Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1760s -
max time network
1769s -
platform
windows10-2004_x64 -
resource
win10v2004-20231130-es -
resource tags
arch:x64arch:x86image:win10v2004-20231130-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
12/12/2023, 00:37
Static task
static1
Behavioral task
behavioral1
Sample
xd.txt
Resource
win10v2004-20231130-es
General
-
Target
xd.txt
-
Size
75B
-
MD5
be9f5671c2278d01c93853250957dcc0
-
SHA1
cbf1985d556b40d9ccd715acead0f3910d439ed6
-
SHA256
eda5bd21dd03e2e5cb502fad23bfac4b43f4dd9654d59ce0b6e053ec009bc9db
-
SHA512
494eefdde6506de02093c80a6a149fe25a8821d024ae3d82f26d58f5e853630cec90fdaacd1d2c7e92b911d1556455c78efa14a5d6936fd3172dee5b7dd79729
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings firefox.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 2180 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4512 msedge.exe 4512 msedge.exe 412 msedge.exe 412 msedge.exe 6812 identity_helper.exe 6812 identity_helper.exe -
Suspicious behavior: LoadsDriver 10 IoCs
pid Process 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 660 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 3936 firefox.exe Token: SeDebugPrivilege 3936 firefox.exe -
Suspicious use of FindShellTrayWindow 30 IoCs
pid Process 3936 firefox.exe 3936 firefox.exe 3936 firefox.exe 3936 firefox.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe -
Suspicious use of SendNotifyMessage 27 IoCs
pid Process 3936 firefox.exe 3936 firefox.exe 3936 firefox.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3936 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2856 wrote to memory of 3936 2856 firefox.exe 94 PID 2856 wrote to memory of 3936 2856 firefox.exe 94 PID 2856 wrote to memory of 3936 2856 firefox.exe 94 PID 2856 wrote to memory of 3936 2856 firefox.exe 94 PID 2856 wrote to memory of 3936 2856 firefox.exe 94 PID 2856 wrote to memory of 3936 2856 firefox.exe 94 PID 2856 wrote to memory of 3936 2856 firefox.exe 94 PID 2856 wrote to memory of 3936 2856 firefox.exe 94 PID 2856 wrote to memory of 3936 2856 firefox.exe 94 PID 2856 wrote to memory of 3936 2856 firefox.exe 94 PID 2856 wrote to memory of 3936 2856 firefox.exe 94 PID 3936 wrote to memory of 1028 3936 firefox.exe 95 PID 3936 wrote to memory of 1028 3936 firefox.exe 95 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 4768 3936 firefox.exe 96 PID 3936 wrote to memory of 532 3936 firefox.exe 97 PID 3936 wrote to memory of 532 3936 firefox.exe 97 PID 3936 wrote to memory of 532 3936 firefox.exe 97 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\xd.txt1⤵
- Opens file in notepad (likely ransom note)
PID:2180
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3936 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.0.2111704250\1986864189" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45ab579b-a174-4b98-9e76-d56f422412c2} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 1980 2021a6d9158 gpu3⤵PID:1028
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.1.621573245\1736913986" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2356 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0004649d-f9b2-49b9-8ba0-49f3effc9c4c} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 2380 2020dc72858 socket3⤵
- Checks processor information in registry
PID:4768
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.2.162662402\518831837" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {848af45e-6dad-4d97-a9bc-c36e387890ef} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 2900 2021a65f158 tab3⤵PID:532
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.3.1571989857\1048506024" -childID 2 -isForBrowser -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b29a4d5-f7cc-444a-91a4-f6b2e9621a0b} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 3556 2020dc67e58 tab3⤵PID:2952
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.4.1242104678\1657024129" -childID 3 -isForBrowser -prefsHandle 4364 -prefMapHandle 4360 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98c8fc58-4882-4a03-957c-d6308bfd7b91} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 4368 2022024f058 tab3⤵PID:1464
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.5.226197157\658428338" -childID 4 -isForBrowser -prefsHandle 4992 -prefMapHandle 5012 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc322740-60e2-439e-8911-b1a0ea91355a} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 4948 2021e44b658 tab3⤵PID:4948
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.7.284872401\1917406819" -childID 6 -isForBrowser -prefsHandle 5360 -prefMapHandle 5364 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51be5e4b-a6ab-4eec-8182-13bd879a1f78} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 5352 2021e44ce58 tab3⤵PID:2704
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.6.983585441\1748976126" -childID 5 -isForBrowser -prefsHandle 5064 -prefMapHandle 5208 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48611a33-15a7-4374-962b-c4d9c7934d0e} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 5248 2021e449e58 tab3⤵PID:2964
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.8.1530727409\2125058684" -childID 7 -isForBrowser -prefsHandle 4688 -prefMapHandle 4692 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba0e266f-9644-494f-98d8-f73f8da25e8d} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 4568 2020dc71c58 tab3⤵PID:5392
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:412 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb50bc46f8,0x7ffb50bc4708,0x7ffb50bc47182⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,6969064331189086354,17219478950345542562,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,6969064331189086354,17219478950345542562,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:22⤵PID:5228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,6969064331189086354,17219478950345542562,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:82⤵PID:5760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,6969064331189086354,17219478950345542562,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:5332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,6969064331189086354,17219478950345542562,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:5812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,6969064331189086354,17219478950345542562,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:12⤵PID:6588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,6969064331189086354,17219478950345542562,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:12⤵PID:6580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,6969064331189086354,17219478950345542562,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,6969064331189086354,17219478950345542562,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:82⤵PID:6796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,6969064331189086354,17219478950345542562,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:12⤵PID:6888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,6969064331189086354,17219478950345542562,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:12⤵PID:6992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,6969064331189086354,17219478950345542562,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:12⤵PID:6984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,6969064331189086354,17219478950345542562,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,6969064331189086354,17219478950345542562,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:6556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,6969064331189086354,17219478950345542562,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵PID:6216
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6188
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6384
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58f0cdba3e639a70bf26cf85d538ce1a8
SHA1b457faa0d6c55d56d61167674f734f54c978639b
SHA256c1e48c2dfaeb607efc713e1b5c01d1ee8a9491d8f3a2a5f4f3887e6c1f8c2f63
SHA5123c270fc58170c37f51427aac2d3092ddbbc17832556718612cebb0c32c04e7e3b7e157969d458a4b9c3e8bf781c23489319338960cefb5cf530673f2b8f81609
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5059e462d9bafccac7e51af79df47139c
SHA147451b838885526759ab2fd297524739872b6cb5
SHA2569c0728e938b633ee8dcb5e17dc868e6d9202ed6d47e54ed3abd24fc86c4d1f23
SHA512a01ee4760f1323f40d61f230789c7f18568a4978b58433cdddb36abe997decbfcfc4cfeac40237b8db8a1eab68cb11963003892c9b846eab974b3b75fb8dd178
-
Filesize
5KB
MD50146687cfc480f68b494b84d5eab2a4a
SHA13997100b4c868bd79960b381485e156bd1faea46
SHA256046ca2b6be306bda594766a7e2db36437ec2b0fe0288915c84aa11495a617397
SHA5122e76d6d7973a80172e64be0d3456b5c789af488ef37f64aa2be367059a125ea9756b8342e4e35a1ab68676657733b8460f2c5528d3d031c91e07cde68f1acf32
-
Filesize
5KB
MD5cb6e37eede928793ace1de74613f80d2
SHA1e125bdad7e7652077732934b22de860a1cf781e3
SHA256ca718d3def57ba5191c3a78b3204a324d7415232ecfd2e69c6ad8b1be40acde3
SHA512f0c6002088b9f70f5b6bea675bf111d60524916114b991a1bb0fde6fb76ae55ca5e1399263c6d33dfc5a8d1e1de92947b3eb8dd70e15d8fa9d606ffdd0bbf75a
-
Filesize
24KB
MD5232db701e62758945bdf81b88c9fca79
SHA18acd2e0ef674279fdf98e570a9e962ec62f7b0a9
SHA256bbfc078a91e9b2b8783bf654ce306f694bf5698bcb2cdab3c829105f2c6bea0f
SHA512a4e749878c431c96d305c62f37353bbf1fa294519fd9c3a34e4b37a77bfd56d6ad2042aa36ca55b4d83a50bf80ac5df86d736465e794830d084006605e40328a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
4KB
MD5ec1ea42aea11fcd0e5eee436781c1b2c
SHA11cabc11021f7956e8f17bf1d6196bbc6569f069b
SHA256b7cd6e6dd6250d8e1abdc032a4adcdefdb64b756e96493394afd613536010a2b
SHA5127f7606c1682e76736b9b43de952e8fb0e120861c1d09fb8efa97d942572400b3e61507f31bd05291b7c9c25ae7d5434627f6d4f9507ecfb3bebe27312ea603e3
-
Filesize
4KB
MD56b3370a1a8fb9446dff5b55d0b30b8e4
SHA1b780fba00af46147e78404f806424654d7e5e4af
SHA2560fa433c6132d078571860a58a81c712678b8b6607e5c33a6b564d57249b2306f
SHA512ebe097397c28a72320caa1211e1373cf0f727680a259d001a8e509e6e04783a5cc4353472547d7159c55b36f922917cb97651f83658320f30b2f9d412a5f116e
-
Filesize
4KB
MD598d5ae38a1f3ea5ab7d6e8a2e2d2d61c
SHA167106c65d87b5e056a3152b277324c0b37f52050
SHA2567febe2232dc435606b040182425815f5d68e7b5dd111da2bd8c89dcf98f8b026
SHA512aa7c4982730c93d122703afc7a11618e0181a41526f1e54fc9277877bca660603a59df2270b725ef9e552b78d5a280406f86181e36f4d66abba79e1a769cb9f1
-
Filesize
264KB
MD5f954f759b4e0d11297ae300d907e5679
SHA1e25b849c660c99b2406ee72831564a7b931cb213
SHA256a608a47b7a30bd304c67e7dd1664370f679ea167b5c695225666c7a4b471710e
SHA5125351b6457ad9d1531123d0992c48e9adfcd9b8c0dd1f9f56cf0493c08fded226bbffe715bb8e3f376a427d6b747048014593adcb35948828f0d6518730323b84
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0gvgzt9.default-release\datareporting\glean\db\data.safe.bin
Filesize9KB
MD58c0258311f9064e37984ff3b95cf99b1
SHA16d01b77efbcd99d4a0e591b65b816d36261393b9
SHA2567a88abadef9e8940096dca7f7e92205f9507372240c42446cc800ca3bdb4b5c6
SHA5122c9707fdf6942ca6634ec056aa72032385fb8e0a71cc56291702b665542e08fc8c0d060b097601fc32126befd5b84155c76fcc420967b53dcd98cfd9d1bf8634
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0gvgzt9.default-release\datareporting\glean\pending_pings\04177a5d-36c2-48b5-aab0-a72925af8c99
Filesize734B
MD57f627f91199d467bf01ee913918d13b5
SHA18ab0c07a8dc54885458351f4b30df9f41418a5c1
SHA256dc32e79c611d364dfa6fff46f2a2f33943bb1e8ec164d9a0379b39cab695e036
SHA51204da8396a49ab593701c0b9abcc5983babd2470bb58a40a4c7d713e375d15a0872daf6756faa130458ce7623d9537ed7a668ef2fe775f2a61b39f1ca38f52628
-
Filesize
7KB
MD584c6cfd98f0499a0632132580cad4510
SHA12975062d45d3022c2cf26495befe0fcd781e4f66
SHA256d864c21055048bdfcf7afd8c0d2b4cc71fce05368f7aacd70ba55b396967cd39
SHA51287dc5f567d07f8703b753555ec8acad9f4183e2d3dc89f7ef4361368eead4165b7811233638b2399faccb5e2dadc9f15741f766ebe0fe94689ff70330fbcd742
-
Filesize
6KB
MD581148c51e9435940609b3d0d66c61c4a
SHA17a100502379b484bd7fae62e96f4b5678e358366
SHA2564fc83bed06a50280aab237a2aa6b73b379bc28091cfcb73e0878bc281c9475b0
SHA5124ad803c3e699a0d187d470a46b2efd51be5c98178fae10f9a7eb875d519fdde1df14589e10ac3bf8c3a914722e4bb8b5e2ac11d5c4f95ba4ce485364a0616227
-
Filesize
6KB
MD5162b42507970f349a1640e97397d9917
SHA1930673a98fe64b083e9216297ae0818e0452edbc
SHA2564511a24835c11425de1230b52c91491be5026ea78628a76223d5a92c58b3b9e5
SHA512651202153fbee11ab3463747ca9647d63f27207a84332b8bbd9204e6b40deb64167ba221147046318a1cc0a9fda1d5204aae99c1e7e24a19f002ee112dca78a7
-
Filesize
6KB
MD5dbaea0b6c57206b595e4c63b7002dc82
SHA15827a80c7124e8fa0ad18462d2d14b286a50020e
SHA2561717dab2c93c587be22e9cf54afe8c4b88376824d24e10ef6f4c875e8683e652
SHA51280e741d67645a5ebb94831574842500d5da5467383509b4a7a3191dc2b828b6e5ee61c89665b49a0d1650ce5308356561d6889e7439c04ae6214c04a9f6b6762
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0gvgzt9.default-release\sessionCheckpoints.json
Filesize288B
MD5948a7403e323297c6bb8a5c791b42866
SHA188a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA2562fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA51217e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0gvgzt9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD53ed15f2f39c9388958f76f0ed0da0bd8
SHA19223752c5ebcc634a4d8488e0107bcb888390b56
SHA25619bb56da6bd2471ed1828e28e2991bb6c529558df458886e1fab461cf594d814
SHA5127811f2c90f7252ae47b8eb9a3a98e7739de572d579d47b2505f575be56ad162de9b53a48036e8db18415fc1d14163117bc527706db198b2f40251098b0ba410f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0gvgzt9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5500b734f8fb4d802836c2d1c4202ec5e
SHA1e00fade23aa8db7b8e11ff41cb0975706dc7fe31
SHA2569b395636ef7d21f987daca7322a4dbec8f9852aba1d8c287839aa4bdc3f74d44
SHA512640f6f66108233b062af6f57f21c5206a5b18794b924c43d833166f66650932f548eea4acac6b81980fc2d767cf3e423cd1f8b58aa66bdf37ec0af468e23730a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0gvgzt9.default-release\sessionstore.jsonlz4
Filesize948B
MD5299376167ea4ecfa8d35a7439a4fd7d7
SHA157d8c7b3376d7864989a6fc34c3ec30f7f32e101
SHA256e4ae3b344df2b846dd562f381be0b5e71333032385278c4fc1dbea4ce1c06ef0
SHA51215f5aa596e859961dae5223f2a6aa3e5c21cea3d80bdca6bdab3b9289e0a3c34e0b7a11f1a4b088286cf8061162f7744ad4ac420a815f47123b1d1bec66fd7a2