2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e

Analysis

max time kernel
51s
max time network
148s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoClicker-3.0.exe
Size

844KB
MD5

7ecfc8cd7455dd9998f7dad88f2a8a9d
SHA1

1751d9389adb1e7187afa4938a3559e58739dce6
SHA256

2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e
SHA512

cb05e82b17c0f7444d1259b661f0c1e6603d8a959da7475f35078a851d528c630366916c17a37db1a2490af66e5346309177c9e31921d09e7e795492868e678d
SSDEEP

12288:GaWzgMg7v3qnCiWErQohh0F49CJ8lnybQg9BFg9UmTRHlM:BaHMv6CGrjBnybQg+mmhG

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	WINWORD.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Office loads VBA resources, possible macro or embedded object present

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\MenuExt	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit"	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	WINWORD.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\ = "&Open"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\ = "&Open"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\ = "&Open"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\topic	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ = "&Open"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\ = "&Print"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ = "&Open"	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\mhtmlfile	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" /p %1"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon\ = "\"%1\""	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application\ = "Excel"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\ = "&Open"	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\htmlfile	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\ = "&Edit"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ = "&Open"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\14\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe"	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\ShellEx	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\14	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2628	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2924	chrome.exe
2924	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2184	AutoClicker-3.0.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2184	AutoClicker-3.0.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2628	WINWORD.EXE
2628	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2688	2924	chrome.exe	29
PID 2924 wrote to memory of 2688	2924	chrome.exe	29
PID 2924 wrote to memory of 2688	2924	chrome.exe	29
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 2652	2924	chrome.exe	31
PID 2924 wrote to memory of 956	2924	chrome.exe	32
PID 2924 wrote to memory of 956	2924	chrome.exe	32
PID 2924 wrote to memory of 956	2924	chrome.exe	32
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33
PID 2924 wrote to memory of 2044	2924	chrome.exe	33

C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.0.exe
"C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.0.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7359758,0x7fef7359768,0x7fef7359778
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:2
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1380 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:8
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1468 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1968 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2020 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:2
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2220 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:1
  2⤵
  PID:292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1924 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3240 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1780 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2432 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1996 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3156 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3908 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3812 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:8
  2⤵
  PID:108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3900 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3660 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1436 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4256 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3760 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4480 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4420 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4480 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4888 --field-trial-handle=1836,i,638203483349227846,143828011399539071,131072 /prefetch:1
  2⤵
  PID:3580

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2760

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:988

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Documents\Files.docx"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2628
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:1948

C:\Windows\system32\SndVol.exe
SndVol.exe -f 45352094 13726
1⤵
PID:1032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c067f9c3136f231697fb0235a64586c

SHA1
efcf91778f201cba4ecac4f43f689c1d81260103

SHA256
4926e1281ab7f77e2f43f6592f0a7db060ddff3c1457f73b16435865256a1532

SHA512
19b72cfaf7a147ef7eddd4887f304b1ed91e51035f21b687410154848df8b613b640d8715e96d5bd47547b81f64af23674e9dfa3d96265ee9e8a06d45e549318

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aec0993aa66c0638e4234e3ec5a5c739

SHA1
dd20af334663d086514689f8d0fa3d7da6535138

SHA256
01ad4e59e164a97b4c5a0ced5b47eb6200a8cd1618da0b7e60a9e97c88374af9

SHA512
b55db4a7eb97d9d645691f93e5088d8ec41803dc240061ed6e0eb01afa55682f298c86b284a60164bdec5e084a258b4dee24df2dca82b3d69254382c6d63b91b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7006dc7ad6bf610de1b6becf5aea460

SHA1
ba8ba7a63a4539b88c336bbdf85eaefca00bff7a

SHA256
4285318cdac8a27c3f8172b97b1d8429137b54619b8308b5a11948ff9c69e7ed

SHA512
2c0c7140ef43e91080a190dc072584f76c11cd280bb7acbdc0bc369d6be38e224467a2e2bad4438688659879394fa352d1791b380b77025ffed2d9de88f4f48a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16e9db444dd00f8e0fc7a8337197614e

SHA1
22f21d68ff8c5e71aa82b046d59375510a344609

SHA256
089e95232251d5c64a51f5dca49fad337e43e5ee5e322a04857b26becb562eee

SHA512
ff93c2ee02835b7bde71dacb2944823f5536889f8a6fb9a7eba0266204720140356d57baaa29e21939dda5591c674a096064a75404168b8b90ade55d3b7c9a2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1947de63ab36430dd01eba98ddfe47c

SHA1
6bc14c17ca51674c946e26a1f6c4982df02dcabb

SHA256
361fe4a8dd5d2de801e65683e6665ee37f6a6c32fe341797f4da0e41da31c098

SHA512
cfe4b64583c0997cb4ba54fc0f0b073acff811c85adef811d3cb981bd4fceb3e0275f78d7bc0f4bddfd1dbd5701a00121e98fc700ffba09f5f38ace7c87bbe13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
70KB

MD5
c71e661f482d2a7bfc565060281b324f

SHA1
4f66536e4d59091e4ce33e84207965c51330ecbb

SHA256
60edc95aa4f8233ce27dd1b122a78632a0b9aa5be0f183b27a08dd9fc58a4932

SHA512
7bf62c927d45ba24d1465977e8d741b2aba4faee95f7d3767fbbd781c62b3c6bc97e1fb9f525d43f3c77202ae6f8904f3389c3ffc84c306c43be876ce4a180c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
106KB

MD5
12db4747c919800260d71579c658c235

SHA1
62cd7b4d1646452e4fcf800e5c726785fb3eafbf

SHA256
1db7e1a8992d246c5f8f45ac7bdede320af040b05933ea88452b2363e7cffa5c

SHA512
cb7cb75b01d6eb46741c083de628a3a378b5a8f1c93c89fe2249fa37c37fed7f1060799a354754b365cb53da74ac270fa9e586967ea9dbb44a2bb9d9ec4d01cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
47KB

MD5
127b7a9f7009939d0ae5dd1a48386985

SHA1
f9e981f2fbc6df7e304803153fb6fe40f0dcb6ac

SHA256
9d8e3219c036313e8b27ecb7b91befc49de6a32352a5349656945a7525a89962

SHA512
b1a442d78f6adc7a67f8ee299d46817309798ff2a38a66af2ff03eaa276b3a7967fde34e801dc8488ed75b3110fd01b3a9763f792ce75e21fae190d4779c1287

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

Filesize
809KB

MD5
4e0fd939c1a363d23ccae3d7929df599

SHA1
599ce43eebeb61aa36c08116ba84fcc81ea499aa

SHA256
33f2573ae756a04677c62a4a3953160c169226145256d90b0443f0074fe2522d

SHA512
7e269353327b150346b4601a92ff91f6ebfce2004b62f03ed55f977b9ce9a520ede65940eadb85b007e0a6778c7af48d4cf38c028c168e8962cb56388ceeb2f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
32KB

MD5
d2fa74eca9d32a4d2e972aac6374e508

SHA1
44d505f520ec8840633b7ec0534a98a135f0c261

SHA256
ef08e7461ad13377993a74ae88ea9afcac9d54c3051fc9291cdc1df89ff339ef

SHA512
a6c545da622f610d174431ef09cd466834bf47c14fd9cfa6571a4207452844a161958adf6c30370facae99a446fb7d0a33ef0d6745024430c9c977043ab00f47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7791d4.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1015B

MD5
9194341efc2740f4163e3c2f516819f1

SHA1
7a1097b5a54e582486d5a66a5a3480bd03416118

SHA256
51724ebeee19d7395f7abee62caaabe1aaf80ba0500449b9da0671a7f70ec321

SHA512
fec36dd875ac650c922142d8c5cbcab0b8ced24eca34df28b9484c1729cba29d42a3ad212164981f48793bd64829c7e7d84ea508fb7ffb2ee30500ecaf18f264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
198B

MD5
3349191fccf14abee731e5bd5b331259

SHA1
0457bbb36ac6b5dd5ae5be81ee9f15adfbaba1be

SHA256
2e7e7c02211360adb37923a2359600af6c72a165f868fcf2f9260e290a930bab

SHA512
ea8c432202e15bcc358981cf381eeee1ce2f88e363f8f1f315a243ad1dfa8e2a24ca7f6042e965cede784de0b040c2f4671f0fd072129bf88b86823e3359c315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
525B

MD5
02c9c6b813f5a1838eefba1c191a3730

SHA1
a1b4e7424e678fce62ab925e7c004b41908d5f24

SHA256
2f7f94a750caa76050f15aed139a4061d15e47f844e06a769af6356b102b9df0

SHA512
b5d4b06c20dd117960eff0dd738b2c633af363a2fa7aee02e7a41b12014733b53dcafc0fb8542dc40a6cd6a40bc21433f4eed9f76f9afc84a289b903bd82ea02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
651ebb8b9846771fc12b64b4e598024d

SHA1
02c2e5a2628d6cf69c60ca53a15e1883cc899470

SHA256
1a1c0f3440b4367a298e27f810f175b420240957d26b2e858956390780da2fe4

SHA512
368bb4a58fda51c99bb2005c9b4df6fac0722b801ef159936ecefbc93a9e7dac28d8f11335c6a030972d9ef40a8d5349d1ea5bfe4d28e0e99cb93094a44fc43c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
198B

MD5
84eec2b145961361fb6e3c56ffa82a28

SHA1
c6fe2f3f02548b9ea5d07c5fac4275e14e3344a6

SHA256
885d85524146eb9a41de29a8e985043626e135ff01f5a8156a6bb77b791ffd33

SHA512
13de4f21e44ac3ef931b9879ca4e2bd4747ef15b77896287303b6b7fa5a041b96aa8caec314a4c4458d75190b180bab58901436d6cdf91a83d437b918d62b9bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
80ca98c02e67196e4060ff2c9cd25c17

SHA1
b59337c10888be994eefd005c64771b2cad614ee

SHA256
1ecd2fd8bf2696fbce696d28b1c93a159d2682ede523c60649808d3f7053c799

SHA512
fc923b62f4152ab79f052b48300db8eb3fdc97c0e6e91b392d1f606d6157298a4becabd3280a790c9848a159de099e9648d23a03e6c8de229c7f3e0b6ee5eea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ecd01f341855a8b7c26dc39a5814a3a2

SHA1
181b10adb93320e39383ed5fde9ec35969cfddf3

SHA256
4eef7a426c42c7f2fc5a10712a07e3d491cdf8a7761cbcdf98be220a2a0da78d

SHA512
3b9c6c4459f342872450485d55e3e1ef0fdd747ea8ff50088f8ff7bc425e50fa914f7557d34e3e4fcafec51177c381f6ed75294e66ff54232d13940380a798d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cf110d47603b3f5315847e191000fe10

SHA1
02bb8e875f0cb8c7f34af7e0e4de08d6a5a4a15a

SHA256
ecd4c10f49db06c53850c210f2c6a309d5ae5a375d588c072d0f2cb1886a1ecb

SHA512
760451e90f0670d693fb547525e03dfab5ee149745a3adb5c1b4220cedf0119e8ec49455e02a09034d250ebf83c2a2d79c51f019bdda44de028023ac2f7fa223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
82101c26dafc470e507bd530930c424a

SHA1
1e2f1d236ca4ceba4dd7dbac648748b0a9cac8ae

SHA256
09d4e62e042a5f95ea716aa6d064b0d1be957e059918dd5eec26c5fdeca4d0e9

SHA512
a0c25c7614cb3c4967ac02e58cce15a08302f38983dfcc5897a1ad3f91375f3a6c6d5e2518e9b855532e54753dca2571b0baadd391ebc95957b7ff25355f5f3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ed27f0bb3a11dfc68d27f5158b348677

SHA1
96b6f38ede9e2dd9312a23d9d79ac014222389fa

SHA256
58bc9046d78bbf794752c69e8acde2c73ff6c51b2dc9b1fe123e5926faf89b39

SHA512
fa63b48afd3ec65ff91fd4f1a063199cdde65394063940fca2cc14d5e6105243b1490c836112504d0a4da5416b8a3a7ddfaaae59513d605a3b75ff1d2cb74fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
19d831ed77723805a1cebddd1e011706

SHA1
2b5d515029d0ebb766c93979e868ae515f9f8911

SHA256
1252d97168d46ab640920be813f8ea36879dd0d055533b21674113405e3e79f7

SHA512
a3e608126b375df546cf01fbbcf92bf5444c00355bdf09e03a3d4c661818907a9c9f4c399378f009f5562edb14553280bd6a8c2263312d8c42758d8f256dbcaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
119B

MD5
b70b1cb1ddead84174748c451bb1aef3

SHA1
c1bd27ff85d1bcd4b7ea3ae21e9cc1fb40b202ab

SHA256
d349acdfb9f301e95fac89bbf76767459eb794dcafad58e33dbb2d587d0be397

SHA512
6fc5be577d75c3eb50d40ed9371a83e3c4a5b5a65561266255494935e33ca4f707e77215382c9735f6e1893dc7c762fba4a227b4f3af475b36f7d5bbf7fb2d0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
b5fb18bdaad3ab2abb16046529f5a494

SHA1
6f1562c2a27742dd64acd29e9a0c41e3033f8192

SHA256
efb8a69194fdeeed525d25c6310784100ed1eb37dc2ef94e06c4a42c6a62faa6

SHA512
a4707fb7d344ef9652862afc09ac11327bfa64d1f5e2f996cdeef7c7b32a48a9326fc2004dbdc3943b51d9d3169453adbeeeeca64a1f2bc54f626aa3102a8010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
228435211fd35425ea0a51357e6df012

SHA1
bd32e6f0423b5b4c8ce82b2994a370a1aa88274c

SHA256
30a927bf123cd96604976f734d59b82c00e8bb8e2752aa4b5ecec24d16fa84f9

SHA512
b2b60b62681e29f221a2a8b4c2b20da21fc410111b695537e174f80cf3d3b7ad4013575da20426f993f46cbf492e74a7ce9a64d249428d07de8462588d6a24be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
51bd301a0763fa6ad58395bbb96007bb

SHA1
6fc00099aa7ef433a41324d0559ed42af816e5ca

SHA256
69ca9a67883fa80c4a1db4fdeb0423d4d7677a4ab74a01ef10765f83f1331301

SHA512
be84e3cbc81fec79fb32773d29262c8954f1c5942da3be9ecf42c2c5727d1469ea6b3eec713b1a9bc2724959f3fb1d3b99085170736fdcfdff73c4a9aeb9039c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2924_1701771704\Shortcuts Menu Icons\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
299KB

MD5
64a94cf0180c4581c9b94114348f3916

SHA1
f694e3a59aa6abef2b0d3086f5b8415634dca739

SHA256
b920eeed4fe534d4724dec9c0f3d6700bbe35f181d94950c2634585aee43ac81

SHA512
ef4bebedb6a61dc328be8c454c42eb2ec7274ccb54d13f31576241eaba00538a1e03689c2362553576bc3c7a0639ff042a2b85b19a9010fa44ec42d5a056f26b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
299KB

MD5
21fdea80259cf3c6fe739d1a8906ee6d

SHA1
7f92e97b376730ebf0d9462047f8cf39aa5763b5

SHA256
365dfccf7b6a329679e79f863ea56bd9f130607f6ab02bdc7a25230c37724395

SHA512
53552ad7b4d666a994dba355712da6cc2dbd9b030e1c7fb8a448ee43ace117f4fdc96ac0ccb9dc68dbd4ac9ed63e4103bd37ee35e24199970d8e950254d84590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
72KB

MD5
a94d818cb6b48b20ec436c3cad176cdc

SHA1
022fff9802318a41ba8b7f028a6e9d9af58730ce

SHA256
6441f5e1f6434a295f127718115e4612e6b31a14d103cddc408c52123bc8fa8c

SHA512
9a9b26f126e0ed8fbe5993c99f591bccde539b3ec2dee2f1af64749060643b924d380acb6b3a0eb97a80e280ef280d2cfcdb911818c946f182b09e55dc88eb92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9697.tmp

Filesize
67KB

MD5
2d3dcf90f6c99f47e7593ea250c9e749

SHA1
51be82be4a272669983313565b4940d4b1385237

SHA256
8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

SHA512
9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA08C.tmp

Filesize
160KB

MD5
7186ad693b8ad9444401bd9bcd2217c2

SHA1
5c28ca10a650f6026b0df4737078fa4197f3bac1

SHA256
9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

SHA512
135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
55B

MD5
eede7f266fbd82efab615d575fe3508d

SHA1
ab0a94b2cf39381898f9e81d88f73dff10ed6848

SHA256
ade583d76e81718ae695e204e02bb99586ba011e7d60a59b7ce278c4ae9fc279

SHA512
257b615f8d6157ecd444210bccebf68d1e93042c2fc3ad8f90d840a0ab21c07da9546c4fbdf49910d8e61641056aea1cf21423da12186ff643d5c7e95702cd33

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

Filesize
20KB

MD5
e845a5cdfab177066ee283bfa8549690

SHA1
9366af740d5f2023f413e8081e1234c29b494b27

SHA256
596db402896e2272a30d435831e88cd2f6497e6831969a4c666ac84969751e77

SHA512
fea8e2962ecce95d6fe54f07a83381b135189e896a7ee2db4d635cde7459d047be50cd9c9cb09fabba5441815d5995e3c05cb6a365ebbcb00b3c4e4d3fcf9d15

Download Submit
memory/2628-88-0x000000002F951000-0x000000002F952000-memory.dmp

Filesize
4KB

Download
memory/2628-89-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2628-130-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2628-90-0x000000007189D000-0x00000000718A8000-memory.dmp

Filesize
44KB

Download
memory/2628-131-0x000000007189D000-0x00000000718A8000-memory.dmp

Filesize
44KB

Download