fa2269db0c52a3b35651a2ea4969348b71c15443856cc04cae29d7903f91fc48

Analysis

max time kernel
149s
max time network
147s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
20/05/2024, 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

O0QOOQ.docx
Size

12KB
MD5

003fb2931f318ef8a3350030386e7260
SHA1

b67cb30bac11e5f0ccecb8f177e395cc703ccb6b
SHA256

fa2269db0c52a3b35651a2ea4969348b71c15443856cc04cae29d7903f91fc48
SHA512

e9a5482ff82756cc0fcc82d6ff6f750ce1496c7f34580cceebdd0d42c96e1fbe21b0b93fd020d0f1949a0cd2a85904a7474532925f46a06b3c3036dde8ce17a3
SSDEEP

192:CtZb/3d6+ZPCbFpwN1x3zGpcER4Yvc5kpzvt8nRRiOS2qK:aZj3A+hCpwon4YvcKpzV8+92qK

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607109691072597"	chrome.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
952	WINWORD.EXE
952	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1008	chrome.exe
1008	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
952	WINWORD.EXE
952	WINWORD.EXE
952	WINWORD.EXE
952	WINWORD.EXE
952	WINWORD.EXE
952	WINWORD.EXE
952	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 8	1008	chrome.exe	86
PID 1008 wrote to memory of 8	1008	chrome.exe	86
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4256	1008	chrome.exe	87
PID 1008 wrote to memory of 4776	1008	chrome.exe	88
PID 1008 wrote to memory of 4776	1008	chrome.exe	88
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89
PID 1008 wrote to memory of 1820	1008	chrome.exe	89

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\O0QOOQ.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb44a2ab58,0x7ffb44a2ab68,0x7ffb44a2ab78
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1784,i,8304921402229837793,11543037912668626238,131072 /prefetch:2
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1784,i,8304921402229837793,11543037912668626238,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1784,i,8304921402229837793,11543037912668626238,131072 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1784,i,8304921402229837793,11543037912668626238,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1784,i,8304921402229837793,11543037912668626238,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3488 --field-trial-handle=1784,i,8304921402229837793,11543037912668626238,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4356 --field-trial-handle=1784,i,8304921402229837793,11543037912668626238,131072 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=1784,i,8304921402229837793,11543037912668626238,131072 /prefetch:8
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1784,i,8304921402229837793,11543037912668626238,131072 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1784,i,8304921402229837793,11543037912668626238,131072 /prefetch:8
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1784,i,8304921402229837793,11543037912668626238,131072 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4640 --field-trial-handle=1784,i,8304921402229837793,11543037912668626238,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4684 --field-trial-handle=1784,i,8304921402229837793,11543037912668626238,131072 /prefetch:1
  2⤵
  PID:5096

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
ea48a8531f4a902ff02bc34e75efbb3b

SHA1
b9e048049284fbec9deb462498ea2d64aed0dd51

SHA256
ce4c797c5c0ff89a87d3f0557e03299424eb0e108bc75185f6655dd3710700d9

SHA512
6c037413a63bd844adc2c91f125df723d73b0c3f5d77a0ae208cda5ea5d2a8140d19e79ecc34cfd1d5ad5387b52727d11f436a35c23daca8c53a7a2cb73a8aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
bfbcddbb0a99edc6ade12026f88f46c8

SHA1
d5f9608c8ce1f2b55f05db85bb97e27f0a81a275

SHA256
f7303fafba65e953c6d8622270ad4303ea6f6566be0c1a357a221b6f7e066a03

SHA512
fee7842b4485e5284d49c3f4ae2451e7ea23954f7a48f666892f4080b1c430794fe965d4a7656c0dbefe8ed774486ab2ce89e7eb01d8d268958caa06c0ab98a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
c3057b044975221c0e3ab7626cd0d672

SHA1
5da3f6d91653d38ec5a981795453520c3cd1fc96

SHA256
a096a89da1c0d139770d4c5ec835e353e787490d67aa5141e6e3a15e3db262a4

SHA512
3f500c9956a45db9f985a9c7daf13c8891e83ed11a7ef274ddf136259b8f95eb463bd0f69cdb0e83e900d62a54ed8f5df2d981758b36a18ee795112dce8d8f6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d7b0677bf6c91852c50e2d7a80d3175f

SHA1
6fe2d841d010a77ba221900daab32314cf835a4f

SHA256
7e43bd15955406d2562f4297980e59a32d5499ca7ab43c8e4b377b607742de35

SHA512
2c79b1f4d84ff197d88ae218ae8aac11a5635da34d72d8398defff35f530d41dcf51e0715aea60197a859aea5102c573fe22ae73b6f443dc84e6a225c449027d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
d7b25a6ead1601595ddd422bf38e839a

SHA1
cba580cddb9a33ecb33f33f87ebccb2234fb8e6a

SHA256
2a599f72ce832df6a7b9c829598e414968633b39055da3a5a5133220267adb32

SHA512
ed51f29e06264d74f91d6eb24a7b1fd46dec5c7758a6ebe4b7f51c4d1e5c59b8f2a47e097aab7fffbd7d4e120b07b572716853d611110abb857df800fc52c3ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
cc93e522ca73ffdd69d938aa5f6b2bd9

SHA1
610a1f27e48712f337652458757120f64e66123a

SHA256
fa7738cd1f995a1bd3146c20e29aedd3af3dd4eb9e6ac41744e9adb4ef88bc8b

SHA512
e5d45e2259b8421405c30395e5e60f3e318a12d8536965654ad7c13bea0bd95fce373fe8904bd5d6da0d0314b5dae306e1c4e895e3b116be364ef7a011e94321

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCDBD0D.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/952-12-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-22-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-23-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-21-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-19-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-16-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-15-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-14-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-0-0x00007FFB30830000-0x00007FFB30840000-memory.dmp

Filesize
64KB

Download
memory/952-10-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-9-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-8-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-5-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-2-0x00007FFB30830000-0x00007FFB30840000-memory.dmp

Filesize
64KB

Download
memory/952-1-0x00007FFB70843000-0x00007FFB70844000-memory.dmp

Filesize
4KB

Download
memory/952-24-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-20-0x00007FFB2DC90000-0x00007FFB2DCA0000-memory.dmp

Filesize
64KB

Download
memory/952-518-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-519-0x00007FFB70843000-0x00007FFB70844000-memory.dmp

Filesize
4KB

Download
memory/952-520-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-521-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-17-0x00007FFB2DC90000-0x00007FFB2DCA0000-memory.dmp

Filesize
64KB

Download
memory/952-18-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-13-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-11-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download
memory/952-6-0x00007FFB30830000-0x00007FFB30840000-memory.dmp

Filesize
64KB

Download
memory/952-7-0x00007FFB30830000-0x00007FFB30840000-memory.dmp

Filesize
64KB

Download
memory/952-3-0x00007FFB30830000-0x00007FFB30840000-memory.dmp

Filesize
64KB

Download
memory/952-4-0x00007FFB707A0000-0x00007FFB709A9000-memory.dmp

Filesize
2.0MB

Download