2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e

Resubmissions

20/02/2024, 00:47

240220-a5brlagh26 5

20/02/2024, 00:43

240220-a3d4yagg77 5

Analysis

max time kernel
121s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 00:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoClicker-3.0 (1).exe
Size

844KB
MD5

7ecfc8cd7455dd9998f7dad88f2a8a9d
SHA1

1751d9389adb1e7187afa4938a3559e58739dce6
SHA256

2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e
SHA512

cb05e82b17c0f7444d1259b661f0c1e6603d8a959da7475f35078a851d528c630366916c17a37db1a2490af66e5346309177c9e31921d09e7e795492868e678d
SSDEEP

12288:GaWzgMg7v3qnCiWErQohh0F49CJ8lnybQg9BFg9UmTRHlM:BaHMv6CGrjBnybQg+mmhG

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3073191680-435865314-2862784915-1000\{66C108A0-F050-4829-9950-326486C03A9F}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
3792	msedge.exe
3792	msedge.exe
4912	msedge.exe
4912	msedge.exe
4408	identity_helper.exe
4408	identity_helper.exe
6032	msedge.exe
6032	msedge.exe
5928	msedge.exe
5928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	5320	7zFM.exe
Token: 35	5320	7zFM.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 4124	4912	msedge.exe	87
PID 4912 wrote to memory of 4124	4912	msedge.exe	87
PID 4236 wrote to memory of 1800	4236	msedge.exe	89
PID 4236 wrote to memory of 1800	4236	msedge.exe	89
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4912 wrote to memory of 1444	4912	msedge.exe	90
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91
PID 4236 wrote to memory of 4004	4236	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.0 (1).exe
"C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.0 (1).exe"
1⤵
PID:3436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbf75246f8,0x7ffbf7524708,0x7ffbf7524718
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6704 /prefetch:8
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6716 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,979503259243233436,9801416621494455612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:6020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf75246f8,0x7ffbf7524708,0x7ffbf7524718
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,15477771977740207671,6487316826894190389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,15477771977740207671,6487316826894190389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2368

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5180

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Aurora V2 [by GodsExploits].zip\Aurora V3.2.1.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
67KB

MD5
b4f5a12f4abc77d9aeac39d27609f939

SHA1
6021ff43027cd4bae7eb3d38a727884137483db4

SHA256
662ce2a8b66ea997b06dbd19ff19c04917eee288c50aa9d0d7b9be3394b419d7

SHA512
ea99fee0b6469663866fdc92f8cd28a1a9fac0e91cbca2dabec09291a95bdf012e53873e77602b1dbf24a16541178cee103ec1a975743d249fbb093ee82d352c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e58af6504c52f3e2ea1427cc8b345311

SHA1
28bdfb75065354b5338500f3dc7295930167739f

SHA256
1afb9a42050b380117d6ba3975b4f8aed234c2fc3757d11ad286afe9e89f6350

SHA512
e587772458f62bfbd110747e1404d52f14619e767fedd48f013a8d5dcae29cd7088d5f2b26dbf94d0edfe8d7b7232ae9e0f91e7b53978c9a1f92e36eada66d68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
a08a47964b1bfeee14a6bebe5cd6f2ef

SHA1
b38d9b54b534954ed9f2af8c02089a942d8d8884

SHA256
806db1d5fb29ebc99855af0fffc1e412be1376dcf8ab5d02da67b2165e128940

SHA512
3b0d2f2fe5e47423210d2bde621209d634ebc79d0ada4c45c6e6342cf3b66c67f4db66dc64ed68eeb4d70665a63965a709a30d93ac7ed6842b57c21feaa1db21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
baebf55f9292f28a5944bc00d04868cf

SHA1
b82e4311bacfdbf7cd68c2b426fe6c1dddbc0f56

SHA256
dd7030e32d2162eb5a42f530e9377d5c96b3c1970ae5e9fcf531d30c7d220d44

SHA512
815c43090224c8a9cdf3342c0672c0fac100bf202d2f4816d057e2c7ebedc8ad161efe98ec4f7b11f28bfe401f83604f2c04317987edb9fa0b70aaf2652f7316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bebddfd12f7db4f1d6cf679a2f025ea0

SHA1
423e9ac7cc631c77eda01540cdb343ef2cd5b17b

SHA256
419eb2eb26a9228d63912f8707bb393606258d791c3eddc3805b3bb933bf2947

SHA512
27871e5a890d1e8ef0c9b412bdf80cbaf2bab36eae6c6af71adae2798a3219af634af399081741e628245e45bfbba0d1bfeadf7b66b955ec65a4dc16fb774892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d95cca634180fb355ea0cb931b4d2b36

SHA1
9751b3d9084ba6cd804c039a2067e4f169348cfa

SHA256
000928c022e8edfaa8f9139a5c766be62dc9dd4f709b1e7ee5d5ba4043912dbc

SHA512
9f1273b28f7b1eeec1753676d20bc4f265f691061972de2af40ef401d84bdb14f3e7a7460d9ad0a1994c5a1561645d3bbb621ecbe8ea767214064e182224be56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c3d41c87c0403b674c2766688a1e8b78

SHA1
234f16c3f24395d7d6184f8145d32c8555ab84ef

SHA256
41ed1c6a7e610d291eba599f0886e72c7f4b001d5aaf5c6eeb252322208f0b42

SHA512
54756094e798a3e7c4777c5757248c95d63b3a2abf651a5c946964061f346a770b44035dbbffb3db4ca31f8a70b3fc161f730d3058483215cbb187a68fbef969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4b76f7b1fa228d0f19b11ee48f23ee50

SHA1
e8257aa807ffc8dae6b85abcfa5671e9f91f1123

SHA256
e7573332d15e9587f6955de88de6846e14ffc2983b64d4656db6bb95165da209

SHA512
e4a6dff0b8447919190632315fbbf67d9e73c1b0aa3000f43a89437d438b56d84f0efa81707d89b09d61d5ea15ac26c1c25a12bfe25f098e7b1ac2949bc87376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0cd3252d4db06030dc541363776b6dc0

SHA1
5cea8dfa1ddb4f45970c70485eec944f1c022add

SHA256
8a66b308c76b1c2d3c3c9da943078395fc00a4d6521c02c88520d3be6077fd03

SHA512
030aee7c543255df8a64867e5e200407a2a352bf8e4285369fcdc2c8ddabd4a98f98b4abe163f8a4314ffbc681d7747fb4c56d33aa08b6ec7776684fd60e7b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2e283fb43afcbf08aa276a321fd3ae31

SHA1
2c8332857fe10e9760c32a3b6a76878c2a906e81

SHA256
4ab84648a413ef5c9c3e93baa5ca0c240c2115ff7156a76a5fc17e3704195530

SHA512
02565bf2d38283b0bec87fc198b5ccf5e5df47a09f6216f66c9c638c5bfb464e5bafd8955236b52ffbf5d03f70bb07340bd588bacf9be8d1bcaa1be80d9eb269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6f456bbe567b6d3a58cb36628cae7de8

SHA1
198db1c7fc559a4f51cdb039b62c578ead05a0bc

SHA256
6d138751c8bd8ecb52c1bbfbc9698ffdf9fd9ec4d42291263fc6e614ffeaf17d

SHA512
304578a00e4c7d5b975ff78a8f586d2ad33cad209a3b0ca48dfb80748ac7c98b750abcb64951b40349e52c701878b0da7cbd3f5c796f4bd5902ea48dfc444897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b1565d71656a4c5cdb0a7e55b5738493

SHA1
1cccd493ecc02d752f982e2f41e057ff7283ef52

SHA256
b040f3f80b18a1c896077b621d32e0aa7bc8dd6434a7ae27f7178467e269da0f

SHA512
fc41fc346378a47dd15984a889d143b39fe5eb77b4e10fe0324a6ab3f0f8ffad20d6306af910332bc2ef669061db7bca4ea4f52d3c5ec79a3bb1cc74faca2f2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585a9e.TMP

Filesize
537B

MD5
59c917ffd8fabefec6ce284098d9a408

SHA1
7cffd793adf042ab68b776a7bd1350ecd19445ce

SHA256
8f851e2983632b3782e06bbd0645872be9f0566cf246a6f12a4f775eb93d00c3

SHA512
2995271ebf40cc18ee0697a85ec86282526d5f1f7e0d002196cce57d5af7ecabb980bff59c314e033d1b92a433a778fa0617245cf33c46772edef84d72d407de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac827a8c980a82ff8baef49468c691b7

SHA1
9a03347bc8ac30eb737374f883ebadf3a757f968

SHA256
85a6abdf6f1aa1493357e6baa42dfabb5f901f921fd820046c3cbf796fd80aed

SHA512
735ef819ca50ae805bb4ade27317f8cf2053db6f7eedfd30972d3a90fc0819f27cfc45ed44596daf6c4b07cb0d69776c1f9fa1c4f3866a5cba049a7de7494b2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1b5c0d0aabab1f0dd84db9fdfe67966b

SHA1
35f8e7fe8e7daa21199a952aecb14e3df0229e55

SHA256
8110ba924db5f0610d50ee4e4564e671f71d4c00ea3d75e6cfc5d2630269e0c2

SHA512
77946f9654bbc9d35acd070e32e80630044ef0252c21badbb5b4c994a4cdc772b9d73285e92fb08eec2e5fba40122c36d62b9ceedfa62b7115ea647da8bb9c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
02d694ae98d787ac5a47d0f72f915f53

SHA1
c90c6869982b18d29354b7716dd6bdc43422c18e

SHA256
4585454d59f6f9435de3a7784f639154ad42651d08f9cab8a2aaaaaa9c5d2aba

SHA512
0ecd5c8e77e24864b85e7c989eca7875c4f6ca5835621924a3f9a26c5477b373dc8dfcba5fc050d7eb6d06fb125cfa2f78e06ce804c4abd0453f371d228e7141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
8894c41d17ed7f636590ec4e9ac94bd0

SHA1
7b24bcd17eb352a33bb96b830a099b1a0745f8d7

SHA256
3059d3c92c16a3a8f16b396d709bac13bdbe6f4d146b6d426fd745d8dc4d5068

SHA512
440d608c6ce5e6c5d088744b1102913cf4ff3e7b02e98433184de2b604ef65c91d06cfdf45bc6a780a1fd04300dc628778fe4cfffa55c39dcdb5593048ed80a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d178ba6c18be416fd34b3be24f2df594

SHA1
7249946d58784f68bde9b1c8791aef2f776da902

SHA256
8f097b6712824f4bf1298e14713bf313dc11a1325a0a280d9d053b8e13fefb18

SHA512
b5d601e93c1df741ce8de927980ea9586f767db65a14f34dc3136d481e74059ff0e9835e58537aea458ff69bf637146f085b1d0b62e2de0451e7f411f3e9ad50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
829e7c34c1ebd0a7bcfb46ed69b19bb6

SHA1
b18cec18ffe432a0c067fe8d0834bf69b125a55b

SHA256
e9a814f6043c9c3a3f6a4fffe8c542b7b57b214d3c315ded5f04de2ee85ec2d4

SHA512
cbe71baa39eb0de7a67f535860ddb85d7a9acff6992ec253dd7905a74213c5b01753150c2a047100281edeccd3d19d1fac5097be175c22be9d886dd3febf6ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3eb4d39030d23e64cca0aed47271c4c3

SHA1
6deb28d1cf8094c13ca4b6cc222ea5bd652c5a71

SHA256
d362dfc16eb18bb06f7e2954cc72704406de2dc07faded0ad34d90416312c5f1

SHA512
5582a67fc5a420ed6b4a3956c8b2d427bd433110b0ba0c720bb9b8f4b2774337b4bf553ed7f5804e270695bd8c4fc8f5dfd6f0734f7d201d7b5b0e03c47272b9

Download Submit
C:\Users\Admin\Downloads\Aurora V2 [by GodsExploits].zip

Filesize
6.6MB

MD5
49d9a97ea7590bec0ce9b430a6623aab

SHA1
3c54a1f0872ea839401401f9228a1d8490aad189

SHA256
e6e3baf2e423a68f90f95b20bc9370a5468ec487fe4d19a8774df67f4b1e2641

SHA512
b1e1f2b412293b6b36ac810cb0f61313eec2960fc5030c9b9f6f152144147fc65eb833b78e022bf65919060d8fb577f52595947adacea73432711520b51fd1ca

Download Submit