Malware Analysis Report

2024-10-10 07:33

Sample ID 240616-lzbp7asgkm
Target OZ_Zapisnica_2012_06_061.doc
SHA256 11287a97f1de649f766ceadda72c5f630c0f047ef198f6af798b137332c1243a
Tags
evasion execution persistence
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

11287a97f1de649f766ceadda72c5f630c0f047ef198f6af798b137332c1243a

Threat Level: Likely benign

The file OZ_Zapisnica_2012_06_061.doc was found to be: Likely benign.

Malicious Activity Summary

evasion execution persistence

Launch Agent

Resource Forking

Launchctl

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Checks processor information in registry

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 09:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 09:57

Reported

2024-06-16 10:00

Platform

win11-20240611-en

Max time kernel

122s

Max time network

124s

Command Line

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\OZ_Zapisnica_2012_06_061.doc" /o ""

Signatures

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630055344592275" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-952492217-3293592999-1071733403-1000\{F8F749E5-931A-45EA-8AA8-6960987079D3} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3868 wrote to memory of 8 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 8 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3868 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\OZ_Zapisnica_2012_06_061.doc" /o ""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7fff2b80ab58,0x7fff2b80ab68,0x7fff2b80ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3912 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4376 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4452 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4856 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4956 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3312 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3388 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x0000000000000494 0x00000000000004D0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4300 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8

Network

Country Destination Domain Proto
US 20.42.65.94:443 tcp
SE 192.229.221.95:80 tcp
GB 2.18.66.43:443 tcp
GB 2.18.66.43:443 tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.46:443 www.youtube.com udp
GB 172.217.169.46:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
US 104.21.69.70:443 rickroll.com tcp
US 104.21.69.70:443 rickroll.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
US 8.8.8.8:53 rr1---sn-aigl6nzk.googlevideo.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 74.125.175.102:443 rr1---sn-aigl6nzk.googlevideo.com tcp
GB 74.125.175.102:443 rr1---sn-aigl6nzk.googlevideo.com tcp
US 8.8.8.8:53 102.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 74.125.175.102:443 rr1---sn-aigl6nzk.googlevideo.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
GB 142.250.187.214:443 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 172.217.169.46:443 www.youtube.com udp
GB 142.250.200.46:443 youtube.com tcp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com tcp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com udp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com udp

Files

memory/1924-0-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp

memory/1924-5-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp

memory/1924-3-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp

memory/1924-2-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp

memory/1924-1-0x00007FFF3AAA3000-0x00007FFF3AAA4000-memory.dmp

memory/1924-4-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp

memory/1924-6-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp

memory/1924-7-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp

memory/1924-8-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp

memory/1924-9-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp

memory/1924-10-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp

memory/1924-13-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp

memory/1924-12-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp

memory/1924-11-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp

memory/1924-14-0x00007FFEF8730000-0x00007FFEF8740000-memory.dmp

memory/1924-15-0x00007FFEF8730000-0x00007FFEF8740000-memory.dmp

memory/1924-19-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp

memory/1924-20-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp

memory/1924-18-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp

memory/1924-17-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp

memory/1924-16-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 646fbd00e81b500def69e13cf4cdf191
SHA1 3cb3f9d18321a50346303f1a77de8d113af96d95
SHA256 73dd3a215ba407c2bf6215cc476656d4fb46211a7e46ae2c573717cd53bf8759
SHA512 fe960f915b4bc86dc1e0461ca28741eeb135ab3233b8aaaa47d8942443c99f74ed53f595f04717d09bb2e0ab52c940ccc0c72fdec3abe072f07f08435dfe3fd9

memory/1924-44-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp

memory/1924-45-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp

memory/1924-47-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp

memory/1924-46-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp

memory/1924-48-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp

C:\Users\Admin\Desktop\CheckpointRepair.jpg

MD5 84539266874c1a9e1881f5938d93fb28
SHA1 83fbc8dfade968214c68404468e1aceeb04ee288
SHA256 ee087517b178c8c1c8a60e76e9af2283b0b28364b54bd785d4dc8997abb8b490
SHA512 02c96f4c21ae1b79d8039057e7bb1e27c75be5ef2b24f7169414e323070e0673e4974770985f38134a65cb9df1a9f60832228cb58bcf5ff86080ca84f1b8f8d6

C:\Users\Admin\Desktop\CloseReceive.mhtml

MD5 3335dc842aa7cc8d541b45037c3c9e50
SHA1 ed16e8711c97a948bacb1cbab9bf2f1bfb385708
SHA256 837d121f08786b8a27f6325041985ea23f012b1c27571d365b0dd6caa3426e29
SHA512 2c99a63d07f60f29717e8b9154a8cb0bb14dfe245d4ce595ac45199cd6ad4eb24538d32ca91106f59bcc60fd77e805325469b1f90afbf51351b9d2d392c9df87

C:\Users\Admin\Desktop\CompleteGet.ods

MD5 a19675d8999bf829ffa971c0398b60c2
SHA1 0a7a0809cfdd4b0b00b37f3a426256a3e2462254
SHA256 e1a1c1ecf2e917c87f158f9b965a5fc5b008a579a91989c8cd7423ec707f9eb6
SHA512 41a6401d8a73d5cf6fccdb7838f9666136d541ba21a51e03900d43f865807969c7a34477f3f74c4790757c8e87ff96f6bedd814f8ced3a2ac319f3d7127ea823

C:\Users\Admin\Desktop\CompleteUninstall.mov

MD5 275c54c1c6e82cac82c4835cf070cbfd
SHA1 90505551778a81dff99115800ed7f2fd881ee504
SHA256 77844361eaad7793bbe80dcd4f3a98acb74737f5940d5f1db326e69bc4d465c2
SHA512 dbde2aae961b03040fff36ccf84ee2c0f89089bc90e08e3d1bf3c1c5f22f688024c9a3f129e152f0f76f3127625aec55a9b47150e32be6d8fc506929775dbe83

C:\Users\Admin\Desktop\CompressCopy.svg

MD5 bf8c56eae39216d5ebd4d4580fdf9fa3
SHA1 f0b52216b306a9ee2eb5ce080409a81ed496cede
SHA256 43275a5b693925499b1d99396a3a2177736e991f3f627b529f236a43666828bf
SHA512 4886d0ed0c01798ad05541d2d092bcb110f63a124b247045e71f209418ae447089cd3a4a00e543992491717550b716a97243ccc87d477c884f6411cd145ab93c

C:\Users\Admin\Desktop\ConvertOpen.rle

MD5 b3a152ed2aa81f8bb99b2518ffc41de9
SHA1 f984f08d658dfb4675f5a9ef6bd5dad06f5bd003
SHA256 753b0df651e54a1bf82d4a43b3ec1f8cd50ad2da8aaa81f702e7750f94b881cb
SHA512 efb8a138f1fc8a30a740e88d874e254b0c781082bb346b0f21e73fb0c2023ed344202a63829fd1b4f5aa121877b7abd593796a5ec4f76225ea1bce9f12a562f8

C:\Users\Admin\Desktop\MeasureFind.asp

MD5 5b60be3da5de49f29ba77a1a0587203c
SHA1 515a8a6c8f8f08867c1134a59127c0d0d7626b4b
SHA256 563b5d1d03c27089a74e2b58300a64a384294057de181c931725bd168336f485
SHA512 b4a844c4bad9ee7602a1cc862730b10996d6d152f28568eca10ecae1beef46c93bf9ff5a315d72de9403fbf2767b2836eccbf900d0b489d36458ecfcc64e9ad0

C:\Users\Admin\Desktop\HideUnlock.wvx

MD5 f63e22243fbe5abb7949dde5bdc2b9a2
SHA1 5294021e074fc59d86544f3c0fc5c126ea0d1fab
SHA256 3819f9cf441b385b72ae9c556357142905c134fcd38a8d9df99386522bc8d8ab
SHA512 606d32674079d026dfac1c9842bab39da582c0b9cd74aab7335201d3c1ec3c2b299b5a75ddf1a056633f7884f4d77dddd1a3ec366e01f46b9be15fbcf69758fd

C:\Users\Admin\Desktop\FormatWait.i64

MD5 42868c7591b08bdb7327f8c8d2ed69ff
SHA1 63a25b11babd0775ed5378b8554cf43180720d8c
SHA256 77e66c7b16230d4b23194479c8662c5063e1b5de8041bc16539fc29963e96ec9
SHA512 a1295b0e32fc2ea7a781c6b3d900696bc1a22bf182031bd32bd8ca80c70cd6ad1256563a89cbfdbc7a16e32ab88130a3f8e068d7d1f8d31ca189481db24790d7

C:\Users\Admin\Desktop\ConvertEnable.txt

MD5 4a4f9bcd1ac6fe7f9e8cd69f507b37af
SHA1 a8799c0aa5981df4266ccbad5f8c568338b5de43
SHA256 a84684458a461ddab7bac77d1a3d8687e983666639e25f6941f8b631a7b127c8
SHA512 8f4421035ebe1c09137535d89881d1734dd7b009045cfac5afca92a49dfca061b63f218b46312ba14168401e129faf8aa40c93d2e91e6ce75d01fb2b2a726246

C:\Users\Admin\Desktop\CompressDebug.DVR-MS

MD5 281f17970c01f627cb2f4f8b9ca3e227
SHA1 42c087300df7b8a0cee832445be04a574717a536
SHA256 bf75be32ed87ead96e9dc46a5388127a687187add499016ab2212199b5809317
SHA512 e95e3a5aec1e102198432069c7837d9c3a07c1aa1773187b6b8d02813556a78502b9bda1a7261c20f33da9e7ffad242d74484fe9d1df01e47d6cdf1815ef4eda

C:\Users\Admin\Desktop\PushComplete.rtf

MD5 d23c5f43db8fc2d5caf41b8c18c1e16f
SHA1 8c758e156c28ce59e70f27d11a06fb950218b918
SHA256 4f16741193a26ea479f662273244a44e203b9c56152d320e10c641d64c8a657e
SHA512 7ca51f647403675dbb75a9d49b659ac2fb06778f01f7aaed6ae68411fdbeb45af5f683900452bb2f9fddab988da384b62632a1894c77b3785f9a49e7cdafb7bf

C:\Users\Admin\Desktop\RedoExit.gif

MD5 4978253a4a1fe418643bebc02dbdcb7b
SHA1 0685e0ee3b176dce5ab75f7aff5caca1ba64e230
SHA256 f2565671087a7563fe39eb6fcf893a7e9b0a991de4ddd580da853f3b9d4d6e33
SHA512 b341f293a4dd4023644c2a09921945140bae4129c07227d9a13b3f1f7dfe8e542dc873390f32b5544ee629a97cbecdfa1a4c8f5c6852dba0119249bf2b75148d

C:\Users\Admin\Desktop\WaitInstall.vsw

MD5 a139e4c9a0058548fe4517f516bb68c2
SHA1 9881e73f8a4ffafa1ea5162f288f94f10a03e917
SHA256 b0232fd035af746812ce104334e65dda9a2afd8cd6dc772636e49a728f77595c
SHA512 4fa6231c0d1a8c9b057bf0af5d2deaf422a2ee1d1a16af21bd8c592f985a4a497c9f72447e96a6752382a95690f2f14275aacf957be6454112b03efbf89eeb0f

C:\Users\Admin\Desktop\TestDisconnect.xlsm

MD5 3da63dd454335233ecc06916004d5335
SHA1 213df0fd8f9025560db31ca87f30e90c264ebbcd
SHA256 6d9224f2416804dda94e1b772b740ada146b58a75997110addd435ab5742f016
SHA512 c3d96ed1c8de77d36c0163f97e2a53b14cec88fa237570483814e59ff5824ecfd3eaade07d3fd72400b4eccad8bf0f29c959cbee9d7ead43e717d52d66bf45e4

C:\Users\Admin\Desktop\SplitStart.jpg

MD5 37a75c7d9a6475c5c78036eee4394ad7
SHA1 e6ae300feb2a0e02dab354c36f449ce20ebfb690
SHA256 3a8f1c833c64e4eb6b16a51b09f5b5a563d606ef419fac3fb627b6c66d38fc73
SHA512 d4e2b9ba1187fcaba1bdba2dfb2fc4e8e538a94cad825cafe9912dd599462c3ffe25c9e0cd56d06c36c9d37475a703ffd08737235d084207ead40bea7896095a

C:\Users\Admin\Desktop\SkipBackup.ppt

MD5 01e7e1a48774708cab74afd8270a16a2
SHA1 d6a1ea7a6d9707754baf5c92b98801a2a60236cd
SHA256 3c3df7da1daca5731297dff88250b10c6d1c4be5a814f4fb75d50349a5dfdefa
SHA512 8f107fd3cca8c06ea3da8dc83dfc2db2fcf5527bd0675178a0afa1eaf31fbc96df97aad25921417b639d8fc1790368667f27b48bf2afa99873cc5a48984dffb2

C:\Users\Admin\Desktop\SetHide.MTS

MD5 ec39c84ab68db13d15af445ebaf00412
SHA1 b6cd5ba2c03a64badda87d4ac89b747973784cff
SHA256 646d4c88289498650095b9bc7dfb62ff706b9b9c793985345342495184e3ff6c
SHA512 d949dad1f0bb49164b5ca61a991d415f0fd6d2308375ee4f6883124d5cac76559ab726b9b7d0412dce1b11aa607a226714f2f9a27c66e95eb0f6ec0a27b5d9c8

C:\Users\Admin\Desktop\RequestEdit.mid

MD5 b97842f3b9da46ae8521488951021445
SHA1 5c46eb9a41c1dbad51bae5c99dcb45592902185a
SHA256 683f23923b3fe8507d4ac1bc8493e213496d3557ed522e21ec5fb77255e77f6a
SHA512 8dd50193f7b58d15a3a88fb7d8816af95286874cf5b7bdab7b9611d2d661816b30c2da84cfc5d61529fdb5c3e3956a5ae1f9f90679854875b9bfc0e1d47c70a9

C:\Users\Admin\Desktop\OpenWatch.asp

MD5 e43f2b8965a2db038f5e9a452a1e6200
SHA1 60542d6a2004fa4a1c9bd7747f694491fa2d8a13
SHA256 f1e8906cafcfad83fd4e17258838596d275a0013eec20681d862746133c8461e
SHA512 252b4c7090c87193a23f2d611f3271f81f21f74bbf848d2c41d55b9913d78154f9ea9264a9cf5ca9132888df1f40e691d7b99ccfed6cec439e1bd6d3f4658ec7

C:\Users\Admin\Desktop\WatchImport.shtml

MD5 45f7f249885762580657f3dd9a7f3f70
SHA1 38cd81a1bc414583d7c54bb27a3055e4fbde3049
SHA256 f9d06f0a48945e5322c1511cac91a72b6294da2fb3c70120608edf49e1790111
SHA512 6fdd987d26a1ba9ee92743994ada8165c7d582ce51ed25d26bd2c931fb6bd721d134b24b523dcf12d57adf2f3e04ddeb81df0bf20ca3cd5d693dc50048665b8e

C:\Users\Admin\Desktop\Microsoft Edge.lnk

MD5 9149360c686c35c3eaf4a347607d7073
SHA1 2d02e9a8d224b1cfaf09cd9b9180bc81a6dc38ee
SHA256 d48d1863d87f357571471246a6e0aa80a3b0ac52b5f1746572c017eb76dda27c
SHA512 6bf31761f2373574f90255c6d8290ac442c8cd280f48b979bfc4298d89b7c4fc203f5fd9d255507e05e0f3a142c0919f4fb5cdb1b4126c92f9aed89fc4532dc1

C:\Users\Public\Desktop\Acrobat Reader DC.lnk

MD5 e653a8b90b94067cc182895a668d7402
SHA1 c714c739fcb7ee66615584235eaa02dd58ec6515
SHA256 d2c67f4eb1b8f2c2f1faaee120389bedf2e5e7e9c2e3cf030e8ac05c3b3e3f6f
SHA512 d77a3d48d4e8d2c96bc04179a9c4aa2e17bcc5cb1036c200c2a4bf888d993fc666b8c83e2ed1da9aa314faaedebc710ca89c64f794763610bd8166a3d352d7fe

C:\Users\Public\Desktop\VLC media player.lnk

MD5 fac1dc22a0b1a77eee82e0b3f445c31b
SHA1 c1ab10000748324b7d20bf915678b5c2efd048d8
SHA256 d88761d2320905dda644ac59ef37843ac24dd41b066aa2218edca0bfe4518ac4
SHA512 a1ab6021e83afb04f8b0af78dbbcfbc4c531d06e093d8d3e85d544a9759c9914341aba75b7c5e80771370789218dde587e1be4cd9f51d2d6164e6e86099661e7

C:\Users\Public\Desktop\Firefox.lnk

MD5 403f2ffd74640c4f3d3428f867acc02b
SHA1 d303106118100f8725b438f5e08ecc3f5d38075e
SHA256 e6a0c852a0f5b29c090e3dbf89954a635240b24d8da4f67a40ca81ee47936d8d
SHA512 4b1a336d4aa5b00a348c3461954b2b57395211afd8bfcab036097f1293545c57c5f894c80bdaece9cf1d3f52106fc37bbd65de6511e8a77767fe20eefbcc06dc

C:\Users\Public\Desktop\Google Chrome.lnk

MD5 9931d30c159a10d53ab18eff51b05cb6
SHA1 effb41d206bdff36a4a757d9a2f3c581ed02d70a
SHA256 dde51bfe6e7e874cac87f680828b6c577f6a9d0e0af9fdafc8e3b88655aaef04
SHA512 decd4f09403c7d81551c700040464a9dbc7e0cc0c533a785d904acd8b1b8cdef86f99fc2340856a7cb14418121f48623e641fcaa5bce6b61c4e83220a18de00b

\??\PIPE\wkssvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4b64f9be74d86b49665f261f6fa24b03
SHA1 73b9757bd4bf639b2337a3f3a3f7b5ac4533d6d1
SHA256 8662375d7b6b51deaadc62107335ea7d182344b213087ded5d222384481d8798
SHA512 af5d1d56eb45b960be396d63eb5c2e0a6014392ef549d975a452669f605fc0b619e29be6669bcd79e4f6c34947290f2b14ac78ff32c449edbca39dfbfae484d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 27aa2a3f40d31feed6229400ed9a7aeb
SHA1 836e137dd43c8774503a69d675ac0341edfea9c0
SHA256 f3cc9fa4e7fac7209361b47fc9b1ca36299a0eed4f9474bb9bd3df8bf3c3c8dc
SHA512 eb1433e6ad4c3e23c6345daab9ce3bdf2c96c62e9dcdc04222ff022f7ca2265fd28d3053ad7576a0317e2f3303621720164bb714ab805558901057868225aa97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 79ca860dad77b28a9a1566e888e7c4d4
SHA1 5591fe1cc23b3af9bd373d4caca23307d6c5aedb
SHA256 a1e6810d184d41089d5719d90fe9c37296e2073a110d1d66cf3b28f5f1f93dee
SHA512 24c08eb300994a49449085db30e68b9bca3525dea67efa0c7060b9eb39454ad8243b08b31f786eb54cbc457d0dbe76a16a8a65f8f8344a0794469f037ace5648

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe589a37.TMP

MD5 8bd4c90225d2b51376ea13899cf2536d
SHA1 5747fb2e7f339585b2bfdfa359d51408626e51f2
SHA256 145e2f28592145e6dc9b93d220eddeba72be0265e1b6532e81888b76e2bb2bce
SHA512 fd8a30e989da5b26b851279fc6603e7a351663a7d0262721afaa8059fc5c863cf1baec66d90fb96c0df20026211a3f251eb0956f70cace205ee4f3c417fb0438

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d73ecce895a7c6a0b5737d8a4ef59f36
SHA1 583108ff6d97e80f89195df3a00ff9c1641f5d91
SHA256 040e4e500d7b009af89417204741f954bc475c70b13d438a4601458a3758a9d8
SHA512 df4c18c257c41d9948e299396824ab091ab1450b5b0886da915254c93545348901a33ebacceb90e87a0dd28d39391b6f0ae8ffa8d5d2d944273d7501a5b5314c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3868_2002680002\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3868_155647632\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3868_155647632\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3b34c059d5089402e574c60ce2550a0d
SHA1 136819c5efeb7661e6f8743d5d2408fe1b30d861
SHA256 9829a649c8318fcf4c3f9bfb3148d0d84d38d237d6b073eaf3dad154bc79050f
SHA512 48fe6196bc969bc749244578105c7ae71b2cb01c6ee32b6149a49610d086571d3aa4996ace3a149f63180f40968ca0b0091ca4661dbcc45ae6ba50deec563c0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 261d77470b96b89092f73282fef45de1
SHA1 078618cb06875e2644831e698b32cab87fbe0635
SHA256 517a1c0c721e80189e4d1f8dcd5da0936c6c887873209d002acedfb9520650b2
SHA512 05a970bb064220017170a4b0fac63552f8fe6439ee0c2754d9f0d8f901eb1215a5aa4321ba8eefd1715a8b67551867607641d82afcec0d1c198c2335227bb220

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 44570159b60d90a2c672b198b18ce661
SHA1 8d90e54560cd39c0fc72bcb4101789f733b9f96f
SHA256 b010dccb8b04f2814950fc36f2594951cc0eee89f30163bf7fa8b276dd375d99
SHA512 c8c8f6aafb83a7c727b2c33ee695bdeb2e6fcc56c5942d248f8c78de7d35f91882c7dff689ceb9208c9a6f5bdbc82c5c411c61c45f38fc1f2bed3a6444e5d195

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bbd50f18f60808670288ca8af4b70174
SHA1 f3cb3c69e80100e82d3b19e47f6dbe403443b4f2
SHA256 cdace35de8db66a8c7aec3532c8e0e65ea941bdc583f2694c286a5e497a73b8a
SHA512 93191d6e99a1da0339d3a4bbaddbbcea22075a5e119497319f57d98cbce78351ab74edc2fcaa3433f56d3a17a4d118e96b4b3f3b36aad198846d3a902ce87a71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 066f4488c81376f5899b7b27fe62c718
SHA1 02cc2fe51d5ab6ec750c25f6fda4d8f468d01a94
SHA256 5d203dc0725ea0ff29abbe8dc288f51ba48a6e9a16c0fac95cac48c515cebc74
SHA512 30e59904e1e00a550b0b46930df58ed4222c7d5aa816dcc19781dafe6dce7f04e83ecc3c820cbef13bc150e7e7cb2524eb05b3140abf09f71e3da71b260fc9de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 8de068c1132c3122942f03e398ec4d2b
SHA1 05b04a056ad5275222b32d160382a4da32306fe1
SHA256 b6e2021415a5bf2aade9f4e52248edbed1d33a10e107c761ebe3334c0d977e03
SHA512 b369540662c1eab17dc8c479ea5610c4eda07b054804aab55bb5ce721536154fe299a24dc2d899ba3ab9e88cf883820c8f5136ba5d9cb6a3218aff6b65b6ac40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f36eff6a711b1919da63a6c9cd4c8b4f
SHA1 95787b22b42fb4b163e2c9980ebb88e9ffdad90a
SHA256 f7de95fa221dd993f497edb48e1744cb932d798e9ba5e67da25680adb5fc714c
SHA512 4d11b18e3daa598cce486b0207e06d01523feaa8c95efdf1699a002e3dff78f8d35af57c7c3bbd6c38dc9cfd6bab05217d4aa0b09fa03b05f74403478d1eee31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9b7c8184-4928-4c76-9e45-60466d6449f4\index-dir\the-real-index

MD5 ccbabf1c7a285bfda59d3596c1c50bb6
SHA1 c5458ae4a868479a404e5751830ebdf516563b37
SHA256 20cd6d4dd4b8fba1b33b31c0efd04291e0f3c8becbedc1f6de3101283231db92
SHA512 f2ebaa81a44a0fe108972a69f7790a65d44c8648671827890a8c698b72b17adc64442b6777ca03e5e0ce185b508c4626062fdf8ddcc6ca52163ba174e33395a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9b7c8184-4928-4c76-9e45-60466d6449f4\index-dir\the-real-index~RFe58f855.TMP

MD5 1b819eb3b22fde3687c7bff64289df78
SHA1 fe814fb4bd924222ed23dcf19b47cf31fe1e94b5
SHA256 bfce4a1c34e2523810b6c48682bc2b903f2cc2059711a5c6e67fb4679798e0d0
SHA512 8d5b9e279cad94396cb1c26cb97fceb27dee6ace5315ed633b41113f6a3cef0ff0c0991201e35908b69c8e72ce0bded707c3be3c76b42cdd62798accbeaf24cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6c3c0be1-194b-4ec4-9306-adae9e281688\index-dir\the-real-index

MD5 d990094213eb7c98098f18bc5de411ff
SHA1 c06a5ea155bd8a62b080ecc1370eeadf489f619b
SHA256 262881501e29ba7bfdf1b14ebfc011bf925c5d02b90b3c4e15165db7654c0356
SHA512 13224394cac7d5358563d5b81d6a8479eb67838b6671e4101331d7e99343bedd4a6e29b1d53baf195827625a30a2e9f09e8bbec1fa9c7c9df164e7f9bc95944c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6c3c0be1-194b-4ec4-9306-adae9e281688\index-dir\the-real-index~RFe58fbef.TMP

MD5 de54fd1459e96e07052d90d284a17865
SHA1 a6aa57d961ca3598208b98a21a21ae58c2283e78
SHA256 93cd0b4b737513ec5e0f922e2c5a80de308d81fee076c9f19f3ddf4cc4a1cfef
SHA512 61c4578d6b878c475479d8180bc98f92d6e3147f3e848a55bd63eafb3b146ee74f1542329555973c41a846dc5260e2b8216dc6bf15b8d3529ef5ef31a72829b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bc441e4226bee41d147978228ba0a696
SHA1 1ebefff231fa50678a7bf69423a97a73228c89ad
SHA256 67929e3a80b0ba57f0b8d18515e6dac98a44621b369a2914b0bacb54b164865b
SHA512 0dbb0d109dd1d7ced3f840bf86235d80ccf99dce6c12ff9906d91ef0917cc46325c1fef424986a699ce8c2efc0a561fd1079b9d631deb54e558e149168ff4127

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b347667d9063c1352385975c52e47383
SHA1 dfb589b6da476d0c27d4bcbb2ac8f042bde84745
SHA256 7c881207261bd2abbb04ba8f89f7c7d8a1f87dd485ab6a00d004c1b407365c83
SHA512 8fcaa0976f1497fdfbb8ac35e9ca0d6731234ad580f8f1d8dc503f439e21881646a92526525db0ca3e47d99d764d8346e3ad816d846540889ef7bf4118f45809

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dcb777db8e9b3604acc14c6a2d96d87c
SHA1 c2c80aa8a4e30b1b00e8348462ab3a3596c159e8
SHA256 4e8ee695fc2f0c305ef32e86cc8439c60a69969443093c21e6f5639d2cc65770
SHA512 d6b30123c527bdbf77183f368868bbf1fd449e3454c9d0ffd9e4969fb32678ab0b192c50a18ecab416a6438fd11fb8b641c95aa0fcd87851383c9022bf358f30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ce81cf82df9732c43e4a7c9834c95c33
SHA1 3e75db2d6b447263afd41b44191bbc39a97b920e
SHA256 6bb269283be25201f81baf4bf90e5ec65b23d7ccdb05c193dc78c53acae134ec
SHA512 c0d94fe6215a5cd9e99cd2a81c2774e97633da54022f883c0c6bad7ff605444ea97e969ed93ccf9287610fcf04e42722ca075edfb2288dc3132739201a2705aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 6c6815319a69fe7b9357965bd5be97db
SHA1 d0c9c9fac4045403ef5e154af6e292d170675eb0
SHA256 518a9b59434c3edfe630898f293b2ffa33195c4de038fb81454df0448faa7728
SHA512 e76d519ac0d1ef159b38db6be7a002b5e03460aa1d42b6a9e1d49b144935655d41dbff6148b28119226d31650236b5b4e7caf2b103331a9bc6dd16098f549a62

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 09:57

Reported

2024-06-16 09:59

Platform

macos-20240611-en

Max time kernel

108s

Max time network

114s

Command Line

[sh -c sudo /bin/zsh -c "open /Users/run/OZ_Zapisnica_2012_06_061.doc"]

Signatures

Launch Agent

persistence

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool N/A N/A
N/A /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool N/A N/A
N/A /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck N/A N/A
N/A /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref N/A N/A
N/A /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool N/A N/A
N/A /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid N/A N/A
N/A /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd N/A N/A
N/A /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy N/A N/A

Launchctl

execution
Description Indicator Process Target
N/A /bin/launchctl load /Library/LaunchAgents/com.microsoft.update.agent.plist N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "open /Users/run/OZ_Zapisnica_2012_06_061.doc"]

/bin/bash

[sh -c sudo /bin/zsh -c "open /Users/run/OZ_Zapisnica_2012_06_061.doc"]

/usr/bin/sudo

[sudo /bin/zsh -c open /Users/run/OZ_Zapisnica_2012_06_061.doc]

/bin/zsh

[/bin/zsh -c open /Users/run/OZ_Zapisnica_2012_06_061.doc]

/usr/bin/open

[open /Users/run/OZ_Zapisnica_2012_06_061.doc]

/usr/libexec/xpcproxy

[xpcproxy com.microsoft.Word.2032]

/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word

[/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.metadata.mdwrite]

/usr/libexec/xpcproxy

[xpcproxy com.apple.storeuid]

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid

[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump_agent]

/usr/libexec/spindump_agent

[/usr/libexec/spindump_agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.storedownloadd]

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd

[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd]

/usr/libexec/xpcproxy

[xpcproxy com.microsoft.autoupdate.fba.2660]

/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant

[/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/bin/launchctl

[/bin/launchctl list]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.microsoft.autoupdate.helper]

/Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper

[/Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper]

/bin/launchctl

[/bin/launchctl load /Library/LaunchAgents/com.microsoft.update.agent.plist]

/usr/bin/codesign

[/usr/bin/codesign -v /Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.cloudkeychainproxy3]

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy

[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.systempreferences.2140]

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences

[/System/Applications/System Preferences.app/Contents/MacOS/System Preferences]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AccountProfileRemoteViewService 607]

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService

[/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService]

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool

[/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool]

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool

[/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool]

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck

[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck]

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref

[/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref]

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool

[/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool]

/usr/libexec/xpcproxy

[xpcproxy com.apple.CoreAuthentication.agent]

/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd

[/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nfcd]

/usr/libexec/nfcd

[/usr/libexec/nfcd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.studentd]

/usr/libexec/studentd

[/usr/libexec/studentd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportMemoryException]

/usr/libexec/ReportMemoryException

[/usr/libexec/ReportMemoryException]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.2028]

/Applications/Safari.app/Contents/MacOS/Safari

[/Applications/Safari.app/Contents/MacOS/Safari]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.History]

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History

[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.607CD68E-31CC-4462-A606-06A5C4B046C6 623]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SafariLaunchAgent]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent

[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.akd]

/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd

[/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.71738241-AA44-4199-8A91-D4334AE0EDC3 623]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.SearchHelper 623]

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper

[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper]

Network

Country Destination Domain Proto
GB 51.132.193.104:443 tcp
GB 17.250.81.67:443 tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 ecs.office.com udp
US 52.113.194.132:443 ecs.office.com tcp
US 8.8.8.8:53 odc.officeapps.live.com udp
FR 52.109.68.130:443 odc.officeapps.live.com tcp
US 8.8.8.8:53 roaming.officeapps.live.com udp
GB 52.109.28.47:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 messaging.engagement.office.com udp
NL 52.111.243.8:443 messaging.engagement.office.com tcp
US 8.8.8.8:53 h3.apis.apple.map.fastly.net udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.77.118.121:443 tcp
US 8.8.8.8:53 a479.dscg4.akamai.net udp
GB 2.16.170.49:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 e6858.dscx.akamaiedge.net udp
US 23.220.112.242:443 tcp
GB 17.253.77.202:80 valid.apple.com tcp
US 8.8.8.8:53 e673.dsce9.akamaiedge.net udp
US 8.8.8.8:53 gateway.fe2.apple-dns.net udp
US 8.8.8.8:53 api-glb-aeuw3b.smoot.apple.com udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 clients1.google.com udp
US 8.8.8.8:53 clients1.google.com udp
GB 142.250.187.206:443 clients1.google.com tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.189.173.17:443 tcp

Files

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.microsoft.Word//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.microsoft.Word//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/PreviewFont/hier_officeFontsPreview_4_40.ttf

MD5 8c638d09eea80c9b1963af8cc35870a5
SHA1 f67fc7503e05b99f232945bc1bbb7d50bc70f88d
SHA256 4bcfa32557e0bfffd5766cf6057b9e04ac9af9c101033fd305fba7190305a385
SHA512 b1cee1f2e0f2cdd2611c1af18d5cd3b481da6c7c761cc74f2fc9c99025215a8c03f117bd1f8cdd3fa01210c542ba9e1c7246954e43ce100c84b1ea4082000c07

/Users/run/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/16.0/microsoft word_Rules.xml

MD5 a98417637f615e1d9ae2c2c480f85f2e
SHA1 501bd22bddeea1caded9716d69c927ed05960328
SHA256 e992d0cba50a2a01836e44a92aff3bfa7909d91c3697609a7cadb10c38cbb122
SHA512 36ae742c2c2c4a3a61b01ad521b39fb4c0881656b1b0090081b4055fdc1ad8075296e2d3878068a4ae9d53af65660c43c1c13309a58739eeec49494962700b25

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/TelemetryUploadFilecom.microsoft.autoupdate.fba.txt

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a6ed424e1135465fac072dc8c30be6a0
SHA1 8cb5811cfe6611074f7e01b8b9a533aa7bed4432
SHA256 c6a15fb293a7994c87cb4665fa076b4804c15a7f17753d267b6e271b036457dc
SHA512 d6dc5f49efacc0bea1d388e490c2e1283f6a6f42829e1ab30ec18b0ad35faf44e21d7780b84b5a2ebaff1e79da6fdc090bc547990b513cb311db82fb54cd8972

/Users/run/Library/Caches/GeoServices/Resources/altitude-1285.xml

MD5 9a43af57707d2fb460832049d1f217d1
SHA1 056d813f8cb5198ca82072f7e3484f38ea5267f8
SHA256 7224f8828694ed74a8353567e4d84da188d15a993a4a75938f8409cb49218e7c
SHA512 1f33175f5d0958c79540a627552f71c6960b6ff19c9b2b0aa604c00bfeff216f6ea2ec3a22ef91ad8d7249597fdf5ad49ddbf5f4aef71b397e785152474954d7

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 42d564033a3ceb06d7f38b1ed376798a
SHA1 9de54c3042c4762212aae0d38be34e82b0bcbb79
SHA256 600010c73f9e6288c2e80d883e51606c65e90534a28c2ad58171fb6bfddea98c
SHA512 f2368ad8f9d3404763fcfbafdc3bc093b83db647fc1760ac4264275bba8aac7f9bbceed873e7b73bcbfd561ddcd4e8adbafa472366658f5b94c0fb241aeb95df

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 54ac2dfc3277cc71d095814696c9d295
SHA1 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893
SHA256 c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da
SHA512 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 520bb9b65b89f03050030e5a985b9cd1
SHA1 91defba6d4540d4c8ede177730d104d747e8f57b
SHA256 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0
SHA512 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6