c31e7dba103325f7f628232793ad9208c218ac0502643c517db0c93d8d3ae7fb

Analysis

max time kernel
1799s
max time network
1697s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 15:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Result_3_18_2024, 2_20_16 PM.docx
Size

5KB
MD5

e47d227c187bb0d28e0d618fa802441c
SHA1

621f1939b8875d9bd22b3edabfbe92215aad3266
SHA256

c31e7dba103325f7f628232793ad9208c218ac0502643c517db0c93d8d3ae7fb
SHA512

9061d8cd81f55e7abbe519066c91901208a427cd29f315e46b80c8a74f17daf1fdb5df7604987529e39c58c48414858940179594cfe2c2134c3231478e205637
SSDEEP

96:uTiTpvlz0C3muVaCMGZH1Kdh0pizg7D5Kk2GHVaalM6TRvVrg/bM:6OpNI0mKrMiKr0PXsk5Va9Gkg

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	WINWORD.EXE

Office loads VBA resources, possible macro or embedded object present

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit"	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\ShellEx	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohevi.dll"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ = "&Open"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\mhtmlfile	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler\ = "{42042206-2D85-11D3-8CFF-005004838597}"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application\ = "Excel"	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\ = "[open(\"%1\")]"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\ = "&Edit"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic\ = "system"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler\ = "{42042206-2D85-11D3-8CFF-005004838597}"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\ = "&Open"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ = "&Open"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" %1"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32\ThreadingModel = "Apartment"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\topic	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application\ = "Excel"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\topic\ = "system"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon\ = "\"%1\""	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\14\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\ = "&Open"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ = "&Open"	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2512	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2512	WINWORD.EXE
2512	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2440	2428	chrome.exe	31
PID 2428 wrote to memory of 2440	2428	chrome.exe	31
PID 2428 wrote to memory of 2440	2428	chrome.exe	31
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 2816	2428	chrome.exe	33
PID 2428 wrote to memory of 1904	2428	chrome.exe	34
PID 2428 wrote to memory of 1904	2428	chrome.exe	34
PID 2428 wrote to memory of 1904	2428	chrome.exe	34
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35
PID 2428 wrote to memory of 2148	2428	chrome.exe	35

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Result_3_18_2024, 2_20_16 PM.docx"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6969758,0x7fef6969768,0x7fef6969778
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:2
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2364 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2384 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1488 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:2
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3208 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3724 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3880 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2588 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3700 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3380 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2112 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --instant-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2368 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2052 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2816 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --instant-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=696 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --instant-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3472 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1624 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3208 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3444 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3852 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3456 --field-trial-handle=1248,i,5755662576370112360,3502793243868049984,131072 /prefetch:1
  2⤵
  PID:1276

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d3451d88553503ee266038f94b82940

SHA1
cc9f95974ead11653d72d73c7fdb4397b93a20b6

SHA256
ec789e99fdf718cb91d65e17679dce1d191b061b3c095b4a92f43836c7baf907

SHA512
a0dc9e1844fcc78bd58fbd4c4651a48bd45d445911d25e72efa4735f1362d680a923dd9b3b7427024789877fc6817e5eca5f98753e176fb613ca78e634d5b3e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe49ff4920231ac6b9107c896daab0ff

SHA1
86a6fde96623f9cfec90b5aff7cedd65c6ec03a9

SHA256
51bc1ebcc9e846004752537bdbceb4c9d7554f856ab57af51e4625e833ea526a

SHA512
c7e3b26c2518ca0863de8419df852d95b92cb3667832fe87f5cc9150f44ae6a9dde27ba72659496a2fd485935f97868f23475da29d9a4216dfabb208c27c2b57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63229d42cf9234cb7521649182f3e7a2

SHA1
fc17129c321d2f07da1558854ce8291de0833faf

SHA256
bb84de7cd77634b02f9932868872c4772625bab69f8ae2f14f5e23cdd1621faa

SHA512
02f0b7fa8be42cd1a5c7151da0146006e7d653c9cbc7011b204fcb0f3099d2aaed82b41e4ede8e9a964826520c8326c7777ef97e8b738ca9ebbfab4eadbfa6b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
75KB

MD5
76482ac3875ee9d975aba36b849aea00

SHA1
af5904a237d84fc0e647a3737f54a07e977e08e8

SHA256
59a4f004d6c66bbed8379150e427518de1b56ba21c2f2edd34d237187247de2d

SHA512
a7422e70822542a803adc4437ec676459761c65aadf1152925066955278d734337c4698c564ad47dafb591470a8158fae7ee42ab5258cb52935f5b239a2ebbf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
196KB

MD5
813c1b41e435242e7365a4bcd7adcf23

SHA1
2d25e1564eaf93455640413b95646b3f88f9075b

SHA256
70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542

SHA512
268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
27KB

MD5
93e7c16239dbaa1d7ce242fe773a0950

SHA1
69f8f623b98f7271246e5104e5b0be96666be9cc

SHA256
4c08b630669724d71e5946faa29c85e9f62ca9e5aad1cb9625ffe27fb0f14d32

SHA512
bf660c22bcd64eeb197953ef2a43e31bcf73564e2cf854384bdc1b050a9804581b7cbfbaa8fa24afe3f5621cc43ad72c2c88d9d9dfabf302aa8290c5dbf40c88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
83KB

MD5
d6f9f2bf48554ae6037cf2da7accaef4

SHA1
11c98fdc1a6bbd4652484e417b0de4beae941345

SHA256
d79306b0dd8625f069929dac2d37ee0d9e75b6a26f5a16f37d73e8d1c5e33d7f

SHA512
138ca0e31910b35e35f9e7104e44424cd1507513e3a12302d2933e634d31f56db4e5d241ebf2d3a0b6661db324b5eba48e3ef8f233b590e391951c0083931a91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
09e3b55d0df1cec90d9b878536abee61

SHA1
435549354af8058951bfe49a227e84daa32d3812

SHA256
9740f5e4152d2b58bbb6101ae20cabb3f41c08ff4e93fed7f5c9988a5a11f8f7

SHA512
a511f88e590029ea99ff5101a52d9ea930eeaf3893d5e2ddff86d17bba8149c19f7357f86e6c9979608d9c5aff7c88c5bb86e74e51540affa173542a09a0ad8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
acfe4ad44dcd6cc6b7353fcff4aa8cc6

SHA1
71cf59db31a0136865ffa8be27ac04304f5fc33c

SHA256
d0f4081478bd3f2536a4eaca2d38cdd7916d476c41aa4e881b90b3c18c5cbb0d

SHA512
2884535e84ea9ac1a25452c4329ac48c4bb7c00477f272a998872a9fee5b3e88ebdcc1b3077cc6add7c2401a83df9af8b9012becd5de1eb87b18571ecb800e55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
06857cb1865439a5cf7a4089f091dc54

SHA1
6b908909cb9437de202ccbe76b7453049116b4d9

SHA256
9fb3bcafbfe938f7bd87245da47d3b9aa9885d9da8af910b0ee3ca38bea7a718

SHA512
9d9a2483a5ba7cd2ad381a96003c4a96c56acb3741ccba58a1f51f2d79f1e876d27981c116607ccd2cfd9c5b04a0d364e8c667753e93101c789743478f58624c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
85fa818c303097036213faa8461a4fc5

SHA1
d2b69ebdc951d4bda237277a6eb67e10a9a6c6d0

SHA256
6e5910001da2829fdf75e7a7efae34f54878ea98dfb4b324be8d0faa53a8b7fa

SHA512
7e6556c0122b4b1c4cbb0fd743dfe10ca2e5b76e9df8d280d6697d83f7efd8da93a9947838e66063fdcb12fb49e27860917d49a560f5179e2e5c753cb58d5b01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b76f5a22796805e50260b6383201a489

SHA1
ca6e6e1b2b6c7788cee46964bda767cdda8923e3

SHA256
cc1595c984618ae78a479a1aed478aa07fc5850ba8cac5a11ff665ce450dafd8

SHA512
f604c896e0967207e0838a9b3bb3e1c885034e8f41d4ffd70ad43f11c94149c65fa87ce4cb06d199fff859c5d190a4ccee76b862be69acf292f6e6cd8d943e6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
46eee59531f7a59741e63287738e2beb

SHA1
5783fe1a4ecac1505cc7fad28f48920d2ab02ecb

SHA256
a87c647a0679f32f8c0fb0629fa3476349c4abd1409c90d07303f6542ea40fd0

SHA512
fdd6e2af478c7e79dd8da74181ef2b557331aa4ed95ae3adc00d495dfb00128ce1c5c8025603f0fc66a6f3b09a21b94cd32c3ec6591b5f7c336c9f585d76a0ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
f63cd70fffadb86a8e47c6a162e0cd42

SHA1
3f27f93598cba70bb3f1969c1b2d69835502e7c2

SHA256
21f0c41ede1781ae324ce84b87665d4c6dfe20569e695765376176a0120c6ac1

SHA512
c340e52496724a8756db9cf6d00b441915f1db1be0b200bbe603eb83f1723fcf926e726034fec31c0c87e789d47e297260bf2674ea1bf4e2164f22b14821e486

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
f6effb8ee124ab93a4b76f531ebe0dee

SHA1
08247b2d9afd060486e29b517588237b4d53d87f

SHA256
aa95d6937ae1b47b00474b08e8dbaa0db07f0a4f4ab07761ad176d632ec36b4b

SHA512
32ffb0d22ef9c5d20212eb4af971b93fb9e40273cce722871c80e5bc5588806b4a770d290d3fc9dded6d2d6e2894f9e5b76e547993d9f8c8bd85a54458ca8db4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
852B

MD5
218de4e0d8bbcaca450cc2138d7de579

SHA1
ae874b6e1f48b41dc693bd5cacef205b726407d7

SHA256
a5c7826e41b4bb2719527c56456fed1c23fcb2976f77d69c102d37cffec5a5ab

SHA512
af744c91d143400846d6763cdf036eb67cc6d5f3d88121b0c02267661d65ae1828780478f0fefa623777fe56902e2d8f1bbfe89ffdfd002771e39a70799b6dd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b9cc4141-9124-4e87-bb94-8b254a742f7b.tmp

Filesize
4KB

MD5
05f3c2e7f9ac2e49eee7a532477a4c30

SHA1
22a69ec13925ca6afcf3096c9a1661325a178559

SHA256
4a8331c04f251ee1d487e845aa11603109b4b44283e99bf35ab5286e46a3d0bf

SHA512
7eeec4bb9dbe8a0fbefc5fa11c3e1db5c8fc700de9b1624c815c85326e6aca637344cd0c8a9f717c0254dd41a1bb3f092a92e88e23bb490615a0dd4753597157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cd0a780c9178a3d9f994edf2fdf4c5f4

SHA1
9956165fcc58694060cf188801969a6e81608e4b

SHA256
d0e62757bbcedb3b494c729fdd962745978be8217045ed21d0e6ce932dd6a416

SHA512
92b6dc1f94e15198df71647f5d4248404b45bf00d90db7d1031e30a0ecab107cba663e786dcb341ec3d315b32bedc1d573fcfccbfb848ce81e570097ad67826c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
01ed8e28e6f634aa0b4c3bd1f9373135

SHA1
f851a869160fd44196e5fbf7e6bb4b2329339c86

SHA256
a02dc7a1d6db612544e20bccf41cc982a8f60cdd2fb51e11bc4b08c0630f8436

SHA512
49c7628ba7e518daa60f2d62c78cdd9e09b261bb6845467e2ae836b0a6e1c6221f222f464b570f4da8dab418e9dcc49550d1ca4d7635cca1a14a991f942b9f0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8454e4c20a047d4092a6a03a40e91f86

SHA1
4e05ba8841f1cfa6b64a1dd55ff62b93805c8aeb

SHA256
fe507bfe8debe5173f396a66e33b9ba5ceb918221e9f2f309784f00c4ae0a669

SHA512
a8dbac55dd12174e3022f3c6e820d5a0125e3f047d4471d5e1ed286074a08d0849e3dd1969f8da2cd506bea0e845ce9111d9fb2233c9f1b841e655734a0d1afe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a8fb905f6d1a17c97e993b75c597fa35

SHA1
5dd6d4171c4e826441a1b0fd6df97dcf0b13a219

SHA256
9fb8b3baec42a2046b2e9d63ace2e8752e05e99e7ae1dec0943aa02b946fea33

SHA512
f0be7b3314685c3ba84708d67cc9f303f05ae3df0748610c47c04e162702506a157e19a65baf0d8997d2c60b6bb4629d1fbdc816f6757f3bb563d2d09e514da9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
11KB

MD5
a6a9e72173eae8ddb14b91be9e962a52

SHA1
1b14cc9f1fcdd543562be394bf2fd49b3d35b123

SHA256
3cb8bf154521db8d76ab75c301d2fa6fb18ae0c139414f1fce8e4e5ec172eb51

SHA512
ac0607180e3eaf975ae5a5d3b46b04ff48980bd7a70353aa489af226abedbad5746cff54ddf4d53fbf3be23ab722fc521f3fc1e1a1901cbb18c5df62f929e93f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
11KB

MD5
7dbb86c584d321c46c92b3ff659f84e6

SHA1
28ceec6df30a1b7e1b8bd22eaee60bb810dde4b2

SHA256
d2b240362823282077cb1418af94f98192358829b7cf798c33e7e9f0bbccc2e8

SHA512
971f379801f9285f533ebc8d561fa2242f5df53f479994af83750a02866fc878c4d0aaa59fbdd01c78ab64c14d222fbe49dda3fdb28a7bdc355de6fe173307cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
11KB

MD5
90e9c6111db5f7e9aba8f5f24e921be9

SHA1
2172b457903ea9148f1fc29a2b20ed562117d4aa

SHA256
8e2ba09ac4afda52236388fd23d2978781e67e39b540049dd57defa6d845342f

SHA512
99887add5ad9555a2488b2aec329371f4dcc2b96db2f16c26caa2d4ce1141bc2ff0a9d4314808f5d4a5509ae08292db0957c27471c74c0562202b801d6c0ee0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
11KB

MD5
a996a03a61e402f62a9857408f14bb6e

SHA1
1ea42bfc917abb652f648384840480227498f6b0

SHA256
423bd05fc483ef93ad5d506bcf30426eaf38be179780ff64a55999196ac7247b

SHA512
c7f834174284a97abe30ef8463e7bdfc54e2bde7e48905bc4dca8e0982517e31f99ecfed918992c505b900c220bfa6c2d0e8d4aefc406a350e4239cd04ffbf11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c10d6822-fb31-4804-9cf4-9a48d64bcf0f.tmp

Filesize
7KB

MD5
a3483f4c85767b10f6cabf55c2e7f3d3

SHA1
25290f3f59b018b350044b7e90175420094c36c5

SHA256
816c310a7d36c93a94aeb704485c92f12669c99fea66270cd0beea1da49a4d97

SHA512
3cbc754f8cb086bd08d647fdafa536b2dec4a2b370001e112360df75331006d1ee0cde71239fa19fe54c4c1a9ec658ef933458d5294b70efde1b79fea8d3e554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ecf33534-468d-4dbe-b882-e6190270cfbb.tmp

Filesize
6KB

MD5
171291043cc205495dfba030d23f84e2

SHA1
9826fd46d04e90003a0be364a9bdefee25c5c275

SHA256
3706c8f67aa775ec9940213b928e9dd2505ede1fafa4054e608d90310fc93a09

SHA512
1c4db083730c58c2afc2278a548e1e9fda15bb4fc85bd27a3e8d2f1d54316b60a2e19253b1bda2a72e551310d141fee5fbacab20e03c42dea31cd347bd279163

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
24458be962dff61b3e18bff176417f1b

SHA1
ec22d29bab44e1a7a649cc7dd04cf7c8cee101c3

SHA256
51960eaae22b6de335cc97226586389ff21d0115a552c4627d05051c549c7233

SHA512
d37dda7e8a551ac5a05ae46b19a0251d6177e30d2873b848234aa4e43ec5f2c3b34afcbb37240427a80f0a495b832a2465d27f7c1697f60fc3d719aeac06dd0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
928f7450705ef56633139e0743226a04

SHA1
fce942a6d9f1afe881cb71e224124f13a3abbb89

SHA256
0217816f5c0caefb1a7cddcc2f291d25024920a2981ffaee562f0bf7eace50c4

SHA512
e8f3fc67e9396815d50ef0403dc6780d939c9d32342a940bbcc1ff8220d96d6cc67fb70c784823e5c65702006f665e14f4590ce8787c495852ce35a5105aa5a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA4EE.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

Filesize
20KB

MD5
942e01108f5843c58dd6526c3c640803

SHA1
40364b9714a044f800a3e8fa00e56407e94fd797

SHA256
ca8e68ec48478d8e15ce7e00f6757d0df17461780433a83c898f53d6103d99d0

SHA512
63c49c421d3c8cecbfe010e4c56951dae7bf158fa01ef40110ea9f52988db4bce1713c6a6c4841ec76e94e3e63bbcf3e72300b60b8a838927d3c510e6b609b3d

Download Submit
memory/2512-0-0x000000002FA01000-0x000000002FA02000-memory.dmp

Filesize
4KB

Download
memory/2512-2-0x000000007178D000-0x0000000071798000-memory.dmp

Filesize
44KB

Download
memory/2512-33-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2512-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2512-34-0x000000007178D000-0x0000000071798000-memory.dmp

Filesize
44KB

Download