0e57cd6b33814fc8a58269c375873a83c96a380f2e2765c3cf72c96b76504680

Analysis

max time kernel
1167s
max time network
1172s
platform
windows10-2004_x64
resource
win10v2004-20231215-es
resource tags

arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
26/01/2024, 08:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Practicar.hbs
Size

2KB
MD5

314d24ffa23dbc148e0d509c443c407f
SHA1

f610cc5523595a08e1d7e423e9f960783021bf5c
SHA256

0e57cd6b33814fc8a58269c375873a83c96a380f2e2765c3cf72c96b76504680
SHA512

96e015e7cb468a5748d3162d7023174820b637ba3a69c9cd99af8ad7d682da6e7c0207f560026d31916ac3720b7b7deb6ecb31c5dc1d6fb7bb104220ca173e90

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3792	msedge.exe
3792	msedge.exe
4568	msedge.exe
4568	msedge.exe
4060	identity_helper.exe
4060	identity_helper.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5052	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5052	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4520	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 3684	4568	msedge.exe	101
PID 4568 wrote to memory of 3684	4568	msedge.exe	101
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 4972	4568	msedge.exe	102
PID 4568 wrote to memory of 3792	4568	msedge.exe	103
PID 4568 wrote to memory of 3792	4568	msedge.exe	103
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104
PID 4568 wrote to memory of 2932	4568	msedge.exe	104

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Practicar.hbs
1⤵
- Modifies registry class
PID:3168

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb5a4a46f8,0x7ffb5a4a4708,0x7ffb5a4a4718
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 /prefetch:2
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1364 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1677288925965739223,4979818553088576542,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:2524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3768

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x2f8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f246cc2c0e84109806d24fcf52bd0672

SHA1
8725d2b2477efe4f66c60e0f2028bf79d8b88e4e

SHA256
0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5

SHA512
dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
193KB

MD5
1794388467a5d69cf386bdc803cf9390

SHA1
71e89c7afd4059cc383091cec62b84da31ed8cd7

SHA256
8a0b86d60e0dd4fb9a6d994ebafcb1c8614dad44dba85c33f46ac982558edc75

SHA512
d7781a21bd8164b94c3464ee0cdf5b4c6c7cbc079acea9c50baa9dbfaeef27ca315d4aeb9491571608d611477d94c64ac5abc31fae8e72bc1a6d5a58bba17d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
526dae2e79015ea4c27a03432e223ef3

SHA1
60559c08898ab85a60c6b9fd6e9ceec942088bde

SHA256
99e70fa718e1c9afea3e011510f65a4674854f3cc6a89cbbf6e664c6e5b6872f

SHA512
79fbee89893a693dbb0f793013fbadc4e176c0a8880ceb9c9cc5b42058293b1630eac057afb5c117f0a781b5c210a823f1ede25786eb7a84260759f87748b8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
86b1a043eb69f0ad5db0f31e9bec76ab

SHA1
e5ad8bff6f87b376b5095c0830c5a3229b4dc998

SHA256
842dbf0b6059ce6012a2c75eaa7e50bef58ce0c6bd3714ec606af741571cdbd7

SHA512
0739c428d5490c23b600aaf6674f9fd7cd57eeaeba49816f34501b569fefe330fb34347f1299872b0116d3b84b47bc8f1aa0385ae787bf045c3f83aa9a6abfc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fb782232732faad51e2c11bbeb8fdc21

SHA1
062d43a7fa8ff78d73185c2ac6caac5b47ea3cb7

SHA256
c05dd4c3ec444a383def38f0b4d45d11343ebe33b748242c156509bc64e1e7de

SHA512
780ccb3c0bec530f302f86f9d063a40ca3a65e5cc8e847e0904e9556f4787645559beb3f0905816afc7a51e47c226c98ac431bfd518c76d06a5f9bed85e0b2a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f0d708befc24fc107c92a6b35cec410d

SHA1
d56b1866397e2fd9f8830a5c9a3b4fbffd6f99de

SHA256
d41726b57e9a1fad66f69a212cd0a81adcf501e46ac7b834052096370d4d8f0c

SHA512
563039186d1cd09bb7011fe6d64766d852ab4071254f12eff33503615dd9de6ae89914fa381d94ab83180b457633a4a0bbe04eeb897fae1f83bac54454e6dfc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1742e86ec68cbd56f42373c988bffc32

SHA1
82e0bef7d432c16da9050fadf621d808c60996bc

SHA256
d5f4a628997a4f3f8c4edabb658965428b45eef246e2118f864b49ab5d8a732e

SHA512
af2f49378d7ba50f2e673be022dd4c15b9c7c5a3bc365fd0b21c5e3c3d93f2bbeafa9821ffdbe4d8b5e5789b01ada502481d62413e1612f01e4641ddbcece5c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
950752b723724837cb0c29470e634bee

SHA1
8ed24d79ae7e3121410990bcdcd7faf25359cf7a

SHA256
660a2ecc67a63101b393096f9136db87c4c0e233a69f1cde4bfd91f8b0c52063

SHA512
f9bf0f31b7fe28348b600f134f190878b4915aa20e5feee7334078ede120e6cb9cf9c3f7e5791ad8e75a772fd41412365d1e307ba3bce94fb56c7537c7b2fe73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
35be223433085e30654a93a86157be26

SHA1
6372afc98bc06ee66df4f6442806f4919c1cc183

SHA256
ce333e154cd3f47208e2215efbe3709572244893bf622a236f7496677034b751

SHA512
b2781a08d53819dfbdcacac8f2523cbaaf8a9e96cb042ca937047c280823ff485a545ae7d343562b350e8588ff2aef1d198b4b98dd7d81702ba112444fe7d1cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1df5381d64f69c1be9c123a10aa9ce62

SHA1
7ff9984b99e56d3186c9d8c37255f9e31cbae8f8

SHA256
ecafbb58822d1337dc18970ab6a59960ef79b07cede6d62896d2771fca18d834

SHA512
bc944323b7571e30e8b139520b96a19f97d473c097def3bb143ea3e79c1f5d96a9c118ee4cb42924d5810a6f8a733e98c053a49f1054fc150db6c08d34fff9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
17fa9a49acb0a2a267708bc7807cf98a

SHA1
3b5a21a1ea05caa7c77a2d031f26d29afcb370e9

SHA256
d5d7e4323a6f14e5e64a72fffa4352172ec1983cc068805512e972bdec0a0127

SHA512
ee69a28e611343e6da429e5dd54fa90bf71e354d5edef055825df8db2255d71d44db505136bf7ca420d6acf71bde5b9ad11ca4512ef1d9057c268b586c6c36a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
04423d47891cef156a88e260d6a5cbd0

SHA1
87c3f3b795cea569de5bb6e6f372f0fab3bcb4a8

SHA256
a8c91e61db62af4cfc4d52a1e3f9be602ac51d524cf592615f73281485a6082b

SHA512
6ed7f70c272364f3546b9e3bb1a4ddca7ed938cfb0557aa7587cc817f469e19d735a56a421ee7cb57f27514646a6efa1cfdfc90449a58d617cab2473581fbe36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7b03dd8e680c479d441eccddcf997ec8

SHA1
f878cc02a64d6aba17741d5db4c676f58b5bac4b

SHA256
8538faeb2b1288236b15d6dd61bdebfd560357d81d027f027b1de0692f855dbd

SHA512
10433056cb35d5288b15579f180bff8fdfed1c1a50bfd011e83c42e0c876390d0ce392447989064fbab0fa2d42df3cc6f574bb333a1ef71b40f5b54d1a613933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
41d8c1ad7d4ce2f8413e15c11a1f9c7f

SHA1
08a149565e2f17742ec450d6b82b2a523813ab7a

SHA256
0207d5d072ce29fbff15555e2ba81ae4e29f13feff4972d3261f70df5e3f8a88

SHA512
cf4c8b379a48fe5585dee3201e9df22d38163598e8aee506fd1902d8ead1899b7e28858ab406a0924e56a928e8a5c865db0ee5dfa9edc5364e4616a584332c18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5e62a6848f50c5ca5f19380c1ea38156

SHA1
1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a

SHA256
23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488

SHA512
ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f0c5a16e82d43a6ff0ad211638689338

SHA1
77bc8967d3bfe2e20c52800f7cf811def2cb604e

SHA256
6110a9b54389d3b35a4b31b55217ac1217c13c3f0216a176a66fa825417cf659

SHA512
14cb35c23c5bc84f1335dbfc340ab413af1e4a8abe0d503be14f5f9099c7c6c61cd2d1532c6ce6ebcc19442f2b61de5daf354d8f29885ed2ef91f85895a04e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
46a44dde6b4b193b425f65cfde011e58

SHA1
d744668ee5e6e27c066b4b89101b945a661fd295

SHA256
da7905d35dc26bed21cc51f59c3fca17897d0c4b2474e3b044060e308ea3ad82

SHA512
5db77d52bcf67b5962ea6f1a2b4c323eda61f4dcd44a8753d577c4a3ebb817e8991c319a8faf4424e962ced4c0b490202bb4d57d5c9274fa820451a5f04a0e00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit