Automated Malware Analysis IOC Report for

Details

File:	C:\Program Files\AutoClicker\AutoClicker.exe (copy)
Category:	dropped
Dump:	is-0KEB0.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Queries memory information (via WMI often done to detect virtual machines)	Malware Analysis System Evasion	Security Software Discovery Windows Management Instrumentation
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Checks if the current process is being debugged	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Contains capabilities to detect virtual machines	Malware Analysis System Evasion	Security Software Discovery Virtualization/Sandbox Evasion
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
One or more processes crash	System Summary
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)	Malware Analysis System Evasion	System Information Discovery Security Software Discovery Windows Management Instrumentation Virtualization/Sandbox Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses Microsoft Silverlight	System Summary

Details

File:	C:\Program Files\AutoClicker\AutoClicker.exe.config (copy)
Category:	dropped
Dump:	is-6GE5G.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Queries memory information (via WMI often done to detect virtual machines)	Malware Analysis System Evasion	Security Software Discovery Windows Management Instrumentation
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Checks if the current process is being debugged	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Contains capabilities to detect virtual machines	Malware Analysis System Evasion	Security Software Discovery Virtualization/Sandbox Evasion
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
One or more processes crash	System Summary
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)	Malware Analysis System Evasion	System Information Discovery Security Software Discovery Windows Management Instrumentation Virtualization/Sandbox Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses Microsoft Silverlight	System Summary

Details

File:	C:\Program Files\AutoClicker\AutoClicker.pdb (copy)
Category:	dropped
Dump:	is-F3RC7.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	MSVC program database ver 7.00, 512*275 bytes
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\AutoClickerUpdate.bat
Category:	dropped
Dump:	AutoClickerUpdate.bat.16.dr
ID:	dr_45
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	DOS batch file, ASCII text, with CRLF line terminators
Entropy:	4.888380696166569
Encrypted:	false
Size:	89
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Executes batch files	System Summary	Scripting
Spawns processes	System Summary	Process Injection
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\CommonServiceLocator.dll (copy)
Category:	dropped
Dump:	is-6KBP3.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\Microsoft.Bcl.AsyncInterfaces.dll (copy)
Category:	dropped
Dump:	is-87DHK.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\Microsoft.Bcl.AsyncInterfaces.xml (copy)
Category:	dropped
Dump:	is-O9D5K.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, ASCII text, with very long lines (321), with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\Microsoft.Practices.Prism.dll (copy)
Category:	dropped
Dump:	is-L257R.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\Microsoft.Practices.Prism.xml (copy)
Category:	dropped
Dump:	is-VE7A3.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, ASCII text, with very long lines (354), with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\Resources\Icons\icon.ico (copy)
Category:	dropped
Dump:	is-MCER5.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\Resources\Icons\icon_running.ico (copy)
Category:	dropped
Dump:	is-F6BGF.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\Resources\Icons\is-F6BGF.tmp
Category:	dropped
Dump:	is-F6BGF.tmp.16.dr
ID:	dr_43
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel
Entropy:	2.320342896673408
Encrypted:	false
Size:	67646
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\Resources\Icons\is-MCER5.tmp
Category:	dropped
Dump:	is-MCER5.tmp.16.dr
ID:	dr_42
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel
Entropy:	1.823879389181752
Encrypted:	false
Size:	67646
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\Resources\Icons\is-V8S6A.tmp
Category:	dropped
Dump:	is-V8S6A.tmp.16.dr
ID:	dr_44
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit gray+alpha, non-interlaced, 32 bits/pixel
Entropy:	7.938201373726621
Encrypted:	false
Size:	4810
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\Resources\Icons\location-crosshairs-solid.ico (copy)
Category:	dropped
Dump:	is-V8S6A.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit gray+alpha, non-interlaced, 32 bits/pixel
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\Resources\is-S0GGU.tmp
Category:	dropped
Dump:	is-S0GGU.tmp.16.dr
ID:	dr_41
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	JSON data
Entropy:	4.776634445789893
Encrypted:	false
Size:	13502
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\Resources\keyMappings.json (copy)
Category:	dropped
Dump:	is-S0GGU.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	JSON data
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\Serilog.Sinks.Console.dll (copy)
Category:	dropped
Dump:	is-0CSCM.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\Serilog.Sinks.Console.xml (copy)
Category:	dropped
Dump:	is-H2EM6.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, ASCII text, with very long lines (346), with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\Serilog.Sinks.File.dll (copy)
Category:	dropped
Dump:	is-5598U.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\Serilog.Sinks.File.pdb (copy)
Category:	dropped
Dump:	is-3HHMQ.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	Microsoft Roslyn C# debugging symbols version 1.0
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\Serilog.Sinks.File.xml (copy)
Category:	dropped
Dump:	is-KTLDF.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, ASCII text, with very long lines (499), with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\Serilog.dll (copy)
Category:	dropped
Dump:	is-CRA9L.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\Serilog.xml (copy)
Category:	dropped
Dump:	is-9TFL3.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, ASCII text, with very long lines (454), with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\System.Buffers.dll (copy)
Category:	dropped
Dump:	is-BB1AB.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\System.Buffers.xml (copy)
Category:	dropped
Dump:	is-UEA0R.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (727), with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\System.Memory.dll (copy)
Category:	dropped
Dump:	is-QGFEN.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\System.Memory.xml (copy)
Category:	dropped
Dump:	is-0PK67.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\System.Numerics.Vectors.dll (copy)
Category:	dropped
Dump:	is-1P3N2.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\System.Numerics.Vectors.xml (copy)
Category:	dropped
Dump:	is-LIGJH.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\System.Runtime.CompilerServices.Unsafe.dll (copy)
Category:	dropped
Dump:	is-EDLB4.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\System.Runtime.CompilerServices.Unsafe.xml (copy)
Category:	dropped
Dump:	is-PJAFC.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\System.Text.Encodings.Web.dll (copy)
Category:	dropped
Dump:	is-BRFBS.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\System.Text.Encodings.Web.xml (copy)
Category:	dropped
Dump:	is-1ENUK.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (347), with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\System.Text.Json.dll (copy)
Category:	dropped
Dump:	is-9FRHH.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\System.Text.Json.xml (copy)
Category:	dropped
Dump:	is-VMGQA.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\System.Threading.Tasks.Extensions.dll (copy)
Category:	dropped
Dump:	is-6FJPH.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\System.Threading.Tasks.Extensions.xml (copy)
Category:	dropped
Dump:	is-UV5LR.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\System.ValueTuple.dll (copy)
Category:	dropped
Dump:	is-HFM4K.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\System.ValueTuple.xml (copy)
Category:	dropped
Dump:	is-IP3KO.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\System.Windows.Interactivity.dll (copy)
Category:	dropped
Dump:	is-M8N4O.tmp.16.dr
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\AutoClicker\is-0CSCM.tmp
Category:	dropped
Dump:	is-0CSCM.tmp.16.dr
ID:	dr_18
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.673107275613713
Encrypted:	false
Size:	35840
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-0KEB0.tmp
Category:	dropped
Dump:	is-0KEB0.tmp.16.dr
ID:	dr_47
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.037441490542759
Encrypted:	false
Size:	221488
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-0PK67.tmp
Category:	dropped
Dump:	is-0PK67.tmp.16.dr
ID:	dr_27
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	4.749162715500682
Encrypted:	false
Size:	13950
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-1ENUK.tmp
Category:	dropped
Dump:	is-1ENUK.tmp.16.dr
ID:	dr_33
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (347), with CRLF line terminators
Entropy:	5.113786858273216
Encrypted:	false
Size:	62941
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-1P3N2.tmp
Category:	dropped
Dump:	is-1P3N2.tmp.16.dr
ID:	dr_28
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.631610124521223
Encrypted:	false
Size:	115856
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-3HHMQ.tmp
Category:	dropped
Dump:	is-3HHMQ.tmp.16.dr
ID:	dr_21
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	Microsoft Roslyn C# debugging symbols version 1.0
Entropy:	5.894275997148726
Encrypted:	false
Size:	10852
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-5598U.tmp
Category:	dropped
Dump:	is-5598U.tmp.16.dr
ID:	dr_20
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.665095862444878
Encrypted:	false
Size:	33280
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-6FJPH.tmp
Category:	dropped
Dump:	is-6FJPH.tmp.16.dr
ID:	dr_36
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.291520154015514
Encrypted:	false
Size:	25984
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-6GE5G.tmp
Category:	dropped
Dump:	is-6GE5G.tmp.16.dr
ID:	dr_48
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	5.063342095011061
Encrypted:	false
Size:	565
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-6KBP3.tmp
Category:	dropped
Dump:	is-6KBP3.tmp.16.dr
ID:	dr_50
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	4.8590699243732
Encrypted:	false
Size:	9728
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-87DHK.tmp
Category:	dropped
Dump:	is-87DHK.tmp.16.dr
ID:	dr_13
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.448532891103289
Encrypted:	false
Size:	20872
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-9FRHH.tmp
Category:	dropped
Dump:	is-9FRHH.tmp.16.dr
ID:	dr_34
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.089400920308145
Encrypted:	false
Size:	355720
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-9TFL3.tmp
Category:	dropped
Dump:	is-9TFL3.tmp.16.dr
ID:	dr_23
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, ASCII text, with very long lines (454), with CRLF line terminators
Entropy:	4.583371658316939
Encrypted:	false
Size:	290712
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-BB1AB.tmp
Category:	dropped
Dump:	is-BB1AB.tmp.16.dr
ID:	dr_24
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.425485073687783
Encrypted:	false
Size:	20856
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-BRFBS.tmp
Category:	dropped
Dump:	is-BRFBS.tmp.16.dr
ID:	dr_32
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.977153039222987
Encrypted:	false
Size:	68472
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-CRA9L.tmp
Category:	dropped
Dump:	is-CRA9L.tmp.16.dr
ID:	dr_17
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.956128121745012
Encrypted:	false
Size:	126464
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-EDLB4.tmp
Category:	dropped
Dump:	is-EDLB4.tmp.16.dr
ID:	dr_30
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.378509219645678
Encrypted:	false
Size:	16768
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-F3RC7.tmp
Category:	dropped
Dump:	is-F3RC7.tmp.16.dr
ID:	dr_49
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	MSVC program database ver 7.00, 512*275 bytes
Entropy:	3.9163931661198164
Encrypted:	false
Size:	140800
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-H2EM6.tmp
Category:	dropped
Dump:	is-H2EM6.tmp.16.dr
ID:	dr_19
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, ASCII text, with very long lines (346), with CRLF line terminators
Entropy:	4.5578264753726145
Encrypted:	false
Size:	16817
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-HFM4K.tmp
Category:	dropped
Dump:	is-HFM4K.tmp.16.dr
ID:	dr_38
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.672539084038871
Encrypted:	false
Size:	25232
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-IP3KO.tmp
Category:	dropped
Dump:	is-IP3KO.tmp.16.dr
ID:	dr_39
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.391770241438592
Encrypted:	false
Size:	142
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-KTLDF.tmp
Category:	dropped
Dump:	is-KTLDF.tmp.16.dr
ID:	dr_22
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, ASCII text, with very long lines (499), with CRLF line terminators
Entropy:	4.724633474917721
Encrypted:	false
Size:	44010
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-L257R.tmp
Category:	dropped
Dump:	is-L257R.tmp.16.dr
ID:	dr_15
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.065911468948355
Encrypted:	false
Size:	153416
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-LIGJH.tmp
Category:	dropped
Dump:	is-LIGJH.tmp.16.dr
ID:	dr_29
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	4.7848212109760935
Encrypted:	false
Size:	183484
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-M8N4O.tmp
Category:	dropped
Dump:	is-M8N4O.tmp.16.dr
ID:	dr_40
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.593512133791687
Encrypted:	false
Size:	39936
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-O9D5K.tmp
Category:	dropped
Dump:	is-O9D5K.tmp.16.dr
ID:	dr_14
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, ASCII text, with very long lines (321), with CRLF line terminators
Entropy:	4.720079384519439
Encrypted:	false
Size:	18215
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-PJAFC.tmp
Category:	dropped
Dump:	is-PJAFC.tmp.16.dr
ID:	dr_31
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	4.745450356704606
Encrypted:	false
Size:	17998
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-QGFEN.tmp
Category:	dropped
Dump:	is-QGFEN.tmp.16.dr
ID:	dr_26
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.115495759785268
Encrypted:	false
Size:	141184
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-UEA0R.tmp
Category:	dropped
Dump:	is-UEA0R.tmp.16.dr
ID:	dr_25
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (727), with CRLF line terminators
Entropy:	4.808701688265429
Encrypted:	false
Size:	3481
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-UV5LR.tmp
Category:	dropped
Dump:	is-UV5LR.tmp.16.dr
ID:	dr_37
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	4.891178331598223
Encrypted:	false
Size:	10147
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-VE7A3.tmp
Category:	dropped
Dump:	is-VE7A3.tmp.16.dr
ID:	dr_16
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, ASCII text, with very long lines (354), with CRLF line terminators
Entropy:	4.618530832145614
Encrypted:	false
Size:	389301
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\AutoClicker\is-VMGQA.tmp
Category:	dropped
Dump:	is-VMGQA.tmp.16.dr
ID:	dr_35
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	4.887446132371486
Encrypted:	false
Size:	244053
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_AutoClicker.exe_66b4896887b9d3ad052f967583dad879eb4f10_8c46e609_a878767d-ecfd-4a86-8295-2ae2eede3950\Report.wer
Category:	dropped
Dump:	Report.wer.24.dr
ID:	dr_118
Target ID:	24
Process:	C:\Windows\System32\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	1.440379988048841
Encrypted:	false
Size:	65536
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB77.tmp.dmp
Category:	dropped
Dump:	WERFB77.tmp.dmp.24.dr
ID:	dr_115
Target ID:	24
Process:	C:\Windows\System32\WerFault.exe
Type:	Mini DuMP crash report, 16 streams, Mon Oct 21 08:35:05 2024, 0x1205a4 type
Entropy:	3.508390273003524
Encrypted:	false
Size:	763443
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERFDD9.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WERFDD9.tmp.WERInternalMetadata.xml.24.dr
ID:	dr_116
Target ID:	24
Process:	C:\Windows\System32\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.722941452250259
Encrypted:	false
Size:	8196
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERFDFA.tmp.xml
Category:	dropped
Dump:	WERFDFA.tmp.xml.24.dr
ID:	dr_117
Target ID:	24
Process:	C:\Windows\System32\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.468669549523357
Encrypted:	false
Size:	4809
Whitelisted:	false

Details

File:	C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Category:	dropped
Dump:	77EC63BDA74BD0D0E0426DC8F8008506.0.dr
ID:	dr_10
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Entropy:	7.996617769952133
Encrypted:	true
Size:	71954
Whitelisted:	false

Details

File:	C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560
Category:	dropped
Dump:	C5C8CC0A7FE31816B4641D0465402560.0.dr
ID:	dr_8
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Certificate, Version=3
Entropy:	7.676048742462893
Encrypted:	false
Size:	1398
Whitelisted:	false

Details

File:	C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Category:	dropped
Dump:	77EC63BDA74BD0D0E0426DC8F80085060.0.dr
ID:	dr_11
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	data
Entropy:	3.150184159866505
Encrypted:	false
Size:	328
Whitelisted:	false

Details

File:	C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C5C8CC0A7FE31816B4641D0465402560
Category:	dropped
Dump:	C5C8CC0A7FE31816B4641D04654025600.0.dr
ID:	dr_9
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	data
Entropy:	3.1097887147766574
Encrypted:	false
Size:	264
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Category:	dropped
Dump:	HUY.tmp.15.dr
ID:	dr_12
Target ID:	15
Process:	C:\Users\user\Downloads\HUY.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.547568441256817
Encrypted:	false
Size:	3347968
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Executes batch files	System Summary	Scripting
Parts of this applications are using Borland Delphi (Probably coded in Delphi)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Reads ini files	System Summary	File and Directory Discovery
Reads the Windows registered organization settings	System Summary	System Owner/User Discovery
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading
Executable creates window controls seldom found in malware	System Summary
Reads the Windows registered owner settings	System Summary	System Owner/User Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\is-995L5.tmp\_isetup\_setup64.tmp
Category:	dropped
Dump:	_setup64.tmp.16.dr
ID:	dr_46
Target ID:	16
Process:	C:\Users\user\AppData\Local\Temp\is-7IBMG.tmp\HUY.tmp
Type:	PE32+ executable (console) x86-64, for MS Windows
Entropy:	4.720366600008286
Encrypted:	false
Size:	6144
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Roaming\AutoClick_Logs.txt
Category:	dropped
Dump:	AutoClick_Logs.txt.17.dr
ID:	dr_114
Target ID:	17
Process:	C:\Program Files\AutoClicker\AutoClicker.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.933506510911778
Encrypted:	false
Size:	963
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 07:33:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9820778334626885
Encrypted:	false
Size:	2673
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Category:	dropped
Dump:	Gmail.lnk.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 07:33:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9979144344937914
Encrypted:	false
Size:	2675
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Category:	dropped
Dump:	Google Drive.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.004914952425411
Encrypted:	false
Size:	2689
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Category:	dropped
Dump:	Sheets.lnk.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 07:33:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.996915057295757
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Category:	dropped
Dump:	Slides.lnk.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 07:33:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9857308771680966
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Category:	dropped
Dump:	YouTube.lnk.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 07:33:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9940738641091524
Encrypted:	false
Size:	2679
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\Downloads\HUY.exe (copy)
Category:	dropped
Dump:	Unconfirmed 531338.crdownload.0.dr
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Parts of this applications are using Borland Delphi (Probably coded in Delphi)	System Summary
Reads software policies	System Summary	System Information Discovery
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

Details

File:	C:\Users\user\Downloads\Unconfirmed 531338.crdownload
Category:	dropped
Dump:	Unconfirmed 531338.crdownload.0.dr
ID:	dr_7
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.663493545166155
Encrypted:	false
Size:	2320432
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\Downloads\a1f41e66-b911-4f6f-a1d6-c04ee74d607c.tmp
Category:	dropped
Dump:	a1f41e66-b911-4f6f-a1d6-c04ee74d607c.tmp.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	5.047814772405344
Encrypted:	false
Size:	11024
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Windows\appcompat\Programs\Amcache.hve
Category:	dropped
Dump:	Amcache.hve.24.dr
ID:	dr_119
Target ID:	24
Process:	C:\Windows\System32\WerFault.exe
Type:	MS Windows registry file, NT/2000 or above
Entropy:	4.310204128008591
Encrypted:	false
Size:	1835008
Whitelisted:	false

Details

File:	Chrome Cache Entry: 166
Category:	dropped
Dump:	chromecache_166.1.dr
ID:	dr_73
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.951485791233685
Encrypted:	false
Size:	10638
Whitelisted:	false

Details

File:	Chrome Cache Entry: 167
Category:	dropped
Dump:	chromecache_167.1.dr
ID:	dr_74
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.9551865197482385
Encrypted:	false
Size:	10516
Whitelisted:	false

Details

File:	Chrome Cache Entry: 168
Category:	downloaded
Dump:	chromecache_168.1.dr
ID:	dr_75
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Unicode text, UTF-8 text, with very long lines (63028), with no line terminators
Entropy:	5.412899607461144
Encrypted:	false
Size:	63065
Whitelisted:	false

Details

File:	Chrome Cache Entry: 169
Category:	dropped
Dump:	chromecache_169.1.dr
ID:	dr_76
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.951658407981711
Encrypted:	false
Size:	10977
Whitelisted:	false

Details

File:	Chrome Cache Entry: 170
Category:	downloaded
Dump:	chromecache_170.1.dr
ID:	dr_77
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JSON data
Entropy:	1.0
Encrypted:	false
Size:	2
Whitelisted:	false

Details

File:	Chrome Cache Entry: 173
Category:	dropped
Dump:	chromecache_173.1.dr
ID:	dr_78
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.94869394263098
Encrypted:	false
Size:	10608
Whitelisted:	false

Details

File:	Chrome Cache Entry: 174
Category:	downloaded
Dump:	chromecache_174.1.dr
ID:	dr_79
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (423), with no line terminators
Entropy:	5.49220772697533
Encrypted:	false
Size:	423
Whitelisted:	false

Details

File:	Chrome Cache Entry: 175
Category:	dropped
Dump:	chromecache_175.1.dr
ID:	dr_80
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JSON data
Entropy:	6.020905969396758
Encrypted:	false
Size:	815
Whitelisted:	false

Details

File:	Chrome Cache Entry: 176
Category:	downloaded
Dump:	chromecache_176.1.dr
ID:	dr_81
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text
Entropy:	5.19498942509178
Encrypted:	false
Size:	273
Whitelisted:	false

Details

File:	Chrome Cache Entry: 178
Category:	dropped
Dump:	chromecache_178.1.dr
ID:	dr_82
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.948033934492162
Encrypted:	false
Size:	9399
Whitelisted:	false

Details

File:	Chrome Cache Entry: 179
Category:	dropped
Dump:	chromecache_179.1.dr
ID:	dr_83
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (5945)
Entropy:	5.572298135265014
Encrypted:	false
Size:	292025
Whitelisted:	false

Details

File:	Chrome Cache Entry: 180
Category:	dropped
Dump:	chromecache_180.1.dr
ID:	dr_84
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JSON data
Entropy:	6.042370482315896
Encrypted:	false
Size:	810
Whitelisted:	false

Details

File:	Chrome Cache Entry: 181
Category:	dropped
Dump:	chromecache_181.1.dr
ID:	dr_85
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.9300162158811816
Encrypted:	false
Size:	9970
Whitelisted:	false

Details

File:	Chrome Cache Entry: 182
Category:	dropped
Dump:	chromecache_182.1.dr
ID:	dr_86
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.945199873477728
Encrypted:	false
Size:	9500
Whitelisted:	false

Details

File:	Chrome Cache Entry: 183
Category:	downloaded
Dump:	chromecache_183.1.dr
ID:	dr_87
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.949152002985804
Encrypted:	false
Size:	9997
Whitelisted:	false

Details

File:	Chrome Cache Entry: 184
Category:	downloaded
Dump:	chromecache_184.1.dr
ID:	dr_88
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 492x328, Suserng: [none]x[none], YUV color, decoders should clamp
Entropy:	7.979739614767022
Encrypted:	false
Size:	10182
Whitelisted:	false

Details

File:	Chrome Cache Entry: 185
Category:	downloaded
Dump:	chromecache_185.1.dr
ID:	dr_89
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with no line terminators
Entropy:	3.875
Encrypted:	false
Size:	16
Whitelisted:	false

Details

File:	Chrome Cache Entry: 186
Category:	downloaded
Dump:	chromecache_186.1.dr
ID:	dr_90
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text, with very long lines (945), with CRLF line terminators
Entropy:	5.379934574605016
Encrypted:	false
Size:	44875
Whitelisted:	false

Details

File:	Chrome Cache Entry: 187
Category:	downloaded
Dump:	chromecache_187.1.dr
ID:	dr_91
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (8033), with no line terminators
Entropy:	5.780842986123057
Encrypted:	false
Size:	8033
Whitelisted:	false

Details

File:	Chrome Cache Entry: 189
Category:	dropped
Dump:	chromecache_189.1.dr
ID:	dr_92
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JSON data
Entropy:	6.096573525944823
Encrypted:	false
Size:	1028
Whitelisted:	false

Details

File:	Chrome Cache Entry: 190
Category:	downloaded
Dump:	chromecache_190.1.dr
ID:	dr_93
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.947094003203277
Encrypted:	false
Size:	10976
Whitelisted:	false

Details

File:	Chrome Cache Entry: 192
Category:	downloaded
Dump:	chromecache_192.1.dr
ID:	dr_94
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text, with CRLF line terminators
Entropy:	4.742453633590748
Encrypted:	false
Size:	555
Whitelisted:	false

Details

File:	Chrome Cache Entry: 193
Category:	downloaded
Dump:	chromecache_193.1.dr
ID:	dr_95
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Suserng: [none]x[none], YUV color, decoders should clamp
Entropy:	7.921466406178471
Encrypted:	false
Size:	2706
Whitelisted:	false

Details

File:	Chrome Cache Entry: 194
Category:	dropped
Dump:	chromecache_194.1.dr
ID:	dr_96
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.934705273153087
Encrypted:	false
Size:	11000
Whitelisted:	false

Details

File:	Chrome Cache Entry: 196
Category:	downloaded
Dump:	chromecache_196.1.dr
ID:	dr_97
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text, with very long lines (2116), with CRLF line terminators
Entropy:	5.84263105810355
Encrypted:	false
Size:	5015
Whitelisted:	false

Details

File:	Chrome Cache Entry: 198
Category:	downloaded
Dump:	chromecache_198.1.dr
ID:	dr_98
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PNG image data, 6 x 6, 8-bit/color RGBA, non-interlaced
Entropy:	5.8566085481171175
Encrypted:	false
Size:	152
Whitelisted:	false

Details

File:	Chrome Cache Entry: 199
Category:	downloaded
Dump:	chromecache_199.1.dr
ID:	dr_99
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, Unicode text, UTF-8 text, with very long lines (14121)
Entropy:	6.168272990183447
Encrypted:	false
Size:	33798
Whitelisted:	false

Details

File:	Chrome Cache Entry: 204
Category:	downloaded
Dump:	chromecache_204.1.dr
ID:	dr_100
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.944076884398327
Encrypted:	false
Size:	9818
Whitelisted:	false

Details

File:	Chrome Cache Entry: 209
Category:	downloaded
Dump:	chromecache_209.1.dr
ID:	dr_101
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JSON data
Entropy:	4.987059078764934
Encrypted:	false
Size:	49
Whitelisted:	false

Details

File:	Chrome Cache Entry: 211
Category:	dropped
Dump:	chromecache_211.1.dr
ID:	dr_102
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.954592358576214
Encrypted:	false
Size:	10601
Whitelisted:	false

Details

File:	Chrome Cache Entry: 214
Category:	dropped
Dump:	chromecache_214.1.dr
ID:	dr_103
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.953998193109004
Encrypted:	false
Size:	10405
Whitelisted:	false

Details

File:	Chrome Cache Entry: 216
Category:	dropped
Dump:	chromecache_216.1.dr
ID:	dr_104
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (33530)
Entropy:	5.592563297305314
Encrypted:	false
Size:	33531
Whitelisted:	false

Details

File:	Chrome Cache Entry: 217
Category:	dropped
Dump:	chromecache_217.1.dr
ID:	dr_105
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Unicode text, UTF-8 text, with very long lines (65499), with no line terminators
Entropy:	5.413479565535034
Encrypted:	false
Size:	126316
Whitelisted:	false

Details

File:	Chrome Cache Entry: 219
Category:	dropped
Dump:	chromecache_219.1.dr
ID:	dr_106
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.943772604641774
Encrypted:	false
Size:	10480
Whitelisted:	false

Details

File:	Chrome Cache Entry: 220
Category:	dropped
Dump:	chromecache_220.1.dr
ID:	dr_107
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel
Entropy:	5.626512217804981
Encrypted:	false
Size:	1406
Whitelisted:	false

Details

File:	Chrome Cache Entry: 223
Category:	downloaded
Dump:	chromecache_223.1.dr
ID:	dr_108
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PNG image data, 8 x 9, 8-bit/color RGBA, non-interlaced
Entropy:	6.293573469582512
Encrypted:	false
Size:	1071
Whitelisted:	false

Details

File:	Chrome Cache Entry: 225
Category:	downloaded
Dump:	chromecache_225.1.dr
ID:	dr_109
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 165x220, components 3
Entropy:	7.954761064672378
Encrypted:	false
Size:	22089
Whitelisted:	false

Details

File:	Chrome Cache Entry: 226
Category:	dropped
Dump:	chromecache_226.1.dr
ID:	dr_110
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (8030), with no line terminators
Entropy:	5.755424150381186
Encrypted:	false
Size:	8030
Whitelisted:	false

Details

File:	Chrome Cache Entry: 227
Category:	dropped
Dump:	chromecache_227.1.dr
ID:	dr_111
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.9591728236218104
Encrypted:	false
Size:	10511
Whitelisted:	false

Details

File:	Chrome Cache Entry: 228
Category:	downloaded
Dump:	chromecache_228.1.dr
ID:	dr_112
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.9534910330097635
Encrypted:	false
Size:	9836
Whitelisted:	false

Details

File:	Chrome Cache Entry: 229
Category:	downloaded
Dump:	chromecache_229.1.dr
ID:	dr_113
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.95488577535526
Encrypted:	false
Size:	10334
Whitelisted:	false

Details

File:	Chrome Cache Entry: 231
Category:	downloaded
Dump:	chromecache_231.1.dr
ID:	dr_51
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (11044)
Entropy:	5.161163232465167
Encrypted:	false
Size:	11045
Whitelisted:	false

Details

File:	Chrome Cache Entry: 232
Category:	downloaded
Dump:	chromecache_232.1.dr
ID:	dr_52
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 492x328, Suserng: [none]x[none], YUV color, decoders should clamp
Entropy:	7.975900732760852
Encrypted:	false
Size:	8446
Whitelisted:	false

Details

File:	Chrome Cache Entry: 235
Category:	downloaded
Dump:	chromecache_235.1.dr
ID:	dr_53
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (761)
Entropy:	5.117485153327064
Encrypted:	false
Size:	30540
Whitelisted:	false

Details

File:	Chrome Cache Entry: 236
Category:	dropped
Dump:	chromecache_236.1.dr
ID:	dr_54
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (423), with no line terminators
Entropy:	5.420370344176628
Encrypted:	false
Size:	423
Whitelisted:	false

Details

File:	Chrome Cache Entry: 239
Category:	downloaded
Dump:	chromecache_239.1.dr
ID:	dr_55
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.939956549987357
Encrypted:	false
Size:	9495
Whitelisted:	false

Details

File:	Chrome Cache Entry: 242
Category:	downloaded
Dump:	chromecache_242.1.dr
ID:	dr_56
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.953976956935996
Encrypted:	false
Size:	10676
Whitelisted:	false

Details

File:	Chrome Cache Entry: 243
Category:	downloaded
Dump:	chromecache_243.1.dr
ID:	dr_57
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JSON data
Entropy:	6.0983423739521
Encrypted:	false
Size:	1028
Whitelisted:	false

Details

File:	Chrome Cache Entry: 244
Category:	dropped
Dump:	chromecache_244.1.dr
ID:	dr_58
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.952917251496587
Encrypted:	false
Size:	10505
Whitelisted:	false

Details

File:	Chrome Cache Entry: 245
Category:	downloaded
Dump:	chromecache_245.1.dr
ID:	dr_59
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Java source, ASCII text
Entropy:	4.253600351027018
Encrypted:	false
Size:	53
Whitelisted:	false

Details

File:	Chrome Cache Entry: 246
Category:	downloaded
Dump:	chromecache_246.1.dr
ID:	dr_60
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Unicode text, UTF-8 text, with very long lines (65499), with no line terminators
Entropy:	5.414028349198069
Encrypted:	false
Size:	91526
Whitelisted:	false

Details

File:	Chrome Cache Entry: 247
Category:	dropped
Dump:	chromecache_247.1.dr
ID:	dr_61
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.950166066626957
Encrypted:	false
Size:	10856
Whitelisted:	false

Details

File:	Chrome Cache Entry: 250
Category:	downloaded
Dump:	chromecache_250.1.dr
ID:	dr_62
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JSON data
Entropy:	6.007391146052247
Encrypted:	false
Size:	815
Whitelisted:	false

Details

File:	Chrome Cache Entry: 251
Category:	downloaded
Dump:	chromecache_251.1.dr
ID:	dr_63
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with no line terminators
Entropy:	3.875
Encrypted:	false
Size:	16
Whitelisted:	false

Details

File:	Chrome Cache Entry: 254
Category:	dropped
Dump:	chromecache_254.1.dr
ID:	dr_64
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.9506795239058
Encrypted:	false
Size:	11290
Whitelisted:	false

Details

File:	Chrome Cache Entry: 255
Category:	dropped
Dump:	chromecache_255.1.dr
ID:	dr_65
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JSON data
Entropy:	4.946242752234321
Encrypted:	false
Size:	49
Whitelisted:	false

Details

File:	Chrome Cache Entry: 257
Category:	downloaded
Dump:	chromecache_257.1.dr
ID:	dr_66
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JSON data
Entropy:	6.025521755404294
Encrypted:	false
Size:	810
Whitelisted:	false

Details

File:	Chrome Cache Entry: 258
Category:	downloaded
Dump:	chromecache_258.1.dr
ID:	dr_67
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text, with very long lines (26378)
Entropy:	6.138309871857922
Encrypted:	false
Size:	83563
Whitelisted:	false

Details

File:	Chrome Cache Entry: 260
Category:	dropped
Dump:	chromecache_260.1.dr
ID:	dr_68
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.948334825786873
Encrypted:	false
Size:	9550
Whitelisted:	false

Details

File:	Chrome Cache Entry: 261
Category:	downloaded
Dump:	chromecache_261.1.dr
ID:	dr_69
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (5945)
Entropy:	5.572328785688042
Encrypted:	false
Size:	292025
Whitelisted:	false

Details

File:	Chrome Cache Entry: 265
Category:	downloaded
Dump:	chromecache_265.1.dr
ID:	dr_70
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.951467541015309
Encrypted:	false
Size:	10686
Whitelisted:	false

Details

File:	Chrome Cache Entry: 267
Category:	downloaded
Dump:	chromecache_267.1.dr
ID:	dr_71
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.952954466664276
Encrypted:	false
Size:	10576
Whitelisted:	false

Details

File:	Chrome Cache Entry: 268
Category:	dropped
Dump:	chromecache_268.1.dr
ID:	dr_72
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "JPG edited with https://ezgif.com/optijpeg", baseline, precision 8, 165x220, components 3
Entropy:	7.959245229348187
Encrypted:	false
Size:	10574
Whitelisted:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
http://www.5movierulz.mom

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttp://www.5movierulz.mom

Files

URLs

Domains

IPs

IOC Report
http://www.5movierulz.mom