Windows Analysis Report
OPEN FOR MORE INFORMATION (1) (1).docx

ID:	1546261
Product:	CloudBasic
Start time:	17:10:03
Start date:	31.10.2024
Sample:	OPEN FOR MORE INFORMATION (1) (1).docx
Cookbook:	defaultwindowsofficecookbook.jbs
System description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Architecture:	WINDOWS
MD5:	6d8cdd881a9e07eb6d30ffbdf99330eb
SHA1:	5685bd70b2b7f15bf64e9eff9213c18d6d68bdcd
SHA256:	0a043edbc81f3c5944dceb6177191e18c2ca7c8ba529d517d38af51a0f6413fa
Filetype:	Word Microsoft Office Open XML Format document (27504/1) 77.47%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{ABB1F47D-A9F2-44B4-B333-BFE396DC610E}.tmp	Composite Document File V2 Document, Cannot read section info	758931B881F6EFCEA430E5BA2F338139	D5E3F2E24947A0E2405C77C3981B25BB512D3457	643336E0233D886CE73210AE61AA17C86420ADEC7DE5E564984CC20B7A56F467
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1DF94741-352D-4801-8303-700CFAC82726}.tmp	data	5D4D94EE7E06BBB0AF9584119797B23A	DBB111419C704F116EFA8E72471DD83E86E49677	4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{466CE3F4-1C30-4601-B694-59C14432DFE5}.tmp	data	8A677BCB9F8600C651706170CC7F5D39	9F2B92ADA287CB0547AF5CC38E3F2B95B3B1D966	A8D58D66EAD93CCFE6EDF9DB765C55276D2E77885B2E171A0658A2DAFD3F6F8B
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\OPEN FOR MORE INFORMATION (1) (1).LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:05 2023, mtime=Fri Aug 11 15:42:05 2023, atime=Thu Oct 31 15:10:54 2024, length=7160, window=hide	8F6816D3628D76BBB5CB584BDA850C21	91E5F88949DD1CDAD1B393F7FEA3677E9EC71A0C	AF542136DAB962EE010FF48E9B003A518836BAE33BD5716447EF432D2DC4E877
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	Generic INItialization configuration [folders]	15FF37703D22461B7EDF103815681135	BCEB7A5FCED2154E9CF42861EFEBD522A80DBBED	3CB85A91F14BED3CD3FA76D0F253BCCCFBCDA17BD131B342CB076924D178651A
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm	data	2CF7D3B8DED3F1D5CE1AC92F3E51D4ED	95E13378EA9CACA068B2687F01E9EF13F56627C2	60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1
C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex	Unicode text, UTF-16, little-endian text, with no line terminators	F3B25701FE362EC84616A93A45CE9998	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
C:\Users\user\Desktop\~$EN FOR MORE INFORMATION (1) (1).docx	data	2CF7D3B8DED3F1D5CE1AC92F3E51D4ED	95E13378EA9CACA068B2687F01E9EF13F56627C2	60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1
Chrome Cache Entry: 144	Web Open Font Format (Version 2), TrueType, length 72896, version 1.0	8AFBBEF49E32F6382F8C029DDA485679	2FBD600C537D820F23D492D907DAC0BD98F0778E	D4C4F413055D77B989E4D3BCE7E3CBB45427F251387EABFF8F9709F4EE1B2BF0
Chrome Cache Entry: 145	Web Open Font Format (Version 2), TrueType, length 65828, version 1.0	9187B9AF4CD2B2C0080F3E41671E52CF	50810C3D6D3F3AC2155409DEC18086ABC3E17E9C	DDD58F9FE28DBDF8AA84F7F39DDDDEBB4CBFE5B0C74470ED72C7624C7742CC30
Chrome Cache Entry: 146	Web Open Font Format (Version 2), TrueType, length 58012, version 1.0	E88455150169496390368F9DCFC709C6	672607F20C14829A1071441C031A8411196CFEA8	133BB5C5AF6B43D96660FF65F46464F2A03F7D0DEEB8E2A1F8E0AA7CE6770120
Chrome Cache Entry: 147	Web Open Font Format (Version 2), TrueType, length 1360, version 1.0	248816E2428823AA2BA6B223B82EC73B	EC8DD868A619356C0E30606ECA110A239CA0D83D	4524691B7547D0D9F1A34FF172D940BEDAFD7725A14A5BD1121807B7D993BFFA
Chrome Cache Entry: 148	Web Open Font Format (Version 2), TrueType, length 18536, version 1.0	8EFF0B8045FD1959E117F85654AE7770	227FEE13CEB7C410B5C0BB8000258B6643CB6255	89978E658E840B927DDDB5CB3A835C7D8526ECE79933BD9F3096B301FE1A8571
Chrome Cache Entry: 149	ASCII text, with very long lines (572)	0614FBB7B74C281BAA72D7ABC54ED131	1385D6E7933E07BCB2DAB3C554F5113AE4F4750E	EA26BFFE7A15FD98F92939ADC07431ED5BD9CA557A618E2B2690FF62C4532F93
Chrome Cache Entry: 150	Web Open Font Format (Version 2), TrueType, length 31456, version 1.0	8787E52101C989DEA9FEA21E232FA45B	F112710595BAA904A62B68C2066DD34D7103E1E8	D5C4965A6E9C89DEE7D1389167C821976BFBF55D80E7DCDDFBCB5400B1AE01C9
Chrome Cache Entry: 151	Web Open Font Format (Version 2), TrueType, length 42132, version 1.0	2661BDA6D2BA62A920BE11952BB94849	7C1EE90488041D444D2289AE42C06D1958F34584	ADD6DDD7FEE32D58EBA385983AB7DCC9657AD97CDBD4BF4594DB38675847EDB4
Chrome Cache Entry: 152	Web Open Font Format (Version 2), TrueType, length 4196, version 1.0	92CFF5BF3D47970DEFEF49EBF56448DB	163E2B870500AC648A075A008408C9FA73922953	AFD7B4CE1230FC5D6CB58DAEBEED6BCD09EBEE1E4414367596BC3BB33F62444C
Chrome Cache Entry: 153	Web Open Font Format (Version 2), TrueType, length 64068, version 1.0	EFD94F0EB81E50A5F75CFAC73257EFC2	E8C4E0A66E8BA85DE2BDACA59CBCC55CED60BBCA	3A6C1001C36D7F2F8AD4DF369BAF38217AF3ADAAE94A5625651C05F4C3A38BD3
Chrome Cache Entry: 154	GIF image data, version 89a, 1 x 1	FC94FB0C3ED8A8F909DBC7630A0987FF	56D45F8A17F5078A20AF9962C992CA4678450765	2DFE28CBDB83F01C940DE6A88AB86200154FD772D568035AC568664E52068363
Chrome Cache Entry: 155	Web Open Font Format (Version 2), TrueType, length 18588, version 1.0	115C2D84727B41DA5E9B4394887A8C40	44F495A7F32620E51ACCA2E78F7E0615CB305781	AE0E442895406E9922237108496C2CD60F4947649A826463E2DA9860B5C25DD6
Chrome Cache Entry: 156	ASCII text, with very long lines (1011)	85F454CE8D563A6265422284FCAE3E13	68F7D7C704906EC1B07B10968465ABB49B3B76C1	8C76B78821E3396A2E99CC6E3441E7BDE221CBFDFEFC27286456ED37F2D2B4F7
Chrome Cache Entry: 157	Web Open Font Format (Version 2), TrueType, length 1664, version 1.0	F19AC4E354F2BCE2E6341B804767E11A	A197ACF3FA097BFBAD358400BD07EAD8865F6FCC	A631F36B97689FFB94AFDAEF8032E78479D469894A2B18F007DEA806DC1172B3
Chrome Cache Entry: 158	Web Open Font Format (Version 2), TrueType, length 45536, version 1.0	3C33061F3F982F2234262844D0FEE4CA	C4BB9DD654244A9EEBE0D6F12ED4C4E853B18252	6504F1B88B6DE335A0FC2D1802EF8B000F6569792F509D4635128DC0915D6D70
Chrome Cache Entry: 159	Web Open Font Format (Version 2), TrueType, length 1748, version 1.0	6DBF91A51C653C0BA098FED5B34ACC55	599EBB3EE593F5C381AF2429993AF2FD01610C0F	39DBC90B7B4C41925E680E6EA13E84E975E936AA8DE9B04A8C401A332FBDE393
Chrome Cache Entry: 160	Web Open Font Format (Version 2), TrueType, length 39708, version 1.0	F311A35802EF8FA61FA06206EF76278C	6179B813223849FAEB0835B285A05E5B2A8A4AD4	FF8C9A38C906236A4025B752DA6A83403DF53F22F0FB8B88155B7B04A5229904
Chrome Cache Entry: 161	ASCII text, with very long lines (1572)	2241684F5D8066C120792F3514BE8163	5FE694D0737BEB7C2661848FFEA58170952CDECF	4B13C0BDCD4FEECF3B5CB1084A565C6800A7BCB38AAF6B2C8CAA9125E0635E89
Chrome Cache Entry: 162	Web Open Font Format (Version 2), TrueType, length 58892, version 1.0	386F2237074CC59495783195EA1F1295	81B3014B28B6E7EF2FDB39ED73D18EE38F1C36A5	66A070C331573AA324FA2DEAC1A1B42B2D58E9660268555EE382D857E651E33F
Chrome Cache Entry: 163	Web Open Font Format (Version 2), TrueType, length 37488, version 1.0	2A7652831C7699009E0C25DABF93430A	6B0A143D883AFB8FF3CA2BF55B448AF8B68F2F89	C3525FCA875BF7203E92F116E0C5532DD5B5FE0F0CA5E12C6C4C8B9BD77566E2
Chrome Cache Entry: 164	SVG Scalable Vector Graphics image	53BB04865802E54AC8AF8A4B671BFA1A	C330354F2BD383D4A86E0CEB9E93539457E09215	42E25531F7AAC9B4400C3C6E9ED2FF0B60F2972C79553CD09293EFC17B2335AA
Chrome Cache Entry: 165	Web Open Font Format (Version 2), TrueType, length 64164, version 1.0	8C548F65E1DC239D9F8F4F3F52457E59	9A1F4B732127BB53F1F17EA6C905A886A456FD62	1382DECC32857B4DC59FAAFDF57088D9F6917B18ECE82CC47F84010224008C05
Chrome Cache Entry: 166	Web Open Font Format (Version 2), TrueType, length 44316, version 1.0	F4B0DF592BED06B7E1AC275945D8EE61	DBD15D6534D7ADEF8E4AABA1A89E7A2CE22B16FD	C8FB82DF9421FA2DE18E11B89200EECCB188DAB713331F06C6C8782AD5CE5437
Chrome Cache Entry: 167	Web Open Font Format (Version 2), TrueType, length 1256, version 1.0	6DD9A903A2068612E4F0D7572E284077	A87CE7B07CC3C4F09AF54E2310B97F4678935F7F	35015DC730E404653F8B00639C287105BC4D09A58C9235659B99150AA1B220BA
Chrome Cache Entry: 168	Web Open Font Format (Version 2), TrueType, length 72628, version 1.0	0F19855AD401FDEA3E11BFFE0D4E265B	44227668D70FC0289CDF988867A619E8E2960CE5	9A0BEE97B056F9A0972D23BA254990353FD2FA23E11F0B4BD34B25E1AB4A0A4D
Chrome Cache Entry: 169	Web Open Font Format (Version 2), TrueType, length 60648, version 1.0	0E46400F3E919D0CB74068D448D9DAA9	BE7343C9CFB3CE5388F38F2A8D302ED8AE8C7D6D	9FC62F0847BBEB2B050932BC04E8D60087955E2BBE3659FBE89408F4C62F2F7D
Chrome Cache Entry: 170	ASCII text, with very long lines (1747)	55DA64324D65E67D8BED64DED3FDD404	2E047FA4A0E2F653C4F3956842603C6D1DCBD5A1	E31EBB9AC18272B10DB3B731D1610C24434EDACE8040DBC449EAC3528B881DA2
Chrome Cache Entry: 171	Web Open Font Format (Version 2), TrueType, length 36840, version 1.0	3603078A7B178210AC17285E145B4A8C	D57FD925F10C47D039FCDA3CC8A2A12D23E134C5	DCBAF64460B4DB78BA16EE6230D2C90215DDA58CE8C285348D624FE32DBC470E
Chrome Cache Entry: 172	GIF image data, version 89a, 1 x 1	FC94FB0C3ED8A8F909DBC7630A0987FF	56D45F8A17F5078A20AF9962C992CA4678450765	2DFE28CBDB83F01C940DE6A88AB86200154FD772D568035AC568664E52068363
Chrome Cache Entry: 173	Web Open Font Format (Version 2), TrueType, length 34184, version 1.0	1ACA735014A6BB648F468EE476680D5B	6D28E3AE6E42784769199948211E3AA0806FA62C	E563F60814C73C0F4261067BD14C15F2C7F72ED2906670ED4076EBE0D6E9244A
Chrome Cache Entry: 174	Web Open Font Format (Version 2), TrueType, length 41676, version 1.0	C619C10C85CA3DD6D4B57CC59BA2A32A	92A0D8AC165CF6788BE6259F901FBA1994886D91	C129C2C42B2F1D5AF9BD5B9858F0EBA8215EE3EBF61FBC99866E107B2C0AF4B5
Chrome Cache Entry: 175	SVG Scalable Vector Graphics image	CECA603BD198568DAB00E6DFC3120706	871C637521103DCE8F6DF9AAC0D1B62900D511B8	F4AF84EFE90891185D9B29A841181CA9D26D7560864EA47B6CD709D3B964AEE3
Chrome Cache Entry: 176	Web Open Font Format (Version 2), TrueType, length 40412, version 1.0	7332D3B0FA7568125CE6FE9EC4D55151	1822E1EF270F935E5FF8EF83BBE8D0C27CA3CC55	17406C4E4926C81DCD8F3832B79428CCF82F5A3AF17C03AFD0E37F13413851B7
Chrome Cache Entry: 177	Web Open Font Format (Version 2), TrueType, length 41284, version 1.0	87595E01EADD10489540C2BC9532C831	E3EA9372FC50308AFB080F0AA0C1B544873E7896	BED2897761BB0A09F1993AB40B94D35B1E2B3C57039379B888503C6EAC7DCE70
Chrome Cache Entry: 178	PNG image data, 1200 x 300, 8-bit/color RGB, non-interlaced	54A8A1B302CBB14E1C0944FEBE85049B	7651358A4116990748AC15CE7962AFCF657019F4	65C8A1CA12E68D98ACD73F29236869B32B5CE7E755D0528FCFE3C4D89D8982D4
Chrome Cache Entry: 179	Web Open Font Format (Version 2), TrueType, length 1416, version 1.0	E2D07BCC7B3C68F09F3517CD26B496A9	1BC266CB846B248865B43E53CCD7C8117A70B7BA	CC93B0C6CCF01063B9788530CA2389636059624B18599DE8EDEF8D4054255474
Chrome Cache Entry: 180	ASCII text, with no line terminators	1F355B16615FC9766B155616AC729BA7	C10C68EFE0F106419DADD7C7BC20CA874A55617E	3658C73934BC3B2ADAE65E6728C7B79C9A45320DEA6E7C7CEFD87FED0F82586B
Chrome Cache Entry: 181	Web Open Font Format (Version 2), TrueType, length 1516, version 1.0	314C94C93E0D293F63A2C41F8E82C852	A648B285460C78DEADB882996F09FD75D8ECAB74	CDAAE795074CED24AD382F9F21C4F2E3443D3DC27BF6F75AB5CB43D54F23F009
Chrome Cache Entry: 182	Web Open Font Format (Version 2), TrueType, length 64968, version 1.0	38B24F2C1F13FF0FE4D75754439192B1	B85F7DC43D9DA69F8C5034F682D047EB3C5B6B9A	61514A54C59FA9A216CBD4BB4FC24B58E3956088D4E0FBC85BB63160E874EFCC
Chrome Cache Entry: 183	GIF image data, version 89a, 1 x 1	FC94FB0C3ED8A8F909DBC7630A0987FF	56D45F8A17F5078A20AF9962C992CA4678450765	2DFE28CBDB83F01C940DE6A88AB86200154FD772D568035AC568664E52068363
Chrome Cache Entry: 184	Web Open Font Format (Version 2), TrueType, length 2484, version 1.0	9160B78EE0B90045C930EC35D1C3A91E	3DA7830A860E809B29AF6A65017D56A1FA121892	BF2174B338F1EEBF563FDD9BD3909F5269B63AE05A9EA26A738870CC6B504B08
Chrome Cache Entry: 185	Web Open Font Format (Version 2), TrueType, length 46840, version 1.0	FA1ADF616690586A617E2F265AB761B0	802AF2A60A925A68A50C3BD3C157D284E1B51362	28AFB7554B3B29A5587799EACC92FD889378089FD568E5C8430B41D83D012B3E
Chrome Cache Entry: 186	Web Open Font Format (Version 2), TrueType, length 3576, version 1.0	3451C91ABE3E05F03BBA52CE59A258E7	19FAFD4F56FECDC013D8AF0DEE6C51E9A338FA5B	D4BA92453033372B440E5E762EEDEC60DEC8B3C32008F599B1C7F46376D64216
Chrome Cache Entry: 187	Web Open Font Format (Version 2), TrueType, length 55204, version 1.0	303F0DEE25055EA1A1C53F8C44B83EDF	552AB5948D02D19FF851777D58DBE0DCF836681C	DB8FAFFB5E867554C1AB9B0EDD0E11E8B5A3D4B9842D860A11646371C2B84D79
Chrome Cache Entry: 188	Web Open Font Format (Version 2), TrueType, length 50664, version 1.0	2EAE80C528D1D7A39C57805DE3E9C799	37ED517E2F44EF14D8F2C4679F9EAD44B050759F	46B9F52EC517DDFAC84DD566720D00CF3C54AEFF1D543AA9C95FFF830985FA13
Chrome Cache Entry: 189	ASCII text, with very long lines (562)	75C9B40BAA4F7C66BABC8FA04B130C5D	B1E9D050E61C3E29311D480BC6C39EEC97B5DF8F	A8DC473B9A3C26C939E394EFCDBB50ACB96FD2956DA1C6CAC49F0B5FC469118C
Chrome Cache Entry: 190	ASCII text, with very long lines (562)	75C9B40BAA4F7C66BABC8FA04B130C5D	B1E9D050E61C3E29311D480BC6C39EEC97B5DF8F	A8DC473B9A3C26C939E394EFCDBB50ACB96FD2956DA1C6CAC49F0B5FC469118C
Chrome Cache Entry: 191	Web Open Font Format (Version 2), TrueType, length 40184, version 1.0	1C31342F0BE5BC0E2B1549932CDE2F81	A5AAB8D96192515329B7D888CFC5B7B113FAD53D	184819CFD66EEE3BBF756A609A0EA8034F09DCF8C68CD817B08358D8E5579CA3
Chrome Cache Entry: 192	Web Open Font Format (Version 2), TrueType, length 2708, version 1.0	B12C8BACB108B452B1DBB90C3D1FF1D0	ECF97F8E8FDA216564CFF508D3B9E126D8666372	588A0396D786BB25120D5B559B9D546C3F276BC5E17E9D6ED1AD609DC0871CDE
Chrome Cache Entry: 193	Web Open Font Format (Version 2), TrueType, length 57612, version 1.0	10D2BDFD7A17F5E0210C90D99A8B5ABB	89CF52504233C328782A7250F56DAD603FA74A91	D8977152B314FCD5D04BEC050367C0AAFA91899501593E9ECB0D6090CDAC29A6
Chrome Cache Entry: 194	Web Open Font Format (Version 2), TrueType, length 32644, version 1.0	3F02E1AEEA84F97C26CE78E796009467	3A86908B3E689621F23A326A8F3FD4B794599C00	68425336934A956337B4593A3D47D51D2970D03AC4A9C9FC795596F13EB21775
Chrome Cache Entry: 195	Web Open Font Format (Version 2), TrueType, length 58200, version 1.0	895A08A8F8DE0B5D91F3F6999243B76A	3FB36CEC53FDFD5CE97CBD34FDD0A6E5D8255B50	AADA1AC84EDC0A0F678A12E87B835B9C5A71FC4CEC407CA0420C6561CB53A439
Chrome Cache Entry: 196	Web Open Font Format (Version 2), TrueType, length 41288, version 1.0	C2016E340130CA6E2ABB66D40055B6F4	9A999B20475FE5CA7314918BE5BC09555EA44022	347B8E3E68694A70F4B024CDBEE7FB7ED5F98C19D0DAFEF6B8F237191C796F03
Chrome Cache Entry: 197	SVG Scalable Vector Graphics image	CECA603BD198568DAB00E6DFC3120706	871C637521103DCE8F6DF9AAC0D1B62900D511B8	F4AF84EFE90891185D9B29A841181CA9D26D7560864EA47B6CD709D3B964AEE3
Chrome Cache Entry: 198	Web Open Font Format (Version 2), TrueType, length 116852, version 1.0	9FC7A466292A81DBCEB5B9F194B87757	B9994940CAE8121BB4ACC923972EA0B0B6BF177F	8BA9D0704A43A49CD21D4917C76A1828BF6D60EAB09612A2049199652465BBFA
Chrome Cache Entry: 199	Web Open Font Format (Version 2), TrueType, length 126660, version 1.0	E171410D243718D27D3C6BD5306ACA68	6BCDBCD43497AE839A84A26FB83D68BB07A4D5EE	62205E2E2B22EFD49A3A0D1C10C5F59AFA8F4C59B087825FB904263E73489DDC
Chrome Cache Entry: 200	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	8DF19EC399BE913884590015105AA584	5502576575AFF37A626934FA655C124291C58AD6	D48A0F5A08249E1768C06ACA31C16D50D1216434E1C91BA322CF5521577A59E3
Chrome Cache Entry: 201	GIF image data, version 89a, 1 x 1	FC94FB0C3ED8A8F909DBC7630A0987FF	56D45F8A17F5078A20AF9962C992CA4678450765	2DFE28CBDB83F01C940DE6A88AB86200154FD772D568035AC568664E52068363
Chrome Cache Entry: 202	Web Open Font Format (Version 2), TrueType, length 3640, version 1.0	421B045B5EB019D56F6407AE63E57A92	F0D0D18A1887D371B18C1B06B99AD2D3C0923E8D	5DCEBB5EC80A2DDAB469A77F1A37412C34205EF76D054131083B0BF663B786FB
Chrome Cache Entry: 203	Web Open Font Format (Version 2), TrueType, length 26992, version 1.0	92BAE553B71BC6DEDFB17E73BA5029EB	4B581AF52A479729888031EB60722A306A68DA55	49BE4E1A8B5E250DE2A7A738CAC6C157E4148414CAEAB4055D92DA8152D95619
Chrome Cache Entry: 204	Web Open Font Format (Version 2), TrueType, length 4344, version 1.0	E5A3502E3717398EE835D98F84874738	75C4C2D0F1A2EDA7E16A16293BA840E19991EF1A	E5ACBE17FD4E63CCA2CE1B72E482FC2411D27D9D534476AD7F0108B9DF087FCE
Chrome Cache Entry: 205	PNG image data, 1200 x 300, 8-bit/color RGB, non-interlaced	54A8A1B302CBB14E1C0944FEBE85049B	7651358A4116990748AC15CE7962AFCF657019F4	65C8A1CA12E68D98ACD73F29236869B32B5CE7E755D0528FCFE3C4D89D8982D4
Chrome Cache Entry: 206	Web Open Font Format (Version 2), TrueType, length 99952, version 1.0	4DC58D8C42A13CD77CF2CD978F639388	221EDE548E9E9CF711595D6511C73CD8EA4EB595	B93F4669CC09016E4D1AD1836A4CD1EBCF832C22979E5FA11DB4F7C3620223AE
Chrome Cache Entry: 207	Web Open Font Format (Version 2), TrueType, length 50264, version 1.0	AB5E010EBED9BCFB98CDB5BD47D3E430	5D1AA4B896BF05AFE8978F74E2E88A53B0D9BB6E	B5477EC958C9F1F06AF0D54F50633B66C76C5E010450283C5620CFC79E57E963
Chrome Cache Entry: 208	Web Open Font Format (Version 2), TrueType, length 64656, version 1.0	28E2B282CBDDE4FBEF925AA25DF6FEA3	764C6B373670D221C28CD5DA0584FCEB1C444905	B1DE6EAC3059CA778E6D2367182C7F11EDC81E09971E56F788DB308A674EA7EC
Chrome Cache Entry: 209	ASCII text, with no line terminators	46DF3E5E2D15256CA16616EBFDA5427F	BE8F9B307E458075DA0D43585A05F1D451469182	AF3248D0B278571EFF9A22F8ED1CEB54B70D202B44FD70ECA4CA13A5771CECC3
Chrome Cache Entry: 210	ASCII text, with very long lines (1747)	55DA64324D65E67D8BED64DED3FDD404	2E047FA4A0E2F653C4F3956842603C6D1DCBD5A1	E31EBB9AC18272B10DB3B731D1610C24434EDACE8040DBC449EAC3528B881DA2
Chrome Cache Entry: 211	Web Open Font Format (Version 2), TrueType, length 1528, version 1.0	EB7377208715318B001D920F049E318B	9E428185FC78B5F18B11D1B29353433939B08B5B	10505DF86B3638BE7B5707A542C0C7C80ED856F14E037BB1C64BFAF712B0AB75
Chrome Cache Entry: 212	ASCII text, with very long lines (4009)	02697EFA4CE54C8363D71567197A3259	313A52C8857F8E0869CAEC1944CCDC2D8626C8FF	27CC5E9271177A924C7F2BB4FB602038757A78F4364341A3C63CB0F2AB17371A
Chrome Cache Entry: 213	Web Open Font Format (Version 2), TrueType, length 41584, version 1.0	71151932FDCC1AC7E09BF80A592DDA78	7049019D7FA6D570CA9B57525224313656B36E8D	68C3F849762D80F759A7702F52B6F9C432173951D7D5E830C98CEDFDEBA5E53E
Chrome Cache Entry: 214	Web Open Font Format (Version 2), TrueType, length 41220, version 1.0	C8D3E0F677AC007C9FADBA09A1C4C7BC	83389D80FDF1BEE58E69DB1F38968404EAC57846	A9ED2DC63202E8E1E06CC22EB23D39212A36034D90DBC76274EC7F85DEB1D3C2
Chrome Cache Entry: 215	Web Open Font Format (Version 2), TrueType, length 100756, version 1.0	4498A1A925FD2D5630BA89B78739E194	C757EDCF6538B1F0968F69A7618C564DCAF7150A	54EFCB5570863B2329C2C677749C85C7ED337F5C16BF38CAEA17807196150293
Chrome Cache Entry: 216	Web Open Font Format (Version 2), TrueType, length 2560, version 1.0	AAD954B1FF4E297C5D137133C4BB36C3	781A7FFB51D787FA807F1D861A4D003BD33E42E8	C28A9A498502C596ED0275021BDAEF2A57225D9460C650706907FC95F7BA6D80
Chrome Cache Entry: 217	ASCII text, with very long lines (4009)	02697EFA4CE54C8363D71567197A3259	313A52C8857F8E0869CAEC1944CCDC2D8626C8FF	27CC5E9271177A924C7F2BB4FB602038757A78F4364341A3C63CB0F2AB17371A
Chrome Cache Entry: 218	Web Open Font Format (Version 2), TrueType, length 25940, version 1.0	472997FA70DA7203D0AAF11F7B166C93	17B746D4980DF5C0EFFCB129B63FFF1FCBDB8999	5110D967DAD4A4E2D1578B5A1E27E210F03DAD636892CEA6D7F8B1BB617BCF2B
Chrome Cache Entry: 219	Web Open Font Format (Version 2), TrueType, length 84892, version 1.0	0F0BE34D30705D3F21ECCBBFBFCBE983	96A0C04F6610AE014FC1179641861C1A96DD6DD0	E05FD4C39D2671D0FEBCF551364287A41D4889CA4692817722459FF34940AC81
Chrome Cache Entry: 220	ASCII text, with very long lines (1011)	85F454CE8D563A6265422284FCAE3E13	68F7D7C704906EC1B07B10968465ABB49B3B76C1	8C76B78821E3396A2E99CC6E3441E7BDE221CBFDFEFC27286456ED37F2D2B4F7
Chrome Cache Entry: 221	Web Open Font Format (Version 2), TrueType, length 50032, version 1.0	3A1D827D4C9CEA1A4D9AC216BF6A3D0B	B3464CCD91897B1DB6CF5EB06E7A4F89F31EDB94	CC7B21390D89052DA348CF014A9F38412956B535BA362D5021CF9B2707F03DF6
Chrome Cache Entry: 222	Web Open Font Format (Version 2), TrueType, length 37800, version 1.0	2B097CB2DC262C764A2C97D4E233918D	83DB49B6B6DDA13ADC82726197CC2B243EF647DC	7615AED2ED8F1361D3ABA2B6CE6612468463E660E8BD4A4302B24C113EC57308
Chrome Cache Entry: 223	Web Open Font Format (Version 2), TrueType, length 57236, version 1.0	212D9F17F0F5D037532FA3B8FC14B8DE	C332A9F57F2C7931F2A930B5D91BCF244E38FC42	53B183E10D8C5DB234637E82BEF4014117BD41C956C69AF55FA0165A7BE31666
Chrome Cache Entry: 224	ASCII text, with very long lines (572)	0614FBB7B74C281BAA72D7ABC54ED131	1385D6E7933E07BCB2DAB3C554F5113AE4F4750E	EA26BFFE7A15FD98F92939ADC07431ED5BD9CA557A618E2B2690FF62C4532F93
Chrome Cache Entry: 225	Web Open Font Format (Version 2), TrueType, length 37632, version 1.0	1FFAA430DEB705DF128762D9990F8EFE	847F8CA1CF199A602AEF0EF42AEBF5F825584E19	2706DFABCBAAF2DEE90C3A10C168D5F5691CE787DCAE9E77CD038F66B08FC4BA
Chrome Cache Entry: 226	ASCII text, with very long lines (65536), with no line terminators	B4624BD83E996BE22F7A4C081C27232F	D4CE35F33CCF923073F76CBF49F697B12053A8CE	F89E29C03B37387C55C0E0EA4962A919CBF8BFBD38B41CD06575C527EFEF3DAB
Chrome Cache Entry: 227	Web Open Font Format (Version 2), TrueType, length 43772, version 1.0	36338672609C9EC1D83AF4E1AFF7B0AD	287BF3611440E9377DD71C0620AA63448D632F06	E268433F792E81D03D24617E0A4D6ECB5728278A805E7D12493E06802AA671A7
Chrome Cache Entry: 228	Web Open Font Format (Version 2), TrueType, length 5044, version 1.0	5E37F6030CF935F9CBD3FF5A22E08D2E	C77AE7DD7501F4F578884BC034004F8619FC3D17	867352B1C82C47D71A11744E3886441A848780DCA87928BAC596E5F3473BFAA3
Chrome Cache Entry: 229	HTML document, Unicode text, UTF-8 text, with very long lines (1136)	FBE36EB2EECF1B90451A3A72701E49D2	AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D	E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63
Chrome Cache Entry: 230	Web Open Font Format (Version 2), TrueType, length 142920, version 1.0	643086F598435216DC497F1FE1174F85	FD3050CC2BFCB38D36876B66CAA15D97AD3098BE	15FCE9FC686A7ED24AE85F394838CCA6DC46CA2AA43DF5E35A9EDCD3EAF3577F
Chrome Cache Entry: 231	SVG Scalable Vector Graphics image	53BB04865802E54AC8AF8A4B671BFA1A	C330354F2BD383D4A86E0CEB9E93539457E09215	42E25531F7AAC9B4400C3C6E9ED2FF0B60F2972C79553CD09293EFC17B2335AA
Chrome Cache Entry: 232	ASCII text	3941CD60FA643ED248F99441154F151E	9300D366354B80085699A5CAF72F625EB706A19E	0A5A52ACCFFFAFFBACC3FC4F4515ED7B73049FC088786B9B74CCAC76F490DD5B
Chrome Cache Entry: 233	Web Open Font Format (Version 2), TrueType, length 18596, version 1.0	C83E4437A53D7F849F9D32DF3D6B68F3	FABEA5AD92ED3E2431659B02E7624DF30D0C6BBC	D9BADA3A44BB2FFA66DEC5CC781CAFC9EF17ED876CD9B0C5F7EF18228B63CEBB
Chrome Cache Entry: 234	Web Open Font Format (Version 2), TrueType, length 129848, version 1.0	07987CC4A39B31CF6AFFFDE675F1D849	7ADA46987D0E1AAE2D3288272F8C97AABA4792E5	DAE2E505F61E23A088E4FB91523643D2E0B816F29DB2BD57AFB3F56F00D080F3
Chrome Cache Entry: 235	Web Open Font Format (Version 2), TrueType, length 47364, version 1.0	FCC676E93787A8D472AD00BF7F158D88	A28C8050BAA6E17C6ADEC60BCA582715403D500B	1F6B8D8F7D462DC42D48B29E68062A707890AA2DD700C947806949F63D79694A
Chrome Cache Entry: 236	Web Open Font Format (Version 2), TrueType, length 35060, version 1.0	0360DBC6E8C09DCE9183A1FD78F3BE2E	6CD4B65A94707AE941D78B12F082C968CB05EC92	2DB6BC36808D43FA89029C652636E206FA3E889B35ECF71814AB85F8BA944AF3
Chrome Cache Entry: 237	ASCII text	1868068BDC2622CF2C4C607102970B6A	B254679B639C5D7F26BA8662A70E5D7587333ECD	354AA87B02FCDDFAFEE3DB7BA65775E92D271256B7CE8DF3C0BB43467EBA7B3F
Chrome Cache Entry: 238	Web Open Font Format (Version 2), TrueType, length 53884, version 1.0	11E65682C5D363ECD17CDD1CE3615418	89CC3F37B6EBE724BC22045AEA74EF2BC6932DA1	41A98AC11A50E26C91A33CD44D8FF75B7F5963B33CB63AF48099EA48D0BF5E9A
Chrome Cache Entry: 239	Web Open Font Format (Version 2), TrueType, length 4280, version 1.0	35F2221688A86314A271F11BBF8E76BD	2E56E5FCCE211EEA8CA3709E0A8B33DD89CEDA92	3C1D1B09AF9EA0E4A497CF8F1BAAF915BB032ECA2AE369869566282D156CB25D
Chrome Cache Entry: 240	Web Open Font Format (Version 2), TrueType, length 105776, version 1.0	DF1878BEEF6F76B3B8B9C3A479BFA5CB	5724CF8D410C6BD487A002A14386231C29C933C6	C7B73DC2A43D6620B4AE7B1E05EEA2342CF309352B4DCAADEB4491C5B72468E5
Chrome Cache Entry: 241	Web Open Font Format (Version 2), TrueType, length 42296, version 1.0	20A5ED564FE91199A53645DD2A8F8BCE	878AB8E8E2A0BBDE4F47359D625DB2B81F7AC0A1	3109801208D4C4B75FF98BB721D0AEE286293C2F0D2F47F778DCFAD779E9F5EE
Chrome Cache Entry: 242	Web Open Font Format (Version 2), TrueType, length 1420, version 1.0	F8FB2BDE26ED2B7A60BA773D42DD2150	70871B9E74126289901A00F44B8271849A125DBD	9DAA921A21820750F7FE6223AC35072394F99209C374409981F6EFD1B2E3DCD5
Chrome Cache Entry: 243	Web Open Font Format (Version 2), TrueType, length 49980, version 1.0	7B69C53249D749F80F5AC911A9F6A416	D6283C043883942BFB577D0F7F2477DB7C7B10B2	AF6B37D5CEC7927D3BDFBCD8C75D7BF80C29C583D71B75ADE321EF706A10BE32
Chrome Cache Entry: 244	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	8DF19EC399BE913884590015105AA584	5502576575AFF37A626934FA655C124291C58AD6	D48A0F5A08249E1768C06ACA31C16D50D1216434E1C91BA322CF5521577A59E3
Chrome Cache Entry: 245	Web Open Font Format (Version 2), TrueType, length 44980, version 1.0	A32CAE41AA72AD6CA75FF8B5A7A11606	FC29CA3935D5F85C169448D7CC6410C2560D92BC	33EA7445E374A6AAB69F4E13DDBC9FC0E356C731E2D1F093619B93D4281BBE2E
Chrome Cache Entry: 246	Web Open Font Format (Version 2), TrueType, length 54212, version 1.0	DFA374BE8A198433A11856E9967E96F9	9E8D11BA6270CCB1254686C0F24A05F21D33A661	0BC130FEA6C21498BF358680BE297533AF347EBCDBC18576629FF1D89F8638F7

AV Detection

Source: https://docs.google.com/forms/d/e/1FAIpQLSeC_0Id_PGmRkuSPuck_fyi9ACKGBvbaZTzhoVmvM7jUAlm8w/viewform?usp=send_form

SlashNext: Label: Fraudulent Website type: Phishing & Social Engineering

Compliance

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\GoogleUpdater			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_3776_1972645428			Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Networking

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: forms.gle to https://docs.google.com/forms/d/e/1faipqlsec_0id_pgmrkuspuck_fyi9ackgbvbaztzhovmvm7jualm8w/viewform?usp=send_form

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1DF94741-352D-4801-8303-700CFAC82726}.tmp

Jump to behavior

Source: global traffic	HTTP traffic detected: GET /wsUZLdhHG5bDpNyj6 HTTP/1.1Host: forms.gleConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /forms/d/e/1FAIpQLSeC_0Id_PGmRkuSPuck_fyi9ACKGBvbaZTzhoVmvM7jUAlm8w/viewform?usp=send_form HTTP/1.1Host: docs.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+962
Source: global traffic	HTTP traffic detected: GET /S3RLLtv19W1xxd4kOlbDqF6qrW37Ph00WYzt_zglN8T_thqo-ZrkO372sQDb5jhH3OWZXH9oCDjXWAgaGvJqW-RlWv5KLQCQ_kRHRYg16l92d61UtHJCkSKDaMZUGcp0Wg=w1200 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlKHLAQiFoM0BCNy9zQEIuMjNAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://docs.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /S3RLLtv19W1xxd4kOlbDqF6qrW37Ph00WYzt_zglN8T_thqo-ZrkO372sQDb5jhH3OWZXH9oCDjXWAgaGvJqW-RlWv5KLQCQ_kRHRYg16l92d61UtHJCkSKDaMZUGcp0Wg=w1200 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlKHLAQiFoM0BCLjIzQE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlKHLAQiFoM0BCLjIzQE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+962; NID=518=pfY9vydiR6cbAkNmJiz2fNbbqSUCKveyHH_H0S-4j_YInXIGIGlaSsNpyaRs8YgXv1nM3hgYuI0Jrrpw-oXjXp-TT2q9WhP4nmBEFaMMlzz3nT0irkgg2lo67WeCcD-0uYPqkrIYco2Xygb2QEIcZ28a4n2rY1uAiTvUidP_Iu3QzxC5h87GvtFxDg
Source: global traffic	HTTP traffic detected: GET /forms/d/e/1FAIpQLSeC_0Id_PGmRkuSPuck_fyi9ACKGBvbaZTzhoVmvM7jUAlm8w/font/getmetadata HTTP/1.1Host: docs.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlKHLAQiFoM0BCLjIzQE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: S=spreadsheet_forms=zLjYZucY4wqZ5nFgan1ZnD16NtFWLVWRiAG6kT5dF9w; COMPASS=spreadsheet_forms=CjIACWuJVzFLN2yB295p6jUtBNmJOBySvjonGxSjmGRm-FxXVOAKmJ5ugIl9KItE5KOq-BDE9I65Bho0AAlriVcI2on9aJvDUXq2Gqv9HAojAuPKTPyPRvGvsGKdkJDO711hkexEqtEkRla3QZ3ljQ==; CONSENT=PENDING+962; NID=518=pfY9vydiR6cbAkNmJiz2fNbbqSUCKveyHH_H0S-4j_YInXIGIGlaSsNpyaRs8YgXv1nM3hgYuI0Jrrpw-oXjXp-TT2q9WhP4nmBEFaMMlzz3nT0irkgg2lo67WeCcD-0uYPqkrIYco2Xygb2QEIcZ28a4n2rY1uAiTvUidP_Iu3QzxC5h87GvtFxDg

Source: chromecache_212.3.dr, chromecache_217.3.dr

String found in binary or memory: Pf=w(["https://sandbox.google.com/tools/feedback/"]),Qf=w(["https://www.google.cn/tools/feedback/"]),Rf=w(["https://help.youtube.com/tools/feedback/"]),Sf=w(["https://asx-frontend-staging.corp.google.com/inapp/"]),Tf=w(["https://asx-frontend-staging.corp.google.com/tools/feedback/"]),Uf=w(["https://localhost.corp.google.com/inapp/"]),Vf=w(["https://localhost.proxy.googlers.com/inapp/"]),Wf=U(yf),Xf=[U(zf),U(Af)],Yf=[U(Bf),U(Cf),U(Df),U(Ef),U(Ff),U(Gf),U(Hf),U(If),U(Jf),U(Kf)],Zf=[U(Lf),U(Mf)],$f= equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: forms.gle
Source: global traffic	DNS traffic detected: DNS query: docs.google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: lh3.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /forms/d/e/1FAIpQLSeC_0Id_PGmRkuSPuck_fyi9ACKGBvbaZTzhoVmvM7jUAlm8w/naLogImpressions HTTP/1.1Host: docs.google.comConnection: keep-aliveContent-Length: 5456sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"X-Same-Domain: 1Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-mobile: ?0X-Client-Deadline-Ms: 20000User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://docs.google.comX-Client-Data: CIa2yQEIorbJAQipncoBCKj3ygEIlKHLAQiFoM0BCNy9zQEIuMjNAQ==Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://docs.google.com/forms/d/e/1FAIpQLSeC_0Id_PGmRkuSPuck_fyi9ACKGBvbaZTzhoVmvM7jUAlm8w/viewform?usp=send_formAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: S=spreadsheet_forms=zLjYZucY4wqZ5nFgan1ZnD16NtFWLVWRiAG6kT5dF9w; COMPASS=spreadsheet_forms=CjIACWuJVzFLN2yB295p6jUtBNmJOBySvjonGxSjmGRm-FxXVOAKmJ5ugIl9KItE5KOq-BDE9I65Bho0AAlriVcI2on9aJvDUXq2Gqv9HAojAuPKTPyPRvGvsGKdkJDO711hkexEqtEkRla3QZ3ljQ==; CONSENT=PENDING+962; NID=518=iv2Bx9YQZjR75UnDBe4XsD3LU3oXAYfW9WPuZwHHL5Tf--c9AJTjSNV6-lT31aQRz4OQ3kT8xO4KxTdH7IKBTeEwTeRKYK-ifXAwocV73pt24mkTnb5BOG2UIQp-ZpbhKsUzRLwybPpJsEgfg2bzxkXQTxw2ONJR_n8iodmocwVHZU7RMQ

Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: http://localhost.corp.google.com/inapp/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: http://localhost.proxy.googlers.com/inapp/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.co.uk/inapp/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.co.uk/tools/feedback/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.com/inapp/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.com/tools/feedback/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.de/inapp/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.de/tools/feedback/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://asx-frontend-autopush.corp.youtube.com/inapp/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://asx-frontend-autopush.corp.youtube.com/tools/feedback/
Source: chromecache_217.3.dr	String found in binary or memory: https://asx-frontend-staging.corp.google.com/inapp/
Source: chromecache_217.3.dr	String found in binary or memory: https://asx-frontend-staging.corp.google.com/tools/feedback/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://asx-help-frontend-autopush.corp.youtube.com/inapp/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://asx-help-frontend-autopush.corp.youtube.com/tools/feedback/
Source: chromecache_217.3.dr	String found in binary or memory: https://feedback-pa.clients6.google.com
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://feedback.googleusercontent.com/resources/annotator.css
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://feedback.googleusercontent.com/resources/render_frame2.html
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://feedback2-test.corp.google.com/inapp/%
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://feedback2-test.corp.google.com/tools/feedback/%
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/inapp/%
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/tools/feedback/%
Source: chromecache_161.3.dr, chromecache_232.3.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v60/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RP
Source: chromecache_237.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/materialiconsextended/v151/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff
Source: chromecache_232.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVE9eOcEg.woff2)
Source: chromecache_232.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVF9eO.woff2)
Source: chromecache_232.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVFNeOcEg.woff2)
Source: chromecache_232.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVGdeOcEg.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xEIzIFKw.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xFIzIFKw.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xGIzIFKw.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xHIzIFKw.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xIIzI.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xLIzIFKw.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xMIzIFKw.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_161.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: ~WRS{466CE3F4-1C30-4601-B694-59C14432DFE5}.tmp.0.dr	String found in binary or memory: https://forms.gle/wsUZLdhHG5bDpNyj6
Source: chromecache_217.3.dr	String found in binary or memory: https://gstatic.com/uservoice/surveys/resources/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://help.youtube.com/tools/feedback/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://localhost.corp.google.com/inapp/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://localhost.proxy.googlers.com/inapp/
Source: chromecache_156.3.dr, chromecache_220.3.dr	String found in binary or memory: https://play.google.com
Source: chromecache_189.3.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://sandbox.google.com/inapp/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://sandbox.google.com/inapp/%
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://sandbox.google.com/tools/feedback/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://sandbox.google.com/tools/feedback/%
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://scone-pa.clients6.google.com
Source: chromecache_156.3.dr, chromecache_220.3.dr	String found in binary or memory: https://ssl.gstatic.com/docs/common/cleardot.gif
Source: chromecache_217.3.dr	String found in binary or memory: https://stagingqual-feedback-pa-googleapis.sandbox.google.com
Source: chromecache_156.3.dr, chromecache_220.3.dr	String found in binary or memory: https://support.google.com
Source: chromecache_217.3.dr, chromecache_156.3.dr, chromecache_220.3.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://support.google.com/inapp/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://support.google.com/inapp/%
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://test-scone-pa-googleapis.sandbox.google.com
Source: chromecache_190.3.dr, chromecache_189.3.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://www.google.cn/tools/feedback/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://www.google.cn/tools/feedback/%
Source: chromecache_156.3.dr, chromecache_220.3.dr	String found in binary or memory: https://www.google.com
Source: chromecache_217.3.dr, chromecache_156.3.dr, chromecache_220.3.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://www.google.com/tools/feedback/
Source: chromecache_212.3.dr, chromecache_217.3.dr	String found in binary or memory: https://www.google.com/tools/feedback/%
Source: chromecache_217.3.dr	String found in binary or memory: https://www.google.com/tools/feedback/help_panel_binary.js
Source: chromecache_156.3.dr, chromecache_220.3.dr	String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: chromecache_220.3.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/
Source: chromecache_217.3.dr	String found in binary or memory: https://www.gstatic.com/uservoice/surveys/resources/
Source: chromecache_156.3.dr, chromecache_220.3.dr	String found in binary or memory: https://youtube.com/embed/
Source: chromecache_156.3.dr, chromecache_220.3.dr	String found in binary or memory: https://youtube.com/embed/?rel=0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49281
Source: unknown	Network traffic detected: HTTP traffic on port 49204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49180
Source: unknown	Network traffic detected: HTTP traffic on port 49207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49281 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49211
Source: unknown	Network traffic detected: HTTP traffic on port 49180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49194
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49192
Source: unknown	Network traffic detected: HTTP traffic on port 49198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49207

System Summary

Source: ~WRF{ABB1F47D-A9F2-44B4-B333-BFE396DC610E}.tmp.0.dr

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: classification engine

Classification label: mal48.winDOCX@20/202@16/8

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\Desktop\~$EN FOR MORE INFORMATION (1) (1).docx

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\CVR7AE9.tmp

Jump to behavior

Source: ~WRF{ABB1F47D-A9F2-44B4-B333-BFE396DC610E}.tmp.0.dr	OLE document summary: title field not present or empty
Source: ~WRF{ABB1F47D-A9F2-44B4-B333-BFE396DC610E}.tmp.0.dr	OLE document summary: author field not present or empty
Source: ~WRF{ABB1F47D-A9F2-44B4-B333-BFE396DC610E}.tmp.0.dr	OLE document summary: edited time not present or 0

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=876 --field-trial-handle=1344,i,2167696845176286236,13665372515853021969,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://forms.gle/wsUZLdhHG5bDpNyj6"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=876 --field-trial-handle=1344,i,2167696845176286236,13665372515853021969,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: OPEN FOR MORE INFORMATION (1) (1).LNK.0.dr

LNK file: ..\..\..\..\..\Desktop\OPEN FOR MORE INFORMATION (1) (1).docx

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\GoogleUpdater			Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_3776_1972645428			Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: ~WRF{ABB1F47D-A9F2-44B4-B333-BFE396DC610E}.tmp.0.dr

Initial sample: OLE indicators vbamacros = False

Hooking and other Techniques for Hiding and Protection

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior