download: | config |
Full analysis: | https://app.any.run/tasks/b356a9e2-4e9f-4aa9-8bc2-1e271dad74bf |
Verdict: | No threats detected |
Analysis date: | May 03, 2019, 16:41:22 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with very long lines |
MD5: | B3879FA1C41443691B0691BFDB0F61A2 |
SHA1: | 6F6AE05EF16AC1E45DE864C8D7ED76CEA8857E57 |
SHA256: | 7791A97E5E3E042C42AD102EE87ED2B9A5E863881D8E5A5F586BC4C97470729E |
SSDEEP: | 384:uXnMa81amId5ypDDMOshh5ZfSvqPwRfHZuWW6:uXnS1amId5ypDrshhnN6 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3012 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\config | C:\Windows\system32\rundll32.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
300 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\config" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | rundll32.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
300 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRC594.tmp.cvr | — | |
MD5:— | SHA256:— | |||
300 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat | text | |
MD5:FA04E710CDE9716512305F3912544B2E | SHA256:9A700614869FBBAE2879FDB9284CE5B13B511627FA62B02777F28151D8200DE7 | |||
300 | WINWORD.EXE | C:\Users\admin\~$config | pgc | |
MD5:BEB63DA151B9C5FF1BD933ACAC3642F7 | SHA256:2330A02905991F29A9C1585234FD50C201F76890592FDA9398BC374A4E9BBA5C | |||
300 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\config.LNK | lnk | |
MD5:D1856F3AF2E7E17D5C4DA9FA09D1250C | SHA256:F9A1C85D77EF0A9ED4EEE09C605EECB03BEC4A6DD10DED8C66BD0070746FFC6A | |||
300 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:BB5E2878DD3D1D8739F41A37B8EF15EE | SHA256:34083C34091BEF53E237350AF9D5713A0C04539BCF0F47004309FE0FA5ADF5C7 |