Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
23-04-2023 02:38
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://mqdownload.com/x/VIKPIKJ?t=2&title=Kio%E2%80%99s%20Adventure%20%20(v1.0.3)%202023setup
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
https://mqdownload.com/x/VIKPIKJ?t=2&title=Kio%E2%80%99s%20Adventure%20%20(v1.0.3)%202023setup
Resource
win10v2004-20230220-en
General
-
Target
https://mqdownload.com/x/VIKPIKJ?t=2&title=Kio%E2%80%99s%20Adventure%20%20(v1.0.3)%202023setup
Malware Config
Signatures
-
Drops file in Windows directory 3 IoCs
description ioc Process File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdge.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "46" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31028637" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008a702c863227b745aefca3d2bb9571e8000000000200000000001066000000010000200000006de75932f38a272c865dccd175d00407e962ebad79918692640cef0544301232000000000e80000000020000200000000046963b50a428ab4a1688373bb89e65e8c2de511d603b6070cbd5bd225f90eea0030000bab338f88ceb5351d49d5ffb0b409787cb76dc93a517b50a0d06cc1d9da0bf877a84226eaf909fc8081c29893078507299abb1e32552bdaf8b1b377635ba2e9bc60b4e1f8af094f02b400ad2e544617e1240988a81cb9126214f3c21b2e1951cc971c1c9ec28d8028eda8faccd6ac4564f4ad28cc294f3f7c8be5f9a029f023aecef46fd01886e8e77525375a41233e467bed7c988b8a50789b84cfbf2550f0dc5bf23a642e555c7981d5b3e842b7bd6e77182e42abacc98d80d2b987e4b80de77fb38bb22a97f0de8b726768b4461371ead63cfff86ae17ec50931d0b22a2f3ae39fd27a2a572191806876b8f3d8df9aec77c9e2f0f04cead8e1de8bfcf0efec2df48e00b3231e7b3fe4c0f998425d4488179c24f3fa38c722c899ff72e60bf3a3e3454b20abed917f10ce1681efbaa53691ea7f40e8e7c560d62eef1de9bf40613113273713a0b2b49fa81e815669c120c15227c04b0bb6be24f5c260d31bf16b62f80d3b7854d44fac7d7f24b60879fe765d760ef653a855ae50a06a7ab57abc186bf4068623b597de693da1b985422600469891b744294c6d1cfefcc70ac4030f01fbe1f444c9de05ed7d490dbfbccf1f46eaef9eb4e63f4988adee9cb39b22c762c5feab78062f61293d58def0368bf7ca0dac9dfc6a58e183d629921f4b675514c6b84a377eb37e4cb41da3107785121011cec90b4546401bf19e1477a552152b786d029e504b2b95faac1321f05110e0e8869306a396425c8ab84b97844d6b810ed5a873fd811c863fc1bf2af3115cef4a382e42e2ee3096826eaf2b51aec3c3a1a71b3bb56f8b3098e73de8ee1f4444da8259c689a8237aad464732985452d064121fc85f69498ba5883a4bd69d8b18acd7d3859cb0720ed126895f205819e0e498d635718ffb120f18ac215eacfadcecd960c7c8d5fc3a8e72aae294294ab1df3b34b3c42a63c89cc378fb9e0668b354ac1df095b7bf8a5464ea45b7bcdf976327c518938c8e5f025f43c5f45dfdf9354629d93ae534125bfb2e86c279f07b72f0bcdab6b986efbdbe88b9a40dfe5aec9613f0592fd0d6c1bec6abad53752da398517b495d4cf0a852883a958f33e2f411396fa298ddd889579e3d763d3ea082a8f4e031dea79605f377c99653f6f9fe67acf4dcd8655c076a4d46d5dcc62885d8809b23053c9f9e5dccebe57eec9c34e5dfee84d6b6ca468d6021c65104f558733d776c0cf46cd9c2218f5caa19c21beb7f858cd06579c842e8558bee78e9425ee2481f111c6a801be8e7b736c2e253be1fc940e0a21189f82578940000000681ebbc39a5e5bd6f77938d591437990e5b2aa2c78d074361fc3902dd14ddd773b1f969cd73f819a1283b3651b5f9afd7d2a92d7a5ce5ced59ea40ee24e0fedc iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "389006311" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "21" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "32" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "32" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "2071" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Toolbar IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b02ca3a59d75d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "389038302" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "2085" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31028637" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\msn.com\NumberOfSubdomains = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "9" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "32" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2587528381" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "388989716" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "43" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "64" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C47474B7-E190-11ED-8E3B-FEFF0DC94917} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "23" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "46" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2085" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2750029125" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "16" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2071" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "2085" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PageSetup MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\LastClosedHeight = "600" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://login.live.com/" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Pack = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url3 = "https://signin.ebay.com/ws/ebayisapi.dll" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\EnableNegotiate = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8ef5dbb59d75d901 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\Extension MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main\OperationalData = "1" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\SmartScreenCompletedVersi = "1" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d8d982b69d75d901 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000614d7a1da17a680c67af5f0b1ade245571ec046666ed45e296668fb4b0867d2db281b3645e7d4346b8c61986673757656e01cabbe84ed22c8862564eab3249d7069f9e5256c5d1bf720f11346cfd235968cff402c584daa0d6dfb1074c5b85a0db457a7bbd71a6919a28e9533250d7da2df68d093cb0726b0f7e4c899620effa0115ed3ac0a3f28783b3e82a3a505b091516128e84f0b8fd5eddca7f79a39fe368adf5a5c67a9058504fa9c6741dd052cece4db38965c7aa6c9db4c3e202735be6ae36077d163326e49bdcb22cd71a1ca4c0bc0652302a92aa5ea6951f5f19bf08b946ed5a978a5439394b37179e43398c8ba5185c6f22deafc05fe9b6d84fe5a16cefcbe01c99af23c87c8d2e920e36c5cfd7a29e43ac4ef863f7bd498fd80d2769bc26c1c7e2daace7ae2c01d3f96ff02c813b9fcca9169ee78088a5a282a24e4e84524db7141b003884800b81a8f9e6425da1602ba40955ed95b33d33d2caffbce5c3770ca269565a00aa09bcdc5b08b1188c197e60163d139922a4607ac63254cfe975e61bd6a0ec655007a4501557195319cae6e61204cd5f861b32b973cadd3c84fb00 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\InternetRegistry MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 010000004306729afb57438dedfea84344365b15f30b4b9ddf16583b2852cbf84c8c120eea190a6800bdabc4a5ef5d87ed03902c70c490cc128ed0ede20b182f7100da47e7de62c9080fd682ab19c180916bc05b2f12bb2dda7bb0d5caa9 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CacheLimit = "256000" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\AllComplete = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "https://login.aliexpress.com/" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CacheLimit = "1" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\LastClosedWidth = "800" MicrosoftEdge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4604 iexplore.exe 4604 iexplore.exe 4604 iexplore.exe 4604 iexplore.exe 4604 iexplore.exe 4604 iexplore.exe 4604 iexplore.exe 4604 iexplore.exe 4604 iexplore.exe 4604 iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4604 iexplore.exe -
Suspicious use of AdjustPrivilegeToken 9 IoCs
description pid Process Token: SeDebugPrivilege 820 MicrosoftEdge.exe Token: SeDebugPrivilege 820 MicrosoftEdge.exe Token: SeDebugPrivilege 820 MicrosoftEdge.exe Token: SeDebugPrivilege 820 MicrosoftEdge.exe Token: SeDebugPrivilege 820 MicrosoftEdge.exe Token: SeDebugPrivilege 3516 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 3516 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 3516 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 3516 MicrosoftEdgeCP.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4604 iexplore.exe -
Suspicious use of SetWindowsHookEx 27 IoCs
pid Process 4604 iexplore.exe 4604 iexplore.exe 2740 IEXPLORE.EXE 2740 IEXPLORE.EXE 2740 IEXPLORE.EXE 2740 IEXPLORE.EXE 4440 IEXPLORE.EXE 4440 IEXPLORE.EXE 4440 IEXPLORE.EXE 4440 IEXPLORE.EXE 4952 IEXPLORE.EXE 4952 IEXPLORE.EXE 4952 IEXPLORE.EXE 4952 IEXPLORE.EXE 820 MicrosoftEdge.exe 3156 MicrosoftEdgeCP.exe 3156 MicrosoftEdgeCP.exe 4952 IEXPLORE.EXE 4952 IEXPLORE.EXE 4952 IEXPLORE.EXE 4952 IEXPLORE.EXE 4952 IEXPLORE.EXE 4796 IEXPLORE.EXE 4796 IEXPLORE.EXE 4604 iexplore.exe 4796 IEXPLORE.EXE 4796 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 4604 wrote to memory of 2740 4604 iexplore.exe 66 PID 4604 wrote to memory of 2740 4604 iexplore.exe 66 PID 4604 wrote to memory of 2740 4604 iexplore.exe 66 PID 4604 wrote to memory of 4440 4604 iexplore.exe 67 PID 4604 wrote to memory of 4440 4604 iexplore.exe 67 PID 4604 wrote to memory of 4440 4604 iexplore.exe 67 PID 4604 wrote to memory of 4952 4604 iexplore.exe 68 PID 4604 wrote to memory of 4952 4604 iexplore.exe 68 PID 4604 wrote to memory of 4952 4604 iexplore.exe 68 PID 4604 wrote to memory of 4796 4604 iexplore.exe 74 PID 4604 wrote to memory of 4796 4604 iexplore.exe 74 PID 4604 wrote to memory of 4796 4604 iexplore.exe 74
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://mqdownload.com/x/VIKPIKJ?t=2&title=Kio%E2%80%99s%20Adventure%20%20(v1.0.3)%202023setup1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4604 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4604 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2740
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4604 CREDAT:148483 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4440
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4604 CREDAT:148487 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4952
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4604 CREDAT:214022 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4796
-
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:820
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:800
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3156
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3516
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD598b4660c580e85f4fa20e7c89110895e
SHA166807aba36a51d3e7c0c482b773c512bab8d36da
SHA2569c821646b6a98cf7db4937ece502de702c3af88d8311f23fc934052beceb3124
SHA5122d705884e8968951d6383f38b68f53561635cd9a813ea419e6b1dc425c3a7d702b5121f885fa513a2c5c18f82fe9c3445340ce8908945ff5f618ec14c523eb7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
Filesize1KB
MD53b5adab4b1c1fa1adcc013d4ae4369cb
SHA1f9afe2e6a0fa8026b34b0c52222c0c8a07646076
SHA256380654b0e1338bab9fb6d910f663f0412b2dbd8050f79a19b0cb9d4b60a67513
SHA5128f04b20af0f91bdb6089c12a7758159ea34f758e39adda79629c22ce66f28c08972915a06e80be3b0ae9f4d4e5404ba1bc9a231c886afd40f08fec05887e50b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize1KB
MD5a39c358c4132bc32fa839b807a9f3195
SHA1b6fa0cd1109fcd3cf0c762879e754c14be7cf65f
SHA256564c3fda94bad21c79270ce9a1275800dafa8ce40caa0f2f15adac3c28bc101e
SHA51268521e8e2c599b9012be04b630055037f223da0b7fe70bb8b19c1e7784da863cf60477ccac09feeb164a42f53ada8c27816badd72556c6b7885b13dd463dc91b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
Filesize1KB
MD55198a09ee4a5df3132b35c019ff6635e
SHA1d0510f2e795689b76063de6f0dbd35ec2898b042
SHA256032ea858967fcfe0a41c3fa5e206c6d8b5b8f7113e5f7142c81d82756095f99b
SHA512c66619d8f33fdf40652e765fa3602f939a9a1f298ec0a47e0713b55e739888341eb15e064ad7575ca3df7020efcfffb8e165ddd725e35e3696fc891ca11d9e05
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD55f4619eefe020437b3246e25127c11d1
SHA15540e47175acabc053f946d8c2e0246d3ea297f1
SHA2566778145d2e3aff3e6e9e65d210cb7958c5fedad8a59f0e8b7aa876abf1b182d5
SHA5124f031e2f2bbd36477ccae8f3dc14df4c735314d4e06fb3e7be16f2c718830cedc1cf775ffd668abe7033f33bce270b9fa6cada4f944264e9e210c5af5cbfbb80
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize471B
MD526ee6b1508991211c8c578b16c7d6cf5
SHA11151679a2f401bcdbce26b6de154c87e4b1564e3
SHA2563d96ab5c15b99088ace161b0f370077d7fead5a54013301ae864287e129003b8
SHA512a50ee89ad3cb9761d2f06f206296bbcfda755bf446a5acd04306dad1bc490c18824f1666d7f0c7ffe566ae91d8a40144d65576a35917ada97c3b9ca877ac4adc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
Filesize724B
MD5cfbc16e33dcbef6f773f0f79af528f45
SHA1ecb8d5e8107bc671dd57fb2a137c00bffa419f1f
SHA256f0937890fb1053069baac97b7992c6d22cb74cae20317fc05d51070d96950ffa
SHA51259ac2ead1eb84edffb06867850beb1e63f72c5b5415abd2fd4e7c2a1922c368f612d2a0288c00e32d5da47c4a77968ffbe72660a8d1f577f44fb20df9c11a4af
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize410B
MD5a167cc876179ff9bfea8d3d853afe5e7
SHA187846c75d7937ae533c27dd72b79a6b824b53ae9
SHA256e1329e32a7ac7083d042c39d48f4921f6959c6fcd478eac5b334a9af81205b3d
SHA512767aa276b5a20ad8f242b7750141d719f87ee917eb845b3d21c2615c0005df1da87c95272d4338f6a729826013169523d3321bb117b1871138bcc05313aeef9c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
Filesize416B
MD54c1a132d41495b11784c18537b402204
SHA1c81d4bc65fc0572c018e1d1c2a36c3c05d233523
SHA256c4a8435e7f88c7b0149cbecdc18f7abb6df566d8620bb4cfcb979e4f17f047fb
SHA512cf2d8ef190552363754a43592e2e3453f5088078092138e42d46c31fd7ffe9e6f7b54d6b1bd4815716433241deeff0ed4c9af26ee36dabc3a5ef3b658ba8c8e3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize438B
MD5bbfe4d759c7a1d208d12e1cae4fa46d1
SHA193ae5e9ef02af9fa58e929bec93e23a74667c0e8
SHA2567ea3441a0077c7144c0de2171ae1f74ec4fea0d7958a522fedcc42ef6b7d0f51
SHA5124ff05f482e183add2ec2b64dbdae6471669e1e940aa2cea422bbd5e4ff35cbd678aabd0494d2c70f6e86896f1d3b836b775a91c97566a4544e506ed5522d674e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
Filesize404B
MD58a028352ecbffd8c019da296d2f4d863
SHA12a37426cb475e1a976dc929086a71fa42980226f
SHA2566ad591d8f8bc8a0d1415962c04c5e17b3877cd0f8084517688a0681ca995f882
SHA512f703a2a331929c77767bb62939c7683590039f006d3e10ade87ae501e19b9fedf11c42d201d9b84ccf5a7dd1011569b051dd2052581d7077e305132bcb6a6cac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize434B
MD54001ecf3ca0188631590a30ade248ad6
SHA1c964649e9003161ed72ecdbbaff45c3e046c530f
SHA256991c5d4b5ed66f3de31cbb9ed0c48003efb82463fc10f9d2bcfe64e2dd5e2411
SHA512a20691076de4ea0f525dbe6a46c7f6780e3f3c3e14cc81c8aa1c072bb05db3d8725f6c5098dd7dcf3db045dd1437ca97ef347e2bb1e1ad12c6e03a9e9a8db690
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize416B
MD5d1fd1ee0f2533c3a0c2dd52cd4285b50
SHA1f1eeb84e68b37fce6175a227112c1c7b553925ed
SHA256a02dbb971a0c5e77814ce4b9d3ddb9812925e406cc1986c534d339eaa3eebb4c
SHA512766cc885e4aa55132aad4103f4d6b4793089da3dbdbf07c6d467f497c71c43a5010187e32ce4b435ae9d21f5d218f8dd3dfae629a6c40c97cbe94295dc5d2d8f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
Filesize392B
MD5a80807750395ade145c3ed67d1d9853a
SHA16021c8099e588e789bcf40a49e68dd13c7087029
SHA2569177c27db2678dc38524707ff4706b53cbf6429912819a418391036f9031af36
SHA51274b63e0740832314974b4f832a694b3df5f503a29d4024c2be130fb7adad242525a13b5513725ec9645e74e44cbc4f2aca598ef5572d706327c0f8ac7a2d9867
-
Filesize
361B
MD5fca2ff348c35f562b296ad326a00869c
SHA1de38b7438b7b7b0b208beb82889af4c3da2ecd18
SHA256d993fbf8b33a5e145a3be7921f5cf01dbd363eef220650ba751137e76fafa225
SHA5128fba534e0617b3486b07df1779f7e283b37c6b7dbfefb425ca3e0b4cb86f0c77958fad3530c39edb3d09094648d22758b4a7bae7bd11d8f672839c789623bf8d
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
50KB
MD5d93eb218a749e4080f4b1c79153348cb
SHA15446b1bf36c7a1ba7e656aed6f84415518561b4e
SHA2560871043211b79bc3b23532e1f637dfe6fbd9a4bc69fde006fdd122cc04e14b9a
SHA51241f350b3c797d0b0d312be5a31e536f7f7d3c82b018ab7b741f7e2ce492ceee604815b285b179d4fb84951bb1955facaacb4c67ddf42327b0f8412b2c24d37a1
-
Filesize
33KB
MD57fb4a1f2d92cec689e785fd076ae7281
SHA1f3477f75f8d14dd3bcf5f50176f8cdfdcd3944f5
SHA2568ffb08e22d8848b0dc64e13ef43a5db913a3b4c112f67b0346f1508f2811aeb1
SHA512bfc68283080028dd1b93bf28600f2abd8cb3c375c6433649972485e027b6d72e81535221ff2c89c2e5b255dc24ef3a1db28129a95eb872f236ca624f1ca9d02c
-
Filesize
16KB
MD5766f4fa408c8ff5c81103859d1feb38f
SHA1f98c0dd1f60ec436ec5c0f5a18b700bc881aefa3
SHA256aa96ca3ac4b46764c3c5c6e6196debd29e1dae3e50f5302f6fe847989458f086
SHA512e936080535dced787796317d10d8c0e7f995f348293aa9410ceec20d193f92233df5844ae9f9abe5241e5e083307c69ed1349ca74a4d78b57c66cc01a36e6623
-
Filesize
100KB
MD51f9ce2a5856043b3a3910f5fa7366aa1
SHA19d86db46ddbc7440d5c81d6bac746ff2afdf266f
SHA2566c4a421bd4a8251bb6ca8d9591d44a40619375568ff2b3eda48c5e6ffeca0c0b
SHA5121b9d5e4ce34b821e1c05335449ed00b6f91868ea3d59b63eab52d425c0c0b70ef90d1dc36b75389ad2e648f6a6eec86f7e9e339b760aa8c33cba9b09f556af29
-
Filesize
485B
MD58708ea8772837ad991c926d1cae9ab5b
SHA112669390017a2af8c2c8f86858f02dcff78550d7
SHA256c03e183ce02e29e8e61b27552b09a87de02588ee264cc4039695ad90b15a43bb
SHA512ec9f9ca77123dc78fb0b8ea487949a2914bdffa20b51de6bf725cacc7f1c8beee744e721490b8c674d1e98161368a771e45e42be7f0da531abc1d73c47055933
-
Filesize
499B
MD59f4ff75635a0a0a178037c2763fdca17
SHA1dbc56361330fb25b90a8f777210d946331c08eb7
SHA256d9c098164aaa40712452f4c4602c97e58d280ac5a8c2c84c32e990b6da0e2103
SHA5121bbcb9a375011e047310fba78b68421675f57bc1f138d9131096b5a100dc2d6ed954d5e335b05733ba491d4e1239092160a41ef18f39e01a0ea007b35ae9cd0a
-
Filesize
533B
MD540e36ca1ad6e14e4b8046939927d38de
SHA1654f4ec2c8c7d77588aba2c997aa20033b3acf49
SHA25696e668d70327ded7ba23bebca3d5408376f40c06ed9dd1def741386bf6572480
SHA51240215d24673ec99d3753b79a8847a74a7306ab6b08a3e2dcf4ceee08bb71aa0297b3a45602aac67bd8356ce39a2276520e5343ec93c1f89649518be1c2eff252
-
Filesize
604B
MD5d962f5cc640e6f25dbc1d86df2d025f9
SHA18758f289abd8f8a76c380738792844df6a25a9d8
SHA256e6129b61bea08f26a53f1f10295091e918440f38d815d31075a1b7f1d7f185b9
SHA51293be27cfa0fcca0de8dbbe32f42cb7fb25bba11ba6467e0c09a69932b81504c747874f94ef3e064113e62b83216e10e93b3ee8c430efcca79bc397ff0080c5a9
-
Filesize
612B
MD5018c34ed8697e06b3ccb9381373226a9
SHA1a4209d8adcaa074127f6d968a50db9019308bfdf
SHA2568fc5d2f3cbb1ff72f7d1bc418edbe9d65e57a0decef707d96dc01f50a2002a03
SHA51273375fb02c261b74a616e2e6f67fdcd56a9361383bc5037b21b93a13b1d1218ed736934a04b80ec251d75bedfcb0774b76d254ba397f932da528946a221e0b14
-
Filesize
82KB
MD59a094379d98c6458d480ad5a51c4aa27
SHA13fe9d8acaaec99fc8a3f0e90ed66d5057da2de4e
SHA256b2ce8462d173fc92b60f98701f45443710e423af1b11525a762008ff2c1a0204
SHA5124bbb1ccb1c9712ace14220d79a16cad01b56a4175a0dd837a90ca4d6ec262ebf0fc20e6fa1e19db593f3d593ddd90cfdffe492ef17a356a1756f27f90376b650
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PC8JD7GN\favicon-trans-bg-blue-mg[1].ico
Filesize4KB
MD530967b1b52cb6df18a8af8fcc04f83c9
SHA1aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588
SHA256439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e
SHA5127cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c
-
Filesize
283KB
MD5463d2e66710fcff44d3915c12caf5335
SHA1e80a0fa3e359ceafa2a80f5c84451d951c6b8947
SHA256824531c3073f6d80180df9e58f1574f2609ffca984faf66a596ce39bf39fc72f
SHA512277d83693093525f07cf9aef0754e31138f518624c84ae634fa8eef40f7e789fe90f08c010c100d40bf9e0bee60e29aab429cf98370b102801df9f35f311c4a4
-
Filesize
611B
MD5ad3cb17f0f277008fa6881704717aaae
SHA14fccd6ea591ef4a124af91048d9dd9a87fd2b3d7
SHA256647dc9b6a2adc72b49e6de4729354b1c5097b55dfda36e32d764d4804c368f50
SHA5125450d3d7c09c05fbdc2a7b43fba251455a4a880c34e9f55a4c0ffbadebc0c9eab6297adf0dd1752a74b2f6da506544f24602e1c0b72f3829597a3ec8b5861f84
-
Filesize
606B
MD58f7b0b5b63da463a5cd75950df22efba
SHA1c0c2eab41f8a9badc8e958cc28a94246081578a6
SHA2564ee5ff99b8a7e457da8b42dd93038cdb17e9464910d1a0c3da39c0e154c6b863
SHA512fc76d4d4d8533246b13a98ae1e63fbe075c0b486c35c9e3eeead8a219c1fdc2d84ca8485b3f9aea74ee4e2db6634ee6221687bc1bfdef6ba2c2dbc579c7e3735
-
Filesize
611B
MD5c000502bae5e607841944a9b135da202
SHA163f41a9f90f1db52bcc814e56def3c32d22a9f56
SHA256bfa1ed979ba38664535ae13351d4ee5c0210d95d93e2208a570f23f867198554
SHA512a8b5042cf4b61a515421988f60cb957a81786737e4844ec7b589bda8b855d173f17c3ec2e094e3cd48200e1bfa030c93e52e160028c68cb81bbe0364907fea51
-
Filesize
101B
MD5336aa8414f80041cd29479d995e02dba
SHA1bd709c4349097fce97b3eb72192e0423ce8c8060
SHA256e48b568bb0e388cee8e152296eee997f82484deaaedccc10514520471b03fe79
SHA512e18e6276740c97793772066ac549182b3ebf897d726d914b32d6c354bdb003526689fae74727966158cc90fe9289408470ad16396dff48750e71068780603e40
-
Filesize
161B
MD56f5f8ce3af6195fc6a86115d7cd51d2a
SHA1305a3af77517af61d5442c7590dca79a29265d8c
SHA256ce99fd8808217afdf29fea6ac53cddcff03bdda2927966b2e9d0cbd7b8f20a7e
SHA5128ff77dc27f8f2337ed5dbed268d7faa81011b47569467b28b693c16e8aa03aa5724885ad2476e21429c2dd45c7bf23ad1ee8b4e1f363963113354ef21d19cae3
-
Filesize
1KB
MD5ef289d8c4038d0960388c6f3633b4168
SHA102fe93597ca8483cc207d0d8bb1bb61c681b2e89
SHA256d6739eeca6c5c8322b2121a3e449da514dc5ac87dde0c7852998f8a1fa57b3e8
SHA5129e0de675b85d1f5f84156cb76ea8dfeb63f4bd4f85a6cb7b88193733c6ec953beab76d9642ff046361aaecf6fc955822750f4e44eff74559f7ede2441dbf4cef
-
Filesize
83B
MD582c62c81b25803f3014e2097911373d0
SHA1bf1cd8150fbbc92806b6c6d926911714e52c9ac4
SHA256b66a0f2877347d94374c48508d3c075a1ee9fdee797a5c55216f81c9752b316a
SHA512289f8a7b686739a58977b707e5a6b14327b3b27e6ad7ccbf67bda768697e76c18baa18ba06466ee4621fa41a5cbb8f4efd961c97ce65b0c9743612665990102a
-
Filesize
72B
MD5df52b96c906b963552995c2f808c7548
SHA1f6b8096996627dccfa0342cccfef54e23b1d9637
SHA25674adf14f09e3551d3c9c52e748fd1cf41733ed015fd41fa17b60d4a053801ae7
SHA5124bf5876a5b84c627a7d1de0f3aec0c82bf40be5be5909e3323eaa2c30ee4ae8cdfe455d0da0a01c4ccd175bd740151eeef4f9d554fd7b762f74f2eb2381f297e
-
Filesize
596B
MD567817a9cfd079fb3c66ec0bdbee5df3d
SHA1faa600331e5353e6d3f8c3344fe7ab84c10ab19c
SHA25604c42217f4e17518602cf2108a9e0ae8b96f73a3727c376a0b320f6b92cdc47a
SHA5125ad40407e892dbc497cf3bad3b4a57106bc3319a3f0f59544a4ed3d37434583dfc576860a1d330de1b3ed8314712791f05fcbc2324145f0ff383e11626c06b6b
-
Filesize
606B
MD5a4f8cf3d452a9428cdda3b7fe619ad38
SHA1686cc7499da99a98218087c37d6a1d373b048ed9
SHA2568ffd9447c11c2cbf7ef86231ce3e05d2651b201931091459b641512e58e9151f
SHA51238b36855ed405c0019d7590675a5b4c1388cd37c876a3f7c7ac96298b16011550580acb5fbbeca7c842dabb1597720ae2de17163a81c0020849fd55c1ac0aa0c
-
Filesize
611B
MD526a5cafc3bc9f8ae9229d5b16a9287c1
SHA1b040c333abe10242c9728fa136a69fd4cb48662d
SHA256cdce98df7e0d84f160dc1ac7d861369492923f14712a6d566a7b158e73f61dc1
SHA512fd222de6241cfa1db84b284f779c6f47c84e7d603d91210a0f834d148d68193c9b830048c2553938f4b116db42f0dc602026e2fb721720f2cc8cc1c9dedbfec1
-
Filesize
409B
MD547944bbc0faf10a913e8bf141d40cf7f
SHA1e3115221d3848703a170ecdced88eb121a5a5899
SHA25656b55272eeade8aee5261df541d7926d7b02f53cc44e7ba78f649f66fefd125d
SHA512ead2ea95e969fb34b65a06c06b3b92d294a4c9a4cd545b99b58988684c7e5a64c8b67cddd49ca2b8eaa2d113d8304dfedb43da888ac913e95c44505d92f8d3f0
-
Filesize
1KB
MD5b0da6d2b086e3765d14d7399226899bc
SHA1f6371427b8142df8bde3be36ced91f85592d680e
SHA256c65a28655c45af3caa8e080637a87a0f4ebad5fecf372ae51eec123d79649c54
SHA5120d5d6dc74fb8935bc10fe6f84d23cc44c7e7838842e8d25242e89bf085e78b8ed7ba4a4f07281c9a7a2532f7416d081f289109c84d6d666eeb7b0152afb3e145
-
Filesize
576B
MD5c7145ca4c98999884b1cd775f8859385
SHA1f295babbc8843244873dbc18c14216384d09a680
SHA25634d672d2c35fd2ef42414fd5b805d7bd25c8f942fd6653f20ebe868036db9e5c
SHA51220c2930cb2b5e649fd0a8a0f2436137994f4bf7f6aa3ec764c5ea9aeece782390077bf321238e99cd974e5cfbf71fd65dce2a94789ecc8e5e0078199bfe08e99
-
Filesize
255B
MD5794d66cf51961eea6c063354cbc6d8d4
SHA10aa1415c21cc7dcc915ad867df1d4db9254048dd
SHA2562d7b24487917b1f2ef20311c34607da8a37bc7e922a222f89c0b00bea8642022
SHA5124ec863193a3940d95fdefc2cbaa3d4312058367475b6d805a76df2e54d7f1a92c60515259458f62778155b317a7ec120f744f0aa42d210c5c53ca6279b0bf646