c21996d9bf78dc7172b5eaca6d2dedbb17ef0f86e9b23a6363550183e52778d8

Analysis

max time kernel
119s
max time network
93s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
13/08/2024, 17:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Autosofted_Auto_Keyboard_Presser_1.9.exe
Size

1.0MB
MD5

e60e845933d747c615286b762630919a
SHA1

948d219d89dae0a277519978b751cb70991eb577
SHA256

c21996d9bf78dc7172b5eaca6d2dedbb17ef0f86e9b23a6363550183e52778d8
SHA512

7a4210fd3a5e3542057fba5a86735ca69dc80b43cfc38c88d62423c6d297d51d8a150a97acb75af6840862d098168f711fba218124c8271ede5961e1e1e26907
SSDEEP

24576:VCdxte/80jYLT3U1jfsWakzyFaBT8t+0Q:8w80cTsjkWakmaw2

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Autosofted_Auto_Keyboard_Presser_1.9.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Autosofted_Auto_Keyboard_Presser_1.9.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680448826250536"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe
5096	Autosofted_Auto_Keyboard_Presser_1.9.exe
5096	Autosofted_Auto_Keyboard_Presser_1.9.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
5096	Autosofted_Auto_Keyboard_Presser_1.9.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe
3984	Autosofted_Auto_Keyboard_Presser_1.9.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 3180	4620	chrome.exe	87
PID 4620 wrote to memory of 3180	4620	chrome.exe	87
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 5008	4620	chrome.exe	88
PID 4620 wrote to memory of 4868	4620	chrome.exe	89
PID 4620 wrote to memory of 4868	4620	chrome.exe	89
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90
PID 4620 wrote to memory of 1484	4620	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\Autosofted_Auto_Keyboard_Presser_1.9.exe
"C:\Users\Admin\AppData\Local\Temp\Autosofted_Auto_Keyboard_Presser_1.9.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3984
- C:\Users\Admin\AppData\Local\Temp\Autosofted_Auto_Keyboard_Presser_1.9.exe
  C:\Users\Admin\AppData\Local\Temp\Autosofted_Auto_Keyboard_Presser_1.9.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  PID:5096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffb3bcbcc40,0x7ffb3bcbcc4c,0x7ffb3bcbcc58
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,9529898698217645138,1838588542521143439,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1788 /prefetch:2
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1864,i,9529898698217645138,1838588542521143439,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,9529898698217645138,1838588542521143439,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1720 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,9529898698217645138,1838588542521143439,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,9529898698217645138,1838588542521143439,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,9529898698217645138,1838588542521143439,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4416,i,9529898698217645138,1838588542521143439,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4412 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4400,i,9529898698217645138,1838588542521143439,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4412 /prefetch:8
  2⤵
  PID:1816

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2796

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Autosofted License.txt

Filesize
42B

MD5
547428937326f19266ec435cf200560d

SHA1
0d57f8f844294e2d5e4810055a513c2cf492963b

SHA256
736ced0bca3bdaf554da659d5c08ce26f214611109eafd4b8454b86dd48ba2dc

SHA512
ae1c76be0383a2b82e854bc6f767f2c7bc06accd89d94fd89829f1e1e57d7d8ef11e2c702a9def2dfb496ab3993f8643c8c71dc36b50db11121ebaf18e330a27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b2769af6ba91dbbf577c8b9446b34d7c

SHA1
aca20f1b5e28edb7a2eafc2c51ead8b65babeec5

SHA256
920f5e72cd979b01e8bf44bcadf4de7f0c7d30e74c16b626f684056c24f11a42

SHA512
532f3f3e3407f2a1a25978915216fb22d66a6395ab3161220dd7beb33c6dfa9707e871dccf0253ba4ffcfc41050ef9c169e7955e67f2c1c797695d80bdb4e2b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
165938cb0e34153db9aa4633aa72ffa7

SHA1
2796aac56584f3aa0b98993d100bdcf01b7f88d2

SHA256
76ff0e90e083ff3a7e5241e0a1e27c032d243dee8d8cb5dc7259b901596d742d

SHA512
9929b9525f71427b9a37da4f075f160a2a0e1cafc6a3c0b9cf323b0971698a6e82e4e60bf435b5c2eef4942a8fa682f1235e11503e24efb4396377ed1e9bb591

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
79f862c3bdb78ff90c91a8e69c72d392

SHA1
3a14470ed1c748ca917c37da6ff10ae9f8ded25d

SHA256
e78ebad860c77fba46aa1a52e19d40431639d174b228da03eb0938563577f542

SHA512
f65bf7a2cda7c9ac7155887a623418da75a479111a70cd0bf88814141270623362cfe5434bd18b94acada528c0e4ffeafaf0a7bc520852dae0762fb08b696828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
44bcaf077ff88c09e43db962813bfece

SHA1
fc49509039c483021f481c1e94b1606fa4dbe58a

SHA256
b3143e36af1f061dd00fe4cec93b66d2d51730e60872b84639f3b8330ed230d0

SHA512
2c42fce0504c3c3fa9f8ba8dce7b1de92ece81b634a584110b8c9b57f9b51550c4753f145c5f0ee58f4855664c2b5e080e6b08b8b5b6bc4e49916d389f683622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b81af79cf40a5d4890408be2a8c5ee39

SHA1
db7deaaf33254a9e23a1562f3db683262b9522aa

SHA256
75fd1935ecc14aa2a22e1f5f45d260d56da6838f1eb1ba0fd943a1be7a1440f5

SHA512
671af02d5db3d606790ae9533b4f5b5a97fe7782c74f5407398e5ee5669fcb3afc341734910d16543558973eda46bbd5a1dd40c32b25c9d19d80da55f8d0db60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6718e575c491daeb633606074a6e2095

SHA1
5fd26626d4c2281f46e1c9f03d1c8b5c762ccfa9

SHA256
f4eac2ad9afe28b82f7629f7553f58593efe9436d636b6251a97152e8e044af2

SHA512
bbd8408eddcb9b24108f071b7b54a54e5b4627362aa507f956671f5ae9fd9fd3c16ca54e4c1576ec8fa52d46b91ae0baca5155a8143cceb2a2f6df6c5975dcb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e888567dbb904ba4cb63647a2d31a8e9

SHA1
f9e736fd6d8c1d3f0f690acb1baa5ebf88b39fc7

SHA256
235245cfeaf8e6e18938e08c80c9b2325d4fd9faf823c7ea87c73b4f404676d2

SHA512
8688d04e2604a7397c7dec338a06b2141851f066bfe1a0f394e4650c5fe60391bc55af6a6da305bf9ec040a382a280cb332834d22c4ffa3cfd8fdd1227b39d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d69ec6bd3ec4806e9556629f9789ee88

SHA1
11ace965531214a9578246328d2b9e137988d555

SHA256
0ce7843398df10376e28373593fbbc60649685edde68adaecffabf540b91ab65

SHA512
ef586231f81b9d611f05ebaaff74d8820404c0ae2e44cfe061dbe5c795ee3374882502e717bcd1d44df0153eb0900cba9b5d16274c9553724db13a24d550d87f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa204c83cb971852bfd77fa0d34e6a2e

SHA1
6697964f5b9dde15c522a29b133884e76f71445e

SHA256
36146323036963860aa6d65ef663e1dd1f91d439cfcfcca0c8e40b585581da2a

SHA512
d2ebac28eae02d2e7f92de54c116972a00f21914ead9fe9d91796e47362851086cc48c1084cd56a30023e196fd990f688331d4d78c81b9b1f142aff86c0ddd5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8931d18a5b165ed37bd7a48b9d64f311

SHA1
8d8fd8c12dd98ba9615bcb6a8ef43b6635eafb39

SHA256
bc2221868f33814023e04cfca97e7331c67a64706aca7599277c417e5084b67e

SHA512
c0db9f000fe06b81e02f0fc6345c833cf6b18a9fe282e3ae5036595228bce04eab177b9853aed024af64d6ca56f960c5c62852d72008063191d74cb4f328429b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
ef30204bcd35f61245de5f59d18cb483

SHA1
91e3cfca6717d21018cc4553667d781fbdf03eea

SHA256
11a3804345c7fa3669925cc3b8790ad0f224aae50ad6ebd3a3ac7a384653930b

SHA512
33d80764f8eced4a164f5f2fff31991978c663aeb1d41cffca48cbe70d664b348555ac34897a8ebc52fed65d36de6c6601c608a7713619353c5154eb66e40283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
3111a77565628ca5009f7a73bc8c925a

SHA1
1963ea81b6a644b42f2acd5a9e17ce331d77024b

SHA256
0f45e4e46fb153d14eb155e394b2ea3e3334ca034279254e5143a299ba3dbe43

SHA512
bfdb0d04a25265980543a16fdb486b8f4c67a4b03bdddff6f50e6c59be9cb1d54f7ab5a4a84a3b222b12bdf21dd1d96330003a3f4e8b6c9feaba86d3ac25f6da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Autosofted Keyboard Presser Config.txt

Filesize
55B

MD5
cd569b70da3788c65b9479d545e6f622

SHA1
54510102c0cd082a74d32c662916e6129c2c5f05

SHA256
e49cf74f9d9887d1994f3fa715822ae12fdb7160f6329a1cb618a53195a1c6ef

SHA512
d20d9e1052e0c9b676e0639d3b581baf836f3375034d3e73db93cff9cb746ed4fdde5c29dd3799e6ec56168cbaf8c1864d701c054152209a939043e7a64b2301

Download Submit