Analysis Overview
SHA256
84f3e2049740ebbcfb5fe827cc6068c6f8691bcaefa781a9f2af7a07d944443b
Threat Level: Likely benign
The file autoClicker.exe was found to be: Likely benign.
Malicious Activity Summary
Drops file in Program Files directory
Browser Information Discovery
Unsigned PE
System Location Discovery: System Language Discovery
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 22:57
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 22:57
Reported
2024-11-09 23:00
Platform
win7-20240903-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\autoClicker.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\autoClicker.exe
"C:\Users\Admin\AppData\Local\Temp\autoClicker.exe"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\StopEdit.3gp"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\StopEdit.3gp"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\StopEdit.3gp"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7c09758,0x7fef7c09768,0x7fef7c09778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1356,i,9018851111276921671,7240671996582849601,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1388 --field-trial-handle=1356,i,9018851111276921671,7240671996582849601,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1356,i,9018851111276921671,7240671996582849601,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1356,i,9018851111276921671,7240671996582849601,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1356,i,9018851111276921671,7240671996582849601,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1000 --field-trial-handle=1356,i,9018851111276921671,7240671996582849601,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1472 --field-trial-handle=1356,i,9018851111276921671,7240671996582849601,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3396 --field-trial-handle=1356,i,9018851111276921671,7240671996582849601,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3592 --field-trial-handle=1356,i,9018851111276921671,7240671996582849601,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.187.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
Files
memory/2716-0-0x00000000748EE000-0x00000000748EF000-memory.dmp
memory/2716-1-0x0000000000190000-0x00000000001D2000-memory.dmp
memory/2716-2-0x00000000748E0000-0x0000000074FCE000-memory.dmp
memory/2716-4-0x0000000000330000-0x000000000033A000-memory.dmp
memory/2716-3-0x0000000000330000-0x000000000033A000-memory.dmp
memory/2716-5-0x00000000748E0000-0x0000000074FCE000-memory.dmp
memory/2716-6-0x00000000748E0000-0x0000000074FCE000-memory.dmp
memory/2716-7-0x00000000748EE000-0x00000000748EF000-memory.dmp
memory/2716-8-0x00000000748E0000-0x0000000074FCE000-memory.dmp
memory/2716-9-0x0000000000330000-0x000000000033A000-memory.dmp
memory/2716-10-0x0000000000330000-0x000000000033A000-memory.dmp
memory/2716-11-0x00000000748E0000-0x0000000074FCE000-memory.dmp
memory/2716-12-0x00000000748E0000-0x0000000074FCE000-memory.dmp
memory/2716-13-0x00000000748E0000-0x0000000074FCE000-memory.dmp
memory/2712-14-0x000000013F2A0000-0x000000013F398000-memory.dmp
memory/2712-15-0x000007FEF7BF0000-0x000007FEF7C24000-memory.dmp
memory/2712-18-0x000007FEF7AA0000-0x000007FEF7AB7000-memory.dmp
memory/2712-17-0x000007FEFB9E0000-0x000007FEFB9F8000-memory.dmp
memory/2712-19-0x000007FEF7A80000-0x000007FEF7A91000-memory.dmp
memory/2712-16-0x000007FEF5F30000-0x000007FEF61E6000-memory.dmp
memory/2708-21-0x000007FEF7BF0000-0x000007FEF7C24000-memory.dmp
memory/2708-25-0x000007FEF7A80000-0x000007FEF7A91000-memory.dmp
memory/2708-24-0x000007FEF7AA0000-0x000007FEF7AB7000-memory.dmp
memory/2708-23-0x000007FEFB9E0000-0x000007FEFB9F8000-memory.dmp
memory/2708-22-0x000007FEF5F30000-0x000007FEF61E6000-memory.dmp
memory/2708-20-0x000000013F2A0000-0x000000013F398000-memory.dmp
memory/2716-31-0x00000000748E0000-0x0000000074FCE000-memory.dmp
memory/2668-33-0x000007FEF7BF0000-0x000007FEF7C24000-memory.dmp
memory/2668-32-0x000000013F2A0000-0x000000013F398000-memory.dmp
memory/2668-38-0x000007FEF7A60000-0x000007FEF7A77000-memory.dmp
memory/2668-37-0x000007FEF7A80000-0x000007FEF7A91000-memory.dmp
memory/2668-36-0x000007FEF7AA0000-0x000007FEF7AB7000-memory.dmp
memory/2668-35-0x000007FEFB9E0000-0x000007FEFB9F8000-memory.dmp
memory/2668-39-0x000007FEF7A40000-0x000007FEF7A51000-memory.dmp
memory/2668-34-0x000007FEF5F30000-0x000007FEF61E6000-memory.dmp
memory/2668-40-0x000007FEF7A20000-0x000007FEF7A3D000-memory.dmp
memory/2668-42-0x000007FEF7A00000-0x000007FEF7A11000-memory.dmp
memory/2668-41-0x000007FEF5D20000-0x000007FEF5F2B000-memory.dmp
memory/2668-44-0x000007FEF7980000-0x000007FEF79A1000-memory.dmp
memory/2668-45-0x000007FEF7960000-0x000007FEF7978000-memory.dmp
memory/2668-46-0x000007FEF6F60000-0x000007FEF6F71000-memory.dmp
memory/2668-47-0x000007FEF6F40000-0x000007FEF6F51000-memory.dmp
memory/2668-48-0x000007FEF6F20000-0x000007FEF6F31000-memory.dmp
memory/2668-49-0x000007FEF6F00000-0x000007FEF6F1B000-memory.dmp
memory/2668-50-0x000007FEF6EE0000-0x000007FEF6EF1000-memory.dmp
memory/2668-51-0x000007FEF6EC0000-0x000007FEF6ED8000-memory.dmp
memory/2668-43-0x000007FEF79B0000-0x000007FEF79F1000-memory.dmp
memory/2668-52-0x000007FEF6E90000-0x000007FEF6EC0000-memory.dmp
memory/2668-63-0x000007FEF66E0000-0x000007FEF66F1000-memory.dmp
memory/2668-62-0x000007FEF6580000-0x000007FEF65A3000-memory.dmp
memory/2668-53-0x000007FEF4C70000-0x000007FEF5D20000-memory.dmp
memory/2668-59-0x000007FEF65E0000-0x000007FEF6608000-memory.dmp
memory/2668-58-0x000007FEF6610000-0x000007FEF6667000-memory.dmp
memory/2668-57-0x000007FEF6DE0000-0x000007FEF6DF1000-memory.dmp
memory/2668-66-0x000007FEF3CF0000-0x000007FEF3D01000-memory.dmp
memory/2668-65-0x000007FEF3D10000-0x000007FEF3D31000-memory.dmp
memory/2668-64-0x000007FEF3D40000-0x000007FEF3EC0000-memory.dmp
memory/2668-61-0x000007FEF6DC0000-0x000007FEF6DD8000-memory.dmp
memory/2668-60-0x000007FEF65B0000-0x000007FEF65D4000-memory.dmp
memory/2668-56-0x000007FEF68C0000-0x000007FEF693C000-memory.dmp
memory/2668-55-0x000007FEF6E00000-0x000007FEF6E17000-memory.dmp
memory/2668-54-0x000007FEF6E20000-0x000007FEF6E87000-memory.dmp
memory/2668-80-0x000007FEF7BF0000-0x000007FEF7C24000-memory.dmp
memory/2668-81-0x000007FEF5F30000-0x000007FEF61E6000-memory.dmp
memory/2668-79-0x000000013F2A0000-0x000000013F398000-memory.dmp
memory/2668-82-0x000007FEF4C70000-0x000007FEF5D20000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
\??\pipe\crashpad_976_EPPFNMRUPPCRLVRN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6d7c7de6-3a31-467a-85f3-db437cd258ad.tmp
| MD5 | ad9b5693b5c0fd2a421dd3f6a05e0ff8 |
| SHA1 | 3e14cf72db9d9b2617d4b3eb871e2793bce1a2dd |
| SHA256 | 0f44aa8e7a2b64c54b64375e4d3d77a78e4ead091abb9dfad1a502e73b184884 |
| SHA512 | a9abb97e42dea80b02f1bb92a50f51e727d3fd18302bb726c7c62af7cc10e11985cd68f722f45aa69af14fc67f4242953e639da7966a5ca779f004bb6e72250e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 22:57
Reported
2024-11-09 23:00
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
147s
Command Line
Signatures
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Crashpad\metadata | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files\Crashpad\settings.dat | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\autoClicker.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756667714161283" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\autoClicker.exe
"C:\Users\Admin\AppData\Local\Temp\autoClicker.exe"
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\ImportConvertTo.xlsx"
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\ImportConvertTo.xlsx"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc0a23cc40,0x7ffc0a23cc4c,0x7ffc0a23cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1832 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2016,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2604 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4616 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3696 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5040,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5084 /prefetch:8
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:8
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff76f0e4698,0x7ff76f0e46a4,0x7ff76f0e46b0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5320 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5140,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5312 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5324,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5156,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5288 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.32.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| FR | 52.109.68.129:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 11.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.68.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.179.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.179.234:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| GB | 216.58.213.1:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
Files
memory/2612-0-0x000000007518E000-0x000000007518F000-memory.dmp
memory/2612-1-0x0000000000C70000-0x0000000000CB2000-memory.dmp
memory/2612-2-0x0000000075180000-0x0000000075930000-memory.dmp
memory/2612-3-0x0000000005770000-0x0000000005778000-memory.dmp
memory/2612-4-0x0000000005A20000-0x0000000005A58000-memory.dmp
memory/2612-5-0x00000000059E0000-0x00000000059EE000-memory.dmp
memory/2612-6-0x0000000075180000-0x0000000075930000-memory.dmp
memory/2612-7-0x0000000075180000-0x0000000075930000-memory.dmp
memory/2612-8-0x000000007518E000-0x000000007518F000-memory.dmp
memory/2612-9-0x0000000075180000-0x0000000075930000-memory.dmp
memory/4512-10-0x00007FFC1908D000-0x00007FFC1908E000-memory.dmp
memory/4512-11-0x00007FFBD9070000-0x00007FFBD9080000-memory.dmp
memory/4512-14-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp
memory/4512-13-0x00007FFBD9070000-0x00007FFBD9080000-memory.dmp
memory/4512-18-0x00007FFBD9070000-0x00007FFBD9080000-memory.dmp
memory/4512-17-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp
memory/4512-20-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp
memory/4512-21-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp
memory/4512-19-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp
memory/4512-22-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp
memory/4512-24-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp
memory/4512-23-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp
memory/4512-25-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp
memory/4512-16-0x00007FFBD9070000-0x00007FFBD9080000-memory.dmp
memory/4512-26-0x00007FFBD6710000-0x00007FFBD6720000-memory.dmp
memory/4512-15-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp
memory/4512-12-0x00007FFBD9070000-0x00007FFBD9080000-memory.dmp
memory/4512-32-0x00007FFBD6710000-0x00007FFBD6720000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C26D6945-7975-4461-9AD0-7BD35C23CDCE
| MD5 | 6359bfc02c836b438e851331c275b97e |
| SHA1 | cf1b259375e0554b632f6b65d02c54d4675c70db |
| SHA256 | 5e95d42f9795554c8b7795e8942ad46e80db2dc74af3130f6261b573fd3de222 |
| SHA512 | f7fa382188e69bbd1e5994aff059a68c01d628457d2e0e0109979c34bfd3d5d3a294b3d39e778f4e6a1794a8212d69738893d02c4a9b14706a0d9e475dc3ca27 |
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 4ea32ec2b0eb9e7b68af32f96c401c37 |
| SHA1 | 0f635e8c6535c59af36989318ff2813845a69550 |
| SHA256 | 922707ecc2bd016af06712e0d7f72a4c0652739f9fd0f5ad56e21923192a73cb |
| SHA512 | b281f2197d5f55618ebffdb2d81c7a3c855906a708d99917b0cd4a5e132b2f96b9d94d70129ac0bc34f40d45c7c88099ba1f397a78d86e9af750e8639e845e8c |
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal
| MD5 | ccf21dff9440a45629294ec213774985 |
| SHA1 | 15335177661ad9bc968c0cf0db2e1bd20e687112 |
| SHA256 | b238e908a8e338a607da5b73ddfcaa02c3807e16f2d07ef4cc423c95b32a4f65 |
| SHA512 | 46403599273edaa338cbbc5dd76c1e30c2cd4197f79346f47e4f82d171053e9e5bbfca60356aa439fb48267cd89aff807f702d5bbbe595e5e7907f7fd75ced4c |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres
| MD5 | 1ccdc8bbff37b3bd530c623ccec01491 |
| SHA1 | 5566b759d84365b31af3bd2714e42ddb4ee9d884 |
| SHA256 | ae0f97272aeded3b3ec521e4f76bd746a3e5e894c4ca55547701a4911a6d890a |
| SHA512 | aa11557672d5e78be8c5410bb4220e6c8d15cf1a6254e7453d78b2d0f76f2731dd33c7ca623b93bb7b67fa381c9c864315cf68325dc94f22b789436c3cd369c9 |
memory/1780-64-0x00007FFBD9070000-0x00007FFBD9080000-memory.dmp
memory/1780-66-0x00007FFBD9070000-0x00007FFBD9080000-memory.dmp
memory/1780-65-0x00007FFBD9070000-0x00007FFBD9080000-memory.dmp
memory/1780-63-0x00007FFBD9070000-0x00007FFBD9080000-memory.dmp
memory/4512-70-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp
memory/4512-77-0x00007FFC1908D000-0x00007FFC1908E000-memory.dmp
memory/4512-78-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
| MD5 | 11653bc135563ea466daff1882772382 |
| SHA1 | 51317ff25023c9f49c7b9196f19dceba366e3595 |
| SHA256 | a014d201f4df2deb0a710bf9aa5ebcfe1bef9b900b185fbe12af15c8c044a757 |
| SHA512 | af2b67dd9dd714e505239c29187ce8cd59c9575937ab6526618196cac5773b01000eebf6a12b3b62afb4264ccdaaceb01595eb433ba0c94b0148addc6a5d764c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
| MD5 | 6043e571d4a2010afccdae0df6f9568d |
| SHA1 | 0be9978b0a8ee7fcf325a5b1f9627db77f4ed2c9 |
| SHA256 | bb6cb99c15cebc3ac528f00108a1a9bf9072c2b579a4316bd0cc3b9e3eb832a8 |
| SHA512 | f7ecdbf93afcac04f7236faf616329b98303b25164fe0872c363ecf41445c911ee7efa1708e943df619a8d5311b6fe6f189cf4dad121a4d78aa08daf175b6aee |
memory/4512-86-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp
memory/4512-92-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp
\??\pipe\crashpad_4284_OYPBMKJWEHVQGTEY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4284_1404318324\19195436-032c-48c3-a49c-fa49ef5f9b60.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4284_1404318324\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | a4643437981ac49c10fa8f6911b2d9dd |
| SHA1 | ddd7d0b14248bbcc3c46bbb276e9a775961a79fc |
| SHA256 | dd33f38be93119596036e40ba8463c1091d8f7bdbd1ff12488c5a0800abeb4ca |
| SHA512 | b1497d3953a86dfe37a098f642e2d3b1322ceca50b6ddeacab6b3c0fd8475f56ad565a0951a1323aadf1e1fb15ddde0c895dcede02a1932796546f707e6a0963 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 79f9bdafe80dbcb135ff90ec3b09a1b4 |
| SHA1 | af43c2d3d68344efb6342e02704d8af5827afa73 |
| SHA256 | 1e18fc7e69d958962441f16d020bdf961c7abff1ca43ac74365b0c866054c2aa |
| SHA512 | 79ae91cd8bbef0a89f5745aa2780642bfb98183211e3db864a644d0a9b75ca1dc7fc810d5bb78e95687bba78311d6e9c360f79bfa33c28ab8ce8b67665c6e8a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f3be51241e9b7937dc48a98761a60ad |
| SHA1 | 4f169c71359521f5657626341c98ef5b73ff48ae |
| SHA256 | 609e09cd8c3ef9156630eec2a5498db9d687c03b0ebb11bf900767181c3ddabd |
| SHA512 | d3663e03f18fb18ba77fdcabfd38c456f8dd6e3b0f02a77709ec0ce5ab716c2920b8a01f4c907174022925461aedfa925602e9c3bc834043105a33c1b60f13a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 98a826e0e80e25a8b850f5f51957bb3e |
| SHA1 | ba7777c78b08c76af54d7f67c197348292002edf |
| SHA256 | d57a045cefc9501735e061f8f428a8f0fd892471f6ab55ad98f80d6264db35b0 |
| SHA512 | e0f624dbc5b343eba1e7b3fce8805731ff9e28ab7582939549e7378f221401db0ead0613913bd94eeb33ada18bf703b7f49f8bdfeae052d2ee71cfc928a70298 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 8d396e60a7f67146fc7fa1cbab9c6db6 |
| SHA1 | e4d48e23bbd45e5dc1966ebf1137483d793fb1b8 |
| SHA256 | a01d17f6094aab73275564dac5676e656ae7509dec199cab8ab57ccac5d5c528 |
| SHA512 | 63d08a59859605698492f16a6d21248cafeaec9a0804697a27ad886ac763ee1ea5054008812fcbe9bb66bd95a0ae9c41446eeb145f5413dcef20ceb386a141ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f7044119e4fa7e6540a4460112facc77 |
| SHA1 | fad01cdede0c860c4b709a813d5aa6d5841749af |
| SHA256 | 5f97e8f6da27f8f31c617091eaf727d95bfe677f769c6a356174b5090588d488 |
| SHA512 | 702cdfb449b40e4cca983310f70e68e690aae3b12237d90cab65eb4ea32a49080b5bc2e5f0f0817be285cfe560e364fa543f82f027995cd8b833723600aaea10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 87690eac1f25dbe4aba50c9e102aa672 |
| SHA1 | 052a0989d229ebaa68007939522e464e77fa28db |
| SHA256 | 63f452b0a467ce53bf65d9c01d0873825ac3795f98e0b7fd21b0be13e87e0988 |
| SHA512 | 9eb4caa646293b6a6b4f44259a6b2e19eef5507ceb21ecef7358b4caf5698b3ef1c0048d74da124631247e4675fa541aac19b76484bc87bd0b27e52a619c298c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 4f1c7132ceae920d7855fa4d1a9edff9 |
| SHA1 | 51e2a6f7c41834b7e15c058c050bcf21e25292b2 |
| SHA256 | 2d1a5950abfa12be0627ead657587e391a62410d05db918237323b3465836683 |
| SHA512 | 8845e8224b6915cbed68526efc10106735f7dc94798af46afd87516181d536635c2bab7bcfc34d1341fd09fd0087b768ad69a9ace6831a81a9c18b9d21e2c79a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2be0bc8c271bcd45f6b657f6b6421920 |
| SHA1 | 65c983f5c1968975673953c427b1c1803e4b3312 |
| SHA256 | d7316d1e27d24d16d2cf98758405bae8fa74ea9d5dce13a98253a6d94304cb86 |
| SHA512 | 197f9c33ae6c03758514d861920a39c3e860d3a8def0be8eeb465841e71929132fb020cabac0a8b568d5fff50bfc07eb1d7e6be3ef502fbf5100b7d65a82673f |