hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

max time kernel
45s
max time network
46s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
23/03/2025, 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
139	336	msedge.exe

Executes dropped EXE 2 IoCs

pid	Process
116	TaskILL.exe
5508	TaskILL.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
137	raw.githubusercontent.com
138	raw.githubusercontent.com
139	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133871619809480694"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-869607583-2483572573-2297019986-1000\{C1AB2E73-C7DF-4004-BAF9-7F9AE5452994}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe
116	TaskILL.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	116	TaskILL.exe
Token: SeDebugPrivilege	5508	TaskILL.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 4600	2892	msedge.exe	86
PID 2892 wrote to memory of 4600	2892	msedge.exe	86
PID 2892 wrote to memory of 336	2892	msedge.exe	87
PID 2892 wrote to memory of 336	2892	msedge.exe	87
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4048	2892	msedge.exe	88
PID 2892 wrote to memory of 4984	2892	msedge.exe	89
PID 2892 wrote to memory of 4984	2892	msedge.exe	89
PID 2892 wrote to memory of 4984	2892	msedge.exe	89
PID 2892 wrote to memory of 4984	2892	msedge.exe	89
PID 2892 wrote to memory of 4984	2892	msedge.exe	89
PID 2892 wrote to memory of 4984	2892	msedge.exe	89
PID 2892 wrote to memory of 4984	2892	msedge.exe	89
PID 2892 wrote to memory of 4984	2892	msedge.exe	89
PID 2892 wrote to memory of 4984	2892	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x250,0x7ff84726f208,0x7ff84726f214,0x7ff84726f220
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1932,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2176,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2584,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3496,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3512,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4256,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=4268 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4316,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:2
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5184,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5368,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5552,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5544,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5304,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5304,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5440,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6340,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6532,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=6524 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6552,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6560,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=6412 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6820,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=6832 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6404,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6564,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=6700 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4412,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=4484 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=4448,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5160,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=7120 /prefetch:8
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7024,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=7016 /prefetch:8
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7132,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=6848 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6716,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5496,i,2113565629458246116,2073064651408067741,262144 --variations-seed-version --mojo-platform-channel-handle=7068 /prefetch:8
  2⤵
  PID:6040

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2452

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1004

C:\Users\Admin\Downloads\TaskILL.exe
"C:\Users\Admin\Downloads\TaskILL.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:116

C:\Users\Admin\Downloads\TaskILL.exe
"C:\Users\Admin\Downloads\TaskILL.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4facd0ff10154cde70c99baa7df81001

SHA1
65267ea75bcb63edd2905e288d7b96b543708205

SHA256
a13534df0cd0a79a3a1b91085a6d575b47d5a9aad7fc6d712fd2616c0e95a23b

SHA512
ad8d2b965851c0ddc23e92ae151b3b0b2bcda850c446f4278bdb0754d6b42ead8fc034b394749578a27b33ad7e4ab0633f974dfd4773fbe4d93ae477f00b73f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
049e5a246ed025dee243db0ba8e2984c

SHA1
15ec2d2b28dcfc17c1cfb5d0c13482d0706f942d

SHA256
33071ca42c472861a2fabd0f82f8b03ef0daaa6796b24b83f3df02587e4c3d12

SHA512
bc5f6fa6a8cae20ab40eae4552650d75f38ebb158c95288a79d9f332623bb507946513c39d19c00a5aee323df01f0f1a51c54594ef1c293289baf45f4ae2145b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
737ad6b1309a8f0d6d4b1c27d6ec0b43

SHA1
a5c0be46c6a196b5f0ff53b3b3b05680ce6fe9b0

SHA256
d34c087742558cdedb4c6f887fc07b5981a186344b3d8f86b3242ee052b40841

SHA512
f4da20ded8cb1fe0376a08e4ee23f679fd07c1a247dc3d48e76064a33b21d7937d0c1d060d4dbcd41eb43a6b4b08ba6d27013cf55798fe9a0962ef2c271f79fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe580981.TMP

Filesize
3KB

MD5
d605234bc7c8140770324e514d6b35f4

SHA1
095806a60acda0f03077f5bf5092474dce8fff72

SHA256
d2f647919b218d0c690d2a80c3dc4bfc6b92d632efbeaed6b0566c663810d064

SHA512
de83daebeccca2a41d345f8fbe3df0cb05bc2528df35445bb4dc1ddab5adc7642efc36547b176303951f977a35131189533af2a8cb5ee5e7fb94980ef2b50431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\_locales\en_US\messages.json

Filesize
1KB

MD5
578215fbb8c12cb7e6cd73fbd16ec994

SHA1
9471d71fa6d82ce1863b74e24237ad4fd9477187

SHA256
102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1

SHA512
e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\manifest.json

Filesize
2KB

MD5
1048f1f4d861f5c812e5bc268eb68a06

SHA1
4c9495a3202f63fd0878086f27310db6d3bf5be9

SHA256
8b3b5b96a5d6d7c613052b4a751c6632f5f91cb0a912c96e515978999b6f43f5

SHA512
158ca9fc4e59568c8d04b8f6ad16fd8216ee10d8869ce1e2dec844e52d3d3b19bd98433665fa003552e8896a2691531141ee11fef212d8d66283d7002ece8c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\verified_contents.json

Filesize
1KB

MD5
738e757b92939b24cdbbd0efc2601315

SHA1
77058cbafa625aafbea867052136c11ad3332143

SHA256
d23b2ba94ba22bbb681e6362ae5870acd8a3280fa9e7241b86a9e12982968947

SHA512
dca3e12dd5a9f1802db6d11b009fce2b787e79b9f730094367c9f26d1d87af1ea072ff5b10888648fb1231dd83475cf45594bb0c9915b655ee363a3127a5ffc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\manifest.json

Filesize
962B

MD5
e805e9e69fd6ecdca65136957b1fb3be

SHA1
2356f60884130c86a45d4b232a26062c7830e622

SHA256
5694c91f7d165c6f25daf0825c18b373b0a81ea122c89da60438cd487455fd6a

SHA512
049662ef470d2b9e030a06006894041ae6f787449e4ab1fbf4959adcb88c6bb87a957490212697815bb3627763c01b7b243cf4e3c4620173a95795884d998a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
d1abd0e972a53a54ad3d41095a3deba6

SHA1
cc097a7c1dcd3694354a0150a6b29020290d3184

SHA256
6d3708ab24e526a46557916a9c95dd5adb5958e911aa712b639560c17a3db195

SHA512
5874d180d5ac1754d6a72e548d293ecd9a0d8f6eb8b12b3008ab36aecc2331acfde3a3d1c1dacd714e9140058fed4d5015c825a65d2966861751cd3fe8af12dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
d5b1a32c0de55af457dcd6049d94c098

SHA1
2d7c8be68735ef2da3af0df5ecda87050f51230f

SHA256
928d23e8cccd632fec3ae57d8df8d81c2b606c9e2120efc72ce4f588b7d05249

SHA512
9108dc40fe4896c0af592c4399abef8e0b6bdf0da5fce0890092a973252f6b5d26271f3429d2529e18d10577afb010e8e00f2f2cd5d03b485b474d6a5b82dc0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
205fafb31dd715a87c8850fa1e039528

SHA1
47717cdb994740c5c22520953d669d1fab55c4d6

SHA256
bfaa87e38b3609be8be53443d1b196dc85557ddf462ce918723fe528696d3ca3

SHA512
b2f5abe2974887b87feb8208c5e413d358d32f8d6f3c619ebe9ea2ee77c086d545883ec41aaaa2b96afa058a4655bb9be03146c77eae5e480fb2e187b814575d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
566ab3e75b5b51f736df1cf3e82980c4

SHA1
43eb7bdf51a625b449ce7eae744bb42031871b09

SHA256
5831a7644ea8370b6e05cd1fc6c6250f6969499526c237d1d56a65262206765b

SHA512
fc623d39a8cd29a9f935842a4471d52e1ecf3250d0d6c075ab270bb8f6c7a83ff7b49eb688c6df85e369b04e2bf58774536f1bbb00c9ab8edeb8d51de2ec5dca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
c7bed8a1b541a6af5aa5e6c4e94b9f0f

SHA1
1f11f0ae5fe00b5ffd47e9cc8be65c371a0a9a8c

SHA256
8b0b7f6b307194758c485ff3089940e7635b7f6cc4b8048fd8c0d42bddd7f07d

SHA512
5a698692a8589177b94febcfaafef7b60fd2c99ea48fb7e940a2ec4c1e5d2300f0c7869424942656750dff37e35406e2fd917db782f5a098117dbcb2b309c7ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
a076981b4a870bb1dc78dfb0a20c53aa

SHA1
c609bcac5c6c9da6ca1b53581ad9be10b82d9fbc

SHA256
2c2ca13a82153507c83e39ea736728c862aa4a8d4cc21a3a39c6e689308404cc

SHA512
d59314e531c98504ce6ca2d5424bd57ec237067fd98e19f3926d99ce7b4df76968e8293cd9a5a3ad917f0e1c0b4e8dec99a254f6833237fa3acbc713959aa1e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
5c7c2976af92c2314412c38894429bd0

SHA1
8a1b91f3f99a0d356e8fe43c82973d5a61a74b9f

SHA256
61ad5d601cf6d0264bc7b254961555de8c339ee88194c2ead7b5effcbce7e23e

SHA512
a13eeb0d0dae4de0cae10424152832169fb2c4d6d5df435497f73ae16cd018a9882c3ef20a87caedd81d9c80b6d94db7bdf41fc1be38bb3fd135f1babacd8901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
08d04c450d7fd4c12682b036d6336f02

SHA1
47a80c19f04b1a431084efe69f25d95507d67fa5

SHA256
d2d3efe47976b6cd054cdd3764e249e038d150b5e725a4ac798e0d8c69afcbe7

SHA512
d5b7cf8adcbfdb9736ad15edfa5ee40740f727d15ee5f10b5ddc39f2337163fdac7e331c56ca441852ae35399eba3153dc6962c5b1ed995ef9b586e202e46efc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
a4146548d8e15e1340cae4e41cb44d01

SHA1
8d964f09d2ae301f4a0aec1835e2e71e3e1a360d

SHA256
a1c9e6a6eedab7c01d08140996bbf3565a657087a07533ba0eb6a753fbc06a07

SHA512
12c6c5e8562169246e21b92458f00393b5889c67fed9bd177cf8a0e2e4cf3653fc327cdc9123518ffe55364257d90583e471c2f10b46636a23aa3e8fe8874bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57ef80.TMP

Filesize
392B

MD5
c10c483ecc345abd77cf86c7aa7c2432

SHA1
8c6a591b2562f335f69699c83eb91fb45ff09afc

SHA256
3bdf9189211d0d68c56599f3f7312605a2676ec4ed4aa4a70c700e08e8bdeca7

SHA512
0bda726f9370276165da3d61f53a32940f4e1fef174a9d9286f688ecb3d41e1e54e0e1463ab9127c12d8687a1fc0fde71637f64bf6c41d9e3709b30e00580687

Download Submit
C:\Users\Admin\AppData\Local\Temp\069e6b8e-7bb2-41cf-a502-7653c29a909a.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Temp\bf2a7188-1c63-438b-bd55-669c88b96737.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\e0f6fbd6-99ca-40fb-99ba-7b72e7694e5e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2892_1017496345\CRX_INSTALL\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2892_1843367925\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2892_1843367925\CRX_INSTALL\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\Downloads\TaskILL.exe

Filesize
31KB

MD5
c261c6e3332d0d515c910bbf3b93aab3

SHA1
ff730b6b2726240df4b2f0db96c424c464c65c17

SHA256
4663715548c70eec7e9cbf272171493d47a75d2652e38cca870412ea9e749fe9

SHA512
a93bd7b1d809493917e0999d4030cb53ab7789c65f6b87e1bbac27bd8b3ad2aeb92dec0a69369c04541f5572a78f04d8dfba900624cf5bd82d7558f24d0a8e26

Download Submit
memory/116-1227-0x0000000000C50000-0x0000000000C5E000-memory.dmp

Filesize
56KB

Download