Analysis
-
max time kernel
2038s -
max time network
2040s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-es -
resource tags
-
submitted
26/01/2024, 21:33
General
-
Target
installer_vst3_64.msi
-
Size
2.4MB
-
MD5
d1c81d2b8a9ffc2a86bcd2c5208350cc
-
SHA1
6dd7bf80a0ba2fe237f116f10f08674322c694e8
-
SHA256
cae59ac7dd335c3335df6db66f1b65e49c656efe73910bce533e810c5b2f6378
-
SHA512
3bdb0a2593ad39172e44fe351775c90c0da8e6c2f89029cb0617aa34d810eb5bb32952c71e51b69517616c11f019c983ee44e789cff73d03353f982ee0039ad8
-
SSDEEP
49152:nzAy4xMrGBAzYOA5SuCEcOoYIAjubjexrXgj:nUjMrsAeSu/cPYIAKqrX
Malware Config
Signatures
-
Blocklisted process makes network request 4 IoCs
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 8 IoCs
-
Suspicious behavior: EnumeratesProcesses 15 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs
-
Suspicious use of AdjustPrivilegeToken 32 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\installer_vst3_64.msi1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe1b9b46f8,0x7ffe1b9b4708,0x7ffe1b9b47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1884 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5708 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --service-sandbox-type=video_capture --mojo-platform-channel-handle=5748 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=5864 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6904 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=3936 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,3118544374283562989,10385234925554310043,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6772 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD5dcdd81072c3a08bd9406979863d1644a
SHA15f96f3f44c281ae4edf200d640f83a20beae722e
SHA256a6a58e018344115696d6547401f8f88751d2384aa7c753546bfcb4d16a7cdb2b
SHA5120655a13f0c01340bc4c1496745167e4bb0b66233fc500faa1c224f01f011415453f8b5dd6b0239b3d6ebad49ac4a2bbf2b7a2efe29a2664bbfd5548ff6961f10
-
Filesize
152B
MD5f246cc2c0e84109806d24fcf52bd0672
SHA18725d2b2477efe4f66c60e0f2028bf79d8b88e4e
SHA2560c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5
SHA512dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640
-
Filesize
193KB
MD51794388467a5d69cf386bdc803cf9390
SHA171e89c7afd4059cc383091cec62b84da31ed8cd7
SHA2568a0b86d60e0dd4fb9a6d994ebafcb1c8614dad44dba85c33f46ac982558edc75
SHA512d7781a21bd8164b94c3464ee0cdf5b4c6c7cbc079acea9c50baa9dbfaeef27ca315d4aeb9491571608d611477d94c64ac5abc31fae8e72bc1a6d5a58bba17d33
-
Filesize
26KB
MD57ed7d635d0f5215a32a393202ea7a628
SHA1e04d5867f3a0dae63633baf8cee4c52e95ab964a
SHA256ae7f7fe9b62a9e6b7acfeaad4884a0873e08430aa25183bdaadd5949b5febc00
SHA512deaed4a0687981945e4bb0aeb679f806bb45ff33fb5e2524e5c2f1c88db75844485770498c552eba6f31e7debdc9c816bc846ff01ce1ef0cc6c7d6d23ee041f1
-
Filesize
67KB
MD57d34fe63af259b2b36521fbc0a6cd2c4
SHA1cc335553f75b135fd74f5f4e4e6d1456a6a93a94
SHA256fb5668817ab1e91cd62ef40c6f6545a4e27587374dcb112d72b777ddaaf6d4e4
SHA512ca66513f3a1e725013da052ef236af9b72c7760b6e743682754117792b8e29389abe4850c91d97ad08a7b9aa506398e8152ea52fd2e974ebb79fa500ba809e94
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
82KB
MD5ac5195108ffa3c8e98a9de0576f61b19
SHA1a17d81c55eb35403291fbba122059e2a5f79b218
SHA256b876acbba780764bcc331cb0fee51839f76ba3f97c75cd24c7d0444a95b7cb24
SHA5128f89c9ae9a02f47cd3f7e9cbe1dd720ca17264fd3d3acbec69adef25f0f28ba97118065c19b45a20ac091f2b243341e08f1b097a50aa27e2805e97b073a818c8
-
Filesize
16KB
MD5ad4241b8e34336483c8b316fd22ad1a2
SHA15d31cf73ee6bc8b77b3bde324722efb44a04ea79
SHA2563e942e7209f7e4c2a2c4bf261dc71946e1612f670725c892661112f672bb5f66
SHA5122db15e7b98ba50ac1c7572539052509dc382c68528f4ee4652dbe61da07f513459e719e474b000f3961cea90c325d6ecd34a8305d90299b285d267a2abbded61
-
Filesize
2KB
MD58cbd21a61b9c444d9f748014914eaace
SHA120f1ddcc7d941d13e8e69e763c419e2e4e02b9a0
SHA25623b34fe30fa0c068ba81d77d1873578c3651e09f672191df9f8554399ab00d5e
SHA51243ea7a1e3aa4dd3b12ccb4c7caef63510bb93dc1d1c16917b08f664ea7203e3a25be897eb2e2c75b9211621474e383cfb726b435bee8ceef0ec314128e9bdf07
-
Filesize
2KB
MD5b7d7180f0123453bc0bbb15b94f9bf93
SHA18a65631b4cddd550e8095461e16dc1f0cee35196
SHA2566dec3798844a3487c8a1c0fb0cdd772b7ee81806702d40eec266526a2c6115e3
SHA5123eee14acc2f6d42e7dc2ed5c5f25c821f73b6c5e492ca8b21f69ef446cbaf86bdeefc9ce6b5e50c9f5bd779f9e9c12a5024803884abe2d5ee0e25e4671870400
-
Filesize
3KB
MD509095b99ad2f177404943d3900c34ee2
SHA1661854a1b0e9840eae081da9a94bd489fd63da54
SHA256ed724eb36a080f7ee133ea7454db985c89dbf2a7d5383c4b730ed5f22cbe2eb6
SHA512e403ef46ff4ab4354b13f9b962534ff0d46c9bff22ee33ab184bbb4359f0ef74d4acc57aa77cd88261a05ec2822c9419c97b2594f5d211f7c7546737c873c766
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
389B
MD525e811b8a701a99c6c916669028ac427
SHA19e4d7f286acb8ec475450d06b097f601486e069e
SHA2568848d95442d6bccdb3ce6335a1d17cba718744b755fcf05e13004cd69a361004
SHA5128800201b261279a7fbcfc2ca9ef714a93172ef766a0eca450fc3c3d597f8404ab170994f47855ed6984d0fd0925589012e9591c1ea4ea61951c04a07678d23db
-
Filesize
349B
MD53cad2e9903d75fd974dc4e76943be384
SHA1a5fd7ab74ddbb4011772e0e09ab85a4f4f147881
SHA256475eb312623f7738b51870a28ac6f30c245a973fbf9e850d2122ca1fe91aee33
SHA51263ad80887d171120ffd0bd07cafb77eaa7472d346cec3409f208c508b796caedccc3a528f4875dc607abd9038271b1ceff037ccd5bd6dfdcc52eab16bd30a37a
-
Filesize
23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
3KB
MD59c6928962c862e0a6ed488adadd7c0b4
SHA1c0b048337cb5129406178dbf54b2693463655068
SHA256583485f71a43eeb27b32753101c63645756b525204bfeb32cae78f7dc5490d9d
SHA5124a2755d8d6509c034b48f27ae12c8149939b9c003c7c00b0966e7932e4a8056b5a44aea46d1f54e39e7c607a66372e2c08b44438dc62d3adda80989791ab9866
-
Filesize
5KB
MD56a624b01ee31c69f62c48be5ee963de0
SHA1f654217d19bc727cbed79c2d155ef7a26bd86936
SHA256b84966b4828a88a61c3fc6e26a0b3017355ee3c208b066a70a4aeed93fac6b0f
SHA51237f3f8633ad2b090625c7738a6f24147a94f0f8f030e19a6f90d5718d43e117e7227210abda90a28b77049526ba1fe8eea62490baaf4eccefacaa57e48e0898c
-
Filesize
6KB
MD5607a85755d0f389e348e5cbbe26d7d38
SHA1664e70b87cbed016d68a4e3c6bf704e471249be2
SHA2564885246eb1f6474a02ec7e35f52a18b2986bf9b3dab070ada6145737e45d88d5
SHA512550a7f921b3679558efcf28eb68ab68f571169c83a96130b8116085b08b1359282f4807da8d23dc1af1f4dfcade4267d794376acafe4a2c66d1752ac3c8052a7
-
Filesize
6KB
MD5e85cd2ad6e596fab49f7fcceac530578
SHA1c8609d27b834032b2bdd3d4bc5a7063471f90aa6
SHA256ff593d365b2d872bd51d50a33d23dded330541f27e8350e7069252b9326a93f2
SHA512042a180ae83cb7cd3e4c9331041b53673cba9c5135550816f3195187cc8461955c600cff963c950377228d603ce04a5473626db10a556ba2d749a9a3e3b6d16e
-
Filesize
5KB
MD56b933301e8ae8ab7bdf23fe12a28d3de
SHA1c5cc31877e834bbe429074b39f2b17ef2f39e974
SHA256bb79d2e528d3d9a2092acd9ecc7ba5520b3929e01b4929b7597625b389687c69
SHA512cf4d734cb0aeb8b612e488b5749b419e35d7f1401078e763d9e27a92972dc8860ac339d8f17aceabfb526b11da608ff81e95557df0565d501a72b491a31fccf8
-
Filesize
9KB
MD50f05fafc8313923949e863f470213735
SHA11e4f16cb177166e8848b8705321da6fdc9a1d946
SHA256dbd19799c607ec636f4e23a4bc550d62549cb8feda9c4fa669bb5253f0741526
SHA512b79788498da5fd0d1302c8fa93773f146349301c9f56fd2ad11ad3c2ba68323b4951c9fcea67e4d46fa546f04e3463b8218e7d2a9674c3e7741e80b8a2d4a431
-
Filesize
9KB
MD5d09f1a7206c8e62172ff711946d3ce30
SHA1ee81d4a43bd10beaad41f82e3f77561d7914ba6a
SHA2562f3d6a5899f94cf6541b8f44a04ce8c120976c75489e5f416830bef27de0feb6
SHA512c947d26c05b97cc84db951abea6ffc8b313c94e68da61eb72340cb6e4340629734a860091ec07492930f059e206fdc27026c7bd3f1723d9f7a15d4bd24b34b32
-
Filesize
5KB
MD5b484d5caf94790bf94c6176b2c8e5c71
SHA1dfeb45f7f8b5494270b67d6ee1327ab44ea702d2
SHA256ec2789bf59382398f620579f87fd6efbdfac87d79656d0a2426a42c6be243236
SHA512fbfe6f938f25ffc9c4e9d0be52bb24a33c16fae83dc5c84c4071ab81ab7e49014b26d4c02a84c0acd5847844feedceeaea43682ddf459e4a49308535f8f0a337
-
Filesize
7KB
MD54e04e6229f6618169190920ea9b83d43
SHA17baec8a349f1a737d4e6818a3b0e85007372c783
SHA2563cc01cfe2c54574a9ba30c0d569afd567087e406570d9733c4409518973f6287
SHA5120a054365f1b40dc3f130f33c4af9dfaa5404e6ad22187a8cb87e09c3a0b2f59cc96c2cf9f3a51c34101da46a9a610236b49c57dec8f45840f9b1bf7cb4fa1bdc
-
Filesize
9KB
MD576b4ca44d2aed36a8018522474c7ab4b
SHA1913469b85fc33a4ddc280ac129c441a91f97fcf6
SHA256dbebf2f8d1b473b11cd21d139cbf11c338f4491e0f3a97ae64c9dd15e1a725c6
SHA512661db691f38be92b36778f154d2e5e01e1ea0a6daa43744b0486e4a24ddc6a5f0dcb65754eccbcba39fd35fa813526f489705dedd1942c8efc181bd4723d9852
-
Filesize
9KB
MD5f6a93b2fd0fe27bc90af12eeb4133743
SHA1566d538523720a2b28909e33d4d9b6a0144efef0
SHA25608390c63dbcb39a9abb2ec0c7e0855d5451ed65f7b490d979bb71fc2c2a0a44c
SHA5124f77c9dd06086e36f768fbab4b465c2ffecc70f5efe9f0e0f60c531d2cbcab7e9f25c0a99b52e8b7b5324e97a6b32aaa525d3d920fab70a8dd47c6be77684917
-
Filesize
6KB
MD5d60e05107780527e8b7ba30a78540eff
SHA1fb2d14649336af464959c16fa3e23fccbab43b72
SHA256b9215fdd2d676a49952530deebc171503541ac0ce762b0ec53de37ec3f56917e
SHA5124a54606b7adffbe891cdda3716d70b7afc57cac3f98701000b10e8b64563339ff4e0dd3a3e66446b5bbe2102faaf4e2f20e749ce70490166db8f94e291022c74
-
Filesize
8KB
MD52c93eafe7d2a6df6ed72d9f91a3e17e0
SHA11942012d7b5ff61852bc9f772c9e5bb2f41a9c33
SHA2567c887442ce36523f937499790371fc09bce7ffca99f526e21cc7b6bb611bb79e
SHA512317406a7438aa131ed72d28d5208ced54b8773c701f1d918ab6922e73be33fe7200587aacbc7da6865b94ac2a11efa3e1ee7edf66ea1fd2cbba2b1abcbaa0d60
-
Filesize
24KB
MD55e62a6848f50c5ca5f19380c1ea38156
SHA11f5e7db8c292a93ae4a94a912dd93fe899f1ea6a
SHA25623b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488
SHA512ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54
-
Filesize
72B
MD573f09a3f5a18d5135c6134a0da07f82e
SHA15a9adfac43745399e5821d5c9301367d418ad35f
SHA256e3abbc1d4b293dc6d1838eade955195a392edf3795ca2493a1688cfc431b5c04
SHA51278a9e13df6304640f3c9683b92648888825c1b6b7da2ecb4e1f78554669660995299d68b20bf2ef256f89cb9cae3e6eed3bc09e2e44a95ad9c80b7b5fbf0e7e3
-
Filesize
48B
MD59ba1ef1be2198e42a9a9b08a06bb10ab
SHA1c116e2098b197b3120ba5bca63ee98cffe0bd7bc
SHA256f195bbdece86abd92bac423ba2481edba5ea5c281fa2651019c04fffb26965dc
SHA5127929e7b939acb870b6c4aa972117422cc11342585e07327554e03ff9fe223e72b679fbeebcb23259ef1d4f49a28c74c3741b366ee15eef5acdca3b555afe8363
-
Filesize
2KB
MD5514132258b39beece09a8df1aaf0cf7c
SHA14bfbbd654ebf95b8976f76840cb5029ec52b3be9
SHA2561a8d871425418ddb578d282319a883e818e1593563d646bb99c566afaaea29d4
SHA51246d7b353cf101952f56eb0163da200e32a0ed14dc4053852683484b525be3609f38bb7cfbb9fc9f013912a750d582e21306edc2f3137c4dedd8ea72b74702208
-
Filesize
2KB
MD5b8e4d864b0f8e64d524655d5d08fd6f5
SHA18ad60907bea235cfb96037ee39155b6ee9693dc9
SHA25638cdf4f632e75926e7287d098322b7208d52b55eb16a6f0ced57e249a0fc2918
SHA51260260c0b274aee72fc4e70c51b897cf5fdfd98abe06160065052b3dbb5f975227cbdc8d6e9c833007954dc918448357aa69b603ce7f035067784fd3a1dad5760
-
Filesize
2KB
MD5f9d7d56f0e1d83f89b63c226178ec40c
SHA10f1279d5223a37f6e95739594ae02c29672ec309
SHA2567b4c7fd43e231a6196cf6321e60d75f9edad6847b8e0803a1437ad4f769c5fa4
SHA51275db40f2ac03f8cbc00631ffafb42d25ae4eb7df1dca54eab01bb65e190c292f5491c19db771ca93dbe9f29439d1da863fd9f6945686250bee2d1391554e5d8c
-
Filesize
2KB
MD5c19c8107bc9608e3655fdb28a2459513
SHA1b822864ecf5ebf671e0a6ca9d1290436a5241a53
SHA256364a70799a0be936ec1ff9fee49624b1d0e1e8dd38c171cea8cbc884b682ebcd
SHA512cc13b0007c1cddf4048bb8293ccdb47e416f9700c74a9204fd90961e11aaa60c1dc44c0409e0f336b3db60f562312309d09e3e71ea3f357290f5e1f79b3b350b
-
Filesize
2KB
MD5ea38c5667a9389a6f42f515422f25455
SHA1313824228fde3c9c0700cbc4bce64efac9895148
SHA25624a65eb774912ce4bff93e8de43738f051d6da2a4ef2bc1c0ea2167618bcaf89
SHA5128bbdb7d0e27ce83d81a4b7b6535b6b6466923cfbbab04daf445b5030b48b79b8a83d7b84bf33f3b48207c066d839d9da838a62b60411bef66081ca95d1cef8d3
-
Filesize
1KB
MD591dc384ba54d927af07a7b39443a891a
SHA109fef786d06591843dcb13d9e4f03fd66acc7f23
SHA25695f55cde3335eb6fb7c90f75b7341c9f5c2c9b7e02788bd6f4a167f48632cc58
SHA51206cfd129192d267bce6dc7b35343334905af3fb58030512b1fd8ff4ca158f3ed4cc21d5859a8e19d3472804bebd9352ddf4e02ac783d2d691be5a3f9276b7f5c
-
Filesize
204B
MD5d79cb47300cebf4f6801fb1a9813cd93
SHA124809ccb1283bea7aa341c51777f886d42cd871f
SHA2561a670b3c17d29f10a16059d82817966ff7e13502ab20c008d0ff9b939442bf47
SHA51279331f5381aeebae54bf9dba60132b5c2ec8329d6f11a79292e7188328d7cb46b833e666b30020b27089b1861180f5e8cb75179252b8d65a794412acd7071734
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5aafc817a52b0d8a6f12ade5358f85db9
SHA11ef2c880205d0571373bfbae4decea6a7434efd1
SHA256b162e51c1bde9c577a6395948ff5dfe11dd33f3fdf48efbb449ebb7f04759e35
SHA51242d788ddc41517a59679bd5a85a97667fc3caaf257cf222460d4793dd6e3953f1b177c983525fe1592826004fa4522263cc668f277462ef89e6075233e2a0ca7
-
Filesize
12KB
MD5513fff5458134299b9a0eece9f32adc8
SHA1838168055390937c96e868c3ea8bdd89de034b9a
SHA25675c84805bf4d20f5d2434b3510ef12a1ed73197a57888d8df7c86ef89f34ee5c
SHA512570620b73d681477f3b2d9f6c0bf1cd64e30899f00b10f45cd00525829353952872bdab8a2a11c9e85b6be275ad83a3c913f38c6fa5744c3645813b5028528fc
-
Filesize
12KB
MD51b3c2116521fc4bba783e691142b954f
SHA10f77eb46653a4770d09afdc7d14a34763a5aa50a
SHA2563bd8b8bee5876d048599998d07d782a239ab983154561bc95e6de0a42cd0de3c
SHA5123e7669bfa86e639408e6760f4dbbedd840aa2d5c97208f6996cbda95fb2e9b6fbddf56cbf698577b90776c97c5403ef633953c0f3bfa717ccbb1b06f347f2106
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
10KB
MD592c109582cf43d222de1d8da0c17e63e
SHA1100e10463b94528ae3bf74d9523e9d9cf1760d7c
SHA25692c74a15882ab9ecbd984745354109cd343c65933f9878e8b8063e1127a10934
SHA512f8da643b8074e8d00679c4d9d9c87756f471f9576f360aa2e920639ea4c893a4ddd0b5d7a35b565dc3f38a9aa31a7fd9b01557ca059bbf360ac53d58d2a66291