Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
245s -
max time network
245s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-es -
resource tags
arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
29/08/2024, 20:01
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://www.widgeo.net/geocompteur/geocity.php?c=geocity_blue1&id=1427741744166&adult=0&cat=internet&idec=3197380546
Resource
win10v2004-20240802-es
General
-
Target
http://www.widgeo.net/geocompteur/geocity.php?c=geocity_blue1&id=1427741744166&adult=0&cat=internet&idec=3197380546
Malware Config
Signatures
-
Probable phishing domain 1 TTPs 3 IoCs
description flow ioc stream HTTP URL 52 https://chatgpt.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8baf23677fd66415 3 HTTP URL 105 https://auth.openai.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8baf23b66f356558 3 HTTP URL 122 https://auth0.openai.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8baf24094ffd63bf 3 -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 2036 msedge.exe 2036 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 1760 identity_helper.exe 1760 identity_helper.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
pid Process 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2304 wrote to memory of 3708 2304 msedge.exe 84 PID 2304 wrote to memory of 3708 2304 msedge.exe 84 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 3208 2304 msedge.exe 85 PID 2304 wrote to memory of 2036 2304 msedge.exe 86 PID 2304 wrote to memory of 2036 2304 msedge.exe 86 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87 PID 2304 wrote to memory of 2568 2304 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.widgeo.net/geocompteur/geocity.php?c=geocity_blue1&id=1427741744166&adult=0&cat=internet&idec=31973805461⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2304 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecceb46f8,0x7ffecceb4708,0x7ffecceb47182⤵PID:3708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:22⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵PID:2568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:1420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:4336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:82⤵PID:220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:12⤵PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵PID:864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:3508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵PID:4196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵PID:1572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:12⤵PID:5208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:12⤵PID:5216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:12⤵PID:5472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:12⤵PID:5420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵PID:2760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:12⤵PID:5624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:12⤵PID:5708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵PID:5996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:6040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:6096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:12⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:12⤵PID:1048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:5880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6968 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7027756770217798832,2812507318099758713,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:12⤵PID:5176
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2400
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4072
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ab8ce148cb7d44f709fb1c460d03e1b0
SHA144d15744015155f3e74580c93317e12d2cc0f859
SHA256014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff
SHA512f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4
-
Filesize
152B
MD538f59a47b777f2fc52088e96ffb2baaf
SHA1267224482588b41a96d813f6d9e9d924867062db
SHA25613569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b
SHA5124657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\57b57505-35df-4aca-aa3d-a4962e7ce036.tmp
Filesize1KB
MD58f2e28b599ad2a84b2579ffd90234f5e
SHA1dbcf8a8dd1a9273f6f7134088bdde90278e123f2
SHA256c4bc315d5f93d386670e022736d3cf75c55b1f6ef9aca0fa02337b65f2ef4481
SHA512b561fc14c9e827c57006081f34e6068eb280b9c84f75a5146b40070bbc2f6ab6448519e6eac976cfffec3f27d05c6737f0f4da98ebf46234508bfbaf3af1f4c8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5796b7135c2cccbda9a8e5e2d16189f84
SHA17cd057604c76fc695e9cf90d195e21f58afd3ec5
SHA256f3260213addea209c3a2a0843191d776af35df080dbfb385edb0d3b78a3545dc
SHA512111b1bb8b9a4cda587c5030396c46561b8896856889d46b35e23f21b8308cb1196d0da9fe0e25763e6fbb517c5737d840a98440c30e18ff4e487f2819b262fd4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5de8af654c94a2e5d3688d9a0bab0478f
SHA1acb7da0b52b01df4c878ec4905cbc039c3d3295a
SHA256d4e22de2856de32037c8bf60a77a071db72ec230f1e9fdb0ce02be8fead5e42b
SHA51245e309f609f509bb50e95975d141fb1332987057f3053cd246662aecf1e1213445826704ebd0e80df6dac66986221efa6d2bb0ccc7422e19014c5969f613150f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5c7b5bd34c5ae07d40b60b04eef441911
SHA1de36ae0791912560083c89e181d0c79044818283
SHA2565f22181bc652b9156bce91418bb94d415c2886e4cec68801f6a4732b54ed4786
SHA512215f8716dce3a5f1ad43b0f2090d8355eed29c978a5caa2702d2bb4f0dfc2f621d0765c6282fbf18448849d2ac96081c20c6b02b4f342b3a817ffa7985a7c0ba
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5bdbb3cdabdf59522496e665f0ca2cc39
SHA1ce67977342db24f28be7343dfef5eac4316e09cf
SHA256e2faa4c9e29e1af2bbab49fc289e30404a50c0180e779763080747c419b2bafb
SHA512ca27fa69a93d5be0953d87c32fe45e8e9b4a76273121708b725c7974202e20d361200b3522a6afce561caae43e17056f9c44c0643157bec82b5f6319ba296269
-
Filesize
2KB
MD5c300ca79c932a4cb21d4e86f76512d76
SHA1fc71552de03264a3bf0b227bdd283d75ab169b63
SHA2564bbdbe3185f1aa5d089f72d6aab416577af8972839bce247e9c340b35581dbf2
SHA512481cdd5cfd98e3864cec1e7c4f4b2441045324aabe64c1224c2ad0f78a970f40250c54ec41e45b67c2c6e59186619b670ef22b9608b4ca48e2206dd64bb3a7c0
-
Filesize
3KB
MD5d121ef19c6beedf89833288379aa8f7a
SHA1cb2eaa3f5c2fa875007a79626e6171164bc33e3a
SHA25634a87739ca74f04d881ed2dc2041b612dc16db84df62271b5bc74032dc22ccad
SHA5121669ad766c0ac9557269f75b3f418e2424abab9c3bc7dd755bd5b2b5cbb525be897e8b9369a2dbf1c2208eec48b27825b904c0710dab81fe7844ce4c7fe5102d
-
Filesize
5KB
MD5f533579030615120ff4e6dcdfa52509a
SHA1eb4328ee8afd8f33a4491c4340b27eb07c996cb1
SHA256e69c0398636ac5ef65bb0fd5b6e02fd4ef5e53e771971551b6b0321e4b7e9313
SHA51272c18e4c622b29151f08ead45853df902f7b7f1ebca9833d4f6c8e25587a2796eec956fa1831231b3500e208eef10d372849d8784a21136aeda23b5e52374550
-
Filesize
6KB
MD5b96e97401057e164d4d5b716bac42431
SHA10b315bdbec38d4ed9a5e6e765fce167f9346b337
SHA25657eb0b5cd0ccef72c7d4353ee14716bcffbac91a030ccc2f651863ffb0912200
SHA512ce3baf2fc5684f80091efeaac88c31ebfe165b7ae4fdeb7fff656cf3ca0da19c5170afd48363e5dc889f5c540e9970af16a8aaaf468bb8e93916f5de06c82af7
-
Filesize
6KB
MD599f27102cf724467a69218379c98fd39
SHA13315f1090e0905ca43e3f631f25fbd9b646d33ee
SHA256e6e7e5c4b5889adb530ae143df139f4ef94eef76fe0ac4e9c25abd769872caa0
SHA512c4448cdbb7f5ea8c632c3fa719fc244af6e7d65b1db704cc81d3790a40b02d08d216d1bd2840744c5c66412053e788fbbd14cf46789db5cb9cf4cdd462744ab7
-
Filesize
7KB
MD56c7c35fd7b5f321b4dc347c83f4c0579
SHA13485420ae2bf1dae3eb44e9cba65740978cca230
SHA25626f66e77d0fc9d4bdb27f0df7b26ff3f09154fb79eaad355f651c8ac00313dd9
SHA5127cd7afde4c97d5ba6a26d5411f257130fbf4a9622e4436f3f697cbeba345ff778e5f9accd368fa4e5293f27ed9b303e68e3ad69f33c129c8dcdc09ca237edb37
-
Filesize
7KB
MD5ba4b94f6d51efb57e2684b5f6338594e
SHA134abef48aef3355183707cc82a4a6e9a7be18827
SHA256bbae3420864f0fa15cbcdc856801aa38b666ecc8bf5e7b67316aae5df0f22e6f
SHA512dad1e4cd668e6e33f6efe06c5565a77f0fcad3942cc0a86ccad250642f120817d0a3df247b857863318ffd3d6f42cd7c4dddaf089410dd8602240694a9f51395
-
Filesize
8KB
MD515a447df29c46a4d367a21b8cca46f50
SHA15ddf69ac781187688221bf734b3ebada433e8605
SHA25606f95469d082207e39b0c2f4b8666b6ee4fd537729e2fcabc15c81690521f3b1
SHA512a47e1c0662e7f31d7f4939d2397c2b25a762155df7c8c4fd9be62e5f381b4561e9cf02252e89b42db4ef6a6c4ddc67a98dfb54e0a25bed26603cf05fec81a2e9
-
Filesize
8KB
MD5f6afe3c876bab4ad03d14d453d5be60b
SHA16f60de5ff789e00c7d203353b08711bdf64a978e
SHA2568da368bec0424b805ec9f95d934d1512310e405e497ceb710334a849109a859a
SHA5128d5878ab9b3503e537065d4b2ee1fd20263fbceb1231a978c9da7141bbe465dda3c627ff0c6fd1a15f6440a40ff9e7a7a758a8a5bc9b094a7879ff9cdb7dcea7
-
Filesize
8KB
MD57470ea3da2f11a3f8c5f4ad06642b971
SHA1b83c1d23db3832431d0687155b2759fdaa0a18af
SHA2566f55687f172ce868439e7a678f922ce3c8566f8613d6aec86ed33d3ab8942031
SHA512a5e58ec261197fe984a365a22fd633a2d7aef5dc3c2fe87b4f9deeeaecaf8ce4dd35ce8d239cb598e0fa01e523b724c080dbe3b8cf12442d6b99f5541743139d
-
Filesize
1KB
MD55e48ed81c21ba1bb8ba393814ab673a2
SHA12a753387d489a0a55fccc7a2ba88030219839808
SHA256ad52409f6357b42f270539117bbd335167091f9dec26cbae20c729cc5828f074
SHA512f56b5c5fd9037f71f88179486d730c4fb255c950d4d856e85eec590831100e516802c5be15f213c4e2bcc96a59bca7d5fa7ee424bb70105dfcad724ecaf13e7e
-
Filesize
1KB
MD52137cf9c44b70174fd832c13daf0bf8b
SHA1708bd75d17b35d5ceabace8855eeff60f5f0a998
SHA25619925793df3a11fd11011162d7cda49c6ac6a28c40e43ae775483399a119ac9b
SHA512f586b927faaa8dfe25f36000207863771264d2527686a21e7205d79bbd4c9650d717eaa49760d1c315b6860e0fbd9aca1582c1e632440ffd69007c34c39f05ca
-
Filesize
1KB
MD5a1e7688ecff42a74c878ccaf8ab72a63
SHA1ef8228f96ac19d515ac7dc0a25696175cbd94b1a
SHA25658d873f73682e92bc92f9bce8944417e0e2a3466d6cf84c93bfe02648254492f
SHA512dfe5b65b81d0efcd6b557e6cecdb2aadbdb0bcf1313060113c63ea779e5c327d9d2d675d077599f59860380c8d7e4270e2e80ac43587d6f7eaf66989a5f006e9
-
Filesize
871B
MD5ad0748485691664ea8cd18714d9516c7
SHA14bfe7e216a4c0a5c4fa3f13f0d9c4150be3f7893
SHA2561d9608c5b8fd3f0884a2e98cd907f597265faca9b6e74fcf73df04a9da995cc0
SHA5127c658e5e74077d789a9ad2ffee92e5ebdfc1d45553c2fd5d2108c2e284e8e18269b00da15608dc5d772b86f408a49545cb8c786f302560d1227948b4c2be0995
-
Filesize
1KB
MD51de1e720b2cc46e10fff08164da0c57e
SHA1a218a62b768888864cdcb0d222e9be6d83fefb68
SHA256e3adcb8b202d230049343a0d1d2cd43125d1830f3fb9055e92f13b6169ebbbd3
SHA5128efbc5d53d84c8e0910818e70f2ba74acdd8c2f1abc69a0cf58d26fccfc93baf2790556a22dc65aa50d96595403230e860b7bc62b2c4e4e72dda42bcac461a82
-
Filesize
1KB
MD568f38c6b359f5e328baab5b7b44a2fd1
SHA17e20e05afa388874e5ce71a2b574c23e985660f4
SHA256ca537a195010e94a4ab31c63e54be9832f9c4fc4b3047bd51468e62118308805
SHA51288770dd49ac8319b1b0af19d310c908e3d93f8b56d04d15e71d9031fd3a22a53795a40c664bba724f813a1da67bdeede612d0854368aacf447863f0f322965d0
-
Filesize
1KB
MD51f9104762143f716d37845664635ec08
SHA1df06d39075c3f0b663b97e256689b56a7cc4541e
SHA256be00dcc4ecce06e3284e5f9d9c632bbc8d1ea98cedc6aca3b38cd80144bc21d7
SHA512d3e03bd19dd45ea15caae28ba7f6ee4620b30481f5727dcc4018a78b48eff37dce1c10261c518b2d0d40f53c8c941dfd204f2dcf515b6e292ddc0ef5007648b5
-
Filesize
1KB
MD588fa8fc33de29d8c92448221ef668c94
SHA13c5f9e8e40d8f633d0d4f6fe8bca8197b7b1e09e
SHA256e74cfa16e78f06fb714e899695c1529681a67b1508182e83d5a06e1818ce7755
SHA512519f8cee291abf6ce9b02836f558bf8ab411bba9047e179f3c3c24f7d11485f83db0c9ba0a5d7b6e8eefd7156055b951662595375313c8b0deb19c400e1e7890
-
Filesize
537B
MD5ddbba3c96df1146c0c5b9580cd631a39
SHA103e0fd7cc04e8de10428c0ae6c476e52261a858f
SHA25696a2449c8bfd2693e6eaee2f035c75434f9b05b3ee83a596800a249e8edf2f02
SHA51289538e5c4954491c56ec863e97323d451c56ca2238fb91b9dcef7a32c0755c06c13354c0ec8c22bd4106a4bc0cb303ff3eb59a7b7cef243b46071757d8717043
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b1723950760d1ee019fedd7bf46b876f
SHA1f1af65e3cf0a30b22a19f64869da343096556aab
SHA25677d4c70d398a35388ed07994cb9b2970387f3475b332365a4574dfc7146c506b
SHA512c1e83ab850e22592819cef88c190e367f527e7164da24d45c8939934e8890b8174f623f4ff25c0580c5f81a5cad85688708d286ab4583db0bc54698e1c55f8fb
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84