Malware Analysis Report

2025-01-02 12:16

Sample ID 240418-zedkyafe2v
Target https://1drv.ms/w/s!ArScJWVjOOvucrEJhMz-k4H-cAg
Tags
asyncrat default rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://1drv.ms/w/s!ArScJWVjOOvucrEJhMz-k4H-cAg was found to be: Known bad.

Malicious Activity Summary

asyncrat default rat

AsyncRat

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Drops file in Windows directory

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: MapViewOfSection

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-18 20:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-18 20:37

Reported

2024-04-18 20:42

Platform

win10v2004-20240412-en

Max time kernel

300s

Max time network

301s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1drv.ms/w/s!ArScJWVjOOvucrEJhMz-k4H-cAg

Signatures

AsyncRat

rat asyncrat

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\Quicktool.job C:\Windows\SysWOW64\cmd.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1132431369-515282257-1998160155-1000\{A7E77647-BA05-46F8-B081-CCE213904A77} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3664 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1drv.ms/w/s!ArScJWVjOOvucrEJhMz-k4H-cAg

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff07a746f8,0x7fff07a74708,0x7fff07a74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5308 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6796 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" h -scrcSHA256 -i#7zMap31074:208:7zEvent19268

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\" -spe -an -ai#7zMap12826:202:7zEvent28962

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" h -scrcSHA256 -i#7zMap28072:254:7zEvent22717

C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe

"C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4792 /prefetch:2

C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe

"C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" h -scrcSHA256 -i#7zMap20470:254:7zEvent8481

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6184 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2100,4362345778435967314,13877087682063021557,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7024 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" h -scrcSHA256 -i#7zMap14153:242:7zEvent14042

C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe

"C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" h -scrcSHA256 -i#7zMap848:220:7zEvent21149

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" h -scrcSHA256 -i#7zMap23493:226:7zEvent24169

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" h -scrcSHA256 -i#7zMap15409:226:7zEvent16755

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" h -scrc* -i#7zMap9930:226:7zEvent1353

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" h -scrcSHA256 -i#7zMap29767:214:7zEvent1319

Network

Country Destination Domain Proto
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 1drv.ms udp
US 13.107.42.12:443 1drv.ms tcp
US 8.8.8.8:53 onedrive.live.com udp
US 138.91.171.81:80 tcp
US 13.107.137.11:443 onedrive.live.com tcp
US 8.8.8.8:53 12.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 res-1.cdn.office.net udp
US 2.16.106.159:443 res-1.cdn.office.net tcp
US 2.16.106.159:443 res-1.cdn.office.net tcp
US 2.16.106.159:443 res-1.cdn.office.net tcp
US 8.8.8.8:53 11.137.107.13.in-addr.arpa udp
US 8.8.8.8:53 198.32.209.4.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 wise.public.cdn.office.net udp
US 8.8.8.8:53 wise-m.public.cdn.office.net udp
DE 2.16.6.6:443 wise-m.public.cdn.office.net tcp
DE 2.16.6.6:443 wise-m.public.cdn.office.net tcp
DE 2.16.6.6:443 wise-m.public.cdn.office.net tcp
US 8.8.8.8:53 common.online.office.com udp
US 52.108.8.12:443 common.online.office.com tcp
US 8.8.8.8:53 159.106.16.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 6.6.16.2.in-addr.arpa udp
US 8.8.8.8:53 word-edit.officeapps.live.com udp
US 8.8.8.8:53 euc-word-telemetry.officeapps.live.com udp
IE 52.108.240.5:443 euc-word-telemetry.officeapps.live.com tcp
US 8.8.8.8:53 12.8.108.52.in-addr.arpa udp
US 8.8.8.8:53 5.240.108.52.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 52.182.143.211:443 browser.events.data.microsoft.com tcp
US 52.182.143.211:443 browser.events.data.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp
US 52.182.143.211:443 browser.events.data.microsoft.com tcp
US 52.182.143.211:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 97.32.109.52.in-addr.arpa udp
US 8.8.8.8:53 eu-office.events.data.microsoft.com udp
NL 13.69.116.109:443 eu-office.events.data.microsoft.com tcp
NL 13.69.116.109:443 eu-office.events.data.microsoft.com tcp
US 8.8.8.8:53 uci.cdn.office.net udp
US 8.8.8.8:53 wordonline.nel.measure.office.net udp
US 23.220.112.42:443 uci.cdn.office.net tcp
BE 104.117.77.162:443 wordonline.nel.measure.office.net tcp
US 8.8.8.8:53 fa000000096.resources.office.net udp
US 23.53.113.156:443 fa000000096.resources.office.net tcp
US 8.8.8.8:53 19.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 109.116.69.13.in-addr.arpa udp
US 8.8.8.8:53 42.112.220.23.in-addr.arpa udp
US 8.8.8.8:53 162.77.117.104.in-addr.arpa udp
US 8.8.8.8:53 augloop.office.com udp
IE 52.111.236.17:443 augloop.office.com tcp
US 23.220.112.42:443 uci.cdn.office.net tcp
US 23.220.112.42:443 uci.cdn.office.net tcp
US 8.8.8.8:53 collabrtc.officeapps.live.com udp
US 13.107.6.171:443 collabrtc.officeapps.live.com tcp
US 8.8.8.8:53 ecs.office.com udp
US 52.113.194.132:443 ecs.office.com tcp
US 52.108.8.12:443 word-edit.officeapps.live.com tcp
US 8.8.8.8:53 156.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 17.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 171.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 pus8-collabhubrtc.officeapps.live.com udp
US 52.108.216.86:443 pus8-collabhubrtc.officeapps.live.com tcp
US 8.8.8.8:53 admin.microsoft.com udp
US 13.107.6.156:443 admin.microsoft.com tcp
US 8.8.8.8:53 messaging.engagement.office.com udp
US 8.8.8.8:53 augmentation.osi.office.net udp
GB 172.166.217.91:443 augmentation.osi.office.net tcp
NL 52.111.243.12:443 messaging.engagement.office.com tcp
US 52.108.216.86:443 pus8-collabhubrtc.officeapps.live.com tcp
US 8.8.8.8:53 storage.live.com udp
US 8.8.8.8:53 res.cdn.office.net udp
NL 40.90.142.224:443 storage.live.com tcp
US 8.8.8.8:53 132.194.113.52.in-addr.arpa udp
US 8.8.8.8:53 86.216.108.52.in-addr.arpa udp
US 8.8.8.8:53 156.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 91.217.166.172.in-addr.arpa udp
US 8.8.8.8:53 12.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 js.live.net udp
NL 51.105.104.217:443 js.live.net tcp
US 8.8.8.8:53 appsforoffice.microsoft.com udp
US 8.8.8.8:53 nleditor.osi.office.net udp
GB 23.52.127.202:443 appsforoffice.microsoft.com tcp
GB 23.52.127.202:443 appsforoffice.microsoft.com tcp
GB 23.52.127.202:443 appsforoffice.microsoft.com tcp
GB 23.52.127.202:443 appsforoffice.microsoft.com tcp
GB 23.52.127.202:443 appsforoffice.microsoft.com tcp
GB 23.52.127.202:443 appsforoffice.microsoft.com tcp
NL 52.111.243.40:443 nleditor.osi.office.net tcp
US 8.8.8.8:53 store.office.com udp
IE 52.111.236.3:443 store.office.com tcp
US 8.8.8.8:53 224.142.90.40.in-addr.arpa udp
US 8.8.8.8:53 217.104.105.51.in-addr.arpa udp
US 8.8.8.8:53 37.77.109.52.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 202.127.52.23.in-addr.arpa udp
US 8.8.8.8:53 40.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 3.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 fa000000002.resources.office.net udp
US 8.8.8.8:53 fa000000006.resources.office.net udp
US 8.8.8.8:53 fa000000012.resources.office.net udp
US 8.8.8.8:53 fa000000029.resources.office.net udp
US 8.8.8.8:53 fa000000051.resources.office.net udp
US 8.8.8.8:53 fa000000059.resources.office.net udp
US 8.8.8.8:53 fa000000074.resources.office.net udp
US 8.8.8.8:53 fa000000085.resources.office.net udp
US 8.8.8.8:53 fa000000110.resources.office.net udp
US 8.8.8.8:53 fa000000111.resources.office.net udp
US 8.8.8.8:53 fa000000125.resources.office.net udp
US 8.8.8.8:53 fa000000116.resources.office.net udp
US 8.8.8.8:53 fa000000145.resources.office.net udp
US 8.8.8.8:53 wa104381125.resources.office.net udp
US 8.8.8.8:53 omex.cdn.office.net udp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
GB 104.77.118.97:443 omex.cdn.office.net tcp
GB 104.77.118.97:443 omex.cdn.office.net tcp
GB 104.77.118.97:443 omex.cdn.office.net tcp
US 8.8.8.8:53 160.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 97.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
US 13.89.179.14:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 14.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 fs-edog.microsoft.com udp
US 8.8.8.8:53 154.173.246.72.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 api.onedrive.com udp
US 13.107.42.12:443 api.onedrive.com tcp
US 13.107.42.12:443 api.onedrive.com tcp
US 8.8.8.8:53 shellprod.msocdn.com udp
GB 104.103.203.207:443 shellprod.msocdn.com tcp
US 8.8.8.8:53 207.203.103.104.in-addr.arpa udp
US 8.8.8.8:53 oeenva.bl.files.1drv.com udp
NL 40.90.142.224:443 storage.live.com tcp
US 8.8.8.8:53 bl6pap004files.storage.live.com udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 52.108.8.12:443 word-edit.officeapps.live.com tcp
US 52.108.8.12:443 word-edit.officeapps.live.com tcp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
IE 52.108.240.5:443 euc-word-telemetry.officeapps.live.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 m365cdn.nel.measure.office.net udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 enviofinal.kozow.com udp
US 45.32.171.209:5051 enviofinal.kozow.com tcp
US 8.8.8.8:53 209.171.32.45.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.155:443 r.bing.com tcp
NL 23.62.61.155:443 r.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.4:443 login.microsoftonline.com tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.187.195:443 www.recaptcha.net tcp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.200.35:443 recaptcha.net tcp
GB 142.250.200.35:443 recaptcha.net udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 2.17.251.5:443 aefd.nelreports.net tcp
US 2.17.251.5:443 aefd.nelreports.net udp
US 8.8.8.8:53 5.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 udp
N/A 20.189.173.4:443 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bc2edd0741d97ae237e9f00bf3244144
SHA1 7c1e5d324f5c7137a3c4ec85146659f026c11782
SHA256 dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041
SHA512 00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

\??\pipe\LOCAL\crashpad_3664_MKPRBYAJYTUEPIKR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 120a75f233314ba1fe34e9d6c09f30b9
SHA1 a9f92f2d3f111eaadd9bcf8fceb3c9553753539c
SHA256 e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0
SHA512 3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7c7e65129296fa54e40ca3bda4af4baa
SHA1 f03b742463508d9febffe7caf5e64c6fc13a63ba
SHA256 58158cf068b89b32fa3b442a9e77fc63be33b161337f0e7131d158d499d22572
SHA512 4c76ede09d351f22b7ac7ae34cc0a9d06678d4181f83bef1f18ede36c0108e70ec9b77caac3d4209f560eb9a73b12b80ebde41481f2e70abc9e1fa9af47c5bad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bccdf7cdee5e0a0fd7b861fa7bf7d6a4
SHA1 1a4d41ae98d62c79d0b8eb5cb089de582b3f4f88
SHA256 a487c9eb6318dd49cf4a4bbe40e0cce7c692254c62b240592b276e0d35f59971
SHA512 cf13f4b4f5bd769eade913689d6129a53186faf11ee01ed71c539aa354d22201c82d7cb1881423c6c0188f8b8f005ad15bfb86c55c4bee29853d74584dbaf258

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 17acf994b7ae1147df7079d5b19490ac
SHA1 30eea5d987ab0a0bc1c2bb2f4f5cd17b0ab55488
SHA256 6dff9e8b5cd7029c4a4243c5830a5ea8c60aac578b74717ec30f3772c74154fe
SHA512 b06ef109d1ecd09548796e37c5e8a6a7600e82b40a2df6527f34d509b9fc763ef742e8c9f0ad6f39198b6088d55a8636a4609eee65aefc341b850142e097a843

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 186afe59396f958aebbd1ff29031229a
SHA1 5c0bfcd846cefe0981f5c05b3d9e93df753d94c8
SHA256 e2834de0e854741d936f3ace5fa82bbb2b4374fe05dbbe9ab5b2a2bd3f9d0538
SHA512 f2df0f200d6db17f46c5ed86138ae4893f4265cbe96f3552edea570a2f7d0049990905b22db3c6acd420e5e4530243922dcb7748f28a40b45b29f526ea5e8b15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a5e5.TMP

MD5 d857007745b80c72f629519ef797c2f8
SHA1 a163d69345cd7428e465e0c1c41912c49ff75c36
SHA256 17c87948a7666353279d32022e1d830f054746e80d8074e4ce010fb7df183d7a
SHA512 1e6a4e33a96c343242e357bcb0480d954078088b06e9cf82ac91c54661ff74c67ecfd3f4a633af55b1fb6a20bdf3e0b9e8c3d5bb01583f0a75686a1d625c79f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_onedrive.live.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\02c12df800669dbfad530d0a22f45016a44637c8\index.txt~RFe57c8fd.TMP

MD5 5e9b9f9835470fbbd47be3e2004536c4
SHA1 da625b5c1cd4d01281e376b013d8cd80970f74b0
SHA256 0c127b366e68d9177654d82a5936e074234dce0766ad1133e971b3bf6aa2818e
SHA512 e5c4f7d03c0dbd9420217f2fa89c24f7407d21708f7006abe2c048acf70d54349be673742203c1432a51f5d57a69c8698fe5509e8cb287d47c252cdafa21b7ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\02c12df800669dbfad530d0a22f45016a44637c8\index.txt

MD5 e8f788fb3a2e038b9d13e938e80edbf6
SHA1 075fba27ded67f9a1ae8fd3b4d736f397491e994
SHA256 e6e13d2fad17e9883f06ff47d708d5b470a6f16ed05fff1141fb343ec2b0f64d
SHA512 401506223b725ffe07b1d5c9ff9bad657e24383e64ac19fb74faba3f3f086126d25d27a29718d9ee7f73bd6b995401d235ff04784414b595ed875544b799180f

C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL 6.docx

MD5 001e5e8c78c1614ae8006f2a89e07224
SHA1 afb538e3e696b113c4d1fffef6ee8944957a5097
SHA256 ec993c176ea4a25b9be724e5eac8a0a376298a167fd7acfd31507ad3bda02026
SHA512 368a636504cca044a4c6b49dc3627294eb889cf2c19b49000fd0653b0251b807711f687a32fab02d83bf2f479f0d2e9abb41451ba64188db4d365ccea5e6dec2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dcfb4eba0533da990c126b3da8bc5899
SHA1 dd63b6bf70b4621efd420873ba0b6282f418523f
SHA256 527cd97b38cd0178c2a3a8a294d06e62516e5a44741458d38fe4c3eee1ad4fa4
SHA512 22f92256016638d04c43635026e912f3fb6bb97bfd775cb4bea126089c5f44ec62a9ef4be75946745544f07da45c21ab36389fd37ea0a749ab66919181ca94cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 ba8ab330d93a19fff883533d1e88d33a
SHA1 cde0c27c7eda94b1f8ac65c0fdd9af544e12624b
SHA256 7fa4bcb91c887451e00a16e21fbd0921aa09bdef736cc6063dcf55e85a05d47d
SHA512 011a6c75aa7ca47b08a34ffdfc1dd72c16fdf975510c044df4a6b9ec8665af5952788f19d112c5379bf977a2993e6b622399191b17cf73729c0098bca592a151

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0324d6c2382df2a170ba1ee072a5eca2
SHA1 469e2cdcd58699a69cb437447f5bb005ee014407
SHA256 c5141dec2cb357f9eaefe40bc9bfc8850aa73fb735b09f5f715024b908ea41d5
SHA512 e212e69aa666a8fd6f30d6970e0e542bcfa4aef35d76d72e6014cf6e61718d4a96c2953be34aaad32633a706e4a63413e8cf87f77dc7d30dd0a540cbc10bd513

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 69acd006af720687412f1dbdf029e568
SHA1 76d79457e762ca81f2dcd7c44b6b3c134733bf42
SHA256 a60ea1fb017d5e81af0ab05db91982bc006f0f1c541d6cc23d8290f1a2f8b00b
SHA512 c0d673ad3156631b7c0b627ec502402a030c1a8d26fa52fba0821492844d7112073cdeb3065f294f8589ebe3bbb5930f6a46dbef574612fa697dde2828c63037

C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL.REV

MD5 481853483ef62d858848be6c42af6313
SHA1 07d8a2da02176b81dc35266c7aa828bc91e5f431
SHA256 434e77098b71d744c6677c8a59565a80c0a264de05bf88763522747db1db28bc
SHA512 822fbe729f9972b709fb9a54f792bba7d7f12c2d73a0fa7f6396ea4b10895f6d59a2566ea352f2cf11bd1c8e1745b4e4790f42f4fae6376ccba8910e5322df31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 771cade8fe76b6937687676ff4c8c38e
SHA1 5679f2c2663db1021521bb862ec4b841d4ab0497
SHA256 4be527bc6eeacfaca1a2052f08f2ef6f417385c5d834bcde46e7d09aac483157
SHA512 d2a15635c23d36110ce7b97b01b2701be1b0e877a32eb57f096ecf0eda0c7c12d520cb520e9f6fd4abc2dc360a4b3bbc310ae17bc948438ea0601b7db914d552

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b4e290a1142ba31921905b1a9569c107
SHA1 a6811ad2f1812beae1f784cc3e483341d0341310
SHA256 8f9be2aeae4f305f2eb888770c52a33910b3a12588a8719d81af5c3e9dca6a86
SHA512 c33bb76031caebcfdc666398d9ba93f543e4fc395ae6ffe12f00201d9fe5dd8a84a5287a1f2c2ed96af48712faacb51518a70384b6d2c5d864a3add090448c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 71fcb5fbea6b714f7fd23fe54e931483
SHA1 ffd1fdd452174ad5bb5b46094841a0a2c84877dd
SHA256 de145f9bc7def393df6e0a29bf2cb6611441bc6870b5367a9514afef1167467e
SHA512 bdd3e09ccb698208ad478e546ef7801d6ca4c3fb6ab069aa43309293832d4d353fe6bff6504311755544172a4bee937832b9a2fde85856df88157772210faa30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a6b58e754031729b482d560eda8ec6dc
SHA1 c5af306563feced6b2663d699791ce362313cba1
SHA256 6cb8ffaf93c4ec710ab2961f470e5c60b9e529fa9b8899f2f1f6ed0dd91ec212
SHA512 a12339cf5dd6342ad2e57bdf11fcbb91b73dfb95d2a956827a445a4808e2605aa47366df11f5ca5d4ff262120ce27cc8fa9721485b360bbd83b01e9f6dc8f86c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6cb49883ff136b3e5019a49306cb83e5
SHA1 9a7cfcff670dc4d2832ac5cd5f6774445dc052cf
SHA256 1c1bda9a141dd1426dd7885e9b55238f3d86957223cd481c7d4ae2e23697e5fd
SHA512 5f7d69819507259fe4d05be2b11ab6c8eb58ea91bb6580bdb324b5b29542ac7b39fa82c884d0a944bdfdbdfd7d107594ec1fddc8bbbbd03406bd524e4ef024dc

C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\001-NOTIFICACION JUDICIAL.exe

MD5 ae224c5e196ff381836c9e95deebb7d5
SHA1 910446a2a0f4e53307b6fdeb1a3e236c929e2ef4
SHA256 bf933ccf86c55fc328e343b55dbf2e8ebd528e8a0a54f8f659cd0d4b4f261f26
SHA512 f845dbb13b04f76b6823bec48e1c47f96bcbd6d02a834c8b128ac750fe338b53f775ee2a8784e8c443d49dfcb918c5b9d59b5492a1fe18743b8ba65b7d12514c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f76c728c12274b94f9d579d00e942d51
SHA1 02c8c66796c3e5f2c72e79a4afa1cf20dc910632
SHA256 e038859476ba85474cd9af9eff6bbf9249f229aa7965597cc4f00208a33fca4a
SHA512 9af52db69731071c6f178737ea4f2b8d513b77ed39a29cdfe5e2430ba4ff65247d5d134e4eeb05af0f1d1b7b45da539623cbb9658bddac5b8bdafc79526d4e08

C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\intl.dll

MD5 d1a21e38593fddba8e51ed6bf7acf404
SHA1 759f16325f0920933ac977909b7fe261e0e129e6
SHA256 6a64c9cb0904ed48ce0d5cda137fcfd6dd463d84681436ca647b195aa2038a7e
SHA512 3f4390603cd68d949eb938c1599503fb1cbb1b8250638e0985fad2f40f08d5e45ea4a8c149e44a50c6aa9077054387c48f71b53bf06b713ca1e73a3d5a6a6c2e

C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\vmtools.dll

MD5 65c3c2a741838474a592679cda346753
SHA1 043d80766dd4e49d8dca6ac72b04e09b5491fdc9
SHA256 4e5f2c54d9ecfe48999edfcce0de038948f8b20ff68e299c55d9a2d6f65713e8
SHA512 e5d8b308586ffa914f46b6766217eb12ad759853d25108db06170b870d0e8947e2befabc2843f76cb864b0f0135a8f2163b7c93fe644b293789919d1d07c4079

C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\iconv.dll

MD5 862dfc9bf209a46d6f4874614a6631cc
SHA1 43216aae64df217cba009145b6f9ad5b97fe927a
SHA256 84538f1aacebf9daad9fdb856611ab3d98a6d71c9ec79a8250eee694d2652a8b
SHA512 b0611cd9ad441871cca62291913197257660390fa4ea8a26cb41dc343a8a27ae111762de40c6f50cae3e365d8891500fc6ad0571aa3cd3a77eb83d9d488d19a8

C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\gthread-2.0.dll

MD5 78cf6611f6928a64b03a57fe218c3cd4
SHA1 c3f167e719aa944af2e80941ac629d39cec22308
SHA256 dbaad965702b89c371462e735dd925c694eda8d8557b280f7264bba992c0e698
SHA512 5caf019a6b75ba0330b8d0b60d362201d4863c0f3d70d2a9c84b6dbea2027d09bc8a6433820f28a41d126c7aaa13dbe126b38dc5c6d14a67ddef402fed9d9b7c

C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\gobject-2.0.dll

MD5 24a7a712160abc3f23f7410b18de85b8
SHA1 a01c3e116b6496c9feaa2951f6f6633bb403c3a1
SHA256 78dd76027e10c17824978db821777fcaa58d7cd5d5eb9d80d6ee817e26b18ab8
SHA512 d1f14a7bd44e1fc9bfc61f0b751ee6e0677322807ce5621206eeef898bab6c71ef1464962b20dc50f706084e53281a0d4b6d9142c6c1170a1e0a5fe4b12171df

C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\gmodule-2.0.dll

MD5 b0a421b1534f3194132ec091780472d8
SHA1 699b1edc2cb19a48999a52a62a57ffc0f48f1a78
SHA256 2d6bc34b38bc0abf0c5e2f40e2513b4df47af57848534e011a76d4e974ad958b
SHA512 ba74654843c5b0f94dfefbed81cbee4c5f360193ef8ea92836c712fbeada39fa8179a51f0849f6c4be23add1ced08f5e25f873c4b0e7533ae647fa2b19b83f98

C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\glib-2.0.dll

MD5 132b0e16e2add7808e17f113a7724aeb
SHA1 aa7e3e20b6eaa1c5db5b4a2ca060be71ba3ef8c1
SHA256 64144483049fed3406f23d7028388b687a8e4c4d822171b18a295f70ccf220e0
SHA512 4d91e249ca8609d1ec13ad526532a1d6e6141a1828fce25ac0e7319c24dc354773a9e09a58ecd62f57035b39a225b5d77377749af2cf2be9da01b159879db39d

C:\Users\Admin\Downloads\001-NOTIFICACION JUDICIAL AUTO DE IMPUTACION POR INCUMPLIMIENTO FISCAL\peso.html

MD5 f61ffc7e27ebe18640b2afcf5aa374bc
SHA1 c2da7ed9170b8e956af3b9389146e4249c2706e9
SHA256 82e81a2b13372371e7285d2c79bb6cfd03482fa2addfb87d04925babd09c9d04
SHA512 a1f557f435aabd38b6a6dfdda5cfc33ba4ddf2bc1ab61b62288b4281f922f97337326dffd611b4ff60c76a0bd7945e862c2f7f3d73ae0938a18ece3549eba9f8

memory/772-642-0x0000000000B90000-0x0000000000BA1000-memory.dmp

memory/772-644-0x0000000074950000-0x0000000074ACB000-memory.dmp

memory/772-645-0x00007FFF15EB0000-0x00007FFF160A5000-memory.dmp

memory/772-654-0x0000000074950000-0x0000000074ACB000-memory.dmp

memory/772-655-0x0000000074950000-0x0000000074ACB000-memory.dmp

memory/468-657-0x0000000074950000-0x0000000074ACB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4d9e36fa

MD5 9daae3a03afd600cd4747fc0849fac32
SHA1 aaaf1009a309e0521533fb2115349bf6948cc912
SHA256 3ed2564170d42a7a851b8cb213f0cfd6558329328535225567d726d6d5100045
SHA512 34fc831add06f71e12c539cf40e73a3bd8a546f65c10ee645ffbc405627e44933ec285646ff409ae9f1999e9ab3a7787b8259390aed9bbf9c1ad3292c5b96c18

memory/468-661-0x00007FFF15EB0000-0x00007FFF160A5000-memory.dmp

memory/468-663-0x0000000074950000-0x0000000074ACB000-memory.dmp

memory/468-664-0x0000000074950000-0x0000000074ACB000-memory.dmp

memory/6112-678-0x0000000000B90000-0x0000000000BA1000-memory.dmp

memory/6112-679-0x0000000074950000-0x0000000074ACB000-memory.dmp

memory/6112-680-0x00007FFF15EB0000-0x00007FFF160A5000-memory.dmp

C:\Users\Admin\AppData\Roaming\comUpload\gmodule-2.0.dll

MD5 dfcee0b881abab8acb15907e3ec93963
SHA1 c85b4e3514457ba5be08dd69b6637ede591431f5
SHA256 97a1100f04d178d2e93439de7865705b6c14c74c3831518e6b8a19f9bddd9197
SHA512 78fe514847f50fd487f6890b8d605c49a1d11e9eacfce79cae451b254a3a4f617594fdf9bd51d90928a44961e4e46317bc1546787d06758541c4a63e6dc6f1f1

C:\Users\Admin\AppData\Roaming\comUpload\gobject-2.0.dll

MD5 054d03e70e44015403af3fa5e3271ba5
SHA1 1300eddedfef30a6f8723aa4972658f8dba3071e
SHA256 b768b0f38b3a604e863cdfbf936e157db8d4998f3634ccac0aab817eb237a483
SHA512 1b3d643bada0aeac5948503c9cf407f17e46cd97eb4620229e59d291d6e74fb103b6eb276fc065a83a18d96a45a70539b6496cda5356b7e5eb6be6eb226ed0e3

memory/6112-697-0x0000000074950000-0x0000000074ACB000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 11c505bd70a8cd1db9eaae96ed291a23
SHA1 4fc1bf8f7155347080bb21df809de1046b7c19d4
SHA256 cf1de9cf1062fb8daa4b627a3ac8233a32c660e832c1e8d4fc53f0c0b1ca5a3c
SHA512 4632c687a0bf6f59182bb1612560648aed7bfa32774abadd7bb51300a839b5c37c93c2ef18b7737e986029751126946be3551d9711275aa5b5217f95eb79d04e

memory/468-707-0x0000000074950000-0x0000000074ACB000-memory.dmp

memory/468-708-0x0000000074950000-0x0000000074ACB000-memory.dmp

memory/6112-709-0x0000000074950000-0x0000000074ACB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\c9fe7c9e

MD5 0873f192eb939bf4d97568659b886503
SHA1 d67ddcba47c6ec1da3ecb733dcd0492ce029d2ff
SHA256 9c6d7d7b3c9366c74ef57a5f5578a885368057f1e35529f8369621e8d91c9af1
SHA512 1f11ed2046d7b8dcef0f2a88ce76b24c4aa84fdf4eb18e04f5aa9910561b5f9956170d9cbb726cea091b882130e72390ed8cfd418c0e24a795a7c65ef6c00493

memory/468-714-0x0000000074950000-0x0000000074ACB000-memory.dmp

memory/6116-713-0x0000000072DE0000-0x0000000074034000-memory.dmp

memory/3552-717-0x00007FFF15EB0000-0x00007FFF160A5000-memory.dmp

C:\Windows\Tasks\Quicktool.job

MD5 774106fa1b57f9195f62793eb5e16b0a
SHA1 62c6949f7c43df6ce25c8607a8d5117f0ee59d3d
SHA256 fb36aa315cf421df48c62025bfbb07b9256b76d70841eaf719c864f918992c6a
SHA512 8fc44d4c3e4cddd636aefb4966d47f3e2d3890937ac955d3488a43ec895274c6ca387637b4513348e9f5dc4f3566c7e213f77f402ae32702e717cfacd532a968

memory/6116-730-0x0000000000580000-0x0000000000596000-memory.dmp

memory/6116-731-0x0000000072630000-0x0000000072DE0000-memory.dmp

memory/6116-732-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

memory/6116-733-0x0000000005390000-0x0000000005934000-memory.dmp

memory/6116-734-0x0000000004F80000-0x0000000005012000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8973d5e019fea2b2c4b21bd40f497001
SHA1 e0dc548066e41c5343b143ed39b2d5e27b159672
SHA256 7f6b6e5d9795f12c0bbb214a0fa330bdf0095e6d2264d56f32b6225652a79c1c
SHA512 0a1f999ad987284fa83884b46f8cefc476beaac74635477f90054f5ebb0418dff91704f8baed8bc3a09822b7a85270a2b8ec2a016fd130ba1024d4348c83e2c6

memory/6116-744-0x0000000004F70000-0x0000000004F7A000-memory.dmp

memory/6116-745-0x0000000005C20000-0x0000000005CBC000-memory.dmp

memory/6116-746-0x0000000005300000-0x0000000005366000-memory.dmp

memory/6116-761-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

memory/5184-766-0x0000000072DE0000-0x0000000074034000-memory.dmp

memory/6116-782-0x0000000072630000-0x0000000072DE0000-memory.dmp

memory/5184-796-0x0000000072630000-0x0000000072DE0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_onedrive.live.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 801baaebb18a6c94ab1ec657d8688322
SHA1 f5694cea8e1ea1e34f98fa6e42e48a82ab3bca56
SHA256 ac99bb7e130fe0095c1a503eda5aba4f16e1de7c5d8882f768749f3c4c4002a3
SHA512 6c8e62eec6f80a4334cfd756a832641530de2ca22f0275c0d1d4fcc5120b572aeb982f3a87caede1eac2a5a7c3a2ffc9b02cc5f572e5f3f59bcfb12e6e769627

memory/5184-948-0x00000000056E0000-0x00000000056F0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b

MD5 319e0c36436ee0bf24476acbcc83565c
SHA1 fb2658d5791fe5b37424119557ab8cee30acdc54
SHA256 f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1
SHA512 ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

memory/5184-994-0x0000000072630000-0x0000000072DE0000-memory.dmp

memory/6116-1006-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b2a8c8efa4b593de377ee1326906ba36
SHA1 09242a970304707be6be1d846b25c93afcb2e0af
SHA256 e5e5f6e3282433fdf801479cf24cb936152efddd31498773336e7ab11baaa2d6
SHA512 f7424b693c411c37b68317aff4974547a4a9b317e33acd3d9aa200af443dcfc250981a7288b9d2da261e40a75c064cd0220facc97da70a156c130a307fc2dc6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 86ad0cb4812810bf9026bc96738284b3
SHA1 f4b6eaf892d6770aa1b271e88a2102cd2f82ef20
SHA256 49618e4b9b55248a4d820049b869aa48c57872f5d2feb47c73086b400e08659a
SHA512 18e28ff5adffc101abfc9d43ee2426df797cbf91f9a2bd70c1c8c6919230088e22abeca0f1ca99eb05bcc2aff9337c04923fac7322e6053484c5504a9b5045cf

memory/6116-1103-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a275f.TMP

MD5 098207ffc616bdeaa303fcfee0c32c09
SHA1 506dd2dd78265e67916f9370dd9f7b593a0081f0
SHA256 ee160c3c38a077113a2b9ef10e0ea129e614f445b5dd3eef35c016759c9c3cc1
SHA512 b9ed1c625b1e4d995c6cc64abbd7218a1661e1101fddda1fbed58c4a3bfea29e3f1e190f7aaa1cb11e864e8afcc743193651a3bd720b60378cc9c902702af1b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 202d81ea3efd035caa42f18435fce258
SHA1 f0a75390040dc9cdaeb0e14ddcfbd0376e0013e4
SHA256 d666be976bd1840a6fec6b0ae7400c509c54a011360df7ae818f85fada002e1a
SHA512 56bc8dfbb4d0f84e796c4729ab63a2cc057621372e70d3a3f0495fec85850daee50b14490d20c725f432e26669980102e5953effa22481a5138974f120ad6998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5d092f2fcdacbfb8ee5cc29b4a225aed
SHA1 b8a95db159bf415577267c55260ec4e43a243c52
SHA256 7d455a6dfe31436e3101b8ff517feb9704cd63d50e4bb32b6ea89646d435602f
SHA512 ab53ff8217e512b8ab72271821fa81861140c471b0ffa6b7358a4a8b010694e8fe95bb03d36896e74a4f362d063198c8eaf8cbcc6d3a4df35419633ab6411c2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b4098855b978c675e2f055612a8af6e0
SHA1 7f95ce5003df1b49b7fe8aa1f9cbe149858fb98d
SHA256 835c86ecfbdda9c3afaeafe34cf4225ab3880aa729f2812402d9308e2a41cade
SHA512 661a50dc229df107924e6185b66f6f26210329d984e2bcd3feacb9a07a7e996f280241459465f50975d50739dda435a74b731e6d3b0fe1f569a6e1e9b2aed452

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b28d99108db9bf6d82cfc0f473f9f3fb
SHA1 af857133253dd60b37c07c85f269b0fba0a80f72
SHA256 dc0616e6febc10c22df7bd08912290bc7f1a70c359e1e214cd16851555a78daa
SHA512 5b78046b9dbab80eaf1528e204b284c37c88acd3872b6118536bfd632ccec2da2e3c0c2e2585c2a7efc79e2c8531960f81c5aa5d3da028c46c67b3629f54a834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 79e859d951635fb1a11583afc66cc585
SHA1 b5a401a65c6fcfe00b39f078047f6c27e364e72b
SHA256 c777c3b6e218dd0a33957f6f968f20fa586bdbbf4b55530d2bf4108df952bd00
SHA512 9947fa38bb27e0733c25510b409289021837f5dc563bdd5a781103229cb46cffc68a930c4f800ef9abdee462f113e819bc24ea96df6b0c45e5cf56c10eb8696b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a3b5cea99ac01b703f64656bc02c1759
SHA1 0debcdb7bce5ff728ef5b9476c1b8f404e615425
SHA256 2ca049b9297f7710e129cb9c8c544b39217b9ddfdd69e3bd200ea43dccdf895b
SHA512 d9c25a46ce2b38cbf3c510740ab520c1d1de9df4b7a5e564b94ccebf89a1d9adbec1670926936a8de5108db31a08d9dcc66026b0fdd7611815ec795af0f09515

memory/4552-1178-0x0000000000B90000-0x0000000000BA1000-memory.dmp

memory/4552-1179-0x000000006F030000-0x000000006F1AB000-memory.dmp

memory/4552-1180-0x00007FFF15EB0000-0x00007FFF160A5000-memory.dmp

memory/4552-1189-0x000000006F030000-0x000000006F1AB000-memory.dmp

memory/4552-1190-0x000000006F030000-0x000000006F1AB000-memory.dmp

memory/4436-1192-0x000000006F030000-0x000000006F1AB000-memory.dmp

memory/4436-1193-0x00007FFF15EB0000-0x00007FFF160A5000-memory.dmp

memory/4436-1195-0x000000006F030000-0x000000006F1AB000-memory.dmp

memory/4436-1197-0x000000006F030000-0x000000006F1AB000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4884c0711c833c8af9eed5dbabddb61c
SHA1 ea7a339900ff9c6a549ad04a3c8085b38436367e
SHA256 42b9da53cd1d3cd0352e9da10bfea6b26e07ae2a60562b7a8715cd5788f2ceb3
SHA512 c282b6b5d6374e23d9a01aaf36ff0dd09ffa9c402ca2621cdcea280a769da56231d7ba77a00cfeb0a23ec236c08d84174ed78cea33a33cd455273f086083bb0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a1ee533b0b9d10b6165b933db4016a02
SHA1 41dcd49e566c4c727325669694a35122531a311d
SHA256 676b4dddd8de361b2609173eed4e29c8d6ad5051b21baf9caa5651850317472c
SHA512 5f36ba0422e728c2065edbcfdf1ddf174af285ded82af1d25fed632c0ff847acfa680c4e843cb521bd257db78191e50caa897bd7ed07fce26f552cadc79d9db7

memory/4436-1220-0x000000006F030000-0x000000006F1AB000-memory.dmp

memory/4436-1221-0x000000006F030000-0x000000006F1AB000-memory.dmp

memory/1480-1224-0x0000000072DE0000-0x0000000074034000-memory.dmp

memory/4436-1225-0x000000006F030000-0x000000006F1AB000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f0b248a3d845357d2ae300f4680d0d73
SHA1 5f51c65670f47af8cf938722206c40e34df20bb6
SHA256 ab27d96a46f33c4a1012b8938c5d090ed117e298ff98db7414184b535ad796ed
SHA512 8c0c779585ad769539049c043a0d0ca787e488cdd3d3ea2b81f1073e8ad71896daa94b1e609c48a195d696797c299d1a635f61ed81f6751de296048185bbb61c

memory/1480-1246-0x0000000072630000-0x0000000072DE0000-memory.dmp

memory/1480-1247-0x0000000005110000-0x0000000005120000-memory.dmp

memory/1480-1248-0x0000000072630000-0x0000000072DE0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 56f470c20bba69674ec5b526292dd80c
SHA1 44f1e8d94791ee0a797b5bf63bc60759e673ab60
SHA256 a1f2b2d82c7c62bcda6f351001ed07b32d197969971a1b9cb45eb6057c458126
SHA512 b3ea8b76f83974c985a1801c9317dc93c9e9eb2a04a4423086a49d77f5eb3b265a02fc57e2a8945c9c1eeb54a7b2f2273ba0c1cf1fafd5257b5ba03c2d00b3ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 89eedc1f6e30e509213758ee5379d980
SHA1 d85d6eeadbb96c3331f40a9d16adb614b46450cb
SHA256 3ed80383540d3005a996017507a0b23fafaceeae9248da71fd617cbc27513bda
SHA512 3c324307af599a916099e083161cbc0dadd5333553b41e19d35fbe199d41d72c4e4c7838bb928cf244e3d220e028a737cc796bf3d4f26b33dc7251d9d9c25aa3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cec24fe2cf689ac83e6a8d706e260842
SHA1 dae3140f7d05efdc3ce71a8e09d69b5d715a83d1
SHA256 09c0d33777646b4497b8122e830a0ffe0e2c7a76ad80fce738c42f301eccb4d2
SHA512 6b4387ad3441490cad57dc1c88426437df5a1d70031c7af98fef33e30e48a1225d5c2f035dfd6a23627bab8c218dc81ba6ea2af2854daee4449015e1aac6e3a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 75aa23aca69aa114a2f7e41bdc61451f
SHA1 120d098386d20af4a95f65b1d2387ab331140ca7
SHA256 556afebe889cd8595fb5dc223f2bcdec0757c5d290057e532106ee9fbee30cd7
SHA512 ae354f79acac683967947ec2c2da9c6fd52dad00c58279550c23141b261e63da7f3f74f74b2eabe9cb63e15e336a446f7e5c61670c95fb09d35ee80c02027dcc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 147104f9f0093d0c71442de901531073
SHA1 28783df492e38e59cc59d727c9907626769a1bbc
SHA256 d15edc1ceba29d82c7e727bc40e100a93faa1bdd0f7b8e18c89905c4a44f9457
SHA512 79b0b3492df5eaf32d38bfca69176bb3172b6812002ecd5af9847f8045f10ddbb9c3eb11c8b1d4aac464d716387116e5e3ce2db6b4b27c664ade5572d93ee01e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6ffefe898610988544b81ff90fcdbdf1
SHA1 7c1e5633effc95b59b2745f42f86c319eb644382
SHA256 a0d2f965f2aa1286a4f47f04806deb0830193a5ab8c7ce1944956702b284ad60
SHA512 39d6d79d161e78636edf69ac0520dc8d4b8d3d66ba4c652d598340623fd481256004a7a750f6872fcbce6a68b6137f1da8c7cc29b0737fe28ff6a22816b10024

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 04ea126b0634feaf1297ff34b608f6eb
SHA1 0bb7a40347e49c89971a70ddf19dc1bb62609384
SHA256 6a3cb290b2aabb7637b857af96489467de930ca0f91d54f9eeafe615b12c827f
SHA512 911610b2e9024da768138e37a20c4db3e5b9aa01a819229f2ddb2695ce1a16880e6430719b28d7a3c13ade00369b56e6b19f1739173631e5bb38fb2f6a66c521

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0ff445a9501267ca4d5f95e1ed5ea643
SHA1 a7d686e9946a8b9ff1b2c601e76ab9b5af653432
SHA256 e6a73ccd7d8c71e3c4db4242347529e5d64e58b0e917b4b75d104eeccb4a6071
SHA512 6ad2de9646094b33a2a335a6c58d612e7c4bad2c4061b874e496fb82a32be4232c1d7a16d84e3c81f10875764610949642680a0b0e103d168a6b7a54b5ba44ca