b224b1d931015461806dec0b502a37482cfba889eec03f769547a0b4a254dd19

Analysis

max time kernel
107s
max time network
157s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
12/12/2023, 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

O licenciamento 2024 do seu veiculo foi efetuado. REGISTRO 377332607. .msg
Size

32KB
MD5

e170eecad5840205c49b2e8a4139f29b
SHA1

7f1581a7ed2e41cd98e7fa5b17463eaa0aa08d18
SHA256

b224b1d931015461806dec0b502a37482cfba889eec03f769547a0b4a254dd19
SHA512

c537c3515588d8a515f0c59bde9d3b15622e1da291194fc917b4f43be404b536c83a1623afb34f5123b81176b06631b9d3eb6b96f5b56e22f5c2c568f98c4bd8
SSDEEP

384:Gc48ieZOPjBrvyD5yiOEds4XQS+9VYPHKO8sjxj6:KeZOPjBrvyD5yiOEDP+YPHQsF+

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 14 IoCs

description	ioc	Process
File created	C:\Windows\system32\perfh007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00A.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00A.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh011.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00C.dat	OUTLOOK.EXE
File opened for modification	C:\Windows\SysWOW64\PerfStringBackup.INI	OUTLOOK.EXE
File created	C:\Windows\system32\perfc007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc010.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc011.dat	OUTLOOK.EXE
File created	C:\Windows\SysWOW64\PerfStringBackup.TMP	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00C.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh010.dat	OUTLOOK.EXE

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\inf\Outlook\0009\outlperf.ini	OUTLOOK.EXE
File created	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File opened for modification	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 5052efc5fe2cda01	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79072038c960342ab421b8facb933e900000000020000000000106600000001000020000000f97816b27c9955934401d509f1d97b46b5272cfc75b5ab6336dd290b39ee3c21000000000e8000000002000020000000b82a180dfcc9fcf4000d2c8546d9874e82a91cf56e0f464805240f3fefe282d99000000045f20ec7f9dbdfcb88aab6323aeb1759111ca3778b4ee0948a8a240622540999806cba35954ca04e281abfe8d0058839234c564acb77a8666674b77330366b8a7493c823238d813d3e2758df321266e68fef88f1c9eecc62263e8722f5e3822232d71f1f1fc7691766869cd47f466788d69c99cf7761739b787c3ff316532b366a39e625ea3ac00ac901be12862bc354400000001363fa0cf5c5855e798217ae89839a66078ceeb13bdd7616615282d9c6bb668bfc0adca7c297a99b8cdfe666627326dcc41502ef60b4d76439dae689c08aeb43	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E43EDF51-98F1-11EE-B5A0-FA0DBFC6BDAF} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 208980b0fe2cda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\MenuExt	OUTLOOK.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	OUTLOOK.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	OUTLOOK.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit"	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Toolbar	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit"	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	OUTLOOK.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND	OUTLOOK.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79072038c960342ab421b8facb933e90000000002000000000010660000000100002000000033f1e5f80d1b8f2ac1a2d5ea12e46009fac1e93eb7ba4f0b5be00ea6725b79a8000000000e8000000002000020000000e3869fa258fc645234a3b42f5f5578c8fa3aed1ecef477c92be8558be76f012a200000006b917e9dae722adbb3b6282ce3135b07e2bfa52f9a29578b47fdd169946c2bc14000000020d622cf224466f6ac297a134e919b2f981e2e2c834422c4461462f0ae45fafc3f0ef972ebe1ba16f6415b45af6f65afbb531bfb62b65102918eed90784ee1ad	iexplore.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon\ = "\"%1\""	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\ = "[open(\"%1\")]"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ = "&Open"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\14	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\ = "&Open"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\ = "&Open"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\topic\ = "system"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\ = "&Print"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic\ = "system"	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Codepage	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\ = "&Print"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\topic\ = "system"	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32\ThreadingModel = "Apartment"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ = "&Open"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\topic	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\ = "&Edit"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohevi.dll"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ = "&Open"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application\ = "Excel"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic\ = "system"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open"	OUTLOOK.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2068	OUTLOOK.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
1864	iexplore.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of SetWindowsHookEx 28 IoCs

pid	Process
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
2068	OUTLOOK.EXE
1864	iexplore.exe
1864	iexplore.exe
3052	IEXPLORE.EXE
3052	IEXPLORE.EXE
2068	OUTLOOK.EXE
3052	IEXPLORE.EXE
3052	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 1864	2068	OUTLOOK.EXE	31
PID 2068 wrote to memory of 1864	2068	OUTLOOK.EXE	31
PID 2068 wrote to memory of 1864	2068	OUTLOOK.EXE	31
PID 2068 wrote to memory of 1864	2068	OUTLOOK.EXE	31
PID 1864 wrote to memory of 3052	1864	iexplore.exe	32
PID 1864 wrote to memory of 3052	1864	iexplore.exe	32
PID 1864 wrote to memory of 3052	1864	iexplore.exe	32
PID 1864 wrote to memory of 3052	1864	iexplore.exe	32
PID 2932 wrote to memory of 1628	2932	chrome.exe	37
PID 2932 wrote to memory of 1628	2932	chrome.exe	37
PID 2932 wrote to memory of 1628	2932	chrome.exe	37
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2636	2932	chrome.exe	39
PID 2932 wrote to memory of 2752	2932	chrome.exe	40
PID 2932 wrote to memory of 2752	2932	chrome.exe	40
PID 2932 wrote to memory of 2752	2932	chrome.exe	40
PID 2932 wrote to memory of 2756	2932	chrome.exe	41
PID 2932 wrote to memory of 2756	2932	chrome.exe	41
PID 2932 wrote to memory of 2756	2932	chrome.exe	41
PID 2932 wrote to memory of 2756	2932	chrome.exe	41
PID 2932 wrote to memory of 2756	2932	chrome.exe	41
PID 2932 wrote to memory of 2756	2932	chrome.exe	41
PID 2932 wrote to memory of 2756	2932	chrome.exe	41
PID 2932 wrote to memory of 2756	2932	chrome.exe	41
PID 2932 wrote to memory of 2756	2932	chrome.exe	41
PID 2932 wrote to memory of 2756	2932	chrome.exe	41
PID 2932 wrote to memory of 2756	2932	chrome.exe	41

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\O licenciamento 2024 do seu veiculo foi efetuado. REGISTRO 377332607. .msg"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fcmkz.short.gy%2fD1aJOA&umid=1684ddfe-d4c6-4858-b1a7-61c46e2feac3&auth=464e13edb665e5d5fb7cf37f3ca51ac0249ae69a-bf9e60dc55090387fdb31230500c522288cb7c56
  2⤵
  - Modifies Internet Explorer Phishing Filter
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1864
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1864 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:3052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6f79758,0x7fef6f79768,0x7fef6f79778
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1384,i,13642851025555421881,15993674623304696394,131072 /prefetch:2
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1384,i,13642851025555421881,15993674623304696394,131072 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1384,i,13642851025555421881,15993674623304696394,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1384,i,13642851025555421881,15993674623304696394,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1384,i,13642851025555421881,15993674623304696394,131072 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1384,i,13642851025555421881,15993674623304696394,131072 /prefetch:2
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3264 --field-trial-handle=1384,i,13642851025555421881,15993674623304696394,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3256 --field-trial-handle=1384,i,13642851025555421881,15993674623304696394,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3660 --field-trial-handle=1384,i,13642851025555421881,15993674623304696394,131072 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3532 --field-trial-handle=1384,i,13642851025555421881,15993674623304696394,131072 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3632 --field-trial-handle=1384,i,13642851025555421881,15993674623304696394,131072 /prefetch:8
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4008 --field-trial-handle=1384,i,13642851025555421881,15993674623304696394,131072 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3908 --field-trial-handle=1384,i,13642851025555421881,15993674623304696394,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4016 --field-trial-handle=1384,i,13642851025555421881,15993674623304696394,131072 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3400 --field-trial-handle=1384,i,13642851025555421881,15993674623304696394,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3868 --field-trial-handle=1384,i,13642851025555421881,15993674623304696394,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 --field-trial-handle=1384,i,13642851025555421881,15993674623304696394,131072 /prefetch:8
  2⤵
  PID:920

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_34D61B4A2A4AE0D3DDAB879224BCA77B

Filesize
2KB

MD5
bad9e76e481b18ae09e95d906e5b3de1

SHA1
94be458fd281087fde28d6f2b3a1b8a5dd83747a

SHA256
2bc3c02bdf51e7932435abd263198d9149ec32614772585668d86c8eb42ae2dc

SHA512
87fd57e802db6e7fbc8df332238d36ed401ea8ea88419c881a265ba9d70aba61afc1c4da8d84d97f042f977cd41270351f07175d3924aede24d441b2532b2572

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
5b24e4ff53a8ebd16352945bf1c38f30

SHA1
d4c74766d17d53c4afa221a20e26409db1dde4ef

SHA256
c8930b09d8af975f8c7cdeda5d42059838f4d82681c0e5868ef55a20dfd78d58

SHA512
e1ce73b11fc3c34693162729c7576baac04709e1e88bc323d73a77fb53e2494547815b6a37382d06c114c8c7173eed4ddc2fca044ce9c31e4a57d3689ad980ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B363E08046F0ECDE2BF57BB4118927BA

Filesize
727B

MD5
a64d8ce95f904542079f34365792e0e6

SHA1
58b35476b35b69009e3df59a12d21e6c23477de0

SHA256
009c343da2a28cd1288904ebce131ca41d6be6d044b66371fe6a74e8a58793fa

SHA512
a8c58c938983859888abadff86d8373e5a3389e8ef92434482543777dde91d891eff04cdac63c5bac77e6856746cd61af64625693c99a2dfdbd925166b6b5a2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_34D61B4A2A4AE0D3DDAB879224BCA77B

Filesize
488B

MD5
ef0adb6feb553010d5146f2a03a9febe

SHA1
5b3a38b46648b36d6d7a3eecd925d64d8ad272f8

SHA256
379ff6b59d0fee157a6702e189d08f8ca11df810386887894acfb6d75de21305

SHA512
6b2e10394b62a8c8d48568d2ec162ebfdb8aff22bd2885d6486e6099526bcf719385278c8cb54ebb6b71095ec5c2c7d2b687a5f5752084b095612bcf2d94e5d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
931f77f446a357b65f0d1ab3ba3aad65

SHA1
f12bf56ffd233c391d1ef97170bf90e6454162c1

SHA256
120698854fd1ee6455356cd69b3ef550456c0376f00f4b0b1060017a061bf8df

SHA512
3f91c3905ef835c83740486ea9d0fec2b738bf66995c45269ff52553e9df7b88df3cf1bf3a959aacc972e73b4e560d010e7617e5aadb46cef49a396800538cfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca86ef35e02b0ad556cd2e5701904213

SHA1
c6bc62df72c3097e2d5b7bb8a865f77c828d262b

SHA256
9a79587f3178e223ac1c586a149e5336a8158688e1062ca9d8933a1c137ed5b6

SHA512
5161522526a4347d6cbe7cc2d716b258dc52990bc11cd7870cbb600ed2499ef5d58f1e17e5acbcfe06687372a384c9c9f32259d4b1b7c4f2eb0850b02e1e604a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89543e70846f6d685461450b723bb527

SHA1
5431e4fb1bf57a4cdce637e6fc701de1eee3ec65

SHA256
227492734ef1e5ef521b9981f15a5e1eecf9dd74a7ef5ff26a9fc57074eb1c5f

SHA512
0ff671a8332afc51415d13c759b18213875d3712e77cc2e4ac3810ccf0898b3277eb620a4b82fa351a447de7d47379b4a97d4bfef53bc5deb140f09ebaedc3d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6544a12b4c5b791cec9cd8b11a50dbbb

SHA1
bc8985c7c528e09ae702cf25abebcc7853082c53

SHA256
715b8ddea2632fe1457ff7d3a23a689b5718464701b7779ad0f20616950d2cb4

SHA512
f51a17c9c2fa4716da35953eee49afbf0878fa247e9db8d7eb07a285acae6638f0939d08ed2119f5b2a93768b7f5afeb5372accb929fc7d973b0c3f84c8df974

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79cba19bf0489ccf5472fe82af8c5d05

SHA1
9d69ae8331d7680a5664461eb22bd384f3129e2f

SHA256
bfdcf0c0cef45009fd321b5abee33f7e4d718efea118a6a8b008ac469d80bd3a

SHA512
ac7cb6722d43b93350335f2dbb5bbe17c906f0f55851896776e6dd58776381e0102ae67f0ec221b02a597e43c82bce2033a46959fb9f20cd3ea4ba4840ee962d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0bd5d97f3c14a5056fde028e3868f7b

SHA1
820df1067e351acc3398201af46df7601b2f29dd

SHA256
dd6d168a91e4c5fc0ac2a8ece6a3a87d594442d546cae360c951dc3afb029f7c

SHA512
d4a4b149424afbe9f9aaffc0dea4f49a3e0b37eacd51b43dd25494c00d16e2a268a754e6cc39b1e5b7473ee8b8ad36236c28e2725f31e155d1f5ffb82123c9b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e768c051cdbcb1ed7c9894eb6157305

SHA1
8b5a2cdbd617fd5abd92c39ce9e9b91a5f68a0e3

SHA256
615180d9f1b7ecfeabb6796a562de21ddd1fe4fb6901dba3ae33de23d080530b

SHA512
bd63f0d7408cd21d94205a23f25736ff0daf89ac0b9c05699457a443c6b32d602876ee192a8f7e2c648b24e21706b8b57f424fa9e4a8af742d3597eddbffde8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7efe7de98c7532a53a9aebd9fffc0f11

SHA1
6077fb95a8cd3be79a513a81f21bd7861f10ba90

SHA256
3ee82fa8daa6e493ac79fbca73cc3affdd7218fd59702ac2bfbb159aaddb06f1

SHA512
4885bad14a6adfddd68d298374de6df5979a48d25324eb45100a8ba56a6dd49eb13bd931cf4cd28e567eb4c9e4c1647e6ad9303a54c0adba986227eebd4e1466

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67047b41dd0f1ec445f0ab4ebe4a6342

SHA1
ed8ffe849c2cc57919d143912e229fcea811d3bf

SHA256
0e33b51df86954123e372430e19ba957d513fbce348698843c21c2df65845bfd

SHA512
3ccc3338bc7e2787a8ce8bc1cce5ab812cb3d50849e306191d2e21e2afbb274ea918c541873a15c7fbf61504086c927c4a0cc2b3bd0c56b2e9adf9d041edc6f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1fcaf05c561545143686e0ca2c2a18d9

SHA1
3a54d50da61874cc5b25ce205f5b528b7a23ee26

SHA256
b2b70732d92a22a8b70eb73a7c2d8b18d04e9a11ea88e31d260cb24e07781059

SHA512
9df46f52c4338636e2ad3cb8541e01cb12e250e8a90fe09d24ee043f7c03a00e214b9b184aa15a146e3fd185a6d71775afc96789f43c20b5ee2417e141df3f94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cae48235cc16b13739818498f83a7638

SHA1
e80c3caf7dad2a597e633400cf2285eac0d39427

SHA256
d7b9eaf47f3af7323bdd874c48dcd4423a4c6bf9c2c7c301ab90b5ecb6ed81cf

SHA512
8c2bad2354634d9379c225c4b141b72a478ce3b0f989340df4480165d03824565e7de65e4ad71b853a2f7f235562077f58e7d2c0fd174137cd4061080308d57a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f1e1a11c1d7c64f616ba4a48fc2e4fe

SHA1
d52589d9512337d89964b05ac3c720fe7bcc9c19

SHA256
21636dda91a636a7c50a286a2d4c129b6dccbb944aaffd0f0b6a7e7db4bc9d79

SHA512
ed9c638d578e1a32a17944014280bd5b4654cf8af43995682a10cfaa3555636ac975a812a679db9c90e56e51c8790fbf3ba000a82faff7c141a5b1037b39e2e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
221579bec853ffc72311aaa6c2f53146

SHA1
a4b2ed3d81fe63fc488aef37d36e15ea74c300ee

SHA256
d52485297903e5928fd58d90b9a1606e15bba28d53d689bf803fa47e7fe764ab

SHA512
171641db55dd2392d884a873adc9287aefbf241e85ca9d659abc80c7a583f841cd3ec0e0a74eaafe9de12eb2f1a063b907a37927e88df686b78220452b294dcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad7ef8e041c962c244a4221194c10fe7

SHA1
851daa1f893d94dffb059faf49651c33dbd8d4ce

SHA256
bd7afcb3bbede8619bdb704279dcbbc90af5cfff12d6390a81b2dd48bed33481

SHA512
af6906ed82bf5f23c8b8c3ee25e9cdb67d078cdaaf5df609c3dbd137bd8a982ab969b575f9fef3554c4c46e3a4cae9fd80d9df42c50232a18f0faae32875ff12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90d8ea44788eb7a0e5a1c59d912cea57

SHA1
ee4d2a752c8e0ad0215c230152e1a038c846a6c1

SHA256
30e90ebfccf43f7cd756c08b9982d8893544009278c68f75dd2d4f322a787249

SHA512
ef1f9d5bc869e0161d69468f24b5900d8c2d8de3abe4af47d8ebc6adb0c9e9ef8d8ee739ec05e228209d3f4d6f3256e29049a12a88ea113386c58153ce4477be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
042b92bc4c8765d193ca00cd8e78f783

SHA1
eadfef779a2a755abe9b85d2011649dda119b68f

SHA256
82e6398d893cc76ec68b1571c471632b81b2465f788ab069b47881c5f0e94f67

SHA512
d24854a3510e36815670e79a7b3e1a9cbaf35640f1b2afd03ac8d0e9226411ed67750ac7edd477c97f61d9278411ae73382cbb79d7d70f09109e784cb8e8c9fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b79f3fcb2e7a941692a703c142fd144

SHA1
e3a386a94eb7413c8648d991f381c19fe0851068

SHA256
0f0e307224709cffb84680b3f8a8fa98a2e30c824ddf81fd1ef2068c6bc024c1

SHA512
778d7c388f86f0964135f24beca9e136e777c801392e88416728359798c8c98e93ace239d822ff4732d846d717e704eefe0c210f2048ad4e8497d76724e9412e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1838d2e57e3e1ac40248c6cf07dafee5

SHA1
c1f63616710605d6ad9bfc6d16f58df8887fc331

SHA256
651c4b51f86f9f7e61d6b6a462a92e727641eb6f37a2352eb2465180368c0d0c

SHA512
222df67628566665492137e240b2cc70a299a39de1daa5523149f7af3c320871a2281185583b3fe176350c4a25357293d729caa79718a40464825ac20158e71f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd934ac73139efbede460f79ac08bd9c

SHA1
e4123a0d6c405dc6951ce1b6497ecab64e3615cf

SHA256
cc52f525cb043adab11bda61db4aaa3a6c3e7e97971f6b45a4219f343b5b1bc2

SHA512
ca7ec014d7b850ef9624bf9a8ff7904ffebc60715c841a3fe71849213b225b71f877dfad960c3116a1206d7a20716e132b8a389a85d6dbf0762d868cb2bfe66c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
deec0687e97f3ce44966596bfefd4784

SHA1
6481f6f91fb87af92484c9abd0f4ea1bf59d690f

SHA256
d7dcaa6f4948c1d4c51ef3e8354049b6926b4094423e20d03184ecc445955c47

SHA512
f17e8e3ecf4ed677f1ad1405b4103b4f6b9641fe3c609f968afde6f860671483d830110e710454efba77c0ded95a7c090c7f5203ae2134cb14a3ae76e6d73028

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bc844b5e942aa2461365bfabadf2d9d

SHA1
3f02b596f7e2cbaa2325d51efa6cbed0c9c17c61

SHA256
5b4ff6d197b062f978916cd9ca9f32cbc0ef6e2f193adb83b4afaa07710a1a4e

SHA512
189eda298b960c5b607f7eaead4f2347425aada977ad9fbcf98fa394d1594429662c30ed8557d653b125bc63f9ba1d667a054f57cd73260ecc061438b7c1baee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64b70e3fad348ef3e2b97db59a78afab

SHA1
c367a4cab2346a7d850a34bddc101269d2b5447e

SHA256
b9438aa81052ecfc2efb6e9e922c821c752f4b648e2c0633411fc89edf8ac1f3

SHA512
c9499c605ba8dd19b9ae29e960f2d823ba5ec1f1f31b559e33ef343c0b7cc96395742777f10885c170d4c6e37448a4ee1f30a52af949ea69e97e897c8b482a0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
224b6ffbe419640e24fdfbfe05a5ab9c

SHA1
cacfe631f9ed5565055a5fb67685e3620e82a0a9

SHA256
137564be4b65b01426eb28cae4b36ea179d07759e9795ec54ab03e50d1f048f1

SHA512
e25bb1978ce0598511438de4b98c9d758c5183dcc0fd0e752297b08818a06fd1db23df4f16e40ac13f3879e6764f1bce6a88007a3978c0de480ea92eccd77838

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6465de5bebd1ee3f55331e100e62810a

SHA1
6c50253b30f4e2419ce56250683c91060ae9d742

SHA256
59f44d3b9c7a35edb0ac6c0df427619e33f4bd016d71a1051ca7689e309778f5

SHA512
c3e4c56221687b77a404c61add74e1d87b63d77e490653f054f265095a4ad16335df4f27a523776065e4b5dde462a30b6e4a50e85a584e63d43e819492cc93b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1e8bd50fa7d3410b87a4b8d9282cf89

SHA1
10cee6eb18da19a0c25b439c1877296f90cad03a

SHA256
42399b074518fb52ff14e0c92856540205bcd2c00f6070c29fa62ef912b88a9d

SHA512
6bbaaf456f211b595adc66f9d5b76ca78511b7fd1118153c9c8ffdbd378277cb3c2ba7fe055bed7a5b0884c092198c34894aaa8c7f41750b19e67ef1141b823d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
324905d88a866d1fcddbf422a8c4a9e9

SHA1
35cd4b36e164d67d1abd3cf5e282a60dc7785d29

SHA256
83e27405f8d460bdad8c29da13375c6ea29d61a1d5e5adc9db966590f8b7c00c

SHA512
a85dbf804d63ddc249a848784d435a1694f428b999d06e4de20973245786484402a9a4238f451dfc107e2d5ffbc6f5b0335ee2b2598a4d75d1cd347a510e0ab2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae0ea841febed746ae0a82ca98410915

SHA1
b354ddeb3f2940fe5c5ccef20e585bbe2757e1a7

SHA256
f88ce43681883370425504ff325b2b296fd45f159f6d2c076e037046d73c7f79

SHA512
91ea640b9cf0ad4363944d48ccfe704f3616d95a913dfbe207a8831415d1c7ab9d8e0f8cece57dd57cf967c77c8c4f0f2676e0e1404bb7433059625a76f40d49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
417eaba88f2634ffc0306d481880472f

SHA1
8c7dc405983e0c8bb1a64123bd7df82d52eb810b

SHA256
e24082b27324f23b9905692dd71c31406d7fca600661ca704a200298d066bd80

SHA512
04d739b5ae04fdb96e910a811eaabab4fa1c4c0a256d04104a878a401d2f5b86c39852efde167d67c0146343e6062d4e037e4c88f9c1a74db3425b629eec3186

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9bd168f097fda8a2ba2b595e707a25a6

SHA1
addfa174a662a7bb13ce66c31d0691809843bdf9

SHA256
bb28e16753cfae8d23a861086e28e6b305524d62f419836f033fff05566d40dc

SHA512
6469a857f33fa59f3e7036b5716e908d51e97ed16dc1a30c8dcf1c874d99901af564bd59f56e54cabf8fb4731915dd2aee7026ca62f3ba5e8cd09dcb7f4cf347

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
4906268c804734e5f408e4123fcef880

SHA1
9c46be4d4b351243ee7037f1067adc541c6a01ed

SHA256
917e9767ef1f292a7e04b5cc290e280351ee777fed438bfe291977ee8d8b04c6

SHA512
2fe7b009f00d5fbb8fde1d2153f21a6234af19ebaf9eecf93b350e764b0babce447e2328c5ffe2c3a23a91578b914607ecb81100182b2ffa784306a3f8e73049

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B363E08046F0ECDE2BF57BB4118927BA

Filesize
512B

MD5
492d83e444a6a60f2f0ad36c4bc2f1bb

SHA1
79013145a85743276ebb4137294b7580787c61e6

SHA256
33fe466748889b677587000cb21e70489e0f22c352b9c709a3f933feebb976be

SHA512
8cacc7995942caf07d172a50a13915da2b2ab3272afe3a1472dc01e6f5785ee0d9998d0d73bdb3d25313cf5618018cbc84b2030f162a98156c3f7284445e5a71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
fa60f8578cfae7011bc9c27c5f1d5b24

SHA1
d40adc60c6fddd98f9c4cce16137ef7589c44aec

SHA256
ed674e0d264ebddaf2c5b614bc50e7f7913f6402389e7f4d8b4254c746679bbb

SHA512
3e95909c8da3e91ce63b0ae3db4c95b4811e46921d4bba957351ea3ddb6ba8da7da6524ec86ae36970ea459734ac4152df14886641f3ac058bd11c9b813934fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
f7173dc6e0a3afb41b514dff942b6286

SHA1
2fe7014dc3640a4d800a6f2792c9e94934d9496b

SHA256
080b8d488433721682bf609d413eeb3d8454c9feabfcd6b0d091f86938a89248

SHA512
55c176df5b70f8124294c2e1968407a96d655f60dee1cae8935ebbe44156d0040867adbc1b8d990cbcf55ed1b8c80b254d920587c7cc919d3a8483edd32289aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
4bbadcad5b57a3ca27282f74f0f6845e

SHA1
9435ab58f35752df756baf97f10e0941c056be2c

SHA256
187e19d465ce68e5a8a1afd24a7674a878556e2afe6388e09f8f366bf004d1e0

SHA512
3df43cabe7286f1c928be2989afb25c0c522eb6eac8dd2fa8babf2639dba8b3c892c54641a206aed00ba81d33c6219eec1292f23a33bcf328a77fc4338f4dcc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Filesize
230KB

MD5
b3004940741d10dc0fcf63121d859eb5

SHA1
191d73a57ff90a92ed568ac2c7b8ef963fc47030

SHA256
c8ca5e830ced9a37e853368976ed4ff44f4b3e4f8f556d2ce05fecc1fff6b69c

SHA512
fd4a579f07f57cd0b7caa8d6bc2734fc9a5578e7d41a941c91314070cce09b863fa432d273fca46872b911a55de5103f7ffb371e27c1c54466cfc42a946cf33e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Filesize
230KB

MD5
8f3fa187d5a84e1974e78271d486674e

SHA1
289e96796ede54ee9d5fb5fb326543757403701d

SHA256
6e5c2c3ba9d5d9dd7137d2493e6bbc5525b85f93cca1980d9780c7625397f39e

SHA512
cba4dc0ba9cdb61e658514d7be31283096d55a01a7acd283674f66d6f9a7f8d42d9a2aad56f0d18ac78f15f421d8e1b1ac6a4431358873832f8a3326623dfcad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

Filesize
1KB

MD5
48dd6cae43ce26b992c35799fcd76898

SHA1
8e600544df0250da7d634599ce6ee50da11c0355

SHA256
7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

SHA512
c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCF60.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD031.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD053.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B88004FF-B990-4F11-9534-2D01F2A45C72}.html

Filesize
6KB

MD5
adf3db405fe75820ba7ddc92dc3c54fb

SHA1
af664360e136fd5af829fd7f297eb493a2928d60

SHA256
4c73525d8b563d65a16dee49c4fd6af4a52852d3e8f579c0fb2f9bb1da83e476

SHA512
69de07622b0422d86f7960579b15b3f2e4d4b4e92c6e5fcc7e7e0b8c64075c3609aa6e5152beec13f9950ed68330939f6827df26525fc6520628226f598b7a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/2068-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2068-162-0x0000000069CD1000-0x0000000069CD2000-memory.dmp

Filesize
4KB

Download
memory/2068-194-0x0000000073DDD000-0x0000000073DE8000-memory.dmp

Filesize
44KB

Download
memory/2068-1-0x0000000073DDD000-0x0000000073DE8000-memory.dmp

Filesize
44KB

Download