312	chrome.exe	34
PID 1312 wrote to memory of 1792	1312	chrome.exe	34
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1052	1312	chrome.exe	36
PID 1312 wrote to memory of 1672	1312	chrome.exe	37
PID 1312 wrote to memory of 1672	1312	chrome.exe	37
PID 1312 wrote to memory of 1672	1312	chrome.exe	37
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38
PID 1312 wrote to memory of 1192	1312	chrome.exe	38

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\SPAM .msg"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ac9758,0x7fef6ac9768,0x7fef6ac9778
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:2
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1120 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3216 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:2
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3264 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1472 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3540 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3700 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1688 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:8
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2440 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:8
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1140 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1044 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2312 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2716 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2368 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3804 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2472 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1988 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3924 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2764 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4124 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4136 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:1
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3896 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2364 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3964 --field-trial-handle=1380,i,3121029241770423163,16516713785842611081,131072 /prefetch:8
  2⤵
  PID:3060

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6fa41b10-e01d-44db-848e-d0645a907846.tmp

Filesize
5KB

MD5
a3dff80021bb7c4d97ecd5f1ed53005f

SHA1
a62e0730006cf3407712288a40ba4a960482a57d

SHA256
7373c169e2b2531c2484803d53d519024cc80c14acf790e115a40ece2d5f7d2a

SHA512
f20cef913f392c1e282da585154d090471419a05c7c7bd56c1f6d9375b997a9b057e96d6a131e902807a8885c060ba667867ed31469e8fddabe7137b6e6df4f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
40KB

MD5
d574939016c1b0511053c934958d9a25

SHA1
1ebb35cd6af10fce71dcd4778c9bbcd9822ef999

SHA256
ad0ad0fb63aff674e004faa8c826d6523a79532133fc07eb9a2ee5a1d367ec66

SHA512
48758079cd42e05da63126f5119d15a4f79520095d062b67490b637df8fc12d567eaa2ec9c083d747093fbefedc651fbb3a2bc4f2fbbab9b5a09379626a40ceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
180KB

MD5
497835d373e12af4cd257487dd5d3612

SHA1
425950e9427926ac0aa7940c4a18a44ab59df47a

SHA256
e11ff08dff0a884b311133e2469146b2a54319cf60094511e098df0c3677c4e0

SHA512
aa05611f56185e02289345f9c286ca98f96d5e1d24c8d152605e866e60013dc2945fc60f826e81459003ca9c2b7d439c0f6fdd173cbee57cd751ee51b18d2bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
a476db8546c2b3debdc8a957d584f44e

SHA1
b4317bc44f215bb8a3603cfc7245e486a6517f78

SHA256
960f855d01fd3a50b8001097767f04abb431ce04759c66e7387500be3e853f94

SHA512
4f30a1c8670d33f96a5b04283223c60f7d20c5b289cb591f2cdeb56c307a1bd4179a0f808a4800c0f82eb7861c76e08392f723f337f7e3317463060f32202f66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
d4290a240eeae141c1e835c3dbe9fc68

SHA1
0b7a6eaee62f50753ac3de8be960f95da992c5e5

SHA256
e3c2a9200c5f925dcff46d4511d02ad71e71a5f8b1136eb6951871027fe6e596

SHA512
e9984a6c32a31f1984b72cc58e6f96df4129dc7c24f2230c76e25069902cca062fccbac394aac2d0ed49979e705b155358c03cbbafab48aa350544f78b8826d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a4f83cc4a6d5832b046a3741cfbbdbf0

SHA1
e1baee4511877dcb45542ebac40937e6460267d3

SHA256
01655dd9fdca5228e6f3c4992e80277c8d641b65b0ed14dd43a6080f6fd1d5c7

SHA512
2dad58afd058ac946cf04950386742d4b70e7bf242efbac16817154ecc07e9c839c3560d2ca5c5fd0a7bba59a13bed66a7d84b23c9809b7f26b85596e5b1931f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ea8e3561fe02c84bb01ad513583ac826

SHA1
2b78849e5b687c570edc9fbca69a8e6816afc08a

SHA256
f09288134e0e3f9f504c264ab174fe97cdeff1f2e39ae58e265ec71eee067208

SHA512
916dfd2aa11865b8f32238ed8cf97faab48b281f12b9a8e2b2df439bee8a2b0ed41a25006f55440499a666d80878d0b8ef8a609fd322f58792b6f8fd2da617b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7717d9212001303ede70f285dd3eb8e2

SHA1
de2eb4a57311d15b87d95efe8c4db0981a959ed2

SHA256
e5dabada91341098dd45a059c0b422daea8e63a3787ec33ebe571d55f1bf97c5

SHA512
9b99ce745fd37f6f2397129e9cdcb11fcc63b558d4feae652964cc725754feb6924096206bb12a0ecba26468ebe313bec6b6d3fc0938aa8f0c6553cd6344758a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fbe3f8f32b9510dd498af0d754112ba8

SHA1
8089f55fb3915bf3f7d47b5b943b6d000436e54a

SHA256
edaacb170a6115603824f2968f456191adb6ddad1d63038155c44e67501f3597

SHA512
d7ab7f84ad91aa3a4b1f86842e575d2d3b704b8bb617d2adbb1b66bbe020207b63cd99505644cda87ea84de471d7a34bb0cf5e4afb50f9c5ffdae0b23388d0fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c31bae97353435d77c694e8fb17a5663

SHA1
fcbe46838947c7fd7013a308911e9f1eee8275e0

SHA256
1b4475519829d4e6c31fca0ae288976c43d92934bd8a58d3a20cf04c5f48cfaa

SHA512
8568265943ce17d7ac3095b362eb24d910ed1302cb7a181f4069a3c8952517e0d1de59171dd274b7deaebf4ff7d8e4e60de1dd225c2e509386e58759846f8eab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
eece9afc719cdc1ea4d3a655d047da5a

SHA1
4c39efacfa855c3a83125d40ac5e0b17043c86a6

SHA256
949e3b2934291971968caad814351210a1b2464f53140641b866f2be3d8cc60f

SHA512
6a8d55eb359e9d91d8abc0a2c70b1016a824035e03dc5f48b1c2654ae742e48f0e6e30f5fb7abb264df45ddd59d769ffd3a0ef65ae95ed4b1410922a60a6f6ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
682B

MD5
251d0dd14b1c7aa0ae67f8dc64d1b49c

SHA1
6d972f82cf1b6d64eb140e75341fc9ba923a110d

SHA256
19e917d0bf939d976437207e7769ecf1d7f85adf2e059529abcf6f87e8a2b36f

SHA512
7f2d0d21fe00ea70d9e3ffff2a058cfc8e07db8c6f88b74960300f2089207053938a7043701263843a77decac6d85fb69d94e88f52a9db90b3e1b876659bb56b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
c0bb3e238f6bde9b9cb682504df2e066

SHA1
4bd29f845dfe0c9b0ae458b804e218f6ca126148

SHA256
0ee7f0cdbadb0a6be8bca040985802daccc9a3d230ca15e4fbd21e97bf2cc404

SHA512
64a34c1a8de05df738fe8c1d933d0bcf4674b1684019d56bdbb372913638bede8d0d2d7730be7b1378652120ef3582c05d380320effccd5bc71320ff02193f56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
78ecde48286fe571c06528b12fb83edf

SHA1
0236dc02d37f05e77fff2b4353dbc789f9748fb3

SHA256
26d9ae55155302cb2e76c1253c103f012b16ea3bef57137e309029b947293be5

SHA512
dad5371f97dc628bda4012a98f1ee23ad072a63566a1f5eadad8a907ab915fe8517f0cb9308d8693e22b9eda887c5aaa85c33c4d4ee90611f7e7648c70f65a8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
359B

MD5
6c79f7be1d1400e1e7f02cb5dd05ba52

SHA1
af3bef900b9d5f7a146c33ffa3f7b63b4014052e

SHA256
181e37fea3e1ed26e56390a538f53521d516460a495688a10d6dbef3f3d911de

SHA512
5d8fa2b1cb27c07c97431d0a8653fa2a3fb68ed885cd7eedd42e42d0c09f8f9841ea0253cfc1b496f9ab493536016c050801c506a2d3da06d8b8fe243d3c8f97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
846B

MD5
ce9b9a429f15571b8444d66a139b298d

SHA1
238c67c093f8ae95c2153eda0031bfe751bed7da

SHA256
191dc03e1859607ee78b464f771305d4125872260f51419a5c7cffb509711e65

SHA512
4ee98ba414da0905cacc106bec18f6ffc69d17482f19286c713c9c93fe7fdcbde587365dd421e4869c023e420b84f246b19caf715aa370e1fabdbe12efd5728c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
846B

MD5
dd156d0669b4e00bb1436085e261aa65

SHA1
c07699ddfcacbeb4605b76bbe2522c1c27798db6

SHA256
fd98144e4af15dedc4b8fd4b2c6029b090a1784549bd79e5d394eb5a38902ae0

SHA512
55fc57275cfda0d22b66653b21c718d539593917d01fc29b36932ee56362419408d6602b3bdc13e6941f5830086bbe927575d8e70fed0d86656dff0284abb87a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d2b655a75575ade7615a2c7877d78df0

SHA1
a857d7f18d05c09e4f494fc3d47f24e67c9f64f3

SHA256
c67af784da5d39e6eae7a40590d063a9f21472c283a4f6549c5c71c794de7f42

SHA512
ec65c1335e3a2b97326a8f38056a877ceecf3c3666ee7a2768b25c5a1da989a2b79a3c5812bfc6e670a34fe22851a2448063082f79522d7c1daecd2f125fa303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6f6e062bc1a0a2c36d2a50b3762ea411

SHA1
d2b74518e65ef4cf92b730eff38ff679918a82e3

SHA256
69c3b75afcadff19242d6cf8186120cce7ad4995b2c108fe7a71c35070c641af

SHA512
68c1c86a2194804ac1bde4a0b68fec9f8fac878b88458f4ec3f98826cb812d9e7ffd7dc9f055238c8642b44c7b6f994ff571ce94190d1a127539de368b08b9ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dc128494b9f18a0c3276c7fc1167d0d0

SHA1
c6c8a60b16429a22aa749c45511aff5eb9ff7618

SHA256
4cdf251db5995fd742d492226c119b33b5f6aa0307970f549e249b75951ede20

SHA512
5b36ff7c4fef7589754dc183b1618e28eb52469eb083319a6da140f6194624a003f5ac7ba3b41591c4d5cbedb01d4f2a7ea188d274491d1d9387a9f43897a66e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b1a2c3f934181ce07a2b2204b1ebfb8a

SHA1
ef407f5727bc86edff4496549c8ff8d81c91dba2

SHA256
7b7e20eec83593e50254f2833f23abcf60ad12e66f1b041287936ca3beab7563

SHA512
46ae5a57e32a6490fc46201e436683d03f64c0a767ceafcb9221b763e607a19315657da4207bad5f425b9c081cfba20f14a8ee9bc8c0f26f9eba0d37c2319bf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ba66ff81bd1d0f23c4c0f7f93c742616

SHA1
2b0a5906451eb37982e5708da18a0ac51942d61d

SHA256
5db91645f89f8b19087345b9c6549b03fbda9092224bd4702bbd7d02cafe3635

SHA512
429c5ee2b6f767eceb867e026100e9098752d27396a25620d0c6662973c6e46e7f18179f83d27fc97a5ffadcc9221756b58038d28abd2ef7b5272567d31e1841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f1fecfd4557ac7c8084b9bde7a0709e9

SHA1
002500575e48db61b6be053845a098545b54dae6

SHA256
d644d3f7d9a22def8ad94d16353f47509c958c7847113f8d9f168504ff11b451

SHA512
7fc97f0d456b799699e3fe366b25fa8c3dfed767d2064ffb1a7fd801196cf57013d904a12456e80eab28008a4dfd0b46bf74aefc237fa7ee30472f9c7be4678f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cfedb9d08c2e78effa5d5a65ce285f17

SHA1
267b943c4ba8d34a52bc5e9d4a31beec3f09fd34

SHA256
dabe55c922b4233dca6eac474699324e2f11442184e1b2db4fb929cc91f0fbce

SHA512
c84c92d86e56e2ce2570cff195ca9663571f56a109142e350890106e2c71e7cee67a2e078933aab92b8ba89f0a55b06ba3a583c9b06fbd7f961badc80c6119c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf7bbdd3.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ff8711bc-2136-4ea0-8a6d-1889c1ec521f.tmp

Filesize
5KB

MD5
5e9db6b39e2c168eba3c47abdc913ac9

SHA1
4bb7ce4de25256197a574b383f8ebca43ed9b47b

SHA256
03d4964cd239e9f01f7928efc0b0ea7002197e197f9542a8992980cc84ea698c

SHA512
33425f4e3c77ab0bf0140021d9c1bf9dcb09ac03607242c04d97dadbb62b9a07f4e139e328f3484eea3ba5cf30b0b054053c8c710713cbfdcad0e81c54b75166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
615ff50d365aa1f8a6b2ae912a548bab

SHA1
bb2ffc6ebd610f107f12e6b0adc271e2f353f4b4

SHA256
5e43ed39a5e54e9d79c3da358800f7b94b3dc7aaf9468be4fb022a004b74f394

SHA512
375caca784934c77100d9ddf3295aa9f382404eeb2d7c065a908ae74b70dfb6c91883eeb48db02aafdcdfceac99529bacb0297b9e07339ee341e51110913e576

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
988ae1ee4dad87196c12ce826749dbbc

SHA1
fffdf3e376a8f8fb61a410c4b611e0c6e77ed396

SHA256
87db1f2d165ba8fcaafe884eaa053dab7c77b345652d639cb42ea676aa31c8d7

SHA512
0af4138a5f129218be399df2fb2d5df2925685aff41365e1bc964f006282b60d317617fe2b8a4ffe9088756a5e60254bf17bbc78250e41398d5b690a9429dc44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Filesize
240KB

MD5
463fa72240e095599e0696eb552b365f

SHA1
caa6fb3a3791e83c8b1f0511da37eb41ef792359

SHA256
5ebe9287f911dbd15f5746a7a3a525fde558d719b25c3bc42e8ad79f7544a5c2

SHA512
2807f3aae4c7441fbba2f88961250960ef3e1faf52d44ff8429e964d0492a0d2895e54e4f348c6e0b4d8c03f56e0f341d923dfd950946bedab7126bf40998ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Filesize
240KB

MD5
dac1785c97c7b1471e95442527f653c7

SHA1
f0bc1b0d67f64b6d31114a1aec7b24bc43995466

SHA256
ef36c11e806bdfc1b5ea6483f57dac8d996e58041e32fa232c28ee27442715ed

SHA512
69b0411db9c8d901ef8d37a38fae1054e617ab8715520423fe89afeb55dd407322a077fe3534225d247b4117745cff5d6ddaf82ec7ed95ef7133dbfe40697c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Filesize
240KB

MD5
dac1785c97c7b1471e95442527f653c7

SHA1
f0bc1b0d67f64b6d31114a1aec7b24bc43995466

SHA256
ef36c11e806bdfc1b5ea6483f57dac8d996e58041e32fa232c28ee27442715ed

SHA512
69b0411db9c8d901ef8d37a38fae1054e617ab8715520423fe89afeb55dd407322a077fe3534225d247b4117745cff5d6ddaf82ec7ed95ef7133dbfe40697c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Filesize
240KB

MD5
dac1785c97c7b1471e95442527f653c7

SHA1
f0bc1b0d67f64b6d31114a1aec7b24bc43995466

SHA256
ef36c11e806bdfc1b5ea6483f57dac8d996e58041e32fa232c28ee27442715ed

SHA512
69b0411db9c8d901ef8d37a38fae1054e617ab8715520423fe89afeb55dd407322a077fe3534225d247b4117745cff5d6ddaf82ec7ed95ef7133dbfe40697c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

Filesize
1KB

MD5
48dd6cae43ce26b992c35799fcd76898

SHA1
8e600544df0250da7d634599ce6ee50da11c0355

SHA256
7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

SHA512
c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4B20BA4A-7844-47E4-B644-9A58EBB7594E}.html

Filesize
6KB

MD5
adf3db405fe75820ba7ddc92dc3c54fb

SHA1
af664360e136fd5af829fd7f297eb493a2928d60

SHA256
4c73525d8b563d65a16dee49c4fd6af4a52852d3e8f579c0fb2f9bb1da83e476

SHA512
69de07622b0422d86f7960579b15b3f2e4d4b4e92c6e5fcc7e7e0b8c64075c3609aa6e5152beec13f9950ed68330939f6827df26525fc6520628226f598b7a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/2772-163-0x0000000069221000-0x0000000069222000-memory.dmp

Filesize
4KB

Download
memory/2772-124-0x000000007321D000-0x0000000073228000-memory.dmp

Filesize
44KB

Download
memory/2772-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2772-1-0x000000007321D000-0x0000000073228000-memory.dmp

Filesize
44KB

Download