Analysis Overview
SHA256
6136b0b9b28b52962f090cdf34ac650c4b184f3a65e863e2051cdc1219aff051
Threat Level: Known bad
The file ClientH.exe was found to be: Known bad.
Malicious Activity Summary
Arrowrat family
Modifies WinLogon for persistence
ArrowRat
Modifies Installed Components in the registry
Enumerates connected drives
Suspicious use of SetThreadContext
Program crash
Unsigned PE
Runs .reg file with regedit
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-07-18 10:52
Signatures
Arrowrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-07-18 10:52
Reported
2023-07-18 11:22
Platform
win7-20230712-en
Max time kernel
1799s
Max time network
1806s
Command Line
Signatures
ArrowRat
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, C:\\Users\\Admin\\AppData\\Roaming\\LbJIPffl\\LbJIPffl" | C:\Users\Admin\AppData\Local\Temp\ClientH.exe | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1924 set thread context of 2652 | N/A | C:\Users\Admin\AppData\Local\Temp\ClientH.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ClientH.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ClientH.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\ClientH.exe
"C:\Users\Admin\AppData\Local\Temp\ClientH.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" VenomHVNC wasted9sss1-57562.portmap.host 57562 uSzDNutNI.exe
C:\Windows\system32\ctfmon.exe
ctfmon.exe
C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Desktop\DenyRestart.reg"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\TraceMount.aiff"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wasted9sss1-57562.portmap.host | udp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| US | 8.8.8.8:53 | wasted9sss1-57562.portmap.host | udp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| US | 8.8.8.8:53 | wasted9sss1-57562.portmap.host | udp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| US | 8.8.8.8:53 | wasted9sss1-57562.portmap.host | udp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| US | 8.8.8.8:53 | wasted9sss1-57562.portmap.host | udp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| US | 8.8.8.8:53 | wasted9sss1-57562.portmap.host | udp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| US | 8.8.8.8:53 | wasted9sss1-57562.portmap.host | udp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| US | 8.8.8.8:53 | wasted9sss1-57562.portmap.host | udp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
Files
memory/1924-54-0x00000000008C0000-0x00000000008DC000-memory.dmp
memory/1924-55-0x0000000073E80000-0x000000007456E000-memory.dmp
memory/2652-56-0x0000000000400000-0x0000000000410000-memory.dmp
memory/2652-57-0x0000000000400000-0x0000000000410000-memory.dmp
memory/2652-59-0x0000000000400000-0x0000000000410000-memory.dmp
memory/2652-58-0x0000000000400000-0x0000000000410000-memory.dmp
memory/2652-60-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp
memory/2652-62-0x0000000000400000-0x0000000000410000-memory.dmp
memory/2652-64-0x0000000000400000-0x0000000000410000-memory.dmp
memory/2652-66-0x0000000000400000-0x0000000000410000-memory.dmp
memory/2652-68-0x0000000073E80000-0x000000007456E000-memory.dmp
memory/2652-70-0x0000000004770000-0x00000000047B0000-memory.dmp
memory/1924-69-0x0000000073E80000-0x000000007456E000-memory.dmp
memory/1080-71-0x0000000003BD0000-0x0000000003BD1000-memory.dmp
memory/2652-72-0x0000000073E80000-0x000000007456E000-memory.dmp
memory/2652-73-0x0000000004770000-0x00000000047B0000-memory.dmp
memory/1080-74-0x0000000003BD0000-0x0000000003BD1000-memory.dmp
memory/2028-75-0x00000000001A0000-0x00000000001A1000-memory.dmp
memory/3016-86-0x000000013FEE0000-0x000000013FFD8000-memory.dmp
memory/3016-87-0x000007FEF7130000-0x000007FEF7164000-memory.dmp
memory/3016-88-0x000007FEF5880000-0x000007FEF5B34000-memory.dmp
memory/3016-89-0x000007FEFB000000-0x000007FEFB018000-memory.dmp
memory/3016-90-0x000007FEF7310000-0x000007FEF7327000-memory.dmp
memory/3016-91-0x000007FEF6590000-0x000007FEF65A1000-memory.dmp
memory/3016-92-0x000007FEF6150000-0x000007FEF6167000-memory.dmp
memory/3016-93-0x000007FEF5F10000-0x000007FEF5F21000-memory.dmp
memory/3016-94-0x000007FEF5EF0000-0x000007FEF5F0D000-memory.dmp
memory/3016-95-0x000007FEF5ED0000-0x000007FEF5EE1000-memory.dmp
memory/3016-96-0x000007FEF5400000-0x000007FEF5600000-memory.dmp
memory/3016-97-0x000007FEF4350000-0x000007FEF53FB000-memory.dmp
memory/3016-98-0x000007FEF4310000-0x000007FEF434F000-memory.dmp
memory/3016-99-0x000007FEF42E0000-0x000007FEF4301000-memory.dmp
memory/3016-100-0x000007FEF5EB0000-0x000007FEF5EC8000-memory.dmp
memory/3016-101-0x000007FEF5860000-0x000007FEF5871000-memory.dmp
memory/3016-102-0x000007FEF42C0000-0x000007FEF42D1000-memory.dmp
memory/3016-103-0x000007FEF42A0000-0x000007FEF42B1000-memory.dmp
memory/3016-104-0x000007FEF4280000-0x000007FEF429B000-memory.dmp
memory/3016-105-0x000007FEF4260000-0x000007FEF4271000-memory.dmp
memory/3016-106-0x000007FEF4240000-0x000007FEF4258000-memory.dmp
memory/3016-107-0x000007FEF4210000-0x000007FEF4240000-memory.dmp
memory/3016-108-0x000007FEF41A0000-0x000007FEF4207000-memory.dmp
memory/3016-109-0x000007FEF4130000-0x000007FEF419F000-memory.dmp
memory/3016-110-0x000007FEF4110000-0x000007FEF4121000-memory.dmp
memory/3016-111-0x000007FEF40B0000-0x000007FEF4106000-memory.dmp
memory/3016-112-0x000007FEF4080000-0x000007FEF40A8000-memory.dmp
memory/3016-113-0x000007FEF4050000-0x000007FEF4074000-memory.dmp
memory/3016-114-0x000007FEF4030000-0x000007FEF4047000-memory.dmp
memory/3016-115-0x000007FEF4000000-0x000007FEF4023000-memory.dmp
memory/3016-116-0x000007FEF3FE0000-0x000007FEF3FF1000-memory.dmp
memory/3016-117-0x000007FEF3FC0000-0x000007FEF3FD2000-memory.dmp
memory/3016-118-0x000007FEF3F90000-0x000007FEF3FB1000-memory.dmp
memory/3016-119-0x000007FEF3F70000-0x000007FEF3F83000-memory.dmp
memory/3016-120-0x000007FEF3F50000-0x000007FEF3F62000-memory.dmp
memory/3016-121-0x000007FEF3E10000-0x000007FEF3F4B000-memory.dmp
memory/3016-122-0x000007FEF3DE0000-0x000007FEF3E0C000-memory.dmp
memory/3016-123-0x000007FEF3C20000-0x000007FEF3DD2000-memory.dmp
memory/3016-124-0x000007FEF3BC0000-0x000007FEF3C1C000-memory.dmp
memory/3016-125-0x000007FEF3BA0000-0x000007FEF3BB1000-memory.dmp
memory/3016-126-0x000007FEF3B00000-0x000007FEF3B97000-memory.dmp
memory/3016-127-0x000007FEF3AE0000-0x000007FEF3AF2000-memory.dmp
memory/3016-128-0x000007FEF38A0000-0x000007FEF3AD1000-memory.dmp
memory/3016-129-0x000007FEF3780000-0x000007FEF3892000-memory.dmp
memory/3016-130-0x000007FEF3740000-0x000007FEF3775000-memory.dmp
memory/3016-131-0x000007FEF3710000-0x000007FEF3735000-memory.dmp
memory/3016-132-0x000007FEF36F0000-0x000007FEF3701000-memory.dmp
memory/3016-133-0x000007FEF3680000-0x000007FEF36E1000-memory.dmp
memory/3016-134-0x000007FEF3660000-0x000007FEF3671000-memory.dmp
memory/3016-135-0x000007FEF3640000-0x000007FEF3652000-memory.dmp
memory/3016-136-0x000007FEF3620000-0x000007FEF3633000-memory.dmp
memory/3016-137-0x000007FEF3580000-0x000007FEF361F000-memory.dmp
memory/3016-138-0x000007FEF3560000-0x000007FEF3571000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-07-18 10:52
Reported
2023-07-18 11:22
Platform
win10v2004-20230703-en
Max time kernel
1800s
Max time network
1806s
Command Line
Signatures
ArrowRat
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, C:\\Users\\Admin\\AppData\\Roaming\\LbJIPffl\\LbJIPffl" | C:\Users\Admin\AppData\Local\Temp\ClientH.exe | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2184 set thread context of 1080 | N/A | C:\Users\Admin\AppData\Local\Temp\ClientH.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 14000000070000000100010007000000140000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b0072000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000046c000000000000002000000e70707004100720067006a00620065007800200032000a005600610067007200650061007200670020006e0070007000720066006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e00000074ae2078e323294282c1e41cb67d5b9c00000000000000000000000073416efd65b9d90100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000640000000000000002000000e70707004600630072006e0078007200650066003a002000360037002500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000001f00000073ae2078e323294282c1e41cb67d5b9c00000000000000000000000072be07fd65b9d90100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a0066000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000050003a005c00480066007200650066005c004e0071007a00760061005c004e006300630051006e0067006e005c005900620070006e0079005c005a00760070006500620066006200730067005c00420061007200510065007600690072005c00420061007200510065007600690072002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50100000000000000000000e7070700420061007200510065007600690072000a0041006200670020006600760074006100720071002000760061000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000005e063178abadd90100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e70707000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000075ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e70707000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e70707000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000082ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e70707000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000083ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ClientH.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ClientH.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ClientH.exe
"C:\Users\Admin\AppData\Local\Temp\ClientH.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" VenomHVNC wasted9sss1-57562.portmap.host 57562 uSzDNutNI.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 432 -p 4936 -ip 4936
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4936 -s 3956
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 540 -p 3784 -ip 3784
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3784 -s 3964
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 548 -p 1348 -ip 1348
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1348 -s 3592
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 548 -p 4604 -ip 4604
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4604 -s 3556
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 448 -p 3796 -ip 3796
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3796 -s 3564
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.211.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wasted9sss1-57562.portmap.host | udp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.193.161.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.77.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| US | 8.8.8.8:53 | wasted9sss1-57562.portmap.host | udp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| US | 8.8.8.8:53 | wasted9sss1-57562.portmap.host | udp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| US | 8.8.8.8:53 | wasted9sss1-57562.portmap.host | udp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| US | 8.8.8.8:53 | wasted9sss1-57562.portmap.host | udp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| US | 8.8.8.8:53 | wasted9sss1-57562.portmap.host | udp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| US | 8.8.8.8:53 | wasted9sss1-57562.portmap.host | udp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
| DE | 193.161.193.99:57562 | wasted9sss1-57562.portmap.host | tcp |
Files
memory/2184-134-0x0000000074FA0000-0x0000000075750000-memory.dmp
memory/2184-133-0x00000000000A0000-0x00000000000BC000-memory.dmp
memory/2184-135-0x0000000004FD0000-0x0000000005574000-memory.dmp
memory/2184-136-0x0000000004BC0000-0x0000000004C5C000-memory.dmp
memory/1080-137-0x0000000000400000-0x0000000000410000-memory.dmp
memory/2184-140-0x0000000074FA0000-0x0000000075750000-memory.dmp
memory/1080-141-0x0000000075040000-0x00000000757F0000-memory.dmp
memory/1080-142-0x0000000005830000-0x00000000058C2000-memory.dmp
memory/1080-143-0x0000000005750000-0x0000000005760000-memory.dmp
memory/4368-144-0x0000000002840000-0x0000000002841000-memory.dmp
memory/4936-151-0x0000025185720000-0x0000025185740000-memory.dmp
memory/4936-154-0x00000251853D0000-0x00000251853F0000-memory.dmp
memory/4936-156-0x0000025185B70000-0x0000025185B90000-memory.dmp
memory/1080-165-0x0000000075040000-0x00000000757F0000-memory.dmp
memory/1080-166-0x0000000005750000-0x0000000005760000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml
| MD5 | 75fdba27ae111f9312c9b243a5e22d02 |
| SHA1 | 0bbbf13546b05600dbeb285609adcff5e12c2e24 |
| SHA256 | 62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89 |
| SHA512 | 855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c |
memory/3784-174-0x00000201A43D0000-0x00000201A43F0000-memory.dmp
memory/3784-176-0x00000201A4390000-0x00000201A43B0000-memory.dmp
memory/3784-181-0x00000201A47A0000-0x00000201A47C0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml
| MD5 | 75fdba27ae111f9312c9b243a5e22d02 |
| SHA1 | 0bbbf13546b05600dbeb285609adcff5e12c2e24 |
| SHA256 | 62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89 |
| SHA512 | 855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c |
memory/1348-192-0x000002C2A8C20000-0x000002C2A8C40000-memory.dmp
memory/1348-196-0x000002C2A89E0000-0x000002C2A8A00000-memory.dmp
memory/1348-198-0x000002CAAA000000-0x000002CAAA020000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml
| MD5 | 75fdba27ae111f9312c9b243a5e22d02 |
| SHA1 | 0bbbf13546b05600dbeb285609adcff5e12c2e24 |
| SHA256 | 62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89 |
| SHA512 | 855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml
| MD5 | 75fdba27ae111f9312c9b243a5e22d02 |
| SHA1 | 0bbbf13546b05600dbeb285609adcff5e12c2e24 |
| SHA256 | 62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89 |
| SHA512 | 855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c |
memory/4604-213-0x0000016408A60000-0x0000016408A80000-memory.dmp
memory/4604-216-0x0000016408A20000-0x0000016408A40000-memory.dmp
memory/4604-218-0x0000016408E20000-0x0000016408E40000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml
| MD5 | 75fdba27ae111f9312c9b243a5e22d02 |
| SHA1 | 0bbbf13546b05600dbeb285609adcff5e12c2e24 |
| SHA256 | 62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89 |
| SHA512 | 855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c |
memory/3796-234-0x000002CD6E780000-0x000002CD6E7A0000-memory.dmp
memory/3796-236-0x000002CD6E740000-0x000002CD6E760000-memory.dmp
memory/3796-240-0x000002CD6EB90000-0x000002CD6EBB0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe
| MD5 | 406347732c383e23c3b1af590a47bccd |
| SHA1 | fae764f62a396f2503dd81eefd3c7f06a5fb8e5f |
| SHA256 | e0a9f5c75706dc79a44d0c890c841b2b0b25af4ee60d0a16a7356b067210038e |
| SHA512 | 18905eaad8184bb3a7b0fe21ff37ed2ee72a3bd24bb90cbfcad222cf09e2fa74e886d5c687b21d81cd3aec1e6c05891c24f67a8f82bafd2aceb0e0dcb7672ce7 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{0A6AC72E-ED8C-C16F-38B6-05831557CF24}
| MD5 | 8aaad0f4eb7d3c65f81c6e6b496ba889 |
| SHA1 | 231237a501b9433c292991e4ec200b25c1589050 |
| SHA256 | 813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1 |
| SHA512 | 1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62 |