Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    258s
  • max time network
    304s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2024, 15:27

General

  • Target

    https://lincapublicidad.wetransfer.com/downloads/48b707824c32d447d04db75fb61b508c20240227215317/6cf984

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 11 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 59 IoCs
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 44 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://lincapublicidad.wetransfer.com/downloads/48b707824c32d447d04db75fb61b508c20240227215317/6cf984
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4376
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3a8046f8,0x7fff3a804708,0x7fff3a804718
      2⤵
        PID:3044
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        2⤵
          PID:4792
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:5040
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
          2⤵
            PID:2188
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
            2⤵
              PID:740
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
              2⤵
                PID:2680
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
                2⤵
                  PID:180
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1888
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
                  2⤵
                    PID:4232
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
                    2⤵
                      PID:2260
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
                      2⤵
                        PID:2724
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
                        2⤵
                          PID:3084
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4100 /prefetch:8
                          2⤵
                            PID:2428
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
                            2⤵
                              PID:4984
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3400 /prefetch:8
                              2⤵
                                PID:416
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3848
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
                                2⤵
                                  PID:2992
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
                                  2⤵
                                    PID:2672
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
                                    2⤵
                                      PID:4144
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
                                      2⤵
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      • Suspicious use of SetWindowsHookEx
                                      PID:1620
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6704 /prefetch:8
                                      2⤵
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      • Suspicious use of FindShellTrayWindow
                                      • Suspicious use of SetWindowsHookEx
                                      PID:2708
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:2
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:3280
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
                                      2⤵
                                        PID:992
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
                                        2⤵
                                          PID:4760
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
                                          2⤵
                                            PID:4804
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
                                            2⤵
                                              PID:3280
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15570756359444319907,1168386889621435578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
                                              2⤵
                                                PID:2768
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:1416
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:224
                                                • C:\Windows\system32\AUDIODG.EXE
                                                  C:\Windows\system32\AUDIODG.EXE 0x300 0x2f4
                                                  1⤵
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:4428
                                                • C:\Windows\System32\rundll32.exe
                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                  1⤵
                                                    PID:3692
                                                  • C:\Windows\system32\mspaint.exe
                                                    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_lincapublicidad_fotos-fruco_2024-02-27_2153.zip\Fotos Fruco\shutterstock_150316847.jpg" /ForceBootstrapPaint3D
                                                    1⤵
                                                    • Modifies registry class
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:3020
                                                  • C:\Windows\System32\svchost.exe
                                                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
                                                    1⤵
                                                    • Drops file in System32 directory
                                                    PID:1584
                                                  • C:\Windows\system32\OpenWith.exe
                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                    1⤵
                                                    • Suspicious behavior: GetForegroundWindowSpam
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:4100
                                                  • C:\Windows\system32\mspaint.exe
                                                    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_lincapublicidad_fotos-fruco_2024-02-27_2153.zip\Fotos Fruco\shutterstock_1984083515 copy.jpg" /ForceBootstrapPaint3D
                                                    1⤵
                                                    • Modifies registry class
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:4872
                                                  • C:\Windows\system32\OpenWith.exe
                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                    1⤵
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:4816
                                                  • C:\Windows\system32\mspaint.exe
                                                    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_lincapublicidad_fotos-fruco_2024-02-27_2153.zip\Fotos Fruco\shutterstock_1763261750-Rosada.jpg" /ForceBootstrapPaint3D
                                                    1⤵
                                                    • Modifies registry class
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:3648
                                                  • C:\Windows\system32\OpenWith.exe
                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                    1⤵
                                                    • Suspicious behavior: GetForegroundWindowSpam
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:4432
                                                  • C:\Windows\system32\mspaint.exe
                                                    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_lincapublicidad_fotos-fruco_2024-02-27_2153.zip\Fotos Fruco\shutterstock_1924461281.jpg" /ForceBootstrapPaint3D
                                                    1⤵
                                                    • Modifies registry class
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:1164
                                                  • C:\Windows\system32\OpenWith.exe
                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                    1⤵
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:2824
                                                  • C:\Windows\system32\mspaint.exe
                                                    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_lincapublicidad_fotos-fruco_2024-02-27_2153.zip\Fotos Fruco\shutterstock_1924461281.jpg" /ForceBootstrapPaint3D
                                                    1⤵
                                                    • Modifies registry class
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:1040
                                                  • C:\Windows\system32\OpenWith.exe
                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                    1⤵
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:3948
                                                  • C:\Windows\system32\mspaint.exe
                                                    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_lincapublicidad_fotos-fruco_2024-02-27_2153.zip\Fotos Fruco\shutterstock_1763261750-Rosada.jpg" /ForceBootstrapPaint3D
                                                    1⤵
                                                    • Modifies registry class
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:3688
                                                  • C:\Windows\system32\OpenWith.exe
                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                    1⤵
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:4076
                                                  • C:\Windows\system32\mspaint.exe
                                                    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_lincapublicidad_fotos-fruco_2024-02-27_2153.zip\Fotos Fruco\shutterstock_411781945.jpg" /ForceBootstrapPaint3D
                                                    1⤵
                                                    • Modifies registry class
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:556
                                                  • C:\Windows\system32\OpenWith.exe
                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                    1⤵
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:2964

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    a774512b00820b61a51258335097b2c9

                                                    SHA1

                                                    38c28d1ea3907a1af6c0443255ab610dd9285095

                                                    SHA256

                                                    01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

                                                    SHA512

                                                    ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

                                                    Filesize

                                                    936B

                                                    MD5

                                                    918c4acbd04cb320560b096e85de706f

                                                    SHA1

                                                    c132583407dc1bad8da9c429743f716d5c0254b9

                                                    SHA256

                                                    c2209fe90e9c1ef18ea9c7295b6b087a1e64d81ae73fff08d53ff6765bf66bf1

                                                    SHA512

                                                    247bc38d1c1e52a51645a1dbdb6f564c40694c21b38fe960c3edc233805c203c9795a5a7251cd806b16d3cedacdcb7657b1ea8997225277a1a8ff1132906dadd

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    792B

                                                    MD5

                                                    2bf0bd858a71c7b69814b434b763af73

                                                    SHA1

                                                    385fa46b61b6c50b215c53777f1fe19180c94d9e

                                                    SHA256

                                                    3b85b1a90efd12f64e99675c235b79fc82619231f0ab20552ed123fcceaaa658

                                                    SHA512

                                                    7cca3bd4a497efed2f01544cd2bc24ed893bf26144edf81a17b7a2072aac060509420fd75c53da2edcbc195dc68e64de2206fbea98fb9fde085351101ee06047

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    984B

                                                    MD5

                                                    78ad8c00899ad57925b6dec9b7d91f7b

                                                    SHA1

                                                    3cc52a2c7cf8e55ca8ed2a26ca1cc1f660468b04

                                                    SHA256

                                                    f2ace24b93c7ced696b18e092f4aa05fedbb10dc51eb443fab9e9ef68ffb5cea

                                                    SHA512

                                                    64e50fa168953fa641aa2f9ccf011edd597dbd807e8821e6c23fb2393b752f96c800d2e22303b81f77cedde4a4fa5309ef8bcd3f91c679a73fee0fb689ed909a

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    3KB

                                                    MD5

                                                    a546211964b66a36fc597b72dd311d75

                                                    SHA1

                                                    af208d29b0a3d04d16c87feeaf3e00973df27d2e

                                                    SHA256

                                                    c19e8ea1fd5c8e6004ff1e538f57557bda5da0510eecb3e035e161d632508e95

                                                    SHA512

                                                    f7cee91066f7d4b3767deb562e345a40c8a13a09927728aa8320c2ca3e23ef5bc49b04119f0a8a18c829cb7970b6292bbc194c764e7fed0b62e3d101ebdc423c

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    111B

                                                    MD5

                                                    285252a2f6327d41eab203dc2f402c67

                                                    SHA1

                                                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                    SHA256

                                                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                    SHA512

                                                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    a8fdd102e072c64dcc4f76d082646041

                                                    SHA1

                                                    dc828e947755191c1c8d8159a1142c2653ca2bd3

                                                    SHA256

                                                    1b5667971807c44f04ae4f522abc85d0acc90316e9050ed8480bdd8a590da6be

                                                    SHA512

                                                    629efebbe154132ab45112ca098460f1d29d7d14727c6262e021180afa6289684d63579bee7ba3677c25a0f0ec18ced842f3a9f114ab82a1a64b4e6daf475fd4

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    0f5c1dfa285639606cdc4b1aa429f261

                                                    SHA1

                                                    ebff5a91de588db705404ad915424a285a9e4067

                                                    SHA256

                                                    246cdd06ab66fb573e4c2a3a0a866efcb2195714c7181749fbfa05bcedb92800

                                                    SHA512

                                                    5b4e0098c7ca02db291289cc7a7ff8c718c371c23743536467af1eeac4c4370b583b7cca3388d2ddc11f88c8f9332134df324e311497ad19f182ebc1182d6efe

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    8KB

                                                    MD5

                                                    834bcde0c1dceef4b5fcaee36f0cc1c5

                                                    SHA1

                                                    0a5594ebe6286388b5f6c28a0d1faa66d9c39a17

                                                    SHA256

                                                    a3bb3516379e361b6acc8dd45d0bb178971b580b35f3e6b546f6655b901948fb

                                                    SHA512

                                                    5a9191f6a39ef35d97662c3c47e9636e2d616b10486cc55023e483873c02419317caca0dd2a4099ac323123e60c8305b151aa20f0afbbdc008d2c3836a074039

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    7KB

                                                    MD5

                                                    7397a8a559d951a71061aeeb78a7a002

                                                    SHA1

                                                    0b72716f5816ef405a3e9b9989aa114ccf2f3597

                                                    SHA256

                                                    7d9d80cf98f6871db50dccea657fd11071affb58a281d79399d5749e762c87f1

                                                    SHA512

                                                    ce59cffd2f5573e16b3636d07a5dfd5b9cbff72e0d34a403d8b666f646785a30d65511dbe9676ad6a83ef6d309cb501c7871a323d76770e1c1e24350208e4f7f

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    80f596c32a64d5659ab46925edf52d83

                                                    SHA1

                                                    c40a29cc064d0671b5ce665474335efb5ad185d2

                                                    SHA256

                                                    230de4c3edf32192f14c9874f96d758c7488de01bb6d2f8e959df1ac572bdb11

                                                    SHA512

                                                    f3cf729d02196ca26514e88ecc15ce8bff3ce5769be40eb4c8e95ce4145b1c7e945b40e0b14b9775a0580fae992c91a69f52898149989e164e2800bb071cc684

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    63a3599cc1590a20808f474556dec953

                                                    SHA1

                                                    61b1cda758bf3ea9dff461a464bf3f27515f6dfa

                                                    SHA256

                                                    de65f423f0f20b177602a0674388c0c83fb621c6be875fbfa774c7f0a91e41b2

                                                    SHA512

                                                    2aa7197dc0e630e95341ecac07ca0ee925eb6166b1130812a96820b40b8cb8c7e7c5d5269c152b45c8133094853d9d18795f557cf03c94c81d509e60bdbc5555

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    f08fafa014d9ac70b01564f8b2b3a353

                                                    SHA1

                                                    fdf2fc6879aef34e098073e07c29f7c0f925c845

                                                    SHA256

                                                    9a69e8a0997da93cc0cd1bb765b7af0f7aaa4f418ca9759cf080e6add21596c5

                                                    SHA512

                                                    b0f6d2b7f0da91451065057bfcdafd1be6150a0a5f3d2d3d18e11cd885a76e4a616aefadb48bc5ea25e22d674d441d55925c58458ff718e096a1c57207068006

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                    Filesize

                                                    3KB

                                                    MD5

                                                    a019bd0fc632fff6bde3ee3a9cdf52c7

                                                    SHA1

                                                    37fd09e0a3e71c3a0caabe463e26c2aed270e223

                                                    SHA256

                                                    b9b82dde67fcf4459b7066337201155446f5cf60dc5a713f46ce8e0a19b3658a

                                                    SHA512

                                                    26974b5a04d331af2d18a7cb703ba1131c518566d80951539413f771c31a71a37a803b980277498494be4f13c9826ee826e98c8a5e5c28f2d645d0a1d6362ca3

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                    Filesize

                                                    3KB

                                                    MD5

                                                    29b596a9eaddb9abf6c6f281223873bd

                                                    SHA1

                                                    998ce63c2158e48d8889d1c8031a289f142087b9

                                                    SHA256

                                                    f5412d0605d0e1cf7ee42576dd40d5ffd9c2aec7f8c26aeaccf1b2fd41ae90eb

                                                    SHA512

                                                    cc667311f32f7ec04252c6122468b17645ac4884430d338de2246a6aa44cae29e971560645dd6d4eefbc8548c2762a0a91c849ddba2aa755a5167cbbfb089326

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                    Filesize

                                                    3KB

                                                    MD5

                                                    07d88206c16b365e7aa4848f3e5ed6b2

                                                    SHA1

                                                    1edba9faeb51d5c3db37e7c271f22e8cda861c18

                                                    SHA256

                                                    5a170e5ee9696b9a1e9b8e294c3f7e930db40f103bc5f6407a3e505ac748f700

                                                    SHA512

                                                    01477342aa9197003ccb4360fe400f1246c62e965204914fe0918ce0df080c53a106f9a9dd10808d740e67e463fce975d009d14ee37412b49f1ca2dd7ab83ffd

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e89b.TMP

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    8144c705ea91dd87216dfb92acb0bf5c

                                                    SHA1

                                                    b7dee3e1536f007c908deaa47729a22f020724b3

                                                    SHA256

                                                    8a4185f91dd02007f679f320de05c7a2fa0d1b5c520b25553db5bbb4720731fa

                                                    SHA512

                                                    87a8b85e2c80b2cd2b19d10db4532f6489cac5dc66d3baba2b40d7ca2b7fcc837418761ec1fd8f1c9d56e6310cf502946da98dc77ac75342a4fe2d19e6f656a8

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                    Filesize

                                                    16B

                                                    MD5

                                                    6752a1d65b201c13b62ea44016eb221f

                                                    SHA1

                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                    SHA256

                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                    SHA512

                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    11KB

                                                    MD5

                                                    cf9fa2a07a543dcd26c6614f02c2daf5

                                                    SHA1

                                                    e58823fa78baab6958467d2af95fd5b92d26d290

                                                    SHA256

                                                    4c6a64d08ee8e191693b0408c6ebd6a871c83cc358ed36d189742fa7cfe83ef4

                                                    SHA512

                                                    11118d8ac7aef2db20b75a7e29ac525a7deb4594c1c3364c182172f889a229aacf27664e1ec6a3019252c78f9d641a50560fb1ecc02e99adf9a8876f0fe3c12d

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c84fa08d-0dac-4014-a734-32261d7d0f7e.tmp

                                                    Filesize

                                                    11KB

                                                    MD5

                                                    8e2d125d73a1d2360c3cb3102178da08

                                                    SHA1

                                                    c9a4890e6033ba7a12a03cc37e5c4642e3a60fdb

                                                    SHA256

                                                    9b3a2ab72aad14c05d4fe6e36fa4a3ad61ae642bad78bcd2fd917fc43e76557e

                                                    SHA512

                                                    2ec8ed55246f74fccc4581a6e896c347fde06f6ee915b63e64b760d08639d7f2b7c236a76e842ac9face4b64475667b0328234d9283a4e84b488c736448a87ab

                                                  • C:\Users\Admin\Downloads\lincapublicidad_fotos-fruco_2024-02-27_2153.zip

                                                    Filesize

                                                    16.2MB

                                                    MD5

                                                    d15b9b993329f5a9efbcac3f111d1041

                                                    SHA1

                                                    d8e8c1f146aa36d245fc35d6a639b5c943fb6b25

                                                    SHA256

                                                    1632c1b14be9a7ece43eecee49571f88f8e17b56bda2adbbeea2b730d834ea68

                                                    SHA512

                                                    0ffc61695b878538dbee27cfc25022a6976841d3182b6fd563c56e8acc296cfb5325ac56d76867c1151e3a6fb0c9b50b24f2df10f702bde6ce30e504937853c6

                                                  • memory/1584-205-0x00000154167A0000-0x00000154167B0000-memory.dmp

                                                    Filesize

                                                    64KB

                                                  • memory/1584-201-0x0000015416760000-0x0000015416770000-memory.dmp

                                                    Filesize

                                                    64KB

                                                  • memory/1584-220-0x000001541F3F0000-0x000001541F3F1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/1584-219-0x000001541F3F0000-0x000001541F3F1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/1584-218-0x000001541F3E0000-0x000001541F3E1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/1584-217-0x000001541F3E0000-0x000001541F3E1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/1584-216-0x000001541F350000-0x000001541F351000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/1584-214-0x000001541F350000-0x000001541F351000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/1584-212-0x000001541F2D0000-0x000001541F2D1000-memory.dmp

                                                    Filesize

                                                    4KB