a9f13294c3ea87d0e09da6471bb012f85a3fb0cf7bf41a59878bcddf7a6c65d6

Analysis

max time kernel
1157s
max time network
1146s
platform
windows10-2004_x64
resource
win10v2004-20240802-es
resource tags

arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
07/09/2024, 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.zip
Size

1.7MB
MD5

397c54682c81b4c40124f66ea6a0ef94
SHA1

8b62e0ac9be2acb59bf1adaf2d8e8859d1d6b37e
SHA256

a9f13294c3ea87d0e09da6471bb012f85a3fb0cf7bf41a59878bcddf7a6c65d6
SHA512

d25369d8dab933b800fe59472fd460a73b8b3b5cc5dbdaf5822135ede27c10715693c568021929e271e19bd2eaad79b784d52cfe637e0e0588739e28eb68d4c4
SSDEEP

24576:HVYiQ1U1RaF1b6aOaqB9l4B6QYB1TzwdObjGtfGyQMgPMPzEd:l141WaOpB9qBfSTzwdObCtfGR9P0Id

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
4392	winrar-x64-701es.exe
5844	winrar-x64-701es.exe
5232	winrar-x64-701es.exe
1440	winrar-x64-701es.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{45E5F864-E32B-4F31-9621-B76047FEFF19}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Sin confirmar 460446.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
1340	identity_helper.exe
1340	identity_helper.exe
1748	msedge.exe
1748	msedge.exe
2116	msedge.exe
2116	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4392	winrar-x64-701es.exe
4392	winrar-x64-701es.exe
5844	winrar-x64-701es.exe
5844	winrar-x64-701es.exe
5232	winrar-x64-701es.exe
5232	winrar-x64-701es.exe
1440	winrar-x64-701es.exe
1440	winrar-x64-701es.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3560 wrote to memory of 1204	3560	msedge.exe	98
PID 3560 wrote to memory of 1204	3560	msedge.exe	98
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 3312	3560	msedge.exe	99
PID 3560 wrote to memory of 4336	3560	msedge.exe	100
PID 3560 wrote to memory of 4336	3560	msedge.exe	100
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101
PID 3560 wrote to memory of 4156	3560	msedge.exe	101

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Setup.zip
1⤵
PID:3888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffba37346f8,0x7ffba3734708,0x7ffba3734718
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=3520 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=3520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --service-sandbox-type=video_capture --mojo-platform-channel-handle=4240 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2116
- C:\Users\Admin\Downloads\winrar-x64-701es.exe
  "C:\Users\Admin\Downloads\winrar-x64-701es.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16331615815059187390,10947658409440723254,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3088
- C:\Users\Admin\Downloads\winrar-x64-701es.exe
  "C:\Users\Admin\Downloads\winrar-x64-701es.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5844
- C:\Users\Admin\Downloads\winrar-x64-701es.exe
  "C:\Users\Admin\Downloads\winrar-x64-701es.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5232
- C:\Users\Admin\Downloads\winrar-x64-701es.exe
  "C:\Users\Admin\Downloads\winrar-x64-701es.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3992

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\0364524ab9754a268a1827aa26225a38 /t 4424 /p 4392
1⤵
PID:3544

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\c4cdc7b3013444cc830b55edfe861816 /t 5820 /p 5844
1⤵
PID:2568

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\41911859cc3c4917bba9b47aa8b176a1 /t 5872 /p 5232
1⤵
PID:4860

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\dce572d6b6cd4666ab5d10c8c5afd340 /t 2336 /p 1440
1⤵
PID:2592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\02cd2acc-7b1c-4e53-98cc-f1e0b547055a.tmp

Filesize
838B

MD5
0343e246559a776fbafc09cc3d929c0f

SHA1
023105679b573dddd2ebc6b6f21900342ed63ce4

SHA256
c36121482a94bafaa013f659882db4835f8661c81ed380052b2a03b2ebc9a562

SHA512
f1bf24b64af4bc2c17b3c2e10b27eecd6d468c38b7acc458e26b14c552ed171febc8bf215d39a05d90270463ae6cef0acd5d675c84ce8b54de5a18cc10f9ebe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
406b2fe635a42793719a27ce18aa82d0

SHA1
fcb3e66767788e18273861a2bc1f904374ecb202

SHA256
dacec045326a6b0fa8f876bffc495e6f82d47ca6515944dabf0de30700bf37d9

SHA512
6450adb04878bf26548c1c9a5142e0c82988db5a530d1ae4fe0c5bab9d2c15d62a1f3a4d39559f1ee5bd1359bf2ead1ec35dbce8947c67a4b32bde4814e4f9af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
02c3e23294a3d0c77c97cd36a0a57800

SHA1
8d3e60dcbb88aa27e19cea4fa21a4c9f76a81392

SHA256
8c7c815df031f1bd8e06f19d1e93920122ec12b59f9aabc3aabd67cc4320c48b

SHA512
2f77364bd2cbd3e2f35a24c0184e69883d82f2416041793feceeec501f97eee17dd8da8ecdb272ca133389f808c5b0c2a495220b3b8049a72199f6479c72b3a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
747B

MD5
01a91fb7ffac942fc3ab178e2895acc5

SHA1
a67491f36a06fedf7575a5b90589e8728d7da5e8

SHA256
473e2fd59f8f81e0dc6deea4ae08828fba88a7fb11e2b1bd09581d7da8de39a4

SHA512
0f7acfe337102b89eb54587299680114abc4b716ed0056c97d0dadacfe698e5536f4e16463f533d3d41cc84440295b286ee3d062f96b7902bfaec1ff492f6011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
471B

MD5
224b4438a497bb1f5e4f20ea154d4da4

SHA1
f790d863b194bb5ed1124a910ca4d289378923e5

SHA256
87285aaebd5f86462648f82669fafdf0427a8e54a5de61b18d39b15714f7790e

SHA512
c9e68a2faeff1c1c88291b241c630dfd5c1c7de6ba50fbb51c8bff6fa95d8bc05ac624f6148b92a7cf5f93d97140d6d445428d085e8555ce7d3dcad8600d2f0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
839B

MD5
7484999a8693efdab6f5ba6a82c55488

SHA1
383a17fc757c259206770eabe037121238a1e76b

SHA256
7cea945c79e9ec05b68cc7702a2bfac76949d4517f77a125b140faa3f7fd84b0

SHA512
88f58637828b0b997b1095449129d329e2f42c5bea493cc07721341a59a2ef2e3af314388117ac4e2b4b322647eee2338c9b92493a3aeba1fac1fcf9f242a9f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
838B

MD5
3dab0f4012c92898da94bc05965fed50

SHA1
e1423b0e3581431c6a00331497ca44ae175ad709

SHA256
e66b9a246a3fb1b74391a5d24e24b66328907d3f575d848324738385b0ac0f8b

SHA512
6360ae6b82209c324f8897a978adbb3f07309b7f0cbdd47e408e7a3393d098ccea249779888dc946aba6139fab021755d2cc57500e1d908951b362797d674b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6b536c1f3dea433463a325e677ec187

SHA1
d9b73aad186f515c5a83eb16171393aeed6adfea

SHA256
5b3a31dbe0ecd9a597cc77911a0504e5f8c1421c4699dbab2542b927959ef434

SHA512
79397aea5d9a9105e43120dc5903a52888083236ec2d34a99a1f4c80a8b64b052b93c96d426646489e1f6fcfa046e71204a5f0b678071daa7f5addd8c4c1d833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
658885f601ee12a9c768df08ef3ee507

SHA1
24741e22a33f15dc9e380d5a3c7f50082fc46f3e

SHA256
eb9b1aa518b3e6ee41b83b97482095fce47da26fafb57d93a763a39d4802e15d

SHA512
d91b4ab3f09a8b0e629584b5e1813e78dd06616e4a246b15c262ddc42c9ec2d57aae7388ceff665328690444ba2478794b3f329462ce602f4ea2fe170694f9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d35c35aebf30dba45fbf368b18992238

SHA1
ca3c31dc73655349e76e203e126d0a12058ebae8

SHA256
5e5094dfb9ef930fb9242cdeb8fb967f0a6390af1cb190760c18c865591d618b

SHA512
6b35b4476da25655a5caea5b7ac6c86eaf4f622ce5daec72ec045a5e5d65cc47efbd3569211bf737997ba5b1a6697a96f094667d9f3c73edace1dcda43834731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9a3ea16616135d31fa8157542fc758d

SHA1
7dd4f7934f87aa246bd7563e3fe9e610c5cd95f9

SHA256
c491cd4da95f2ded6c2a95e1d59c4474944caffe01b0a9e3e1cb661d7f841c57

SHA512
105145fdd4d9d79023fe4e972b0391152a87a67c0c7d491f180b78723a964df09f27e825ac2aa83576dbe7a301fb0cd2d94dad313baba8bf063f44ffc092c688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2af403e27c59417086140c7d7ead0fcf

SHA1
c121adf85f718091ddb7bfe33b6f9d13e2742831

SHA256
f99dce15496d000e17c3aaf7e1cfeafdbb81a3cefee4edfac29b67a1131ae9c9

SHA512
099228c48587f2b622c7f7d7429ce930d81c7f77faf2dc6ba247c00deca4357bb3f2fc0ea1452a52a311602b2b7ef35dfada1b12a4214d082f21e0be56e2556d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
3bcd1e0786553bcb69998ac183850e00

SHA1
3f9d4669786a10d8973b77308ab3445309c46aee

SHA256
bbfeae81a08322bb12f329377b46d9b9e1fbce9716a2fdafd1f02a4f4f9c7423

SHA512
7bb5dc9d7ebd0f28fde53b6eacb719e7b2fcba275d6318778d40f0e4ff18257eb03db5a2f130ef3884ac5b144b09bf3a697f00d5cfb564391acbe27d9f85b1cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
b4b8ed2bf9281952a2819c7ffec1a8fe

SHA1
3a7ab5bdf34c4434fe25bf5f2f13261b00f29a22

SHA256
93588a0319fbca09f2d3aadac2c1ec5ecd9bb524e23f3418ca1bccf944387bc8

SHA512
c89086c194bf1d574ce6bc9326802ba6e4814d4e8fa603a22a282313710c30513102ff0ae029bf99e2f0889db07da695c8cc6c1885882d216918bda947787537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593975.TMP

Filesize
538B

MD5
c4d4270b434c5e40b432183f32bd3d83

SHA1
8eb8ca8e7ed8855aaec256c03b63ff5af42b18c3

SHA256
91b6ea87a56f182e7424b2e7b3634d98014869ceceed172f9a4be85eea8c22eb

SHA512
5354ac4ec488c3e14c859d3a9dfd2a9dcc02f79a1600c264fc73b1994a36f26e6646ff7906f88879259893fb65e9993d26be3b2401bf13bbabed027b5b6d6200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f2437614305b08c8dbe20a8dd0ca975e

SHA1
de4cab9d253cc8519546e0fac6fac2f902af5493

SHA256
cd346624a56795b8e8b38521a65a64eb742278c97f71263224631aaa138a97a9

SHA512
f787a389bbfff247e1489e0c91df0301e33c0642fcc499258de7d02e9895ed89e61b448a25f874101b4aa86c0e5872e08ea5ffe995737ba92c08f58081815b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9e49c05078b1fb32bc3ef321efb7a04a

SHA1
fd02de290578a8bc005d59451c895cd6626bdd9f

SHA256
1530a9a4718d1be693cef0224bd5db8d67f7af57297dbd65dbdf8e587bcd0c74

SHA512
aa202d309f26c88e65ae4428a834b6086ed892c9790dc7155fa1c55de2a1d3eb4b6dbc12981651e161996ecb77caa0310911ddd42e0020d7f4476054069663af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e460d69a6e27029c7f8a7142037f5dd9

SHA1
25af7b625186a796c890d79986ce5419744100bc

SHA256
30a9f2de7a8a4631c88b1b09b4f0bc6a05bd79ec88d3bf4f95352ba35a04d353

SHA512
8f8bf4b883168362a10ed34bbd3c5d9f31e1343143687995646465a607d17a0fd8d6b413c957d392712e9e7bd551c47bdd23900f5c5253d96509b15a8f0b64e8

Download Submit
C:\Users\Admin\Downloads\Sin confirmar 460446.crdownload

Filesize
3.9MB

MD5
3b304de6211ee8956186f70a2d3f1a50

SHA1
222baa0afa1d8011320210f49f852a0f3d891cf8

SHA256
3e60fe5a1b10d72194bd269eea40ec3dd708b696bc21e3e01e0795b3d5a4b95c

SHA512
ddc2484d028bdeaaa4732420d67abeef8a168d9b2a0100548478a3bec36ca5cb5573d16a277bed9beae28a3eeae7dde0439ef0f63890730eb1ec1b2e002838cb

Download Submit