hxxps://github[.]com/Da2dalus/The-MALWARE-Repo[.]git

Analysis

max time kernel
1155s
max time network
1168s
platform
windows10-2004_x64
resource
win10v2004-20240802-es
resource tags

arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
17/08/2024, 14:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo.git

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
220	msedge.exe
220	msedge.exe
1944	msedge.exe
1944	msedge.exe
2892	identity_helper.exe
2892	identity_helper.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
2652	msedge.exe
2652	msedge.exe
3400	msedge.exe
3400	msedge.exe
4756	msedge.exe
4756	msedge.exe
4748	msedge.exe
4748	msedge.exe
4332	msedge.exe
4332	msedge.exe
5292	msedge.exe
5292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 1764	1944	msedge.exe	84
PID 1944 wrote to memory of 1764	1944	msedge.exe	84
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 3056	1944	msedge.exe	85
PID 1944 wrote to memory of 220	1944	msedge.exe	86
PID 1944 wrote to memory of 220	1944	msedge.exe	86
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87
PID 1944 wrote to memory of 3572	1944	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo.git
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9b4446f8,0x7ffa9b444708,0x7ffa9b444718
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=1732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,17799299798486634265,9279973371083938739,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3848

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\Virus (1).htm
1⤵
PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa9b4446f8,0x7ffa9b444708,0x7ffa9b444718
  2⤵
  PID:208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
37KB

MD5
48f925eefce06701a10bb34743596ef6

SHA1
3271af5587fb44878f2355cb99cc2a5a915706fd

SHA256
85712a77e89fff00123155170da85c01b812e5b68de05a05f59c71fcba597a17

SHA512
76993db32748cf3f3295318b153ab6fd85d18a624f5b75d85d2e8c7b39f5d19003cb10c659173dee6a87aec02ce30f3f3219ca9bfae0996e37db64fd6b446d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
21KB

MD5
7715176f600ed5d40eaa0ca90f7c5cd7

SHA1
00fdb1d5b1421ea03d2d33542a4eaf7ac543d3d0

SHA256
154632629a0698587e95c608e6ed5f232e2ba1a33d7c07fea862a25293a9926e

SHA512
799cfee1969b6137813c98b83b90052c04527b273156f577841b64828c07c4e6a3913a6ddd49ae5021ed54a367ddbc5ab2193226960b0ffe9a618c663c8d8a1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
37KB

MD5
a2ade5db01e80467e87b512193e46838

SHA1
40b35ee60d5d0388a097f53a1d39261e4e94616d

SHA256
154a7cfc19fb8827601d1f8eda3788b74e2018c96779884b13da73f6b1853a15

SHA512
1c728558e68ed5c0a7d19d8f264ad3e3c83b173b3e3cd5f53f5f3b216ed243a16944dbe6b2159cfe40ee4a3813ca95a834f162073a296b72bbdedc15546be8f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
23KB

MD5
bc715e42e60059c3ea36cd32bfb6ebc9

SHA1
b8961b23c29b9769100116ba0da44f13a24a3dd4

SHA256
110ccd760150c6ac29c987ee2b8f7c56772036f6fe74ff2fb56c094849912745

SHA512
5c0edd336a6d892f0163aa183e5482313dd86f9f5b2d624b3c4529692d70720f4823808f10ee7870fd9368b24de752b343570419fd244c33ad2d9cc86007bedc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e7a5af3710b9f4c0983cc47ecdc202a5

SHA1
d3de9fcf1fd7d42f45d2b5823eee38504accb74c

SHA256
e21d5e5be5754f4a08ec4a90b6c664e43b9fd0904f00d491c304ee88da7bb14b

SHA512
56c902c38b444464a69f19a72847ed1a38ea2c6a4a694b68ba3a8d661536d9f8eee9e263795907d1de6ffe6b3bae743375980aa9162318fb87e3b25b85c9df53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0de300f52ef86960ee20a56e01d7e606

SHA1
a06eb15d03767fd0c73c148426ade643a4f30443

SHA256
ecdd6142a916f72f2b700bd8bfadddd9be4fbb27567c911a9ba0f0f32762a3f7

SHA512
89de691b0dfbd9d52660f6233c3de0ceb77a3bd03f5e1416a2f1fd2baff8ea075a23783885fcdbe50f9594a858f45a6fe2bc90cffc05d060ea891b35c781217a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
406d40f57c41b87d19b999ebfe5296fc

SHA1
7d6ce47afbb25a87565cebdaf0a1a2f4af4bfc10

SHA256
0d179bd1f38ad65839441984c85dac651e393eb75c561885911cb8cce8be6974

SHA512
a763d98c4e196a8f81244761848a52ab25cf2b4dcc91ff8a977828a7f3639f05248463828221b575942a4c99dc5b720703339e4cb59e11a301fefa6236e660fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
572B

MD5
f3a587df2b8f70cdda5b6dca4ee0980d

SHA1
b7b45a7334b4404a51a525a3f7f70606d3216ac3

SHA256
ab22bd116c94f807ed21475cfa34658110ce644ce10441174876f7520d7bd994

SHA512
9b51a2074fd359984713e956da756d5b86c9598fc89fea1b55c26c51c5fe7eef5032b24b1d81e1725def6a94d0f219dbf21b03e3f4afb62d44988025f408eb54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a5f99e6e0b86f28e1c036b582c5f4633

SHA1
5aa5a5bebc60cee43fed7d82a75e300021db972a

SHA256
7720942038f60abedeee049199d0a379b50cdbd12fe0508a1ca714ffcc19fd6f

SHA512
321b90a91391cabb40ebfc0b7de020f48aa82986c8d788a691319c941330e99c1c154c5efa2360a2e4a40db23cb5527f992eb455f3b6ae2185a1f521e9ba1a98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1741bd77a72027e5c89161b7f94b86d

SHA1
2ff63155611b57c2ba3fdc3ecd15584066993375

SHA256
e41abe906b1056b65dc2062fe0d58dfa68d1aa0df907402b599560be6c40dd2a

SHA512
3a53ae84b6cc943c8581b0314695719e578822e22333d856fd616e69d74b181b623ebff9308a4ce852145f477e2884014e890c5c8f7b50a26e58d9859b3bc41b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6d16191006978282f063858baf24bb73

SHA1
efa9737eab36b6d2c7cc77face384924ced55109

SHA256
09953eb8fff97cf7331ef53bb480c3199c131c11ceac41d1b7ff5c4818b677c4

SHA512
92e01eb6808fe46e4f6a7e63a08d7e618367f2f7798c1a48875c70b10b3b3f058cc7aa56e1da134c4189a628ac97eecb9235c32be9e9bc9cd82feb1f50cf34ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ce6c73e50b1372397ae4b20f5aed031

SHA1
4bf89a4a7a5d22ac8a4ac39f8743b4f05853cd4f

SHA256
89f4dcb16cfa89950f866a866ad5e2e78bf629f304478d3399d9d02b0823dbfe

SHA512
56b40a48e5e0911903a5a7ad8f48b64ffdbe51bb0970168da138dfc37ae23d48557c55083e560fa2b40004d31f6eb3ae42943cd82101a7137f9b9fc819baa5ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e99d98564dce3ca9982e65138054daca

SHA1
cfec91ccf40a1bc5f5768ea508afff3a1f3aed2e

SHA256
e3210eef481765fc6888b968be2fa1111a74fdf802210f0a9f723ad35955420e

SHA512
570a4d35850a382052ebd06eaf9136e6d584ae119d36917f5b98d47f5d41145fd77d5fb063186a2d50f5db0823286c26eab9670bceca3934e0f27e483e2938d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
ce501521147156e917037527e4e02590

SHA1
94e86e5d92fd95e20fc342fc010f2c458fabedcf

SHA256
d7096b1d96acb5fa2b5bbf7f891e7066379f56a23fa835f0c532a6ac8b1a10db

SHA512
4d53e918ec7b3944c99ba3435138e564ee912778f84eabb8ee5e39ff22af98a2dc1355db8373cf0962ab60266019c2e186ba3babd9ff99c61a4cce369131e116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
8ef732a3c76d904a52e426db312f4519

SHA1
c97f10afa5504709bb7edbad5f6ce77f74d5da01

SHA256
d20a7bc58af039aafdc6464f4e5349b8d9481e20b33614c5dca38d01653893ba

SHA512
fcb9d21c55d85bd2076c5dfc50a0290bab943fd94fc73159f02817783d1e5e3d611e64d4b155bd7c5c6d9e2674abc61076482551f7e2f2899e827e3b1c1e895d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
864B

MD5
2a514742af6f85b37f7e773738dc060b

SHA1
7383393c1fafe95214ec665ea800a7a4c1fcde24

SHA256
b14db671e0c5d81162785ce237ba6783e55bbf2fc932450f16404ff2c6e65329

SHA512
f3ebe271fecb3b457ae8908f5c04176064fce19cc8d3579c9708046aa14521190c13ad577167d3ad5502e74188aaad23491676b517fd3a6b8e4a2f417ab8ca92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
2d193c8116b0dfeaeb5a5365e9ae2354

SHA1
866f64a439a49b12f60e55474d4cc92495409d77

SHA256
768a805f89c897ad618480ad717b13c5913af119e3d9074f4f8d1d4e7abeec23

SHA512
b29b09fdc4ef8bdb2128f8fb7622b2eecfe93585dd205020cb6ccc8806b27d4767366f1a4af65318de616baf393ddf8f1330fa43a991ebfe26ee4826669d6cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
8db4eb88d0561583ced79e6b6716b793

SHA1
8e3a90b29f31500bf1fb495d7fae4a27acb396c2

SHA256
1ba118bce35052586fc4fb79d8fcd18aa1018024bc0c5ae27a471164aa123fe3

SHA512
69dd4808b5c967ed26553dc93b0d371fe299e07fcfb3c02637390774e73da2fdebe0ce9ac9a57105d9077417abdbd2117ced8f0f49325b000782074083cfe08c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
6f63fe84a73e371d0f614a4704c98692

SHA1
5fab94e0746047ddff48e0353134559bfdf08aeb

SHA256
736b94cf414979295ffcaa3301c96effd2237cbb8efaf7c34439ff79d254c25f

SHA512
087871f2b1453c4b46575e4bdfb8a54e557bdb61fe91403a1aa75e5ab62b3f2d93abf8bc66ab0f309f75ae21d777426d49cace6250ed50d08bd76a1e6497be80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fafa.TMP

Filesize
864B

MD5
0be473d018c4f6aefb322b5d45fee2d4

SHA1
0d8db3432828bfea80bc56954132b77530e9d47e

SHA256
b077f12db131811ffe5cfa34d7a55f99a3d48af7f4ce241162495a27366af285

SHA512
ec5073e0f99681878fa3adc51c36be59fd8066dcbb635968917a6e7c38b49f505742951391b7da7edd9b6a9ad73d14ebdbeb50b5e96c92515387f20529756080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
82569a9246e98b43fed77340c6e78c76

SHA1
cdc1d6e764a86f85a17f67fc2a03ec57f80d3877

SHA256
d4781150bb7f998a0fae05d80f2c956dd8408d519c88501eb4101319b92cfee1

SHA512
fe039d0d1adcfcf4d30f8fc241f509f61d4cd430aa013a8b4ba9b903f031ba81e37452d427623012689a9345a50f36f244bcec86a061662f0851242a41672a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a874320adf263516a242a5d09f7fc6c2

SHA1
944ab3eada6cb3787d2229895a5c71196c667d38

SHA256
a3a2b8724372030c98c805d50f9cc44da936cd89521852b0d3693f5f15b21838

SHA512
422be6c49fe1b45c94d51a38a1054a6e19ee21b8eea8275b485654db86539b884ca0f351bf979839e957d718b1982780a4165273489c966edba8e65d47d62528

Download Submit
C:\Users\Admin\Downloads\Sin confirmar 6134.crdownload

Filesize
269KB

MD5
2a2619473fa8b1cac0c9fd330991634f

SHA1
7742f78dd172a6a608bf88fc57107e6b02727b37

SHA256
41f65f49814e8b918f18ad1b8bf880e2c19708136881ae440ba25f7d146c1661

SHA512
3097dfb81c4215945d286c81d0f018ad95e1cb6e9068a2247d676463e785e43f9fb39ea7c2d8d1dfad5964c6191efa54cc0c945ab4dfe2ae09f06e6139a5a0ac

Download Submit
C:\Users\Admin\Downloads\c2d4cb4e-a177-4b41-8a30-b852d9c05c8b.tmp

Filesize
336KB

MD5
3d5267c68274de90a0140bf59cad565c

SHA1
60625afd91c1c67182c7ca9a3916210272dccba9

SHA256
c3daf9d1f15bfd9fdfa386fe15865bb79e726b57ca3b3c505c8dcf87b2c07ba8

SHA512
30dbf8aff9ca4d58feaa65c899a723fbb6e69a559cec6b2b028efe3c446324d9adf044aae997ddab9cbcd8680e93e613c2ca57ae98c4d6ad0200d1dc4c365791

Download Submit