Analysis Overview
SHA256
997ee6948b2f95a13b69ca7320baef623b6052959577ee5d97e6ac0a3b1bd5f4
Threat Level: Likely benign
The file all-12078626.zip was found to be: Likely benign.
Malicious Activity Summary
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Office loads VBA resources, possible macro or embedded object present
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-05 19:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-05 19:18
Reported
2024-10-05 19:20
Platform
win7-20240903-en
Max time kernel
55s
Max time network
136s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Office loads VBA resources, possible macro or embedded object present
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Ratio-Linking-Ratio-to-Formula-New-GCSE-Questions(Bt).docx"
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef66e9758,0x7fef66e9768,0x7fef66e9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1380,i,5161137938030403186,3029738283112898224,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1380,i,5161137938030403186,3029738283112898224,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1380,i,5161137938030403186,3029738283112898224,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1380,i,5161137938030403186,3029738283112898224,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1380,i,5161137938030403186,3029738283112898224,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1580 --field-trial-handle=1380,i,5161137938030403186,3029738283112898224,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1324 --field-trial-handle=1380,i,5161137938030403186,3029738283112898224,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3416 --field-trial-handle=1380,i,5161137938030403186,3029738283112898224,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3424 --field-trial-handle=1380,i,5161137938030403186,3029738283112898224,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1380,i,5161137938030403186,3029738283112898224,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1132 --field-trial-handle=1380,i,5161137938030403186,3029738283112898224,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1764 --field-trial-handle=1380,i,5161137938030403186,3029738283112898224,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3500 --field-trial-handle=1380,i,5161137938030403186,3029738283112898224,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3492 --field-trial-handle=1380,i,5161137938030403186,3029738283112898224,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3888 --field-trial-handle=1380,i,5161137938030403186,3029738283112898224,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2524 --field-trial-handle=1380,i,5161137938030403186,3029738283112898224,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.42:443 | ogads-pa.googleapis.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.200.42:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 204.79.197.200:443 | bing.com | tcp |
| US | 204.79.197.200:443 | bing.com | tcp |
| US | 204.79.197.200:80 | bing.com | tcp |
| US | 204.79.197.200:80 | bing.com | tcp |
| GB | 92.123.128.155:80 | www.bing.com | tcp |
| GB | 92.123.128.155:443 | www.bing.com | tcp |
| GB | 216.58.212.195:80 | www.gstatic.com | tcp |
| GB | 92.123.128.155:443 | www.bing.com | tcp |
| GB | 92.123.128.155:443 | www.bing.com | tcp |
| GB | 92.123.128.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.178.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4---sn-aigzrn7l.gvt1.com | udp |
| GB | 173.194.5.233:443 | r4---sn-aigzrn7l.gvt1.com | udp |
Files
memory/548-0-0x000000002FEF1000-0x000000002FEF2000-memory.dmp
memory/548-1-0x000000005FFF0000-0x0000000060000000-memory.dmp
memory/548-2-0x000000007159D000-0x00000000715A8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
| MD5 | 1a01d0120754837dc86dae2ae2313116 |
| SHA1 | 7a77917a65f5728af3c2195c85836622fee6bb7d |
| SHA256 | c0e3a1a02edb82005e7f97e832f6022514a4765d547e4d82ee8a82b0cf81e476 |
| SHA512 | 38ee9ac2ed0f1139a3ab056b68271d0a72974925508e059fe20f9355174204c23b49c725c953bb36c6e678001945b1d49befad8b413f32b47c7addd124a45904 |
memory/548-26-0x000000005FFF0000-0x0000000060000000-memory.dmp
memory/548-27-0x000000007159D000-0x00000000715A8000-memory.dmp
\??\pipe\crashpad_1992_LDCQMBEWIETOYJOH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fb1520f720a2cc9bfa19ac9d806d3347 |
| SHA1 | 82c71f41f2c305e7c9082d6757b7d338d874973e |
| SHA256 | 0e034fdd2a048f64e22ecbacd88e0457e21b38ada38cd3d21385c48750876c62 |
| SHA512 | fa3502d5900f7ef534672034979a9ea97fc185671eb32abac2fa177db0961baf7d11ad38c6fcf8d591a7964fa7974a621fde42b7bf325f8791be458965c31b6e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a5e313614dd72a1f7ab95bf283c16d44 |
| SHA1 | f4ebbd5cc33203fefe497a740d237a87cfba32bb |
| SHA256 | d0a2a61b7d509d5cff7dbf952945103d1954e20af336815561e9b845156f1bdb |
| SHA512 | 30cae0945713f29603ea0a11b6b7f2fb954f01540d76cfa6c5dc0152cf7f598b3c0c40f693625e61636db2f0ae9e97ee51909862cc047cc9e0993809fd3b7a45 |
C:\Users\Admin\AppData\Local\Temp\Cab9EFF.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9FAE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 296067be07f535518c05a6bd78038850 |
| SHA1 | 0fa1334faeb345ee1256e369bba36560c14c06f4 |
| SHA256 | d5bd68ad5606ff5bd5f8bdbeccc41648629f600969ea8d154e13b8552f278cf9 |
| SHA512 | 4d4981670383d5f92b3a6acf766c823f181f98e42622b415457b330a8b6e5bd0f4492aa013f6cb74749a172e1aeb7e9d6a365fe31380361694a2ca1f1785c0d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3263f521870b6fbb48f5f5c059c0ca1b |
| SHA1 | 2861537bbe51c204f5ebadc757f5e16dc9c7ca60 |
| SHA256 | 49d7864af85c1a8a3ba45051a219cb8ad39af9de1f754646ad5c04818335c18d |
| SHA512 | 4f8a3707ae0b4734e86d6777c830bc7f6e0ca7c4c152001df423c8f2e4a25a4457063b4d197937f01e16fc38c495cb339c95da6cf0ad4f7d233cef1899cf3e1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6037d0ec014c4f3df616367ffbb73a8e |
| SHA1 | c63b1441dacff42e990d14ca85658ec278c9ef48 |
| SHA256 | 27c895709c34a85ab5379e0f7a506a193a44fcd84afbe5a799c299f4031af6dd |
| SHA512 | d32e4ebeed2c05d7ce6abc4329318fa26ac1762e5a576b8951ac05b639c5df6c19af19ada582272b1fdce997ff55eebc0e543f58c3c33961ce5b640f2b5acaa9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | 041a6663bc0ebe537fe7decbf702f445 |
| SHA1 | 08e98d4330b018bddb45851b8fb166a57f77db4f |
| SHA256 | f6baca6c5e8cd39df0ea24496106299e08767adb1ed09417e31b13fc97657959 |
| SHA512 | b42bb9747484814f7a1c5bef7eb29c222a9f453d50736682951b9f838b6470ace1efa0ad3841af6129e2c6ce00bf02ba9a0645e98a7bc67ba1d4e0f8d0f2598c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fccb12ef97ca0b411b423cb8b9480584 |
| SHA1 | 4ddfaa2b8b9de5c4bd21e7927efdde06c70f85c7 |
| SHA256 | ec6e913672750fa3d5f0a1bff0542bbf62a4f2ca0bebbfe3e80ff4353dd138b1 |
| SHA512 | 2ce8c8384fbd74c296ef8daa16b52868e352636b20fa5d217e928ce7a15fd2eb01597315df970e66ba433548f96984480023e033f1ae0de6362be75a855d10bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecfc15fd234448cffefd3cacdef4f700 |
| SHA1 | 81cdcc2d9ba440ede3117afa4b1de8babf5b36a8 |
| SHA256 | 5219274a7a689d1daabd3da3e4b1c357f3b1b42008b6d7bf4f2d5dc6ecdcdb0a |
| SHA512 | 2f113abd56c7e49d3ecc0d19feaccc00c60902df8be2749a3f8f4a041a1ff7e4431fe0992a5c0f0bd7ac3022f197261dbb094b5ae3aff84ca6b9698542d6b7db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7d995b85c83ca179f23105da6de5341 |
| SHA1 | 4c2e5bd787da129ead8006ed6fbe0f90cfa50460 |
| SHA256 | 4f3845df2ee9bfce83939f9f7c26536563d453a6930f7e7d347204c3907b7e64 |
| SHA512 | a5ac2858e9d0d7aba41b5ad57cb85f53d18442538a5712005aaf1cc4582d213bfe88ce96707e70ca4506a6a5c7b2810bcec866ca74f489dc84399ebb129efd60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0eef7ad677bcc4d91aba2d563b14ed62 |
| SHA1 | 444c3c092285fb705421e8c12f346feaaa9a343b |
| SHA256 | b8861b24e19ad749ace0b4f6a3053cd2cd5dbecccc8c14e63458fcc55d96704a |
| SHA512 | 54174c134e11931a9d6eedffab232a86747570e9d903770faf48ebf442202e977c399f53f0ac16087d47e81067db321081565db90007dcab7d75df273f831dbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1eabe5cc93017fa5f88452dc0e8ac384 |
| SHA1 | b8d7d329900bd85766ea19b99fffdbe461f7dcc6 |
| SHA256 | 8b2cd0426eca9e240f1ae3c6d23966b8747e59264c72cecf18afe6069086cae5 |
| SHA512 | 9c5809eeaf321948a8740b373d3cf1f6ddfbb358e3758f707f74aae67a012c6b9abd3b98bdf14724235381d69a20e4b409efc538de09a37dbde340ba88ff28b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6b3590d59f5424023db99aaa37ab584 |
| SHA1 | 869e5feccbabf9f43fb6574f213900ed9fcd7f71 |
| SHA256 | 9e37ee37176a9001a0878e9230d67ccac3d0d6b2390adffa23c1e9822fa5d4a4 |
| SHA512 | 90e0628e82583d2fc9aa5acb1d174984d2ebf5582dec550c8c1cb35d0f02d297779f082afc142ff5e00716c8ef16b27fc17b857b17bdca829d81fd20cfb40cfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67815d620d3347827b211c1ad7329eba |
| SHA1 | 86d080e54103352d1c0daaf4efd599b416834ea8 |
| SHA256 | 1547b1ff4148c3e89985d134d65d8f82cdcba9a18a3036709050aef9eb2847f3 |
| SHA512 | 16c66b0090fe17027d571f721f065e9d17a756ddfb2bbd621b4e8de5e37af48d4cee79c8dd3fd636b6d481ea846f002dbe23d63a4b03267d5baff3abf68ddd40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03d4179eebbd35946af35075c98aeb68 |
| SHA1 | 8ce5312fccd8144a85cd65a4c94d96a284c92f07 |
| SHA256 | cf5fe96299f4167893d5e76a4e4940c32e5556032caadca41e547ed2c4690460 |
| SHA512 | 9c73765fe6c3a64fccb7927a5b69e9d412ee95a62866e3caf104d9e73507a88a3e94535a9b680d564092a906748cf17317cbe2a8bd79dc799bbe000b25fa20f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3357be7a21bb9c30cf7fe6492f5359c |
| SHA1 | b66b1e422a64e368587e5a73242571eddfd401ee |
| SHA256 | 4f50186709f14cc1410384c83f70b15afd15c22efdb66d657373bba904740c9d |
| SHA512 | c70c60df97b8a7477247fa1528fd66a6df27719eb4d3dcf503aeb68f02e27e29d96ef8604f2a9a80fe99d2d29170b033dea8379b9d471d70f44a09afb1d65da1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b5c31940bbc16a8dd93530b9bee7a27 |
| SHA1 | 5b454009f530b3d408ab7c2831931e4607f1540a |
| SHA256 | 04bb717e23d15265aef6fd1ef6bfdb5227f88dfe49ed3413df953dad56d36bc3 |
| SHA512 | 79bd83c7aa5875ca154bb1779eebabaa4aed6a77c83f3ae681f710448c3af5470100a81168c26ced169718e54197482185c01de0dd613fe925679906f3064cbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad69f52ca4677afc8b77cd7ffbf1e148 |
| SHA1 | 23441afef0bfb036bf03e5d9bb96f190db37958a |
| SHA256 | 4d5a3242cbaaaf21585a2145bfb8438e8da22727c6de1291b2e2cfc8ebc582ea |
| SHA512 | 713cb6031c093396547ed79ccc5e310d2d97f914fad8d661eaa4c63aa74b2261e2014925b65b6617c74fc8b39d3d2fb13fe0dc81f1091b0f34f7b6b16ee4dc21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb379770ba52cc684d3460f298abbccf |
| SHA1 | d8c8f13d43a4d8010eaeaf26dbdad8b59573aae5 |
| SHA256 | 8ce5ebebadfd15b65467b6353c090121de4b9fefcb7c0595175cad45e0bb0717 |
| SHA512 | 503b73f708b047e805adb17d422ec2f7e9a82360a91d67ba4e152bebc2ee0c935cf330e84419888a53dafd6565acc2f9fe58910d8085aa2676dfa3beaa5d7b61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc8ee78a80d07f3c0cc83b2512590d71 |
| SHA1 | 330c905634a201abdc4e8769c2185fe4a554da10 |
| SHA256 | b964b517f88e0ae24e9ec2cc1bf5e7f312dd7a8cf3d8248bf2b40388cf1ff354 |
| SHA512 | 49339bfdfdd6dc2834ac3ea50e475271dd4f6cf5a1baed0155876dc16414bddfa061e7df7a89ba3768717c214a49746a26f03ff4ad1b1a0eb2f10b535f2e6c6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8c7ba8cb37271f7281252a944f81afc |
| SHA1 | 4efebe0f2c731b77c1b76f35fdc94c176772025f |
| SHA256 | e97ca4678e9b14fe096b76b6ec4eaaadf8a90bea55e92de4c655e41fbdadea2c |
| SHA512 | 5329ca9ff8d64d7818cf2cc971ce11e8d1d7d25521bfc6095303ccd996756b2e80e235771b635e6bcc6e07871f6366b97193a498d54f5c7aa2ccba3a84aa423c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad9ec120e31cb739fba5426fa8b1f176 |
| SHA1 | 1362254a33d2c257119935467580c2df545a92a6 |
| SHA256 | 1e1f2140c24f6729de3bed695d19f672b3edb770b9770caca59a6bb9cbe2d5b4 |
| SHA512 | e16f549976441226dfbf54be1cf5b04ee6225ed6f4b34f23ebbabf72b8614f5b5dc796ebd747eb0dde44d12b5622005c52742d92feb9c0e6f96a065c8d510be4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa7ebb29946e303ee0714bd2e528140d |
| SHA1 | 7326ce9ffca218754d4b0a7cf1dcff1ee9459292 |
| SHA256 | a2933e2e14929f0f71dea05d9b6653e2ed85b6a648f42c9f8087aa2454df675b |
| SHA512 | b090944c035f399a1459fd853e0b7f20cbcf7400a732ffab1c2605bd2c8fcc7fff510224aaac05b5ee47e4c5a2b9d89d905478f46d801f11f3fc90b87812cddc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3fb736f04c02f17c472421d41a551e9 |
| SHA1 | 8d12799724c94e8155a787ef836895d26782c489 |
| SHA256 | 98e7f40dbb5d8e6b8f0e379268d2b7eeae52ef730fe617db896e551297cb5df9 |
| SHA512 | 2e14bda45a30b9869066baf6281193c57bf99f47aca0f3f334681cd078b3a4eeef1fa3a0223c397c390b55d9ac8edacf554afd9f1745242e3e4ec493de054ba5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4555b4e883cfa92cd535f891e9dc09c |
| SHA1 | 9de8da87e93058db7d9f61a892487c7a3be07fe6 |
| SHA256 | 1db00e63d7e0d5acb09d7b8952d0a50586f453765ac0655340a168263384ef70 |
| SHA512 | 770dba478a8fb8afdb43427eb7b56e8c7d904651f94a2a09c1a39be42168b0e43c2b48c19034b181dd1b7f2259bb81b85afaa49aeea3c8046b771dade317cf5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c6a32b40b7cf376609f49cf6f5ec654 |
| SHA1 | 41a251406f8be166ef4628a2a1418750499ac66a |
| SHA256 | 4aba25dc61682338f2c4ebb75a3efcd9ceb8c88bfe8121614cc1047900028251 |
| SHA512 | d241e32cb1303af7e9b9381a494bd12da95b0ba8e8b53e6d9a49f4e2b33d3681f343e9b44879b0e2d649f9ec617080cbf7117e44059b68a839b87d4aeeb85d2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e57b2b800822bffa02deb424deb57de8 |
| SHA1 | 5c59c06dbccb3d7f8c298d34221a8e6cc6be122a |
| SHA256 | 2539f9662754cde2b64a61e487c0a5f35d70f5ea99cc07ee4cef8dd94382cc1a |
| SHA512 | 769f6bbfeada5f3293693b819b5760f804a0e755f002e726aedfa5fe83fef21cd4d52d048390525787c1d685e1152cfdc2e52b65db6775458b564b8559be16bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcaf22ed9f004be0fb3442121ced5ea7 |
| SHA1 | d700cdc837629bc1a9a3f1ef1efb1ebdcae0c535 |
| SHA256 | 5fadd1a6517e85a60bef7d2db6e8cad59faab23fdb904c731e0e4f635f062367 |
| SHA512 | 80c0eb33572c773b3348ad7beb6fe61cc7bcca50e2071788b905b80ecb1f16a47c702a647c86118274f0bdd83c429d3f1bda98223b1c2cb5ee0eb0618b4de68e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d19f41d688420e6d31299be4512d00e6 |
| SHA1 | 9e9c1b1c46a1daf0c62d8d960677d15e7a9df5d2 |
| SHA256 | ef740534400298ebe8823c13c47a1a3f259b548df42a364982ffd44bafced477 |
| SHA512 | 3e6fff6ea5c9fd81402684060c9cd61447c3e960ee5f3de3106b37198f7696c62b9555d954894ce9a96665e9ec4ebc06f111e2b6aa927aa63769b71a51bff7c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 58fa64cd57a68b8519aa0bf24c159710 |
| SHA1 | f6eb2bb5500b202acd0a8ea061f6725a6b610016 |
| SHA256 | cc52349ab6f94ce0b9c17f76c12268a05053764ca31a60260b3f2ae8fcbeb44d |
| SHA512 | 8aef33c0eb37ce6f74c7c3bb9ffd1cc5904c795a9728019d11a54e2cdde7d4c75b7bd9e376c52c4b75ae137825fb197b2aebf55d9e952a8acbcb272d5689ee6c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-05 19:18
Reported
2024-10-05 19:21
Platform
win10v2004-20240802-en
Max time kernel
133s
Max time network
123s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Processes
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Ratio-Linking-Ratio-to-Formula-New-GCSE-Questions(Bt).docx" /o ""
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 46.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| GB | 52.109.28.47:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metadata.templates.cdn.office.net | udp |
| GB | 2.18.63.57:443 | metadata.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | binaries.templates.cdn.office.net | udp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.74:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 57.63.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
memory/864-0-0x00007FF85B6ED000-0x00007FF85B6EE000-memory.dmp
memory/864-1-0x00007FF81B6D0000-0x00007FF81B6E0000-memory.dmp
memory/864-4-0x00007FF81B6D0000-0x00007FF81B6E0000-memory.dmp
memory/864-3-0x00007FF81B6D0000-0x00007FF81B6E0000-memory.dmp
memory/864-2-0x00007FF81B6D0000-0x00007FF81B6E0000-memory.dmp
memory/864-6-0x00007FF85B650000-0x00007FF85B845000-memory.dmp
memory/864-5-0x00007FF85B650000-0x00007FF85B845000-memory.dmp
memory/864-10-0x00007FF85B650000-0x00007FF85B845000-memory.dmp
memory/864-12-0x00007FF85B650000-0x00007FF85B845000-memory.dmp
memory/864-11-0x00007FF85B650000-0x00007FF85B845000-memory.dmp
memory/864-9-0x00007FF85B650000-0x00007FF85B845000-memory.dmp
memory/864-8-0x00007FF85B650000-0x00007FF85B845000-memory.dmp
memory/864-7-0x00007FF81B6D0000-0x00007FF81B6E0000-memory.dmp
memory/864-13-0x00007FF819520000-0x00007FF819530000-memory.dmp
memory/864-16-0x00007FF819520000-0x00007FF819530000-memory.dmp
memory/864-18-0x00007FF85B650000-0x00007FF85B845000-memory.dmp
memory/864-17-0x00007FF85B650000-0x00007FF85B845000-memory.dmp
memory/864-15-0x00007FF85B650000-0x00007FF85B845000-memory.dmp
memory/864-14-0x00007FF85B650000-0x00007FF85B845000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/864-38-0x00007FF85B650000-0x00007FF85B845000-memory.dmp
memory/864-39-0x00007FF85B6ED000-0x00007FF85B6EE000-memory.dmp
memory/864-40-0x00007FF85B650000-0x00007FF85B845000-memory.dmp
memory/864-43-0x00007FF85B650000-0x00007FF85B845000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TCDE3BB.tmp\gb.xsl
| MD5 | 51d32ee5bc7ab811041f799652d26e04 |
| SHA1 | 412193006aa3ef19e0a57e16acf86b830993024a |
| SHA256 | 6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97 |
| SHA512 | 5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810 |