Malware Analysis Report

2025-08-05 19:01

Sample ID 231019-ftbkcafd45
Target ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4
SHA256 24f92c883d5db4db4c8d39d41e31e6d2715fc345a5ec6433585ce38e2c2392f4
Tags
themida evasion trojan microsoft phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

24f92c883d5db4db4c8d39d41e31e6d2715fc345a5ec6433585ce38e2c2392f4

Threat Level: Known bad

The file ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4 was found to be: Known bad.

Malicious Activity Summary

themida evasion trojan microsoft phishing

Detects DLL dropped by Raspberry Robin.

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks computer location settings

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

Detected potential entity reuse from brand microsoft.

Drops file in Windows directory

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: MapViewOfSection

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-19 05:09

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-19 05:09

Reported

2023-10-19 05:29

Platform

win7-20230831-en

Max time kernel

195s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe"

Signatures

Detects DLL dropped by Raspberry Robin.

Description Indicator Process Target
N/A N/A N/A N/A

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007832999c35766c4bae1b34334b3bf81200000000020000000000106600000001000020000000856d73b74e1e264ad49a9cd8152d4e98e4c6d716b42e7713f6073284e788f7d4000000000e80000000020000200000008e2387c4c72d4bb103494a2d93284748062685434f99318ab91bfdfc0cf0dd3a200000001a960edb9c75a7307885db7ac3dc1b774c81b03f7d789982271ffdbb22562711400000004719b1f3e417510ae7db6b06bd1ac886722cd7dbf75b45820c4e4d52d4841a7c5c527dfa9310a69e0888b773a0b291395207be4bbde0dd0e4193d69d312eff6c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9052749c4c02da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007832999c35766c4bae1b34334b3bf81200000000020000000000106600000001000020000000202c2a226c6452d260e1eb987247a5d255023005dc471ee3990555ac18663124000000000e8000000002000020000000162c97d828ee3a7809fcac62474788397a379f9119fef5344dbb2b39b4de736090000000413ba06250f1c93c48fcf99b91b68b14b422232e6134be24f333a942f5ca33b66c78f09e596adf0c3d3ff55e676cd67162f5b8a585d8136488ce749a02b1f751c1c090c382c14a686635670b3a75da59f85a62f914c8b081b0af3c6c655143b1fb4ea4a32ccc12ddd71971704a24c0b9d30e6203e29ea862f32913c2ca09baef5c061cd9af26f73e548243eb51f480ed40000000591299406e0759ab46a33ec11d7fc1fbdc5479cad9c8b8811997c273345426b50eeb32b5722542f05da74d525da798176a0cdab62dcbef6eed6271402b8749f3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C47DBDD1-6E3F-11EE-BC2E-661AB9D85156} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403854933" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe

"C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2680 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 learn.microsoft.com udp
NL 104.85.2.139:443 learn.microsoft.com tcp
NL 104.85.2.139:443 learn.microsoft.com tcp
NL 104.85.2.139:443 learn.microsoft.com tcp
NL 104.85.2.139:443 learn.microsoft.com tcp
NL 104.85.2.139:443 learn.microsoft.com tcp
NL 104.85.2.139:443 learn.microsoft.com tcp
NL 104.85.2.139:443 learn.microsoft.com tcp
NL 104.85.2.139:443 learn.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2776-0-0x0000000001100000-0x0000000001B34000-memory.dmp

memory/2776-3-0x00000000777B0000-0x00000000778C0000-memory.dmp

memory/2776-2-0x00000000777B0000-0x00000000778C0000-memory.dmp

memory/2776-1-0x00000000777B0000-0x00000000778C0000-memory.dmp

memory/2776-4-0x00000000777B0000-0x00000000778C0000-memory.dmp

memory/2776-5-0x0000000076730000-0x0000000076777000-memory.dmp

memory/2776-6-0x00000000777B0000-0x00000000778C0000-memory.dmp

memory/2776-11-0x00000000777B0000-0x00000000778C0000-memory.dmp

memory/2776-13-0x00000000777B0000-0x00000000778C0000-memory.dmp

memory/2776-12-0x00000000777B0000-0x00000000778C0000-memory.dmp

memory/2776-10-0x00000000777B0000-0x00000000778C0000-memory.dmp

memory/2776-15-0x0000000077CD0000-0x0000000077CD2000-memory.dmp

memory/2776-14-0x00000000777B0000-0x00000000778C0000-memory.dmp

memory/2776-18-0x00000000777B0000-0x00000000778C0000-memory.dmp

memory/2776-17-0x00000000777B0000-0x00000000778C0000-memory.dmp

memory/2776-19-0x00000000777B0000-0x00000000778C0000-memory.dmp

memory/2776-21-0x00000000777B0000-0x00000000778C0000-memory.dmp

memory/2776-22-0x00000000777B0000-0x00000000778C0000-memory.dmp

memory/2776-20-0x0000000076730000-0x0000000076777000-memory.dmp

memory/2776-24-0x00000000777B0000-0x00000000778C0000-memory.dmp

memory/2776-23-0x0000000001100000-0x0000000001B34000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabDB25.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarDB67.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acabbe07d7a5aaeb5135fde5621c31d6
SHA1 a948eec7ea406be3bbb16c181a1532d3fe91c7c6
SHA256 298afe748de8c4963c4826f16b1c924d171f4fad0bf08f6014de2eaf81ff842d
SHA512 e0571c1f31cc2b898cb55da71e96b1d1f5cc11a8d1d6ac47fb6dc6449cece36e5e93b2b4b182cf44a401503f6d661dd55e61813ce1f1d4c1698bc35371d3c756

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44b4417387fa38e3dd9117abba765527
SHA1 e6d1d4992948ce5a182b416120e1e8fa80163237
SHA256 b23bdb41e229f168f38b4f47717d3690205efd1c9ab319d0b47a110fd3569618
SHA512 ff84b1db5556e66fa13a39c1f45f5044a42dd2880a369e29d6dd90e82158f68dfcf7e5a70f90f05733ed89eac2d767d53f71314e7ce475973c07b2c19524614e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80ed48f062bf1e1dd0c776383838c158
SHA1 10fffc93e3834c73281785a103499f67b8d5b359
SHA256 bfdfb5fb1d6ad258523b1698a04e122372a8a053cd8653a4268f9759c486c218
SHA512 2044952536df55aab90409f44c12741906ac53cd580e5429433aad44d37ee605c2f13fcb94d7c8b7f835e4557cab22ef8cd0b5105799c9ec8b038ccbd1561a35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de326b25ca263a1441f54e54969bc462
SHA1 11c08313d6655f9c2430231d0a4b1e3808e752e9
SHA256 fe4675242bc4673f9dcb9e8faa49fa095d99477aef477ac5bf9974c5984f1219
SHA512 aaefba47e1770c5feadf2956d9fe2db6585c91f75d2c6206518e936eb64eb9a5fa9132c9f5462d1a15a79f573110686e13b8e4c8dccf45f2c2c52c64471fd03e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24808366ca3ab4879f0b9fcae285e8a7
SHA1 066760ac196f58f76f1fed8ce0f37ba486b909eb
SHA256 3d40e347bc97141a808812d0ded4463eb33f08496a4ee3aab3f86c1f4417f832
SHA512 8e39369d0ede2b4b7155d49f5e770949e201449d3799ed4d1ffacaf84eb8cae2cab1be5df760f290e866a1d89241936037fe6020620d7ccc89be8dbd6071317f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 557da83ac6b45b63c8b951108d2ba246
SHA1 4ac9dd0ec42e6e88c21ef3674f79ea08cb68c0fe
SHA256 aa98f3c67ddda34c2d3b022b072c806cbc61733a4353d4bd1aad506c4e309f86
SHA512 870f30481a86c2481e4965bfd1a9cab9d6fe1e1c71fb86f3b030ed59276e941e8b531b23f530037bbf28e90ea0d05ab00341a4f7274e36c05ecb9040e46e6f34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5cf33af7cc162c5c8a49e3e486e7981
SHA1 0e013b66325aa3df86e0fab02c73efbcf60ce17d
SHA256 1f19fc18f113f6c98039586817df8824f62ab50100c2a21c567e488d40dbe2c3
SHA512 b69a9bd6cdf8720f2566ef701c554fe53e7c42d7d1225ae74463f659c9ea70972118aa286294e09cab8358ccfe746a053ef0ac4fba1ea531d44714628d930a7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37bd6080ff785be64e7983d7bbb23e00
SHA1 c3f2b283afeec1aaee1e2d59b4c71f371f161d4d
SHA256 4db219c5be327b870a62d28074e22f943b07ee1b50617100c7bb2ede1565bd0c
SHA512 1bc321d4af2d878cff2a528b7b01edf175a514ebdac046c8eae6b353ea4f6d030985772751e994d900e29f9585689ea1732dc29c5a783e17969682551c347b27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 394b2cab4bf054af2ee8b77f73d94432
SHA1 ec32d936edf9670c27535842393c9b7c5cea1b35
SHA256 5f9b293a615f099fe92a797e0ff502465f05c24875e123d0615cd560d578fe6b
SHA512 fe7f773f86c564be5e6d7d11c9a7ddf009ac432bc5b69d8cd118a9954b85cc93a972e4958db71803757c3db217101b4a21795d99507039ce02e900efffdb429f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 833bb9ccf01bd282a9bd5d84a242b3de
SHA1 c528b116bd196ce3da0ed0929e4b1be9751fd1ce
SHA256 5de9ae80feb8b06248ed1e4bef637493505f4add33acf393dfe27b0168ef9290
SHA512 55ede132fd4e05d45ee358e33770639b9280c3dc2ed45c5da92ecfacbefe0c4cb4a61fe5111bf8af7b35f254e8164fd80b9368893226e5cda3f95b45ef24701f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ed79a43e4aeaaaaea4d8890a9761898
SHA1 0c3c84db8cb8eff0e1e7a82a3cf7fe013cd39b0d
SHA256 d658c1b8ecddece27bd4d26e115f54c00b233a364345a1eeb9ae16e2bd5f9574
SHA512 bbdab8bcb756827d78fcfe61f5e238fa82deb769f2174927c1d31f1670f46d3cdda04357213ae0d1eabd620bd342ceef2f388222d7c25fb6dcf888d65b08b04e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b44698d69b106d166e2140cb5eebf7c8
SHA1 f5bae53822afac7c234e5c372f61955f072a7885
SHA256 4d514cc47d3e8a3f0ab884ef3f9ce4ff2cee51f8f670eff2fd9c24b7177929bd
SHA512 0a3679f06c530fbf3876b7d2be4916f9f279f7d98160ca696f93c67c005ee6aef7e94f4d3faef770c031202cf3e37b4941ceafc3281d8050d212f7e8135fc7ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 675cf747df9ca38ed479c7bb0142c741
SHA1 19cb4924d4202ce1ea531909eeeaeedc5434f3ee
SHA256 a9059a39c5de98c9b6398aaf13838e56cc7a03cd2ea277dbeea61b36bffebc13
SHA512 4877a140d59551a0da0bcc306ac6b5d4887a6c0338089e558adc57ed95c0f7439882c7a5cf38092199bde6029a720befa56f66367459872b62c52cc605f83fda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42911b2350ac6a21dda01184e21c9947
SHA1 0e8172200a2a7a494c19a72d218e0a7cfef997d4
SHA256 0f35c782fc2e48a4ae3c28a6c292822a31b41fa62a3c4af25ba5b64cc5dcac5a
SHA512 22408de3d8e30ada42b9d8199fc8df49a6c335792d62034a41e69cd82b6f855b47fbc8bdf634539452e0ec54e7ccb60165c7b29b49c0ae7e153dd83314980a8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe7e20a008b9a41ed631927771f86858
SHA1 3ba49502c33fd24a5c1d4544ba3996692ba59e9c
SHA256 fa6c7ae8eaa7ccc32515f3645e7dd2f4651f763f83fd47e5ace082adccee922e
SHA512 a52349d96b3a6227f80416bbc7ee12f6cb9b009dae3e085ed84a2bc76ebdbad03aa565b084831608d4f80fae77438dbe3864e808683a5bd02fbbbb0140adf96a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37f11ff8f46d34d1f1e311214eb23945
SHA1 ebab73588cc7be211d226bffa94bf5ee3b0924a0
SHA256 c89656e3c7cbb27cb6c314841a469e8ad576505ba9830be4d105a6eaa0be9eee
SHA512 850b22c0b915fd7cacbac907db99af7dba3fa0c9d1b72542a9c320e095aaa69d87fcc2fd418703f12be962015f274c53413a2f916a2ee6b6f5368fc7aa4e06b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4b7e65d13a5b34a36e31fecc8e6a847
SHA1 fed1c5b09af784918405127f2dc68ebba61c898d
SHA256 88fd0f4b622dcbe7249a2568157519efa0612edd0861c6efcd723e7c9d623df5
SHA512 33a237b5c703b9a888cc72be592e1efda11ef2c792daf60ad647ad5bd39a676e97196735861eaf2641ff86c09b4d5b3f405fcf4603c2cedc406ab9db970e22e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15a6a29f07224e5ab0947ea75113b60e
SHA1 71ebde4118864ab60f3ba6e7042d4419d737c773
SHA256 1be53d62da451b75a86947b1886276738297656c07a895b14c3570fd7889af6e
SHA512 7dca19e04baabc332251cc061f361e041a4a1e7eb96195de90af8af1732965767e5483ba241e018d25ae276b59c56a4ade7233dcc600b1111fe0d8388d92ba92

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-19 05:09

Reported

2023-10-19 05:27

Platform

win10-20230915-en

Max time kernel

300s

Max time network

238s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe"

Signatures

Detects DLL dropped by Raspberry Robin.

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\learn.microsoft.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 92fdf7404c02da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 142356554c02da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3916 wrote to memory of 2816 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3916 wrote to memory of 2816 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3916 wrote to memory of 2816 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3916 wrote to memory of 2816 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3916 wrote to memory of 2816 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3916 wrote to memory of 2816 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3916 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3916 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3916 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3916 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3916 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3916 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe

"C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 learn.microsoft.com udp
NL 104.85.2.139:443 learn.microsoft.com tcp
NL 104.85.2.139:443 learn.microsoft.com tcp
US 8.8.8.8:53 59.82.57.23.in-addr.arpa udp
US 8.8.8.8:53 139.2.85.104.in-addr.arpa udp
US 8.8.8.8:53 126.22.238.8.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 8.8.8.8:53 67.246.107.13.in-addr.arpa udp
NL 104.85.2.139:443 learn.microsoft.com tcp
NL 104.85.2.139:443 learn.microsoft.com tcp
NL 104.85.2.139:443 learn.microsoft.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 88.221.24.66:443 www.bing.com tcp
NL 88.221.24.66:443 www.bing.com tcp
US 8.8.8.8:53 163.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 66.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

memory/3104-0-0x00000000000E0000-0x0000000000B14000-memory.dmp

memory/3104-1-0x0000000076AA0000-0x0000000076B70000-memory.dmp

memory/3104-2-0x0000000076AA0000-0x0000000076B70000-memory.dmp

memory/3104-3-0x0000000076AA0000-0x0000000076B70000-memory.dmp

memory/3104-4-0x0000000076CD0000-0x0000000076E92000-memory.dmp

memory/3104-5-0x0000000076CD0000-0x0000000076E92000-memory.dmp

memory/3104-6-0x0000000076CD0000-0x0000000076E92000-memory.dmp

memory/3104-7-0x0000000076CD0000-0x0000000076E92000-memory.dmp

memory/3104-8-0x0000000077954000-0x0000000077955000-memory.dmp

memory/3104-12-0x00000000000E0000-0x0000000000B14000-memory.dmp

memory/3104-13-0x0000000076AA0000-0x0000000076B70000-memory.dmp

memory/3104-14-0x0000000076AA0000-0x0000000076B70000-memory.dmp

memory/1568-15-0x00000146B1320000-0x00000146B1330000-memory.dmp

memory/1568-31-0x00000146B1D00000-0x00000146B1D10000-memory.dmp

memory/1568-50-0x00000146B14F0000-0x00000146B14F2000-memory.dmp

memory/3104-51-0x0000000076AA0000-0x0000000076B70000-memory.dmp

memory/3104-55-0x0000000076CD0000-0x0000000076E92000-memory.dmp

memory/3104-66-0x0000000076CD0000-0x0000000076E92000-memory.dmp

memory/2816-75-0x000001A47C960000-0x000001A47C962000-memory.dmp

memory/2816-78-0x000001A47C9C0000-0x000001A47C9C2000-memory.dmp

memory/2816-80-0x000001A47C9E0000-0x000001A47C9E2000-memory.dmp

memory/2816-117-0x000001A47D6E0000-0x000001A47D700000-memory.dmp

memory/2816-144-0x000001A47EE40000-0x000001A47EE60000-memory.dmp

memory/2816-185-0x000001A47FCE0000-0x000001A47FCE2000-memory.dmp

memory/2816-187-0x0000019C14010000-0x0000019C14012000-memory.dmp

memory/2816-189-0x0000019C14030000-0x0000019C14032000-memory.dmp

memory/1568-195-0x00000146B7990000-0x00000146B7991000-memory.dmp

memory/1568-194-0x00000146B7980000-0x00000146B7981000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\quxig9m\imagestore.dat

MD5 3257e5b327914ea2ba976c60d3b4eb98
SHA1 a4bf78ca460d888b39d7ac45afd18bd1b56fd68b
SHA256 33b494e0c17576cf8a4b46a4abb9171c50d4e3dacb4eb53b9dc9dd0d7417c230
SHA512 63d82ba8bad2a1dcdbe8e12113f33f62332a3c25f07d16a58351fc67bc6a9ec5dd1af59a127d6e16144385b56646cc292d1a46b04d75f8cbbfd636dd5cf4e44d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\P068WU4V\favicon[1].ico

MD5 12e3dac858061d088023b2bd48e2fa96
SHA1 e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
SHA256 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
SHA512 c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

memory/3104-207-0x0000000076AA0000-0x0000000076B70000-memory.dmp

memory/3104-210-0x0000000076AA0000-0x0000000076B70000-memory.dmp

memory/3104-212-0x0000000076AA0000-0x0000000076B70000-memory.dmp

memory/3104-211-0x0000000076AA0000-0x0000000076B70000-memory.dmp

memory/3104-209-0x0000000076CD0000-0x0000000076E92000-memory.dmp

memory/3104-213-0x00000000000E0000-0x0000000000B14000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

MD5 5754774738bba4a5eeb18f2c156b2426
SHA1 fd0220b958cdd8c39bb58940af0bac1d618ab2d9
SHA256 48ab38fc83b47674743522c94b5960c91b0ceedbce74274f8721e1d86aae53ad
SHA512 a7262b9c2727392cb4b90fbdb26eb5eb20c1c23237c69d7de8d1175dccdadad4043b3689f5dd2284f5881448ee9f4537112f1159a70f96341b97753c66b3269a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

MD5 a8464c2335dd0db0ab4a438765f90c02
SHA1 ef0a2547b27ccb54148d3ca3535394992118fa98
SHA256 84ac1c5d637f69df334d3b383eb64afed0e3257909775e94db338362ade5acb2
SHA512 c83c5e918781a1a63007a5132ce3bf21fc819fab11ecdccd69720519cfc5554ecd0feff2a81a399e78745f2a85e8fab6af539eb6c15c5c230957b41d13191e86

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2X1ESESQ\application-not-started[1].htm

MD5 30317cbc57edb71760cb15d12dc4c715
SHA1 5f32a8eda7c4cb6bbfa5f3f690b19e946b8353c4
SHA256 34c4132c283672918e058c25947e6fca6cbac2b92e040cfe19205d0aa66e8707
SHA512 cadb368a19589e53b0b0e7b79dffc3781394f1a7a8c1d6ce8e80f36586b8ca1c8b9ed360c338ec7a0a66af0cbdbf328089607fbbb75f1285f9bf113f061a0c5c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2TDM2LQ\dce1d392.site-ltr[1].css

MD5 12f2ed166c75673f1d5267b892aa3f83
SHA1 018b3e5e01b9059bb0715d94fe3d4d370dc10b44
SHA256 6a495392198e10f3afda154005d1e681f1fe5b807f190fc99fbedc1959a7d482
SHA512 9f2aac34cdf4a2cab930829bcb29ba3b8a3f6a801ba50a7d08d407ef7db98c10d1c2c9b9733303d50699b8e5cd4bef9dbcbdb4be2b5656e2b059dc584506c715

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2TDM2LQ\67a45209.deprecation[1].js

MD5 020629eba820f2e09d8cda1a753c032b
SHA1 d91a65036e4c36b07ae3641e32f23f8dd616bd17
SHA256 f8ae8a1dc7ce7877b9fb9299183d2ebb3befad0b6489ae785d99047ec2eb92d1
SHA512 ef5a5c7a301de55d103b1be375d988970d9c4ecd62ce464f730c49e622128f431761d641e1dfaa32ca03f8280b435ae909486806df62a538b48337725eb63ce1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QFV1UYDJ\wcp-consent[1].js

MD5 5f524e20ce61f542125454baf867c47b
SHA1 7e9834fd30dcfd27532ce79165344a438c31d78b
SHA256 c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9
SHA512 224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QFV1UYDJ\ms.jsll-3.min[1].js

MD5 9f667fcbe79a2f0a5881315d22ce5b34
SHA1 745be50b4affbf86a900dbc6fea9dcada089c63b
SHA256 ed20090ab9eac537cd83a784f70dd61f1ea14da013e0e9c38174bfc691353304
SHA512 e2fcc27f22c2ea0ca9c00f2a638c53ec322d4d1ade38570fcefdd86452090dd5052b9e4eaca409b4542ad5f3c40332314d361fcf7b3460405cd6dfe51748d4de

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JIRJISR4\app-could-not-be-started[1].png

MD5 522037f008e03c9448ae0aaaf09e93cb
SHA1 8a32997eab79246beed5a37db0c92fbfb006bef2
SHA256 983c35607c4fb0b529ca732be42115d3fcaac947cee9c9632f7cacdbdecaf5a7
SHA512 643ec613b2e7bdbb2f61e1799c189b0e3392ea5ae10845eb0b1f1542a03569e886f4b54d5b38af10e78db49c71357108c94589474b181f6a4573b86cf2d6f0d8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JIRJISR4\4d703278.index-docs[1].js

MD5 155490cbfdfaa90712c01d5389f4d9c8
SHA1 a3285c76bb0d2abd7d5a950a3d48ea08534b7a27
SHA256 8601201d5294192557525906fcb236a21efccdbdce68280d5ad68fad0dc929da
SHA512 5f104ec4a8aa474efc9ef29b2275fd265864689550e30681d9232b0116050a880ca0e7263dcac9a6fcd6cc6e77f125d626859a4b1a9f918d98437b82b36de468

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QFV1UYDJ\repair-tool-recommended-changes[1].png

MD5 3062488f9d119c0d79448be06ed140d8
SHA1 8a148951c894fc9e968d3e46589a2e978267650e
SHA256 c47a383de6dd60149b37dd24825d42d83cb48be0ed094e3fc3b228d0a7bb9332
SHA512 00bba6bcbfbf44b977129594a47f732809dce7d4e2d22d050338e4eea91fcc02a9b333c45eeb4c9024df076cbda0b46b621bf48309c0d037d19bbeae0367f5ed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JIRJISR4\repair-tool-no-resolution[1].png

MD5 240c4cc15d9fd65405bb642ab81be615
SHA1 5a66783fe5dd932082f40811ae0769526874bfd3
SHA256 030272ce6ba1beca700ec83fded9dbdc89296fbde0633a7f5943ef5831876c07
SHA512 267fe31bc25944dd7b6071c2c2c271ccc188ae1f6a0d7e587dcf9198b81598da6b058d1b413f228df0cb37c8304329e808089388359651e81b5f3dec566d0ee0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2X1ESESQ\tex-mml-chtml[1].js

MD5 2e00d51c98dbb338e81054f240e1deb2
SHA1 d33bac6b041064ae4330dcc2d958ebe4c28ebe58
SHA256 300480069078b5892d2363a2b65e2dfbbf30fe5c80f83edbfecf4610fd093862
SHA512 b6268d980ce9cb729c82dba22f04fd592952b2a1aab43079ca5330c68a86e72b0d232ce4070db893a5054ee5c68325c92c9f1a33f868d61ebb35129e74fc7ef9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QFV1UYDJ\install-3-5[1].png

MD5 f6ec97c43480d41695065ad55a97b382
SHA1 d9c3d0895a5ed1a3951b8774b519b8217f0a54c5
SHA256 07a599fab1e66babc430e5fed3029f25ff3f4ea2dd0ec8968ffba71ef1872f68
SHA512 22462763178409d60609761a2af734f97b35b9a818ec1fd9046afab489aad83ce34896ee8586efe402ea7739ecf088bc2db5c1c8e4fb39e6a0fc5b3adc6b4a9b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2X1ESESQ\repair-tool-changes-complete[1].png

MD5 512625cf8f40021445d74253dc7c28c0
SHA1 f6b27ce0f7d4e48e34fddca8a96337f07cffe730
SHA256 1d4dcee8511d5371fec911660d6049782e12901c662b409a5c675772e9b87369
SHA512 ae02319d03884d758a86c286b6f593bdffd067885d56d82eeb8215fdcb41637c7bb9109039e7fbc93ad246d030c368fb285b3161976ed485abc5a8df6df9a38c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2TDM2LQ\logo_net[1].svg

MD5 37258a983459ae1c2e4f1e551665f388
SHA1 603a4e9115e613cc827206cf792c62aeb606c941
SHA256 8e34f3807b4bf495d8954e7229681da8d0dd101dd6ddc2ad7f90cd2983802b44
SHA512 184cb63ef510143b0af013f506411c917d68bb63f2cfa47ea2a42688fd4f55f3b820af94f87083c24f48aacee6a692199e185fc5c5cfbed5d70790454eed7f5c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2TDM2LQ\latest[1].woff2

MD5 2835ee281b077ca8ac7285702007c894
SHA1 2e3d4d912aaf1c3f1f30d95c2c4fcea1b7bbc29a
SHA256 e172a02b68f977a57a1690507df809db1e43130f0161961709a36dbd70b4d25f
SHA512 80881c074df064795f9cc5aa187bea92f0e258bf9f6b970e61e9d50ee812913bf454cecbe7fd9e151bdaef700ce68253697f545ac56d4e7ef7ade7814a1dbc5a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2X1ESESQ\SegoeUI-Roman-VF_web[1].woff2

MD5 bca97218dca3cb15ce0284cbcb452890
SHA1 635298cbbd72b74b1762acc7dad6c79de4b3670d
SHA256 63c12051016796d92bcf4bc20b4881057475e6dfa4937c29c9e16054814ab47d
SHA512 6e850842d1e353a5457262c5c78d20704e8bd24b532368ba5e5dfc7a4b63059d536296b597fd3ccbd541aa8f89083a79d50aaa1b5e65b4d23fc37bfd806f0545

memory/4532-247-0x0000016C13FF0000-0x0000016C14010000-memory.dmp

memory/4532-261-0x0000016C15980000-0x0000016C159A0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\3QSAK0BW\learn.microsoft[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JIRJISR4\docons.28d69bd4[1].woff2

MD5 7e2a819601bdb18df91d434ca4d95976
SHA1 94c8d876f9e835b82211d1851314c43987290654
SHA256 7da655bf7ac66562215c863212e7225e1d3485e47e4c2d3c09faac7f78999db1
SHA512 1ca1d95cc91cb06a22b8d30a970c254e334db7ff6bad255333bac2adc83c98735ec9c43bccf9c46514664d449a43d2586d38a45970338655244e754d2a87a83e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FKMV2AI3\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\PWTOA31O\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee