Analysis Overview
Threat Level: Known bad
The file https://pub-9d0605c7307a46d0ae841ccb0a240794.r2.dev/edmikado4/index.html#[email protected] was found to be: Known bad.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Drops file in Windows directory
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-10-16 01:53
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-16 01:53
Reported
2023-10-16 01:56
Platform
win7-20230831-en
Max time kernel
99s
Max time network
131s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EE9F0681-6BC6-11EE-A68C-D2B3C10F014B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f00000000020000000000106600000001000020000000f8c68acea2da034a5faadd62282ed44828d82a7274448924f02c266bcd5fe082000000000e800000000200002000000064ee28c9bd37355389a47237e55a265a123f4dea75cf07d78dd0cb67bd389feb20000000fb7556f1412ecfea759eebc28e4a447434dd802ca374471339e5746b1a3d63064000000083e4fc7aacd30194a003f721752e11a8b951e5ab79a54f68011ff07f6277b5a2733b33c467f39dfca254b18b604613b3ebdeb8032878444d84e7190f0169e66e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000000700005e010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f000000000200000000001066000000010000200000006edcf7af5723aefeedfca4a5792ee6a73c2879cf40cfa28a4f0292fc151cbda7000000000e8000000002000020000000d64af1ac01b8990270440a20f79ed085af1b35bfa6eff1fc6f4cb7f52ffd363e9000000014b018a547dd0306a217dbaed7fcea770104d09f3b0949b7ad4f9472d77050b5be870378e61960d626dfc5304ba05f3fb30682320b1e588e3b2b4ad3d0fdfd2f7d7b53738690441db38a71f50d4f7f7a6486e9bae41fab296736fe0b0ff4a77880ee4a0f8196ec5a2a8aa0968cf0b5a90143589a7fbc54070fba5e1813762198a8ca4850e3527634c4ef57c1a8393fbb4000000075e837bd17f47fe2f5debddc1b051c8c7b98051590b99444c5deb10c9a936f119eb257456d8898fab73d14809c7de19a9525b7295cb4b1fce7b96d4ddbb540ed | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000000700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009acbbc286be63c4682a409f320de94d7 | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50cdaec5d3ffd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom\ZoomFactor = "100000" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403583132" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://pub-9d0605c7307a46d0ae841ccb0a240794.r2.dev/edmikado4/index.html#[email protected]
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1192 CREDAT:275457 /prefetch:2
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1192 CREDAT:603146 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5c09758,0x7fef5c09768,0x7fef5c09778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1020,i,18204527931487002835,14697629957035182091,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1544 --field-trial-handle=1020,i,18204527931487002835,14697629957035182091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1020,i,18204527931487002835,14697629957035182091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2136 --field-trial-handle=1020,i,18204527931487002835,14697629957035182091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2144 --field-trial-handle=1020,i,18204527931487002835,14697629957035182091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 --field-trial-handle=1020,i,18204527931487002835,14697629957035182091,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3288 --field-trial-handle=1020,i,18204527931487002835,14697629957035182091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3480 --field-trial-handle=1020,i,18204527931487002835,14697629957035182091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3628 --field-trial-handle=1020,i,18204527931487002835,14697629957035182091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 --field-trial-handle=1020,i,18204527931487002835,14697629957035182091,131072 /prefetch:8
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1192 CREDAT:537617 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pub-9d0605c7307a46d0ae841ccb0a240794.r2.dev | udp |
| US | 104.18.3.35:443 | pub-9d0605c7307a46d0ae841ccb0a240794.r2.dev | tcp |
| US | 104.18.3.35:443 | pub-9d0605c7307a46d0ae841ccb0a240794.r2.dev | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| HK | 23.42.174.147:80 | x2.c.lencr.org | tcp |
| HK | 23.42.174.147:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | ik.imagekit.io | udp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 18.65.39.15:443 | ik.imagekit.io | tcp |
| US | 18.65.39.15:443 | ik.imagekit.io | tcp |
| US | 8.8.8.8:53 | firebasestorage.googleapis.com | udp |
| US | 8.8.8.8:53 | fac.corp.fortinet.com | udp |
| GB | 216.58.208.106:443 | firebasestorage.googleapis.com | tcp |
| GB | 216.58.208.106:443 | firebasestorage.googleapis.com | tcp |
| CA | 208.91.114.103:443 | fac.corp.fortinet.com | tcp |
| CA | 208.91.114.103:443 | fac.corp.fortinet.com | tcp |
| US | 8.8.8.8:53 | alphatrade-options.com | udp |
| US | 8.8.8.8:53 | www.aaa.aaa | udp |
| US | 209.82.215.200:443 | www.aaa.aaa | tcp |
| US | 209.82.215.200:443 | www.aaa.aaa | tcp |
| US | 8.8.8.8:53 | t3.gstatic.com | udp |
| NL | 142.250.179.132:443 | t3.gstatic.com | tcp |
| NL | 142.250.179.132:443 | t3.gstatic.com | tcp |
| US | 209.82.215.200:443 | www.aaa.aaa | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 172.217.23.206:443 | apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | api.bing.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3C84.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar3D25.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7c0c19fc08e2aef01a580facbf0e31e |
| SHA1 | b542605bdd950deb9680673cd5258d51578b4ee7 |
| SHA256 | 344128f1e7229969557c61b39ced1fe4d673b2e06d5ff6d9221b1e78d0c78bac |
| SHA512 | 78325cb8c190f91f795851fbb71cd2600a557570d989b7216fbae5a1046b2ef92cabce84a314840af3ecc4c496cdfe933e0f90757fb9e341a10f53a029eadd8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c6aaa502d4b14515146740d4f288400 |
| SHA1 | ffccaa55c66d3f0dd458322c0e7640c052c8e121 |
| SHA256 | 3b4364ba0ca934203885b3c7c16423bcc92e9d7efdaa79d50aa26643fb1a61bb |
| SHA512 | 90a9fa4bdeeb84f1473f66bb460bda97f87e8741caa430b32ce7a482499196e6c187200b3371a93b0d5317c97543ea1cda893b43a916d430d9c5ea12401b9bc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 871bd0ba2ee47dd71f0d9cb397cdf1fe |
| SHA1 | 1b6e636dfd5a4ea6c650654a8a9615320b38854d |
| SHA256 | 247991c03620196f2c010846efe187ead719ee1f02bf738258b6ff0b29fad3ff |
| SHA512 | d2cd9cf03be4f351f8ceb6ae25ed34cd7874d0686416f38d4f5b36658e4bf3cbaec4779c03acd147e8508badaf5cc7070db01380ebe8e706ca0fe75a9bc76f48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfa2324c75ecd1e7c42917a5a3867d58 |
| SHA1 | 42ea0369abbdee4834b0354e26862dbdec78f34d |
| SHA256 | ee4c638ae448abf5d238818bb0947c0fa759e4df69da966eb30d83d374ac5fe2 |
| SHA512 | 7d5458476e8440f2419f74fe873e6b2645b73142c17319e57d54e7263abb131e758d1af2a1fa206df7230703f9cd1e288781b3f8f66d6800e7a9845ad2139f58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c832ed11a8462ca1ccd2affa197db50 |
| SHA1 | d38475f0e9064d49d183a61d310076e2811e3caf |
| SHA256 | 91fe81f881d106dffe73a4dde4c56b01209ac3a4fee603d0b2d05b34b14dc4a4 |
| SHA512 | 9f32bb6b98ac6315914e8ad33ad7e485f1064e47f7816ba8fe6532cb10a2c49c98faed030aee4bcf95d6c70415e9968e99574a08c85eaf8c11e48897ca9e5616 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acf803fb803130346ba4a698b824ec97 |
| SHA1 | 0b8502541708bc7e53f417d4b45fda418c932c8e |
| SHA256 | c3f6df23e0eaf28fe32accde5c01723a82aa3a79731913164c58dd2c189ed9fd |
| SHA512 | 8ec15006987711747fe47d0232e15f24651b95a05c4eac62effa56be69856a06ad006b9d3129fdee7a0860860accaa70cf0e6842972d907db8328c5fd8a29f98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f22dfc8ab4cb7c08fd1fe2c2b1b4818 |
| SHA1 | 26094f7d3128f67ba621ac96b9ad6686a4c04d44 |
| SHA256 | 196edec2b8afaf66babbfcc8abbb34db18689f9ef927c604a0ca3ed7a89962ec |
| SHA512 | 8a8eb0643aa82fab56f14adde6e56264b00b017dd3fba546aa87107f2e728c89afa98a1e738a28f5ad8caec39cc4e47b35bd1481d7f46f6d191d5278ba777e60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | f5ee6b7f0572ab4442cb225e5adcd0c0 |
| SHA1 | f3e9b19f27704921cc65533df4de929105f1e58b |
| SHA256 | 5d2ac4aa093b78e428065634d6a1083196b1bb6badedee769aa504728cbc535a |
| SHA512 | 71afabfdcde4a74ab062c3e545b527af0c8acdefaa11932051bbe65c19a3d0753ccebe287d327e50684f50803e34a13175f06a6b9a90e8a26896a9b79ec03585 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66c8d20227363b405dd337f274f5c3da |
| SHA1 | 808f9033c6d3755bbe398d49911981676b15b94f |
| SHA256 | a3de39a84a26d3468407638395a92991774124e1562a37202ad6e7b53f4d890b |
| SHA512 | 7e3fccf946628cee6c2560ad3cd6e34d2614fa16824e2ff3352c7ae905cba4ed3359c8e62e79d83ca5d0283ae35101c3c34222773f6dc4d5a5c35d369ecccadb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75edcc197070532b6853045f7bb6523e |
| SHA1 | 68599e02addff71ef165e63d00f5100006b4c92d |
| SHA256 | 5652bfb843dd7c249be1c06822aeef63cacea682e487216c937af8f8527cff42 |
| SHA512 | 54c9178f1f0492e654644b3c15c6949fd4bedce458495d7f6e31d655d7732f940e70b1830406d8bb1353ab946f7c688d868ea021505a59494126d5429f828a06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51ace8c251a2e2b3593aa563902a6062 |
| SHA1 | 91857d4bbd4a33946860b2f050f06a399ddad414 |
| SHA256 | 0066995c5e6089dd4a2b19f3b7e257e03acdd499778dd80f73069d1783a24b27 |
| SHA512 | 5b8e7dd5ed2d7ec5d9158e56c81e681402cc718ef21545e0f5731f5fee1359051f54229782f9201d3dd473ec825029db421cc89a1face06a65b12c4926b363f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8510e915e08ac9518e59a90f1fc0c9a2 |
| SHA1 | e6787415c78b47b010a8b605ecb0ec1f65053933 |
| SHA256 | be64334edc7c121eb76131f3036368f05afac94915084a075d5055e4799fc83d |
| SHA512 | 65a2776f75e52c247fbe1996850d5f1470af2a0bb4b18d0c04e90c476d7893418a0744d9e362e2bdc85eb47a9a573a5c82abc65e90ada6b1d6fa29009544b3c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 474f40911472b073701e6b32ed503e96 |
| SHA1 | 0bfbd74b9a64d33e2a8a3f7d15f24ebd5867304d |
| SHA256 | f37284ba553a88ef563d194bc387ae4df124e1d9ed5e5d55a4b668b9350c1c21 |
| SHA512 | 6079d01e7a179022378a0977e1d907413c6617613aa4c3f7c9b419d37a8572a88ed2cf8a2900e4ae814949c81f894bb415f5e22badd7190737af224e838866b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e55477d2915ead4206a0c76fc3285a57 |
| SHA1 | af8fcc54e1c1522964f8d1ae6fcb7e2002f97319 |
| SHA256 | 916f988a573f2052f89d0d9f7a1663698e83f01f054b8bd83e36b4f23447b580 |
| SHA512 | dd8a8a0f8e9a30a2d282c350681bcf9323bb5ffbaa3c5973e109b191d6e182d0dabb3b69cc8a106c2b7b757d714e121de6b034ca042608aa6e48708bf8c5a586 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 750c3f28c0a1428843007f36c9d90d06 |
| SHA1 | 726ea19d45f9ce8c8db15234bebd8703c7e57009 |
| SHA256 | a3d5ff4a85acc89d87f096b2383113c553533d393b84b94eea4be50b5785b318 |
| SHA512 | 1398caf7a55a900e85a9b705bfbc6a1aa58a61a181db6cd1a234b3bddf30cd8f4a0a351c7d73023b7618d30dbf2cd6aa00fda919e246e84f805b597e58f486d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e35161fcfb0e3a0168d330d3d556e6f |
| SHA1 | e8d1e2bf0eeff7161d19d16849dbc6dd6984aa3c |
| SHA256 | 1094395d81a2231ccec964aca44ab2cd099c96ce600f97bf09c2f7394be30996 |
| SHA512 | 7bf59a45c6d24ba3081d7eb43b04b53e925705c494ee3a339ba47beb2995b2cd31d1fa3156495962d545fc5c1dfd998950f1606d4db71e2d0989be954bc69d21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06725b4f95912fd834f8a5c0ca76b517 |
| SHA1 | da49d62acbf37946a0eb4abf566bb94b4caadca8 |
| SHA256 | 2c2e75e9d05f4aed478978d233c5f29820872bec2713cb5961182772ee98a304 |
| SHA512 | 25c255970842cde4cca1cc4211aca432af66bbd7faa2ca36142b9b351125ff3beb810cb6e40a0d3dacde2813343533abc05deb35458e3c9b3ddef7e3e81b3086 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea45ddaefbd860324fc976b77d97c8db |
| SHA1 | 5082d6e155c5230f6e5affe91f3bf96180361bc5 |
| SHA256 | f1746b1d834784aa96cb165b4f448f008283877d29474faec6a9ad5d8e5df83f |
| SHA512 | b4dbf24390de1c3c2d7ee5d786012df2c98da55fb0bd8260cc1dd119f16ee8089b4acf3aa03a9b79f0ad588b6ac81c7bf7b4f5fbc486fd344054b81c9c49fcc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06b82ce375557d712e3d533eebd25503 |
| SHA1 | 8d1fa20f045ff0f6e9f4d3fb2655efbcd3ad5c6a |
| SHA256 | 26e7cbd2ecf47347703f9711b3c0fa808b5a4ae297372df7ef148aded0a2fe16 |
| SHA512 | 06a91d0aa0ecb98de63154427f2dc2ec6412c2510b243d1241ceb9c0f140bcf6896353ec77cc88d32578ded716680c4c31b017b807e4f10d4dc89a29e2f1c52c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 137943412846edb08c4cbc807dc35031 |
| SHA1 | 2d7fa6c7660245957aee5e834f2971ee95d0fd1a |
| SHA256 | da607ae2ee1f03836fa1f72c8e595c41c7559e1a9fe3d7b634d20fe151965d0c |
| SHA512 | bbdc65f14f1507c9182e30025f9d0e29d57933695f1df93169004156cc0c17d0cb833d0984f1d774260e56c1ef8080b913fe3ced6fd287143d50369128a021c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 359b320c2471976f95fc53a7ee9c54ea |
| SHA1 | a97f8388de2791da5a3629be6210784484dfa0d6 |
| SHA256 | 55a0befc0e75cbca23735b73a92acfc005e8faebe0a505c4dbae4f9e2f3edd94 |
| SHA512 | d687927b52bbb161781e68889412682c1a8e7dd1fde121afc853aa2696de900006bf38ba6bef8b4516468c9bdd7f1d4aebf1885e718684998ff86d291da551ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d723aabd293d80572838eec704f32d78 |
| SHA1 | c20c7e604d9767c1763512a0668559082d307478 |
| SHA256 | c92bb973631e624ef8c4f6a6830efe26cc82d12b57577a85c6516bccb25a4d87 |
| SHA512 | 25dda915bff7432f9da7e7a62c5e93cf3e5187158956a1487952137b8e679b0ad80d009b2a34650b1c11a0547242729c6f74dc09ca0fb29ad99c444ae786b0a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 173de5afa972817663ab172a74ea4dd1 |
| SHA1 | 8552f029888e8ca2700a3779ca3a2de1cc1d90f5 |
| SHA256 | fde22c74e7e9e81a743f30e5325310f8d3bae4e428277cb4c422b5fcfaf3fc9f |
| SHA512 | acd6cdb87949f766357d5ba0acb530aa47eb600d774ea425e69a8a7a187191a78b1819ec2fed9499cd4dd31cd9bcab9dd69af7cbee7b18ea3fdc6e80a5b3e700 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 55d22162cc30266d14c1605497cc333b |
| SHA1 | 0409353f4e644738a9deacca691f645ea8ae09a9 |
| SHA256 | ca76c37eb12a12e07ddc49a5ff00556ada79e18a8ed883e1ebad372355cf8d84 |
| SHA512 | b32076512ce923accef457f083ef0b698d8698ce8db47b96182cf87bbc1e8da61ea26690cb49001898a6dfec1b5ac18cc2b6e5aebf89284d36adad539abc1a05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a3ba07ac1c4a4abb214bdca9f8e44dc |
| SHA1 | 012c263b998e8337511a7dd969e436bdc349d66e |
| SHA256 | d712b1a8954d5594d73ddc6150669ed549253be45c73c0a18bd08f7f1de59c70 |
| SHA512 | 67f3e8c6f12e286dda236ec8fb35598b703c884cb6a0018e07bcb280f07e15f63ed687a2c6ed817cdff8e0cd6b909e3a250f68e1be81b262cc89063dcd915b26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dc392a5b75a23826d96de009cf14191 |
| SHA1 | ebafaa87cb1104efdd635967ef2cdcb95325397f |
| SHA256 | b889edf17281845898081f5d8dd0e206aa34bbab0c95b9fdcb1982e949241662 |
| SHA512 | 54c14073c2034644f17c62fd271fcdab7cbfa8a41291a42d91626a6625aa4f1d5a0e9ddf946b23b2e010f9579d1bf51b2415965d3e4f833c6954b40e8ca10e99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 841955edea8ed86c3cafeabdaacc608b |
| SHA1 | e5b1a49e360237160073b7d6b0995d03e979c4c6 |
| SHA256 | 1330e3e72b22d890cb626f7a17401551477692a0a1c2f8d49e5934af2728861d |
| SHA512 | 6814a28fbeca38250c1ecdf4c9ee3e32c5942b12a0fc75e3ad5fe1ffe2d0ae98e58e89361978f8a8c79ec70fdac37dc101d3c223827df1617d022abd1beb4b9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e958fe98ae8c7d49324526b2953a8bcb |
| SHA1 | b10e8f189eebf2e128f4380c0e3302056ea9c274 |
| SHA256 | 1acae30166f9b03a5d779e9e67d52e6bf395b49b9de4aa246ac89352ff7bdcc0 |
| SHA512 | 6271fd00ffa73c628b351f0ee1ec20c5ab1357c78ec52ac8fe037acb73c19f1c5b53655c65156920e5674f2c046228a47870d453265d9256ffea9d55b78638b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ed4ebfa697b398800cfa7a114bf63b5 |
| SHA1 | 3268a9b36e0dfbe768792335404983d0b0c31e23 |
| SHA256 | 8bd381c559e71c23557d2a719d026ad5f8c8346193d4ab3fa52efe83cba4dea2 |
| SHA512 | 7bc56b09fc60ea9907a605c3217d820ba1fb7b4dbefbc8cc5879decc1d7c16def2626f47996f6df238a3e38d53c5f6cc05edca843035ce0032ccd46dedb0741b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f6830040710b89e0a154944c8d9d6163 |
| SHA1 | e300c01f997206137b6387faa015d2b99b562b91 |
| SHA256 | 59b25609e4e2109d8b0a2981cbbf4599ffdb96ed9cf3968a17a573438d20ecea |
| SHA512 | cf427f822f361d45fb00c2a591516292cd88eef999ada8336a5f590da33b974f73acaaec7d38494adb52975805c67361a851419e3b149720dfa1e9dc0ed97044 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16487703e0c0ab7b714d6af17e74a334 |
| SHA1 | 70a2f2bb68815d3fd6a2442293cd5f8838f25d84 |
| SHA256 | 4ef1c01eade307f35c29f82fb4166a435041c3cde245311887363a573a204e3a |
| SHA512 | 1858659987edaffddd1c0ee4851a6eeee7a91aa60f80930d677dc2768ab6ed6bd2294f1cae231412291894db041728ab5b4a89e820341f8074731f55611f384b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 936209923157c9bb56290a5446b59c59 |
| SHA1 | 6c3a52e593cdeac14a9298c91609631bd3d0d3ba |
| SHA256 | 0170bfc68857655b2fdeba66f16086139c483634a20cae39ec9e20b0ac36cfde |
| SHA512 | 920c6f7b9f4d4e9cf2cf7cc9f29d411fb768e38a1faa35ca72df3bc3bdd77870898e74744dbe76f20c0eb4642e8a9b40f019c45e73f6f7d46027e56f0b4d09b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 539eb12907a2a99699a4cc5e7f6a9110 |
| SHA1 | b3f88f5c314539c58f417b369d8358b8aa52d2c4 |
| SHA256 | 52f25c005af4ef4710ac3d1fd306ffdeb60f9888fc11521bd1aa890e1a7ebd7b |
| SHA512 | 0ec97fe51e5f15d4e085bc32f52e844124cfb42793b7af38999a3ac8d9103d8076699f7e1d3bf353a7ce97a71ba6231f4185e797c33bdeae51fa44efe67fe0cf |
\??\pipe\crashpad_2880_UBIVEPYRCIFQASFI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 95e019f08890d30b8439a312f68b70f0 |
| SHA1 | 3c419505bcc554927bf087102b70950dce0540e3 |
| SHA256 | 65fc168c3316a8f9970cceac3f233b5abaab639e528a3c518ac068874646e2f5 |
| SHA512 | 4760e2c80c4f5c192c82c5be07f2c101008dcc4aa367a8e3e63b209cdab41f14dae12ac5787d4c2bf165003d36d9eba76c0725cd9cf87b0805197b2628b759ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_ECD931CC6FBF9F061BE09F2505FD40C3
| MD5 | 08d9d3b61bbe5fd4cdedf938250da550 |
| SHA1 | 9819913f62ef1bc95c3b3def7738f390615ca631 |
| SHA256 | cd8bc971d94541f2089e2f0ff2e61989a98f01ac1184bc56533843f82d8df86c |
| SHA512 | ee1c75681f295ae72d6924b661bde65dd7ba67c86a7cfe8e0b006b7a6ccba39de2248c41c77336b9c09c1c273bc1f094226c9f00b71e751dd37bc9b5ac4d64e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 091d065c5a0622e60b8a2bc916900372 |
| SHA1 | fd4bdc0f446cc0c37b5a1af08178b812a3bad61c |
| SHA256 | fea47cc00312864b11ddb2ef31f2d2e53cb0b545a68e3dcf963da75196848cd3 |
| SHA512 | 2a0a60889b790cb9d5f4515f524ef552039d3b72736bdd0559c52fc989448a0d9c4e160b143b6e243450b007a21643c33f7a0896675c2c550481575a01049a72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | aab2c0ac341d244950bd1fc232f6cd54 |
| SHA1 | 024cc43041e8f4e0a113e1c5eafa28dc7afe778d |
| SHA256 | a9fc1e5ea4a6d391f361aafe110970589f2d25665e456f43c9f16fa0c716bddd |
| SHA512 | 8bd7c9d0a827e0444cff4201ccac65a024c8147300c5cdad85a32f409d25b4b37e6ba85598fbb3c1b87a731c260091d7ad2dedc3e062cc159cdb16e7022537d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_ECD931CC6FBF9F061BE09F2505FD40C3
| MD5 | 36d6fa6dfc6e98e6247ccd33f3a3dc62 |
| SHA1 | ebdc426f8d0a55b5e929dec6ec65255b5b4e6763 |
| SHA256 | 3d5cb9b7bcc96e258038879a5a5045a51a3332e68a70cebccc02ef9446e12097 |
| SHA512 | 4b2c746381ad084f5c0c97875b22569fa7809af2a2a0a0d73a6481fd0bd45f90352c12bada93d52a74dee5df6a087bd4464862abec8f41e7523d80f92e8b0bf1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_BBCE07F0D1D3591F7AACC4D200BCC3F0
| MD5 | a31fd50347e2003de9b4b25deed05e29 |
| SHA1 | 80cb21eb4f2caace679ab68c90f7f0c48dd0b8cd |
| SHA256 | bcc44c6902b818eadf101a5c9d223ad3f161a0beca4d220f325c18b88d9216f9 |
| SHA512 | 97e6698acbacf94e274c44c21fc2f245300c1dae6c4aada23eac8e233f8c3e151018b203535eeb0da9654604a7d0a7b736df8bec8ef135ae2da1b4340888b515 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_BBCE07F0D1D3591F7AACC4D200BCC3F0
| MD5 | 760b253171e59f7802de429ba3a6f6cd |
| SHA1 | 9694a14a34ce84609c714d9a1212a85096feec46 |
| SHA256 | 3e3544f4fa5b29963055a857ffc72f8f5b0f3cdb0a9d72e4dbea39db240b1adc |
| SHA512 | bec6eddc7bde6f3ef02417aa46735b7ab4920ce80f8553e0e8e1d72f9c788f9f6b2765d7b4438742187e15ee5760d5d45f353b2325857b7c7d714da920ae8dc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_9EBD80E624B865607A21974E30809640
| MD5 | 087746819c7b7b0b34b85d183f922ce9 |
| SHA1 | 35bed2d5d53b44b74224f11476463bfcad58493b |
| SHA256 | e9bdaa50199a339a02f52022b63ea2506e0a6b749e866280aa29f0cb540e0d54 |
| SHA512 | a534b21e8a371886b8858e3173baaf71468591fd030bbc3d39ebd0454a6d6bf75f30f9c4a0143b76448c9b4fa718e45116210548b6b5237faee1a317da281670 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_9EBD80E624B865607A21974E30809640
| MD5 | 69e854bd23c5909474ee243025da31be |
| SHA1 | f3fddc38a4c6b9239d214dea51adf6fdafdbace1 |
| SHA256 | 0b8193f810972158734d57f32f73e61e9a3bd6da0329df18a1516cab2b5ae414 |
| SHA512 | 9b495e78c29c093d5809ee962d59c058d1af786d14f044fffeab7137c79a5d9e2366e562b74323c7fe69dc2149511644a496df8d177c5640f5c108714f1df3b1 |
C:\Users\Admin\AppData\Local\Temp\~DF10B2DE8E73A21108.TMP
| MD5 | aa408b69829f556472991fc8c28b3788 |
| SHA1 | 36b35df144aafe2444dd9976a03c50bbb45648eb |
| SHA256 | d8fd38c6a602039c3cda31b78f53d96bc2054fc8334e5ff5e395df39709e4407 |
| SHA512 | 4bbd0c473183771597f4c50dd26f1e9008496aea46338db13cd5e81c959ebc098c31202e9869021abd29a302a3e98e988ef2cd2d315dcbd0fe00ff37a84f2041 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a216651e783778baa621404ada9654d |
| SHA1 | c7e04bf6bbe5d4b6470827f6e2c14a05a4ca84b7 |
| SHA256 | 7a119056590af9369f7dd472a69d15e0b9b205b583fbfbb763860a5b50f0428d |
| SHA512 | fdfc720e2a6ad83743fa6c96d5712124b4989d185f9e1421d74d5ef4134248e903d460e300aa84eac870aba778a28710e536fbb9ae40a6cf7d6f9fd738b8b0bc |
Analysis: behavioral2
Detonation Overview
Submitted
2023-10-16 01:53
Reported
2023-10-16 01:59
Platform
win10-20230915-en
Max time kernel
300s
Max time network
296s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "404234825" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\F12\ShowPageContextMenuEntryPoints = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\F12\DebuggerFilePickerPinned = "true" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "403583375" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 670dedb7d3ffd901 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 00000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 010000003787aa9b1fa5b60e71a73847888c2f2d2f1984bf43bfca23fce859adc817f3945f87031ba4442e35dfe8c9781b505c988795e5d0078f9d24d67e | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d6867bc6d3ffd901 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\F12\DebuggerFilePickerView = "true" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SuppressScriptDebuggerDialog = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{1D8D7E3D-03EC-49E2-A20A-59BC481F6E30} = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://pub-9d0605c7307a46d0ae841ccb0a240794.r2.dev/edmikado4/index.html#[email protected]"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pub-9d0605c7307a46d0ae841ccb0a240794.r2.dev | udp |
| US | 104.18.3.35:443 | pub-9d0605c7307a46d0ae841ccb0a240794.r2.dev | tcp |
| US | 104.18.3.35:443 | pub-9d0605c7307a46d0ae841ccb0a240794.r2.dev | tcp |
| US | 8.8.8.8:53 | 35.3.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| HK | 23.42.174.147:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | ik.imagekit.io | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 18.65.39.15:443 | ik.imagekit.io | tcp |
| US | 18.65.39.15:443 | ik.imagekit.io | tcp |
| US | 8.8.8.8:53 | 147.174.42.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.15.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.15.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firebasestorage.googleapis.com | udp |
| US | 8.8.8.8:53 | fac.corp.fortinet.com | udp |
| DE | 172.217.23.202:443 | firebasestorage.googleapis.com | tcp |
| DE | 172.217.23.202:443 | firebasestorage.googleapis.com | tcp |
| US | 8.8.8.8:53 | alphatrade-options.com | udp |
| CA | 208.91.114.103:443 | fac.corp.fortinet.com | tcp |
| CA | 208.91.114.103:443 | fac.corp.fortinet.com | tcp |
| US | 104.18.3.35:443 | pub-9d0605c7307a46d0ae841ccb0a240794.r2.dev | tcp |
| US | 104.18.3.35:443 | pub-9d0605c7307a46d0ae841ccb0a240794.r2.dev | tcp |
| HK | 23.42.174.147:80 | x2.c.lencr.org | tcp |
| HK | 23.42.174.147:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | 76.69.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.114.91.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.aaa.aaa | udp |
| US | 209.82.215.200:443 | www.aaa.aaa | tcp |
| US | 209.82.215.200:443 | www.aaa.aaa | tcp |
| US | 8.8.8.8:53 | t3.gstatic.com | udp |
| NL | 142.250.179.132:443 | t3.gstatic.com | tcp |
| NL | 142.250.179.132:443 | t3.gstatic.com | tcp |
| NL | 142.250.179.132:443 | t3.gstatic.com | tcp |
| NL | 142.250.179.132:443 | t3.gstatic.com | tcp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.179.250.142.in-addr.arpa | udp |
| US | 209.82.215.200:443 | www.aaa.aaa | tcp |
| US | 209.82.215.200:443 | www.aaa.aaa | tcp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.178.238.8.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 163.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.microsoft.com | udp |
| US | 23.36.245.101:443 | download.microsoft.com | tcp |
| US | 23.36.245.101:443 | download.microsoft.com | tcp |
| US | 8.8.8.8:53 | 101.245.36.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mediaexpert.dz | udp |
| FR | 137.74.214.62:443 | mediaexpert.dz | tcp |
| FR | 137.74.214.62:443 | mediaexpert.dz | tcp |
| US | 8.8.8.8:53 | 101.14.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.214.74.137.in-addr.arpa | udp |
| FR | 137.74.214.62:443 | mediaexpert.dz | tcp |
| FR | 137.74.214.62:443 | mediaexpert.dz | tcp |
Files
memory/1324-0-0x0000027643520000-0x0000027643530000-memory.dmp
memory/1324-16-0x0000027643D40000-0x0000027643D50000-memory.dmp
memory/1324-35-0x00000276427A0000-0x00000276427A2000-memory.dmp
memory/2184-62-0x000002C8DB360000-0x000002C8DB362000-memory.dmp
memory/2184-65-0x000002C8DB390000-0x000002C8DB392000-memory.dmp
memory/2184-67-0x000002C8DB3B0000-0x000002C8DB3B2000-memory.dmp
memory/2184-92-0x000002C8DB5C0000-0x000002C8DB5E0000-memory.dmp
memory/2184-98-0x000002C8DC6B0000-0x000002C8DC6B2000-memory.dmp
memory/2184-100-0x000002C8DC6D0000-0x000002C8DC6D2000-memory.dmp
memory/2184-102-0x000002C8DC820000-0x000002C8DC822000-memory.dmp
memory/2184-104-0x000002C8DC830000-0x000002C8DC832000-memory.dmp
memory/2184-109-0x000002C8DC850000-0x000002C8DC852000-memory.dmp
memory/2184-111-0x000002C8DC6F0000-0x000002C8DC6F2000-memory.dmp
memory/2184-140-0x000002C8DB960000-0x000002C8DB962000-memory.dmp
memory/2184-156-0x000002C8DB970000-0x000002C8DB972000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\96DKDNLK\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
memory/1324-180-0x000002764BAF0000-0x000002764BAF1000-memory.dmp
memory/1324-179-0x000002764BAE0000-0x000002764BAE1000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\MVYGVDIJ\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
memory/5052-240-0x0000021F40B00000-0x0000021F40C00000-memory.dmp
memory/5052-252-0x0000021F51620000-0x0000021F51720000-memory.dmp
memory/2184-262-0x000002C8CAB80000-0x000002C8CABA0000-memory.dmp
memory/5052-305-0x0000021F625C0000-0x0000021F625E0000-memory.dmp
memory/2184-321-0x000002C8DBCC0000-0x000002C8DBCE0000-memory.dmp
memory/5052-329-0x0000021F65000000-0x0000021F65100000-memory.dmp
memory/5052-328-0x0000021F411C0000-0x0000021F411E0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LR1NY14K\controls[1]
| MD5 | a4a318511d80be37665e73ec973b81e1 |
| SHA1 | 920d4c59429eaed48793adf1b2a022f02845dfae |
| SHA256 | 487bd289a6ab1696dd8a4131e450cc750705ccca1a8c2ccd72877ccd1bb64ba2 |
| SHA512 | 7ff0ec31a5286633b7c76dda03437c61f1f8ef792e46a600443c6c8ed2a717540ded82f3b4bd10d34a4f13a912e12afb07d221d4150e7ff4e761945e0ec95afa |
memory/5052-337-0x0000021F625E0000-0x0000021F62600000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZDJNS5YJ\isDebugBuild[1]
| MD5 | db73f776d86f34f1b1a868fcd913ba0b |
| SHA1 | e523e3ae23da5e659ad0cc60f65ef42765c5fce9 |
| SHA256 | f9d7461b859197d4bb01a9f6bda6b8644fe19da7098a2abbe4cabeb6068b05d3 |
| SHA512 | 0d3f12acb10d570dfa0c026fdbeb8fc4fcafbd41d38667ea4dd911fb7be3e5b2f3c52e27057ed7fde7c5a41935ab19a9b29f32fd005a108bd95234370516e820 |
memory/5052-409-0x0000021F77200000-0x0000021F77300000-memory.dmp
memory/5052-439-0x0000021F77510000-0x0000021F77610000-memory.dmp
memory/5052-438-0x0000021F76D40000-0x0000021F76E40000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZDJNS5YJ\plugin.f12[3]
| MD5 | 6ffc76825ac5a364de7857cd9801a394 |
| SHA1 | 7d2c4d675b7cc290d8fa5cd6203b445ddeb6f601 |
| SHA256 | 247994a58c941356b9516722e0961eb54af73b28cc4bc8b66d0704014f3d466f |
| SHA512 | fa6e8a64c2b4c1ceeb983944c9220fdb76aa6cc97e630677ce39cfc15ddf4b14db8e47c99b8694477b2f73b3c7698c57071c08262936091507783ad8af541847 |
memory/5052-456-0x0000021F798F0000-0x0000021F79910000-memory.dmp
memory/5052-461-0x0000021F78020000-0x0000021F78040000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZDJNS5YJ\CommonMerged[1]
| MD5 | 0a87936cf5a69c4acbf907836d8a39d3 |
| SHA1 | 7e8aa29618d9f32ac4de08158b07553dd95e04ba |
| SHA256 | da5df576197529c480646a41bf2749b8266fd09345438380168ce46b5c9edf76 |
| SHA512 | 6b44d4eaa3fc4be2c17ef5288d93eb68ecdf996478c2635cc38380de3131f654211aa3bcde3d76250c81bbcb7daabe62f1cbf0f83a5ce11d3418995199af3b05 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\F12\emulation\devices.json
| MD5 | ecaa88f7fa0bf610a5a26cf545dcd3aa |
| SHA1 | 57218c316b6921e2cd61027a2387edc31a2d9471 |
| SHA256 | f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5 |
| SHA512 | 37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YPNQ8C2Y\index[1].htm
| MD5 | 6e39118bb323ac5675ff975cf24f0f80 |
| SHA1 | aa8428e26e6ec318a5d67ef49589ebc09ea3e36f |
| SHA256 | 1caee56d4a1bc4e90fe1789309092c92b2dc738a99292675e9d0265a37beaebc |
| SHA512 | ca41c3f0a570de6750997083e37baab1c6856da63b273d7ccfe075ffb3f6536ef30877f813b5e51ce44cb5aa02579aaf08d521665d7422def94562dbb6825e7a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BNDMBIUV\loader[1]
| MD5 | a38cb2d5a0c4f4233b535d38e2dd8967 |
| SHA1 | 0875bbe8c942b21f5cd9363ea696fbe0d77fb25d |
| SHA256 | 87f6cb22072570b4dba3d808d6f8c9ce75ff7c49092259890865eb0459307990 |
| SHA512 | 69547918b8f43488091791c745ca8542ad3ca8f4a557514624b569c664af7a3dd87c2f814044a79c75e1667f49ac9bc63e7a050a0694180fe3cf270543a67848 |