Malware analysis notificacioìn_judicial_demanda_penal_por_danÞos_fiscaliìa_general_80.svg Malicious activity

Add for printing

File name:	notificacioìn_judicial_demanda_penal_por_danÞos_fiscaliìa_general_80.svg
Full analysis:	https://app.any.run/tasks/0be0ee0e-a506-4db3-91f9-2ccc52580db6
Verdict:	Malicious activity
Threats:	HijackLoader is a modular malware acting as a vehicle for distributing different types of malicious software on compromised systems. It gained prominence during the summer of 2023 and has since been used in multiple attacks against organizations from various sectors, including hospitality businesses. A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns. Malware Trends Tracker >>>
Analysis date:	September 03, 2025, 16:10:03
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	qrcode auto generic hijackloader loader stealer amsi-bypass
Indicators:
MIME:	image/svg+xml
File info:	SVG Scalable Vector Graphics image
MD5:	40C4A3FAA888FBAD0936BFA9A224D081
SHA1:	3B30017F5EC9E85CF52EADCFB91C863D65FA0BEC
SHA256:	B614E30ED6E3A6C885E7E2B5E5B31D4154713948C1B990637C491DC0917BC70B
SSDEEP:	49152:TqocyAl7W7Z7BZ3NYS7grrpEVPam7nXgZUhKxjl3n4IHoPzhMTP/D6hDXajONg0y:K

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (133.0.6943.127)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (133.0.3065.92)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (136.0)
Mozilla Maintenance Service (136.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
- GENERIC has been found (auto)
  - WinRAR.exe (PID: 8152)
- HIJACKLOADER has been detected (YARA)
  - 03 BOLETA JUDICIAL.exe (PID: 4580)
  - 03 BOLETA JUDICIAL.exe (PID: 7592)
- Actions looks like stealing of personal data
  - PhotonDrive32.exe (PID: 8100)
- Executing a file with an untrusted certificate
  - PhotonDrive32.exe (PID: 8100)
  - PhotonDrive32.exe (PID: 7008)
SUSPICIOUS
- Executable content was dropped or overwritten
  - 03 BOLETA JUDICIAL.exe (PID: 4580)
- Connects to unusual port
  - PhotonDrive32.exe (PID: 8100)
- Contacting a server suspected of hosting an CnC
  - PhotonDrive32.exe (PID: 8100)
- Possibly patching Antimalware Scan Interface function (YARA)
  - PhotonDrive32.exe (PID: 7008)
INFO
- Reads security settings of Internet Explorer
  - explorer.exe (PID: 2120)
  - explorer.exe (PID: 6492)
  - notepad.exe (PID: 8024)
  - Taskmgr.exe (PID: 7600)
- Reads the computer name
  - identity_helper.exe (PID: 7672)
  - 03 BOLETA JUDICIAL.exe (PID: 4580)
  - PhotonDrive32.exe (PID: 8100)
  - Chime.exe (PID: 7572)
  - 03 BOLETA JUDICIAL.exe (PID: 7592)
  - PhotonDrive32.exe (PID: 7008)
  - Chime.exe (PID: 7956)
  - identity_helper.exe (PID: 7528)
- Application launched itself
  - msedge.exe (PID: 1644)
  - msedge.exe (PID: 7980)
- Checks supported languages
  - identity_helper.exe (PID: 7672)
  - 03 BOLETA JUDICIAL.exe (PID: 4580)
  - PhotonDrive32.exe (PID: 8100)
  - 03 BOLETA JUDICIAL.exe (PID: 7592)
  - Chime.exe (PID: 7572)
  - PhotonDrive32.exe (PID: 7008)
  - Chime.exe (PID: 7956)
  - identity_helper.exe (PID: 7528)
- Reads Environment values
  - identity_helper.exe (PID: 7672)
  - identity_helper.exe (PID: 7528)
- Manual execution by a user
  - msedge.exe (PID: 7460)
  - WinRAR.exe (PID: 8152)
  - 03 BOLETA JUDICIAL.exe (PID: 4580)
  - 03 BOLETA JUDICIAL.exe (PID: 7592)
  - notepad.exe (PID: 8024)
  - Taskmgr.exe (PID: 1816)
  - Taskmgr.exe (PID: 7600)
- Launching a file from the Downloads directory
  - msedge.exe (PID: 1644)
- The sample compiled with english language support
  - WinRAR.exe (PID: 8152)
  - 03 BOLETA JUDICIAL.exe (PID: 4580)
- Executable content was dropped or overwritten
  - WinRAR.exe (PID: 8152)
- Creates files in the program directory
  - 03 BOLETA JUDICIAL.exe (PID: 4580)
- Reads the machine GUID from the registry
  - PhotonDrive32.exe (PID: 8100)
  - PhotonDrive32.exe (PID: 7008)
- Reads the software policy settings
  - PhotonDrive32.exe (PID: 8100)
  - slui.exe (PID: 5300)
- Creates files or folders in the user directory
  - 03 BOLETA JUDICIAL.exe (PID: 4580)
- Create files in a temporary directory
  - 03 BOLETA JUDICIAL.exe (PID: 4580)
  - 03 BOLETA JUDICIAL.exe (PID: 7592)
  - Chime.exe (PID: 7572)
- Reads Microsoft Office registry keys
  - OpenWith.exe (PID: 7364)
  - OpenWith.exe (PID: 7760)
- Checks proxy server information
  - slui.exe (PID: 5300)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.svg	\|	Scalable Vector Graphics (var.1) (62.5)
.html	\|	HyperText Markup Language (37.5)

EXIF

SVG

Data-7e4c2f47e0804f90c6fd0e23:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_ed6b9227324ae5f45e21be83f35cf0b77df53a077b582195dcec1c8799304f6e92b08917228510bd186cdb7f573c1239442abaf30da9eb1780374ec3e514440b
Data-95d4d959cf0e8ec42ba98d1a:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_b46b8d7c7d9ff394de4fba24defa4af3fa3258c980ab651f4d79422fca0a32e9ee0cb46e66919e7687218657225fef8eadd6d856b79d2e2e09e2deb6b45d084b
Data-7e00dd542f02a6dcc87110b8:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_d792f6fa9871b7ec079736debcfd64a8c8cc24640efa7ed6716e0a23349972b75bd84af0911496903951e5623a83a750576f5b8b36af11ae9286134812770714
Data-2e4da0300571e5567de5ad8d:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_100f903f16deebc89d36259149b24b6a335e2ab2910d416e57fe0698914f4634fe918ab179e4e444fd75f29020103211dee961460f825c457c0466d91aadb516
Data-17faa531fe9e80a0dc43a53e:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_0bd1c3c5643a03098e6f94d12aff18c6823fa450bfd9eb903b36cd143679e6c28b124b81d700c42f9941b33e464fbfe1023a783b4d65810fa4110660a870b38e
Data-defe3666fad251d582bd1d09:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_c7330609feae22e8c154af3d8354b3b895aeb4e0c9d000a7bd0345581df624e08391ef61ae67fe334af99205cf1b65f2e04f99596e9759f895e6d74a499d4860
Data-e93ab3a3b329d3a21c3008f8:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_37741eeddc22363e40470ea762081166b273fa740ac43846572ef59b427c50852ec386fa1739734550cafb12d30cf165ae991db3dccabdfe9146e62f9df08299
Data-b29216a911c89379c2b5a031:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_c05bf40fd7c6198b3fedec1a8f97eda90886cdb1c4ff82d509d0e5e70ac734cc5bcd2bc9da802c5023eb628cff4fbbf863f125a1a2e18c842290877491f702e3
Data-1c44d57d2033f06a18e2b8ac:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_ef1b8dab3253a5c5ac50b417ce669a9e0c230a6162cfdc1b88bcc06195c03840d7ce8b70d5aeae396ec92a34998be7a903c24b4612567b634c4ca99a389397ec
Data-e67daca895b962adbeb0d248:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_ed1d0f30b26329c8d1e0b66136189aeb815e748491686893d249176ef1ba38834c8352cf14ecf9f135a6be3a8e1ba6236155551c9c449c8fc0de131f8b6a4c1b
Data-499faf50b93d91443bef3143:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_8f096924a594fdf3e440a46a6ad82cfda769eb6dcbd91f00294a979e9de4e6f6c05cbe26c4fb70d8d8b593d25ea61aa5d7510015bc3280b8276e0378c6b4822f
Data-7014081286aee55294dc79af:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_f1541fe43ce401dca8ed0bca2f6eac15bffc3d1369223ee38b445aeba56edde91915b1d3b25adaea5c2fc7198fe04740e8393a798f17f0b68f935390bea3ec11
Data-d3b25debf972678b01fdab1b:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_6cf9cc84b1db23cce83edc06f55a17e7735a69def57210ffb7e37a9cab6847bd1a5562ae988c978650cfddceb4dcc8069cd1a8b6104a0fb741acadafd0e34c22
Data-6234ee6def1b08eaa107e49e:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_29c27ab30c19d4d3c4459ca5e445cb3a34d39772a06fb890f92dcd6c79419d95fdf2c141c00d7e5315d5276225884bf0f9225f29e5b1459bf83166a9c0bec23c
Data-1a9f5b44d0a4f86291e6804a:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_3a53ef61428cbb77c4a1b13f466c8da9c695154f52873283e85f2952cc6cd11003b19af5cb0a34522c84e29acbcadbf6fb466bebca1ea8e122fd927c7967d62c
Data-61592244c950473e453a66d9:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_843e503df6a7372615f7439aa7f0646f8948a7af7fb1f2992fb218dcec17cb14a5ea059f3967484dd8f0914cb309f17e4eeb7b482333fafa4b1078b1e01903ec
Data-be451644eb97731c2a183846:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_729835c67b4dc61cd1a35c9e305c9ae7398bec23eaa1f6aaa7cfd7335924eac2da115b92a4ad4f182f407115aa16b1de01bd5e4a13c10e763916111e4aaaa1da
Data-fd368f78a073d12dac00385f:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_4c34f3023d2c4e8626632fb89c6c52bc951cee9f2ab792aac2d318267a489ee74efa95b523b86833ca19c109d41e8798b266fb6b74583d33ba442a92053b81b0
Data-5c0da544c19b2bbd52336ea2:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_45892d2f3904317b1b59ffe937a061fe11c0424a228406f6e110d274dbf715a0bca099b931881e3f66941228a0bff2061f67e9431ba23bf8d77c313524dcbe56
Data-b18c55c05e2ea307375f342a:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_5c83e876aa32d700ed76e1a193fc8ac81a09436692677d454ebe6826d519abd1faf47fb18a631f475eda18bd2e002ca01181665323616796af9d90d78e242366
Data-bb81868472d2ccb7c7e10baf:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_811179a69391e6a961a5322e511dfc3f638b665e7f9091d53d3320bbeb1f9f2d1fc923ccbc29fac703f58ef60fffcfabe636cbd6a532b8819193a72d5d99150d
Data-faa9344e8fa0deff736c21ed:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_835e4fbdddba4bf2da5e986dac456f53bc6e9a0f027a026d7e92fb592927f47dc7eb387cbdaeeb4b2f6b743c0e650d36d84ec37ed677f3f43a6929dd09cff66b
Data-73068ec728e56a7e5e5748aa:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_a874d05f71d7599fc9794e4e8b3393285d35cf20e31d5eae3d2e52fd7f4bda6713b15a0c3a028eaee03acc403cd5b10c2bffcfaad3441478ed196d3ee9d4b972
Data-6dc5e5fb73e1c3d1ab055971:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_43ad6588d3165db097b4772330cfbeb52ba7227decb20aea7f5d90adf7f44efa03ef2e8cca363d9532801c1ff921adabe6f649dc1724840094da4d12044f8d0d
Data-922e746d803997ffc9f18cd3:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_df2ae2e2617e5e49d44b92039ac74a6770adfcedce3914df14a2939040ae11b232a5aa557a8f1fd327975361268b7cee2f4d0a1bb65787251d213c42292f34e6
Data-1d3cb2a3fa1515b170fef211:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_db10976126add38cdf3b3b0f7d103cae2f89ef694323bb970d15fe34c5440ac5d90ac8c690ce4ebcecd5ef7b6d4a42322af21f72504aa044c5d247a87879269a
Data-07303f0b08198de9b973545e:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_ade193a88a9071fdc27c289564bd2199e2290b9f7daccae604722a8051009e04669c05704ed999ff6d708ac4249a0fc440ed9c32cd73d10650b9c4ede92f91d0
Data-826864081f620bcd83c94521:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_c82836c9c0afdfb037e8289e98a4a95321a244e155e255363fc7a4054ef02cc4517660926eac89f7eb9055d2bbebe80e18c617f367d0d09051b8df5387287ece
Data-0cb2e512830b5b42647016cc:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_cdbea3652919305cc053c0824de2a2ad8e715de140754422a94eab1bf1c3339698264dba61133b71403f0247f17ca8e6aadecfe7af328097da1f8d7724385eae
Data-0d99ddf804cf8b8178e1bd1a:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_7be16ab37e03da629e3a4023507f6b4ca7bdea2bd4a261069f4e169d419ad726c44fb522c7b466f9e8d201cf22ec50d0f027504bb4eac9d2de5b6e74eb806e18
Data-9f7f6b2eee36941ce6b09b6f:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_2675f438fab3bc28b6b624bf5905e1dd77e104a55c6e113cf429dfc2a652ed3dcb3cc7b11fd0c7dfb64f240747c4202690806e9849a2c506d77b91131792b80d
Data-4d32a6ebc261ab4a818c7a04:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_1d147f70d829958897f3fc843a2b8b49e41c5bf6f365e27138693ebc7023e463889dfda0ab9736a6fcf87c47dd6fbdcf8c458031ed8a1dcd2f526702a6a80eb3
Data-6676c8379a6bb3e232d66530:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_18a16ae2f329ff22b9536121f878fac08f2ba378d2fb3e460e5b9417c19cfa03f3ff7ed324cb4baa7d47ebbe621fd17743e5101320de2b27794ca33c1e91ffed
Data-40e004185ae418000e18d0c5:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_4c5f69f0667e19af2cc17e1f5e70c3b38bc0d36d80049f44f3f98b25bf3f8b21dcdf56180bb3a48302516f8ced24ea34d843c48f76455c797784413cf1d8ccd6
Data-72ca97bb44b6aa4156b621da:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_ce4204e5529d790bd4e8f21d466c681212d3d71920c29271d0d04505587a02f3fff897036b655e24ad11e5455b7d0b9867f812add6e993b80ae1a09b4c85841b
Data-d29205d52ac29547c607a0df:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_87d1e9f96c63e7ba9b235c1310217bbd54075ec6777e9fd2dcf17e7e6b472a4cd4d3877244b1d906dbffbe40ce56faa378fbbb76c3c0a9b5a564d34bbaa92c24
Data-60ce90f1c1038762b15e5ebd:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_798aca3595a46edaed46ce6b7c999e09e243d216a814ba8a672cd3e9fc945efc16ca94ab4a47479f29192618509fe5def51b97ca23046964b4e62bc5efa665b5
Data-5fec29609887316a8fc51dd0:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_3fd008419b0c9db2ad347c1bde323610da0c80486af3cd996bcee37f5bdc925369357cf2faf8639bdadc487c9ddabb3b219942ef883e2d5581d7e3e9c9cb3139
Data-6e9dc578540ac555db19f639:	752aeb17fe00_59cef5c64bc04d1d88ce9fca9a882d18_9dcd72d40bf9aad5_6cab90fcba594fe15608a02d25660684fe1500cd495a5f32e1f2ce5a44cbeb946c2df24b0f4f6b0ea8bcc50b9dbf90b4745e58ada4df53286bad630052d4f9fb
Onclick:	openDocument()
Style:	cursor: pointer;
SVGVersion:	1.1
ViewBox:	0.0 0.0 960.0 720.0
Fill:	none
Stroke:	none
Stroke-linecap:	square
Stroke-miterlimit:	10
Xmlns:	http://www.w3.org/2000/svg

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

218

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

632

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2128,i,17350671056521733551,8703366309022327689,262144 --variations-seed-version --mojo-platform-channel-handle=2332 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

133.0.3065.92

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1328

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x308,0x30c,0x310,0x300,0x2f8,0x7ffc4451f208,0x7ffc4451f214,0x7ffc4451f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

133.0.3065.92

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1496

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6952,i,17350671056521733551,8703366309022327689,262144 --variations-seed-version --mojo-platform-channel-handle=8028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

133.0.3065.92

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1576

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5976,i,17350671056521733551,8703366309022327689,262144 --variations-seed-version --mojo-platform-channel-handle=7192 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

133.0.3065.92

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1580

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7924,i,17350671056521733551,8703366309022327689,262144 --variations-seed-version --mojo-platform-channel-handle=7916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

133.0.3065.92

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1580

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2200,i,10766887836698007959,11121179771602372126,262144 --variations-seed-version --mojo-platform-channel-handle=2332 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Version:

133.0.3065.92

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1644

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sicecon.fiscalia.gov.co/denuncia/ingresoPrincipal

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

133.0.3065.92

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1816

"C:\WINDOWS\system32\taskmgr.exe" /4

C:\Windows\System32\Taskmgr.exe

—

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Task Manager

Exit code:

3221226540

Version:

10.0.19041.3636 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\taskmgr.exe
c:\windows\system32\ntdll.dll

2120

C:\WINDOWS\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\explorer.exe

—

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Explorer

Exit code:

Version:

10.0.19041.3758 (WinBuild.160101.0800)

Modules

Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shcore.dll

2200

C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s Dnscache

C:\Windows\System32\svchost.exe

services.exe

User:

NETWORK SERVICE

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Host Process for Windows Services

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll

Add for printing

Total events

24 517

Read events

24 317

Write events

191

Delete events

Modification events


(PID) Process:	(2120) explorer.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:	write	Name:	SlowContextMenuEntries
Value: 6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:	(2120) explorer.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:	write	Name:	CachePrefix
Value:
(PID) Process:	(2120) explorer.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(2120) explorer.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(1644) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:	write	Name:	failed_count
Value: 0
(PID) Process:	(1644) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:	write	Name:	state
Value: 2
(PID) Process:	(1644) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:	write	Name:	state
Value: 1
(PID) Process:	(1644) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\459354
Operation:	write	Name:	WindowTabManagerFileMappingId
Value: {16C89722-BFCE-42B8-88A0-2C09BB89A113}
(PID) Process:	(1644) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:	write	Name:	user_experience_metrics.stability.exited_cleanly
Value: 0
(PID) Process:	(1644) msedge.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:	write	Name:	S-1-5-21-1693682860-607145093-2874071422-1001
Value: 5385831F7E9C2F00

Add for printing

Executable files

Suspicious files

396

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
1644	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF18d9d1.TMP		—
		MD5:—	SHA256:—
1644	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old		—
		MD5:—	SHA256:—
1644	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF18d9d1.TMP		—
		MD5:—	SHA256:—
1644	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old		—
		MD5:—	SHA256:—
1644	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF18d9d1.TMP		—
		MD5:—	SHA256:—
1644	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old		—
		MD5:—	SHA256:—
1644	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF18d9e0.TMP		—
		MD5:—	SHA256:—
1644	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old		—
		MD5:—	SHA256:—
1644	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF18da0f.TMP		—
		MD5:—	SHA256:—
1644	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old		—
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

103

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
4120	msedge.exe	GET	200	150.171.27.11:80	http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:VeH-tsA0LzTnQmYXn3WtTzv1kG36ll2i_fIPITBwixM&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855	US	text	97 b	whitelisted
4120	msedge.exe	GET	200	104.18.38.233:80	http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt	unknown	binary	1.53 Kb	whitelisted
6936	svchost.exe	GET	200	23.39.28.44:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	US	binary	471 b	whitelisted
1268	svchost.exe	GET	200	104.103.72.96:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	AT	binary	825 b	whitelisted
1268	svchost.exe	GET	200	2.17.245.133:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	NL	binary	814 b	whitelisted
7464	svchost.exe	GET	206	104.103.72.50:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1756998970&P2=404&P3=2&P4=niexj8uLuIyJBntkXhP08naO4KncLGluHJYkK%2fHQRM9dOK2B1MfMVPXBcknFI2OKlwLmda3Y3k2pMoCSX4wxvQ%3d%3d	AT	binary	1.09 Kb	whitelisted
7220	SIHClient.exe	GET	200	2.17.245.133:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	NL	binary	419 b	whitelisted
7220	SIHClient.exe	GET	200	2.17.245.133:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	NL	binary	407 b	whitelisted
7464	svchost.exe	HEAD	200	104.103.72.50:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1756998970&P2=404&P3=2&P4=niexj8uLuIyJBntkXhP08naO4KncLGluHJYkK%2fHQRM9dOK2B1MfMVPXBcknFI2OKlwLmda3Y3k2pMoCSX4wxvQ%3d%3d	AT	—	—	whitelisted
7464	svchost.exe	GET	206	104.103.72.50:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1756998970&P2=404&P3=2&P4=niexj8uLuIyJBntkXhP08naO4KncLGluHJYkK%2fHQRM9dOK2B1MfMVPXBcknFI2OKlwLmda3Y3k2pMoCSX4wxvQ%3d%3d	AT	compressed	764 b	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
1268	svchost.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
5944	MoUsoCoreWorker.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
5884	RUXIMICS.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
4120	msedge.exe	150.171.27.11:80	edge.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
4120	msedge.exe	150.171.22.17:443	config.edge.skype.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
4120	msedge.exe	190.157.218.19:443	sicecon.fiscalia.gov.co	Telmex Colombia S.A.	CO	suspicious
4120	msedge.exe	150.171.27.11:443	edge.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
4120	msedge.exe	95.101.23.80:443	copilot.microsoft.com	Akamai International B.V.	AT	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	51.124.78.146 51.104.136.2 20.73.194.208	whitelisted
google.com	172.217.18.14	whitelisted
edge.microsoft.com	150.171.27.11 150.171.28.11	whitelisted
config.edge.skype.com	150.171.22.17	whitelisted
sicecon.fiscalia.gov.co	190.157.218.19	unknown
copilot.microsoft.com	95.101.23.80 95.101.23.48	whitelisted
crt.sectigo.com	104.18.38.233 172.64.149.23	whitelisted
www.bing.com	95.101.23.65 95.101.23.72 95.101.23.80 95.101.23.67 95.101.23.88 95.101.23.75 95.101.23.49 95.101.23.98 2.16.241.224 2.16.241.207 2.16.241.201 2.16.241.206 2.16.241.218 2.16.241.211 2.16.241.213 2.16.241.219 2.16.241.205 95.101.23.74 95.101.23.90 95.101.23.82 95.101.23.43 95.101.23.48 2.16.241.222 2.16.241.225 2.16.241.204	whitelisted
ajax.googleapis.com	172.217.16.202	whitelisted
maxcdn.bootstrapcdn.com	104.18.10.207 104.18.11.207	whitelisted

Threats

PID	Process	Class	Message
4120	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
4120	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
4120	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] BootstrapCDN (maxcdn .bootstrapcdn .com)
4120	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] BootstrapCDN (maxcdn .bootstrapcdn .com)
4120	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
4120	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
4120	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] BootstrapCDN (maxcdn .bootstrapcdn .com)
4120	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] BootstrapCDN (maxcdn .bootstrapcdn .com)
2200	svchost.exe	Potentially Bad Traffic	ET DYN_DNS DYNAMIC_DNS Query to a *.duckdns .org Domain
2200	svchost.exe	Misc activity	ET DYN_DNS DYNAMIC_DNS Query to *.duckdns. Domain

Add for printing

No debug info

General Info

notificacioìn_judicial_demanda_penal_por_danÞos_fiscaliìa_general_80.svg

40C4A3FAA888FBAD0936BFA9A224D081

3B30017F5EC9E85CF52EADCFB91C863D65FA0BEC

B614E30ED6E3A6C885E7E2B5E5B31D4154713948C1B990637C491DC0917BC70B

49152:TqocyAl7W7Z7BZ3NYS7grrpEVPam7nXgZUhKxjl3n4IHoPzhMTP/D6hDXajONg0y:K

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

GENERIC has been found (auto)

HIJACKLOADER has been detected (YARA)

Actions looks like stealing of personal data

Executing a file with an untrusted certificate

SUSPICIOUS

Executable content was dropped or overwritten

Connects to unusual port

Contacting a server suspected of hosting an CnC

Possibly patching Antimalware Scan Interface function (YARA)

INFO

Reads security settings of Internet Explorer

Reads the computer name

Application launched itself

Checks supported languages

Reads Environment values

Manual execution by a user

Launching a file from the Downloads directory

The sample compiled with english language support

Executable content was dropped or overwritten

Creates files in the program directory

Reads the machine GUID from the registry

Reads the software policy settings

Creates files or folders in the user directory

Create files in a temporary directory

Reads Microsoft Office registry keys

Checks proxy server information

Malware configuration

Static information

TRiD

EXIF

SVG

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings