Malware Analysis Report

2024-12-07 20:02

Sample ID 241119-e2ndfazngs
Target backup-message-10.7.1.84_9045-4451296.eml
SHA256 6a2a88d701f29f74e4b2624197527dc81fb72b2b9fd1baf41a4d092329cfd510
Tags
latentbot discovery persistence phishing trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6a2a88d701f29f74e4b2624197527dc81fb72b2b9fd1baf41a4d092329cfd510

Threat Level: Known bad

The file backup-message-10.7.1.84_9045-4451296.eml was found to be: Known bad.

Malicious Activity Summary

latentbot discovery persistence phishing trojan

Latentbot family

LatentBot

Loads dropped DLL

Executes dropped EXE

A potential corporate email address has been identified in the URL: vlibras-portal@dev

Blocklisted process makes network request

Adds Run key to start application

Enumerates connected drives

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy WMI provider

Uses Volume Shadow Copy service COM API

Checks processor information in registry

Suspicious use of FindShellTrayWindow

NTFS ADS

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of SetWindowsHookEx

Gathers network information

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-19 04:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-19 04:26

Reported

2024-11-19 04:31

Platform

win10ltsc2021-20241023-es

Max time kernel

249s

Max time network

282s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\backup-message-10.7.1.84_9045-4451296.eml

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Temp\backup-message-10.7.1.84_9045-4451296.eml:OECustomProperty C:\Windows\system32\cmd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\backup-message-10.7.1.84_9045-4451296.eml

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
IE 20.223.35.26:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-19 04:26

Reported

2024-11-19 04:31

Platform

win10ltsc2021-20241023-es

Max time kernel

255s

Max time network

259s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html

Signatures

LatentBot

trojan latentbot

Latentbot family

latentbot

A potential corporate email address has been identified in the URL: vlibras-portal@dev

phishing

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Sharepontoesp\Gtruck.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\acsDCCOCH = "C:\\Sharepontoesp\\Gtruck.exe" C:\Sharepontoesp\Gtruck.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\540cc002-e914-4dd2-ab02-f7238a8fd377.tmp C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241119042650.pma C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI55.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{0219BCE6-72CB-4834-82B8-7B771837E839} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e58fbd0.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e58fbd0.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFC8B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI269.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3C2.tmp C:\Windows\system32\msiexec.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Sharepontoesp\Gtruck.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\ipconfig.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Sharepontoesp\Gtruck.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Sharepontoesp\Gtruck.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Sharepontoesp\Gtruck.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct C:\Sharepontoesp\Gtruck.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Sharepontoesp\Gtruck.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4152190078-1497776152-96910572-1000\{A464E50D-FB41-4F64-B6EA-B71AE215189D} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Sharepontoesp\Gtruck.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1192 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff9c4aa46f8,0x7ff9c4aa4708,0x7ff9c4aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x2ac,0x2b0,0x2b4,0x288,0x2b8,0x7ff680bd5460,0x7ff680bd5470,0x7ff680bd5480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=5744 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6328 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\23d7d6d7-3d9b-4add-9481-601c4065c044_CONTRATO8.ENDESA-A4-GAS-LUZ-SIMPLEX-TTLDK1822244244411221144121.zip.044\CONTRATO8.ENDESA-A4-GAS-LUZ-SIMPLEX-TTLDK18222442444112211441224422424441.MSI"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding BC101B2116823C5DE7585530DC8B45D0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Sharepontoesp\Gtruck.exe

"C:\Sharepontoesp\Gtruck.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ipconfig /renew

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /renew

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=7000 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --service-sandbox-type=video_capture --mojo-platform-channel-handle=6744 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.endesaclientes.com udp
US 8.8.8.8:53 click.digital.endesaclientes.com udp
US 45.60.13.133:443 www.endesaclientes.com tcp
US 45.60.13.133:443 www.endesaclientes.com tcp
US 45.60.13.133:443 www.endesaclientes.com tcp
US 45.60.13.133:443 www.endesaclientes.com tcp
US 45.60.13.133:443 www.endesaclientes.com tcp
US 45.60.13.133:443 www.endesaclientes.com tcp
US 13.111.48.33:443 click.digital.endesaclientes.com tcp
US 13.111.48.33:443 click.digital.endesaclientes.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.13.60.45.in-addr.arpa udp
US 8.8.8.8:53 33.48.111.13.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 cld.pt udp
PT 213.13.26.152:443 cld.pt tcp
PT 213.13.26.152:443 cld.pt tcp
US 8.8.8.8:53 152.26.13.213.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 172.165.61.93:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
IE 20.223.35.26:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 cld.pt udp
PT 213.13.26.152:80 cld.pt tcp
PT 213.13.26.152:443 cld.pt tcp
GB 95.101.143.219:443 www.bing.com tcp
US 8.8.8.8:53 219.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 88.221.135.27:443 th.bing.com tcp
GB 88.221.135.27:443 th.bing.com tcp
GB 95.101.143.201:443 th.bing.com tcp
GB 95.101.143.201:443 th.bing.com tcp
US 8.8.8.8:53 27.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 201.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 mobile.bb.com.br udp
BR 170.66.17.2:443 mobile.bb.com.br tcp
BR 170.66.17.2:443 mobile.bb.com.br tcp
BR 170.66.17.2:443 mobile.bb.com.br tcp
US 8.8.8.8:53 2.17.66.170.in-addr.arpa udp
US 8.8.8.8:53 bb.com.br udp
US 104.18.28.245:80 bb.com.br tcp
US 104.18.28.245:443 bb.com.br tcp
US 8.8.8.8:53 245.28.18.104.in-addr.arpa udp
US 8.8.8.8:53 www.bb.com.br udp
US 104.18.28.245:443 www.bb.com.br tcp
US 104.18.28.245:443 www.bb.com.br tcp
US 104.18.28.245:443 www.bb.com.br tcp
US 104.18.28.245:443 www.bb.com.br tcp
US 104.18.28.245:443 www.bb.com.br tcp
US 104.18.28.245:443 www.bb.com.br tcp
US 8.8.8.8:53 cdn.evgnet.com udp
US 151.101.64.114:443 cdn.evgnet.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 114.64.101.151.in-addr.arpa udp
US 104.18.28.245:443 www.bb.com.br tcp
US 8.8.8.8:53 cdn.bb.com.br udp
US 104.18.29.245:443 cdn.bb.com.br tcp
US 104.18.29.245:443 cdn.bb.com.br tcp
US 8.8.8.8:53 time.nist.gov udp
US 132.163.96.4:13 time.nist.gov tcp
US 132.163.96.4:13 time.nist.gov tcp
US 132.163.96.4:13 time.nist.gov tcp
US 104.18.29.245:443 cdn.bb.com.br tcp
US 8.8.8.8:53 eni.bb.com.br udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
BR 170.66.72.7:443 eni.bb.com.br tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.18.29.245:443 cdn.bb.com.br tcp
US 104.18.29.245:443 cdn.bb.com.br tcp
US 8.8.8.8:53 bancodobrasilsa.us-6.evergage.com udp
US 52.206.222.22:443 bancodobrasilsa.us-6.evergage.com tcp
BR 170.66.72.7:443 eni.bb.com.br tcp
US 8.8.8.8:53 245.29.18.104.in-addr.arpa udp
US 8.8.8.8:53 4.96.163.132.in-addr.arpa udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
DE 13.32.27.104:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
GB 151.101.188.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 analytics.tiktok.com udp
GB 23.73.137.232:443 snap.licdn.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 s1.kwai.net udp
US 8.8.8.8:53 9918852.fls.doubleclick.net udp
FR 163.70.128.23:443 connect.facebook.net tcp
GB 92.122.54.3:443 analytics.tiktok.com tcp
GB 142.250.200.6:443 9918852.fls.doubleclick.net tcp
GB 142.250.200.6:443 9918852.fls.doubleclick.net tcp
FR 163.70.128.23:443 connect.facebook.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 200.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 7.72.66.170.in-addr.arpa udp
US 8.8.8.8:53 22.222.206.52.in-addr.arpa udp
US 8.8.8.8:53 104.27.32.13.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 37.82.161.3.in-addr.arpa udp
US 8.8.8.8:53 157.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 232.137.73.23.in-addr.arpa udp
US 8.8.8.8:53 3.54.122.92.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 23.128.70.163.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 154.64.132.43.in-addr.arpa udp
GB 43.132.64.154:443 s1.kwai.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 zeri5c4f2a5c.zapto.org udp
GB 142.250.200.6:443 9918852.fls.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 172.86.81.34:443 zeri5c4f2a5c.zapto.org tcp
DE 3.161.73.179:443 c.amazon-adsystem.com tcp
BE 64.233.184.157:443 stats.g.doubleclick.net tcp
GB 172.217.169.67:443 www.google.co.uk tcp
BE 64.233.184.157:443 stats.g.doubleclick.net tcp
GB 172.217.169.67:443 www.google.co.uk tcp
US 8.8.8.8:53 t.co udp
BE 64.233.184.157:443 stats.g.doubleclick.net udp
US 162.159.140.229:443 t.co tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 179.73.161.3.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 157.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 34.81.86.172.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 104.18.29.245:443 cdn.bb.com.br tcp
US 104.18.29.245:443 cdn.bb.com.br tcp
US 104.18.29.245:443 cdn.bb.com.br tcp
US 8.8.8.8:53 229.140.159.162.in-addr.arpa udp
US 172.86.81.34:443 zeri5c4f2a5c.zapto.org tcp
US 104.18.29.245:443 cdn.bb.com.br tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 analytics.twitter.com udp
US 8.8.8.8:53 px.ads.linkedin.com udp
GB 142.250.187.228:443 www.google.com tcp
US 104.244.42.131:443 analytics.twitter.com tcp
US 104.244.42.131:443 analytics.twitter.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 104.18.29.245:443 cdn.bb.com.br tcp
US 104.18.29.245:443 cdn.bb.com.br tcp
US 104.18.29.245:443 cdn.bb.com.br tcp
US 8.8.8.8:53 ads.mythad.com udp
GB 88.221.134.73:443 ads.mythad.com tcp
GB 88.221.134.73:443 ads.mythad.com tcp
GB 88.221.134.73:443 ads.mythad.com tcp
GB 88.221.134.73:443 ads.mythad.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 98.82.157.137:443 s.amazon-adsystem.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 228.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 u.clarity.ms udp
US 8.8.8.8:53 131.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 73.134.221.88.in-addr.arpa udp
GB 88.221.134.73:443 ads.mythad.com udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 142.250.187.228:443 www.google.com udp
GB 172.217.169.67:443 www.google.co.uk udp
US 8.8.8.8:53 logsdk.kwai-pro.com udp
GB 88.221.135.232:443 logsdk.kwai-pro.com tcp
GB 88.221.134.73:443 ads.mythad.com udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 137.157.82.98.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 197.249.227.4.in-addr.arpa udp
US 8.8.8.8:53 232.135.221.88.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 88.221.135.232:443 logsdk.kwai-pro.com udp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.237:443 c.bing.com tcp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 11.179.89.13.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 logsdk.kwai-pro.com udp
GB 88.221.135.232:443 logsdk.kwai-pro.com udp
US 4.227.249.197:443 u.clarity.ms tcp
BE 64.233.184.157:443 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 172.217.169.67:443 www.google.co.uk udp
US 8.8.8.8:53 bb.com.br udp
US 8.8.8.8:53 cdn.evgnet.com udp
US 8.8.8.8:53 csp-reporting.cloudflare.com udp
US 104.18.20.157:443 csp-reporting.cloudflare.com tcp
US 8.8.8.8:53 157.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 eni.bb.com.br udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 s1.kwai.net udp
GB 142.250.200.6:443 9918852.fls.doubleclick.net udp
US 13.107.246.64:443 www.clarity.ms tcp
BR 170.66.72.7:443 eni.bb.com.br tcp
GB 142.250.187.228:443 www.google.com udp
BR 170.66.72.7:443 eni.bb.com.br tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 98.82.158.241:443 s.amazon-adsystem.com tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 ads.mythad.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 88.221.134.40:443 ads.mythad.com udp
US 8.8.8.8:53 api.mythad.com udp
SG 43.132.32.56:443 api.mythad.com tcp
SG 43.132.32.56:443 api.mythad.com tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
SG 43.132.32.56:443 api.mythad.com tcp
US 8.8.8.8:53 241.158.82.98.in-addr.arpa udp
US 8.8.8.8:53 40.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 56.32.132.43.in-addr.arpa udp
GB 43.132.64.154:443 s1.kwai.net tcp
SG 43.132.32.56:443 api.mythad.com tcp
SG 43.132.32.56:443 api.mythad.com tcp
SG 43.132.32.56:443 api.mythad.com tcp
SG 43.132.32.56:443 api.mythad.com tcp
SG 43.132.32.56:443 api.mythad.com tcp
SG 43.132.32.56:443 api.mythad.com tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
SG 43.132.32.56:443 api.mythad.com tcp
SG 43.132.32.56:443 api.mythad.com tcp
SG 43.132.32.56:443 api.mythad.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.18.28.245:443 bb.com.br tcp
US 8.8.8.8:53 vlibras.gov.br udp
BR 18.229.244.154:443 vlibras.gov.br tcp
BR 18.229.244.154:443 vlibras.gov.br tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 154.244.229.18.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
US 98.82.158.241:443 s.amazon-adsystem.com tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
GB 43.132.64.154:443 s1.kwai.net tcp
US 8.8.8.8:53 www2.bb.com.br udp
BR 170.66.193.50:443 www2.bb.com.br tcp
BR 170.66.193.50:443 www2.bb.com.br tcp
BR 170.66.193.50:443 www2.bb.com.br tcp
BR 170.66.193.50:443 www2.bb.com.br tcp
BR 170.66.193.50:443 www2.bb.com.br tcp
BR 170.66.193.50:443 www2.bb.com.br tcp
US 8.8.8.8:53 50.193.66.170.in-addr.arpa udp
US 8.8.8.8:53 www14.bancobrasil.com.br udp
US 8.8.8.8:53 idhtm.bb.com.br udp
US 8.8.8.8:53 bb.dnofd.com udp
NL 91.235.133.182:443 idhtm.bb.com.br tcp
NL 91.235.132.129:3478 aa.online-metrix.net udp
NL 91.235.132.129:3478 aa.online-metrix.net tcp
DE 3.161.82.80:443 bb.dnofd.com tcp
BR 170.66.212.5:443 www14.bancobrasil.com.br tcp
BR 170.66.212.5:443 www14.bancobrasil.com.br tcp
N/A 127.0.0.1:31989 tcp
US 8.8.8.8:53 s.dnofd.com udp
US 8.8.8.8:53 ofdb-u.dnofd.com udp
BR 18.230.86.124:443 s.dnofd.com tcp
BR 18.230.86.124:443 s.dnofd.com tcp
DE 18.245.46.58:443 ofdb-u.dnofd.com tcp
US 8.8.8.8:53 129.132.235.91.in-addr.arpa udp
US 8.8.8.8:53 182.133.235.91.in-addr.arpa udp
US 8.8.8.8:53 80.82.161.3.in-addr.arpa udp
US 8.8.8.8:53 5.212.66.170.in-addr.arpa udp
BR 18.230.86.124:443 s.dnofd.com tcp
NL 91.235.133.182:443 idhtm.bb.com.br tcp
NL 91.235.133.182:443 idhtm.bb.com.br tcp
US 8.8.8.8:53 58.46.245.18.in-addr.arpa udp
US 8.8.8.8:53 124.86.230.18.in-addr.arpa udp
NL 91.235.133.182:443 idhtm.bb.com.br tcp
US 8.8.8.8:53 h.online-metrix.net udp
NL 91.235.133.182:443 idhtm.bb.com.br tcp
NL 91.235.133.182:443 idhtm.bb.com.br tcp
NL 91.235.133.182:443 idhtm.bb.com.br tcp
NL 91.235.132.130:443 h.online-metrix.net tcp
NL 91.235.132.130:443 h.online-metrix.net tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 h64.online-metrix.net udp
US 8.8.8.8:53 cjwi5pjhhzdikqh7prwv4n2enmjymklqtfi5seefaf71408066d1ea88am1.e.aa.online-metrix.net udp
US 192.225.158.1:443 h64.online-metrix.net tcp
NL 91.235.134.131:443 cjwi5pjhhzdikqh7prwv4n2enmjymklqtfi5seefaf71408066d1ea88am1.e.aa.online-metrix.net tcp
US 192.225.158.1:443 h64.online-metrix.net tcp
US 8.8.8.8:53 eu-aa.online-metrix.net udp
US 8.8.8.8:53 130.132.235.91.in-addr.arpa udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 131.134.235.91.in-addr.arpa udp
US 8.8.8.8:53 1.158.225.192.in-addr.arpa udp
N/A 127.0.0.1:31989 tcp
N/A 127.0.0.1:30900 tcp
NL 91.235.132.129:3478 eu-aa.online-metrix.net udp
NL 91.235.132.129:3478 eu-aa.online-metrix.net tcp
US 8.8.8.8:53 www100.bb.com.br udp
N/A 127.0.0.1:63333 tcp
BR 170.66.72.5:443 www100.bb.com.br tcp
BR 170.66.72.5:443 www100.bb.com.br tcp
BR 170.66.72.5:443 www100.bb.com.br tcp
BR 170.66.72.5:443 www100.bb.com.br tcp
US 8.8.8.8:53 5.72.66.170.in-addr.arpa udp
N/A 127.0.0.1:5900 tcp
N/A 127.0.0.1:30900 tcp
N/A 127.0.0.1:5901 tcp
US 8.8.8.8:53 www101.bb.com.br udp
BR 170.66.72.4:443 www101.bb.com.br tcp
N/A 127.0.0.1:5902 tcp
N/A 127.0.0.1:30900 tcp
US 8.8.8.8:53 4.72.66.170.in-addr.arpa udp
N/A 127.0.0.1:5903 tcp
N/A 127.0.0.1:30900 tcp
N/A 127.0.0.1:3389 tcp
N/A 127.0.0.1:5950 tcp
N/A 127.0.0.1:5931 tcp
N/A 127.0.0.1:5939 tcp
N/A 127.0.0.1:6039 tcp
N/A 127.0.0.1:5944 tcp
N/A 127.0.0.1:6040 tcp
N/A 127.0.0.1:5938 tcp
N/A 127.0.0.1:5279 tcp
N/A 127.0.0.1:7070 tcp
N/A 127.0.0.1:2112 tcp
NL 91.235.133.182:443 idhtm.bb.com.br tcp
NL 91.235.133.182:443 idhtm.bb.com.br tcp
NL 91.235.133.182:443 idhtm.bb.com.br tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 cc10dc6ba36bad31b4268762731a6c81
SHA1 9694d2aa8b119d674c27a1cfcaaf14ade8704e63
SHA256 d0d1f405097849f8203095f0d591e113145b1ce99df0545770138d772df4997f
SHA512 0ed193fdcc3f625221293bfd6af3132a5ce7d87138cd7df5e4b89353c89e237c1ff81920a2b17b7e0047f2cc8b2a976f667c7f12b0dcc273ddc3b4c8323b1b56

\??\pipe\LOCAL\crashpad_1192_OCJBFRIRQUOJFSLC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 467bc167b06cdf2998f79460b98fa8f6
SHA1 a66fc2b411b31cb853195013d4677f4a2e5b6d11
SHA256 3b19522cb9ce73332fa1c357c6138b97b928545d38d162733eba68c8c5e604bd
SHA512 0eb63e6cacbec78b434d976fa2fb6fb44b1f9bc31001857c9bcb68c041bb52df30fbc7e1353f81d336b8a716821876fcacf3b32a107b16cec217c3d5d9621286

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7d3405114a20cf27a46a2fb85424b439
SHA1 f4a1629d74f7fcfa05c8d43923e3125077622592
SHA256 dc883fbaeaeeb20153feb7bbcb2eaead95204ea1e47e9124a716977b05df91fc
SHA512 0fc7294749bb88a342b3a97da99312375503840078c6c0b1f82573b82e96896f734be9759bdd4bd0d5aaedf24298152072d4035fdbabc189850c746e17b2749b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3b964859deef3a6f470b8021df49b34d
SHA1 62023dacf1e4019c9f204297c6be7e760f71a65d
SHA256 087debdcfba4666c03a5ea699e9bb31cf22ef4e0fad7c961cb0b500e5d262fb5
SHA512 c30b7e1b28820a5815b52634b46cb210c241704e33e41304400cb3ed29e82ec547a1068fc819350b368456bcabd27034afade5add3251dc74e4174f51b6c7adf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 dbc6a3af00e81ea301817d68c83fad73
SHA1 bcb87e075ba6d074ba363129b3d313d3badc41c7
SHA256 b315f724ac221756422840be348dd13dd50f59405296d7f6cc8ff42190a446e0
SHA512 d4fe32d18f6c9abddecabccd7d2dfad0a43c7f9f849e84bc9a96f2f0b8f87e6def434ed08a477fe9d556157ca25a26cd214b20e95ac4b3f1c211b14cade85075

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 4c7df0b90862c6c94eb785e6d666a730
SHA1 ef68919e80aabda4624ef1c4d6391d4400272718
SHA256 1ce6a0de7958ffffdab184c0b49336d8bbdee8b9a05a631ca7b398aa34ea13d9
SHA512 d8d0b73feff550ce1f5b2b5fbedea2c5b150f56384e815f33a17932b749d39acda51f9610bf2b8dc40cd98dcce97f9e29144b1bc4454cbe80acbbfbeea0e74cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a60dce20ff192e717da748ef6c39c241
SHA1 5a8574c8a4d8f72d6c530fb033245a20ed8bc91e
SHA256 9c01266f0bf6fdf95afbd9b53637d5c4cdd282616401fc2f10db30679fd086b6
SHA512 e25ed8e3d7d54434a596e614da5577a54dc3623ab0d93e53ddd586680a22df520349671ecbaa99180157e9d588e8feaf9ba8d922f5a12d3bb4647f5b06421ccc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e62550d6a1579ff983209d5e1f18a2c3
SHA1 4353e6f309c606543b975bcb8d911151b390d770
SHA256 1571c125830ee12df87be7e0ae861ed1542991c1dd51cd4994cd9c4f2fc632da
SHA512 e2494361853572c040583ca697c8c162cc310e2c50528b58e5e494e2794d0e26334f7d3628b489bb2ec3f4220a475bef05fc0fcf42970c1a88a332a6b705dbe1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 5c2d5c900312f44e72209416d45723cb
SHA1 68fb8909308589149399c3fb74605600833fbbc1
SHA256 56f7a77549e5fc45bd4b1f7c2db3e8b4bd1dd9234545207613a80342cee8e7d8
SHA512 07c2920cff7c1125e3a2fe66bf21d8606a1f2a3d36be2d8e136da0d2a21130242ac8324f18cedfb0040304cf804815861767c969a6923d8db851312bf9b4348b

C:\Users\Admin\Downloads\Sin confirmar 462960.crdownload

MD5 45afcb26c6d0e16587eb0b38bd03a223
SHA1 25cc46650321464ff51b3d8a4ec8867fe9594065
SHA256 0c004f8b53c554e773cf4deafd414422167f9de853ea58cd76a8255521785cce
SHA512 c243f66f0b1eb83076015ccc53466eb750b6d018741ff4df176bcf7df9fc2dda6c7725a92e499c7eaea4842d56b240057f071ed1c449f488f131e720aa262172

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2d981adfc6b5ec50d987da26302710a4
SHA1 ac1ee118caf298e6298ea65f5e62c9e065e905aa
SHA256 3b61b72cdfe321800698d76cc2022b7f1cb5c1b2188be0963db890f491e3eb9b
SHA512 3c6f20c1a806826d43c4733fab791160b25e7b115484db0ed4ba3b41865d11535f424431bdb02903a1ad7acb2426efa1c961959c635a106d764bd2be47b777f1

C:\Windows\Installer\MSIFC8B.tmp

MD5 ec6ebf65fe4f361a73e473f46730e05c
SHA1 01f946dfbf773f977af5ade7c27fffc7fe311149
SHA256 d3614d7bece53e0d408e31da7d9b0ff2f7285a7dd544c778847ed0c5ded5d52f
SHA512 e4d7aafa75d07a3071d2739d18b4c2b0a3798f754b339c349db9a6004d031bf02f3970b030cec4a5f55b4c19f03794b0ce186a303d936c222e7e6e8726fffff7

C:\Windows\Installer\MSI3C2.tmp

MD5 a41f3459cbd194e4de49e359f3b7a68f
SHA1 40f9b4f55484cdd126d8001bff84cf3147f6a6dd
SHA256 747a0d915e3f527ccf1ee96b22ce72bd030b9ef7476729719e39565518ef0268
SHA512 a4cc0a55e202bac811f5959c63446b70e6c1b31cc691ed8a568be360e8e45741d995f0fca38058c4bc0d30a81041ac1f038d04c74c1b69dcd39b95995702391f

memory/1256-245-0x00000000035F0000-0x0000000004614000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8ed4036340ce313f5f46b680ad2d6170
SHA1 45664b9055da7f80beb05eea909526cd05b7d942
SHA256 ca791948f38a34b72263d67f1e18f631f7fab25861e10091a50a7e4994e876f9
SHA512 11181632005728ce3b726ce0a9c9963cbd7fb88ad993c099da236e376cf0dcfd48d3da69d36d0e09af4b1acb82adb3747cb99320d9f080f408aca6468d0eea05

memory/1256-272-0x00000000035F0000-0x0000000004614000-memory.dmp

memory/1256-308-0x00000000035F0000-0x0000000004614000-memory.dmp

C:\Sharepontoesp\Gtruck.exe

MD5 84eeaf42db9fee1803147216b456d3f5
SHA1 52230ffe54e2d4dc3df717d0d1587263bf573ddc
SHA256 463f8fdf2d0c90cce1734b5e6d12d37d753f53a17e4fb9315ebaaee61ef1e8c4
SHA512 91a4dd13561aa90dcfbf8e5153ca02c233b1e8d5da13145c430715ab941017edce6cdcb37c23a209c97c87254b6663203d63586fa27409e36a95b90f89c86687

C:\Sharepontoesp\dvdau.dll

MD5 ec13c0ca17ff65cf05c04b86a640072a
SHA1 faee721f08ce0b2c32b8b6f0b86fa7c1a70d64e6
SHA256 9f649c766b673ddee2edeadf171ef7afc87dfbae2ae1b2835b5af81ee389c707
SHA512 0b10073dfbe1a79aa0ea6a7d8b6415bcb363ce35574bafe1caf8679af084108eb1de9f3a913e870a82759ddd46ffca0cc6b2612ef4af0dd9a76eb09e543e7da5

C:\Sharepontoesp\StarBurn.dll

MD5 e76a62a26a171a1e11802df34c6c571e
SHA1 03bd5f19a16b1f34e843a11572875a83d2d93511
SHA256 57ff90c7fb09a8cebe4ace209bb1a8585d46bb3ea59ee91644323840c1b11a50
SHA512 b47dcaa55033fbd84a1599dc14f648211c0cd4c16764bfa093b515bb7304293712a5a8ebfe447cede43f034356cbbc04d134aef51f247bf7385dca4625a4fd2f

memory/3556-343-0x0000000000920000-0x00000000009B5000-memory.dmp

C:\Config.Msi\e58fbd3.rbs

MD5 f8102b3dad14b531ab1ed4c7b5e28089
SHA1 b2ac3f4b4a8a8b0b02d3d0c8f326b90d2ad37f14
SHA256 27375491da57f4fe19c15fa69c33e2c91fba3234c0481350e053fac6adc37679
SHA512 dc0c0e45fd9b6a38824755a78a7ad85f96c55486cbf8e6b7f02168b8c141990bfeb5a412672280a918d7aff39c884ab850c5671b62bd7fc4dc742eeaf6e8a777

memory/3556-346-0x00000000009C0000-0x0000000003607000-memory.dmp

C:\Sharepontoesp\MediaBurn.log

MD5 4e4ded4e9c6cc9891b7a07ba769fbee2
SHA1 bca48d9d0d57bf8d7b0cc25717236069c7f50883
SHA256 363ae9d17cec2e355254cd48289584889333424c3332d791b8b004f5901d9c24
SHA512 2af20b5038782c2bcb9c8a5e412b97479f416258b34a590b027270977d9f76149d27c28139bcd2caa2de876088be70504e4e0773bca97bf30cc690a9a7e442dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4d27dfcfb595cdebd99d17b4ff6feb2f
SHA1 a892cadcd3282b67a2ff98f93083c5dcde26005b
SHA256 099f2dc473bddb626c3d08355b51a7b2698cce2ad155ebfcab097966bfac876b
SHA512 166559969abf114aad370f921e92604f47bdba98a574fdf249c66b01c42b5690645f0fb10a8bef38d166c0c3b38dc159600413904c3a459ca708e94c466fd493

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3da1f181e593aaa1f43ac080c67badfe
SHA1 55573d5ebe9287c7d6b402fcc40b9061dd330f35
SHA256 14cc3d992eef0ebc2a2c6ba771d3db79d35140e8155658916306e7601cf18d12
SHA512 bfddea376305b5c52f585ed9746f1da786b9bfecf39a677a1d1d441dedd57660a851f46ec5970f3c4d90f089ce8691c78558d2683198834de3c97ad7d4df3b96

C:\Sharepontoesp\trp.gif

MD5 321b04a8e4ebfc40674f451f426a4da3
SHA1 a24219445a25f4dadad72658e63fd3ba026ebeac
SHA256 0628b2f4ecdb9b0c9425c2f2bc22e15bac3b12645a9e63c4f95e90e2d6e9c2f3
SHA512 2004b4485f2347036784df31b811f51924665898a9a5476d580b2478022956c5db9f1cdca81be9993469bba120d227616d364ec220e79f1b595703a1221dfbeb

memory/3556-473-0x00000000009C0000-0x0000000003607000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8c903cfb4f1a05d259a439b5f8f751c9
SHA1 784f7e8d714c2debc9327cd983a0aabbad5ef2c2
SHA256 e9c634d2768e5779f829c5d8343885039b47741d11eef0091ff5038af04e7cc7
SHA512 56982268ff0e825b195d440670c653a3f6b3b1509393a1ea1c9033e01c0371e8235b6da5c2126543974ed394d1f9537f0956023e9a4b6154ef132ab1f579a9aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599d8e.TMP

MD5 8aababa5cfb02f9b7ac401217ce76ce6
SHA1 a6a2faf1b0ca1629d08f81533b148b86b078f637
SHA256 d024e224f6a51857549c08b2831679d9a05440bdf9c33cb31ee194082eae56c0
SHA512 31e01401e0ca69e945a5653a2c029a48d3ee5d882c4f622c5382ce2b32b12822a854c7b75a9ef0ccf1250d2e3ccb78056a81d762f6492c46df43b5ca5f0dd0f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9ae83369b36c202b1119bb173d2e8814
SHA1 3fc3ef73dcb8e7475039e9c757639dd298189066
SHA256 fa8a6a33417122e5e97e0d5afeec05b30694f9623d218737ace9e48f2016852d
SHA512 ba8b3b7f1e24a7f45a92970dc6e2fca9fbfb54b4556028f1f1d1753f1fe326746dd86b3330fd017be12540db425d3435251765fd7b37d58a893c3981be179202

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe59a04d.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/3556-524-0x00000000009C0000-0x0000000003607000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 81b46802ff2b6644f60d0bfd26c70c98
SHA1 64c6167330755b9a29e0b0b02cdd48014c53c4cb
SHA256 6db4889749151f4cf70decd8c7387ca8fc62d6d376b368340a29e3aa8737737b
SHA512 ba73235f50250123ea5f19fdfe310ddecded4cfb6f8252472ee5b548a42657f8a958a1ff9c60cd670010021aad3b9509a700a084e3ff5afd45a9335a3be615fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 54471cdb8cab6a97c21e7d5994d5b352
SHA1 1a604e62554ad8b20b63b6a0a08984cbc57eeaf0
SHA256 98220cec4d0c52964a8a7e917591515e5ba902ef54b385db0a3729e0e3c3b8d3
SHA512 11429d24738044c447822654c1a45100f373ca8df5ce0f5dd7807e1005444e8e81e819d35e52b62fdfd5067b1aff39758ba3c304e6e4a29aa5b6d13ca9168596

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8ac5e466b4e723e1fb77631539cedc13
SHA1 98e227294c5a36c9c4c5a3e111ff1554f8638876
SHA256 2148095468552214c592286910a54eaf94ee6c4b52a428cbe365ab03ddc91903
SHA512 3e4a6ac42b5ce9670c23a545a66a683d14c087637b0e644866bbe0b361d9651806a36608debb51dc8fdfd0b70ea0597ee934d8b2f0d96d63b870cf742b4e2bc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d9af55a40b0344fc3a72165070510ca0
SHA1 ff9028f9b6572e2ebc6809d4dd541cfcb83527a3
SHA256 31b4293a0b319319e318ec1e055f4b66400f6292a92ab90faf4369003bbd7dd9
SHA512 aa7ee34fa14e976d0a2e79df687e23a8f97eba4046c95b76727ecf03470eebc5e20c09821300998a0d8d987a4efdd3e54071355f2f7906aefd709f6b17292833

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 8406855872c6d73a469b4cafe77616cc
SHA1 2b7584f4743c18bff4fc6180bb3f7a15889e15db
SHA256 0b10acb966a39d399969ff5b0ec0b5142d5108d152ddff71521e65ef8a8c7779
SHA512 562d3cb01cea11f3af6254ff4f14474575374e2db35fb43ca1430a1e18847cab660df5af8040268bc1dc979cef88e9e8a6b60478f1c19b9d32bb8b7b604ab144

memory/3556-693-0x00000000009C0000-0x0000000003607000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4118c04473b7db79b0b0146f04dc245c
SHA1 2171d877ff6cd07bfd14d9d3ffa1234e9cb496b5
SHA256 ca73be0208545010a92d1d33c14fe2befb457a1a135da97cdf8d5a2bb9abae5c
SHA512 d69a29562b5f16e1fee48890a8ab5d58310c7fc079546ff26e986da2edfa21c7c561253ba4f44e53a78a35bfa464c48d9d1e9c4a62ee54bca0cbda31d7cc144e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8115bedbfc631ed04e54de15f2212556
SHA1 133c423256935d1b26502eeebd53cd087b810e52
SHA256 c6488e9d0723da49d0a6824e4831f65868269c619cd86cac1b26a2ec32f5f18b
SHA512 22c927f2599de5462842c322bca1ec79545ce384692bd6830983b372a4dc3b921594e9df3fe259f39e6674b3f3a96993c9eaa016dd859250036982b850f2eb86

memory/3556-722-0x00000000009C0000-0x0000000003607000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d50f0fbb854ec1d5e9118760de465148
SHA1 2f68c7c3b6f89c6bf1a7fa8209a407718dc32e87
SHA256 3f80bc802a0915ec6f2be835958fb405ed0b04e1077c600dcbddf716aee7d14d
SHA512 f393dde4abbef561de1ede3b9dea1ca744a5ace26cd4e4cdf7fa2bd62bc4f25a9352acfedbc93ec09c96ef99e296a3285c114a093148455ae53a89c52f618e04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a0e88.TMP

MD5 24a9b1a0a4d77968d7e848ce0b487341
SHA1 6a2707ca7009a13b26bcb05c410d7af3f4dfc790
SHA256 828ebd2385a9ba8faadf42fd268d09f2d8a767a34ec0952e40681432d68aaa7f
SHA512 faf2866de697c4018c48bf8d4f1efaa774f918440f533c641bee445fdef18340710abf8c5cd61e418d93e4dd84535a6d76f455e4464ccb63efa49daacba51697

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 543030b19dbfe5c244f8c42189290d9a
SHA1 eb14246b558a6d393f75604d8ebe93135409b66d
SHA256 75d27daaef217545e2fce4e61ef98c2dd1eb2dfd33a10df4399db2a2d5c2e5a6
SHA512 8af73214677dbe900fe874c7bd1a5b8d4329d98d31a1fccf4c7db5fbc6a73785199adf5bb9206074947ab0d023a2b78a96d4cb2f9de9dc000b1c0f15b5c23696

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 56943c5df72712d760dc2e2a0d28f13c
SHA1 3922ed2f34e4c6dfcd54aa34d39d2e524149c40d
SHA256 3a4a87bf9a23e95fbe6ae37721091972efe2850ac10a5223d82091d027e1b25f
SHA512 9309d6dd2c46c88fc21234fac42a493f6005b10bc982af255b847d2c01f123714df6b83d1040784511fa84614358122c5661f6c0b53717093175a236e9793ebe

memory/3556-741-0x00000000009C0000-0x0000000003607000-memory.dmp

memory/3556-742-0x00000000009C0000-0x0000000003607000-memory.dmp

memory/3556-746-0x00000000009C0000-0x0000000003607000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ece76fc4d49fa0e02d2c501abbabbad9
SHA1 3a6723b7e79db608854775a07f600cf034916f98
SHA256 afee9f602f98298db0dfc05f608747746a74a8901940f7f4edae247f20708b69
SHA512 f0ae14ac94aee5a28d13928f041a21fb1b5ad548e3e986f411651ad0795b28da96568f42d2739749b8fd30380ee60470498a3518348f1a5ad3f7cef3954ad011

memory/3556-758-0x00000000009C0000-0x0000000003607000-memory.dmp

memory/3556-768-0x00000000009C0000-0x0000000003607000-memory.dmp

memory/3556-769-0x00000000009C0000-0x0000000003607000-memory.dmp

memory/3556-770-0x00000000009C0000-0x0000000003607000-memory.dmp

memory/3556-771-0x00000000009C0000-0x0000000003607000-memory.dmp

memory/3556-961-0x00000000009C0000-0x0000000003607000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 50c6fab4ce92d2acc6864aa2f5356de9
SHA1 6ec51c28a9b679b99b14ac6e1941d98f7e5b7b5d
SHA256 f7f790c084987dbb72c4b1af4a0f304a7e52fceedf72d75c37560e01840b9faa
SHA512 12acf632b4936004d1ab75f372417bb39a455efb73d32b12c21626efd84ebcfc9334a688b8b728390b1c697a9117d27138d3e2f63c6b314b30be0e9adb805cfc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 012857f71290c0bb2a1445edf87224c0
SHA1 2941e7ebcec033a5033028220ed44e2a36abf3ed
SHA256 8a257109bff263709c3b6522d496d1e783f43dcb24672ef15f2532030d35ec4e
SHA512 4474a3b171db7050c1cfc5282e541b7d33dc828c018e167a41704231d28606bded54e92153c2519d82b31b771eaf86a3647d16b6e236d15127c23984d1b0e976

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 3c245078d07eb5cbb23e158efd6ca937
SHA1 12a36a9efe15cd7a5069b1d838a20dfd46b222cf
SHA256 e05cfc8ee6c159882251c45f74d6bdab570f14ed43ece74e2153b77c2dde277f
SHA512 25a6d4d4ae691e3c1bb9d3af7eb92de1c70430082674a98177157c3cfc98047c98541ba74f5cb9a054cbbdb748c9f1971cfaa0f436ceb7416f1b5bbd76585518

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 711622216c2db7f01d88768af650cb7a
SHA1 194da501ce7f360a81edfd84297ca10bbf3e681e
SHA256 cb838260a385e345782f2bc9541d9285fa12d5ee2975cf6aaad5d17b96fcbedd
SHA512 1225376f46ad361631bf772206791a89dfd07a2557f9524e1bb048137c6d64f1dd9f583479d6ab8ccc142ac0c46a66f2a6e783cd614a53355899a0fddfa1e5c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 55cad2149b27c2cb8e75bc4e27139d45
SHA1 f7ca26499d9b11466ba01439e0e7a3caeeddb775
SHA256 da091339a22203f4c51da703b64da1d03664477fd7a49722d7d12f45a6d122ba
SHA512 4bfc00466d3cc67e9c65cd6573bd852e674dca97f361364f002025c3737cb2c8a8a0b5727e8b68510eb3662027d829c0ce9e5ed5a052da48152d2f53dcceedcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 476b78321ed60cf4f632b0886181c4ac
SHA1 14600f694ef6ff7a9fabfa9e0810665cc8761afe
SHA256 7b2a40243873222e786229bae0942818f17cf7447481067cc43a5e6de557c140
SHA512 f2e9d4705f72f93cd3a039c4f452034cdd74b4885ab6a18f56dd76dcc75dadaa19a265e575766937dea8326dcc64987c819db25ced1faf9eb3ad93d13b869895

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 311e8727331f89fce948a5b4e46e0aca
SHA1 d0d739f9f1279e9c7541c04c66eba0327b4a2bcd
SHA256 09669cc3a07635ded38a7309beff842dd06e323cff18b5c3afbf1ce4139f06bd
SHA512 1aff082b367995a02c9992d1840cbea8509e279fab3950ddeba51677678b0c9b7d5bc858d1ee41970f12c4a2a6084aebce97f91824e052cf3ae12883d00d145f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 64dde51beb74b28ee862f95169072562
SHA1 ef09285f8ea370feef56e02704ecc5fcb9376760
SHA256 b75313c37e661eea7da95975ebc215f0f1bc6e9588d937652917500d53035c45
SHA512 f0d7a6c29874198d62f256eedf4e769a49c21860b5ff32f11a254313f6044ef70476842a3c8efd5c951727b02bd8751727140fa4214e7046c0c68eb9df4a62d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 705b59565856b6bd4bbe0e4c104eafee
SHA1 3aaa665db3a44fc0a60c4ac1e9062e03aaf41f6d
SHA256 cbc41a6aacb9f2c274a6e2808eea7f113cbf031db45079eac68d80a2b90ac382
SHA512 135b0201b077c79b13b2207c4932bd5ee0531d1731a363111393c54abf411b8e7f962be221e729c00c9e6991450eae094156874fa141b9cb9fb1c9967fb19d82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 dc654d5da1a531fdb3b1bedb619b0182
SHA1 49d3de45bea7c279cf0ffe4cbc43c24779d1877a
SHA256 b395c195a5854253500b3b210e585ec801a47b49ce7b90fa5a9717df387598fa
SHA512 38952929cbf8e103cad50007cb492c93a7feb8d9d1853773883e2771cc97e50d6a514cb6347c912e7945d126a35677cca854ce8542e2210d7e59799238bae8fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 59ad6c5a387b54fa805769ee4f01a029
SHA1 f47d1dd67c94f4e7781e4e5f9b1de1d3c29414f9
SHA256 2f77800da97affb60baf185feea3548ccb6f03aeeed0918f60727d582c5deee0
SHA512 3f073775e0a42e6756f247f870cc59e10f2826ef9a7d07b8179587c07d7083df1e9894dba11669ec3ef1f11c215165b9067ea203fa433abe4e0eee815912a156

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 fcfb5cc5617d44852bc4faaec2925b3c
SHA1 8af62f642395103a36f87f49e6cb6de7abe001af
SHA256 d778e40d753a19b4eaf67c29bb3f3946cd12743339f1ee7c2c4074c6dc8d3898
SHA512 2237aaa498f8a41ed3e18eeb40b720054bb6d7740c7320dd703f7022c507f1d7e4271e5653ce4483e2a68a56125418eec7bfd5336cfd4d60024c9cb8e8b14751

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 69a0241efd9f38475dd41c355faca0e3
SHA1 1eaf173f8c5922d97e13eb7f62b75867f32dfa8b
SHA256 3eeb07487649a1afa9bea8ea36fdd6240661494fa5114a5255af47b42211e371
SHA512 e255f5385c788372e54609c811257337379ba67d5c164bbc79d5fe82c85cdc6ad2634c9888937730a2771cb9f144ee3f760704646cc816f05d54eb63094a1102

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 80e248d9112575f48ebd4076cbdbbd97
SHA1 75acfb572a0e5e16656341d51891d1610d544fa4
SHA256 4843782bc58618147f0a7cd18bea95b58be241771490ac24ca968799d3e78274
SHA512 15b2355a702e728c2f9cc14d0b89a6545380e75bcd00465b98851154371ae2ea44c1690879c9c0f69822ca630d5d0c071d600d7175c0e3ca7c41f6fb88147a20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 502ec29632001a3250cf916a9bea892b
SHA1 858d48a02bff78caf18506d100fa41ee3f60f342
SHA256 3fad125a84c026f47dcf8221ea31211b5cad241c5dc02a4944e3c39c150aa9ac
SHA512 cbbcf34d66489d202413ae3944c1cce7ef7039ecd0c0dc1fca5b2c8e4392e33097f6697594955f90660a9a215486678bacc1c4a24440c796d32f6d7d76b11d91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 719148250d1af579ae61e00fc4364fb8
SHA1 1aaedd8e2be580440bf01a5b83c28c71992d8f76
SHA256 0a89ce45a9cbf62fb2be57eda9cb4308b117e798ad08fd26e0fb48f75e4671de
SHA512 abb238bde47aea303116098768b75fe9229a54beea8401e0df7214d40b0ddf3833e2c38a32dbbd732e6ae6ae65e641fc1bda8b932706b5681e7c39c4853a41e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dbf3bce7c96dd1e16a23e582dcc64d44
SHA1 0fb326b6133715ad2009dbd180f3eeebcae62185
SHA256 56e70077a297114f622b03a98b3e40461f20fa25abbd33c8d781a6da174cfded
SHA512 25e10ba57d9cd3bc56f44723ed8e720a6c6acd753ea4fba73fc117b7c4dedeb5a740c053564b48389683a505762673e821a712d21681a4c72298a3b9401a39e1

memory/3556-1196-0x00000000009C0000-0x0000000003607000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 899084060df6667e1c6b2a9720ffe407
SHA1 719e33e67ce22a70e27977a5a55401b7cf1b5600
SHA256 ac68946976ec0f705e88cb183203278bfe7c146ba76ad5eb4288d7f2717b6d1a
SHA512 71d490e93b2b2e9f7db958c66b1b5e574b8fced3f4f5867cac5ec8916ef554d98453d9bdfeb1abc141b9a514400afc84a464cfe8f7c91ac21c8efe6783fa897f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3bef817cc532614fb62cf37aed5c5322
SHA1 d904f2ed511a6ff6571c1e94091688af28eaeca1
SHA256 87fc541fedbf02463879eacf24cb21a73e20a350da308edefd3bd0b01a20b2b2
SHA512 2faec52cbb84144cadfda7f3b2ded6cc7a08045da0b6044a6a71be8ee70e9e670e86ec2d96c45fd30b804e951d4b773695714cdd2120f6d39e9393415bb493c2

memory/3556-1305-0x00000000009C0000-0x0000000003607000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9824cdf536e6c482f443c140a1e700f3
SHA1 4b1177a4c7401f5d85051ac801c2663829145fbf
SHA256 f30bf49ad7d9b8116f858dbac4bef46df4b63513e9f3e68bf99a09f9266f6a8c
SHA512 ba2d02e5af08dd051ff0dd9a75fd228c47d41e89d2a71f006991fa8ccd3ac9f70ac1b5d256acdaa49ccf5f4dea047197bd02366057799a1130a0ce413511fd45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 13bc9c3431540ac221ead6ef62538c7a
SHA1 eb97bc4399956e211503b4512d62ca44f82582e2
SHA256 6859d05d8ba6d81227ef4661441034141e96d05880c673f87ea233d669716a38
SHA512 d30277af1cc4cb0eb28aaeff6621c422779abde99f4dcf73ae25f2475f8d2d7d7d9dfd3eff33a8ae44479a997fc200751ee4c502106240ab724934f1d418f9e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5ae6ea045b2fdf5c7aa8edb19f41c42b
SHA1 fcea3ad1632922c5f172a604aa73f407fa419d8f
SHA256 e4f9f6c6435488f8f6bfec5c0ba8ac687f6f7538b98a3b13ef50eb8e76dadf5d
SHA512 625b8ae3d500952dee74f3193591ec0eb4a12e41099f93ba7bd162a1cf852d08e092ee0be6975be14091c7e5c4b9601c1d5a91119f9b250e3f67cd9041392c46

memory/3556-1353-0x00000000009C0000-0x0000000003607000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 025420790b6d46c996ecb00a12d71941
SHA1 8f5c88ce6cc66f505a78dadf42ab39807b000680
SHA256 964e9426daab4b738b10e6fdae4743344d81658cb56e56b16f688db73be8a1fa
SHA512 44ff9380d0a5f669574ede74140b47baf7705b46f09948433f7111d4fa1aebbfd579a34c1d28fddc74332b4d0df9fc4eaa68799b9c2356d0112d2d935c14d4cb

memory/3556-1376-0x00000000009C0000-0x0000000003607000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 25c51cf4e182fc63d3d6a7510896cae3
SHA1 2634c583c13c640847b7807013b76dab0908262c
SHA256 1aa21b1e564e942accde31491ebef7e70847b7980c458da625d7dbb514637d09
SHA512 e3640b0bd7f59e32dc57d983a9840018e87d1f60829ba1a07a07a8f3abb3cd629412422dcff350b8903aefa3422e41c97d23e2241be6069b1cb1bad59823603f

memory/3556-1386-0x00000000009C0000-0x0000000003607000-memory.dmp

memory/3556-1387-0x00000000009C0000-0x0000000003607000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b1f1b428353582c2536a067fa528c8aa
SHA1 a2c79d9c8ab127ad66fd0444ba47ac921f132666
SHA256 2878b3f6c18a0c534becb20a17ddf2054388576f932e1b4c3adccbb7443573d9
SHA512 867a92c241c71540e3530571114bdc3f2cde73e21b76631c12471f66b42605eec317558db91827ce1a0f9fb82c4783363a6a956dbff226f7742b9c22dad00834

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-19 04:26

Reported

2024-11-19 04:31

Platform

win10ltsc2021-20241023-es

Max time kernel

300s

Max time network

289s

Command Line

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\email-plain-1.txt

Signatures

N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\email-plain-1.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 105.246.116.51.in-addr.arpa udp

Files

N/A