hxxp://www[.]widgeo[.]net/geocompteur/geocity[.]php?c=geocity_blue1&id=1427741744166&adult=0&cat=internet&idec=3197380546

Analysis

max time kernel
245s
max time network
245s
platform
windows10-2004_x64
resource
win10v2004-20240802-es
resource tags

arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
29/08/2024, 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.widgeo.net/geocompteur/geocity.php?c=geocity_blue1&id=1427741744166&adult=0&cat=internet&idec=3197380546

Score

5^/10

discovery

Malware Config

Signatures

Probable phishing domain 1 TTPs 3 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	52	https://chatgpt.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8baf23677fd66415	3
HTTP URL	105	https://auth.openai.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8baf23b66f356558	3
HTTP URL	122	https://auth0.openai.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8baf24094ffd63bf	3

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
2036	msedge.exe
2036	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
1760	identity_helper.exe
1760	identity_helper.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 3708	2304	msedge.exe	84
PID 2304 wrote to memory of 3708	2304	msedge.exe	84
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 3208	2304	msedge.exe	85
PID 2304 wrote to memory of 2036	2304	msedge.exe	86
PID 2304 wrote to memory of 2036	2304	msedge.exe	86
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87
PID 2304 wrote to memory of 2568	2304	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.widgeo.net/geocompteur/geocity.php?c=geocity_blue1&id=1427741744166&adult=0&cat=internet&idec=3197380546
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecceb46f8,0x7ffecceb4708,0x7ffecceb4718
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:5176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\57b57505-35df-4aca-aa3d-a4962e7ce036.tmp

Filesize
1KB

MD5
8f2e28b599ad2a84b2579ffd90234f5e

SHA1
dbcf8a8dd1a9273f6f7134088bdde90278e123f2

SHA256
c4bc315d5f93d386670e022736d3cf75c55b1f6ef9aca0fa02337b65f2ef4481

SHA512
b561fc14c9e827c57006081f34e6068eb280b9c84f75a5146b40070bbc2f6ab6448519e6eac976cfffec3f27d05c6737f0f4da98ebf46234508bfbaf3af1f4c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
796b7135c2cccbda9a8e5e2d16189f84

SHA1
7cd057604c76fc695e9cf90d195e21f58afd3ec5

SHA256
f3260213addea209c3a2a0843191d776af35df080dbfb385edb0d3b78a3545dc

SHA512
111b1bb8b9a4cda587c5030396c46561b8896856889d46b35e23f21b8308cb1196d0da9fe0e25763e6fbb517c5737d840a98440c30e18ff4e487f2819b262fd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
de8af654c94a2e5d3688d9a0bab0478f

SHA1
acb7da0b52b01df4c878ec4905cbc039c3d3295a

SHA256
d4e22de2856de32037c8bf60a77a071db72ec230f1e9fdb0ce02be8fead5e42b

SHA512
45e309f609f509bb50e95975d141fb1332987057f3053cd246662aecf1e1213445826704ebd0e80df6dac66986221efa6d2bb0ccc7422e19014c5969f613150f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c7b5bd34c5ae07d40b60b04eef441911

SHA1
de36ae0791912560083c89e181d0c79044818283

SHA256
5f22181bc652b9156bce91418bb94d415c2886e4cec68801f6a4732b54ed4786

SHA512
215f8716dce3a5f1ad43b0f2090d8355eed29c978a5caa2702d2bb4f0dfc2f621d0765c6282fbf18448849d2ac96081c20c6b02b4f342b3a817ffa7985a7c0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bdbb3cdabdf59522496e665f0ca2cc39

SHA1
ce67977342db24f28be7343dfef5eac4316e09cf

SHA256
e2faa4c9e29e1af2bbab49fc289e30404a50c0180e779763080747c419b2bafb

SHA512
ca27fa69a93d5be0953d87c32fe45e8e9b4a76273121708b725c7974202e20d361200b3522a6afce561caae43e17056f9c44c0643157bec82b5f6319ba296269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c300ca79c932a4cb21d4e86f76512d76

SHA1
fc71552de03264a3bf0b227bdd283d75ab169b63

SHA256
4bbdbe3185f1aa5d089f72d6aab416577af8972839bce247e9c340b35581dbf2

SHA512
481cdd5cfd98e3864cec1e7c4f4b2441045324aabe64c1224c2ad0f78a970f40250c54ec41e45b67c2c6e59186619b670ef22b9608b4ca48e2206dd64bb3a7c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d121ef19c6beedf89833288379aa8f7a

SHA1
cb2eaa3f5c2fa875007a79626e6171164bc33e3a

SHA256
34a87739ca74f04d881ed2dc2041b612dc16db84df62271b5bc74032dc22ccad

SHA512
1669ad766c0ac9557269f75b3f418e2424abab9c3bc7dd755bd5b2b5cbb525be897e8b9369a2dbf1c2208eec48b27825b904c0710dab81fe7844ce4c7fe5102d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f533579030615120ff4e6dcdfa52509a

SHA1
eb4328ee8afd8f33a4491c4340b27eb07c996cb1

SHA256
e69c0398636ac5ef65bb0fd5b6e02fd4ef5e53e771971551b6b0321e4b7e9313

SHA512
72c18e4c622b29151f08ead45853df902f7b7f1ebca9833d4f6c8e25587a2796eec956fa1831231b3500e208eef10d372849d8784a21136aeda23b5e52374550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b96e97401057e164d4d5b716bac42431

SHA1
0b315bdbec38d4ed9a5e6e765fce167f9346b337

SHA256
57eb0b5cd0ccef72c7d4353ee14716bcffbac91a030ccc2f651863ffb0912200

SHA512
ce3baf2fc5684f80091efeaac88c31ebfe165b7ae4fdeb7fff656cf3ca0da19c5170afd48363e5dc889f5c540e9970af16a8aaaf468bb8e93916f5de06c82af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
99f27102cf724467a69218379c98fd39

SHA1
3315f1090e0905ca43e3f631f25fbd9b646d33ee

SHA256
e6e7e5c4b5889adb530ae143df139f4ef94eef76fe0ac4e9c25abd769872caa0

SHA512
c4448cdbb7f5ea8c632c3fa719fc244af6e7d65b1db704cc81d3790a40b02d08d216d1bd2840744c5c66412053e788fbbd14cf46789db5cb9cf4cdd462744ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6c7c35fd7b5f321b4dc347c83f4c0579

SHA1
3485420ae2bf1dae3eb44e9cba65740978cca230

SHA256
26f66e77d0fc9d4bdb27f0df7b26ff3f09154fb79eaad355f651c8ac00313dd9

SHA512
7cd7afde4c97d5ba6a26d5411f257130fbf4a9622e4436f3f697cbeba345ff778e5f9accd368fa4e5293f27ed9b303e68e3ad69f33c129c8dcdc09ca237edb37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ba4b94f6d51efb57e2684b5f6338594e

SHA1
34abef48aef3355183707cc82a4a6e9a7be18827

SHA256
bbae3420864f0fa15cbcdc856801aa38b666ecc8bf5e7b67316aae5df0f22e6f

SHA512
dad1e4cd668e6e33f6efe06c5565a77f0fcad3942cc0a86ccad250642f120817d0a3df247b857863318ffd3d6f42cd7c4dddaf089410dd8602240694a9f51395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
15a447df29c46a4d367a21b8cca46f50

SHA1
5ddf69ac781187688221bf734b3ebada433e8605

SHA256
06f95469d082207e39b0c2f4b8666b6ee4fd537729e2fcabc15c81690521f3b1

SHA512
a47e1c0662e7f31d7f4939d2397c2b25a762155df7c8c4fd9be62e5f381b4561e9cf02252e89b42db4ef6a6c4ddc67a98dfb54e0a25bed26603cf05fec81a2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f6afe3c876bab4ad03d14d453d5be60b

SHA1
6f60de5ff789e00c7d203353b08711bdf64a978e

SHA256
8da368bec0424b805ec9f95d934d1512310e405e497ceb710334a849109a859a

SHA512
8d5878ab9b3503e537065d4b2ee1fd20263fbceb1231a978c9da7141bbe465dda3c627ff0c6fd1a15f6440a40ff9e7a7a758a8a5bc9b094a7879ff9cdb7dcea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7470ea3da2f11a3f8c5f4ad06642b971

SHA1
b83c1d23db3832431d0687155b2759fdaa0a18af

SHA256
6f55687f172ce868439e7a678f922ce3c8566f8613d6aec86ed33d3ab8942031

SHA512
a5e58ec261197fe984a365a22fd633a2d7aef5dc3c2fe87b4f9deeeaecaf8ce4dd35ce8d239cb598e0fa01e523b724c080dbe3b8cf12442d6b99f5541743139d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5e48ed81c21ba1bb8ba393814ab673a2

SHA1
2a753387d489a0a55fccc7a2ba88030219839808

SHA256
ad52409f6357b42f270539117bbd335167091f9dec26cbae20c729cc5828f074

SHA512
f56b5c5fd9037f71f88179486d730c4fb255c950d4d856e85eec590831100e516802c5be15f213c4e2bcc96a59bca7d5fa7ee424bb70105dfcad724ecaf13e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2137cf9c44b70174fd832c13daf0bf8b

SHA1
708bd75d17b35d5ceabace8855eeff60f5f0a998

SHA256
19925793df3a11fd11011162d7cda49c6ac6a28c40e43ae775483399a119ac9b

SHA512
f586b927faaa8dfe25f36000207863771264d2527686a21e7205d79bbd4c9650d717eaa49760d1c315b6860e0fbd9aca1582c1e632440ffd69007c34c39f05ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a1e7688ecff42a74c878ccaf8ab72a63

SHA1
ef8228f96ac19d515ac7dc0a25696175cbd94b1a

SHA256
58d873f73682e92bc92f9bce8944417e0e2a3466d6cf84c93bfe02648254492f

SHA512
dfe5b65b81d0efcd6b557e6cecdb2aadbdb0bcf1313060113c63ea779e5c327d9d2d675d077599f59860380c8d7e4270e2e80ac43587d6f7eaf66989a5f006e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
ad0748485691664ea8cd18714d9516c7

SHA1
4bfe7e216a4c0a5c4fa3f13f0d9c4150be3f7893

SHA256
1d9608c5b8fd3f0884a2e98cd907f597265faca9b6e74fcf73df04a9da995cc0

SHA512
7c658e5e74077d789a9ad2ffee92e5ebdfc1d45553c2fd5d2108c2e284e8e18269b00da15608dc5d772b86f408a49545cb8c786f302560d1227948b4c2be0995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1de1e720b2cc46e10fff08164da0c57e

SHA1
a218a62b768888864cdcb0d222e9be6d83fefb68

SHA256
e3adcb8b202d230049343a0d1d2cd43125d1830f3fb9055e92f13b6169ebbbd3

SHA512
8efbc5d53d84c8e0910818e70f2ba74acdd8c2f1abc69a0cf58d26fccfc93baf2790556a22dc65aa50d96595403230e860b7bc62b2c4e4e72dda42bcac461a82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
68f38c6b359f5e328baab5b7b44a2fd1

SHA1
7e20e05afa388874e5ce71a2b574c23e985660f4

SHA256
ca537a195010e94a4ab31c63e54be9832f9c4fc4b3047bd51468e62118308805

SHA512
88770dd49ac8319b1b0af19d310c908e3d93f8b56d04d15e71d9031fd3a22a53795a40c664bba724f813a1da67bdeede612d0854368aacf447863f0f322965d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1f9104762143f716d37845664635ec08

SHA1
df06d39075c3f0b663b97e256689b56a7cc4541e

SHA256
be00dcc4ecce06e3284e5f9d9c632bbc8d1ea98cedc6aca3b38cd80144bc21d7

SHA512
d3e03bd19dd45ea15caae28ba7f6ee4620b30481f5727dcc4018a78b48eff37dce1c10261c518b2d0d40f53c8c941dfd204f2dcf515b6e292ddc0ef5007648b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
88fa8fc33de29d8c92448221ef668c94

SHA1
3c5f9e8e40d8f633d0d4f6fe8bca8197b7b1e09e

SHA256
e74cfa16e78f06fb714e899695c1529681a67b1508182e83d5a06e1818ce7755

SHA512
519f8cee291abf6ce9b02836f558bf8ab411bba9047e179f3c3c24f7d11485f83db0c9ba0a5d7b6e8eefd7156055b951662595375313c8b0deb19c400e1e7890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584532.TMP

Filesize
537B

MD5
ddbba3c96df1146c0c5b9580cd631a39

SHA1
03e0fd7cc04e8de10428c0ae6c476e52261a858f

SHA256
96a2449c8bfd2693e6eaee2f035c75434f9b05b3ee83a596800a249e8edf2f02

SHA512
89538e5c4954491c56ec863e97323d451c56ca2238fb91b9dcef7a32c0755c06c13354c0ec8c22bd4106a4bc0cb303ff3eb59a7b7cef243b46071757d8717043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b1723950760d1ee019fedd7bf46b876f

SHA1
f1af65e3cf0a30b22a19f64869da343096556aab

SHA256
77d4c70d398a35388ed07994cb9b2970387f3475b332365a4574dfc7146c506b

SHA512
c1e83ab850e22592819cef88c190e367f527e7164da24d45c8939934e8890b8174f623f4ff25c0580c5f81a5cad85688708d286ab4583db0bc54698e1c55f8fb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit