Malware Analysis Report

2024-11-16 15:45

Sample ID 240216-jz1yzaed92
Target RE- grt.eml
SHA256 f3a8a23bdab9b32ba4a049e2f10b9cd1f0a119ebf2bdbaa77eb1fc700da60c81
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f3a8a23bdab9b32ba4a049e2f10b9cd1f0a119ebf2bdbaa77eb1fc700da60c81

Threat Level: Known bad

The file RE- grt.eml was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Drops file in Windows directory

Office loads VBA resources, possible macro or embedded object present

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-16 08:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-16 08:07

Reported

2024-02-16 08:10

Platform

win7-20231129-en

Max time kernel

114s

Max time network

181s

Command Line

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\DONATIN.docx"

Signatures

Detected google phishing page

phishing google

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A

Office loads VBA resources, possible macro or embedded object present

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\MenuExt C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1089f665af60da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f12000000000020000000000106600000001000020000000568a44f56ad1dd21517ced7f924cdeca91e02433e2c7a8711a9e33296ecfa8ef000000000e80000000020000200000002d6bd4132c4627ad0dad0f0a47b6e44ef37e88355409a925da6d77481802b2d9900000008c3656ac270bd9304b0a2155b8a59fa4b1e568f11e842a3dbd18dfcfe69d1e82fef5b755c724cdbaba7c73c8c97a0d7de8915c390e435677c0a583a75b439969c4af1e3de12f81829965d93f4b269d747e61ca784604252cba31020784e5d58697982b269b920a02ee3e16fda7bfe18ff74fc7294281369a51999cf65710486035f52577afefdc72bba4718838ca892740000000927b02bb0f4266e0841a861350c8f6407b302d0a347098e8e193a3d6ec0d1994652da224f39cef1188da7fe49093ddd8b1c2d251183c944ae4a13a1f8dc93f0a C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\topic\ = "system" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohevi.dll" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler\ = "{42042206-2D85-11D3-8CFF-005004838597}" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\topic C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" %1" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" /p %1" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\ = "[open(\"%1\")]" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\htmlfile C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ = "&Open" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\topic C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon\ = "\"%1\"" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\ = "&Open" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ = "&Open" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\ = "&Open" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application\ = "Excel" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application\ = "Excel" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32 C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\ = "&Print" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic\ = "system" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\ = "[open(\"%1\")]" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597} C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\14 C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\topic\ = "system" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ = "&Open" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2348 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE C:\Windows\splwow64.exe
PID 2348 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE C:\Windows\splwow64.exe
PID 2348 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE C:\Windows\splwow64.exe
PID 2348 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE C:\Windows\splwow64.exe
PID 1228 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\DONATIN.docx"

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef64e9758,0x7fef64e9768,0x7fef64e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1480 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1392 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1400 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3784 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3764 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3768 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2636 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1972 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3964 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2304 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4012 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3872 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1144 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4168 --field-trial-handle=1100,i,11478806980081361927,15698623767352421487,131072 /prefetch:1

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2

C:\Windows\System32\MsSpellCheckingFacility.exe

"C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 api.bing.com udp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.169:80 th.bing.com tcp
GB 92.123.128.169:80 th.bing.com tcp
GB 92.123.128.163:443 th.bing.com tcp
GB 92.123.128.163:443 th.bing.com tcp
GB 92.123.128.167:80 th.bing.com tcp
GB 92.123.128.167:80 th.bing.com tcp
GB 92.123.128.167:80 th.bing.com tcp
GB 92.123.128.167:80 th.bing.com tcp
GB 92.123.128.163:443 th.bing.com tcp
GB 92.123.128.167:80 th.bing.com tcp
GB 92.123.128.167:80 th.bing.com tcp
GB 92.123.128.167:80 th.bing.com tcp
GB 92.123.128.167:80 th.bing.com tcp
GB 92.123.128.167:80 th.bing.com tcp
GB 92.123.128.163:443 th.bing.com tcp
GB 92.123.128.167:80 th.bing.com tcp
GB 92.123.128.167:80 th.bing.com tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 92.123.128.163:443 th.bing.com tcp
US 8.8.8.8:53 www.google.com udp
GB 92.123.128.163:443 th.bing.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 92.123.128.167:80 th.bing.com tcp
GB 92.123.128.167:80 th.bing.com tcp
GB 92.123.128.163:443 th.bing.com tcp
GB 92.123.128.163:443 th.bing.com tcp
GB 92.123.128.163:443 th.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 a4.bing.com udp
GB 92.123.128.167:80 th.bing.com tcp
GB 92.123.128.167:80 th.bing.com tcp
NL 40.126.32.68:443 login.microsoftonline.com tcp
GB 23.48.165.143:80 a4.bing.com tcp
GB 92.123.128.167:443 th.bing.com tcp
GB 92.123.128.163:443 th.bing.com tcp
GB 92.123.128.167:443 th.bing.com tcp
GB 92.123.128.163:443 th.bing.com tcp
GB 92.123.128.163:443 th.bing.com tcp
GB 92.123.128.163:443 th.bing.com tcp
GB 92.123.128.163:443 th.bing.com tcp
GB 92.123.128.163:443 th.bing.com tcp
GB 92.123.128.167:80 th.bing.com tcp
GB 92.123.128.167:80 th.bing.com tcp
GB 92.123.128.167:80 th.bing.com tcp
GB 92.123.128.167:80 th.bing.com tcp
GB 92.123.128.167:443 th.bing.com tcp
GB 92.123.128.163:443 th.bing.com tcp
GB 92.123.128.167:443 th.bing.com tcp
GB 92.123.128.163:443 th.bing.com tcp
GB 92.123.128.163:443 th.bing.com tcp
GB 92.123.128.163:443 th.bing.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2348-0-0x000000002F671000-0x000000002F672000-memory.dmp

memory/2348-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

memory/2348-2-0x000000007130D000-0x0000000071318000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

\??\pipe\crashpad_1228_EFLMGDRXOWWEFQEY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/2348-68-0x000000007130D000-0x0000000071318000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 ac84f1282f8542dee07f8a1af421f2a7
SHA1 261885284826281a99ff982428a765be30de9029
SHA256 193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0
SHA512 9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 baac43dd8f77340831eb88e32d5d73ca
SHA1 e1fc37a7b83c2b1185fff06155039607c3cf0475
SHA256 19d6810694a2177800beed6a6ac9266853e5b665d66c76b75fb63892aee441b9
SHA512 94dd0078e92a93f5b19dba5ed50bfab31940f0d28a2dda80ff334284a4906191048f5e29d9b7f6f41dcfd8fd63a16257ef0f922d2ef3f69b444df73d052518ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 b82ca47ee5d42100e589bdd94e57936e
SHA1 0dad0cd7d0472248b9b409b02122d13bab513b4c
SHA256 d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d
SHA512 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 032a26f3e9103f771eda85cb97ac29ad
SHA1 79b0f876fa4bcfc77d57f056b945e24fcad3586d
SHA256 cba982d72fc88181f43889998af9cc1cdcca73ed7354068ef39307b924180665
SHA512 a61b8add7b0cf10ccae0854921e976561bfdd3b7f692f3bc4317bc37cf5a54e8994bc4ad69669afd58334a686c863052d5eb1fff07750abc7a4cb84dd00f2409

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7cdd62aba85ed09fc1f107b07bac32a4
SHA1 16a9d5748fd172f9400598ef51f7aa960d8defef
SHA256 22af51a615d3363e73d4b87bde16644a8af61ac293f49c6f386b7974b5327a34
SHA512 a22cbfa21678df676c0f8e711c771c657b648dd4cebc717db70d2668f5c60fd39b6822fa3c8d6066ab54923266ec5a6394e4293d1670162840b16ceb1e6967fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\35969fa8080b7dbe_0

MD5 cb3cf88949d25c991ebe3212ad4e70cd
SHA1 d97272b234b17881998b4cda8ba8ad4d59e42cbe
SHA256 6102c81c5c953dc3c8f57e52df9b1646007f6cf8a691896f171e88d84c433115
SHA512 1a91e39f44e8d6d687117977cb65c74a88a13f6adec916b3a53594a40beb292c934285996f2839aa8164ed34a6e560881fa33da591b03e2630d70e019c14bf1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c0b5b122506b2358_0

MD5 5d5b9bc422c0f0ccd0688277b4ac37ba
SHA1 58d6e66ad1f5df6af07e5e791943b1ec86d123b9
SHA256 0f4d494eb548c74be06287ab0a41656b980aed75a68d11216ff4b7b8ae430165
SHA512 3d8486361b2b6f033d776d2a166f055934e84d0610551682fd9d0613531112777518a9cfea93300d1f153db4a00c5f5d8af66700cab503ce17f8a3db7b242b4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5657b3e546d8af47_0

MD5 bc4de0918fbd5396d1c4f7cf8df18b97
SHA1 495be0fc1cc0c34699eeacf433283643882a0649
SHA256 465d7d10ae5703e76efa87fa7b3b63c024a86da02bb1cd636cca9dcae7025a6d
SHA512 853b0602534837f4f912aea41a462f6205f6060268eb0414f3051b018bb4a392d931bf5952d243ab09b62944193c7649099c8cc8d8357d116cdfd8e222938118

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\50dd57b171c91931_0

MD5 020495c9c37b24bd27dcdbe6685e51a2
SHA1 ffd2ffb0819c7cdf9c3f021e40a46c4296b63032
SHA256 24c27c14ad519a840ce7d7bab12fc75713174a0614711549c5cef4a5ba473ea3
SHA512 22b7963a4f50e2dea905ba0d00c3dc55d1d6ae5e91db27571fb08b29640383c265378bba11c3991a7557fd98ebc365919627620567a4ea0d81d3d9d5521d0385

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3460cfed83476bad27ba56b57233b289
SHA1 0830aa5ebc6ee3acef048f64e03a43dc9ee25b3f
SHA256 c71a5db746894662c14ff3b8ae6abfa248a0df38ad3bd2120682f593a1a97778
SHA512 6f13521ca479e68a5a5896ec8b075215706f74318eefe698e6c0b4f41461f8f32a17370b55507edebff9c36e7c3a50e4deda4b75fe20bf88febe9efaa112cb88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8eafbaad29226e3c4dc541daf24c5d8f
SHA1 ee85f5e0d6f086c0278c75a7b00d89c9d9a3feb8
SHA256 d1d0646d08b5320c1f46f68ca46d18c1965b760cd6735a368aae0f364e09952c
SHA512 ceee24bd6eb0c168feddfbe87ae373e09c20d4ff1ea5b2b04eccec2d7c371442e99d9a3249d1f00410d3aa82e9a912d1b776710617852c149bf4bc19350afdf6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5ab403a51e11dc2b599f24a792f33a06
SHA1 8444c49d03f9b02bcc5d6a7cdf2274d63ec45d32
SHA256 620ab801eb82ba3b7ee9bfbf7a5b5b7dccc57b250d61f5b05eca8a246a472e58
SHA512 3420419d853642664e20b129e543e54d8c7f53bb7502b4c653ce6f491603d2832f1c5ec3596cf6744ca5e765bef7eb6fd2441aea3fd10a97370a1c87b439fa09

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0AHGD03\qsml[1].xml

MD5 3a5ac6bd2b2e3866b04a8fdaba8a57c5
SHA1 5f7b7544934951559aa4147ec8c3106543723b5b
SHA256 38e66b67005c8dfd452f13e083d4a0ea1a66a7040af689e64132c75ec3f3a456
SHA512 4c495d89e2e7417cd0ff5e414b687b3e5789709481e0214b2e73ea686d99aba8282ad3bd5511166d483d1079376ad73202c7c5e0a0e822c45d816c8c36b91d7e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0AHGD03\qsml[2].xml

MD5 6706b8d61492b75f5693c556621385b2
SHA1 b78a7174b664280a3846f8f3993a6b7ddbd1db6b
SHA256 aabdfeffe5255c3343f8affa78a78ae9dc497f5123fe5bfe103860fb52fa1519
SHA512 57b4e860c3e57ece7f3a80bcde733a2cf81014aa8398c29c790d6bcd0ba654b203cde970f882d1ccc18abe3fa759893b383b9c3ca9b166c1bfdc3a90acc5805b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0AHGD03\qsml[3].xml

MD5 1d9f2f2ddc94c000714b45c87bf03f8e
SHA1 7f1b01b9f47c476c83c2b6763496cd80ebe8e2fc
SHA256 15801042fb6a5b6292102004ead79f4a598ca4a84d435d410d3cb1aeadf44561
SHA512 757e01d7b55659ebd5ef1eef8a6f2d5934f7326dc51eb5c58960e4d818d85bfeef9ce156940620db59d3607dfee40ec4356db7dd028cd04c516587a86d9bdd71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 61cf3956512a95afc67a64a9f0a0155d
SHA1 6889237091f4fb66d33ea662a70ce5405e2f2ea1
SHA256 ca8f344d226549039d6cb628be48153b813766ebc8fd73c5ac4d41ec2a3c0d06
SHA512 a7620334f48aa085660f7d7beaba96422cfdfc47ce647299ebf070130445c7156236147ce6c4347cfeb5ff51d3c8d9f92cdfd5fe814f24f03ca17bf7736cb8ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 adadf37dac5d28bad195c55d0c038fd2
SHA1 31cb15fd6ade637a879a4a4128316481ad3990b3
SHA256 4e84105a5609d28f2ad1453015e6e78b5440bea365221ea6a67211a2b4b62853
SHA512 7fdd404dbcd486708e7d73f1caaf5cb72ba7cc8b8a3a74ca93d7dbe34d2708b5380be8ff01a03b93b6e2838163232e54888f6cc9a023350e89217c30908a0793

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 2005c89d930b0c631792fa137cd190e2
SHA1 e440c3dbe45d1913f598972331e5aa67cb094378
SHA256 6f0e9d1ce8b56f3baa0ffef4191ddc21c52ef81eb4b264abd75900c0cc78e244
SHA512 ff3a8c40c6f968c64ab8dccb00c112152ba7ca3921de0320614286f0a7e7f7b861061d3e117c628bcc3b2e2574c63418be97be6722f2bc7e3b77db167f3c7201

C:\Users\Admin\AppData\Local\Temp\Tar8BBD.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81bb013b4fc84c68e4f048b904c8b180
SHA1 adaf9703b3ca3a95da9fbf0c65715ffb2b146f4d
SHA256 1584ffffe2abc6ba588a28088c4b0a3622d2f253d075bc9c830e195ca3808fbf
SHA512 c5c66ad743b31e27a451d568bd0f9ad12929c9bfe0a09e20ac0eb155fc34ee9eb87143bfb133a0f1d72c40204bf070c2984a092d1da94799dbdac5fe7c6b27a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9628e9f47772a7e03271d7720791b441
SHA1 47bcb0bc99183af5c3760848b666cdab14ed401a
SHA256 01d345be0664b14c1c1ffd8d6115f0f13990bd3caa00240c295bf992fb1d1511
SHA512 b1c607861ff94fcb2096f81b619fa5f2c870f7520001c32baf2e549037aa006e53055d0df5084d9d722de7250abb703f00c3989a6741ef1b308da4cb7972403b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 faaefad61054f3d052c86bf4e7330bc5
SHA1 e0f2c40349f6d977c4590ae937ed779afabd669b
SHA256 4ac7e22763ac5f9c1f392c16d5e3836fd569b8ea9e700b07060c64692c4bb22c
SHA512 4d6101d007ced23a815161ceeb2f29ef2e1ca3fc5134975eda2e02039fe0e77b27c2df14395fd554cca6b0e0f094520bb56df4bdfaab795d04a21e2d6a24aa64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OD0J186W\favicon-trans-bg-blue-mg[1].ico

MD5 30967b1b52cb6df18a8af8fcc04f83c9
SHA1 aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588
SHA256 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e
SHA512 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 72218f893741d3eefa634d1d7a2c5ce0
SHA1 101e2c5904c841656f878622a6468d0e591e6e96
SHA256 bcbddb4f9d014229999c36ff25f746bd084b546a608fa89077cf9f178c93f16a
SHA512 ad714a84368d1fdedad35f1737ccac605f39e017a03b480c19714a5f3e675dd2a75eaa744938334bb5fe27e6b1f8313c96a0bf70e46f80cd204aad7ea9dab487

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af1f91f5016f5ab62f1ae58b42c7a92f
SHA1 af449eaae51fe36d67e23ad050d84bb5da22884f
SHA256 a36d6197edcbd9cf892d0bd619d0d67f3784b9cd6cba0098f499537627978f4a
SHA512 ec73c2a72020d08c69329d6895a768be30a98c54be96c4240520da42caacd00268d44058ca3d0732e3895613041afa68dee61e8950448f0025d1c2d7264d5697

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 f94a0270c38a25ee3869a312ecd0a564
SHA1 4a225a141322e2f9c0445a9894e0a65ce2c87e46
SHA256 a199831279556772e9a73a6ac33d85ecf2ecbf6fb666e7534891a95291a7af24
SHA512 f77faef263a8fa7ed6512834ded792e5d80762527939a36591c3b661e3a59296033bc6df1db518fb53a1449c610fda886569718c2b7d478aa1efc8d8317e9768

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd122fcfa9758a156ae996970991c1e2
SHA1 1f0a14f819f73faebf1372bd1e41a6647bd7c86d
SHA256 af5b1b5f80927a3437030004fa847c979811bd39cbe238075a6901e05b05a4b6
SHA512 226090bcc10d007cf757e80bdcf66e63119ba3662819f6c6520d1bad82145d984ebc3f19f5f7ee6023e3f2a7404930f7d614402ea1f5349a762917b03a02413b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a659b89e6de705a5da623a9f8a8533f
SHA1 0bdab49acbe63b40b4c35e78909a5c640b804de7
SHA256 519d361df999d101076ae30a6f722ff8330e9fdbcdd4c87642c6b30454911c61
SHA512 08af6be0f47494737dd660582e5cc6fcf7a55ddf38bffa63ebbb9d0e807673eb04433617afa7a371efa144d0e1c2981353eb9a583da06f744e2f065c102cb144

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2381bf32c2537e49a73d0ecf9fca74f
SHA1 d18c1ca632cff69200948efe4b5bd677f62cb71d
SHA256 8f14ec3b452412d6a82a2e00072252362318b8245e23d2a8f4bb5baa62e2c8e6
SHA512 a069cac061bca455217403de47505b11ca1780f04eb2a50c83b230fb696cf1a74b7f18d9a5e9b97564fcf00885db5dd69cb305285e4c115f33b889e36acc87f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d252f6ed6d5ee16bb23f857a94401aba
SHA1 3423c2df28c24bcc815dfae34e1069c7b079b680
SHA256 3c8283debca73275236b6512e987b872427078238863bce800ba98472c2c3db6
SHA512 2d5f184e927eeccbb6720d77a820129c48b33677c2d3ce6bbf69b4ec1236a17b74b797146c44cc7bccac9f33bcb58805529dab0ed0e3109e02b778813e502f73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bfb4ec68e9e0553b8556532ad4c14d8
SHA1 d6e86e1d163221749c845e6573d2d1d6da74d4fb
SHA256 d86f75f69dbbf08c4b3e1e74d73b049726855fe715aeb02fc69f6e83d185c45b
SHA512 d113ff28cc6814944463c49624f7fd05beda1a3e1cc03f4e7645cf635a16cc9417fa18e89ebbd76a0e6c27ea19dd3428a73c235b36ec1d1abe3e76929852ec03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f0dc4e894329e247fa3ce77c4b96731
SHA1 ee211e72ef5751ce29f96ffc299bbf79e9bf83d1
SHA256 fd0f482f2b7f2f97336f5c7d7c8c95d40d30346441c1c50b9cf2a3718fe3dc6a
SHA512 fbc93186178b17f3ff905cbd125f70c339ac1dc839ff2cce432c1acd5118f8f252b380bc904af9285d883909d9edf5bb7524351b4c417703e5026780eb3a80e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba1ccf3c381871f076dac26942d89b32
SHA1 49cfcd3f41945504c0192525df4aecd60e887bb5
SHA256 f37b753cc60b03c6ffbabf15ed51a9bd3156041f1effb22d2d7272770c8c87bb
SHA512 774ea96ed15051e9c210489c956dd3968d87301175c9eb9ef3941169cc780ceadb468009fb82200551e549b98faa6c226fa1959aaf3c6487cce0f83a4804e352

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d94c1a62603a8380960229c36578067c
SHA1 043f59eff35e88291bd2ac8afffd4d6d732416d7
SHA256 3b6430cde4772da9943dc3c9088fb3d380f1a66c95160ab86dfddda45cae75df
SHA512 97d2e79e44d757d2a41a8f16c4d3032075b01933de6d4e5ab8a4d427ad3d51e27f8499ead8d6c1e2cbc9504f320c7a8fdb723a8ae88582baa6d66cc54e1ea665

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13aabd21ca70399b4f8b3800f746b9dc
SHA1 403ebe9eabc3eb8835d759f01174cdabe9dad41a
SHA256 dca5bf3795f3907bc02f80a6c6a30ebea916ee71465038b3c4ce263bc8d86ae4
SHA512 9fbfa98de31a17311d1157be408128058e5aaca00406bf539b400d72579d3b2cb4336e17016ae8cc9e44282c9339de3c4ed287342fc68c2732cdb5ca9e85a286

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9e740c0b39ca2a35df1e7f7efcdd51e2
SHA1 22209d68d0db545c9a7ab627f9e1510d9efce2e4
SHA256 be43ca3a5636304ac36c3d4106eb60557d6485bd96deb8d5ad30319dcfb6784c
SHA512 3bf892dcda60d6ec0946432677c3421aea967795151351ceca882730b0f19ce3df566d2b840818536146d80af37aa0e25f7e3dd409101ec53961037ac04665bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9314665d4edc594e22ca4e3ccb66b4db
SHA1 f1c545b4c4724fdda743906a0f2c32e3af89d8f1
SHA256 dcb84809816f3bdb2b5fa7493bee1b8b568cc1bfc1dcecd68b3f6cb3156cf561
SHA512 0f0ced370a410a25cc3f4aa9f83ca146a5f15cf808edd1bc9476497ff9d3ef8fd2ab8337767aaf8e3303ae2f55ae9987fcb5e29c397ff48c89d65c66c7c79b0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99a47721ad3d80784a1e708708cf7118
SHA1 32dfb90de79c132f841f5e94a342be278cdbc734
SHA256 44d8f44c0960290f3c133745a80297edbfae3ad767db2187a2724067e0460912
SHA512 77953ba1eb9fdd7b9afadbf33eaecca81deaea6539e82472ac7579e8b3ae76a2e950c9d19610be501f0e553767c42d9979e983ac02c64530248f7b0220c00bda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0457100d25971aa0702ccd631c3a925
SHA1 76500131062f43c54f554ee269ebca05b18f9a87
SHA256 6b5f6fe2a29c89b0efacbba018bce544b710c71dfd595279d80f42aed6410b73
SHA512 41793bbbcf333b64f5b22b58cf538e4dea2bc93092922d6912a3b3e812438c6620dd7fdd3f8f0d5b5c68fdfb50d5f115a5f1d31c8bf1647fdc416213e7096d29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd9c9494afafa4b05564efbe11e1cd7d
SHA1 7b7d17a3c8efae3b9402e04234c3f0efcb89df86
SHA256 8230c1b3e847e934c0d3fd2662a97fac1d9c971efbad4371a5e2fee261ec2ae4
SHA512 4577c9e2420a1e50ef3f4e764b412e5fe80abb4bebd3b32e1ccd256349c41fa65c68b4a7c11dd49f9616da061bcd8bf69c635c7220907a928e9cf605a658637c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0534c3f5ffe98c223067b16c2dfae57
SHA1 1d99a6eebfadf2c4dfbeba0367a7f01b9926a982
SHA256 42b3437d234a371b7011274b1c82ca6435c3e3f39c7282f2238d835e1e1968e2
SHA512 05e459e9d8f3f2d1cf63fd197552741a1e9c5f3a2f0e315dff47e5b75502cd17898fdb75e42d0237e6de30f717d2685bac2ede5be27ceb899bb3b710ff29c7c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ba9d5b6f9a07651865d09274d351772
SHA1 d3da2af9930eccb3bc427a2d280e6be5d4385c47
SHA256 e572a50be489e2ab349ca6a0d13d06325fc63298182522c18551329173715e60
SHA512 9993458c64d035f22b9bcd3c1137c9c128700dc04218bb1bd033efe1cffc6eb5939c2d80b78d0462aa6f7a748605ee608a216cfd4369e9c562002ea04d0c29ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64eff5e59ba8ef35e8d98a617075ef3c
SHA1 302eaf8b232c9ed6a11f575f469abc62f62543bd
SHA256 beca10acc5dcf22eeb90d19eecb7d0d3427ae17959dfa8a6855b737ffa43811d
SHA512 9512047c96143481dd82271bbb4f975f5b536de8e96096e07587e95b5e6b55e1d6b8b0b7f4e5b9ac8d2485b00fea500efbff238cbe36155ed7ea20e38f8e89a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9f377259f39a26b32007dd6249502c2
SHA1 d010c0e61212c5d96a8ace7bfc56d94735be3f20
SHA256 85f38fdc4f85f9bc1a6441128340e6d8d6a37d2425405a402b9709982f91bdae
SHA512 b4d40f0e85696e4df85cb654b9170edd134c1413d6650ccb9a40606cb4cb91d4c8f21071171571dcd805433be94907a102ee0eb420394b0459fe0139a9f233b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa7c5dc69cb9dd069a6b7388e1fedb71
SHA1 161639a072f172310f5a1a7c2343ef3599fe54aa
SHA256 ecc275821ed29ecd7dd654a0282b61731c253f59913db291d3b9d46d1f0e9609
SHA512 1c285ace3ecd6e24710f7fc25a44af1d7ed135fcadad6c33bd76e2cd7d2a53be7e5ab3cfeb2e424e183af1163e885a52d1965a35ad2b56469f535839dbf66ad4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66eb44dd534ef3fd4f1d12ca935f35a5
SHA1 0ebdd9c019cbf45bc0fb2cd359d4d5027979e8be
SHA256 5f99cdf5743c7ad0a39b1aa02f276b41746660aa08c78277efb0948b0333d2d8
SHA512 773c4c5339704d66b9a8fef7d78020244bcf9cfebe1566a07fdc683398eae7f9a96fba4aec4bb7f171552f3aed99299ba76a500ab7681ad911202f7a8f824c19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19ee09d1f43b625be9b1e3880ce49e7d
SHA1 fdd85e618cb333553972b4bbceb2f64ccd504582
SHA256 d9be39145c8c4be12ce44ce51544db4ab9daa92231adea40ef75d5ffb853f79f
SHA512 d277d4473746dc2535a4cbb303adcfadf9d2b9fe18421ac7f7a78fa908c21e6157cc083011559c98709c65f9cc5677ab78d71912146ff7541a01e199a07a2325

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f323e0cb1d91af29125e8ddade214923
SHA1 1e2bf60434192a2f1ad26ba411ad16e34d3b9ec8
SHA256 585a03b009ef9d8528dc033e4f29bebe9401d3e3413d17ccfa090f29c5375904
SHA512 11acb42c82a296d0157600e65ac52be145de4aa188900cd6dec3dab4cdc0235004bbecec32af4d8f0d05d295f3276627260360a81df8de2569c6b97dfeebf6ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e38128f8f5218f12a5443f639d4d0cd4
SHA1 bec29e1e95e7b58bd1b4c4fbd88e360c473a5e4e
SHA256 685993dc1e652313f1b1965eeb693ac433618a6eb74cf08f0c6bd3c5729008e1
SHA512 aa64b3bf990becc06fd613e2416ea29ae65f8835b224f975fb7834b50beb49a9cb206935369846791c433fee2a86bcb286d533ab6998dcc7f52df5e0b31c3f5d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\N2THDJSB.txt

MD5 41e29a44de2711323a18ee473f650e93
SHA1 d28fb8c9599498b60a0328165742343452990740
SHA256 bab9f6f95f163cd2aeb50cdc0dadaa50f704a01bb93914ee946b7c7dc1a98119
SHA512 b05afe95beb3b8b9c4e4f46899f03433f9cb81a6d5ca51c1b5c6e63b1029a11e545df02f7c3d6c5e84925b69723ce2359264a41e26713ce30f4b212b05e8b121

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\H2WTDTKH.txt

MD5 8754c231dcdfcd93f3fef2b7a9882451
SHA1 09523a4213f8135cd8b15b7cd538bb157f984b3a
SHA256 034748825ce483c4ac1ce137278142405b20b91c941988b48bcbdc1b4c185df7
SHA512 900509dc77aabdc992a506bee5a4acf88c817f4c0ed55d68a32f58fba5fb8b1ad55c941ac1ef57172628c805fbb4d55e438e7e97bd5795c7a9ac7c259294bb1c

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OD0J186W\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 d40a13f54e8cc1df6ff7a39ccaefccc8
SHA1 8df363081dfb913b8a55d0a15f30a7a4570e139a
SHA256 c055f8354395f36f323fab7d344672256ba6e50edb2b82b137661c1f11b12e4e
SHA512 592d0529abc3cc89ed3450d65c171f1d1a7032243ef67b3895d1248d6c90283c12968006e26f2371cf3cd50387a57be9313386bde2419380f7db14e46c1a6648

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUX6JP6D\recaptcha__en[1].js

MD5 c37774be5504a3a7def09eff73263bc3
SHA1 c5160a2908b3fd4230ed5cf521728fabaf3b5c06
SHA256 4fd66999fb60ad3289dfaee132ff52c0b1ecba71661e4cbfe47d09ac4f1cd5a1
SHA512 0b6bd8b8ba94b177597517b641fade09f843f22c3f02d9b1ba6440a19acacaa598aeca3c2315d106d560e78837e1e9fa74111856d52f40ca9a7865d4f4eec9c3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EEYX08N5\www.google[1].xml

MD5 efd51c2c26aed280c0fa46fec49ac7ca
SHA1 d898fe9beaa15850a52d993e7ea4a1db3d5f0d81
SHA256 035905f73a8c18ca9dfd5fd0489cf0a5302f1da93bf18c90fe5173f57057cc14
SHA512 004104aa2723f497adf5931961ecf3bf10605134d89d93e6f82167cb42b00ba2ecc1714793eeda6a4565cf950b78eadcb73a2422b0d9ac308c325acce8c19ffb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVJG9IVX\WJ5Zr3KXGmLOfRuanmzz65HPIU8.gz[1].js

MD5 09964116a876dacdb4e4a92a44a1a2c6
SHA1 f411874372672002dccca49013012e92fafddb7b
SHA256 521063381dda828e51930bec523a2d9f442aed51ddf3292446acac94daae65d0
SHA512 c89e7aa94c1d8ad33c7ae62e6f3ea0e0cdf8bacf228b33e03b731e74d7f8e04a960d7e44bd430c26bbf6740a3ac5cb1feb622ad2059cac76d492e22d21f78a8f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUX6JP6D\b5XvfNix8_OHs4DhTF-ooplQTMs.gz[1].js

MD5 b3ca28114670633e5b171b5360bb1696
SHA1 683f2fb3d4b386753c1f1a96ede3ca08547f0e02
SHA256 a8b7da1f71211278c07582aef2f3f2335b7de5076e5708db6e868ee6cd850490
SHA512 bf71ac8f59653b8035c1fb8555b53371610ae96c1a31e7bee02b75deb8e46c68b46a29dae360c579bcf9ab051f5218edbd075567b99a9fb894e7c50251676677

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUX6JP6D\DQQTu0f9ldw9QQHZ9i-TAYjSeD0.gz[1].js

MD5 30280c218d3caaf6b04ec8c6f906e190
SHA1 653d368efdd498caf65677e1d54f03dd18b026b5
SHA256 d313c6fff97701cc24db9d84c8b0643ca7a82a01c0868517e6e543779985c46e
SHA512 1f329898fa0e68f65095b813ca20351acfeaa5f74db886508fd4f1fa85811a8cc683c6fab9d9f094f596c8957219f8e29a6307ea0b2d470bdc809a4b9c9d34dc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUX6JP6D\LI6CzlNYU7PeZ9WzomWpS4lm-BI.gz[1].js

MD5 56afa9b2c4ead188d1dd95650816419b
SHA1 c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6
SHA256 e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b
SHA512 d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OD0J186W\9hmJA6-cnVArHFzYmc0jTDznMxg.gz[1].js

MD5 dadded83a18ffea03ed011c369ec5168
SHA1 adfc22bc3051c17e7ad566ae83c87b9c02355333
SHA256 526101adc839075396f6ddec830ebe53a065cddbb143135a9bca0c586249ff72
SHA512 bd1e5bad9f6fb9363add3f48fe2b3e6e88c2f070cfe9f8219dc3ae8e6712b7fe04a81c894e5ca10fb2fc9c6622754110b688bc00d82a9bb7dc60f42bd9f5f0b6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OD0J186W\jk2F-rpLS_Gysk7hn3CVhA9oQhY.gz[1].js

MD5 3ff8eecb7a6996c1056bbe9d4dde50b4
SHA1 fdc4d52301d187042d0a2f136ceef2c005dcbb8b
SHA256 01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163
SHA512 49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVJG9IVX\PgVOrYqTvqK49IEnVEVlZVYfA1U.gz[1].js

MD5 f5712e664873fde8ee9044f693cd2db7
SHA1 2a30817f3b99e3be735f4f85bb66dd5edf6a89f4
SHA256 1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2
SHA512 ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0AHGD03\cJksCHwhB_Z32I0ytWPMUDsybak.gz[1].js

MD5 a5363c37b617d36dfd6d25bfb89ca56b
SHA1 31682afce628850b8cb31faa8e9c4c5ec9ebb957
SHA256 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f
SHA512 e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0AHGD03\ihC7RhTVhw2ULO_1rMUWydIu_rA.gz[1].js

MD5 cb027ba6eb6dd3f033c02183b9423995
SHA1 368e7121931587d29d988e1b8cb0fda785e5d18b
SHA256 04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f
SHA512 6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0AHGD03\yjXVFOxf6UdoTA2BOwEH6n4ClfI.gz[1].js

MD5 a969230a51dba5ab5adf5877bcc28cfa
SHA1 7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265
SHA256 8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f
SHA512 f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVJG9IVX\BmRJAuTc8UgOeXgJh_NIObAa5HE.gz[1].js

MD5 55ec2297c0cf262c5fa9332f97c1b77a
SHA1 92640e3d0a7cbe5d47bc8f0f7cc9362e82489d23
SHA256 342c3dd52a8a456f53093671d8d91f7af5b3299d72d60edb28e4f506368c6467
SHA512 d070b9c415298a0f25234d1d7eafb8bae0d709590d3c806fceaec6631fda37dffca40f785c86c4655aa075522e804b79a7843c647f1e98d97cce599336dd9d59

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVJG9IVX\pXVzgohStRjQefcwyp3z6bhIArA.gz[1].js

MD5 47442e8d5838baaa640a856f98e40dc6
SHA1 54c60cad77926723975b92d09fe79d7beff58d99
SHA256 15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e
SHA512 87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0AHGD03\GK9SuRKiu0QbKYnVgoAlgmuWrNU.gz[1].js

MD5 17cdab99027114dbcbd9d573c5b7a8a9
SHA1 42d65caae34eba7a051342b24972665e61fa6ae2
SHA256 5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de
SHA512 1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUX6JP6D\kzHfYwAwahpHm-ZU7kDOHkFbADU.gz[1].js

MD5 fabb77c7ae3fd2271f5909155fb490e5
SHA1 cde0b1304b558b6de7503d559c92014644736f88
SHA256 e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c
SHA512 cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OD0J186W\5g-N9K-X1ykUl3QHEadPjpOM0Tc.gz[1].js

MD5 f4da106e481b3e221792289864c2d02a
SHA1 d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994
SHA256 47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9
SHA512 66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4cec4e23e45901d7d7507bd165504e5d
SHA1 d6a0d8ae33865692da3b657dbd6e3b7ec6f53d90
SHA256 22b6d1cd9441d726be8e8f782386d8aae70e99f69247f9e88b7b504f957ed5e3
SHA512 1dad627de03de847b3f430c1f55c498a68f43ff047c74736afdf1fb4041644bcc012c039f5e83516352a4897081cca564c54606aa0c0737ddcd9e4942fe69b22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcec9bee163500a1d9b31748b1f8a84b
SHA1 6f2c53a7ca29720638ef892cfc41a9416f46ccc6
SHA256 c71a27b451c1edb537ce629a6c10e613944247d1b19dd2c07f2dd83e2cfb788a
SHA512 90c312ec6993e9d813b25017223fed7db501c804cbd7a48e119d551040ccc47b2f4e06ca3f424ef49a3c104ab33ec9fd6fc8fc498a12b8d8deaee959d4d85700

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 717ea0097778a7ddbe5ef51cf1293d84
SHA1 621e8fe4673d0ea25eb9e7617551f01a00aca536
SHA256 ec62b2117c4942e6c8afed3b2b501f7b12680ec6b3dd3d90f5f9b832a9245b19
SHA512 2949f82890e3cea9c40fca8e372b0249e913c84b41a8deebd23ff5f21767a3cd960d8ccfa5ad581aa5034766a6ec1844c001488847db7748247f46818c1cb5da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 def6d451c96898842ba05bd9167b9e71
SHA1 0d918c5f91d468652210a45313c93106be982a90
SHA256 c6ea5a3aa05a40c79366c98b2083c23e341ab48a097f7522ffd591d593a90ac7
SHA512 78cde8d59f5bf2b51abcf99339e7a9989e0334ec4bdcd039473a91a39ca7539a20d9c045fbf56c43c52c30a226bfaff790c08919dc87ffabfb206e0b9142ccfd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7390cf8a1fa053a868cddd87e09a34fc
SHA1 2611a4e657c2011919a1761d424de4b2e712eed3
SHA256 d99e485fb77c7d84fb3e8ca9d1587f9eb4095c7a00337eff94079a6045b27545
SHA512 ba57ab8c908e6fbcd9e120abd630d1bc99c1ba6133c27754a067510000e00635208f24855b0f7197083cfb21f579cbdea94c07af1f6937c55105c4c7c9f08ccb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 191d012be6ba462c17e5df7f8568167e
SHA1 f502f9515846eecf189c1b288820bb17fe889185
SHA256 be3b2b0cfb9b6b54d6694ae2064e9af0a5bf71b92fb9742d680e30cd7570465d
SHA512 e2cbc0e50c55b6f47dc163e822e364df6756e9066f92c013d9be7423724b058545e56aa5cc37dc0d1dd2dd5bf824d6c25bc6bd1d4be9c6b11877beb636561526

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07d03a91a630b76787f8c19043b19b36
SHA1 e4f29e50559ff7a89ffacd6e0f4abbc7a23d54be
SHA256 3559f126076ba52a3b00598d842f81289bf68cbd65994bc0600591a8a4d24a1a
SHA512 b093e754e9195007b645c7a147867ddcb98b9483907451879505bdf2362722861cbb02f728427fe38925b75cf1e58f5befb67392477133b510a3efd4ea47c615

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8947508f4e23f4b59d5e980545dacca
SHA1 c1b9344b77d0104641a96fd9e3ccc43ee7cf85ce
SHA256 cc127e6c118788661cdaa2a95920d9701f5a5bd9607c198aecaa2a654b6ec414
SHA512 e3489908276ba5573049386b6a702355d15d1f77cebfee222e913c9d5e6cade5f4a2add69fbf228c7a92fd4f720e3c4a078b13dc1ae80604030eac7801746506

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da5114eb4f90cb865e4ca7d5d768250f
SHA1 0219e446e9c1569611a31cab86b135647f2f53fa
SHA256 e2e37d8f837ed69a5067f2bc487f8a55ff6d309f9e9d18f86047c44216977e22
SHA512 741eae1d40ac761fc2654c853a5eed7a451616ccc2b4bb4e6d93d774ad199dece08ad386839ce80556911c6d84f69f4e4445d86c3b00a5294b41fe700d633187

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa082a5eee3f37eeaa2820816a072bfb
SHA1 8ee868752f3f1632b7154c21fa36b1159613f3cd
SHA256 8d9a9cce024ee58a0abe5b7ad99b90bc3d156b5a59be1e4f7d8af47ee1c6064b
SHA512 b612e4d605debb0af92e4642f33ff8f6eccaf59a58fdfb2546ba7751f69de6b7d97cd3dcee7e3943207e85e1d004af08276c0a54bac6c72a1f5d8587e2fa4dba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 366c6805612c518bfe1ce025f868f19e
SHA1 c7fa3d98dc64ad5f5c60eaf5865de95887629a48
SHA256 3b3fe6588cf4d821f4b1f20de5042ada72c8dff4ba6bebdac9e3cccaa971c79b
SHA512 2fb436ba494a48a0591349b7452c87f0a6e1f2acc1d88a49ac31c55088bf5799e683a95d3217c229917abdad6cdae3ef54d01f8fc90bfccc851f5853fc6cbddf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99eac1eeb1bee3d9977be11429f0488f
SHA1 755e3e8acdff062f0a706d5191097c71af9db6d0
SHA256 17d02ecd5408d17ac1e42f7994705ac82fa88dc80e088f450773a9728712e460
SHA512 4c95f9205aafd87db1938c7a9e8becc261e20eff8679e9076e3d4794cb3e8f51bcaa054b3ee32d10ddcec97e093118395e53858b21c4d7e683ee0050ee44ee3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50379e0873a6874d73bd61c2affc7a72
SHA1 406f1083e313ff21876cd0680dd722effa0b45d1
SHA256 71a1401f0086bad59bde46034c5049e5ffdf8be73187ba5d760d8c51baaa9970
SHA512 9427d0174aecb9bcd150d1f2739b709f8a04b2eb1965970866116c607a84c8bcd37d954c26e9235eb8592e77de984f53481b30a4e9d2930f248d873c9b7909f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c6f03ccd9e0a89a3750f25865fa737f
SHA1 0cc79587ff7f13383c5278d33e7a94155d078616
SHA256 b410e5b40d0298b5949a69d8fe13d278d77b5c49da4c5223e669fdddc3c39db6
SHA512 63b02d75e37a1227281b4fb0d3fc877fc14baacbf93923b66ec607092eae985579305d9170973dee5b6e041c5d504eaebdc7b2773049a84d7c8a92b56918daf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d0d55cb296a6296f77967c5cdf394b9
SHA1 291ff76cc1c24d258181f2ce26454da0e326d4b2
SHA256 52d1d51969a40c1f342b345d98ae14e9f4becec0ba1406d8684c65420686a204
SHA512 216b39112ffebad54bd770696601d7880183a40a57ee36f908c58838370b630af656fc2ac12741efb76fbdb1b03169a7e6945a1af9e496eb3331b213a515c401

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88e99a14581bd9f15b911c104fa5ceb0
SHA1 a679a8219146f38b08e253289cf48a7745192639
SHA256 6d13f5a1f367a3bfeee603c54f11311d2133369e6b8a94ede98a454aa33ba239
SHA512 ad6dd69d817b8f5cc0a0b234f7222a97bc6836a0275264a88d5421c48b76d307fc2c4485d49f36e2b7fe7971f69310a034dc54355508a34caa1502ba86fc9321

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2852f1ff73c0f1a715ad559ba61f25c
SHA1 6209e81ffbffe5cc7243c7ed16b292900567692d
SHA256 b78a1bd87fe7cc922777423b52dc71fca7b26aa182383a0e6341e6dfe1384c51
SHA512 a9140b4663bd08f92639eae166d53fc781aa87dddad8cece1b829342b512141e95bd226794937f9158dc102f22d255d51a6c5fed6f9cd4c1abb33ad19d8d6d8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13f42d0bfb3a4c0e404c6a09ad3a977d
SHA1 9092087b4c0446a9acf52895cf71d9a509fb7f7f
SHA256 4996d26067e4404488e37c98beed60f24358b230cf911f89ad5816ee39cd8568
SHA512 193616f1ee60615af2bb5d364b0e9ad23b12e2fe7b009746015904e00fd1298388ec20fe9ee88d4e4ff4b347773799bf3adb095db74662c9c8eb408098f6384e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05a8e8d0a2a648b2cda7f4a34a286850
SHA1 3ac42d49043d448eb1c3fcefa11ee2a756076435
SHA256 9e8bc9dcebfa680d1f140304dc849af29cad09c02df35ba5c62ebc1ae1698d43
SHA512 6ece24d504618a576ce2fd66e4eab27aa82c13bf8236df0da21b5d0a0b4e8c3ab29574dff82b9db83877639c4353e4d919cfdf83133f51aab2a53132137f2f15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88357bc4818ac1de6d809e9ea8ab4165
SHA1 38754431cbb63f0de83612b9c23c53cbd0b7ab38
SHA256 58b484ae703832127febfd7e957b0708bcae9227ee1ca50cf020780fb7fcffa9
SHA512 6c9c956a6ca6f186fcef13d5b51fa28c01be6f42c0f94a6d29cee7dfc2e7e8d27b81d38417f9030fde9a1dba1b2298fc11c4afddd12b466fc0d7e6ffdc8edb9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ad08a9fbd3df2dec464eb731b7a2c5a
SHA1 e63e8189afa1b4064ae0e05110c5e4814d2366a7
SHA256 1ec8012657c4beff81ae74765c907208ed4001cd040b5acedd33d1696154c5c3
SHA512 ed4162c5110a918f3350921eebced9564c331c962e3cb2e2823c669d7f7922be7cc2d8185568b1ddb3e9cf038adbfe5da75406ccc17a18db12b4e2fb673f8d6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8dfdf6abb0e410c6fce67eda452dcd3d
SHA1 87bbb99567f08ab6750af69997414421502852ed
SHA256 22e1657f4feec20b2eb3edccd826b285a8c4ed3324fc035c511b37e24f7c679b
SHA512 30ff27909b3d3092085346ceff759aa1243bd61818f8e586a2f54ffcd28f873e55d9ec89c56c70718b706b2bde36213e80b0d680351d15928837ffd3acfc0dee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdbd9d97fa91af297245130a505dead7
SHA1 6049a5743d8510f716b625a9463b8eae760b0a20
SHA256 8861ffffd442ecc2b206d6aa6e40dc410c8199b6efcee64d2c6530b7ec645e39
SHA512 e12a097d908c50b6c7b2deed87ba602e945e1c528507ab95b5b79f34763f24ef63f979b41a437a5d71acf6070a244a11c219ab8c19d520bdc8018349f7c7183e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a4f40f49921ea0a3dcace0986b900f4
SHA1 886a2b9fefbf332a95de0fcb56ad185525776955
SHA256 7ed9505bdc502e36d841b0cda8041672da3801aa7badd1a7b8524ab015a51fc9
SHA512 e1c0be2dfc8be6d1712f2ca4cbae760f8844a7295a4501db4e7e437d3be3135a5bc24bc28d20202418ada8b8a01652fe90c8ed897008cbb65dfb98ff10a9b7fc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0AHGD03\2IeqNnpxuobNf8w1fP2Oy2HEFfk.gz[1].js

MD5 22bbef96386de58676450eea893229ba
SHA1 dd79dcd726dc1f674bfdd6cca1774b41894ee834
SHA256 a27ce87030a23782d13d27cb296137bb2c79cdfee2fd225778da7362865eb214
SHA512 587d5b5e46b235cdcdf41e1f9258c1733baee40b8a22a18602a5c88cba1a14edf1f6596c0ab3c09f09b58f40709ac8cf7e1bb33b57293aa88eaf62d0ab13fbf4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67d6e1e214bd330aa9c9568458d3b5e9
SHA1 88344e65511478dbc229cdc8bc1cc806f62a1695
SHA256 ac500689d2eb6736f0a1f239f749f23d80429d12350c4ca4b3041b721c603975
SHA512 90ee824eba1011d83bafa1bdf3c386a6040ab250c1a8fde5c384e85adc9306d88766bc458813f8d2c5c297cb51b6158161fe2bc20899ace8f38698593775256f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0AHGD03\43BJuM7qM_8Wd1WfIZM2_oK9zrw.gz[1].js

MD5 b743465bb18a1be636f4cbbbbd2c8080
SHA1 7327bb36105925bd51b62f0297afd0f579a0203d
SHA256 fee47f1645bc40fbc0f98e05e8a53c4211f8081629ffda2f785107c1f3f05235
SHA512 5592def225e34995f2f4e781f02cc2b489c66a7698d2feff9ac9a71f09e5284b6bbdb065e1df9c06adfb1f467d5627fbd06e647abf4e6ab70cf34501232126ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7dd1921c3ce8f22d02905529fe0df250
SHA1 5d479d4d350e77674b8384a720a1a8a78475cc16
SHA256 6e7a98aeaf1ed61fff6cde9fd90f34ce0704625d2377f2823973dce9e0bd84cf
SHA512 439624692e2d4da965040ad6723e3a4d66a449d6287504f14d53c9490d5b86f7c0a301824693180088aacd11dad12cb19fbdf443a5b3db5b8cf7612d7446c099

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b37ee8f6d9efd8597d74d5ba109a3437
SHA1 d81d4ef1e6ed257bd8ae2f016639f2dbb5f4e112
SHA256 da1f4b8404fca78214a6620dec7c38feab3d5fd6d9b47cf456a646b9b0047cf4
SHA512 c6744642be8973e296f04f9ee79e68c940b2aa741d9797527e5da5495db007967b7515fdcab437b42df28685c66d8148b85f1f336e353116d92301832231a66e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cad59115184a5267a886534de2ae6ad
SHA1 8e1d289e7204cf51fa787dd827b21e0fc54bd247
SHA256 35cf7adf13b3a6be58d0d17be18e8d4238b0be8677108cd8a767f4e8561cc0b6
SHA512 4f21aae649e5200313f0a8689177acb816db916e6118226a5da8d8e12b4bdfe59b3556f8b23c0b39c02af27f61e8a51c2293a2f2208af2ad69ea0c9b11029509

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 008ba1c9d35d1b03c648b7442565f985
SHA1 4a70cb2bbdb6fceddc838cf10a8c2f86714db883
SHA256 c401e39d2685d794adee01b57a5e55a42b44ec753d1e6eec4440973e03f2a8c2
SHA512 255f9c56fa1dd083738f150f6de13bf4196ac3572df9fe58899e7ba60dc284a2eced7a5194afe2b1c2d9111e818a718700c05127b934762967dee64b4042b753

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d00dda2dfab4c5c10dbfa292fb0f078
SHA1 9677e1cbfcf6574a88c9f24283495139f12ac055
SHA256 efe6984058fc37d5de6f813ce74832e5636faf0c2cb0b768bc1528443f86d9bf
SHA512 c01759deb0d828c7eef95dae11262fe458117b9d41dc145d835fd195061e025887b332b095a2833634233099fe0012832d6e8513762f66f509e6b6d2d1eb3251

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 952ddadc0c590aa22dd249e4dcecef89
SHA1 ca6ab1d0354ccb93083de53729a362eeb9a998a3
SHA256 532aef3398099290eff8179f5008420acbd9e729f9d9541fbaf4942332dd0da3
SHA512 61769935dfc864c562fb1eb71468e674e11b11da0fef0951b9c137f9ec580a334fe267d759ec2a5e35079e2d21016a784cd246e5f2485719c3201d2603a53d6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d64444cd15eb2512ccb9dc9c6edd5a7
SHA1 efb74df07c6a916dd1d4bab953d2edcfac56dd17
SHA256 6444c3087a6de489b6057bf1879679383e11c909f01bc7c7e939fb650d3ebcf4
SHA512 f4c6753cf80359bebe3765a38575a2a22c69bfb22afdd0b0b85700b95ce5c1252249db3a5d43255284fc283ad7977aa0c10f4de37dbb7d6c349dc26895287202

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f565859b9f1e900ddf5e014bd1712c88
SHA1 c1dfac73e2b2bef7e61a1126f4d9e8c35a1e8e54
SHA256 0a6b3b34eb00a4281ca6e77225272a2b7522abb8a96497a5e6adf3b25537ffbb
SHA512 5e17b9102027cd43341c1ca8118ddbd8da20cfd1b4988b67a6d3ecbc458bb2b1bdace29848966ee990a8344f07657858c4c55202682e7e91cc3f985c7c0a796f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6371693486adc0b66a0b11793961adb
SHA1 7a71b75728e68e4482e088162b465b166aba1717
SHA256 6cc52cb56480e12d7842d3bf465f78c4907f4f320ef89bb923dcdc77d3d53c57
SHA512 8dfee2ff63305d48612a3c1b7d0c39fec1aa4296dfdafe6e89aaccd0d6865e5fc6965369f020a1cf3934d31f267380c60f2cd93c6c3e8b55ade5779f7f7e3799

memory/2560-4016-0x0000000000130000-0x0000000000140000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b03905bd595119378a4736b6a92a5e96
SHA1 0c7e7b02d6564bd449e2ab60aa88c39523008275
SHA256 bbc87e394545f55dfbb363cf880a66a80dc2765a993e31f377afd58bbca281bb
SHA512 ee5e5277a082e216c92f1f3853e6603430b1b00137a9d424ba26be5abf1dd3569b293346a35b86858f431f6a93b8a872c63bd790bc28d6a255597bd1c2be0bf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4661f8e64e396c48070b8637493a01f
SHA1 895a42b1cfee56167de600d8ce7ca0b7fa264265
SHA256 eabc9cf32fe4b575f8b7778123d6f97d1d641254be15234ba051f36d81c65409
SHA512 1ff8cd1de6d0eb11299bd4fe8230a09b6128a847d52ff6a2f0c544de9bc8d3d4346e4551d6d6132c07efc707e0666cca4129e74a5efd123f4be3667e20aed1ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8325b8ee8dc3447989bcdedcd6bb57d6
SHA1 0ba101e33a68a0c6a585598db3d2096877998380
SHA256 03e9ccfa3a3458bf7f382306b74f95d12007912484c693c6e66320c29b3da650
SHA512 78cbf0fd82f2f1048950a4a530b56efd3c9dbcc0ea46f254e566720aa7969fe536ab42e6f965fd21c064e7bec58a51e9a94b06221471f673ea0b64bd29e18cb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a581d2156a512e24b39bca066ecb16d
SHA1 e516855fe5e1d890749bae6b239011516ba1e850
SHA256 7964481eb0ccbd7727c83526627aa5460ba4b7b19ceea7fa97e9cd0146169139
SHA512 eb3f2e2647da6b82cf6e3b53f506ff4851478ff3886f9aeee18916c7755c5fa6791a827535d4fdc790a5fad1cc9986e229ecbc682120ca8b6a31b597661c636b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcd38d68aa7b038aa8925880381b64f2
SHA1 7160b540e43baa16bb2eff1fe54d074bfd6a3c0b
SHA256 b8dc4559316e393044da505f5197f443c4bb2006b31f980b8c5c285d9693b0aa
SHA512 18938fc9eae942538248ef2ca6e23acef990ac7f1e6216ac1ea7415610972a2f7275349603e2cbd7f5f1622e41286ff84d0bd356c22cfe1021c29472bc9907ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1940339db988ff8f362c15b812b2a21a
SHA1 466ed7a02e7bf17eaf0bc0cdcd627c0c31b41dd4
SHA256 feaee97f556dd42b6001b5012c95bcba9d2632608cf1763cc31d10d10296492f
SHA512 791a64fb04b50492703332f29c9e712d0526d184b410c7d99f8c3ac4c40a295e0680d24e4278af96072022d14ffa635afc11217b5a3cc632a65f5485fd8939d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2a6e0e665a50d3f26b4f18b711f0371a
SHA1 747596a575fe93879a56cc199e877d8d62f48dd8
SHA256 c8535156ae42e73297b88b5c4f6f6e6704be506c35d59abd1451260db393b3d1
SHA512 13eb5de4ab4f5a379c3f8f0cd21931eba0ca906765a06699fc50d492edbe82c63ce19e3a086d0043c26cfce084e855b16269d2a607cf44512f2f0afa054cad49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59fcd69f358e09ed0aee95bd78060ca3
SHA1 0aa655fda0898b7f0bbd2c95d5b3e0d94e9fac5a
SHA256 4844fb9f41c2d96c6a6682d574867a70d00c6da877f9a55a8d1bd5cff923bbf1
SHA512 15f15c21bbf31ac871a0587de80c06ed7dc31ca3c681da6c6136952655d640cd91ae0039ef6abae535deef19fdcc6639f509ad333c665a33f19fb5ba68ca9d0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a0ca4ac6697eacd29b28e4407a9d0c6
SHA1 b31a9441c31c5adb09d7cd3c0c8c0e2691760be3
SHA256 7a5ffe937b60d21f66ea0b06c38b7543795299bc6b0a2488aebac51d47bb4953
SHA512 7eb4cbe08076bcc1931a90077301ed8722775b708a5e1e63f1552c4fa380f3d31395421e7d00c26a7587084223ebe670b8eab2949fbc392915e489a66981371f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc62e48d7e79fb843de3f98a141d564e
SHA1 62543fca376746a7199490129cf948be29f4acc0
SHA256 d3bfa1e7e84a12c0b0cc4f3a747cecf196f99018ecae8d024943e6fb4b42fe4d
SHA512 5b75b8b09ef41982fa426371f4855f3ab34145c3628a2e17ec7d7e382de579a61fc3fe5ee7ca1b338b7389e0532e0cf3ef69a6a95de1937e484350a4cf3e5da6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c799c5ab3de820547ecf54f266f86d7c
SHA1 45c038deca3f4fb3962c33a29a52099b0f6b0084
SHA256 6143b6ad28f8140621f53892b00e6cfdda8e4f3834b8215c139aedc3fd6669f2
SHA512 df4406d0444bb07cba6dca9374c59a0920d40d089f2177600ce7168b63aa1f128ad73f93f5ef3b986b24ee1ed048d0779220d3ec2c635bf1ef9ae92db627e488

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93862565f76b02e197d8bf7ea95def24
SHA1 ee196c516cf58e5a293c383b7df6e7b6038c41b6
SHA256 fcc899f5ca3b549d403dcd7da9d16371569a30098a13c7f6ee6d136313b12e18
SHA512 4d76281065994b23d4656a4e92d36053db4d5cebb7280e28b6451ac49e985e049bfa76b4bd32bae7225f774d470e815dc5faa932b224fc12b7ea6077964a5956

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-16 08:07

Reported

2024-02-16 08:09

Platform

win10v2004-20231222-en

Max time kernel

101s

Max time network

132s

Command Line

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\DONATIN.docx" /o ""

Signatures

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Processes

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\DONATIN.docx" /o ""

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 240.76.109.52.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp

Files

memory/2696-0-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

memory/2696-2-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-1-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

memory/2696-4-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-3-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

memory/2696-5-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

memory/2696-6-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-7-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

memory/2696-8-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-9-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-10-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-11-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-13-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-12-0x00007FF7D6E60000-0x00007FF7D6E70000-memory.dmp

memory/2696-14-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-15-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-16-0x00007FF7D6E60000-0x00007FF7D6E70000-memory.dmp

memory/2696-17-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-18-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-19-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-20-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-21-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-22-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-23-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/2696-44-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-45-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-46-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-67-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

memory/2696-68-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

memory/2696-70-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-69-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

memory/2696-71-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

memory/2696-72-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-73-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

memory/2696-74-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp