Overview
overview
7Static
static
3TecknixClient.exe
windows7-x64
7TecknixClient.exe
windows10-2004-x64
7$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDIR/app-64.7z
windows7-x64
3$PLUGINSDIR/app-64.7z
windows10-2004-x64
7LICENSE.electron.txt
windows7-x64
1LICENSE.electron.txt
windows10-2004-x64
1LICENSES.c...m.html
windows7-x64
1LICENSES.c...m.html
windows10-2004-x64
1Tecknix Client.exe
windows7-x64
7Tecknix Client.exe
windows10-2004-x64
7chrome_100...nt.pak
windows7-x64
3chrome_100...nt.pak
windows10-2004-x64
3chrome_200...nt.pak
windows7-x64
3chrome_200...nt.pak
windows10-2004-x64
3d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1icudtl.dat
windows7-x64
3icudtl.dat
windows10-2004-x64
3libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1locales/af.pak
windows7-x64
3Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22-02-2024 04:29
Static task
static1
Behavioral task
behavioral1
Sample
TecknixClient.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral2
Sample
TecknixClient.exe
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/app-64.7z
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/app-64.7z
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
LICENSE.electron.txt
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
LICENSE.electron.txt
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
LICENSES.chromium.html
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
LICENSES.chromium.html
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Tecknix Client.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
Tecknix Client.exe
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
chrome_100_percent.pak
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral20
Sample
chrome_100_percent.pak
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
chrome_200_percent.pak
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
chrome_200_percent.pak
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
ffmpeg.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral25
Sample
ffmpeg.dll
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
icudtl.dat
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral27
Sample
icudtl.dat
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
libEGL.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral29
Sample
libEGL.dll
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
libGLESv2.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral31
Sample
libGLESv2.dll
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
locales/af.pak
Resource
win7-20240221-en
windows7-x64
General
-
Target
Tecknix Client.exe
-
Size
141.9MB
-
MD5
f49986500008b71c3699313947a95152
-
SHA1
95fc83d42d04afd0056454cd43920022bad6f00f
-
SHA256
eb9630b13cc6b3d34620c5f7aa97e555eaaf15a1cb173b931e556c3255b4e760
-
SHA512
ffbc07beee1cf1139984e27bf368e4cad6d28ceb487f8102c7b8923185b243c2ffdc38c79be095085641888d16953bb5caf862186e696a2b477431b989356b16
-
SSDEEP
1572864:uGnLoxZiYvfM/e4/GIiQ2LU8fGqyvcXdEhIECpvfQU41:uG4b8/eUqrRd4
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation Tecknix Client.exe Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation Tecknix Client.exe Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation Tecknix Client.exe -
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 Tecknix Client.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 Tecknix Client.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 Tecknix Client.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2952 Tecknix Client.exe 2952 Tecknix Client.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe Token: SeShutdownPrivilege 2952 Tecknix Client.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 3020 2952 Tecknix Client.exe 28 PID 2952 wrote to memory of 2452 2952 Tecknix Client.exe 29 PID 2952 wrote to memory of 2452 2952 Tecknix Client.exe 29 PID 2952 wrote to memory of 2452 2952 Tecknix Client.exe 29 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30 PID 2952 wrote to memory of 2484 2952 Tecknix Client.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\Tecknix Client.exe"C:\Users\Admin\AppData\Local\Temp\Tecknix Client.exe"1⤵
- Checks computer location settings
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2952 -
C:\Users\Admin\AppData\Local\Temp\Tecknix Client.exe"C:\Users\Admin\AppData\Local\Temp\Tecknix Client.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\tecknix-client" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1008 --field-trial-handle=1140,i,13484280035883990504,4217702191319877517,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵PID:3020
-
-
C:\Users\Admin\AppData\Local\Temp\Tecknix Client.exe"C:\Users\Admin\AppData\Local\Temp\Tecknix Client.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\tecknix-client" --mojo-platform-channel-handle=1220 --field-trial-handle=1140,i,13484280035883990504,4217702191319877517,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:82⤵PID:2452
-
-
C:\Users\Admin\AppData\Local\Temp\Tecknix Client.exe"C:\Users\Admin\AppData\Local\Temp\Tecknix Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\tecknix-client" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1424 --field-trial-handle=1140,i,13484280035883990504,4217702191319877517,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵
- Checks computer location settings
PID:2484
-
-
C:\Users\Admin\AppData\Local\Temp\Tecknix Client.exe"C:\Users\Admin\AppData\Local\Temp\Tecknix Client.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\tecknix-client" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1008 --field-trial-handle=1140,i,13484280035883990504,4217702191319877517,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵PID:1380
-
-
C:\Users\Admin\AppData\Local\Temp\Tecknix Client.exe"C:\Users\Admin\AppData\Local\Temp\Tecknix Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\tecknix-client" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1500 --field-trial-handle=1140,i,13484280035883990504,4217702191319877517,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵
- Checks computer location settings
PID:2836
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5e2dbf8d5a6e7bbf1a21089c5c7c930a0
SHA11ae6b71c9df1a20666a7eaa1ad554d4c4ca3013a
SHA256678c96735d45e7542f3454232eddccc582d52440b41c40ffc805c0488a3f4180
SHA512fed902f5de48553dd83d7db8013898fe634fd6cd8204f14cef01c1c52bfd561603f7a08b80d94191b4c235882ad520be5374142476b754da2d2594e5eae18467
-
Filesize
3KB
MD503879dc6b7f96e0135f93191759ef55b
SHA1d514d6734732d04b3537e8c2df1299452cf53c1e
SHA25624ea60b333a77d61d63e8af2ceab1da12514cfaca23fe891aa58bb5a03cd283b
SHA512ba8c34ecac71d0ca237742580bdc292bc1b57b500d1868d12c3e92b2c28ca67ca75478d448eabd01dca57f32086728a10bdeb709adc0e705004833af03e0c316
-
Filesize
2KB
MD5d436100d311a60a54dbf8c22af628d13
SHA13605ebae2bfdb242b655bbaf0dedf3748c334e89
SHA256454e583b9065f930312f6ee78af9534ba039eae6af6f9be061de35c103a97992
SHA512741c2af758f8af2c79ec59c2363d6bcbf5759fcffe9e8cc63d8b46193185d2b49261663c4e94b97e888a942dfd82573396783a06c9fff6ce96d4461b8fbffd05
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145