01c2b04b600f71e8ddd2c420c0427e82737f241f9c31d0f3ce5c8405ca1e7d67

Analysis

max time kernel
98s
max time network
100s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-11-2024 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SENTENCIA DE TUTELA; No.456 RADICADO00746-2024..exe
Size

3.3MB
MD5

123f8bdd76db349ac3efb3d39716932a
SHA1

18f37bfa484dff0b702924b280121e74839f21af
SHA256

01c2b04b600f71e8ddd2c420c0427e82737f241f9c31d0f3ce5c8405ca1e7d67
SHA512

24d7623644076b0ad252f7515d9530a73999ed97009995fb9deef4091a89d2c5b762cb7ada25f52493397258a19eeba00741fbfba88bdf78ac168140adf77e74
SSDEEP

49152:DZHWFTgHsE5n8WjWNCuFd8/1e0EFkFwNUwABWJTXMvI1hcNBPE9B:D9WFTQsEOQEFd8NeomAaT8vJX

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs

Web Service

T1102

Processes:

flow	ioc
692	bitbucket.org
925	bitbucket.org
946	bitbucket.org
277	bitbucket.org
344	bitbucket.org
369	bitbucket.org
190	bitbucket.org
295	bitbucket.org
17	bitbucket.org
144	bitbucket.org
166	bitbucket.org
746	bitbucket.org
793	bitbucket.org
87	bitbucket.org
107	bitbucket.org
426	bitbucket.org
371	bitbucket.org
643	bitbucket.org
875	bitbucket.org
936	bitbucket.org
160	bitbucket.org
265	bitbucket.org
327	bitbucket.org
40	bitbucket.org
262	bitbucket.org
871	bitbucket.org
370	bitbucket.org
455	bitbucket.org
544	bitbucket.org
886	bitbucket.org
914	bitbucket.org
186	bitbucket.org
546	bitbucket.org
795	bitbucket.org
119	bitbucket.org
856	bitbucket.org
258	bitbucket.org
889	bitbucket.org
953	bitbucket.org
45	bitbucket.org
149	bitbucket.org
205	bitbucket.org
599	bitbucket.org
608	bitbucket.org
523	bitbucket.org
525	bitbucket.org
535	bitbucket.org
838	bitbucket.org
960	bitbucket.org
560	bitbucket.org
612	bitbucket.org
714	bitbucket.org
346	bitbucket.org
91	bitbucket.org
152	bitbucket.org
254	bitbucket.org
429	bitbucket.org
132	bitbucket.org
286	bitbucket.org
358	bitbucket.org
222	bitbucket.org
428	bitbucket.org
171	bitbucket.org
266	bitbucket.org

Drops file in Windows directory 1 IoCs

Processes:

WINWORD.EXE

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	WINWORD.EXE

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

IEXPLORE.EXEWINWORD.EXEWINWORD.EXESENTENCIA DE TUTELA; No.456 RADICADO00746-2024..exeWINWORD.EXE

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SENTENCIA DE TUTELA; No.456 RADICADO00746-2024..exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WINWORD.EXE

Office loads VBA resources, possible macro or embedded object present

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{55CC15C1-A107-11EF-AAF2-E67A421F41DB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000a6d0b54dd2df8cb876d6a8fc30cc7b4f3e1514433ec7f6126c1cf25035c0323a000000000e800000000200002000000035e693a0c02800410d341295acf04f3804a3f1e209da16b57fd563cbcf2d28ba20000000421c3168d0146fdc79b8f4a6616dbb394885024117d5859082b311f105d580714000000085f077a1a408536ffd97be4ebca0be6404372a81d22c0c370d66ddab73f710ae530fd90e316b4b4a6234f64eca2cc7d01def5b63793ca4bacc72a88a91ddfa26	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40b28f2a1435db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c40000000002000000000010660000000100002000000015869a6ac248fd6cb4ed4140b910f0d80c77498e1d8c124bc0836e96ffe84414000000000e800000000200002000000015c851beab4833b29495a592334ac9eb9a66d88e704b58f678d2bced80daa99990000000766995cd0da468edcbbd2a0ee284c54e29e72dfe1e361935de8522e4c9ea184745aeab0a62b193a8e3a79d9ac2f5a19880ab1dd44e7563601e96f2bf5e3369ae08b2230411feb0473bd70ba4fb8410d368f324cfc638849cc375305e0d6db3439a4bef721e0144021a39b503911a17211f361b70743f01d28f118ac3c51dd6bf5c229775cc030ede0131be8283fbce1d400000008fce8fa267cfc36d3422e0f15f064f004242138f7408fdd2b5ec8bec5aa9703f371f980f73ff158063eb67e81d37ac6583c76a5feda9dcd63b98c155b554cb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

Processes:

WINWORD.EXEWINWORD.EXEWINWORD.EXE

pid	Process
1812	WINWORD.EXE
836	WINWORD.EXE
2628	WINWORD.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

SENTENCIA DE TUTELA; No.456 RADICADO00746-2024..exe

description	pid	Process
Token: SeDebugPrivilege	1352	SENTENCIA DE TUTELA; No.456 RADICADO00746-2024..exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid	Process
2556	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

WINWORD.EXEiexplore.exeIEXPLORE.EXEWINWORD.EXEWINWORD.EXE

pid	Process
1812	WINWORD.EXE
1812	WINWORD.EXE
2556	iexplore.exe
2556	iexplore.exe
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE
836	WINWORD.EXE
836	WINWORD.EXE
2628	WINWORD.EXE
2628	WINWORD.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	Process	procid_target
PID 2556 wrote to memory of 2964	2556	iexplore.exe	34
PID 2556 wrote to memory of 2964	2556	iexplore.exe	34
PID 2556 wrote to memory of 2964	2556	iexplore.exe	34
PID 2556 wrote to memory of 2964	2556	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\SENTENCIA DE TUTELA; No.456 RADICADO00746-2024..exe
"C:\Users\Admin\AppData\Local\Temp\SENTENCIA DE TUTELA; No.456 RADICADO00746-2024..exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1352

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\RegisterRename.docx"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1812

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\WriteSend.mht
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2964

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\ResetSwitch.docx"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:836

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\ResetSwitch.docx"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f78b28667d09e3b4694a16ceaa0c5667

SHA1
d72fedbe2190a8c95af95a7020ea4c3a948300d3

SHA256
d2af81f12ddca4cea9f37339ca38c1d363290dd0580e0b4af3874887c77592cc

SHA512
db8fec9be0a573b06d64d01254a9c0d4d7efaab3ba767d6f0d3de0a8f97d4cd93a6844ae445f18e8cbeab20163c5f96132a33e8809aadde6ae9b09cd408668b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e982f9944e96b9faac8b075214527d4a

SHA1
652fb48d3c31d38df75015913567df5e4461b5d4

SHA256
b9bdbb0ce85d328a63f810e2bd08758b646306802dba2a0cd296373635c86de9

SHA512
4d65988d75f15a197e82b520303283a861345651320b48ff57a4846327064668c80e693e15a45624af1f2bae377a2c71b57e4930fe55f9637ec709012c0169b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
710cc5bf4f97ee7b469284889691b651

SHA1
bc8f7f83a54c495d1e4cc6472cfa26647643d808

SHA256
751018cf62d823b8ccc1d99c74325b4fe0b2037efa51c74739429f7b108b3d78

SHA512
e067cc878dac298c4e60ee60cca6b3ee72affa40290f6df5b4d0cb019a0abf7cb337247270a0617bcc5efa6ce5ad062b4bb92f9b48d2e3e120c2ab234d36237b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d77f934fac425535b586f29ec12a7cc8

SHA1
1b640ccc39cb2aad2e3526dc4c97fe529c9b7bfa

SHA256
1b6d126e87f66e2502c24e1166e85c64038c64c208f9399f58edba24b91ed755

SHA512
c9130205764ecfbe2beaccdfbdb52188c23f6179fdcd51a1130539da238c800553b8677e31bd98b4a5b9d5a3ec727e3c67b67ba166b5b3d3ee41f80cfadb2f7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2d78ea788255aa7c99d81550d8b4923

SHA1
0c6d39936cc8301e23480164d6febba6d0968688

SHA256
b4e8ed321dda2dc21003d3782930dd250122e860aecd42aa03523c30c326c328

SHA512
2c9b1d331d35f8cd2ce56b1dd5638971a23d9b07560fde94a237465f7acfa2685f98c9b38a1db2b8f8892086bb595ae46a12d5a3709fad7d8efb7248c9fb8c56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0826224dbc830146dd8bcff6321f7a82

SHA1
c2170b9b0d998d9c0e786961326003dc395a8d25

SHA256
95208aafa8bbdce26fb0c480d338b085f016dc682938d510556ab0a91335b719

SHA512
ca8edb2720c91c1a0183b2a8361d6e85e9ded5114a3ae14a6d62b90c64ef3a765d6bd7d9bc3b692895586362af527e2b75e502ec594a4c75db294466ef4378b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e227e35a7e81be0a699bd98f9e228b3b

SHA1
1dfbb8ae4ddf6d3b5010c0037ddb619422368274

SHA256
e9a2239170588828969dba94cc7686d86cae8c70ba3eb6fb84e3345957cff8a4

SHA512
47fe490963b9df8d147ed70a84892a67916c313aebed627b19a4345729cf1c8d709f979ccdb6dc59d34600d35656d841b1c60ae5acce4c146345c4b70511b75b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e12cdc386c4ca19b12d1d22aa672dcc9

SHA1
fc4ea6b4665e9fd9b36ceb11663762cebcc55d3a

SHA256
67914d5813aca92dba3cec38946a015ae383a2e5c822c0447e79e051d6dc98a4

SHA512
7463d06e163a12ff0f403b8b96458f3ed11789e0e295ced2c7a12a835f2945e6e0357a957ecb814d9140ae545b9c1e4bcb375af3f39d29ce843342a0c971016c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF5F6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF656.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
420B

MD5
61c8a1290614ff77c33b32287552247b

SHA1
fe03a8f6377315513f32a496069bbdbaa4173291

SHA256
a8930b817ec4043409dae64802d51d7a4d35f1c41de07f878c1de9dddd00d160

SHA512
801bb447c6dcb8acce48b7db0e2d660b8e8423f27019ad0112eae8367651848fb5975bbdb83cff3d31ed35c66fa3b9fa21c998a9585e4fbfa978a8578ca68cf8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

Filesize
19KB

MD5
7c78da108a7fd238c656d23c45aa6608

SHA1
75d2b4c2af03768e5f14192880a9813640c34063

SHA256
f83840c09ebe7e4068bf18e2152fc8f9397e635aeee83b8f5a2b77c82d3717c6

SHA512
c2344b574c6a90ea51ac2d8695149de568092c01b5d8fd35bd413dbd6f923b69176cc03c2441b86aeeb7c8e42aeafb47c7890545f22b142cdaaed1da4829c55d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/836-418-0x000000002F8D1000-0x000000002F8D2000-memory.dmp

Filesize
4KB

Download
memory/836-436-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1352-1-0x0000000000100000-0x000000000044C000-memory.dmp

Filesize
3.3MB

Download
memory/1352-3-0x000000007494E000-0x000000007494F000-memory.dmp

Filesize
4KB

Download
memory/1352-2-0x0000000074940000-0x000000007502E000-memory.dmp

Filesize
6.9MB

Download
memory/1352-6-0x0000000074940000-0x000000007502E000-memory.dmp

Filesize
6.9MB

Download
memory/1352-0-0x000000007494E000-0x000000007494F000-memory.dmp

Filesize
4KB

Download
memory/1812-7-0x000000006E89D000-0x000000006E8A8000-memory.dmp

Filesize
44KB

Download
memory/1812-5-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1812-4-0x000000002F5F1000-0x000000002F5F2000-memory.dmp

Filesize
4KB

Download
memory/1812-43-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1812-44-0x000000006E89D000-0x000000006E8A8000-memory.dmp

Filesize
44KB

Download