2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e

Resubmissions

22/02/2024, 07:15

240222-h3ez8see83 5

22/02/2024, 07:11

240222-h1cr4aee64 5

22/02/2024, 07:08

240222-hynftadh8z 5

22/02/2024, 07:08

240222-hyb3sadh8v 5

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 07:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoClicker-3.0.exe
Size

844KB
MD5

7ecfc8cd7455dd9998f7dad88f2a8a9d
SHA1

1751d9389adb1e7187afa4938a3559e58739dce6
SHA256

2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e
SHA512

cb05e82b17c0f7444d1259b661f0c1e6603d8a959da7475f35078a851d528c630366916c17a37db1a2490af66e5346309177c9e31921d09e7e795492868e678d
SSDEEP

12288:GaWzgMg7v3qnCiWErQohh0F49CJ8lnybQg9BFg9UmTRHlM:BaHMv6CGrjBnybQg+mmhG

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1712835645-2080934712-2142796781-1000\{E3BFF7F8-217C-42A1-AD64-6353CD2BD660}	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1696	chrome.exe
1696	chrome.exe
3996	msedge.exe
3996	msedge.exe
696	msedge.exe
696	msedge.exe
4416	identity_helper.exe
4416	identity_helper.exe
1400	msedge.exe
1400	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
228	AutoClicker-3.0.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 4676	1696	chrome.exe	94
PID 1696 wrote to memory of 4676	1696	chrome.exe	94
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 3208	1696	chrome.exe	97
PID 1696 wrote to memory of 1840	1696	chrome.exe	96
PID 1696 wrote to memory of 1840	1696	chrome.exe	96
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100
PID 1696 wrote to memory of 1556	1696	chrome.exe	100

C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.0.exe
"C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.0.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8efe79758,0x7ff8efe79768,0x7ff8efe79778
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1892,i,8978951684586878313,2700477473275283652,131072 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1892,i,8978951684586878313,2700477473275283652,131072 /prefetch:2
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1892,i,8978951684586878313,2700477473275283652,131072 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1892,i,8978951684586878313,2700477473275283652,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1892,i,8978951684586878313,2700477473275283652,131072 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4628 --field-trial-handle=1892,i,8978951684586878313,2700477473275283652,131072 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1892,i,8978951684586878313,2700477473275283652,131072 /prefetch:8
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5240 --field-trial-handle=1892,i,8978951684586878313,2700477473275283652,131072 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1892,i,8978951684586878313,2700477473275283652,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3772 --field-trial-handle=1892,i,8978951684586878313,2700477473275283652,131072 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5340 --field-trial-handle=1892,i,8978951684586878313,2700477473275283652,131072 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3380 --field-trial-handle=1892,i,8978951684586878313,2700477473275283652,131072 /prefetch:1
  2⤵
  PID:1532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8f05646f8,0x7ff8f0564708,0x7ff8f0564718
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,8006881399401929323,2609425638911062657,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,8006881399401929323,2609425638911062657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,8006881399401929323,2609425638911062657,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,8006881399401929323,2609425638911062657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,8006881399401929323,2609425638911062657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,8006881399401929323,2609425638911062657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,8006881399401929323,2609425638911062657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,8006881399401929323,2609425638911062657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,8006881399401929323,2609425638911062657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,8006881399401929323,2609425638911062657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,8006881399401929323,2609425638911062657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2204,8006881399401929323,2609425638911062657,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2204,8006881399401929323,2609425638911062657,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,8006881399401929323,2609425638911062657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:3040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
cead221b701c09cd37c1da0d1f5de659

SHA1
286f63967963f029085c924d052e6268d6287ead

SHA256
f178c11fe0bd5c748400323fd029d24631ad19fc48473da0e3a617d20df10740

SHA512
24ea9de69173d01d727086c8c152352ec7f46af876da64b50cfd606b8c0976600890210b3535ddc2ac0e7531af1f7bd2a5c8331cc2a02868e032b4bfd51775cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
69d4aee00cc897484dd25b3e81c529c5

SHA1
7ea10dab74321806d0068880ae00f154112aef27

SHA256
2a71a41104b68d4e0085128aa6543c6837c07f9784b0d27816c578914405f194

SHA512
b6a931b538620177a0f2922d5902d0dcb05f6426941a187e4243efb576c8894522c336d50b07740543e13f1babade8e28ed431ee2886b5226432cbe68034d762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1f9a1553f1782fb8b904c9c282a2676e

SHA1
7a76e1907661ac4a7201bccc17149445c533c7a4

SHA256
1ced555a3f180e2522f0456fb4a8dd31fae9cbc880850292827a987821f4936d

SHA512
48a72be2469d42687483c80cd87b8c49500242c986f7e6a0ddb4e0927ced16c83efa04d270b36afd75f3aa8aa27bf523a41b0313082c0a3c1d697cf8a3bf63a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4222b7b5e9e1648927c57e6989dcb279

SHA1
b598591c9da4cb9dfcae0c201aed42d70182cfe5

SHA256
f64114aa9c32589b21ee019b2c0718cd9721a4adb89edcaeefbf4d80ef95e02b

SHA512
98db990fa294a7c7877b8d721d43ac23d7f668d809fdf3230e3d0ff907078af3dedead36f826f7afeca4f022a652b368b03bc0c4ebf4ec3d15f23ad6f40681d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c9916a3ca69df5c5a59c4e2799004d1c

SHA1
6565e836242974a1c043a3a7cb74bb7dd25d0012

SHA256
4640ae194d801244c4e2c94664aa259d40ef8f20e8353d9d42977bee02222a53

SHA512
1d7ef5be0d035ba499ffb0851d602698e772e5c6cb5ee4b15fa5494017fc8d656a8c535352096d9a4d96d76c4ade99a25e07647bd2c49166ad45c5762fade70c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
220c74e3a886ade8e049380e8e515bed

SHA1
1c7f4112cfdd7f18ae3b718f8bc1885e79692fa5

SHA256
9757a739a06045681376c3122cdaf54f45729414a26077ff72bc8d264a2145dc

SHA512
27d1a2d215eee33baf46243d68c4fa080ee843b09fd6c1fdc201072a5f2e1a4993eb5cb7418bace78d6f1919c7d7a391e2c4b4b680a7a8accfef19c0f2972a5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
05da16c1cf2ba92ee4f20938c2a52efd

SHA1
238d89681b1f439383dd477e94433f84ea6ad79e

SHA256
1dccdf787a603dcdd7e0116b70a7c32aad0e1a87120d6be6c9f2e38b051a0405

SHA512
10782cef1991a2ead86a76cb462bf70e3809cb74a829dcef1485d14fe6882e2cf85043f4968afb3e3dceac8f3674c38e8f314f45007110faf0f29e6014c42f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d0465dc92b16b26846c3ec2a3362644e

SHA1
3f8b0ac1346e1f50913e0e8e96d5abc6aeec7b09

SHA256
6c4e2c65b8f2215ef574ffc2987f82f3f83293ca598ca1e655180eaaa74a32f1

SHA512
c12d3367b8de547dfc7ab710f8c8a39abfad4af9b7903f980e4c4a72756d8b68ca15c763fc8d4dd9a29421cc1951c99f0fcc9e7637346ee086abc80565685754

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8bdcb71ba23f7a171fa48f3b3aca2bc1

SHA1
598665873aed2b9a16368afce7b26ac6afc40054

SHA256
60a8c90bd4a66a75498cc72ec5d0cba3295c34e944d29cb089fce31b582fb4bc

SHA512
95544952897264c5c1c09ecde4ef073cf7ce78e64aa85bc7791e63c576391bc02616f49090de8867e97b333cddba5e13b469990939ef1df4b3612bd22861d358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
36e3ac147bc33e00e7acfb677a66c55e

SHA1
b47a4b6ce665e7292e190fc17c0d383a3528861f

SHA256
5c7e2e9b4d19ea920274c3573338e9cee7dfe1aebbbb81f3e6b069fec38b1724

SHA512
6b06ce4d9e066003d91296a0c76b5822084236f36617a06a18474b90670801e6ad7bdeaf6b0cf86c24f534868051f71a962d233865ddd5ef7a5ff7fedda0e724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
40feea33dbc7e5bcc1aab4f1b885df7a

SHA1
1ae8ad6b7cd8d79657fb0eac417d02306461c757

SHA256
03720a88e151123f2bf78898df6e0223b23165a3ebad6c2566eda78b243997cd

SHA512
63049ce9b50361edbf1109b1a7a8a4ffa30182ec5fbbe11e7a7e28f21fb356f9d32ddb0b8f61e4678d011a7f44aef06b65fd5932a76266e11cea3f6c446ee23a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dbdc3f5347572a5b8179f9f39b05498c

SHA1
00782e2cab1497198a1349b7ed015fef507618c3

SHA256
515c65e10ea88aad2148d2bf846eddf402d56b633dd43c27a920923b41de6bbf

SHA512
c671f3da9a3edc8e1cf43499015eed495bb070f0588bc2b56dfb55926327a5be1b4e1bf26ded4216c0d2dd7ece32c8c415b780ec18680208562ab300cd043f4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
11af86836bf26638e8be814e167a9a7d

SHA1
ab5029d51ea29550afafdb5f6d0cc565deb43c8b

SHA256
1c12aa2f21e2ecc1e30a984bcf732278ba63375b43665b7fc6a5a31acecbdbfd

SHA512
7c5cc83c9d08529d31c174c44aa4df7b19433036bde0913f454fb212a9288f4c3d6198db917739051f5c297c62afbeee4df2e0d91d14808456e4c8c902bd89d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
c66938be83b16e73e033d717357eb1cd

SHA1
09268c35779e9ca4a08d30e8a82a6066d36a4efd

SHA256
75b60860a97dad49619365072c2808fbc060884578b9add5397abedfad939c94

SHA512
e822a7c72322e7b788546725fe84cb1eafcab812c27eec3306364b0ec424d530f373d8b98ff7dedb13318e71f385c95fd5bf437426cc53b3d3ccae490ebcd05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
21baeb4b4e44179aa4283478694591df

SHA1
b51c1c584dbe3677469ee30e6bd58f10e5eb52ec

SHA256
e30258cdbdb2a7f81148027547fc3f7597cb5e7a8cb97f6ad349b58c0fd9047b

SHA512
6202defae2bcbcdaab5c7b2b919f71b1c024947ceaa37cfef3cdf1594d3a4f4e37d3d5ab3777cbbc8aee22d3f252d9171b13ceed9126412d4c57ba086e48f65c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9e3e150cfe464e9ebf0a6db1aa5e7a2

SHA1
3cb184e2781c07ac000661bf82e3857a83601813

SHA256
2325a6292907263d1fb089a09f22fbcc6bad56f4961d427efdef1abaef097bcc

SHA512
f5eb1e76eb9441cf5000d8d4db9296077b61714ead5012779c084b37f4bba07614055738f5dce69b13b25975d9b7c03eab049b7685eee09b23fd8d4a7d71a039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e189354a800c436e6cec7c07e6c0feea

SHA1
5c84fbda33c9276736ff3cb01d30ff34b032f781

SHA256
826adca1e688de79a3ec5b91c75990927fb2a33ae717f474608c68336053f427

SHA512
ceb069a5e83a634503e253846fa17b8bf7aaa539c3353ce61251633d69068e24c5eadd1b496f43058790d2b513e65d2c0b0213730813d0b58bb82a00596e05e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
10a75fc12af6a07f26ff5aa2a6644bd1

SHA1
59c4d28da48b62cbf696e3932fc77fa2898f7115

SHA256
d0772387d06825cbbe1d88015c992e03f7e722ce7db68c9cf7ce6432e8047622

SHA512
8306c94bcb8ca87fa371181c8a145271b13854de6700577754052e87385bf0ad7ce6a81f74324c501658475e8b12517ad0213720849c4d44a53eaf1a6f920b38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a032738e3a1e4ad0b4d00ef2df0fa81

SHA1
3db1e9b5c0e4b404f12617bb08ca1cc505ac4426

SHA256
8bdb241f39f7948a9b4a91809ac44c780a8c9995bb6a58b60c686f6cf0d4534e

SHA512
9d1d767efdf408f442fc3fe617bf3f13646da6dbf6d174e999ee90953bf6cd14d40cd8d0ad7bd73088ab48685539f74b7a8b61c373f5a6c363e2d8117d748956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bc07781e0007c564b5011970e2a00f2c

SHA1
7ea5b73751866afeb2b745a50d5d1ac6bc120bc2

SHA256
551a5da7816308444b9aee1ee5c3cfc95ba2a456d6efdf63bd68ba1cf243e3ab

SHA512
974907a438d2b8c5f0ccf524fa9040f32a261061101b37fa8fd302c1ea8991b3386cacf4846787f7e482316e061a1e2141aba808262fad209fb53081075e1be4

Download Submit