Malware Analysis Report

2024-10-10 10:15

Sample ID 230718-mylz7sad7v
Target ClientH.exe
SHA256 6136b0b9b28b52962f090cdf34ac650c4b184f3a65e863e2051cdc1219aff051
Tags
venomhvnc arrowrat persistence rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6136b0b9b28b52962f090cdf34ac650c4b184f3a65e863e2051cdc1219aff051

Threat Level: Known bad

The file ClientH.exe was found to be: Known bad.

Malicious Activity Summary

venomhvnc arrowrat persistence rat

Arrowrat family

Modifies WinLogon for persistence

ArrowRat

Modifies Installed Components in the registry

Enumerates connected drives

Suspicious use of SetThreadContext

Program crash

Unsigned PE

Runs .reg file with regedit

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-07-18 10:52

Signatures

Arrowrat family

arrowrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-07-18 10:52

Reported

2023-07-18 11:22

Platform

win7-20230712-en

Max time kernel

1799s

Max time network

1806s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ClientH.exe"

Signatures

ArrowRat

rat arrowrat

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, C:\\Users\\Admin\\AppData\\Roaming\\LbJIPffl\\LbJIPffl" C:\Users\Admin\AppData\Local\Temp\ClientH.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1924 set thread context of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1924 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe C:\Windows\explorer.exe
PID 1924 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe C:\Windows\explorer.exe
PID 1924 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe C:\Windows\explorer.exe
PID 1924 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe C:\Windows\explorer.exe
PID 1924 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1924 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1924 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1924 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1924 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1924 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1924 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1924 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1924 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1080 wrote to memory of 2932 N/A C:\Windows\explorer.exe C:\Windows\system32\ctfmon.exe
PID 1080 wrote to memory of 2932 N/A C:\Windows\explorer.exe C:\Windows\system32\ctfmon.exe
PID 1080 wrote to memory of 2932 N/A C:\Windows\explorer.exe C:\Windows\system32\ctfmon.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\ClientH.exe

"C:\Users\Admin\AppData\Local\Temp\ClientH.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" VenomHVNC wasted9sss1-57562.portmap.host 57562 uSzDNutNI.exe

C:\Windows\system32\ctfmon.exe

ctfmon.exe

C:\Windows\regedit.exe

"regedit.exe" "C:\Users\Admin\Desktop\DenyRestart.reg"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\TraceMount.aiff"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wasted9sss1-57562.portmap.host udp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
US 8.8.8.8:53 wasted9sss1-57562.portmap.host udp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
US 8.8.8.8:53 wasted9sss1-57562.portmap.host udp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
US 8.8.8.8:53 wasted9sss1-57562.portmap.host udp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
US 8.8.8.8:53 wasted9sss1-57562.portmap.host udp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
US 8.8.8.8:53 wasted9sss1-57562.portmap.host udp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
US 8.8.8.8:53 wasted9sss1-57562.portmap.host udp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
US 8.8.8.8:53 wasted9sss1-57562.portmap.host udp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp

Files

memory/1924-54-0x00000000008C0000-0x00000000008DC000-memory.dmp

memory/1924-55-0x0000000073E80000-0x000000007456E000-memory.dmp

memory/2652-56-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2652-57-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2652-59-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2652-58-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2652-60-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

memory/2652-62-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2652-64-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2652-66-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2652-68-0x0000000073E80000-0x000000007456E000-memory.dmp

memory/2652-70-0x0000000004770000-0x00000000047B0000-memory.dmp

memory/1924-69-0x0000000073E80000-0x000000007456E000-memory.dmp

memory/1080-71-0x0000000003BD0000-0x0000000003BD1000-memory.dmp

memory/2652-72-0x0000000073E80000-0x000000007456E000-memory.dmp

memory/2652-73-0x0000000004770000-0x00000000047B0000-memory.dmp

memory/1080-74-0x0000000003BD0000-0x0000000003BD1000-memory.dmp

memory/2028-75-0x00000000001A0000-0x00000000001A1000-memory.dmp

memory/3016-86-0x000000013FEE0000-0x000000013FFD8000-memory.dmp

memory/3016-87-0x000007FEF7130000-0x000007FEF7164000-memory.dmp

memory/3016-88-0x000007FEF5880000-0x000007FEF5B34000-memory.dmp

memory/3016-89-0x000007FEFB000000-0x000007FEFB018000-memory.dmp

memory/3016-90-0x000007FEF7310000-0x000007FEF7327000-memory.dmp

memory/3016-91-0x000007FEF6590000-0x000007FEF65A1000-memory.dmp

memory/3016-92-0x000007FEF6150000-0x000007FEF6167000-memory.dmp

memory/3016-93-0x000007FEF5F10000-0x000007FEF5F21000-memory.dmp

memory/3016-94-0x000007FEF5EF0000-0x000007FEF5F0D000-memory.dmp

memory/3016-95-0x000007FEF5ED0000-0x000007FEF5EE1000-memory.dmp

memory/3016-96-0x000007FEF5400000-0x000007FEF5600000-memory.dmp

memory/3016-97-0x000007FEF4350000-0x000007FEF53FB000-memory.dmp

memory/3016-98-0x000007FEF4310000-0x000007FEF434F000-memory.dmp

memory/3016-99-0x000007FEF42E0000-0x000007FEF4301000-memory.dmp

memory/3016-100-0x000007FEF5EB0000-0x000007FEF5EC8000-memory.dmp

memory/3016-101-0x000007FEF5860000-0x000007FEF5871000-memory.dmp

memory/3016-102-0x000007FEF42C0000-0x000007FEF42D1000-memory.dmp

memory/3016-103-0x000007FEF42A0000-0x000007FEF42B1000-memory.dmp

memory/3016-104-0x000007FEF4280000-0x000007FEF429B000-memory.dmp

memory/3016-105-0x000007FEF4260000-0x000007FEF4271000-memory.dmp

memory/3016-106-0x000007FEF4240000-0x000007FEF4258000-memory.dmp

memory/3016-107-0x000007FEF4210000-0x000007FEF4240000-memory.dmp

memory/3016-108-0x000007FEF41A0000-0x000007FEF4207000-memory.dmp

memory/3016-109-0x000007FEF4130000-0x000007FEF419F000-memory.dmp

memory/3016-110-0x000007FEF4110000-0x000007FEF4121000-memory.dmp

memory/3016-111-0x000007FEF40B0000-0x000007FEF4106000-memory.dmp

memory/3016-112-0x000007FEF4080000-0x000007FEF40A8000-memory.dmp

memory/3016-113-0x000007FEF4050000-0x000007FEF4074000-memory.dmp

memory/3016-114-0x000007FEF4030000-0x000007FEF4047000-memory.dmp

memory/3016-115-0x000007FEF4000000-0x000007FEF4023000-memory.dmp

memory/3016-116-0x000007FEF3FE0000-0x000007FEF3FF1000-memory.dmp

memory/3016-117-0x000007FEF3FC0000-0x000007FEF3FD2000-memory.dmp

memory/3016-118-0x000007FEF3F90000-0x000007FEF3FB1000-memory.dmp

memory/3016-119-0x000007FEF3F70000-0x000007FEF3F83000-memory.dmp

memory/3016-120-0x000007FEF3F50000-0x000007FEF3F62000-memory.dmp

memory/3016-121-0x000007FEF3E10000-0x000007FEF3F4B000-memory.dmp

memory/3016-122-0x000007FEF3DE0000-0x000007FEF3E0C000-memory.dmp

memory/3016-123-0x000007FEF3C20000-0x000007FEF3DD2000-memory.dmp

memory/3016-124-0x000007FEF3BC0000-0x000007FEF3C1C000-memory.dmp

memory/3016-125-0x000007FEF3BA0000-0x000007FEF3BB1000-memory.dmp

memory/3016-126-0x000007FEF3B00000-0x000007FEF3B97000-memory.dmp

memory/3016-127-0x000007FEF3AE0000-0x000007FEF3AF2000-memory.dmp

memory/3016-128-0x000007FEF38A0000-0x000007FEF3AD1000-memory.dmp

memory/3016-129-0x000007FEF3780000-0x000007FEF3892000-memory.dmp

memory/3016-130-0x000007FEF3740000-0x000007FEF3775000-memory.dmp

memory/3016-131-0x000007FEF3710000-0x000007FEF3735000-memory.dmp

memory/3016-132-0x000007FEF36F0000-0x000007FEF3701000-memory.dmp

memory/3016-133-0x000007FEF3680000-0x000007FEF36E1000-memory.dmp

memory/3016-134-0x000007FEF3660000-0x000007FEF3671000-memory.dmp

memory/3016-135-0x000007FEF3640000-0x000007FEF3652000-memory.dmp

memory/3016-136-0x000007FEF3620000-0x000007FEF3633000-memory.dmp

memory/3016-137-0x000007FEF3580000-0x000007FEF361F000-memory.dmp

memory/3016-138-0x000007FEF3560000-0x000007FEF3571000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-07-18 10:52

Reported

2023-07-18 11:22

Platform

win10v2004-20230703-en

Max time kernel

1800s

Max time network

1806s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ClientH.exe"

Signatures

ArrowRat

rat arrowrat

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, C:\\Users\\Admin\\AppData\\Roaming\\LbJIPffl\\LbJIPffl" C:\Users\Admin\AppData\Local\Temp\ClientH.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2184 set thread context of 1080 N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 14000000070000000100010007000000140000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b0072000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000046c000000000000002000000e70707004100720067006a00620065007800200032000a005600610067007200650061007200670020006e0070007000720066006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e00000074ae2078e323294282c1e41cb67d5b9c00000000000000000000000073416efd65b9d90100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000640000000000000002000000e70707004600630072006e0078007200650066003a002000360037002500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000001f00000073ae2078e323294282c1e41cb67d5b9c00000000000000000000000072be07fd65b9d90100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a0066000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000050003a005c00480066007200650066005c004e0071007a00760061005c004e006300630051006e0067006e005c005900620070006e0079005c005a00760070006500620066006200730067005c00420061007200510065007600690072005c00420061007200510065007600690072002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50100000000000000000000e7070700420061007200510065007600690072000a0041006200670020006600760074006100720071002000760061000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000005e063178abadd90100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e70707000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000075ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e70707000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e70707000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000082ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e70707000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000083ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ClientH.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ClientH.exe

"C:\Users\Admin\AppData\Local\Temp\ClientH.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" VenomHVNC wasted9sss1-57562.portmap.host 57562 uSzDNutNI.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 432 -p 4936 -ip 4936

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4936 -s 3956

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 540 -p 3784 -ip 3784

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3784 -s 3964

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 548 -p 1348 -ip 1348

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1348 -s 3592

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 548 -p 4604 -ip 4604

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4604 -s 3556

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 448 -p 3796 -ip 3796

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3796 -s 3564

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 254.211.247.8.in-addr.arpa udp
US 8.8.8.8:53 wasted9sss1-57562.portmap.host udp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 99.193.161.193.in-addr.arpa udp
US 8.8.8.8:53 152.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 1.77.109.52.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
US 8.8.8.8:53 wasted9sss1-57562.portmap.host udp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
US 8.8.8.8:53 wasted9sss1-57562.portmap.host udp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
US 8.8.8.8:53 wasted9sss1-57562.portmap.host udp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
US 8.8.8.8:53 wasted9sss1-57562.portmap.host udp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
US 8.8.8.8:53 wasted9sss1-57562.portmap.host udp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
US 8.8.8.8:53 wasted9sss1-57562.portmap.host udp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp
DE 193.161.193.99:57562 wasted9sss1-57562.portmap.host tcp

Files

memory/2184-134-0x0000000074FA0000-0x0000000075750000-memory.dmp

memory/2184-133-0x00000000000A0000-0x00000000000BC000-memory.dmp

memory/2184-135-0x0000000004FD0000-0x0000000005574000-memory.dmp

memory/2184-136-0x0000000004BC0000-0x0000000004C5C000-memory.dmp

memory/1080-137-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2184-140-0x0000000074FA0000-0x0000000075750000-memory.dmp

memory/1080-141-0x0000000075040000-0x00000000757F0000-memory.dmp

memory/1080-142-0x0000000005830000-0x00000000058C2000-memory.dmp

memory/1080-143-0x0000000005750000-0x0000000005760000-memory.dmp

memory/4368-144-0x0000000002840000-0x0000000002841000-memory.dmp

memory/4936-151-0x0000025185720000-0x0000025185740000-memory.dmp

memory/4936-154-0x00000251853D0000-0x00000251853F0000-memory.dmp

memory/4936-156-0x0000025185B70000-0x0000025185B90000-memory.dmp

memory/1080-165-0x0000000075040000-0x00000000757F0000-memory.dmp

memory/1080-166-0x0000000005750000-0x0000000005760000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

MD5 75fdba27ae111f9312c9b243a5e22d02
SHA1 0bbbf13546b05600dbeb285609adcff5e12c2e24
SHA256 62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89
SHA512 855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

memory/3784-174-0x00000201A43D0000-0x00000201A43F0000-memory.dmp

memory/3784-176-0x00000201A4390000-0x00000201A43B0000-memory.dmp

memory/3784-181-0x00000201A47A0000-0x00000201A47C0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

MD5 75fdba27ae111f9312c9b243a5e22d02
SHA1 0bbbf13546b05600dbeb285609adcff5e12c2e24
SHA256 62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89
SHA512 855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

memory/1348-192-0x000002C2A8C20000-0x000002C2A8C40000-memory.dmp

memory/1348-196-0x000002C2A89E0000-0x000002C2A8A00000-memory.dmp

memory/1348-198-0x000002CAAA000000-0x000002CAAA020000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

MD5 75fdba27ae111f9312c9b243a5e22d02
SHA1 0bbbf13546b05600dbeb285609adcff5e12c2e24
SHA256 62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89
SHA512 855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

MD5 75fdba27ae111f9312c9b243a5e22d02
SHA1 0bbbf13546b05600dbeb285609adcff5e12c2e24
SHA256 62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89
SHA512 855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

memory/4604-213-0x0000016408A60000-0x0000016408A80000-memory.dmp

memory/4604-216-0x0000016408A20000-0x0000016408A40000-memory.dmp

memory/4604-218-0x0000016408E20000-0x0000016408E40000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

MD5 75fdba27ae111f9312c9b243a5e22d02
SHA1 0bbbf13546b05600dbeb285609adcff5e12c2e24
SHA256 62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89
SHA512 855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

memory/3796-234-0x000002CD6E780000-0x000002CD6E7A0000-memory.dmp

memory/3796-236-0x000002CD6E740000-0x000002CD6E760000-memory.dmp

memory/3796-240-0x000002CD6EB90000-0x000002CD6EBB0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe

MD5 406347732c383e23c3b1af590a47bccd
SHA1 fae764f62a396f2503dd81eefd3c7f06a5fb8e5f
SHA256 e0a9f5c75706dc79a44d0c890c841b2b0b25af4ee60d0a16a7356b067210038e
SHA512 18905eaad8184bb3a7b0fe21ff37ed2ee72a3bd24bb90cbfcad222cf09e2fa74e886d5c687b21d81cd3aec1e6c05891c24f67a8f82bafd2aceb0e0dcb7672ce7

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{0A6AC72E-ED8C-C16F-38B6-05831557CF24}

MD5 8aaad0f4eb7d3c65f81c6e6b496ba889
SHA1 231237a501b9433c292991e4ec200b25c1589050
SHA256 813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1
SHA512 1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62