File name: | 9ea577a4b3faaf04a3bddbfcb934c9752bed0d0fc579f2152751c5f6923f7e14 |
Full analysis: | https://app.any.run/tasks/4272eb66-5e19-4ba3-80c2-c101ae7c983f |
Verdict: | Malicious activity |
Analysis date: | February 19, 2019, 00:27:11 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: Employee Details Form Template, Subject: This Template offers a formal process to document each staff members personal details. You can individually adjust this document to suit your company's needs, Author: Version 1, Keywords: Employee Details Form Template, Employee Details Form, Employee Details, Comments: This Template offers a formal process to document each staff members personal details. You can individually adjust this document to suit your company's needs, Template: Normal.dotm, Last Saved By: Windows User, Revision Number: 53, Name of Creating Application: Microsoft Office Word, Total Editing Time: 19:00, Last Printed: Mon Jun 16 21:47:00 2008, Create Time/Date: Thu Jun 7 19:25:00 2012, Last Saved Time/Date: Mon Oct 15 23:22:00 2018, Number of Pages: 1, Number of Words: 329, Number of Characters: 1876, Security: 0 |
MD5: | FB4213E44E517CDC1AD9CE92BC73A821 |
SHA1: | 780CCEB20D26B4696AF9A23F40190667522DE24F |
SHA256: | 67A705AB1EE8AA5A7510CF1EFEA275DC88574E455C9456D2FC865FFAD4C85723 |
SSDEEP: | 6144:2LOUuU4uDCOjsHFtXwIUPgTiN13sh/2xWoV/hGkWC92Vr3Lu19RmAMZQzm18IBHf:tU4tdltXwnQ01txj4kB257qmJkm1ldU |
.doc | | | Microsoft Word document (54.2) |
---|---|---|
.doc | | | Microsoft Word document (old ver.) (32.2) |
Title: | Employee Details Form Template |
---|---|
Subject: | This Template offers a formal process to document each staff members personal details. You can individually adjust this document to suit your company's needs |
Author: | Version 1 |
Keywords: | Employee Details Form Template, Employee Details Form, Employee Details |
Comments: | This Template offers a formal process to document each staff members personal details. You can individually adjust this document to suit your company's needs |
Template: | Normal.dotm |
LastModifiedBy: | Windows User |
RevisionNumber: | 53 |
Software: | Microsoft Office Word |
TotalEditTime: | 19.0 minutes |
LastPrinted: | 2008:06:16 20:47:00 |
CreateDate: | 2012:06:07 18:25:00 |
ModifyDate: | 2018:10:15 22:22:00 |
Pages: | 1 |
Words: | 329 |
Characters: | 1876 |
Security: | None |
CodePage: | Windows Latin 1 (Western European) |
Company: | - |
Lines: | 15 |
Paragraphs: | 4 |
CharCountWithSpaces: | 2201 |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: | Employee Details Form Template |
HeadingPairs: |
|
CompObjUserTypeLen: | 32 |
CompObjUserType: | Microsoft Word 97-2003 Document |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2824 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\9ea577a4b3faaf04a3bddbfcb934c9752bed0d0fc579f2152751c5f6923f7e14.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
2156 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 3221225547 Version: 68.0.3440.106 | ||||
2908 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6d8c00b0,0x6d8c00c0,0x6d8c00cc | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
4024 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2164 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
3060 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=932,552154253824337123,7205402736158129435,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=D3A290A87585D72E89CB1323FE44BA93 --mojo-platform-channel-handle=980 --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
3248 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=932,552154253824337123,7205402736158129435,131072 --enable-features=PasswordImport --service-pipe-token=032EF95876775E950533CC7D54E9D59A --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=032EF95876775E950533CC7D54E9D59A --renderer-client-id=5 --mojo-platform-channel-handle=1900 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
3776 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=932,552154253824337123,7205402736158129435,131072 --enable-features=PasswordImport --service-pipe-token=4518F9CD88E3332572643ED7899D53DB --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4518F9CD88E3332572643ED7899D53DB --renderer-client-id=3 --mojo-platform-channel-handle=2052 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
3360 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=932,552154253824337123,7205402736158129435,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=8DF06098B2CE0735E381F3280A9834C7 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8DF06098B2CE0735E381F3280A9834C7 --renderer-client-id=6 --mojo-platform-channel-handle=3144 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
3220 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=932,552154253824337123,7205402736158129435,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=0B4A40E0253C7D5EC3F7859761B9F02E --mojo-platform-channel-handle=3400 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
2284 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=932,552154253824337123,7205402736158129435,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=6695EF0A992E6FCE98BB109CF8162C7F --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6695EF0A992E6FCE98BB109CF8162C7F --renderer-client-id=8 --mojo-platform-channel-handle=2392 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2824 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR9224.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2824 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~WRD0000.tmp | — | |
MD5:— | SHA256:— | |||
2824 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~DF05E612CA64C30B05.TMP | — | |
MD5:— | SHA256:— | |||
2824 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~DF4866323679F412BE.TMP | — | |
MD5:— | SHA256:— | |||
2156 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\05c2a7e4-604e-474d-ba8e-d7240f6f76c6.tmp | — | |
MD5:— | SHA256:— | |||
2156 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp | — | |
MD5:— | SHA256:— | |||
2156 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT | — | |
MD5:— | SHA256:— | |||
2156 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp | — | |
MD5:— | SHA256:— | |||
2824 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:5A1AC50DEFFE3ADEEC3C1C6B7CE515EE | SHA256:A05624EE45E532E271EC27383128A22E6F3E19C02D9EF83102D437F8C9A16589 | |||
2824 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\9ea577a4b3faaf04a3bddbfcb934c9752bed0d0fc579f2152751c5f6923f7e14.doc | document | |
MD5:84198FF712F5A11E2EDC74D523063B10 | SHA256:5CD330D935D3549F759202676A5882A74A408911BCD77EA34B5DBDD2B3D56D75 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2156 | chrome.exe | 172.217.22.35:443 | www.google.de | Google Inc. | US | whitelisted |
2156 | chrome.exe | 172.217.18.99:443 | ssl.gstatic.com | Google Inc. | US | whitelisted |
2156 | chrome.exe | 172.217.23.163:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
2156 | chrome.exe | 216.58.206.10:443 | safebrowsing.googleapis.com | Google Inc. | US | whitelisted |
2156 | chrome.exe | 172.217.18.164:443 | www.google.com | Google Inc. | US | whitelisted |
2156 | chrome.exe | 172.217.22.3:443 | www.gstatic.com | Google Inc. | US | whitelisted |
2156 | chrome.exe | 172.217.22.45:443 | accounts.google.com | Google Inc. | US | whitelisted |
2156 | chrome.exe | 172.217.22.106:443 | www.googleapis.com | Google Inc. | US | whitelisted |
2156 | chrome.exe | 172.217.23.163:80 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
2156 | chrome.exe | 172.217.22.3:80 | www.gstatic.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
clientservices.googleapis.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
www.google.de |
| whitelisted |
safebrowsing.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
www.google.com |
| whitelisted |
ssl.gstatic.com |
| whitelisted |
dns.msftncsi.com |
| shared |
google.com |
| whitelisted |
www.googleapis.com |
| whitelisted |