c7a53cef7508f2abb86996be29a075c2ea63bf09b1bb08e1b1b7a592cf074e60

max time kernel
182s
max time network
188s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
10-04-2024 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

18KB
MD5

975aed651740cac29bc0fa6e3992d3cc
SHA1

42033f32c97b6be4e446c0a77690745eafc28112
SHA256

c7a53cef7508f2abb86996be29a075c2ea63bf09b1bb08e1b1b7a592cf074e60
SHA512

53a57fbf3952c5f0e08781879747d059d27a81f58c3f1a9f38c8763ba7aa8d31849e9797092c7624311b626e9aedd4937956bdefc54350ade3d480b04d1eb87d
SSDEEP

384:rTqN2DpmReVoOs41N9ylKeGM+U8HhhbG167uS2LjFrSE3+dVJCBXQL:rTqYBVoOs41ryI1M0Bhb68CFrSEMJQQL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3594324687-1993884830-4019639329-1000\{416D1D16-0AF9-4102-9639-FF0FBE684823}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
572	msedge.exe
572	msedge.exe
3284	msedge.exe
3284	msedge.exe
1384	identity_helper.exe
1384	identity_helper.exe
4028	msedge.exe
4028	msedge.exe
3816	msedge.exe
3816	msedge.exe
1184	msedge.exe
1184	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4880	DesktopBoom.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3284 wrote to memory of 3120	3284	msedge.exe	76
PID 3284 wrote to memory of 3120	3284	msedge.exe	76
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 2180	3284	msedge.exe	77
PID 3284 wrote to memory of 572	3284	msedge.exe	78
PID 3284 wrote to memory of 572	3284	msedge.exe	78
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79
PID 3284 wrote to memory of 980	3284	msedge.exe	79

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff19623cb8,0x7fff19623cc8,0x7fff19623cd8
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3988 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,14592614974296938018,1972390709329701119,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1340 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3168

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E0
1⤵
PID:2160

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1440

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\DesktopBoom.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\DesktopBoom.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:4880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c65e704fc47bc3d9d2c45a244bb74d76

SHA1
3e7917feebea866e0909e089e0b976b4a0947a6e

SHA256
2e5d6a5eeb72575f974d5fa3cdff7ad4d87a361399ffdd4b03f93cdbdec3a110

SHA512
36c3be0e5fbc23c5c0ad2e14cfb1cf7913bea9a5aeb83f9f6fcf5dbc52a94d8ccb370cef723b0cda82b5fba1941b6a9ff57f77ff0076a2c5cf4250711e3dd909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c3ea95e17becd26086dd59ba83b8e84

SHA1
7943b2a84dcf26240afc77459ffaaf269bfef29f

SHA256
a241c88bb86182b5998d9818e6e054d29b201b53f4f1a6b9b2ee8ba22dd238dc

SHA512
64c905e923298528783dc64450c96390dc5edbda51f553c04d88ee944b0c660b05392dc0c823d7fb47f604b04061390b285f982dfcc767c8168ccb00d7e94e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
359ba5e837d38c5f50d1c605de7f2317

SHA1
32142211a771c7de1f4516174689e40b7e50f38c

SHA256
8217d9dae0f2435443643466175302de7f9907372261481e336b491eab58f73d

SHA512
5228aed743448afd1829cd3d7ef1169343df7f9973c65e42bef7c4d11196864b39441cca512e62cfae275ac1e3ae27423e5c600d2fce16e0a38f3a2b3a5518fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
935B

MD5
ca1f7ff09ae84243ba82951da649d2ae

SHA1
918ccefe993e18187680e227980c973c8349ca0f

SHA256
d551faaec52784367868033439e46381b39daa1047963d3069ed78b6f19ad354

SHA512
53c5c9a9427bab1db2eeb9be181ee52bb9d397d924632af3caafa8555fdbe969331bdf236d786fe7a054e030375fb76bca50f0b11a4358ceb90be3038249975f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
935B

MD5
874646e071b6887d6a1a53a09f36c13f

SHA1
d6586f03195f44401b8ae937d74c8e319a41fdb6

SHA256
a48ab903684eee44a3455f49837f98f355f28e71fbe8857e5e15ec850b6c76f3

SHA512
eca5260d7822dde2f5802074216ec992eb65ce84e4770c00a1d41e167becad910f8f578c2643ef91fe70144ebbf84b2d871f2e50e13868199e30b0380e9c2c18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a3291884f46a32b7413c4f22c34c42c8

SHA1
a88060162a3270c9a6d977c12c8e12972e71cb78

SHA256
7b838817d6afbd0f64605af745cf6aa93c1ec53ff07fe61c6ef4d38f0094605b

SHA512
3597db138b9ce07f44a70bcd5a4db3ba4aa695943a44edd2dacaa021e8303e8bd56c26bd1dc2b35de0f4585b5f61d32070bcfd08cf8a4f2a17285732232de7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05c48fec960e60b100f663855e628313

SHA1
a2795b3a394e1223773c84d207cbeae146ca68b5

SHA256
128d1ea80b209040c635dedb7c424ea604e0063c90bdcb78aab886851eaeec22

SHA512
5065ab082adce3728eafac150d1a74ed75e47448d7fb6c03498d9cd60c0580e88caa2f9b78729c8152bc3fd24f1881857d31c14c97a0e0c5e3820fd97a5b9742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
88ed8c14e92187638640a54bd410efa3

SHA1
8efa66793b30d1cc5cc6b2fab26e2ccacd6d6793

SHA256
befbd37bbfa2b74e50f9208492df599087acea66aa2bd3dd02c3c74ac2d60f6d

SHA512
f528299788a70f376f4eaf1ce6bae4544f904c8fa53d6dd17e9a41562bf5f5d900057651821b71dede659e6699c236068150460fbe7e56fc653ef4ea30a0de32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3bc1428a1ea179d0f1beac933aee966

SHA1
31628d347afc80b066787121db1f7938ca3e9052

SHA256
2eca16bc5b5421c7caba3f25683612654cd768d1de0db1bf5f3a7c7c7fa62842

SHA512
687f692cb573ca51fb543b96088b4bd9713abdc83cd948ced2f4b92fde67612842d68e7dff6d983888f0be961c03c58c529c0b9073f23c3813c4959050d2aa95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1dc58a3f9720a6b79ed5bdb4a3ebdff0

SHA1
a93a7c14238d910886ff41b66ec265f83bfb2592

SHA256
d3f6db2bca72fdc9b2b30ac708775995cc1d337e255dcd217e9ebccdbeaec956

SHA512
1e3bf34737013c06fa7826397a8d5186a3ddc776b33f83dbdcb2a66dc5fb2a0cc679ee4b5e5038b848fa92f8282fd2549918d5c3ae1df08e67e03cc60aeb6f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
80be6aeb4d92f232955f04001c24c074

SHA1
e4e8c2a4744dbef3c5c6dd994c6e31c52d828119

SHA256
2f929df02fefd63cf20334866442c65ff8fbe11e557598500f63729a1634dcf9

SHA512
9ba7bcb85ec8bf3a4f5ce2ec470eb598f41a7c1c30f6d5b22775225a25a4a95f5044f14a58ff2a40977f48ee4af8c291c8a50fde771af9b90c1051039dd6651d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f81b.TMP

Filesize
536B

MD5
6c5ef1cf7508a3d2368b352ceade223a

SHA1
28af65c4aad648078a282a709492171c42c52e3a

SHA256
81af76e645a230989879406f534e17102a69302b4d1aea58dcfb1627db5d6a75

SHA512
bacd47de6b9628dd874dd524acba1161c7c6bbd78c2317abd6ce51b574d73d7fc99275859a66f5f5b11915f3b41c6e7c49754f65a038cfb3ba048765d7104322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ee872179b79756f13f1ea0aeffe1c5a2

SHA1
4ae3d29061028db356afc2133637c16f1984a4b3

SHA256
ae8287c0cbf77ebf2ceb6df62c3b5cdb718d04cf3abfcf74b887276f992d2461

SHA512
71b9b8ceea6ee12e3070daa292075bbba3b81022241ffb5aa35f26bed8df6ed5b50549744428eb53baebb009b75601071dd21e7f077ab784e5255b427869e7d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4d53f2c19c9204eb55b92bc8aff5ae28

SHA1
3ec4b066b45cddd0b0424bab92f169b0d38135b3

SHA256
138eaed9e4a534322223f4c60f14fa57aa3e40335f39f4809b301e2f76bd1216

SHA512
c905490b377d61a94308cd395b3a6665be60140be79b829acaadfb37b7bce026f023e9487c1729b787a038098c98394a311f03c1702d6dfd4a0e7bc086d5b57c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
007469823b37896b44eb001c8466e14a

SHA1
38b46f3bfe126b845b29dce651fd4bc71dcb88e3

SHA256
f93f610bc12139b544ea2026f064112fed114869863e2d2b782a5f4b550074e0

SHA512
7109a582650fb6c8a4626141ad4891bbc5403055e6f08b0d97c5230abc11a10753773b50de25ebe141a9c857c41bcf0ed03a46ad649b504cb8d9f73b2171c57e

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit