3ef56e02ae76b03016f7dae4e9ef5b8eb9e1c6965cf9a0b52c6ce0973950a8c6

Analysis

max time kernel
515s
max time network
560s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
29-12-2023 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SuperAutoClicker_v1.0.0.58.exe
Size

6.6MB
MD5

676b8c6d7ab51f2885b5bf7d33fa9ea9
SHA1

e87589cec6115c7004d6954452c2e2bb9352906a
SHA256

3ef56e02ae76b03016f7dae4e9ef5b8eb9e1c6965cf9a0b52c6ce0973950a8c6
SHA512

0284766cc198556f3ad401bce2b0ecee7ad228cfb6f1f3d34b0bf5d3474dd7b159cfc8899ab7f7c55fbb3083026aacadb757dc120f3a7e23460b85051abdf3ca
SSDEEP

196608:qoiE+4Y1bUwRPOMOTHFBclhDCZ6CeJEWB/be:biBJPVOLzkhamEq6

Score

8^/10

discovery persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

explorer.exe

description ioc process

File opened (read-only) \??\D: explorer.exe
File opened (read-only) \??\F: explorer.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

description	ioc	process
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe

Drops file in Program Files directory 13 IoCs

Processes:

SuperAutoClickerInstaller.exe

description	ioc	process
File created	C:\Program Files (x86)\Super Auto Clicker\Uninst.exe	SuperAutoClickerInstaller.exe
File created	C:\Program Files (x86)\Super Auto Clicker\Qt5Core.dll	SuperAutoClickerInstaller.exe
File created	C:\Program Files (x86)\Super Auto Clicker\msvcp140.dll	SuperAutoClickerInstaller.exe
File created	C:\Program Files (x86)\Super Auto Clicker\PowerKit.exe	SuperAutoClickerInstaller.exe
File created	C:\Program Files (x86)\Super Auto Clicker\InputHook.dll	SuperAutoClickerInstaller.exe
File created	C:\Program Files (x86)\Super Auto Clicker\libeay32.dll	SuperAutoClickerInstaller.exe
File created	C:\Program Files (x86)\Super Auto Clicker\msvcr120.dll	SuperAutoClickerInstaller.exe
File opened for modification	C:\Program Files (x86)\Super Auto Clicker\SuperAutoClicker.exe	SuperAutoClickerInstaller.exe
File created	C:\Program Files (x86)\Super Auto Clicker\sciter.dll	SuperAutoClickerInstaller.exe
File created	C:\Program Files (x86)\Super Auto Clicker\Qt5Network.dll	SuperAutoClickerInstaller.exe
File created	C:\Program Files (x86)\Super Auto Clicker\ssleay32.dll	SuperAutoClickerInstaller.exe
File created	C:\Program Files (x86)\Super Auto Clicker\vcruntime140.dll	SuperAutoClickerInstaller.exe
File created	C:\Program Files (x86)\Super Auto Clicker\SuperAutoClicker.exe	SuperAutoClickerInstaller.exe

Executes dropped EXE 3 IoCs

Processes:

SuperAutoClickerInstaller.exeSuperAutoClicker.exeSuperAutoClicker.exe

pid process

1044 SuperAutoClickerInstaller.exe
3132 SuperAutoClicker.exe
5180 SuperAutoClicker.exe

Loads dropped DLL 19 IoCs

Processes:

SuperAutoClickerInstaller.exeSuperAutoClicker.exeSuperAutoClicker.exe

pid	process
1044	SuperAutoClickerInstaller.exe
1044	SuperAutoClickerInstaller.exe
1044	SuperAutoClickerInstaller.exe
1044	SuperAutoClickerInstaller.exe
1044	SuperAutoClickerInstaller.exe
3132	SuperAutoClicker.exe
3132	SuperAutoClicker.exe
3132	SuperAutoClicker.exe
3132	SuperAutoClicker.exe
3132	SuperAutoClicker.exe
3132	SuperAutoClicker.exe
3132	SuperAutoClicker.exe
3132	SuperAutoClicker.exe
5180	SuperAutoClicker.exe
5180	SuperAutoClicker.exe
5180	SuperAutoClicker.exe
5180	SuperAutoClicker.exe
5180	SuperAutoClicker.exe
5180	SuperAutoClicker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2484	3132	WerFault.exe	SuperAutoClicker.exe
4216	3132	WerFault.exe	SuperAutoClicker.exe
4892	5180	WerFault.exe	SuperAutoClicker.exe

Checks SCSI registry key(s) 3 TTPs 61 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

explorer.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011	explorer.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

SearchHost.exeSearchHost.exeSearchHost.exeSearchHost.exeSearchHost.exeSearchHost.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchHost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchHost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchHost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchHost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchHost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchHost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchHost.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

Processes:

SearchHost.exeSearchHost.exeSearchHost.exeSearchHost.exeSearchHost.exeSearchHost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000\Software\Microsoft\Internet Explorer\GPU	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000\Software\Microsoft\Internet Explorer\GPU	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000\Software\Microsoft\Internet Explorer\GPU	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000\Software\Microsoft\Internet Explorer\GPU	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000\Software\Microsoft\Internet Explorer\GPU	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000\Software\Microsoft\Internet Explorer\GPU	SearchHost.exe

Modifies registry class 33 IoCs

Processes:

explorer.exeSearchHost.exeSearchHost.exeSearchHost.exeSearchHost.exeSearchHost.exeSearchHost.exeStartMenuExperienceHost.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\MuiCache	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000200000014000000494c2006020004002c0010001000ffffffff2110ffffffffffffffff424d360000000000000036000000280000001000000040000000010020000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400000000100010000000000000100000000000000000000000000000000000000000000ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff0000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff000000000000000000000000000000000000000000000000010000000800000002000000040000002400000001000000000000000100000000000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\MuiCache	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\MuiCache	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\MuiCache	SearchHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2201820139-2432375203-2549035866-1000\{92A77548-B1C4-49DF-AD4D-79E14C55E09A}	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\MuiCache	SearchHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\MuiCache	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133471271772232588"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 140000000700000001000100050000001400000050003a005c00480066007200650066005c004e0071007a00760061005c004e006300630051006e0067006e005c005900620070006e0079005c005a00760070006500620066006200730067005c00420061007200510065007600690072005c00420061007200510065007600690072002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50100000000000000000000e7070c00420061007200510065007600690072000a004100620067002000660076007400610072007100200076006100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000d1c444746a2fda0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e7070c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e7070c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e7070c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff82ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e7070c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff83ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

SuperAutoClickerInstaller.exeSuperAutoClicker.exeexplorer.exeSuperAutoClicker.exetaskmgr.exe

pid	process
1044	SuperAutoClickerInstaller.exe
1044	SuperAutoClickerInstaller.exe
1044	SuperAutoClickerInstaller.exe
1044	SuperAutoClickerInstaller.exe
3132	SuperAutoClicker.exe
3132	SuperAutoClicker.exe
2476	explorer.exe
2476	explorer.exe
5180	SuperAutoClicker.exe
5180	SuperAutoClicker.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

explorer.exe

pid process

2476 explorer.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

explorer.exe

description	pid	process
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe
Token: SeCreatePagefilePrivilege	2476	explorer.exe
Token: SeShutdownPrivilege	2476	explorer.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

explorer.exetaskmgr.exe

pid	process
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
2476	explorer.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
2476	explorer.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe
3220	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

explorer.exe

pid	process
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe
2476	explorer.exe

Suspicious use of SetWindowsHookEx 18 IoCs

Processes:

SuperAutoClickerInstaller.exeSuperAutoClicker.exeexplorer.exeSearchHost.exeStartMenuExperienceHost.exeSearchHost.exeSuperAutoClicker.exeSearchHost.exeSearchHost.exeSearchHost.exeSearchHost.exe

pid	process
1044	SuperAutoClickerInstaller.exe
1044	SuperAutoClickerInstaller.exe
3132	SuperAutoClicker.exe
3132	SuperAutoClicker.exe
3132	SuperAutoClicker.exe
3132	SuperAutoClicker.exe
2476	explorer.exe
1600	SearchHost.exe
5444	StartMenuExperienceHost.exe
2476	explorer.exe
2268	SearchHost.exe
5180	SuperAutoClicker.exe
5180	SuperAutoClicker.exe
5180	SuperAutoClicker.exe
4252	SearchHost.exe
2060	SearchHost.exe
4848	SearchHost.exe
4056	SearchHost.exe

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

SuperAutoClicker_v1.0.0.58.exeSuperAutoClickerInstaller.exeSuperAutoClicker.exeexplorer.exe

description	pid	process	target process
PID 5224 wrote to memory of 1044	5224	SuperAutoClicker_v1.0.0.58.exe	SuperAutoClickerInstaller.exe
PID 5224 wrote to memory of 1044	5224	SuperAutoClicker_v1.0.0.58.exe	SuperAutoClickerInstaller.exe
PID 5224 wrote to memory of 1044	5224	SuperAutoClicker_v1.0.0.58.exe	SuperAutoClickerInstaller.exe
PID 1044 wrote to memory of 3132	1044	SuperAutoClickerInstaller.exe	SuperAutoClicker.exe
PID 1044 wrote to memory of 3132	1044	SuperAutoClickerInstaller.exe	SuperAutoClicker.exe
PID 1044 wrote to memory of 3132	1044	SuperAutoClickerInstaller.exe	SuperAutoClicker.exe
PID 3132 wrote to memory of 2484	3132	SuperAutoClicker.exe	WerFault.exe
PID 3132 wrote to memory of 2484	3132	SuperAutoClicker.exe	WerFault.exe
PID 3132 wrote to memory of 2484	3132	SuperAutoClicker.exe	WerFault.exe
PID 2476 wrote to memory of 5180	2476	explorer.exe	SuperAutoClicker.exe
PID 2476 wrote to memory of 5180	2476	explorer.exe	SuperAutoClicker.exe
PID 2476 wrote to memory of 5180	2476	explorer.exe	SuperAutoClicker.exe
PID 2476 wrote to memory of 3220	2476	explorer.exe	taskmgr.exe
PID 2476 wrote to memory of 3220	2476	explorer.exe	taskmgr.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.3.1237644118\34982100" -childID 2 -isForBrowser -prefsHandle 3276 -prefMapHandle 3272 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6d50315-5fdb-491f-8456-fe5cefebbce2} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 2400 19604f42e58 tab
1⤵
PID:3804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.4.108407614\875497367" -childID 3 -isForBrowser -prefsHandle 3292 -prefMapHandle 3304 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5076d2b-f5c6-4465-9475-d32aed091a44} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 3308 19604f95f58 tab
1⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\SuperAutoClicker_v1.0.0.58.exe
"C:\Users\Admin\AppData\Local\Temp\SuperAutoClicker_v1.0.0.58.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5224

C:\Users\Admin\AppData\Local\Temp\RarSFX0\SuperAutoClickerInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\SuperAutoClickerInstaller.exe"
2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1044

C:\Program Files (x86)\Super Auto Clicker\SuperAutoClicker.exe
"C:\Program Files (x86)\Super Auto Clicker\SuperAutoClicker.exe" ""
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 1984
4⤵
- Program crash
PID:2484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 1984
4⤵
- Program crash
PID:4216

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.7.1835332529\331547270" -childID 6 -isForBrowser -prefsHandle 2564 -prefMapHandle 2560 -prefsLen 26388 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61b0b017-612e-4666-9bc4-f16969869a02} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 4924 19606f1b758 tab
1⤵
PID:5880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.6.1082842868\1245141352" -childID 5 -isForBrowser -prefsHandle 2636 -prefMapHandle 2552 -prefsLen 26388 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca013641-0c6a-4513-88dd-d2c3127c8552} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 4596 1960c7d0358 tab
1⤵
PID:3240

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4440.5.1973711374\2049618739" -childID 4 -isForBrowser -prefsHandle 2584 -prefMapHandle 2536 -prefsLen 26388 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc97dc59-1c67-4db4-ac27-ed4349b71672} 4440 "\\.\pipe\gecko-crash-server-pipe.4440" 3632 1960be36158 tab
1⤵
PID:1792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3132 -ip 3132
1⤵
PID:4644

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\7415f4d8bc954d5ab4c2b8c1d3e20e2f /t 3220 /p 3216
1⤵
PID:5836

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2476

C:\Program Files (x86)\Super Auto Clicker\SuperAutoClicker.exe
"C:\Program Files (x86)\Super Auto Clicker\SuperAutoClicker.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 1980
3⤵
- Program crash
PID:4892

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:3220

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5444

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5180 -ip 5180
1⤵
PID:2056

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4252

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2060

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4848

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Super Auto Clicker\InputHook.dll
Filesize
36KB

MD5
804e4d0d839583b960fbd4f433c86064

SHA1
4a67a74642b0c4f39dbde4a53c2ed12d0aefff58

SHA256
b278326f1f0c16dc6a829cb03f7234b7649efc9d17df54da01a0f9b15c5a82a1

SHA512
a35416a85c735a8df2a369c0a63e19ec71de98f7aa37d87bb7355ad43e854a34cbac9edc3e9f05a00baefedee5d39c8c155aabc8bd2107d17b142a6e4e2aade1

Download Submit
C:\Program Files (x86)\Super Auto Clicker\MSVCP140.dll
Filesize
392KB

MD5
496bdbf53c40761b676560a8879a5579

SHA1
46fbc1f785d7f4b6a3f3710d60839405f09a809b

SHA256
3a92e5aad10478003f18f5ca2a4d322bcda37c9094df024857c5c4b8cd3e28fb

SHA512
941f1fd478e2c8e7c3580117ae77469b0ca56a27f7f813e87c748f48cc9b5b0cec701fb409e02f22bdd9d5a434d563b75a9e670d77845bc96556072aee2c7ec4

Download Submit
C:\Program Files (x86)\Super Auto Clicker\Qt5Core.dll
Filesize
4.4MB

MD5
752486f67e4b092f7cf150f2460ab4f0

SHA1
8b1ad94c0e8f6b02217244ebb410cb76b6d092fa

SHA256
f38e11fd9fb12e02c780eb961e4da7883993a3812d2c6fb7e2a1bdd9ac3726dc

SHA512
1979d70fe6e0b5a8ec4192b79d484d7532189f15d167c35c8764bfef6655c008bf80c5df1a0632ef595ae383c0325754c7e75bc779abca5cb7b5e9b76f86dca7

Download Submit
C:\Program Files (x86)\Super Auto Clicker\Qt5Core.dll
Filesize
530KB

MD5
f46ba567b5e963be6f7c63467ecccd63

SHA1
0f44ee0ce17e6c6adbe3ceabcedecfc039f53b70

SHA256
a0c1e6ff5379074a7fa23503f917b45dd31d359227297d961506f85403712799

SHA512
fb4cb1ec9b5ae6d16c800a0ed9027c383e96f458316837aa03752296c9c5c093e62fcc6edaa76070482326a82f9396dd68a884658e5f3263a9a2f8946e404b16

Download Submit
C:\Program Files (x86)\Super Auto Clicker\Qt5Core.dll
Filesize
396KB

MD5
26970533e6ef392de37603809c833ca2

SHA1
c78c8016afc9c94ba0b97c0c8b8d116a70752811

SHA256
22ccb97949d2784a594231b28c9bd56664957a0ac8b655a078008d35481ff265

SHA512
79f337a64580a2b0eb3dda2ac77926c8ad1845cbef9e5db64d1afa04b8e02b8f7db45da5838790824067183ae27a60ad9da6c2d70d7e1ccc154c49f4c3ec1f8f

Download Submit
C:\Program Files (x86)\Super Auto Clicker\Qt5Core.dll
Filesize
76KB

MD5
6ddbf5cef393f57e51031e0f9984cc39

SHA1
624ecf2f72c679174aa11cf3c2b2fb9e573bfdf9

SHA256
162205bef0db13b8efdc45e9c0e0af0fe1486422cf0dbb9ac91bff553e54f632

SHA512
9ad8c365a2575e25138a6de0448597a24d9badfb7c5f6b5830c5ccc581570dbec4f2a8e3e416257264bff0780991c32c6a2b474ff60c645fb8be7d4fc092df6a

Download Submit
C:\Program Files (x86)\Super Auto Clicker\Qt5Network.dll
Filesize
854KB

MD5
781daaa9b9049f21b830d5f9b28b1331

SHA1
6311a882e1324900115cc6f13b2d8c5454f5463b

SHA256
cc64bf30880b21e80fa4fb0cd6c6e259164481867f17f4d3a4ea09e00d702b13

SHA512
8b036008fe9137325ccaba410478a16808ca8f20f9079b6a09e997b062188a56c9557dca3d9364bba0f7c3eee6fbefd172b09f3ffbfac95e955cfe32491c52f2

Download Submit
C:\Program Files (x86)\Super Auto Clicker\Qt5Network.dll
Filesize
549KB

MD5
9429259d9ed4b50a7bb5760a6742be56

SHA1
4a80b8fedbb4e773cee45deefb7d5c27abe445c0

SHA256
f48ee032ca6330e23e2ca6362ea1afec98e1c0027f50c9488a7bdefe0dd3e2e2

SHA512
33822f7541e3ad073041c7fa87a44d027ab7de675140ad01a671022ac45709349a1a766c3d7ffcc49b4972c649d6324da1227196de48c0bcafb0676fe05e8a08

Download Submit
C:\Program Files (x86)\Super Auto Clicker\Qt5Network.dll
Filesize
399KB

MD5
004905246db9103e4670ecb93fbc652a

SHA1
17bbe80b0b7d815ff2dee27d993bd3e8be7c7b96

SHA256
7d2ababaa191191abcc01fc73bbe3ed7c786419e9eb108fa451c97be03d265e5

SHA512
9217d1b857e543eaa94eeb8a786f49d6af0e2a59c68f0110da78da0c9abf911ff4551f709647e8fd9805a45decdedbe69442e414d33edc7903702be88390ace3

Download Submit
C:\Program Files (x86)\Super Auto Clicker\SuperAutoClicker.exe
Filesize
1.2MB

MD5
72b8b78ce6d0111c0fcf2e51417cac89

SHA1
a144629db95c4b7cf089f5d479ad7b1f90d0f382

SHA256
10ef0b4c64c3bb192dc27d1226ac8baeb6aa345b26d1f1490b4d2a52a1af6e12

SHA512
e696e7b6f9e7669df4b7927b46610be6d825dcce643c6423628370518a7e475ad480315d074c4de56b0a87db54ae9f8969988219c836975ac51947f7efb14508

Download Submit
C:\Program Files (x86)\Super Auto Clicker\SuperAutoClicker.exe
Filesize
147KB

MD5
c926fdd982d40c2df01f4dcb2fe680e1

SHA1
938e6ed79bedc0fcfede2a5deb14d109b3c047c6

SHA256
0428a75821c24d0112941292a9d3fc713fa44e076df24a04c931b644bbcb2529

SHA512
3e407028f929e03cc4438d0c9a28f832203052922dd1a5361af67cd42c6c7b9bf8e8d01cea8d48500419980ef664a4c0ca55398f2faed6f2e84e31eadd49febd

Download Submit
C:\Program Files (x86)\Super Auto Clicker\SuperAutoClicker.exe
Filesize
524KB

MD5
437d62ae9ba76d29bcf5db0e6d055f0d

SHA1
931064a555f4f44205103c9e663f2342f9b584b4

SHA256
890c06b47b4b0f505c907747d0f732fd5cea73cc5d57484f98fd50dd6e245960

SHA512
9c70e5337fe397e32010b923d0898d0298e4514e192b941cd8dde9356b48cc0fe6f0028c2255da1a2168caf253ddabbd216912442e348a79a69983c4cc040f3d

Download Submit
C:\Program Files (x86)\Super Auto Clicker\SuperAutoClicker.exe
Filesize
389KB

MD5
618cc0af9aaf6ae83bb420e4153dd637

SHA1
fa0ab0eb9bf8a1a63e47408c650b5265ebedb0c1

SHA256
6ed8b55cb21c3b7e15332baca309b3a4022a18b91db2ae5913813701ab0b2c7f

SHA512
47a93cbe6fde57b49243ae50dfad129bc2c9ee1f80136e45ee07e744403d3fb35ffcb342403a30082867b16094b6e2ccf39d9959ebaf4d49e1208d0f56d8c546

Download Submit
C:\Program Files (x86)\Super Auto Clicker\msvcp140.dll
Filesize
420KB

MD5
ce44f2bd7485e056b7772876bfefc57c

SHA1
0cefc9ab20794f13444dc34e0b1f1328836ec3e9

SHA256
40ed82b6c30a3ad353b6ddc705fe3afa758988038a56b83326d4de9ce0cafe66

SHA512
c923f28c53d672b120c67a135bf476cd713c62822773a905aabf82febde855d45409e27f44cb8962d83b9f593d474870fc7a656aded8bc4dcfffb9efcb207cc1

Download Submit
C:\Program Files (x86)\Super Auto Clicker\sciter.dll
Filesize
6.1MB

MD5
9ee68a3c105c056dcfc9bcbecd017a7f

SHA1
1a88d0c0b00361a43b21fe57e15d3093b7bfc462

SHA256
3d768633964916c4e485788ffe6a00eed3669cf5b1a10a0f4b4f285daa17e328

SHA512
a31d937ee77ddf4b76e941fc9651c90079c043ef742d369a70ca4e0a4ae9b8fe107cf5dc99e70848de8e45df9bdec3d8316fea5aa0a78dd76cc70c55daafd8f7

Download Submit
C:\Program Files (x86)\Super Auto Clicker\sciter.dll
Filesize
409KB

MD5
10394bc1526572bcf2590ba678752466

SHA1
a85f7971a7ffe334a7728b48cbfbe6e3037e4874

SHA256
26286b43bf7f015501fcf2ff35dee6a98f703866dccf46cb5cc4a8c71c3780f3

SHA512
fd4fdfc695f88fd17dc1cc690a3be5da9a5314c6dc416b68886a295e2ee18a09c22843a2ae68dd0e84d17cdb6f5ae80729b2123493a7b697cd7917a74e46abf0

Download Submit
C:\Program Files (x86)\Super Auto Clicker\sciter.dll
Filesize
245KB

MD5
9b4473f1d9ee7c0f1472b29635c91a73

SHA1
7d3cb2d75783a2e43d117599d435cb42dada45b5

SHA256
dc97175902876230c8d0ce2a9de0e94f16a4263dd7686f11d76ab0902b69a0ac

SHA512
3720b1634f4ab65b357bd9645933c1b8a9f2b74da01d133f93aad6bd5644fbefc3f61f0b4acc3aca320f2f05880ea05dac2465355beb5e932e3615dff4434feb

Download Submit
C:\Users\Admin\AppData\Local\SuperAutoClicker\SuperAutoClicker.db
Filesize
774B

MD5
4fe4d34115eeb423d3e4db159322b99c

SHA1
a1003ceea47775d6a068744dcbb6ef5744e10cc7

SHA256
bf3062585d2be9036b9e6f15a1cf1c78896689e4834bd7c5201d850a6762d7e9

SHA512
6d6507b1140047fb44945aedc77eafdbf1035323c363fa2c651978e26627c5c8519931c77fd8a4bcf05ea29ec518a5f4a9674388fbb8fa72713041478002787b

Download Submit
C:\Users\Admin\AppData\Local\SuperAutoClicker\SuperAutoClicker.db
Filesize
99B

MD5
b7c4bf812c17f5e588a5b47c73e250e6

SHA1
d1959e85b9edccc2675f186e2f25e0bcf99f08e2

SHA256
dd8935a8a995e30eba6c15e9d9ddbccbdb078bc9d6029e553e1d8956528ff308

SHA512
2c47de7462990586bdbb13cd7f8d4ff0ad1077e1c6ab3480e10226b7c42b9110e6a111b57e3669abf57c447c481999ddea93ae3b031eb0e4382fee0b27d8301a

Download Submit
C:\Users\Admin\AppData\Local\Temp\PowerClicker\PowerClicker.log
Filesize
52KB

MD5
2d2deb146fa60613da3a5278c0947644

SHA1
ebd72edca0204e2cbd63fd55bd796e70f1f1bd69

SHA256
a2f10603dba96c3d2399d0999bbffd0f56f4afc25de1db52bcd5f72e69bd7367

SHA512
6d2f278e00717458ed3f2ad704beecfee0c8346d0645ad23b0f0749f6996b685146202d80802e7e6075d79b4f882e7c69b305c98b0c546f8ef90f5051bb80b58

Download Submit
C:\Users\Admin\AppData\Local\Temp\PowerClicker\PowerClicker.log
Filesize
30KB

MD5
ff02370dc82e0dfbc959a8aa2e855f04

SHA1
3435aa7a3f1dc439490260921472ee82b9cb785c

SHA256
432d1b5be5a7bbb9ea6152e30ab49722d27d44208bd8a9d6badd61aee9dc64c6

SHA512
a1c7e9a0b6409118382b4e1fc61a890e4f4a34af26e63829c20681fb5102b3ca3ead38d4e8b8f589fc0090e52e06f20034563a7d76be9ee4094a617265f3161c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\MSVCP140.dll
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\PowerKit.exe
Filesize
202KB

MD5
29211a4952a3f8c1250d06d7f53cad9f

SHA1
740cf01c5ffcc8a35222b7c72f0ab2e33d6c1d1b

SHA256
7f69448da3882e8b64564e51c0ef3ff9555fc5a4287a6915a02fe683ec6b4dbd

SHA512
da7a2d5b9406ba830c371e4c546acf14724ab4a24c34cf491ed55cc288e86f096b5993cb3ed007115e3cd65fad1f65f58d6ff6c32d572f4ee5a0fcdc807079e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Qt5Core.dll
Filesize
19KB

MD5
025da1a63db24325b35a99c11b2309ce

SHA1
58d4011af405cbd27532fd9ba02bfffa17967f67

SHA256
a0da31c4b994681b48720154c0d4ed4147b2ff2cf81f15b98cf145bddf57301f

SHA512
fa7a28554fbc311184049ef7e03c859ffc43ed545b9199b01a4d2fc64c2ceebd2d6e9d0cd5974a52f7855d598e42f3a9fceb9cbc681fceebb9acf6730796f257

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Qt5Core.dll
Filesize
391KB

MD5
660dd678ac26f9dd48aa60f67db08ac4

SHA1
9f72594d8e80a90e8d471643ef8781ea097d931e

SHA256
639fe38c1f7e66f10c1417c67e83f5e3e5663153c83e31a2a41f2f5abacb6b6f

SHA512
b221d69cd300731841b22d54a0fc13f56892ecfd06f076560ac5e03f04dadfeaad90a5d574e9609b158cdffc7a4f33be0d48dbef05de654fca35d52b2b05cfd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Qt5Network.dll
Filesize
757KB

MD5
66066b8548131d4488ef8ef234e633fe

SHA1
357719741c8af443a6426b1381559594f1ebfe4c

SHA256
c8d1c7b4de267d0f8b5f64c6e68367460864df54b6dd38f46bad9595c0dc611a

SHA512
1d3251f4b92a7015d551822a8164ec362d6913d55d51a2791256c519dae7d0fd1cdb2eee5e86a03d819b3b9a378d452304928c4f73281ccb0de9218ac103edc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Qt5Network.dll
Filesize
723KB

MD5
b7d63c2ea5c4c8d4892f4deee8ccfe13

SHA1
e235b58d0e19429a22ce23c10e387e143dfa57aa

SHA256
9abb4e2074f9b928831ab2f3fe2e788c9a41c7f0d3566a1936a62d31b234388d

SHA512
ad712a0e79f42bc01d294b161aafcf3328485a3902c2739f4d192aef4f3c1280e5a67a94bc487ff5e6066f7dce18743c010beaf6fbd7b59f47636005240387d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\SuperAutoClicker.exe
Filesize
239KB

MD5
7b9f9c2c888b3f95b0f79c0741878990

SHA1
8fe50f79348cb0f4119eff3a66f42c5ac37b6d8e

SHA256
6fb82ba77f462239acff7efc5b07d81592620494dafcb4edaf32842b149a8f6e

SHA512
6bf98bcb3cbbac9290ef80148006a87d463779e3df196513f7406a6de8932e46d533ea517bda2e560f6d0535f275751100d69413d273d864e37fa8c4095533e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\SuperAutoClickerInstaller.exe
Filesize
836KB

MD5
0485357e4b9050d45ccea18e2a66b104

SHA1
0c859bfa5f7670846e31c258d9e5a6872cc8a331

SHA256
ad7fd407fe90099c2038646ecabcfded7f824947676973aa6b3409f196629695

SHA512
49708d0c2d94cc8826e681f2b06c9f12f76c37a99435e2af4139421af6a4b9b235197f6951f618f40b0b7fcff2096376f8c94db96416b23de34ace0ed359cfec

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\SuperAutoClickerInstaller.exe
Filesize
384KB

MD5
be43b24a2d78131fe05911f9e804b99b

SHA1
b919d5cac0eafb3b537b7fafddd298aca11bc497

SHA256
c178ccb6de8747f5f2b08089dde790ac59c0c34cb0c30e4bf3851dc80234e025

SHA512
1daf00ccee6b4d8449c4179baceffd0d9ea1ea782b333d19a286d02db73b15e3a1c06498f7eaf690237becf17fcf47a548588dee9e33181c783fb0ca5157079f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\SuperAutoClickerInstaller.exe
Filesize
128KB

MD5
09a119f558813f8fe060d9f9f1dafcc7

SHA1
f61d86a5f959d0880771875bfa99fccdb88a1033

SHA256
489d86c9c2e7545820069e301940962d6f2f5ca64579d6bab6cf62f9fd1f3635

SHA512
c769d3fb5c968d1df3b33e9fbb184009d8179dcdc79ec330a03463f9494b824b97b8ea979de25a4c4346f249aa2734438ccd45458c11cdae603fc2bdc6c5e89d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Uninst.exe
Filesize
261KB

MD5
b0449bafa636a3d310a98b030258f2ba

SHA1
2869cbebe2f2d50751210653de3a5d787cd7e086

SHA256
9fc0bc504ec972c43f7d36ab5f108574872771e011a8a45e5bfedad56055bf78

SHA512
0f24db0489537f7bbae92081502480970b386b44e96d1e35ad60e8e2eeb61c2855a7b2a599b62aad9b9a8a8f5f82cac117eee3093c13d84cceef8ac39770dad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\libeay32.dll
Filesize
692KB

MD5
59b739327a2113762ab424183db47743

SHA1
e49f883eecf260941349676fa1dfed9e878ad292

SHA256
c7c600d8d9ae7f0bbc816623f46a4aba76773612487ae9c5aab37b1b819c0220

SHA512
5bc18775a82549c5e9e86ce00f80de2fb50e7e3ed7522c056fc19c6dd81c24f58671c004d24c62e0a389fa56c3ca7264a11d4c45f7fca988cd269a465638b9e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msvcp140.dll
Filesize
438KB

MD5
1fb93933fd087215a3c7b0800e6bb703

SHA1
a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb

SHA256
2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01

SHA512
79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msvcr120.dll
Filesize
337KB

MD5
af4b3cc1646e76be52feca57d57edb69

SHA1
382f14830a30f7ee6c4144bd7cbb7db1752263f7

SHA256
38f9baaf3e127a1ebb09f9352a789588d80d9adff267e28814cc9d075cbbb65c

SHA512
369603f88bfdbdb370c5fc5dded6278bb4d506bb450eec7ebef52ff8d02407ca41e228bf8fc8beebfc6530c94565c27d54418be38f40bde0bc183c31b10eab33

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\sciter.dll
Filesize
367KB

MD5
2c728896b66936d969201874d92dcece

SHA1
5f4594c4c3b62f907af37058216155133d64e88c

SHA256
6f60a62f83dd4f5c7cb810f41e01fc21c30e21af444cc769ce2f28d18d51c3e8

SHA512
ce2e672947472b420e01159fe93d310fbdcaa7c86a4338bad6f59ea0b389cb0e113908ec818d12d67fa3ed6ccf1e17df5f685c37cfa7f7b307d6b15c298bdd3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\sciter.dll
Filesize
581KB

MD5
0d5e11f4ee676552e5e60de1f270bb60

SHA1
c80aa577d48c380c57262a2b65c6f79dd759e34a

SHA256
d9ebff436fa590fc49637be0151bad74ac1b54f46781570a5f2b58fdcd2dae10

SHA512
7ccd5548f86050b1e85bfc0109e06447ef94eda29b1b12c4c71d7b0d451a32196d17ca55bde3a29d46086446f043b181ee2d929cffc21389a8c17a5d0253ec21

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ssleay32.dll
Filesize
307KB

MD5
aba92e540d9f42c8d8fa8bb936f3ac9a

SHA1
32b3184dc5234d7168afd0a97f9f2f8d4767f68f

SHA256
96d5fc5a90afab9b5ec59c2c1bdba9dd3776e59683070b2c0475f00c5a70ffd3

SHA512
7be06554d785b82d6e84ec22cc24defebd9b96c52d949ef148632ef9ea68172e669237c09c4d77294d7788843b756dc3780319784f64277fad90ec893bffc759

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140.dll
Filesize
78KB

MD5
1b171f9a428c44acf85f89989007c328

SHA1
6f25a874d6cbf8158cb7c491dcedaa81ceaebbae

SHA256
9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c

SHA512
99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

Download Submit
C:\Users\Admin\Desktop\Super Auto Clicker.lnk
Filesize
2KB

MD5
1ca51bc1f3deeb0e0ec404fd92a92385

SHA1
2e5f69ba09ee94f091bb567b5772f1943bda131f

SHA256
bc328e2d7aa0cf4166867fb1770a3641ec75e669486b57a5ef495541bbf3ec0e

SHA512
0de0b2c8118d01f08130c8871970f5f1cd89b060cc2716ba27eb2c55f176c0f68fae243c3ab14388f3fd1399db5351369cbf589554b349c13a7c74da07a76225

Download Submit
memory/3220-153-0x000001868D210000-0x000001868D211000-memory.dmp

Filesize
4KB

Download
memory/3220-140-0x000001868D210000-0x000001868D211000-memory.dmp

Filesize
4KB

Download
memory/3220-141-0x000001868D210000-0x000001868D211000-memory.dmp

Filesize
4KB

Download
memory/3220-139-0x000001868D210000-0x000001868D211000-memory.dmp

Filesize
4KB

Download
memory/3220-154-0x000001868D210000-0x000001868D211000-memory.dmp

Filesize
4KB

Download
memory/3220-155-0x000001868D210000-0x000001868D211000-memory.dmp

Filesize
4KB

Download
memory/3220-156-0x000001868D210000-0x000001868D211000-memory.dmp

Filesize
4KB

Download
memory/3220-157-0x000001868D210000-0x000001868D211000-memory.dmp

Filesize
4KB

Download
memory/3220-158-0x000001868D210000-0x000001868D211000-memory.dmp

Filesize
4KB

Download
memory/3220-159-0x000001868D210000-0x000001868D211000-memory.dmp

Filesize
4KB

Download