61d76bce21ca5107eac1b40aa13dee84268887692f97d0f8335f51848b735503

Resubmissions

19/02/2024, 03:55

240219-egr6wshd5z 8

19/02/2024, 03:52

240219-ee2ybahd4t 6

19/02/2024, 03:48

240219-ec5leshd2s 4

Analysis

max time kernel
26s
max time network
150s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/02/2024, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

M1.rtf
Size

479B
MD5

46b0d9404ff94d8f45cd7ec8ee925db7
SHA1

5f6c5ef584cf794a62741208f8a785b73f651ca9
SHA256

61d76bce21ca5107eac1b40aa13dee84268887692f97d0f8335f51848b735503
SHA512

dd174447f41b3131e5a89932787234ca078510fa4b753450de80d556b74dff387e567a19e1a320ddad0e65a903f028aa6e6daa45021dfba48468711ab10bd492

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	WINWORD.EXE

Office loads VBA resources, possible macro or embedded object present

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit"	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit"	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\MenuExt	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command	WINWORD.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\ = "&Edit"	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\ = "&Edit"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\ = "[open(\"%1\")]"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\ = "[open(\"%1\")]"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic\ = "system"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" %1"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\ = "&Print"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\topic\ = "system"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" %1"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\ = "&Open"	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\ = "&Open"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\ = "&Open"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\ = "&Open"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde"	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\14\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler\ = "{42042206-2D85-11D3-8CFF-005004838597}"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler\ = "{42042206-2D85-11D3-8CFF-005004838597}"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ = "&Open"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3004	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2816	chrome.exe
2816	chrome.exe

Suspicious use of AdjustPrivilegeToken 44 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3004	WINWORD.EXE
3004	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2856	2816	chrome.exe	31
PID 2816 wrote to memory of 2856	2816	chrome.exe	31
PID 2816 wrote to memory of 2856	2816	chrome.exe	31
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 2648	2816	chrome.exe	33
PID 2816 wrote to memory of 1428	2816	chrome.exe	35
PID 2816 wrote to memory of 1428	2816	chrome.exe	35
PID 2816 wrote to memory of 1428	2816	chrome.exe	35
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34
PID 2816 wrote to memory of 1328	2816	chrome.exe	34

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\M1.rtf"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7099758,0x7fef7099768,0x7fef7099778
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:2
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2140 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2100 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1456 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:2
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3184 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3928 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3912 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1904 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=900 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1104 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:1
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=736 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:8
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2460 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:1
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3524 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2532 --field-trial-handle=1156,i,7435941868153100985,308092970455681947,131072 /prefetch:1
  2⤵
  PID:2260

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9aae039fb1c6eff2abacf2493c8dbd4c

SHA1
30a6ee75abfbfed1acdc3d7271d939347086e30e

SHA256
39964838c725362f3c054302c562915422aaace83bec35a46127684b1323fa21

SHA512
2613823b89627b34f957381980d2f98ce625e316a2362a33a10c69b44150b1818352d40794217b45e1ea22fd014c0326b9b5af413d13ccb23c4ed1467202da37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97ef4d89020e7dfde99f8ffd604d2af4

SHA1
19bffe66fdbb562bdf10000b1c0581aadac8139b

SHA256
b9af036258077df1c45de865b72b34e1f3dbf1cd8dc916f4d8320c4a95fa5401

SHA512
e15255a727b9d43604fb9fb33f2550927a5f19f06c1c33d0948b145c61a45f2e4c9c7e1e73707758edd272447df641bc2d42c45679810f2d1240adbabac4bfba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8bbb63190296c3b213952e8bda2272ac

SHA1
339efe4fa3a9e86857af6bfc487c1b9c17dbf726

SHA256
44859c881929ab6c17fa61c16a3e2b8e2bd45df3a398cab15ce4cf6eac412313

SHA512
ecc22c90ca9d9a3077a6d9a6b69e0f91ee3c4c8bc532895280156eda8f4e161582e3a9e9b5e80a8a56125bfd9e2bd11dc551d50072966db9cba09ed57019ccd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c1a2e32e281e8bd0bf19a99f5c50e26

SHA1
c8617ceef94eb335ad9b6ddbaf3a3695c691344c

SHA256
6518cc88a672ba624329de1adff7dec9e6bc39a98390c3b3b448eeac270a9ac6

SHA512
c82a2842b1a0d2f08aaef7e083e3d4d42c42767e279fe421128394e5cfc4190cf4cde5f1383fa7f267fbb9c00f4ed2c5ac0393983151c0efedf136f34938c64f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f60ea9ad3f1851e795de189472cb453

SHA1
ff9eaf2e2414acc6fb92b36d0b8cc25931d2c633

SHA256
06878d88496941ff5691591d7535787fb90c72fdf4a4bb4af1d3f9cb0510e32b

SHA512
3c29602541c0f38712e7115ddaf6ecee5b00a296b0e20e566da5c075d0d7f53665ef370818d7780d630bc36a4a79fcefbd7ae665eab0fd1566ae47f6f1bfe57a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2716b83104878b380d381e31ee598a6f

SHA1
f2379352916524fa36be656e1a3b4178c8aed8fc

SHA256
971a2953459ed60ffb9d5da1b0e5196aa5cb10e0614ffb6cdfdfc48c00cb89aa

SHA512
5344ba3a7c138e430ad1baa8531c65aa22bfc6bf4dcf69f5c22084686004f8436a95169aef1d8e0d3e34a78ef7849a4c96636aba6031eeee44fb30370ba220f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8b6c5c87-3e0b-4ab0-93cb-f67cd18cc785.tmp

Filesize
5KB

MD5
fb830ae6b169c59b3e6bf6e9a27f9ac6

SHA1
b411840133860e930bb0ea0db72a2d1e36500625

SHA256
7ac504d5e2e15b169c5d68d2c845169161211c8e456ddb9d340aeba62c93cea4

SHA512
11f4bbd2bfadb683d4c286b6c9b7c118dbfc9320a6d1e6af9c06f1c20d8054a99b6962569f272c3e208ef734b397fd4045b36b6556f18cc66da46e1361dd0c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
53KB

MD5
221bc46b83de704dccca72f3338258bb

SHA1
8f683761ada56847b36c5422898b908a8c34870a

SHA256
e8f2957b329308b3341894cefada6cf08001fef03aaf5709b9f118257eb579a2

SHA512
be622181598928840f54d531b41896b6b204aacec7974c26e4fdeca7e4cc8e19afa5ef86558ff5c2750a94200423a3818d8652e5bd24ef25ab616b983400278e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
77KB

MD5
e45953d0682e2a657ff372971a47fac2

SHA1
741cc5bdbb8eb63aff46aa989f02bc079438c82e

SHA256
970372acba743b77d9af8bef7045861e92b02d4b89c34adc12c4eed3e0eec364

SHA512
f3ce974e39fbdd5ec4a0cf270b9bdb01dad3ad22a9c4aa9a780b721bc68ab49f02f00a4232f2cda3d75ed5fcfec6395289bf5da3e0071531a9f2273a32772233

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
86KB

MD5
0ae4e6f9ecade543950c4e56b211d20f

SHA1
14183e1f8409793c2f78d51c663d1a0d73a046cc

SHA256
4c1eb3b369edfbf6b7ab56f03e964dcbc6f7a34e8b79cf377123b6040e2415c6

SHA512
4d14a792580cacca6d83da936a6e414cee4815a5dd04f0fd6e143b329296cdbf93809332fc3b73cff3a03706dbde343ff06b698b06cacf679bcd9ba57f2dfe34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
135KB

MD5
017e445442b783126162f032ca37b50f

SHA1
e54693bf76243554b6e2cfccaa945203c260203b

SHA256
5dce37ae7795bcf44e90ed560f2e38dca1bc64b71e1247e6a13133a74eb28c35

SHA512
bc84d70fa831000175bb2edfac010612fdb4a73d1477e16ca9c164a1a0bb06460a0cbe3c89e4a962a577f6de19f8d1046821ce4abc95e8370944c174c0135898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
70KB

MD5
9ae73c6fd98767eeaec09c36c55493d7

SHA1
c8abe691ffc90d7e4f2b39eec5649ceb60e216ba

SHA256
993145210504cc6352db657fd3e78b93e252aee5c53a106c3c3fe2c24d66c562

SHA512
0766e17b74868a0e0bbe3dfd42ece679b0f8df5997c6a7d06bfb254eb25a1578f63dec2e325afd7d8328a0939e424aa8dc41660ebec378d955228b9047b4e27f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
103KB

MD5
3605925fe0aaee549ccee7103ed40688

SHA1
2679a42685e892e946b84558f7283d4b9cc4c7e1

SHA256
bd6ec196e57616fcf21945b993f8f35840c24a79138b82f339fe73b7aa57c21a

SHA512
f71de2e7e59f3d9db18ef72aa68af9c0466300b0c37275eef0943b494c1caf72afe86f0d5835aa9552074c7f11425e2bc594194f841129a12c084e69045e3e49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
28KB

MD5
250dcf4d603937e6bfcc2373fad4eed6

SHA1
086e5d9c572d6456250f28e282a52902a4c8724d

SHA256
826a2384faaa212dd3294d780cc522832711f511515e096ee336236e6fc7c2b3

SHA512
2669c2c1b3de0a3ccee19735b0eb8a38960fb0a1fb26087f81d95e2e69e14df71fff5f55981177d562af0a6b82db49469d6f7fa8d8b919cc448ff9c17f62c8c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
70KB

MD5
9093594862b3f4426f398c1e5af0a4c3

SHA1
2761c32f5b6ea2cd27928b281ccadce114b16e76

SHA256
b8df643c47b886b4c3a834914530b9b659f70aaaec5b11c1b1b3bceb38706fb3

SHA512
5cbdfa1565f6c770e4640a9abfe384730c1e12f52798c7a2102a001eaee82ccaee06dd46ee143c5085636a5d9b7e4d5a105af2fbfaf321dac67f5cacfc5f8c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0fe5eca954d435be_0

Filesize
3KB

MD5
3bbaa4e69e860ad8a46cde0ded38c646

SHA1
99498848b0a6097e9715abd53429370f20cb0322

SHA256
05ce0bc8d2051ea49d67869d270cc0cc06d27978953a2818f3eea4694982f0e1

SHA512
3f968e84f75b4b57f7221e4a957619c48663b3a9fdf3195659f15464942da7aa26bcd26f32ef54850279786466e5ec095c2b50f7bead3099edb1e86babd1a117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c4aca0594a437fa9_0

Filesize
32KB

MD5
de1a1215f133f5c16ea203026888f8a2

SHA1
6806d929c9399538dc2fba79b06b099c766a530a

SHA256
d8ea8b61496188c39944201b8f82aeb89a08b784e135d4cbbf26f4dae5f84978

SHA512
a2d8606f959b93bdbc51ec29360132009513c44810785b5d14b8bee1fb7bfb73c832f4f23afb13e151d16d43b4c79c79b3bd4e6ade6765c8f80ad243e4710bb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\eb2160374a4de9d1_0

Filesize
290B

MD5
bec44832e0c91a6383ae41ff093e5d0c

SHA1
841b96e0cad2621b12a014703ae505f0a6deae43

SHA256
7c4087234eb3be71e6d4789df53be7c83ddcd1f4af2ada0dc016f723d4a886c2

SHA512
d0e6de8a1c573b143c3cdb0422d2ca96571703ba72b2a0080d6c620e8a80d021ce9eacdac0575a23f78009dfda7df5f90781105c9242ff847f0d32602cd52e6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1c45109dd166f26207547f3ff2521b7f

SHA1
31fe21acd5ac3fc4e56193307c9f5d697880d98a

SHA256
164ca0e6a0535dfbb2db420f54c64267d7973367b28336a8414fd7bd02029d94

SHA512
3465052a1e06dfbb12efcba82d9ece41e7ad0ea26ab2b3ec409228435e9484aa3234d8ecad91186fa2917226a6e9b33accd8e44220712a6e0cbb8f63c1dd9356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5960b35b0dd27c494e20dfc2e193e6a8

SHA1
dfb8065daab8dd506c1e033ee9275559030ac787

SHA256
de9c67d92aa486899e2f5d567e68815972ff90b72c6e991f9e1b7ab077b5f239

SHA512
a91af1c5d8fb30b747967bd00c5070b2867753cf160f7fd285379a26ec2c4c916c86faafe998813c5624b56e9de80ad87154bd6ae6bb84b1610a89bb95610201

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
af32418b6d912324af42f7c8dd69ce9a

SHA1
4527a6d628df7e5e5ef826b723868f6b34a70734

SHA256
11d78d1f474579fb1dcb46b58c1971402c681c89660c6dbcc82ac5933f2a7feb

SHA512
561e1ba097a255d93f0c549a65e20ce1a8fe3e373dcaf86d087fe01cee421154d7bdee2fb87720ae9c3c8f36104a52362a110512a5134221339ce78ab21923bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4e3813439f3555862d89b031ac2da443

SHA1
4e53bb8d910f7263f4d1d93c132410cbbea38cc9

SHA256
7496bcf6f4b3a8399042cf882e49b2218c712b4a25e73359f9a96fb08915864e

SHA512
2a2aeceeccf6258e4cee95a8539d837e2e95e116ff6b32663ac5dee456b391c48ad1d1810fd030b2bb0acf909520328b422f19fefefcb4bae789dde63c2d2ff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
525B

MD5
853370cbfe404c8bca361c7ff8dfe6e0

SHA1
6311e97f09f3223a0d44eefafc15c3c74c3fde1f

SHA256
0616a691ef2b836a4d0b758d7e9aadf358a2cc82fb4d09a272c307ee73ff8f17

SHA512
12a09573df4f4274a631cc08c2a88178afc0c72baec165c57c00e99a082cc90c313429c18df126067c17228ad7ad93e2cf48f8c2dcb7e52c28c6e8d139c1c4f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2e8b428f6e6b414953a3475ff4b7a211

SHA1
689ae0b98680d60c86c655e7c3f2d8e073f55c44

SHA256
edad7c7b28b92717bfa6474decbc49d90870fafdb4c73f3dad2806e21189f266

SHA512
133dd62157c4b2aebb3f0c16cf88bcf955380edc90e20fbad5600fe5952a919e8ab48926f5da370250f9dbb6d2bf26105756b86e74dedeffbe2526e44c7407d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
d93f4ae3c8700b5f615b511d51ea7a05

SHA1
0eb6ad34820700a94ada4cd2619fe2d94b7f9d61

SHA256
aabd7f930bcb1b2114b097742529e2d97b40bd9e0a26569585c9c94780ffe271

SHA512
3dcd5dcdf272aaef4a3c1dd26c0e9bf9d7f51fa80e4549739a3f5e6a50e2f8ed82ee698318d082d8277d0e9ce2fe35d25ff185bbfd2e9ff50ccfa9822c4878b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
4cc41cccd7ee9e64c0e49798f07a1f0c

SHA1
388e603b2cd18327c2671045f927b13ecea9d589

SHA256
454a30ac5ba3d2b68118e33292f3cc1881f5a0ef99338aa8a3d11c1c8d21ca98

SHA512
f7ebb0ae4ea18ff16a22edd0043f28264309a8ee3c93ce2014e2c3945d1f584a9b4e98c49a486c2c26540d1bde263611cd85de03d89f4ac5fabac6266ef30310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9a2e5db3fefbd2e151c1a9bf656639be

SHA1
606150d385b3f056b44b87b2ce7c3a81fc1a3f6b

SHA256
00beaac5aa6254f2a4aa6545d905596298dc43c83ed2c6608e9b0749fb220168

SHA512
7c2fffd2c3a3a0b640aa714b2a81245b4ee153c0870710893486fe70681ddeeb77758eb1fb08e79dc39238094f061ec11a01c92923273324b4bb73052ee5d083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f0f01f0fa603ee97a4e6c0da7ce88867

SHA1
ed397f93580eec67edb2389f77623b149a1a83f6

SHA256
9f1e7f3a6ee0bd38cb5934b29461b034539404064986de41665c787703fb96b9

SHA512
0073405cbffc691880e11d21972535aa25d7e286112015695e1925f8d048fc360373d08525be0f162531b837a72dc88efe3db24dcfda3e4ad067a790a15a0e02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
300d4934e0627a7c6c94874f54d6a56c

SHA1
2667fb59c7dea10247429c5c0208554e13fca158

SHA256
6f5dcb99bcaa887cbda0cfd39f6effd805a24f820a38f537f8bc184e93a716a3

SHA512
4717806b72f53acf3bc3a02af7fd00c6ce8dfcf5f7c6ad16767999885686eaa9ac8beb4ded6aa867a9104c9c09826fe6edabdff7ef223d27cd214c139fb96527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e8da1882-ce4a-4eb0-bb29-905d389acd16.tmp

Filesize
6KB

MD5
28addfdd4209d9f860f986449f885f9d

SHA1
355755b9c4e9104330db72df21e14aee3abca6b7

SHA256
5fb8d3d13f2d88dfbda50a60473c9b20540fb216f7f3f8feaab2e8440e116ae8

SHA512
4bf2d4034e551c5635562f61bc69e70aec1e86b2f3115c1d510e42e1f29d8753bc73dbf8ed5964aba0b1d0eb8e916f4212627e45079746fbcfc96ba7c9e86c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
74KB

MD5
8c8a946c07512ccee31c4d2b14a41505

SHA1
44240d56f0ab6b20152447e1bef79de9b1aab041

SHA256
fbdaef78b5cbfbf50d0e78fc1e19a6a85b4dd28a8d964191ee07b4dcf83c97be

SHA512
db3ef3fbd3e99a415ee506f6beb2e918a139f9960c58b4c2338c5c28abec0126088740c6f36a7138aebd63ed4ed4af30c19fc4e2b45ef189bfb1f7dfda67ba9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB203.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB225.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

Filesize
20KB

MD5
ffff24f198cc1a5c5979fce3710309e4

SHA1
22d704154841102abdd36460e9195da702859fa0

SHA256
d1d485a95258a2d47a0c3a2d6a23fe014bc1004ce8dbd709eae56f5064435cd3

SHA512
fc5d23e8e218074da83fd1e3aa4f43764a5c6084c7df17a195c90c6f476856021e3175d8940a391266172bea0df855ff346ca8cc97e9a4532d974f8956d1ee1b

Download Submit
memory/3004-75-0x00000000715DD000-0x00000000715E8000-memory.dmp

Filesize
44KB

Download
memory/3004-74-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/3004-2-0x00000000715DD000-0x00000000715E8000-memory.dmp

Filesize
44KB

Download
memory/3004-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/3004-0-0x000000002F7F1000-0x000000002F7F2000-memory.dmp

Filesize
4KB

Download