Analysis Overview
SHA256
14a4f6c9137eee4c24fe5c52dae6bc82fecb9b8e832742b5b40f734e6e842a5a
Threat Level: Known bad
The file XWorm V5.2.rar was found to be: Known bad.
Malicious Activity Summary
AgentTesla payload
Contains code to disable Windows Defender
Stormkitty family
StormKitty payload
Agenttesla family
AgentTesla
AgentTesla payload
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Checks computer location settings
Drops file in Windows directory
One or more HTTP URLs in PDF identified
Unsigned PE
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: MapViewOfSection
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-03 12:21
Signatures
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Agenttesla family
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
One or more HTTP URLs in PDF identified
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral9
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
132s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Pastime.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
132s
Max time network
139s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Programs.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 94.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
130s
Max time network
134s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Ransomware.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.193.132.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
132s
Max time network
137s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\RemoteDesktop.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.246.116.51.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
132s
Max time network
136s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\RVGLib.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.162.46.104.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:23
Platform
win10-20240404-en
Max time kernel
10s
Max time network
22s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\HiddenApps.dll",#1
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
132s
Max time network
140s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Microphone.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.197.79.40.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:25
Platform
win10-20240404-en
Max time kernel
126s
Max time network
136s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Options.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
132s
Max time network
137s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\VB.NET Compiler.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
133s
Max time network
136s
Command Line
Signatures
AgentTesla
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWorm V5.2.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWorm V5.2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWorm V5.2.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWorm V5.2.exe
"C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWorm V5.2.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.173.189.20.in-addr.arpa | udp |
Files
memory/688-0-0x00007FFC02D83000-0x00007FFC02D84000-memory.dmp
memory/688-1-0x0000024EF18C0000-0x0000024EF24F8000-memory.dmp
\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll
| MD5 | 2f1a50031dcf5c87d92e8b2491fdcea6 |
| SHA1 | 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f |
| SHA256 | 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed |
| SHA512 | 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8 |
memory/688-8-0x00007FFC02D80000-0x00007FFC0376C000-memory.dmp
memory/688-9-0x0000024EF58D0000-0x0000024EF64BC000-memory.dmp
memory/688-10-0x0000024EF67E0000-0x0000024EF69D4000-memory.dmp
memory/688-11-0x00007FFC02D80000-0x00007FFC0376C000-memory.dmp
memory/688-12-0x00007FFC02D80000-0x00007FFC0376C000-memory.dmp
memory/688-13-0x00007FFC02D83000-0x00007FFC02D84000-memory.dmp
memory/688-14-0x00007FFC02D80000-0x00007FFC0376C000-memory.dmp
Analysis: behavioral14
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
132s
Max time network
142s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Recovery.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.141.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:25
Platform
win10-20240404-en
Max time kernel
130s
Max time network
139s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\WSound.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:25
Platform
win10-20240404-en
Max time kernel
132s
Max time network
140s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\SimpleObfuscator.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
132s
Max time network
136s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Ngrok-Disk.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:25
Platform
win10-20240404-en
Max time kernel
125s
Max time network
137s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Regedit.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:25
Platform
win10-20240404-en
Max time kernel
132s
Max time network
142s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\ServiceManager.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:25
Platform
win10-20240404-en
Max time kernel
126s
Max time network
137s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Stealer.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
131s
Max time network
138s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Maps.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
132s
Max time network
142s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\MessageBox.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
133s
Max time network
141s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\StartupManager.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
132s
Max time network
146s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Informations.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
132s
Max time network
139s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Keylogger.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
133s
Max time network
137s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\ProcessManager.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.197.79.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
133s
Max time network
140s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Shell.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
132s
Max time network
141s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\WebCam.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 169.117.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:25
Platform
win10-20240404-en
Max time kernel
149s
Max time network
156s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWormLoader 5.2 x32.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "124" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "124" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "421514863" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000e5ef862915a3f92a9f05c7b72e6adec63d9849fe19fa635a7a10b16d5619e5f0cd1a27545ec236b7a1c736addba4d396edf105c39a6c5e01109b | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4d7261aa549dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "421583393" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = bb67bf94549dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWormLoader 5.2 x32.exe
"C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWormLoader 5.2 x32.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 13.107.253.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.253.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.15.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.42.73.27:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.73.27:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.73.27:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.73.27:443 | browser.events.data.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | westus2-0.in.applicationinsights.azure.com | udp |
| US | 20.9.155.145:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 20.9.155.145:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 8.8.8.8:53 | 145.155.9.20.in-addr.arpa | udp |
| US | 20.9.155.145:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 20.9.155.145:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 20.42.73.27:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.73.27:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.162.46.104.in-addr.arpa | udp |
Files
memory/4412-16-0x000001C5A6A20000-0x000001C5A6A30000-memory.dmp
memory/4412-0-0x000001C5A6920000-0x000001C5A6930000-memory.dmp
memory/4412-35-0x000001C5A5A80000-0x000001C5A5A82000-memory.dmp
memory/1352-43-0x0000016904880000-0x0000016904980000-memory.dmp
memory/1352-45-0x0000016904880000-0x0000016904980000-memory.dmp
memory/4256-58-0x000001B6EC030000-0x000001B6EC032000-memory.dmp
memory/4256-63-0x000001B6EC080000-0x000001B6EC082000-memory.dmp
memory/4256-61-0x000001B6EC060000-0x000001B6EC062000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\23TXP48C\dotnet.microsoft[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
memory/4256-170-0x000001AE82800000-0x000001AE82802000-memory.dmp
memory/4256-178-0x000001AE82860000-0x000001AE82862000-memory.dmp
memory/4256-176-0x000001AE82840000-0x000001AE82842000-memory.dmp
memory/4256-174-0x000001AE82830000-0x000001AE82832000-memory.dmp
memory/4256-172-0x000001AE82820000-0x000001AE82822000-memory.dmp
memory/4256-188-0x000001B6FD730000-0x000001B6FD750000-memory.dmp
memory/4256-168-0x000001AE826E0000-0x000001AE826E2000-memory.dmp
memory/4256-166-0x000001AE826C0000-0x000001AE826C2000-memory.dmp
memory/4256-198-0x000001B6FD730000-0x000001B6FD750000-memory.dmp
memory/4256-205-0x000001AE82B00000-0x000001AE82C00000-memory.dmp
memory/4256-230-0x000001AE82D00000-0x000001AE82E00000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
| MD5 | c05cddb574b5877f2dd77e140bc281e6 |
| SHA1 | a407d471b205d3acf44fd5dbe96df38609f8e375 |
| SHA256 | 4b386aa4120330e845ee58f935994bd488094690b70eee72f86289d26ddaef2a |
| SHA512 | 60c77357b76ba6b57dba09607d42b80a7efd27f26ec34dab40ee8f7973a9ba89a508fae6366244ad3f283795a8fc5e77ae4affb7810e46461b4b1c46c3666d30 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
| MD5 | 628c18d17f9620cd8a1f40f9800c1b8a |
| SHA1 | 6ab2ed359b05beac18952a47856f2fd7732842a0 |
| SHA256 | eabac670105ff78fab85ae69ba32b62dea23443ea30078687b3e7fa112f7012b |
| SHA512 | 1b3d1013a52e1aa5985952beeeaf605d274157186c4861ac83aea211aa5903d2fe12152da6cc2b6947e3962f78990cd0a2d37a3eefd2e46313e89083135ec3de |
memory/4256-237-0x000001AE82E20000-0x000001AE82E22000-memory.dmp
memory/4256-240-0x000001AE82E30000-0x000001AE82E32000-memory.dmp
memory/4256-263-0x000001AE836E0000-0x000001AE83700000-memory.dmp
memory/4256-293-0x000001AE83B00000-0x000001AE83C00000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
| MD5 | 566393b9875625163c74ebebc75623ab |
| SHA1 | 08bdbda734b6b86d4a16bb01f09f9d61334df977 |
| SHA256 | b0c40072f1d03d9ba50975686065f5c36c88f160328b982cc38dcd5b30014fc5 |
| SHA512 | eb72e33bf3065bf082ac4ba03d953d226ced5d61fd6782fb351f1ebd205786f2d7417ba9d6cb6640d2465a0ce91eb127119621d61c991220cad949ad9a53f692 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
| MD5 | 58490d95e346f9c974d60fbb1e34a9bf |
| SHA1 | 0c65379a63af6e76f5c6717fcb92d403b280ca5a |
| SHA256 | 39fc846dbd28fdf8c96fab4d198ff40f05225968fd337ae476f152615b3bfd1f |
| SHA512 | 71f4e54b3eb4e5bd32c361324a0de3d16de56a35a6c5451c62f5cb4d635e3624ddc88226398a3093267a46325d6a655a9f635757dc5a8c55c6580457fb459997 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\23TXP48C\dotnet.microsoft[1].xml
| MD5 | b2beef5a2acbf5487d22a26f13393d04 |
| SHA1 | 03145f61d0440a0d17be15105d316539e911ffb5 |
| SHA256 | 05641591cb2ef808f6db03aeb125e49c17b023f0ba8183a59cca88577ec5ad38 |
| SHA512 | 801783d53ef1b7c353e5b395801ac918e1084be0ebd1b3567d8f0b196cd28190bc562e7255d022c3877591ac1e41d820e27ab9711e79abb4c95cdd78fb5ee46b |
memory/4412-343-0x000001C5AD0F0000-0x000001C5AD0F1000-memory.dmp
memory/4412-342-0x000001C5AD0E0000-0x000001C5AD0E1000-memory.dmp
memory/4256-339-0x000001AE82FA0000-0x000001AE82FC0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\dix8bm4\imagestore.dat
| MD5 | c2850afdb44e42e1beeda09301022fdb |
| SHA1 | 26e6b06a8b4b80c648d6c7f3da0baa26a199b02c |
| SHA256 | 974064543ec971f84647ac8f8567f1b3b444a3202c99fc4744cdc6e5c1d81503 |
| SHA512 | 088516d9373394ec04f644a53bccbcad213639b06616c93a67a3ff62f128e2b646820efbb2c8dd2bf4e9860a4d26c44ff503c8f5afe29ce974743d1617a8ada0 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4PVGC4I5\favicon[1].ico
| MD5 | 8565042b6db20c23647202bf4b95f11b |
| SHA1 | 9f0829cb3ceef14ac10e0b66338d8b7243a09101 |
| SHA256 | dd7958526f6b8510fc2a9a675056d78e029e62015e8913dda574ff5797ddb969 |
| SHA512 | dbf692b7219a3ea993ab939442a843ffbc7bcfe63bc62117a14ed7e953ffce595393e9f950649aa609a7a9a94b56003ab84cb82edaf2db3e4551434204085b95 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\7a-c9e644[1].css
| MD5 | b7af9fb8eb3f12d3baa37641537bedc2 |
| SHA1 | a3fbb622fd4d19cdb371f0b71146dd9f2605d8a4 |
| SHA256 | 928acfba36ccd911340d2753db52423f0c7f6feaa72824e2a1ef6f5667ed4a71 |
| SHA512 | 1023c4d81f68c73e247850f17bf048615ddabb69acf2429644bdaf8dc2a95930f7a29ceae6fbd985e1162897483a860c8248557cda2f1f3d3ff0589158625a49 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\cookie-consent.min[1].js
| MD5 | 2ad93f6c4dd71b579f187d1463457ee4 |
| SHA1 | 55720a32d32781f421f8a2c70c424a69e2fa7c21 |
| SHA256 | d2d1b9863e393a6a8ac95617470d67f7d21044004e4f08d7cd65e480a05204a8 |
| SHA512 | 1cc6445bbd18951ce30ca48fece2560a3d15e8176abf91a54a1819ad28fbb2fbf28d30ef9d08ac83fb1f3bfffe9178c07642bdeee056f202b8dbd6e5b71b4305 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\bootstrap-custom.min[1].css
| MD5 | b35590e4d3bf1b0b2bf9b986c30a7183 |
| SHA1 | fde573711c2c27e6c2824e3f3ae1bf6e3d216330 |
| SHA256 | 1dc203879fb2076f320b714edd1d9d83f605ad9c50d341d4dc695f821586f96b |
| SHA512 | 2d2a6bf3828d402c66215977220643c0c6dadd55216c41951e9e71147e87f3df3562576cbc384b5c6bca8aca1f90d49f2cd5ae2a9c10c4dc057847bcf8f743ec |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\ms.analytics-web-4.min[1].js
| MD5 | 980d73a0137e5551defdbd0b2ec375d8 |
| SHA1 | 2e9e819deca8f7c54da873c36e9bde49a3720b15 |
| SHA256 | 0d7e2f7aaa0b683cd0e5ae10a5258c8af3c7d1ab7a71b7d7517444972d520c9e |
| SHA512 | a39a91cabc930d0746cc88da89852b9f23aadfcfc63228eb9ec7b9937ef3d22dbb875623f3e343f225a842dad26920167cd81397a9ba57830a750c5b40512ca0 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\analytics.min[1].js
| MD5 | 29dd8eed8b9d930080dc0f2970261930 |
| SHA1 | d0cbf2f13789c6704caac2e296e9b05c131a5536 |
| SHA256 | ebdd29b3d27624771d3f8272f26eabb31c7f15ae175382f21c60d72035b7f36e |
| SHA512 | fb3c68d5713e7653ef4c677dae5c444901fb67d8045f5fb75635d78d8ab9427e9564b66b4dd9fb8131d1e05c7a877343fabcc931a71ba533a3a0f8a82737bf86 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\RE1Mu3b[1].png
| MD5 | 9f14c20150a003d7ce4de57c298f0fba |
| SHA1 | daa53cf17cc45878a1b153f3c3bf47dc9669d78f |
| SHA256 | 112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960 |
| SHA512 | d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\footer.min[1].js
| MD5 | 33eb53d99fb8b6b0fc16b035559b20d5 |
| SHA1 | db024d172c6623da9c65ace778c802bd46a4f043 |
| SHA256 | 0aa837fa8bbdc8d87bda9c64ca64732fdf87d85e2f8768b2220e1e03ab48df42 |
| SHA512 | 6575c35d99efb1671b1083165e10a04ce93bd715cb1165af5964d9051dff1c5ec0e86b51487ee51eac4e62807182de5677467475f3588dbfefbab42f1e79e51b |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\dotnet-framework-runtime[1].svg
| MD5 | 5aaa8c37cd59979b920cd21c4a50a38d |
| SHA1 | 0ee61e3b2d58513b92cf4c6b5114c1beb55539e7 |
| SHA256 | db6c6f42e1d56092fb2c3d317968077cb29435139274faefbf4ab7681955bec6 |
| SHA512 | 0fb4c45db9f29963fce195e79b4e9963e57a50ef0fcab74466d6034834e0099f1f344a8569973d4c1ece05d9b70b5938b42ead4fabaa08de7d24c911df28c235 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\culture-selector.min[1].js
| MD5 | 65e4fabaf367e6939430be6fe05935af |
| SHA1 | 587a6067898e629ea6f1716ff7064c25840062c1 |
| SHA256 | b9bc645052f44b7253656603f4cf94685f6b057474be7be907f18ae28a4108b3 |
| SHA512 | 28b4abd683761569b859826bead14a8997f61ba5621c32d4abd013c10e5112ffff0467648985a7adf5e909beae48d21f4d7b68520195767661e797172bdc191c |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\43WNFCYV\theme-toggle.min[1].js
| MD5 | 6af1846ed39ed810c75045f6eba79a79 |
| SHA1 | 1581aa2e2be1276f76f6f237fd61c4cd667f8da6 |
| SHA256 | 3391e6a4a0ebcdd8a28c22555d0c271d325fd0b150ea90612593797028d19f03 |
| SHA512 | a3d13e9eac46c0b594013abaaeba4868e944fafc01e9382971867983ed6edf98eded06d54738703635ee9bba21e996c1f53e8552f3ab7bf8df7f9634d67eae1f |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\general.min[1].js
| MD5 | 49b237e0e1b4d7f8e79eef67df8fc31b |
| SHA1 | e84b25d606a998921900c18808ac1c1a727a0640 |
| SHA256 | c935dcc9f529f434237f4b507263236cd1fe9ee650735946a55a7f0c4f366018 |
| SHA512 | 0c22d53148b3ca147f69e47ad156e906b7a7d5cbea402b3c77a37f42c5abdc060add4c6b6c56066893aa6b67af461b9aca1d43ed7f1243acf28df225a7d7b343 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\43WNFCYV\mwfmdl2-v3.54[1].woff
| MD5 | d0263dc03be4c393a90bda733c57d6db |
| SHA1 | 8a032b6deab53a33234c735133b48518f8643b92 |
| SHA256 | 22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12 |
| SHA512 | 9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\main.min[1].js
| MD5 | c4297773569863be0cdafdc4c1086f53 |
| SHA1 | 756025b6f96d6c6808b2369ea9bacd5ba8ccf694 |
| SHA256 | c2b8db1f87d37b321e6918e8b8f9ae40e2fa7c550d34a0e36c9f6ec3d2915af5 |
| SHA512 | 1a3f9750ba23fa1ece05944cd886eedc631fba538fd9c219c3a4cca217aee2251a88a2fd05e50ea08c0f04460806fcf2b09453c54fca9c57072c0753c0a25661 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\43WNFCYV\gpc-data-sharing.min[1].js
| MD5 | cb6d12455dd83cdc7abaee67f9e451a9 |
| SHA1 | a1c26b6d709ddc7370740b023c7241a7447c5c4e |
| SHA256 | 3eecbd8323ba84954c3115a31a4d6b4d5e97befcc859622812c2f6c706afeae6 |
| SHA512 | 21399b52a792adae4ee775f8f67beec835f6b1e61245fa812abed0711b8de8c1c665b437e9424ea995055126df48c2a9c3c31c04dbef996ccebf96c964b7ea13 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\43WNFCYV\open-sans-v34-latin-700[1].woff2
| MD5 | e45478d4d6f15dafda1f25d9e0fb5fa1 |
| SHA1 | 52cb490cd0ee4442ede034085cda9652b206f91c |
| SHA256 | d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72 |
| SHA512 | 2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\open-sans-v34-latin-600[1].woff2
| MD5 | 603c99275486a11982874425a0bc0dd1 |
| SHA1 | ffeb62d105d2893d323574407b459fbae8cc90a6 |
| SHA256 | 4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127 |
| SHA512 | 662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\open-sans-v34-latin-regular[1].woff2
| MD5 | e43b535855a4ae53bd5b07a6eeb3bf67 |
| SHA1 | 6507312d9491156036316484bf8dc41e8b52ddd9 |
| SHA256 | b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681 |
| SHA512 | 955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\wcp-consent[1].js
| MD5 | 5f524e20ce61f542125454baf867c47b |
| SHA1 | 7e9834fd30dcfd27532ce79165344a438c31d78b |
| SHA256 | c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9 |
| SHA512 | 224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\space-grotesk-v12-latin-700[1].woff2
| MD5 | 514360ed1b78e71aabe58ecd08f36706 |
| SHA1 | 1062c179ea2f74b5db67f9d7822c556ed25637dd |
| SHA256 | 751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc |
| SHA512 | 1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\6c-7627b9[1].js
| MD5 | b9c3e4320db870036919f1ee117bda6e |
| SHA1 | 29b5a9066b5b1f1fe5afe7ee986e80a49e86606a |
| SHA256 | a1fe019388875b696edb373b51a51c0a8e3bad52cd489617d042c0722bdb1e48 |
| SHA512 | a878b55e8c65d880cdf14850baee1f82254c797c3284485498368f9128e42dca46f54d9d92750eeeb547c42cab9a9823aa9afab7d881090ebbfa1135cdd410b6 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\43WNFCYV\alert-promo[1].svg
| MD5 | b119b49f7f799d680e0ade981c8c36e1 |
| SHA1 | b2134ee3d8a4669c4b93225c0b987be0c78b6e6e |
| SHA256 | 2dc041b9b132cef3af67e03ba98fa1b72a9e877699e7a1f4277e00556c78ada4 |
| SHA512 | c68439e082f0979de042cb8e6ca5fcf08f1debf62133272a8580334867b9a3309a023441ca315b604ab6867ea3b9efa8e8185067e288fd2c46e65a8eaafe2a86 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\alert-info[1].svg
| MD5 | c7db49644f6bf1f50b3190ffba0516ed |
| SHA1 | 5bb312a0b6357ccb7e93158ac0f97b4e249e4696 |
| SHA256 | 2d891fb5984d5f421055da7f5d7e4be525df4c973fdc4366057bc9dfd82ce281 |
| SHA512 | 9b7f127443d517223a2a2cf6131a777f56aae3cd21dbcc1e87d847a0ad42e8c05a7f13347fec6d4df0582d486a57a9dc0d8121e6ca38371549f53e396cf6463a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\cda-tracker.min[1].js
| MD5 | 4224409739020ba30e3752c0d1f273d0 |
| SHA1 | 54980ee9df0ef712048572c80dc8d70710178538 |
| SHA256 | a840f2b9595bf4deab839d5eb1ce4b8f7c93576db27a62e7428920825b151f5a |
| SHA512 | 1cbf209bfbf939713608be74eb2aaa788d250dacc40349ef10ee50074c62c47d1c0b2ad2d4a88d23a9b81e2059843e2add2f867ea98daef3d7f19b7643765c4b |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\ai.2.min[1].js
| MD5 | 30f39ae5d1d05a439046a7640510b486 |
| SHA1 | 716efa29594edae8832bb8b12e7fb19bc06e06fe |
| SHA256 | bde9be4cbe799089a419225f87c2a9986043f6c7cb55853aaadab7200713f136 |
| SHA512 | f67fdafca801746226acb9d2ef6d90070dd1d8a5a08bcb5dd1c94631f1559373c56d9796a5633cac03e1a5a384cf01d60c080a6ef16cea4b52aaa93ed364b55a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | 601546482f46c71cdab6b331340e0e55 |
| SHA1 | df582e6cb8d3de63ee31212b85bfc14b28bf1998 |
| SHA256 | 521c23da9919eb446c563f602744242a920b02ffcb3fa2f51b90ff389e565eb4 |
| SHA512 | 55a268e3aa117270d74f6670ca87abc5c55c72b92913097b60b21509195f5a8fead2789d659bfe1fe336c777aba2cd4758e75860a61c751315143052948ab077 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | 45717aecccd10162f60a4622023be5f6 |
| SHA1 | 1fc08b42c00e2c54eba9c0a1c002506f960c40db |
| SHA256 | f184001310793d73a8c8121605b6be29f642e5dc35f29022b62fe660afac253a |
| SHA512 | 0058288bd23237b478242427fa510f9516227de00a2a480a578385c5ca2d399af21a0ab3fec1e83f8d7eea75736f0d9cb5915f330687182661d960daf89d562e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 1bfe591a4fe3d91b03cdf26eaacd8f89 |
| SHA1 | 719c37c320f518ac168c86723724891950911cea |
| SHA256 | 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8 |
| SHA512 | 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZDIGHWMN\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3DX3L2I7\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral23
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
132s
Max time network
147s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\TCPConnections.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
132s
Max time network
140s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\UACBypass.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:23
Platform
win10-20240404-en
Max time kernel
65s
Max time network
56s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWormLoader 5.2 x64.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 50fb8dfd869dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "10" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. = 01000000d750ce7f3fc8b94011bee3efa8c810e9cfe4381463dca28e9c11ee2be81de1edfff4395cc47b892f7fc3bc69280f1f5f252058d3201ebc67b623 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5e9331b3549dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 25a0ceae549dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1d254598549dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdomai = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "134" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 38bf9f98549dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ea51409e549dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\Total = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWormLoader 5.2 x64.exe
"C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWormLoader 5.2 x64.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.15.97.104.in-addr.arpa | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.42.65.94:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.65.94:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | westus2-0.in.applicationinsights.azure.com | udp |
| US | 20.9.155.148:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 20.9.155.148:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 20.42.65.94:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.65.94:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 94.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.155.9.20.in-addr.arpa | udp |
| US | 20.9.155.148:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 20.9.155.148:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
Files
memory/2360-0-0x0000024015C20000-0x0000024015C30000-memory.dmp
memory/2360-16-0x0000024015D20000-0x0000024015D30000-memory.dmp
memory/2360-35-0x0000024014DF0000-0x0000024014DF2000-memory.dmp
memory/4256-45-0x000001A5BFB10000-0x000001A5BFC10000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
| MD5 | c05cddb574b5877f2dd77e140bc281e6 |
| SHA1 | a407d471b205d3acf44fd5dbe96df38609f8e375 |
| SHA256 | 4b386aa4120330e845ee58f935994bd488094690b70eee72f86289d26ddaef2a |
| SHA512 | 60c77357b76ba6b57dba09607d42b80a7efd27f26ec34dab40ee8f7973a9ba89a508fae6366244ad3f283795a8fc5e77ae4affb7810e46461b4b1c46c3666d30 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
| MD5 | 49104075409dbc0e2572c587d7e18c92 |
| SHA1 | fd58b0668507f4214885e2639042b6025ab27c6d |
| SHA256 | 3ad4dc700b7efe1816b24299c9caa41441f1541eb28a676cd02a359cec4b3096 |
| SHA512 | 96f16e105f524676d5f7a335a0b883335a96895605c741879482b1129d38998ce99fcd1f095940ef0f52ee15faa94c3daaa404061c60ea046f43fec2fc2fb39b |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
| MD5 | c125c2c9080a670d7452859606c11743 |
| SHA1 | 6eb0ce217a7fe31ce4674d602d938fdeb7b3bc07 |
| SHA256 | ce60007cab332642386773c800167db1ec0d621124eb1c1c7ebcf05e065f2f7b |
| SHA512 | ad121df35e410bd4caf3da94e533a25f25c27d66fa930bdf0b22620cbae21421e8a9380ffbbf0d8cfa2c9cf9a806ac27df2e2cfa5d8799427c7c66a80cbc29e0 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
| MD5 | 566393b9875625163c74ebebc75623ab |
| SHA1 | 08bdbda734b6b86d4a16bb01f09f9d61334df977 |
| SHA256 | b0c40072f1d03d9ba50975686065f5c36c88f160328b982cc38dcd5b30014fc5 |
| SHA512 | eb72e33bf3065bf082ac4ba03d953d226ced5d61fd6782fb351f1ebd205786f2d7417ba9d6cb6640d2465a0ce91eb127119621d61c991220cad949ad9a53f692 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0NNQS8AP.cookie
| MD5 | 69a476d43a81cf134dba10436441b2c0 |
| SHA1 | 225a7b363970336afd4e0c2b95e9e78614e94dd2 |
| SHA256 | 2e19ee95750c9b853e18c37e34262ec9037df3127df8e80201a2659611274752 |
| SHA512 | f9e117318d02be438aaae927800db1606111e54555f553bc4b28141efa068403274b1b387d44e09bef4d295d57d7183e971995da7827da8e642c95a5b8be7b01 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\77VQ35IZ\dotnet.microsoft[1].xml
| MD5 | 8273ab585dbc2be171d477a0f6978e16 |
| SHA1 | bc34402954d2040b58026005ddbe5b1941c7db0d |
| SHA256 | d4dd97d4a630aa7df1f76915f17deaadd3eb7ae939b3936fff351c587e73a417 |
| SHA512 | f3ba93cb9f431636aef2c892709123f639da50dd8ebf7477044187c582a9c54881b8322dcabe5459e4981ca55e2a96678e6034cfed753f69c558253b6a4ec35f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\77VQ35IZ\dotnet.microsoft[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
memory/3284-178-0x000001B165B30000-0x000001B165C30000-memory.dmp
memory/4360-202-0x000002788E0A0000-0x000002788E0A2000-memory.dmp
memory/4360-199-0x000002788E070000-0x000002788E072000-memory.dmp
memory/4360-204-0x000002788E0C0000-0x000002788E0C2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0SOU24XJ\7a-c9e644[1].css
| MD5 | b7af9fb8eb3f12d3baa37641537bedc2 |
| SHA1 | a3fbb622fd4d19cdb371f0b71146dd9f2605d8a4 |
| SHA256 | 928acfba36ccd911340d2753db52423f0c7f6feaa72824e2a1ef6f5667ed4a71 |
| SHA512 | 1023c4d81f68c73e247850f17bf048615ddabb69acf2429644bdaf8dc2a95930f7a29ceae6fbd985e1162897483a860c8248557cda2f1f3d3ff0589158625a49 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IATQ7BXD\bootstrap-custom.min[1].css
| MD5 | b35590e4d3bf1b0b2bf9b986c30a7183 |
| SHA1 | fde573711c2c27e6c2824e3f3ae1bf6e3d216330 |
| SHA256 | 1dc203879fb2076f320b714edd1d9d83f605ad9c50d341d4dc695f821586f96b |
| SHA512 | 2d2a6bf3828d402c66215977220643c0c6dadd55216c41951e9e71147e87f3df3562576cbc384b5c6bca8aca1f90d49f2cd5ae2a9c10c4dc057847bcf8f743ec |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IATQ7BXD\cookie-consent.min[1].js
| MD5 | 2ad93f6c4dd71b579f187d1463457ee4 |
| SHA1 | 55720a32d32781f421f8a2c70c424a69e2fa7c21 |
| SHA256 | d2d1b9863e393a6a8ac95617470d67f7d21044004e4f08d7cd65e480a05204a8 |
| SHA512 | 1cc6445bbd18951ce30ca48fece2560a3d15e8176abf91a54a1819ad28fbb2fbf28d30ef9d08ac83fb1f3bfffe9178c07642bdeee056f202b8dbd6e5b71b4305 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0SOU24XJ\ms.analytics-web-4.min[1].js
| MD5 | 980d73a0137e5551defdbd0b2ec375d8 |
| SHA1 | 2e9e819deca8f7c54da873c36e9bde49a3720b15 |
| SHA256 | 0d7e2f7aaa0b683cd0e5ae10a5258c8af3c7d1ab7a71b7d7517444972d520c9e |
| SHA512 | a39a91cabc930d0746cc88da89852b9f23aadfcfc63228eb9ec7b9937ef3d22dbb875623f3e343f225a842dad26920167cd81397a9ba57830a750c5b40512ca0 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IATQ7BXD\analytics.min[1].js
| MD5 | 29dd8eed8b9d930080dc0f2970261930 |
| SHA1 | d0cbf2f13789c6704caac2e296e9b05c131a5536 |
| SHA256 | ebdd29b3d27624771d3f8272f26eabb31c7f15ae175382f21c60d72035b7f36e |
| SHA512 | fb3c68d5713e7653ef4c677dae5c444901fb67d8045f5fb75635d78d8ab9427e9564b66b4dd9fb8131d1e05c7a877343fabcc931a71ba533a3a0f8a82737bf86 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UQZ8KLN5\RE1Mu3b[1].png
| MD5 | 9f14c20150a003d7ce4de57c298f0fba |
| SHA1 | daa53cf17cc45878a1b153f3c3bf47dc9669d78f |
| SHA256 | 112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960 |
| SHA512 | d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XKOJ4XA\dotnet-framework-runtime[1].svg
| MD5 | 5aaa8c37cd59979b920cd21c4a50a38d |
| SHA1 | 0ee61e3b2d58513b92cf4c6b5114c1beb55539e7 |
| SHA256 | db6c6f42e1d56092fb2c3d317968077cb29435139274faefbf4ab7681955bec6 |
| SHA512 | 0fb4c45db9f29963fce195e79b4e9963e57a50ef0fcab74466d6034834e0099f1f344a8569973d4c1ece05d9b70b5938b42ead4fabaa08de7d24c911df28c235 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UQZ8KLN5\footer.min[1].js
| MD5 | 33eb53d99fb8b6b0fc16b035559b20d5 |
| SHA1 | db024d172c6623da9c65ace778c802bd46a4f043 |
| SHA256 | 0aa837fa8bbdc8d87bda9c64ca64732fdf87d85e2f8768b2220e1e03ab48df42 |
| SHA512 | 6575c35d99efb1671b1083165e10a04ce93bd715cb1165af5964d9051dff1c5ec0e86b51487ee51eac4e62807182de5677467475f3588dbfefbab42f1e79e51b |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XKOJ4XA\culture-selector.min[1].js
| MD5 | 65e4fabaf367e6939430be6fe05935af |
| SHA1 | 587a6067898e629ea6f1716ff7064c25840062c1 |
| SHA256 | b9bc645052f44b7253656603f4cf94685f6b057474be7be907f18ae28a4108b3 |
| SHA512 | 28b4abd683761569b859826bead14a8997f61ba5621c32d4abd013c10e5112ffff0467648985a7adf5e909beae48d21f4d7b68520195767661e797172bdc191c |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0SOU24XJ\theme-toggle.min[1].js
| MD5 | 6af1846ed39ed810c75045f6eba79a79 |
| SHA1 | 1581aa2e2be1276f76f6f237fd61c4cd667f8da6 |
| SHA256 | 3391e6a4a0ebcdd8a28c22555d0c271d325fd0b150ea90612593797028d19f03 |
| SHA512 | a3d13e9eac46c0b594013abaaeba4868e944fafc01e9382971867983ed6edf98eded06d54738703635ee9bba21e996c1f53e8552f3ab7bf8df7f9634d67eae1f |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XKOJ4XA\general.min[1].js
| MD5 | 49b237e0e1b4d7f8e79eef67df8fc31b |
| SHA1 | e84b25d606a998921900c18808ac1c1a727a0640 |
| SHA256 | c935dcc9f529f434237f4b507263236cd1fe9ee650735946a55a7f0c4f366018 |
| SHA512 | 0c22d53148b3ca147f69e47ad156e906b7a7d5cbea402b3c77a37f42c5abdc060add4c6b6c56066893aa6b67af461b9aca1d43ed7f1243acf28df225a7d7b343 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\T5EWFM30.cookie
| MD5 | f50fdd176cd861ce22495aea61d0bc29 |
| SHA1 | f00d3a86c129a12b193289f70d512b21751cad58 |
| SHA256 | 2b842634001474e4e9c449e17cbb8fc7ef89a096d53addcf445c40903305a93b |
| SHA512 | 6d8b6d9c8a49cb1a454ecb3f8f5b2bc43e698fff6fa101d9413c82287a9495d210901e209f251a15bfde0561fa3bcdc5b1ee37505c6ee9bca15e6d8b5e4cc548 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XKOJ4XA\main.min[1].js
| MD5 | c4297773569863be0cdafdc4c1086f53 |
| SHA1 | 756025b6f96d6c6808b2369ea9bacd5ba8ccf694 |
| SHA256 | c2b8db1f87d37b321e6918e8b8f9ae40e2fa7c550d34a0e36c9f6ec3d2915af5 |
| SHA512 | 1a3f9750ba23fa1ece05944cd886eedc631fba538fd9c219c3a4cca217aee2251a88a2fd05e50ea08c0f04460806fcf2b09453c54fca9c57072c0753c0a25661 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\77VQ35IZ\dotnet.microsoft[1].xml
| MD5 | d8d5137a97d5d5962cd283cebf4f7096 |
| SHA1 | ff657d8e708b291161653fc25f07d84d4f5a71a1 |
| SHA256 | 079a5fb114f24d3f5fdc7605d2a199bac8eb9b0fcf78bdb3cbfc4459acf39b30 |
| SHA512 | 6717003e73b6597dd4987e8f2302f6bb88a1fc8131d3ac316959cbac8e4cde927ade2413d8bf784e2c8ec956597b038ef1ad46d817237012caa779453f18911e |
memory/3284-313-0x000001B1653E0000-0x000001B1653E2000-memory.dmp
memory/3284-311-0x000001B1653A0000-0x000001B1653A2000-memory.dmp
memory/3284-309-0x000001B165380000-0x000001B165382000-memory.dmp
memory/3284-307-0x000001B165320000-0x000001B165322000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0SOU24XJ\gpc-data-sharing.min[1].js
| MD5 | cb6d12455dd83cdc7abaee67f9e451a9 |
| SHA1 | a1c26b6d709ddc7370740b023c7241a7447c5c4e |
| SHA256 | 3eecbd8323ba84954c3115a31a4d6b4d5e97befcc859622812c2f6c706afeae6 |
| SHA512 | 21399b52a792adae4ee775f8f67beec835f6b1e61245fa812abed0711b8de8c1c665b437e9424ea995055126df48c2a9c3c31c04dbef996ccebf96c964b7ea13 |
memory/3284-324-0x000001B166190000-0x000001B166192000-memory.dmp
memory/3284-322-0x000001B166180000-0x000001B166182000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0SOU24XJ\mwfmdl2-v3.54[1].woff
| MD5 | d0263dc03be4c393a90bda733c57d6db |
| SHA1 | 8a032b6deab53a33234c735133b48518f8643b92 |
| SHA256 | 22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12 |
| SHA512 | 9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3 |
memory/3284-319-0x000001B1660A0000-0x000001B1660A2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0SOU24XJ\open-sans-v34-latin-regular[1].woff2
| MD5 | e43b535855a4ae53bd5b07a6eeb3bf67 |
| SHA1 | 6507312d9491156036316484bf8dc41e8b52ddd9 |
| SHA256 | b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681 |
| SHA512 | 955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UQZ8KLN5\wcp-consent[1].js
| MD5 | 5f524e20ce61f542125454baf867c47b |
| SHA1 | 7e9834fd30dcfd27532ce79165344a438c31d78b |
| SHA256 | c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9 |
| SHA512 | 224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XKOJ4XA\6c-7627b9[1].js
| MD5 | b9c3e4320db870036919f1ee117bda6e |
| SHA1 | 29b5a9066b5b1f1fe5afe7ee986e80a49e86606a |
| SHA256 | a1fe019388875b696edb373b51a51c0a8e3bad52cd489617d042c0722bdb1e48 |
| SHA512 | a878b55e8c65d880cdf14850baee1f82254c797c3284485498368f9128e42dca46f54d9d92750eeeb547c42cab9a9823aa9afab7d881090ebbfa1135cdd410b6 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UQZ8KLN5\open-sans-v34-latin-600[1].woff2
| MD5 | 603c99275486a11982874425a0bc0dd1 |
| SHA1 | ffeb62d105d2893d323574407b459fbae8cc90a6 |
| SHA256 | 4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127 |
| SHA512 | 662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UQZ8KLN5\cda-tracker.min[1].js
| MD5 | 4224409739020ba30e3752c0d1f273d0 |
| SHA1 | 54980ee9df0ef712048572c80dc8d70710178538 |
| SHA256 | a840f2b9595bf4deab839d5eb1ce4b8f7c93576db27a62e7428920825b151f5a |
| SHA512 | 1cbf209bfbf939713608be74eb2aaa788d250dacc40349ef10ee50074c62c47d1c0b2ad2d4a88d23a9b81e2059843e2add2f867ea98daef3d7f19b7643765c4b |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IATQ7BXD\open-sans-v34-latin-700[1].woff2
| MD5 | e45478d4d6f15dafda1f25d9e0fb5fa1 |
| SHA1 | 52cb490cd0ee4442ede034085cda9652b206f91c |
| SHA256 | d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72 |
| SHA512 | 2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IATQ7BXD\alert-info[1].svg
| MD5 | c7db49644f6bf1f50b3190ffba0516ed |
| SHA1 | 5bb312a0b6357ccb7e93158ac0f97b4e249e4696 |
| SHA256 | 2d891fb5984d5f421055da7f5d7e4be525df4c973fdc4366057bc9dfd82ce281 |
| SHA512 | 9b7f127443d517223a2a2cf6131a777f56aae3cd21dbcc1e87d847a0ad42e8c05a7f13347fec6d4df0582d486a57a9dc0d8121e6ca38371549f53e396cf6463a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UQZ8KLN5\alert-promo[1].svg
| MD5 | b119b49f7f799d680e0ade981c8c36e1 |
| SHA1 | b2134ee3d8a4669c4b93225c0b987be0c78b6e6e |
| SHA256 | 2dc041b9b132cef3af67e03ba98fa1b72a9e877699e7a1f4277e00556c78ada4 |
| SHA512 | c68439e082f0979de042cb8e6ca5fcf08f1debf62133272a8580334867b9a3309a023441ca315b604ab6867ea3b9efa8e8185067e288fd2c46e65a8eaafe2a86 |
memory/3284-340-0x000001B165E50000-0x000001B165F50000-memory.dmp
memory/3284-339-0x000001B1664E0000-0x000001B166500000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\F971OY3C.cookie
| MD5 | bca64ae8ddc9dd4a505b1fbf337d929f |
| SHA1 | 70d60218640438f07b9259e5fb11257125fad373 |
| SHA256 | d1cf327ebf2cdfe67a2c93de2ef11952528a257585eef8ddbed4ca5982e7dd5a |
| SHA512 | f88226248acad6a11d0864d6f407a104676a934586aac235513fb66356b8520f57fb3eb041dfc9392d2172db9f07226266bb57efa65383e8c3009415549b2178 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XKOJ4XA\space-grotesk-v12-latin-700[1].woff2
| MD5 | 514360ed1b78e71aabe58ecd08f36706 |
| SHA1 | 1062c179ea2f74b5db67f9d7822c556ed25637dd |
| SHA256 | 751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc |
| SHA512 | 1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e |
memory/3284-364-0x000001B166E00000-0x000001B166F00000-memory.dmp
memory/4360-361-0x00000278A4590000-0x00000278A4592000-memory.dmp
memory/4360-359-0x00000278A4570000-0x00000278A4572000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IATQ7BXD\ai.2.min[1].js
| MD5 | 30f39ae5d1d05a439046a7640510b486 |
| SHA1 | 716efa29594edae8832bb8b12e7fb19bc06e06fe |
| SHA256 | bde9be4cbe799089a419225f87c2a9986043f6c7cb55853aaadab7200713f136 |
| SHA512 | f67fdafca801746226acb9d2ef6d90070dd1d8a5a08bcb5dd1c94631f1559373c56d9796a5633cac03e1a5a384cf01d60c080a6ef16cea4b52aaa93ed364b55a |
memory/4360-378-0x00000278A18C0000-0x00000278A19C0000-memory.dmp
memory/3284-383-0x000001B16AAB0000-0x000001B16ABB0000-memory.dmp
memory/4360-385-0x00000278A18C0000-0x00000278A19C0000-memory.dmp
memory/4360-390-0x00000278A4B40000-0x00000278A4B60000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\XDCVSPPB.cookie
| MD5 | 9be181c101ea5cb9e5bd55ea548ea683 |
| SHA1 | e95fbb35cfbaa01dc347d7ac3788bb0fde4e0045 |
| SHA256 | 6d222faa8dad2c515a45e0eb0a292d0a8eaec6b94373c8f15f34405d982355ad |
| SHA512 | 8253846b142fa2c144c52afd5f7fb32332478a609727ff6fa3d3e485ee3f18d12e18111a119ab68d95a727bbbe92d6a6fd07130a64e2d29c27f1524fcbe6c2af |
memory/3284-414-0x000001B166A40000-0x000001B166A60000-memory.dmp
memory/2360-456-0x000002401C3B0000-0x000002401C3B1000-memory.dmp
memory/2360-455-0x000002401C3A0000-0x000002401C3A1000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Q1R3QIZW.cookie
| MD5 | 94dbfcc82e3cd97f730d436e7477a8da |
| SHA1 | 35ffa40d18d6491aab33532a02f2e137815dd484 |
| SHA256 | 83c1acd307ffac57d3dd70fda338b246912a5532c682604a55c334312d2bbf2e |
| SHA512 | 8941006c88ea3bfea22354c555b58d229223d3811cbd3b0fcd96a443639b34761c118727381b1380271ef2293cfab0635e74114e2a8e7188439e73e4e4538400 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\9r16vxv\imagestore.dat
| MD5 | 9c3954688c474613635adf198fc49c6f |
| SHA1 | 09a7b270dab8aa6260b1142371aa0165a8ea2d74 |
| SHA256 | b0d47f4f89591af60b858f489bb8f3d1b033744acbf2ea99f844733b5c105e8e |
| SHA512 | 598e83d093d82fb24f5ba005f29d3f70267f44f21f6df9b490fd602c7226c28512464ddc63f9d20c29cab2ac85d413601f85ac39313f3a80e201792ea9ea7e30 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | 601546482f46c71cdab6b331340e0e55 |
| SHA1 | df582e6cb8d3de63ee31212b85bfc14b28bf1998 |
| SHA256 | 521c23da9919eb446c563f602744242a920b02ffcb3fa2f51b90ff389e565eb4 |
| SHA512 | 55a268e3aa117270d74f6670ca87abc5c55c72b92913097b60b21509195f5a8fead2789d659bfe1fe336c777aba2cd4758e75860a61c751315143052948ab077 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | c57e2cff2236abf614a2664ecc6bfc2d |
| SHA1 | 71175425ba031c25debaaaab40e40a78f0561bc2 |
| SHA256 | 10f3472756bef6a8dab7e48d87a792e97d93559079a2c3f5cbebc86aa0be32cd |
| SHA512 | 8c873a0e1e677bd56a2dcd625a6b1e756ec2b8bee5f0203912e2401da42d053ed60690252d4f78c9bd8fbc9edc0c75b68f670b810627fa5a46e9ba00e38b1097 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\E81C7T4Q\favicon[1].ico
| MD5 | 8565042b6db20c23647202bf4b95f11b |
| SHA1 | 9f0829cb3ceef14ac10e0b66338d8b7243a09101 |
| SHA256 | dd7958526f6b8510fc2a9a675056d78e029e62015e8913dda574ff5797ddb969 |
| SHA512 | dbf692b7219a3ea993ab939442a843ffbc7bcfe63bc62117a14ed7e953ffce595393e9f950649aa609a7a9a94b56003ab84cb82edaf2db3e4551434204085b95 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
| MD5 | acc95b229fc384f403aadbfd1d24cfd2 |
| SHA1 | d51c152540c19bd93a556da004f21b0b0f6a1105 |
| SHA256 | f2ab39f17941be0aec1671bf5b46a5d8e52243e2241dff095ad6db2175d748ce |
| SHA512 | 00b20382de4b7fd7894709a5fa322cd981e794a30d6aaff71077ffaf3614abdd7a801977d0e06377d30ba5d77d124979c2848be943736e239109a177a70be646 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
| MD5 | c88304ffc25fca0d8ddaec9d6c5e75cf |
| SHA1 | a873ffd2dfd9479c19eec85a1cb6d2f63239a4e1 |
| SHA256 | 694963fba21a4ad08ce3fe8e5db2501361408d3b9fa626dd2dc5e1d94c2a3e91 |
| SHA512 | 8b5a2e7c0acffa9d189f856102ce45727277c9521b4548f3434d44e425dcfe5cb0926374a1846b637cdf8b468ebb6a579b5df62efc61cbfe37fd6fd73433e4bf |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\IDYA5VKH.cookie
| MD5 | 14e5c09a065ab3c31e65ae72d821349c |
| SHA1 | a0e7f6a2b5fdb98c7eabb2e549e3dd6bc111ee8e |
| SHA256 | ff03890f12de03495df224b7268fb221b0bbd11d7125fa5064db1d2b300646a0 |
| SHA512 | c50caee2f3d9424dc69143ec133f367d77d6fcb0fe4626aa57539f47ad87ed0a88aded768eb9227dd0198ee42f5fcad10e5aa61242804fa5fd4e7024f208db7d |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\KI7JD52J.cookie
| MD5 | 15a67ba9596592ce9df7e17bedfb66e7 |
| SHA1 | b214b69919231d9d3de96d8e62604a18ebe0396c |
| SHA256 | a9e4bdb519015f5ff4c144a4bdca0f2c59cf2e717c45ec47ee219a9f657b80e2 |
| SHA512 | 5de004d841f8b05255ec6af3de663f5b3c771ef747d5feea108e511d526eb0b9abb73b2caa3dda9fb4ca08fc14ecd93b25390a50343990d711ae469c761eafed |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WF44NWEL.cookie
| MD5 | ae539524a0aff57e9e3e4739c601f355 |
| SHA1 | ccc06a6e1a9fe8849d1380c1b29d60ccd1cdd5f3 |
| SHA256 | 3621033dfe2d2cbd784d2746c477c59954f88a4f12a98a4b495a3adc1c48d96b |
| SHA512 | 613102b8be64781510b15c4802f66cbb7488c230c72c28486ee2aa8e5092012dbe8eb5ca39f9ea98f67c72e21553641fed8932ceccc7ff06015ac0b23147f869 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\98H7U9P4.cookie
| MD5 | 8e39dedc1e8226e588072f40c01f82d0 |
| SHA1 | 67994379fc79bbf4e1dc9d0167ed5cfa45d91f60 |
| SHA256 | 097981ad459ac8aafbee1c4116e597c39ce63229db75ac5bdf09f71554773c82 |
| SHA512 | 0a16db2ff536461d3d89bb605bfb3f153506783a99b44f52aa64ac552cab34fd463a02828544e401fec568638abf18e4bd86f5f369c55d96d9877a0ab0ddec00 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\PLMGVTX4.cookie
| MD5 | 0a84b2a0178bc0efeca3f94ea4539964 |
| SHA1 | 3cc5b21f1b119eee5dcfb52eaf676d9e8c0dd4a0 |
| SHA256 | b4021529e35cb86b8e105ca20f10324ebc52891e6e4c4a31864181cdfbc641a0 |
| SHA512 | ff808ff673a41de2212062498f84c408d9133e491fe3da1f104f0ef5390404946b7ac5f5bc7483614f3d3abc15720087192ce8a23fae25132fbb7ee8569689d1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2TT8RSZ7\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
Analysis: behavioral10
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:22
Platform
win10-20240404-en
Max time kernel
14s
Max time network
17s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Performance.dll",#1
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:25
Platform
win10-20240404-en
Max time kernel
130s
Max time network
139s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\ReverseProxy.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-05-03 12:20
Reported
2024-05-03 12:24
Platform
win10-20240404-en
Max time kernel
132s
Max time network
137s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\RunPE.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.193.132.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |