Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 22:57
Static task
static1
Behavioral task
behavioral1
Sample
autoClicker.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
autoClicker.exe
Resource
win10v2004-20241007-en
General
-
Target
autoClicker.exe
-
Size
246KB
-
MD5
018766bcfa72a30a09f2df9755b7a24a
-
SHA1
f7a3dfbda9e1ca854ff4514454cb95854c9a084d
-
SHA256
84f3e2049740ebbcfb5fe827cc6068c6f8691bcaefa781a9f2af7a07d944443b
-
SHA512
b28f3809dc25b693987de94afca04ce79aa2a8aaf96a919b5f9a56cb0a7af8482429a4bdefd0a4d161e9ba8edce8b21501a318c46310492e8474f4de06ff2cc3
-
SSDEEP
768:asSphzlEoEri9tFScvOZa86xscFJgZYhPzvhynQuMceIFtksROFJgIYAPiv3:asUbsi9tscvwS7DgWtdJhceIoZDgfgC
Malware Config
Signatures
-
Drops file in Program Files directory 2 IoCs
description ioc Process File opened for modification C:\Program Files\Crashpad\metadata setup.exe File opened for modification C:\Program Files\Crashpad\settings.dat setup.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language autoClicker.exe -
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 9 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756667714161283" chrome.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4512 EXCEL.EXE -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1780 EXCEL.EXE 1780 EXCEL.EXE 4284 chrome.exe 4284 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe Token: SeShutdownPrivilege 4284 chrome.exe Token: SeCreatePagefilePrivilege 4284 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 2612 autoClicker.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe 4284 chrome.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 4512 EXCEL.EXE 4512 EXCEL.EXE 1780 EXCEL.EXE 4512 EXCEL.EXE 4512 EXCEL.EXE 4512 EXCEL.EXE 4512 EXCEL.EXE 4512 EXCEL.EXE 4512 EXCEL.EXE 4512 EXCEL.EXE 4512 EXCEL.EXE 4512 EXCEL.EXE 4512 EXCEL.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4284 wrote to memory of 2952 4284 chrome.exe 104 PID 4284 wrote to memory of 2952 4284 chrome.exe 104 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 4844 4284 chrome.exe 105 PID 4284 wrote to memory of 2868 4284 chrome.exe 106 PID 4284 wrote to memory of 2868 4284 chrome.exe 106 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107 PID 4284 wrote to memory of 4488 4284 chrome.exe 107
Processes
-
C:\Users\Admin\AppData\Local\Temp\autoClicker.exe"C:\Users\Admin\AppData\Local\Temp\autoClicker.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:2612
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\ImportConvertTo.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4512
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\ImportConvertTo.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1780
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4284 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc0a23cc40,0x7ffc0a23cc4c,0x7ffc0a23cc582⤵PID:2952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1832 /prefetch:22⤵PID:4844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2016,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:32⤵PID:2868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2604 /prefetch:82⤵PID:4488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:1728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:1800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4616 /prefetch:12⤵PID:2988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3696 /prefetch:82⤵PID:2876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:82⤵PID:3676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5040,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:82⤵PID:1184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:82⤵PID:3008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5084 /prefetch:82⤵PID:4304
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level2⤵
- Drops file in Program Files directory
PID:4532 -
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff76f0e4698,0x7ff76f0e46a4,0x7ff76f0e46b03⤵
- Drops file in Program Files directory
PID:2872
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:82⤵PID:4560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5320 /prefetch:82⤵PID:3096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5140,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5312 /prefetch:82⤵PID:4804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5324,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:22⤵PID:4916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5156,i,3255396664729685818,7076133552635760313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5288 /prefetch:12⤵PID:5020
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2376
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1736
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
Filesize471B
MD511653bc135563ea466daff1882772382
SHA151317ff25023c9f49c7b9196f19dceba366e3595
SHA256a014d201f4df2deb0a710bf9aa5ebcfe1bef9b900b185fbe12af15c8c044a757
SHA512af2b67dd9dd714e505239c29187ce8cd59c9575937ab6526618196cac5773b01000eebf6a12b3b62afb4264ccdaaceb01595eb433ba0c94b0148addc6a5d764c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
Filesize412B
MD56043e571d4a2010afccdae0df6f9568d
SHA10be9978b0a8ee7fcf325a5b1f9627db77f4ed2c9
SHA256bb6cb99c15cebc3ac528f00108a1a9bf9072c2b579a4316bd0cc3b9e3eb832a8
SHA512f7ecdbf93afcac04f7236faf616329b98303b25164fe0872c363ecf41445c911ee7efa1708e943df619a8d5311b6fe6f189cf4dad121a4d78aa08daf175b6aee
-
Filesize
649B
MD5a4643437981ac49c10fa8f6911b2d9dd
SHA1ddd7d0b14248bbcc3c46bbb276e9a775961a79fc
SHA256dd33f38be93119596036e40ba8463c1091d8f7bdbd1ff12488c5a0800abeb4ca
SHA512b1497d3953a86dfe37a098f642e2d3b1322ceca50b6ddeacab6b3c0fd8475f56ad565a0951a1323aadf1e1fb15ddde0c895dcede02a1932796546f707e6a0963
-
Filesize
215KB
MD5e579aca9a74ae76669750d8879e16bf3
SHA10b8f462b46ec2b2dbaa728bea79d611411bae752
SHA2566e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640
-
Filesize
216B
MD52be0bc8c271bcd45f6b657f6b6421920
SHA165c983f5c1968975673953c427b1c1803e4b3312
SHA256d7316d1e27d24d16d2cf98758405bae8fa74ea9d5dce13a98253a6d94304cb86
SHA512197f9c33ae6c03758514d861920a39c3e860d3a8def0be8eeb465841e71929132fb020cabac0a8b568d5fff50bfc07eb1d7e6be3ef502fbf5100b7d65a82673f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
Filesize851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
Filesize854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD598a826e0e80e25a8b850f5f51957bb3e
SHA1ba7777c78b08c76af54d7f67c197348292002edf
SHA256d57a045cefc9501735e061f8f428a8f0fd892471f6ab55ad98f80d6264db35b0
SHA512e0f624dbc5b343eba1e7b3fce8805731ff9e28ab7582939549e7378f221401db0ead0613913bd94eeb33ada18bf703b7f49f8bdfeae052d2ee71cfc928a70298
-
Filesize
356B
MD5f7044119e4fa7e6540a4460112facc77
SHA1fad01cdede0c860c4b709a813d5aa6d5841749af
SHA2565f97e8f6da27f8f31c617091eaf727d95bfe677f769c6a356174b5090588d488
SHA512702cdfb449b40e4cca983310f70e68e690aae3b12237d90cab65eb4ea32a49080b5bc2e5f0f0817be285cfe560e364fa543f82f027995cd8b833723600aaea10
-
Filesize
9KB
MD56f3be51241e9b7937dc48a98761a60ad
SHA14f169c71359521f5657626341c98ef5b73ff48ae
SHA256609e09cd8c3ef9156630eec2a5498db9d687c03b0ebb11bf900767181c3ddabd
SHA512d3663e03f18fb18ba77fdcabfd38c456f8dd6e3b0f02a77709ec0ce5ab716c2920b8a01f4c907174022925461aedfa925602e9c3bc834043105a33c1b60f13a8
-
Filesize
9KB
MD587690eac1f25dbe4aba50c9e102aa672
SHA1052a0989d229ebaa68007939522e464e77fa28db
SHA25663f452b0a467ce53bf65d9c01d0873825ac3795f98e0b7fd21b0be13e87e0988
SHA5129eb4caa646293b6a6b4f44259a6b2e19eef5507ceb21ecef7358b4caf5698b3ef1c0048d74da124631247e4675fa541aac19b76484bc87bd0b27e52a619c298c
-
Filesize
15KB
MD58d396e60a7f67146fc7fa1cbab9c6db6
SHA1e4d48e23bbd45e5dc1966ebf1137483d793fb1b8
SHA256a01d17f6094aab73275564dac5676e656ae7509dec199cab8ab57ccac5d5c528
SHA51263d08a59859605698492f16a6d21248cafeaec9a0804697a27ad886ac763ee1ea5054008812fcbe9bb66bd95a0ae9c41446eeb145f5413dcef20ceb386a141ea
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD54f1c7132ceae920d7855fa4d1a9edff9
SHA151e2a6f7c41834b7e15c058c050bcf21e25292b2
SHA2562d1a5950abfa12be0627ead657587e391a62410d05db918237323b3465836683
SHA5128845e8224b6915cbed68526efc10106735f7dc94798af46afd87516181d536635c2bab7bcfc34d1341fd09fd0087b768ad69a9ace6831a81a9c18b9d21e2c79a
-
Filesize
232KB
MD579f9bdafe80dbcb135ff90ec3b09a1b4
SHA1af43c2d3d68344efb6342e02704d8af5827afa73
SHA2561e18fc7e69d958962441f16d020bdf961c7abff1ca43ac74365b0c866054c2aa
SHA51279ae91cd8bbef0a89f5745aa2780642bfb98183211e3db864a644d0a9b75ca1dc7fc810d5bb78e95687bba78311d6e9c360f79bfa33c28ab8ce8b67665c6e8a3
-
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C26D6945-7975-4461-9AD0-7BD35C23CDCE
Filesize174KB
MD56359bfc02c836b438e851331c275b97e
SHA1cf1b259375e0554b632f6b65d02c54d4675c70db
SHA2565e95d42f9795554c8b7795e8942ad46e80db2dc74af3130f6261b573fd3de222
SHA512f7fa382188e69bbd1e5994aff059a68c01d628457d2e0e0109979c34bfd3d5d3a294b3d39e778f4e6a1794a8212d69738893d02c4a9b14706a0d9e475dc3ca27
-
Filesize
12KB
MD5ccf21dff9440a45629294ec213774985
SHA115335177661ad9bc968c0cf0db2e1bd20e687112
SHA256b238e908a8e338a607da5b73ddfcaa02c3807e16f2d07ef4cc423c95b32a4f65
SHA51246403599273edaa338cbbc5dd76c1e30c2cd4197f79346f47e4f82d171053e9e5bbfca60356aa439fb48267cd89aff807f702d5bbbe595e5e7907f7fd75ced4c
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres
Filesize2KB
MD51ccdc8bbff37b3bd530c623ccec01491
SHA15566b759d84365b31af3bd2714e42ddb4ee9d884
SHA256ae0f97272aeded3b3ec521e4f76bd746a3e5e894c4ca55547701a4911a6d890a
SHA512aa11557672d5e78be8c5410bb4220e6c8d15cf1a6254e7453d78b2d0f76f2731dd33c7ca623b93bb7b67fa381c9c864315cf68325dc94f22b789436c3cd369c9
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir4284_1404318324\19195436-032c-48c3-a49c-fa49ef5f9b60.tmp
Filesize132KB
MD5da75bb05d10acc967eecaac040d3d733
SHA195c08e067df713af8992db113f7e9aec84f17181
SHA25633ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA51256533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir4284_1404318324\CRX_INSTALL\_locales\en_CA\messages.json
Filesize711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727
-
Filesize
216B
MD54ea32ec2b0eb9e7b68af32f96c401c37
SHA10f635e8c6535c59af36989318ff2813845a69550
SHA256922707ecc2bd016af06712e0d7f72a4c0652739f9fd0f5ad56e21923192a73cb
SHA512b281f2197d5f55618ebffdb2d81c7a3c855906a708d99917b0cd4a5e132b2f96b9d94d70129ac0bc34f40d45c7c88099ba1f397a78d86e9af750e8639e845e8c