Resubmissions

07-06-2024 19:53

240607-yl3b7sde56 8

07-06-2024 19:50

240607-ykgdcace4x 4

07-06-2024 19:49

240607-yj29esde32 1

Analysis

  • max time kernel
    85s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    07-06-2024 19:50

General

  • Target

    Picture.psd

  • Size

    275KB

  • MD5

    51d05bdf927d6db9b8955a0f0884a157

  • SHA1

    851e1197cca9b39275bd29bb24da1a606e894c5d

  • SHA256

    fcb63ed3223083b3f1d6830ad56204e47d2394fca667cd21125b744c05f6e3e8

  • SHA512

    80d60f5aaee5606f427983b77d6b315141d938f3a9e231ac83eaa6274992ed3815a8ee79186655a09278327a9d7abc0353f60215f0f367d8778ad8fe3d6a29fc

  • SSDEEP

    3072:ewz/rtm3CEcBqzzyv+KSKT5UoPUrN9GRi79:eZ3cBwzAKKyociRM9

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 48 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Picture.psd
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1776
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Picture.psd
      2⤵
      • Modifies registry class
      PID:3052
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2628
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2616
      • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
        "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Documents\AssertGroup.doc"
        1⤵
        • Drops file in Windows directory
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:2800
      • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
        "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Documents\Are.docx"
        1⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1172
        • C:\Windows\splwow64.exe
          C:\Windows\splwow64.exe 12288
          2⤵
            PID:880
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe"
          1⤵
          • Enumerates system info in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:2144
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6619758,0x7fef6619768,0x7fef6619778
            2⤵
              PID:1532
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:2
              2⤵
                PID:2312
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:8
                2⤵
                  PID:2100
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:8
                  2⤵
                    PID:2200
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:1
                    2⤵
                      PID:2996
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2200 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:1
                      2⤵
                        PID:2128
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:2
                        2⤵
                          PID:2864
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3228 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:1
                          2⤵
                            PID:2060
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3208 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:8
                            2⤵
                              PID:2096
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3488 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:8
                              2⤵
                                PID:820
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:8
                                2⤵
                                  PID:1760
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3500 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:1
                                  2⤵
                                    PID:1172
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:8
                                    2⤵
                                      PID:2412
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1088 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:8
                                      2⤵
                                        PID:3060
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:8
                                        2⤵
                                          PID:1080
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1092 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:8
                                          2⤵
                                            PID:2792
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:8
                                            2⤵
                                              PID:3004
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:8
                                              2⤵
                                                PID:2040
                                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                              1⤵
                                                PID:2020
                                              • C:\Windows\explorer.exe
                                                "C:\Windows\explorer.exe"
                                                1⤵
                                                  PID:2276

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

                                                  Filesize

                                                  70KB

                                                  MD5

                                                  49aebf8cbd62d92ac215b2923fb1b9f5

                                                  SHA1

                                                  1723be06719828dda65ad804298d0431f6aff976

                                                  SHA256

                                                  b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                                  SHA512

                                                  bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

                                                  Filesize

                                                  69KB

                                                  MD5

                                                  4f9d58547367f284c0fa5c840c00b329

                                                  SHA1

                                                  afdf5a998830ad8bea4d57ad8cb3882ac911b43f

                                                  SHA256

                                                  3104d7911ad5190e95f4bcc647740dcc286325ca7a57f46510cd7970aeced0cd

                                                  SHA512

                                                  7d21bdf059b4cbb5a1203c8c7333ea91118bab3b6d935f59e7e89637eb31d2a28d69033ce8501431dfbcccdb6df1f05d86cc4d99af01c68270a5577b795eb350

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

                                                  Filesize

                                                  327KB

                                                  MD5

                                                  420c92784446f49963c8e9caedd17425

                                                  SHA1

                                                  ef05de375fedec2795f9a9527483c17ac6d211bd

                                                  SHA256

                                                  fea5580fd2f268d43c0f781d9d3aa8659d4fe926e1db572c0a2ac8ff6f30fe52

                                                  SHA512

                                                  9d7bfed436ea499559a9fa7cc37ca7d67c6508112c89466d8d0978a082450a17eb80edb6ce8d00b15c6b8a9958f940a159860726ab11fd9eeea46bb872fe2c43

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

                                                  Filesize

                                                  133KB

                                                  MD5

                                                  8bb4333c9b03c5d6bc2436bad3d9baa2

                                                  SHA1

                                                  5c695c20997271beb672b8eded3fdf3af1cf9ce2

                                                  SHA256

                                                  bfdc6372d7f4eddcf1e45bc39d3e8208479ef1088135928f8e560b53f5c3afdc

                                                  SHA512

                                                  05f270d4e56fae267c1170e73b808cb878007a112feab442581a4be2aecab117b35ca3058b25305e21250cd2079f0bc96773ea60fb161946094e9a38d35dec05

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                                  Filesize

                                                  264KB

                                                  MD5

                                                  f50f89a0a91564d0b8a211f8921aa7de

                                                  SHA1

                                                  112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                  SHA256

                                                  b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                  SHA512

                                                  bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                  Filesize

                                                  361B

                                                  MD5

                                                  fb883a02ea4a1026a579dac3c0523088

                                                  SHA1

                                                  7df1931085eebf812805990898e4792ef728d5ec

                                                  SHA256

                                                  37e3ad088572a0f12be19981279b1bf054fe3006ded555b7e96ab2374cf93ecd

                                                  SHA512

                                                  785761d18347d3ed8d0eace89a46b641e6cedb894c4cb6d06c58e091e590edce25fdd913def63713fcc7ed051a05d11f2cb2e49f7c0d60f506211ce532b50ed3

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                  Filesize

                                                  520B

                                                  MD5

                                                  33df2b2f25e612dca29446c516c5b128

                                                  SHA1

                                                  b1b10830e1cf824029ae17b40470a2e4c860b073

                                                  SHA256

                                                  ad9f9466502940075ae8978111fbee2d872847dffad1fa1cdecd3da56a372b24

                                                  SHA512

                                                  291344be1aebb10dddf259973e78e19e57d84560a14d77cb0434bc9da7917ee263b73e33f999c6be349d951235bda1f0d07a4a6e8afcbd919391e491ce6e33ed

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                  Filesize

                                                  361B

                                                  MD5

                                                  789250d118129d11dd066f33e6479e57

                                                  SHA1

                                                  d1966a87bf672cac05621d27ea6965d07806f825

                                                  SHA256

                                                  d8afd8ec19acf23fa13c4cf51432d7f71b2d1cb9a1f39c37452df759bc5995a2

                                                  SHA512

                                                  eca283396183fbe00ed3dbee00811e1edf2de05c5bf248c671e70daa514ade143db4e254fea540521b148232f3a99abae52a7cd09126d404a9f451bd455788e6

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  a17bd6804912b487f0db033ef102c7e4

                                                  SHA1

                                                  590eb42b495b4eb501cb0e070639870c9a06a700

                                                  SHA256

                                                  8489e9b485b39484c2fc4f908ff8e21dc2cbc20a5847ab0c2f7c852441cba10a

                                                  SHA512

                                                  39a6f3be45a2a6135ccfaae70f39e30e1d56ea0cd48e05e8f2514a651cf72a8bf0c412c1938cfc0ddb42eb9b29a0a27a7682c86763dc9a69891aa7b7a047758e

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  28d9cd18130b0d16f53ea6fa1c3aeb1d

                                                  SHA1

                                                  cbae29cbc68c6e928f20c8bc417ee5a22a073ea9

                                                  SHA256

                                                  ddaa425ddfab360e1f9e508498e3f94d36ee374305511b4b02ce398bb6cf49d4

                                                  SHA512

                                                  1cc66640a9f0554c410e97ec72a1f6aa3560360c851df138a2535fcbca81b4ab206639e0408f1c9d6f4a4e4b0d0bbd404b7319180858192921d0080d09ad549f

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  d1d3c7b312701e453343c69380ccd54d

                                                  SHA1

                                                  3735618012b030f91fc71d25af66c358285ffe4a

                                                  SHA256

                                                  1d039339b2294f6f4047a15adc85bed5c1508813893a28e518cd00018f78b649

                                                  SHA512

                                                  db4bcde86e67b2e7a1b41d779388654f10f8f15ea1dd2f00b7956989f7a873265478f02d6069805a860cabbc976700e370f3518d7d54a576ba0f5b009a2692d9

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                  Filesize

                                                  5KB

                                                  MD5

                                                  b7d663715b3a4c1d2fe26ebf09baf606

                                                  SHA1

                                                  8dc78187461ed72a27e030be61c83ac7eac13774

                                                  SHA256

                                                  87f5a6504799c09d31f52787f047f4d63c8104a496b2f55cd8728e7725074bc6

                                                  SHA512

                                                  4c7f40fb8eb70d8beab1a10368adae868b6a68819437641f115adae7de3c5df90f657887195c7c7cbc7ddacc796439dc554512a9afbd7dd31a16819f1a3f5800

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

                                                  Filesize

                                                  16B

                                                  MD5

                                                  18e723571b00fb1694a3bad6c78e4054

                                                  SHA1

                                                  afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                                  SHA256

                                                  8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                                  SHA512

                                                  43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                  Filesize

                                                  74KB

                                                  MD5

                                                  044c494a6265b2b5f8cc637853c54f76

                                                  SHA1

                                                  1f13e740b7a3daa6944308445d1434a71cc01aa4

                                                  SHA256

                                                  40f822b67d2d8c195e85ccffc9c7ec5d4d589e6b3f6bb27478955d1f5674ef8d

                                                  SHA512

                                                  a4217a8d1e5d3e030807cdd1278d7d1cfcfd80426a1871ac82a60125244ffb8535942330022ee4322c0a5cfca474dcb3fd9870b6b7ae9f8152789049d5a4625c

                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0002.doc

                                                  Filesize

                                                  1.5MB

                                                  MD5

                                                  ba30181d6345c58c90603e880caea9e8

                                                  SHA1

                                                  a9c5c97e34853d8ac6e6df2048d0fb37374c07c4

                                                  SHA256

                                                  590bc43ce2fb7bf8d25d301c4674485de3e0f026665048b467a470446a828055

                                                  SHA512

                                                  83ddf640b8defbc10de1449c00111c2927de145565375e6194458aadb30a519cbd8cae63ca735fdc1d7dc32fcaac537a3b4e457d8d4456bff67ec2e9aa6ef065

                                                • C:\Users\Admin\AppData\Local\Temp\Tar6742.tmp

                                                  Filesize

                                                  181KB

                                                  MD5

                                                  4ea6026cf93ec6338144661bf1202cd1

                                                  SHA1

                                                  a1dec9044f750ad887935a01430bf49322fbdcb7

                                                  SHA256

                                                  8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                                  SHA512

                                                  6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                  Filesize

                                                  105B

                                                  MD5

                                                  676fc7f84178283fde8c3d966f504f0e

                                                  SHA1

                                                  736a746a8183d3e7238cf9a3b57501a761046d5f

                                                  SHA256

                                                  aa5dc132b8e78872dc882ada4a61806f73953497e2d1b0bb7d821e247ebf6c45

                                                  SHA512

                                                  eaadad06504c54b2ae7521f6b4c01a186ea047b9181730c6d8abebcc099b1afe15026739a0b9892df74708ca0504abfa0abfbee7d91c1876373b7c613ca5df16

                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

                                                  Filesize

                                                  20KB

                                                  MD5

                                                  f4c2cc7b9d13e09c43a41c92e5630cd3

                                                  SHA1

                                                  429b1d4ad2ddf7d57eee06c1d3b5381e6e9201e6

                                                  SHA256

                                                  c0c66c9291bb3e9aac0264b4cc79f62ac8d07cecd8ddbfc00a6b3dfef3f60436

                                                  SHA512

                                                  0045c71cfd4363ddfa1f3b44ef2769d9c7598c4d2aca8cfa22d0e8471981ab910a21019f2c9b5adc91645886af364d5280717b4e69817b14a22b0349faea5602

                                                • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                                                  Filesize

                                                  2B

                                                  MD5

                                                  f3b25701fe362ec84616a93a45ce9998

                                                  SHA1

                                                  d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                  SHA256

                                                  b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                  SHA512

                                                  98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                • C:\Users\Admin\Downloads\fca387cb-819d-4202-baba-35f6e3c106ca.tmp

                                                  Filesize

                                                  69KB

                                                  MD5

                                                  f5b8eeb6ba26971e7ccf3a78929331d4

                                                  SHA1

                                                  f3635c6493ea0ae150df8a1321d53c2477b0ffd2

                                                  SHA256

                                                  cd5e868abc07764b13350177d02cc4defa971fd60b406f3db1b3b382f8da0e6d

                                                  SHA512

                                                  1de4dcb95027d124075cb96fa211889c4d0d01cb1d6636043591f2dd6e1939c80de27e58f0c4d232d9a7599f4ee04d71e10b72a073589b5e726480c4b304ce1c

                                                • \??\pipe\crashpad_2144_EDDCRIEMBCONTLQU

                                                  MD5

                                                  d41d8cd98f00b204e9800998ecf8427e

                                                  SHA1

                                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                  SHA256

                                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                  SHA512

                                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                • memory/1172-69-0x000000005FFF0000-0x0000000060000000-memory.dmp

                                                  Filesize

                                                  64KB

                                                • memory/2800-68-0x000000005FFF0000-0x0000000060000000-memory.dmp

                                                  Filesize

                                                  64KB

                                                • memory/2800-24-0x000000005FFF0000-0x0000000060000000-memory.dmp

                                                  Filesize

                                                  64KB