Analysis Overview
SHA256
3eb94783cb0063c9fb90a79f8a157e315f627bd60e5bcfc4c426aa90b6069f1a
Threat Level: Likely benign
The file Graphing data.xlsx was found to be: Likely benign.
Malicious Activity Summary
Drops file in System32 directory
Drops file in Windows directory
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Uses Task Scheduler COM API
Enumerates system info in registry
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Gathers network information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:08
Reported
2024-06-12 15:11
Platform
win7-20240221-en
Max time kernel
93s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\ = "[open(\"%1\")]" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\topic\ = "system" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597} | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" %1" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon\ = "\"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\ShellEx | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon\ = "\"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler\ = "{42042206-2D85-11D3-8CFF-005004838597}" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\ = "[open(\"%1\")]" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\topic | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\ = "[open(\"%1\")]" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\ = "&Print" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohevi.dll" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" /p %1" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\ = "&Edit" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde "C:\Users\Admin\AppData\Local\Temp\Graphing data.xlsx"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7bd9758,0x7fef7bd9768,0x7fef7bd9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=284 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1376 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1424 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3384 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3800 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2412 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2460 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1412 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2768 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2380 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4084 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4104 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=740 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4232 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4240 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:8
C:\Users\Admin\Downloads\Opera_GX_95.0.4635.88_Setup.exe
"C:\Users\Admin\Downloads\Opera_GX_95.0.4635.88_Setup.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:8
C:\Users\Admin\Downloads\Opera_GX_95.0.4635.88_Setup.exe
C:\Users\Admin\Downloads\Opera_GX_95.0.4635.88_Setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=95.0.4635.88 --initial-client-data=0x19c,0x198,0x1a0,0x164,0x1a4,0x6cc05438,0x6cc05448,0x6cc05454
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\Opera_GX_95.0.4635.88_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\Opera_GX_95.0.4635.88_Setup.exe" --version
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 18.195.150.72:443 | www.opera.com | tcp |
| GB | 216.58.212.195:80 | www.gstatic.com | tcp |
| DE | 18.195.150.72:443 | www.opera.com | tcp |
| DE | 18.195.150.72:443 | www.opera.com | tcp |
| DE | 18.195.150.72:443 | www.opera.com | tcp |
| DE | 18.195.150.72:443 | www.opera.com | tcp |
| DE | 18.195.150.72:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 172.217.16.238:443 | www.googleoptimize.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 82.145.216.23:443 | download.opera.com | tcp |
| NL | 82.145.216.23:443 | download.opera.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| NL | 82.145.216.23:443 | download.opera.com | tcp |
| NL | 82.145.216.23:443 | download.opera.com | tcp |
| NL | 82.145.216.23:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | www-static.operacdn.com | udp |
| US | 8.8.8.8:53 | download3.operacdn.com | udp |
| GB | 2.16.27.215:443 | download3.operacdn.com | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| NL | 82.145.216.20:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
Files
memory/2780-0-0x000000005FFF0000-0x0000000060000000-memory.dmp
memory/2780-1-0x0000000072C4D000-0x0000000072C58000-memory.dmp
memory/2780-2-0x0000000072C4D000-0x0000000072C58000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
\??\pipe\crashpad_2396_WUDRCZMQGEIRDIRR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarD38C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9d3f3869a8456aa559fc90ef8b21344b |
| SHA1 | bddb930095a403aeac6c4d196d3fe51b0ea16103 |
| SHA256 | 191fc87a22e39addefb6c3617c5bd9cf0f8fad05aa694b3644aa99ef390ba670 |
| SHA512 | e8dc27bd20e03d84c5ece11367b4ea53b7761437924a7a22e35f7c402fc573d8ea17ce48d71a1f730a7f3f51d8841eb4e85e03647a5ddac2a2da038d5c87f05b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 56a8074ebfcff4e6bcd982ae401bb9b5 |
| SHA1 | 5acefeb16a5077813b46184cfae4160f4724f56b |
| SHA256 | 6faaad073fb507e8a7fd6b7e99e24b5078a85ea34b0c7fb18db313756457855e |
| SHA512 | 0bea311b66dc0ee245e715dcbd53ae7bb2d3f6985fbe515723f98219ed1606c0d726e0fc69cbd0a7b9ac8de30b4bdc6cb602983218471b91073229435f996cbc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7977b0a8aeaa628cbb7628f6ebfba597 |
| SHA1 | 5f637d7e3949634133256586e2540b60b7d6ae76 |
| SHA256 | d0a4f398d8b0110145f9dfb3ec143f672fdc282eb2ba80e7a6ef21e2e126a95d |
| SHA512 | ddbeb7a44064d073dfbe0fabfa4b23cdfefac11bc9d30e4875c363352a42ceed37d2f9e913b2fcbf1f457d5c8c804a38f4830b63785007c928227caa6509e17f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 773727cdf1188b190afc7b95cd764ca7 |
| SHA1 | 074cd231451f54649c62d66dd336a2aa3c4e078b |
| SHA256 | 7ead15f080b26e06f92f52a60fa45fdc74182955c17b5408116ad7f01b4f6eb9 |
| SHA512 | f043f9e76693237220d149417cf0a71049aefb020995adba789e0b490be925ab0bd6fd089ffc11622365ca6f3ee6d0b260a7abe86874b310bc87f3ae0ce200c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b88e16da47ddcf57660bff34c59329c1 |
| SHA1 | 224fb39bf7b957554c6149e432ddc8f60083a243 |
| SHA256 | 5122ff5c41cc2e07aea38cd930eba827b169e5b12b7ca9837d0f2b606a375058 |
| SHA512 | 739167856af9c0075cfb8946a58ab02e8229027a406229401de0a17d24622c83865c1ee30b84085df2fe709f5173dc837ebbd02c2b92bcd0fb749c9f4a456422 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 048f3959eb0028973f2af8a5afec9bbe |
| SHA1 | 3ff8f9dc2a45fb9646901f286be892c56b3533d3 |
| SHA256 | 0cfb75dab03d5baf31910b7879686ff4b74f7679d9d71bcd498be8666b594fd0 |
| SHA512 | 31b8a307b12463d488e2f1ca3b2fc4d28862cf88e1be0a32488842e6c6d6666620902b0064e5d6d46248f1362e6e9533f4ad79ae0f34c55a1191439756a854c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ca7f153768cf0fcf59dfbfd42e8dc3fc |
| SHA1 | feedaea0eff98fe6521f529b38b969b8fa31e495 |
| SHA256 | 416cb4b8adbd0e7c5e422a48f7552c31f46de0bb6304898612789bfa68a23ad4 |
| SHA512 | 6aff28871b1e51acbad34e8342d2bb8a41b8dde27c1afe3aa4174f81a50c8e453970fdc65982ed9f00cee638b0a0d9394130fd04020a33020039da5f60661252 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 7e678c8a737da3655d8fbde5a6cad930 |
| SHA1 | 31740dcf01238ba9ade09837b114bcb9eec02bfd |
| SHA256 | 894c4017da04158d71e9c5c0eb3593b745decc9cb58c365beaf763d95752fb2a |
| SHA512 | 0e8da57099033bf667e53ef420ea12a369f6bf1498f6b724b50b0e31fc5071097ea9e689b1f59719f449dc459362f0848e0b050fa4cc106605eb3be3c9d55e1a |
\Users\Admin\AppData\Local\Temp\Opera_installer_2406121511045121600.dll
| MD5 | bd7ed8ac8b62406ed11845b4bd911047 |
| SHA1 | 70f714e32c2838518d647056e39de16cbbf18f5b |
| SHA256 | 1e6447f3549610e2fcecc244aaa3fa5ceb1596b3f3ba5eac15837c639c704b70 |
| SHA512 | d2c062ad26774f5c1d173286ed4f276fcc1e27aa5a067d02b63aee1e3fd150a671c91f1e3e9496bd90988e15277998186a3d3b56db4ce361894642679d249b7f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 15:08
Reported
2024-06-12 15:11
Platform
win10v2004-20240508-en
Max time kernel
155s
Max time network
157s
Command Line
Signatures
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\NDF\{2E59B576-783C-420B-9941-2CC22C61E85C}-temp-06122024-1510.etl | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{eb3fb0c5-dd94-4529-b925-f32d367fda8d}\snapshot.etl | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\wdi\LogFiles\StartupInfo\S-1-5-21-1337824034-2731376981-3755436523-1000_StartupInfo3.xml | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\SRU\SRU.chk | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\SRU\SRUDB.dat | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\SRU\SRUDB.jfm | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\NDF\{2E59B576-783C-420B-9941-2CC22C61E85C}-temp-06122024-1510.etl | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{eb3fb0c5-dd94-4529-b925-f32d367fda8d}\snapshot.etl | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1337824034-2731376981-3755436523-1000_UserData.bin | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\SRU\SRU.log | C:\Windows\System32\svchost.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk | C:\Windows\System32\svchost.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\System32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133626785314456581" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\RAS AutoDial | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\RAS AutoDial\Default | C:\Windows\System32\svchost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client" | C:\Windows\System32\svchost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Windows\System32\sdiagnhost.exe | N/A |
| N/A | N/A | C:\Windows\System32\sdiagnhost.exe | N/A |
| N/A | N/A | C:\Windows\System32\svchost.exe | N/A |
| N/A | N/A | C:\Windows\System32\svchost.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Graphing data.xlsx"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe80e5ab58,0x7ffe80e5ab68,0x7ffe80e5ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4224 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4948 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4208 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3092 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4824 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3380 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4684 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4324 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:8
C:\Windows\system32\msdt.exe
-modal "66174" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF74E.tmp" -ep "NetworkDiagnosticsWeb"
C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3600 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
C:\Windows\system32\ipconfig.exe
"C:\Windows\system32\ipconfig.exe" /all
C:\Windows\system32\ROUTE.EXE
"C:\Windows\system32\ROUTE.EXE" print
C:\Windows\system32\makecab.exe
"C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4464 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3564 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2100 --field-trial-handle=1880,i,9498292580889633314,11543430941259594936,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
Files
memory/1528-0-0x00007FFE5EED0000-0x00007FFE5EEE0000-memory.dmp
memory/1528-4-0x00007FFE5EED0000-0x00007FFE5EEE0000-memory.dmp
memory/1528-3-0x00007FFE5EED0000-0x00007FFE5EEE0000-memory.dmp
memory/1528-2-0x00007FFE5EED0000-0x00007FFE5EEE0000-memory.dmp
memory/1528-1-0x00007FFE5EED0000-0x00007FFE5EEE0000-memory.dmp
memory/1528-5-0x00007FFE9EEED000-0x00007FFE9EEEE000-memory.dmp
memory/1528-7-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-6-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-12-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-13-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-14-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-11-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-15-0x00007FFE5C8F0000-0x00007FFE5C900000-memory.dmp
memory/1528-17-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-20-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-19-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-18-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-16-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-10-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-9-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-8-0x00007FFE5C8F0000-0x00007FFE5C900000-memory.dmp
memory/1528-22-0x0000028A55C70000-0x0000028A55E12000-memory.dmp
memory/1528-23-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-21-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-24-0x0000028A58880000-0x0000028A5B2E0000-memory.dmp
memory/1528-25-0x0000028A560C0000-0x0000028A56354000-memory.dmp
memory/1528-26-0x0000028A34720000-0x0000028A3477C000-memory.dmp
memory/1528-28-0x0000028A346F0000-0x0000028A34712000-memory.dmp
memory/1528-27-0x0000028A3DA80000-0x0000028A3DC42000-memory.dmp
memory/1528-29-0x0000028A570F0000-0x0000028A57E80000-memory.dmp
memory/1528-30-0x0000028A346E0000-0x0000028A346F0000-memory.dmp
memory/1528-31-0x0000028A347F0000-0x0000028A347FA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0aeef886565b63af88c7a861b6c504e0 |
| SHA1 | 22f529c2b94f03411a5e56a85f6668a36adad6ea |
| SHA256 | dfc94528888234305437b0ecace7bcfd30a942369c705fbead3e47fa66c2f5f0 |
| SHA512 | 2691a6dd1a7644512a4d9e6ad76fc2800123904a6cd9467d2e9913054081dd16b871bff5c1f8cd5464d0749463045a24de90e43adcafe667b18efd26a2799076 |
\??\pipe\crashpad_3200_VFZYUFBZKOJYAOHK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/1528-61-0x0000028A347B0000-0x0000028A347D2000-memory.dmp
memory/1528-62-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-68-0x0000028A5F600000-0x0000028A63916000-memory.dmp
memory/1528-69-0x0000028A34840000-0x0000028A34868000-memory.dmp
memory/1528-71-0x0000028A348C0000-0x0000028A34910000-memory.dmp
memory/1528-72-0x0000028A347E0000-0x0000028A347F0000-memory.dmp
memory/1528-73-0x0000028A34870000-0x0000028A34888000-memory.dmp
memory/1528-74-0x0000028A34970000-0x0000028A349CA000-memory.dmp
memory/1528-77-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-78-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-79-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-81-0x0000028A57E80000-0x0000028A583A8000-memory.dmp
memory/1528-82-0x0000028A56EC0000-0x0000028A56FBC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\PowerQuery\temp.User.zip
| MD5 | 37ddbd33c2fcc7748adc5dc9cc909ce2 |
| SHA1 | 2cc7453b62463555e8287ccf22faa410251a08ea |
| SHA256 | 4ed23697c8a24a1b8ceb231f87e652cdb994c8aaa5e30408e024b7228c9fcdf3 |
| SHA512 | f22822155e4b0caeda67e51fb06c9284c2ca89fd5ccad157c4e4d53773d858b4f925ded3f007349560b119d49e591c903e131f864a43a59900e10e4f61f74e2b |
memory/1528-99-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-100-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-101-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-102-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-103-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1bf682e74aff091216c01742adda54bc |
| SHA1 | f0d4889a16ac6c138b5b7a83b6dcbf68300005a8 |
| SHA256 | bac60a372880f17a8b5bbae7ad2671d94bbe5935befad8e81a4401cba039ff78 |
| SHA512 | b3a943e4b2e00d4e410052db9f6f71acc5bd5d294d70d00cc4e82439ab6ce5cd30420a2260bdc68e5dd166123ef9302f90b8fbc43f0899ce72f450174a81e4a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | af9be482a2bc819ce7f4aece4616037f |
| SHA1 | f6932a2dd461fa0665e0ab7b0b2cd595205b7c4d |
| SHA256 | 8a2e407979827d9dc2409b30734b92eadc28930881042a8d558cbe5369151825 |
| SHA512 | 49e058f0a56a4ab4ca7a545f128a531c35fa6cf10d86b258f3662f75de9fa43808ee45407e0d1c1dc67696dc634668f3c1402f99b75cbbaa97ba77eb5aa41cb1 |
memory/1528-128-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
memory/1528-143-0x00007FFE5EED0000-0x00007FFE5EEE0000-memory.dmp
memory/1528-144-0x00007FFE5EED0000-0x00007FFE5EEE0000-memory.dmp
memory/1528-146-0x00007FFE5EED0000-0x00007FFE5EEE0000-memory.dmp
memory/1528-145-0x00007FFE5EED0000-0x00007FFE5EEE0000-memory.dmp
memory/1528-147-0x00007FFE9EE50000-0x00007FFE9F045000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c8277be3-3c4a-41ae-aa53-e0c4a2c079fc.tmp
| MD5 | 3d3bc1bb1b5dcf5394d3161f9397cb48 |
| SHA1 | 165f88e404667da4d1490b76d4968a10d444bd5c |
| SHA256 | eb85474def8d4066a7f93db04588e433a40e68dc94290cff462672938b7325d3 |
| SHA512 | 69e0bcfe3444b3d827b42c8194b1b1d26b9825111656d478113bf518a7b70b4944f9e43f8dffd670da96dd470943681e9dd0c8cb51f20ee1281c0f99132b5ed3 |
C:\Users\Admin\AppData\Local\Temp\NDF74E.tmp
| MD5 | e310e5578a38aa0803fe501af84e061d |
| SHA1 | ec4e52893b7da842778df8d6658b356de731249b |
| SHA256 | 904b48d7f7c6f079ddf5453bfe05bd98118a7e69d0bba17a75f2209a7a5389bd |
| SHA512 | 36465ac3ee139947b6623b0efc85cbf66dc8640dbb41abb613057b7d4b48e816bb67cc4893bd994f4f81d2978397f0a8361b2300eb5fb38cb0dcf01a546bceb2 |
C:\Windows\Temp\SDIAG_a0961742-f012-41ef-9d1d-8e54822cc4e8\en-US\DiagPackage.dll.mui
| MD5 | 44c4385447d4fa46b407fc47c8a467d0 |
| SHA1 | 41e4e0e83b74943f5c41648f263b832419c05256 |
| SHA256 | 8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4 |
| SHA512 | 191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005 |
C:\Windows\Temp\SDIAG_a0961742-f012-41ef-9d1d-8e54822cc4e8\DiagPackage.dll
| MD5 | 580dc3658fa3fe42c41c99c52a9ce6b0 |
| SHA1 | 3c4be12c6e3679a6c2267f88363bbd0e6e00cac5 |
| SHA256 | 5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2 |
| SHA512 | 68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_e5xrkadd.kf1.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5776-536-0x0000025174DC0000-0x0000025174DE2000-memory.dmp
C:\Windows\TEMP\SDIAG_a0961742-f012-41ef-9d1d-8e54822cc4e8\NetworkDiagnosticsTroubleshoot.ps1
| MD5 | d0cfc204ca3968b891f7ce0dccfb2eda |
| SHA1 | 56dad1716554d8dc573d0ea391f808e7857b2206 |
| SHA256 | e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a |
| SHA512 | 4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c |
C:\Windows\TEMP\SDIAG_a0961742-f012-41ef-9d1d-8e54822cc4e8\UtilityFunctions.ps1
| MD5 | c912faa190464ce7dec867464c35a8dc |
| SHA1 | d1c6482dad37720db6bdc594c4757914d1b1dd70 |
| SHA256 | 3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201 |
| SHA512 | 5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a |
C:\Windows\TEMP\SDIAG_a0961742-f012-41ef-9d1d-8e54822cc4e8\UtilitySetConstants.ps1
| MD5 | 0c75ae5e75c3e181d13768909c8240ba |
| SHA1 | 288403fc4bedaacebccf4f74d3073f082ef70eb9 |
| SHA256 | de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f |
| SHA512 | 8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b |
C:\Windows\TEMP\SDIAG_a0961742-f012-41ef-9d1d-8e54822cc4e8\en-US\LocalizationData.psd1
| MD5 | 380768979618b7097b0476179ec494ed |
| SHA1 | af2a03a17c546e4eeb896b230e4f2a52720545ab |
| SHA256 | 0637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2 |
| SHA512 | b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302 |
C:\Windows\TEMP\SDIAG_a0961742-f012-41ef-9d1d-8e54822cc4e8\StartDPSService.ps1
| MD5 | a660422059d953c6d681b53a6977100e |
| SHA1 | 0c95dd05514d062354c0eecc9ae8d437123305bb |
| SHA256 | d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813 |
| SHA512 | 26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523 |
memory/1396-557-0x000001CF39E50000-0x000001CF39E60000-memory.dmp
memory/1396-553-0x000001CF39E10000-0x000001CF39E20000-memory.dmp
memory/1396-561-0x000001CF39FD0000-0x000001CF39FD1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 8ce8536950296c7a096f808adaeaa295 |
| SHA1 | 8a1074b1d5c5d6572ee53db85524a5feeb14fb98 |
| SHA256 | f77ffe3f05de2656b55e8eea81da86e29e2342352492601d1e7203d0517c0386 |
| SHA512 | 9be086bb70e09e1f403ae4a81358301bd507ca5133985f04719b8a0adb4dbd976dd1d2daa3cad2b7afc579a2816a53ef7e0b9a5bab8d0a7abce9b7941e94ab7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582e6e.TMP
| MD5 | eb43c8974b3f1cc10f5eb8eac9167281 |
| SHA1 | 1062add32194d556fc850c4d6f288a697b6d634a |
| SHA256 | e824cc9ba3d57021134c669829a1483f41404d61a4820b61d5be23ef95550ac0 |
| SHA512 | 4e44d87fdf93a6c695f01016978ae25a553ef513ce51de627194af4e7dba2dcea6a6a3df7cf85a2e4802dcb8b6b5fe6261a25fc967af0098d8da071cdf8b66a5 |
C:\Users\Admin\AppData\Local\Microsoft\NetTraces\NdfSession-06122024-1510.etl
| MD5 | 3a7c43f58f39c9605476cf2f836ce1ca |
| SHA1 | 6b50b03b7034b1b7b8233f345c936490f5bd6858 |
| SHA256 | d0ad7b546b10f83e360941c05d2fe123e9cb112c3c6aabcf79b36fffd6d54ae3 |
| SHA512 | e46d3807b340e7666032b52ef5144735c1ad9456dd3b2c101c7035faf52392a8dce3930e3403f9fc94b36a672c5c5a9e7977ed08d0e12053e9a375dc0081743d |
C:\Users\Admin\AppData\Local\Temp\tmp9E1F.tmp\NetworkConfiguration.ddf
| MD5 | 00848049d4218c485d9e9d7a54aa3b5f |
| SHA1 | d1d5f388221417985c365e8acaec127b971c40d0 |
| SHA256 | ffeafbb8e7163fd7ec9abc029076796c73cd7b4eddaeeda9ba394c547419769e |
| SHA512 | 3a4874a5289682e2b32108740feea586cb9ccdad9ca08bf30f67c9742370c081ad943ea714f08dbf722f9f98f3b0bb307619a8ba47f96b24301c68b0fd1086d9 |
C:\Users\Admin\AppData\Local\Temp\tmp9E1F.tmp\ipconfig.all.txt
| MD5 | d9fdc249634ed2ae4a9a04478f68f047 |
| SHA1 | 9446967eabd6c341d833ddcf7585f2dbae1121e7 |
| SHA256 | b6cb053d30003fe13fff4f712de98b492ff638aa5f0144cd65e214c03deded5a |
| SHA512 | b28a19090773de14267a8ae1ea9cf536fd7da833b14eb3b80c34c08b6f0ec9a9ef8653411f2a4b19af456123450a0f72d63ef0addafd08fa12bba7bd9aa256bf |
C:\Users\Admin\AppData\Local\Temp\tmp9E1F.tmp\route.print.txt
| MD5 | ff2b9c24cd576b167a65a1ac27e1275d |
| SHA1 | 15d9b683c673035cf0d19d2892bc6cf3929a8391 |
| SHA256 | ae99bd00a27cb8ace753ac4f821bebaadd074bbf716f06e47eeec8e211b9df40 |
| SHA512 | fc25db71195faa96d2a88b28ba65f0b2113ca5687c92451639c9ebefd6088f8d68ffd3519051ba263278b39ee12bd47e37955ed6655ca87b906d3319e4264c12 |
C:\Users\Admin\AppData\Local\Temp\tmp9E1F.tmp\NetworkConfiguration.cab
| MD5 | e6f81115390c8f409d8c464372cb304e |
| SHA1 | c40ec3270c4146c89f686821ff11ad53380c278f |
| SHA256 | e5b695be9d204621f7ba75b4d08161c1a337fe7fa798dd4707ccbd434fd85971 |
| SHA512 | 4762ef59067f5c362c891d5face9677b99404668ae871afbe85cc7da9048593b8bc54b620115f46a391498a2c459ab9b10669664db58e14f013e32e3fff92323 |
C:\Users\Admin\AppData\Local\Temp\tmp9E1F.tmp\setup.inf
| MD5 | c7f248e40897aa864237ad7162d4ad68 |
| SHA1 | 56b35cf55f254883b0d53aa63ae2e483c330ebae |
| SHA256 | a792831dae7114213c57e401301dd8fca16a37ba49e86f3a76443bd43b49e544 |
| SHA512 | e25c80dd4f7a7c4662827843988d61061b10304e1bcd59daa46523131d2c830d71f3dad790384734cb877f15824a93623c076dda9f0ab4991444a490c98c55b8 |
C:\Users\Admin\AppData\Local\Temp\tmp9E1F.tmp\setup.rpt
| MD5 | a4a3e817ac3af0f9d5c396bbc27a49ff |
| SHA1 | 41dceaafcbb3398d7e4b1682c063649c62a15fba |
| SHA256 | 623702345509cbe45d4c6827077a0f1f6f2471135f46650dfbd3e388e738a160 |
| SHA512 | 660036360ef4caf44aa5cf0bfc76b41859f21c91ac236b39b5b796471eef2fe26a48019545c38c9d100d0d5b90009b867cd6ddf15a73e2cbe188d64551a5da70 |
C:\Windows\TEMP\SDIAG_a0961742-f012-41ef-9d1d-8e54822cc4e8\NetworkDiagnosticsResolve.ps1
| MD5 | d213491a2d74b38a9535d616b9161217 |
| SHA1 | bde94742d1e769638e2de84dfb099f797adcc217 |
| SHA256 | 4662c3c94e0340a243c2a39ca8a88fd9f65c74fb197644a11d4ffcae6b191211 |
| SHA512 | 5fd8b91b27935711495934e5d7ca14f9dd72bc40a38072595879ef334a47f99e0608087ddc62668c6f783938d9f22a3688c5cdef3a9ad6c3575f3cfa5a3b0104 |
C:\Windows\TEMP\SDIAG_a0961742-f012-41ef-9d1d-8e54822cc4e8\NetworkDiagnosticsVerify.ps1
| MD5 | 9b222d8ec4b20860f10ebf303035b984 |
| SHA1 | b30eea35c2516afcab2c49ef6531af94efaf7e1a |
| SHA256 | a32e13da40ac4b9e1dac7dd28bc1d25e2f2136b61ff93be943018b20796f15bc |
| SHA512 | 8331337ccb6e3137b01aeec03e6921fd3b9e56c44fa1b17545ae5c7bfcdd39fcd8a90192884b3a82f56659009e24b63ce7f500e8766fd01e8d4e60a52de0fe67 |