Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://192.3.176.146/ic/icicicicicicicicicicicicicic%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23icicicicicicicic.doc

Overview

General Information

Sample URL:http://192.3.176.146/ic/icicicicicicicicicicicicicic%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23icicicicicicicic.doc
Analysis ID:884007
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Antivirus detection for dropped file
Yara signature match

Classification

  • System is w10x64
  • chrome.exe (PID: 2204 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 2188 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1644,i,5898683217458233683,13373722680240727198,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • WINWORD.EXE (PID: 6372 cmdline: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /n "C:\Users\user\Downloads\icicicicicicicicicicicicicic########################icicicicicicicic.doc" /o " MD5: 0B9AB9B9C4DE429473D6450D4297A123)
  • chrome.exe (PID: 4740 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://192.3.176.146/ic/icicicicicicicicicicicicicic%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23icicicicicicicic.doc MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
dropped/chromecache_108SUSP_INDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embedding one of the object mostly observed in exploit (e.g. CVE-2017-11882) documents.ditekSHen
  • 0x124f:$obj1: \objhtml
  • 0x1288:$obj2: \objdata
  • 0x1274:$obj3: \objupdate
dropped/chromecache_108INDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x124f:$obj1: \objhtml
  • 0x1288:$obj2: \objdata
  • 0x1274:$obj3: \objupdate
C:\Users\user\Downloads\4e186edb-433c-401c-ba00-d3d21353fa91.tmpSUSP_INDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embedding one of the object mostly observed in exploit (e.g. CVE-2017-11882) documents.ditekSHen
  • 0x124f:$obj1: \objhtml
  • 0x1288:$obj2: \objdata
  • 0x1274:$obj3: \objupdate
C:\Users\user\Downloads\4e186edb-433c-401c-ba00-d3d21353fa91.tmpINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x124f:$obj1: \objhtml
  • 0x1288:$obj2: \objdata
  • 0x1274:$obj3: \objupdate
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: C:\Users\user\Downloads\4e186edb-433c-401c-ba00-d3d21353fa91.tmpAvira: detection malicious, Label: HEUR/Rtf.Malformed
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownDNS traffic detected: queries for: accounts.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.176.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.176.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.176.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.176.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.176.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.176.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.176.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.176.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.176.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.176.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.176.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.176.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.176.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.176.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.176.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.176.146
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ic/icicicicicicicicicicicicicic%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23icicicicicicicic.doc HTTP/1.1Host: 192.3.176.146Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.aadrm.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.aadrm.com/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.cortana.ai
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.diagnostics.office.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.office.net
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.onedrive.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://api.scheduler.
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://apis.live.net/v5.0/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://augloop.office.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://augloop.office.com/v2
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://cdn.entity.
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://clients.config.office.net/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://config.edge.skype.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://cortana.ai
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://cortana.ai/api
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://cr.office.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://d.docs.live.net
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://dataservice.o365filtering.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://designerapp.officeapps.live.com/designerapp
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://dev.cortana.ai
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://devnull.onenote.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://directory.services.
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://enrichment.osi.office.net/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://graph.ppe.windows.net
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://graph.ppe.windows.net/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://graph.windows.net
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://graph.windows.net/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://invites.office.com/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://lifecycle.office.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://login.microsoftonline.com/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://login.windows.local
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://make.powerautomate.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://management.azure.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://management.azure.com/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://messaging.action.office.com/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://messaging.engagement.office.com/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://messaging.office.com/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://ncus.contentsync.
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://ncus.pagecontentsync.
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://officeapps.live.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://onedrive.live.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://onedrive.live.com/embed?
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://otelrules.azureedge.net
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://outlook.office.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://outlook.office.com/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://outlook.office365.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://outlook.office365.com/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://pages.store.office.com/review/query
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://powerlift.acompli.net
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://pushchannel.1drv.ms
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://settings.outlook.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://shell.suite.office.com:1443
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://staging.cortana.ai
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://store.office.de/addinstemplate
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://tasks.office.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://webshell.suite.office.com
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://wus2.contentsync.
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://wus2.pagecontentsync.
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://www.odwebp.svc.ms
Source: CE0FBE99-A23C-44EF-A583-A0917A6F358D.3.drString found in binary or memory: https://www.yammer.com
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

System Summary

barindex
Source: dropped/chromecache_108, type: DROPPEDMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
Source: C:\Users\user\Downloads\4e186edb-433c-401c-ba00-d3d21353fa91.tmp, type: DROPPEDMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
Source: dropped/chromecache_108, type: DROPPEDMatched rule: SUSP_INDICATOR_RTF_MalVer_Objects date = 2022-10-20, hash2 = a31da6c6a8a340901f764586a28bd5f11f6d2a60a38bf60acd844c906a0d44b1, author = ditekSHen, description = Detects RTF documents with non-standard version and embedding one of the object mostly observed in exploit (e.g. CVE-2017-11882) documents., score = 43812ca7f583e40b3e3e92ae90a7e935c87108fa863702aa9623c6b7dc3697a2, reference = https://github.com/ditekshen/detection
Source: dropped/chromecache_108, type: DROPPEDMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
Source: C:\Users\user\Downloads\4e186edb-433c-401c-ba00-d3d21353fa91.tmp, type: DROPPEDMatched rule: SUSP_INDICATOR_RTF_MalVer_Objects date = 2022-10-20, hash2 = a31da6c6a8a340901f764586a28bd5f11f6d2a60a38bf60acd844c906a0d44b1, author = ditekSHen, description = Detects RTF documents with non-standard version and embedding one of the object mostly observed in exploit (e.g. CVE-2017-11882) documents., score = 43812ca7f583e40b3e3e92ae90a7e935c87108fa863702aa9623c6b7dc3697a2, reference = https://github.com/ditekshen/detection
Source: C:\Users\user\Downloads\4e186edb-433c-401c-ba00-d3d21353fa91.tmp, type: DROPPEDMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{7A014329-3164-4767-8FED-D32E304D11AC} - OProcSessId.datJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: classification engineClassification label: mal56.win@26/13@4/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1644,i,5898683217458233683,13373722680240727198,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://192.3.176.146/ic/icicicicicicicicicicicicicic%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23icicicicicicicic.doc
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /n "C:\Users\user\Downloads\icicicicicicicicicicicicicic########################icicicicicicicic.doc" /o "
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1644,i,5898683217458233683,13373722680240727198,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /n "C:\Users\user\Downloads\icicicicicicicicicicicicicic########################icicicicicicicic.doc" /o "Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: icicicicicicicicicicicicicic.LNK.3.drLNK file: ..\..\..\..\..\Downloads\icicicicicicicicicicicicicic########################icicicicicicicic.doc
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\4e186edb-433c-401c-ba00-d3d21353fa91.tmpJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to