Analysis Overview
score
10/10
SHA256
2131d39b505eb5e1952282355f5169643bff280d45a473be5c2cc67ab27852b1
Threat Level: Known bad
The file 2131d39b505eb5e1952282355f5169643bff280d45a473be5c2cc67ab27852b1 was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Checks computer location settings
AutoIT Executable
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-13 22:39
Signatures
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 22:39
Reported
2024-06-13 22:44
Platform
win7-20240220-en
Max time kernel
255s
Max time network
273s
Command Line
"C:\Users\Admin\AppData\Local\Temp\2131d39b505eb5e1952282355f5169643bff280d45a473be5c2cc67ab27852b1.exe"
Signatures
Detected google phishing page
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009791d3f80754764caf01640e910dd30d0000000002000000000010660000000100002000000045b44dff24e69bfb739ff6650faaf7ac30b5d02be0739703359902c9421254a7000000000e80000000020000200000000d8dbfdeead85b76d776a8e9cf617cc6750147b970d244fe3204dd893b8b2fdc200000006c3c19897b0f9649b21bbcc4ae25bb402ee77c4487011e0fd2b3b1917b9d8a5a400000005e06f20745fe2a1ded130f7caa457d249abf4ea69328812f53233930d3505382a8bf411fdb4c0842ed7437211de29d9fcaa1e8964e00c1ec0ef2f654057fac06 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424480266" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DC6E6551-29D5-11EF-A296-4A24C526E2E4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009791d3f80754764caf01640e910dd30d0000000002000000000010660000000100002000000041e92b6980f376a0b7218b3796c81e798655855829ac74764b0b1310876e11ba000000000e8000000002000020000000e395bf9ca04472b3d3384d2497a1f753b17174e57cd8a87a489606bbc2f9011790000000634322986fc79aec1c679b42b1b4d5f7e8697bc653956b97c5409e5bbb05f9825a1dfcc142a151e8c3bb4de3b34be0ab559ca0ebc5bb9fd3d200dd8b0b91e3ef5eb048a5729acf1aefb5ac0867bf57cb9a6f904582e989e6e00cb19894ec32a97d1fe803e177df215a0da9c57235b78df4bffca91ec8b9802d88afeb27fee7e512b2731d9be43b94e729727ce663a28f400000006fb0d323770b13a4c1f34a5d225a1c3474567bbfabb98eb534364d03c58cda14d8d506039e070e600f54b03175a6c32d2e9da95d457a209fe151917161816424 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2131d39b505eb5e1952282355f5169643bff280d45a473be5c2cc67ab27852b1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2131d39b505eb5e1952282355f5169643bff280d45a473be5c2cc67ab27852b1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2131d39b505eb5e1952282355f5169643bff280d45a473be5c2cc67ab27852b1.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2131d39b505eb5e1952282355f5169643bff280d45a473be5c2cc67ab27852b1.exe
"C:\Users\Admin\AppData\Local\Temp\2131d39b505eb5e1952282355f5169643bff280d45a473be5c2cc67ab27852b1.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/account
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2272 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| GB | 163.70.151.35:443 | facebook.com | tcp |
| GB | 163.70.151.35:443 | facebook.com | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| GB | 163.70.151.35:443 | fbcdn.net | tcp |
| GB | 163.70.151.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| GB | 163.70.151.35:443 | fbsbx.com | tcp |
| GB | 163.70.151.35:443 | fbsbx.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 142.250.187.238:443 | accounts.youtube.com | tcp |
| GB | 142.250.187.238:443 | accounts.youtube.com | tcp |
| GB | 142.250.187.238:443 | accounts.youtube.com | tcp |
| GB | 142.250.187.238:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DC6E6551-29D5-11EF-A296-4A24C526E2E4}.dat
| MD5 | f30fe9084480dcdd3670287d500afaa5 |
| SHA1 | 53d91c375722f5e1f76dbbc7604aa71da6bed2c8 |
| SHA256 | 6847fddc45ed02c3743cb5db992a2225ad16fce21a75c28819300d0e0c8b4a47 |
| SHA512 | ec47d8378673ac2515ba6333e4eb38a75b13d73f0511fed045bcc548e1a36708ea3cd727ae67ac20111274cfdf139b516d39dce577466de23465c60dca33393c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DC70C6B1-29D5-11EF-A296-4A24C526E2E4}.dat
| MD5 | feead2d52ef28189442e89ba0fda8a87 |
| SHA1 | 02ab00431705de8e49f03547d17fa5498f1b62a9 |
| SHA256 | d7c25f6d602df2db1495d45b15c2fbaf79c1245f377745fe5cb69200a3312d36 |
| SHA512 | 8846bfe7916f25abc5a55b9d3b81fb4195d4b63a560abffa662ed14071a0bb91e26a4bbf3565f21c783cc6eb3d76f434b2c7d1b5227e8c5ec1fe8bd0f7ba287f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DC6E6551-29D5-11EF-A296-4A24C526E2E4}.dat
| MD5 | 10bc00c86940f35b9c650919e1b2c1b6 |
| SHA1 | 14de3ee9cf120b14ec4d6c01851e5a9cd6b1b6c2 |
| SHA256 | a35f4c4edffac61550fbdb2310559dfc95c1c7d50a715a959c94d92074bc56b7 |
| SHA512 | aa406e70f0fe5043f87168322e131e93c799a3dd8b9fc5c6f407e5f0d673102858a9088589e4a2b096920677e685b3fa0736daeb5153367bf3fd918862d28b03 |
C:\Users\Admin\AppData\Local\Temp\Cab1C97.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 5eac634067e16d54ca82f104d8f69b04 |
| SHA1 | 9c45813b7b533f0a0ec1638d74af1dad6ef9faba |
| SHA256 | 68d9607bb394e607b701f45708a33b6c4b4a4794a9514863c4535f04a34a6656 |
| SHA512 | 66ff0ad4bb51b24d27e7bc746d0d4fb7acc17b2b5fd98dc87957b32956cfcebb9f32e49ff101dfdf84768e7a762bcd8a1692b9dd1fd20eeaa55974b902be0f35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | a08991b3b3149042115bebb75a76ccc0 |
| SHA1 | 4f1a11c57b43422713fcb9c7af450a3a547ad11d |
| SHA256 | 827224a17beecdd911e49e0f09ab9665246f781744d1241545d6aefe2e67c788 |
| SHA512 | dc3f8319b0a7ab3e3a37447cdd60b3772bbb5e73cd44e9e58c2ad979dcd68f48f675c8a0a2626e9d3af5d4c664a9dcc52b786b69946236d8f89d12371d987fac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1DA7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97988f94fc353fe4d477777634706c96 |
| SHA1 | 72854f4283fb7d8ff47f3047b3a72037a7d2e6da |
| SHA256 | 50b4089a7dc8e78772c9a6593cd25478383141115d2cd6afc3be12e21e73ce41 |
| SHA512 | f201321d11232747311fa04f47d08672a81ee4719af7a6ef43de5aefc99a9eba382073f8f53b2e3086d03094502e04b96c129e5d8d9a2fb843c6a3805c357274 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 5cab766df53ae995c60310073a5bb566 |
| SHA1 | ceecb53a98f9fe3117115f3718be75a741c248b9 |
| SHA256 | d60ee660a9f7b62cc211dc2f5f6ad24de03672d04d7cbaad410116c5c0a05473 |
| SHA512 | 810ba317a352ee2c7b2d870adb4cc2c1cab2063fcf72962b3b965d8434cddfdeaf69f7ef40548ca05f56de5042707cd801dd6f7c6e60ddfa92578326459dfa24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bd22e2f62d2506634f2f40183a63cbe |
| SHA1 | 7776900640f97ee7d0eadb6a55b79ecf5826f992 |
| SHA256 | 9ac740cc5cb8e6322d424143bd5ebcb7ab5976941be8aedf1bb0f49cd5597e34 |
| SHA512 | cf21637ceff8a9045ed3acc559bf171ad20614b4bf75f10b8abecc70d1a5bac44318f81f0561664af41266c4566196b20d6912d2fc2a34e16bdd5331ae565dc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59e2eae0e2e8271534f9ddca46c8b7d9 |
| SHA1 | 046ed2686ce234281095e41e7a934e23200f2819 |
| SHA256 | c79fbdd20047a324d74bb56eeaefbb5264579caa03133fe6bd3a81f89d4e4086 |
| SHA512 | b81665ea1302e1ce84a60ae2f59c1274ce64e6924e2cb0736a4ba61c309e1710a19e3e3292e926436dfce99417189b8bd7216f4b404d2eb8db7feade96ebdc4d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ITQ7R77X.txt
| MD5 | df42b74ee12b32823a534d8536f28e09 |
| SHA1 | f2c7d37528a488c6e524c161d63fc771756d08da |
| SHA256 | 9f97b86de8c8ff9c8f036870832426878e5dc1b0f1ae1920736e31fd34dc1cb5 |
| SHA512 | c267fefafcbff5a00b7d79311f8ef1f9e9b712d0b0dc1b3c50d8125e929e47e39b6101f477ff145bd0220712b2dcf91fb5f5df35a3e089b5fb1ee56986567c08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_120148DF360AB0CA4DEE7F56782F4D54
| MD5 | 3823f902540305efc41105899c1e0dc1 |
| SHA1 | 10a927d26e91caab97aba1447adee2208140b021 |
| SHA256 | 4380602945f843080a9bba25095077fbbdc030e226998858e360ce204b80836a |
| SHA512 | 140a566fccbe042b7461757b41571509dd70619138aec6c3591a29dbddb8c6584f27b6e84d21410ec343d78d3795dcc50b6509374bc7bf6064759acb177250e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_120148DF360AB0CA4DEE7F56782F4D54
| MD5 | c67cbf59ae4f45998a9c6383a389c9d7 |
| SHA1 | 77325599c9a38c62c1327d5b05d6e28c31e3fb50 |
| SHA256 | 07a2275a517a6e209c23bbc462f207d8209edb65fefd92b2e598f0fd73fb03c2 |
| SHA512 | 84343a1cbb069d0347462093c1fd1ff3ea204f5e88967849b8166e6ce507a86ad1fc9437a6215026a57b822e02f24e2eab2c02051422174cf93fc5f39b4fbda2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
| MD5 | 7423c95e44fa40031aa8d829436a0909 |
| SHA1 | 0904acb73e253f3369129ba5562476a6194607a6 |
| SHA256 | 7a6094db35b94e1d888be5a02594986451277dd91c6c948a96c0b0885b679396 |
| SHA512 | d31415b72fd8ca2f9f433267288daf2c7fce9b16db40709cf6423a3cc27c5e08b0f56099eb755e4263295dab913204cc525ca007d2073bc28f28d5283f58a3a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
| MD5 | 37471e0cd76a4845fe84ceab8bcc89ca |
| SHA1 | ca299764dcdbfcf317dc20d34c5792f9e4547d3d |
| SHA256 | 71213df8eac6498ffbb74e7b9eadc8a52234e17c516cbf4c020c37ab8a874fe7 |
| SHA512 | a49892615026be951861f337cd2d621e6d3f09af119623671d5e248b09c7a7bd159688cce4c399cd3202a3fe9a186c16634596ac2e57c2c0739246e020d154ed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhWdRFD48TE63OOYKtrwEIJllpy8[1].woff
| MD5 | ee1a7e476486629ebbb831d03a108eab |
| SHA1 | 16207a424b451b8087feeae8622880fa7bc7a63f |
| SHA256 | 414729175c41ac6cf56080cc6d7205e37002e238f0368578a1ce06f6df79ec62 |
| SHA512 | 38bd61e6cfa8bb15bc089bd0418ad4ab662f8dd34752b24b8c55745b43480ebb6c4454f52e4665b28a7690a6023c10d6890e835b41c1ff8d59ee3c305afc2fed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhWdRFD48TE63OOYKtrw2IJllpy8[1].woff
| MD5 | 01d2a80f169902d43ae9db5a95a041fd |
| SHA1 | 0e5baa2730735a6dbd8ebd4e9d6b5bdf48e6afd0 |
| SHA256 | 6864fc8d95f3229ffcdfb1f58bdede5793d51cf95e8a38827219bbc66b8b7809 |
| SHA512 | 6c061fce28ecb708cf43762ac1462dd90b4f1ac040e174e395133ef2cdb142c138691e3151a05a92ed60ea0050c83b39c1bbd655a259d64e9c3d537a61d5b65e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpy8[1].woff
| MD5 | 5ec579e39f77190de20a4cb4d7b082dc |
| SHA1 | d99f1d73c37968cbdbe44c7387e7474056c4b034 |
| SHA256 | 031c66a54247283c9430caeb5c54a90e5974244c9ccb0234d53b27d4a484816b |
| SHA512 | 3e11f6d2fa13eecd4fc34b1186a96dad8dacb629c046e606f2dc7cb53385ae9a4e0f3aa950b1698fa188c3e449cbf03423e46f8632b81425d8abcc4b145cb617 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhWdRFD48TE63OOYKtrzjJ5llpy8[1].woff
| MD5 | 050ebc66b426284b76a6d653814048f9 |
| SHA1 | c61d16d44ac27c6345a4fcbaa2cc4b17bc43a147 |
| SHA256 | 6fabe61043cbb9b253eaf0727abc30278903bf98e90426c08e20cd2f86afe5fc |
| SHA512 | af531773861de863dae1afd5a3aceaef9c842d20b8f53fee26c5c9ccefbcd070c2a88f6858576c4d9ec20fca03201d8f3502458eae4789cc01645e43de8578ab |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrzjJ5llpy8[1].woff
| MD5 | 8525b8f65d40a1cb7f29852a3892bf27 |
| SHA1 | 3b830675ddb16b60551408037082cc5d4affea92 |
| SHA256 | 6cb2773c98a2dbe514ffcb677ab741e73169f4cf34691f34ea70b09ff48803b7 |
| SHA512 | 87126a3c93c005a9b85192e0a9a7f3824729828db4320c2b6bea05bcb2457c854dfde5742dac5a139cb0ab5fae9ef5f261c5bf3d0ee300391f1220f84f2898e2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IJllpy8[1].woff
| MD5 | 46340077cb37c81b2bc0b03299108bc4 |
| SHA1 | 2957977405fe3c8c0198e225ba86021f37fc5122 |
| SHA256 | 0bf0857a7247d0ca9f0221bee4203b003207eecb888651660594710230091bbb |
| SHA512 | 01ebfa7efb4f7c265b2c0eead23158fff094b2d3a69d8be4ba9844f89d18efde1030ccdd5bc278c47ef0cc202fb14f0879a1ca5fa1609b8a0b70a1750ce93d18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
| MD5 | 163b5b283439704eddce3e75d7221acf |
| SHA1 | 74e1c824652e6c839fd03a313bd368c6f5d5487a |
| SHA256 | 7f79ae8b0419d00fa13038673d005c84c3f500ba66e9162c9466e951938592a1 |
| SHA512 | 94f59ae5ceac903a93841a732c0c4e3d0ef7c8ceecd90d22b9a59353e480f15e2aa5ad1a326642b00497afd4404aa09b370e941b23e73d82b374188814476f89 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2XOI5313.txt
| MD5 | bf12f9885fcf326500823ea46935e584 |
| SHA1 | a516f02a1718dd8b22815f103c818fbdb91d0901 |
| SHA256 | fcde9a5576271a6d72b34245123734387fdd04b8663cb8a11e3518e535fa09c2 |
| SHA512 | d7fd97079fbca8b28405b3c65b408799f464bfeceb3c09b61157cebff6886091526209b80068fbc03701d171424b34f26f0bf80e7dbd593b03b80460bfcdc32a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786
| MD5 | 0ff324bfbd33243d1f67a06721dd3d3a |
| SHA1 | 81b19c6ed39b906628871dd413c4eb8897e6ed3f |
| SHA256 | 96267bf750912accaf4a03e71fce217e3a70f0c2d702ade53d4a3141e9abc107 |
| SHA512 | 57865f69d65c1fb57e8772651fd2923c06f9a944d86562b5086cf6f79434290f1e6d7a6c716aa300ca9c802ffd9c3734870ee7b39de07eacaaf32f198b2439b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786
| MD5 | e6b995bacceb589737a755f327417e78 |
| SHA1 | 9fc2fd0b41bca2c2451fc29b5e0f3f49dde3385e |
| SHA256 | 97381b5f1401ff077cc81afed4ab754c65979bf105067138ea717cca18276bfc |
| SHA512 | c76628a4b6004e8844c8749994defe17083420e6e7f164ee6ed65220053ec137462e6004b8c9a26f3fa99b274c7437d64a64fa13c909e7b72944e451e50e0596 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat
| MD5 | 694377cfae14b2c8a73fbe7afa54fc68 |
| SHA1 | 52ccd0bf69e82953acef0c4e125bf66f48b1ba6b |
| SHA256 | effc1deff645ba003ec2f05f2e304d758a23e96cbb100e970c8bb791b492a71e |
| SHA512 | 8325f17d817d7826c32eb67899c3d15b2cd33e859746c2ff270dd03dbaa22130f877fed9ff15412b75ba5be9c84e4137d2896b9dc472de74530f2d238315abe6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\favicon[1].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\H3K8H2OC.txt
| MD5 | 7456967334ff670b535dc58e5095ec7f |
| SHA1 | 065b5bb44059fb21a9266990b080a52f4323a48f |
| SHA256 | 521b29e63e82f5eaf97e466b4cce248ad27f93dd4e2fc46c4926a67c54510ac7 |
| SHA512 | 8593f80e369e1646be62e2f787d74eff422bf215fd71d36baeae826a1867b304bbbe5bd0e96b69da70ec80a63e3809eb36e43d49149e7fdb56b5518ab7b6d008 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WZJPINV6.txt
| MD5 | 6b3e24a1e5c2f89bc8de487b34422f5b |
| SHA1 | c1188d603766e9a31386305ccbb4466d6204e865 |
| SHA256 | e01d5d73395b2c0aaa43da9cf9089cba2a6786094aa909520a31e3ed85fda544 |
| SHA512 | 643e40b92b37e36fbeae1eab708d6a5eff762e7ac10eceb60c7d8186e66425db6d789fdd5d9d034c91117a97a7ef4aa01a28ddfdfef4197cc7034ed7a14942f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E
| MD5 | e8b5db0ae8c5fcebc669dffbcb065526 |
| SHA1 | a559e084ce3484603c8712ed5696c007daaeb9a0 |
| SHA256 | d32935080ef6d293c85f45a4d40c341c587dbd128396789f2f22100ca6c78483 |
| SHA512 | 50e3a5d2abc5eb214172e14f0b2aa354ff793882fffaa1d140e8ed6f4ab9eaa6d37020883011facbae1e50e10c465178af574e8feab61fef9ea62cf1e39940a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E
| MD5 | c3e5635e4b5f9474362306dad9c7a9b0 |
| SHA1 | 0b54079364b4d37910fdad9ab5079414160382de |
| SHA256 | 5d81e9d8d4f979af46ccc9d9591564419905752233f44e03fde4fa8836b0f6ab |
| SHA512 | b393691578f4d232dcdb96cd39373337efd1e4826e82048aa9c241cd8603a1b3ef00f43d2ea792e1ca64951b6a2e5408864ea1bd78627d588a27d603352e9965 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TJZ2P3BP.txt
| MD5 | fd1661a02b342cd77013b8d7cc3df325 |
| SHA1 | 59d0e899627003addeda29900f549fb5871d7b95 |
| SHA256 | 50dd5f2d1ab776c5d1fd661f9daa8e84fa6b725955ec1f1417989485be7d31ad |
| SHA512 | 72b4f6ba7f22eeaecd7bcf53fcbf75db9ae377ace759e95a0fd41e94857b8f646f2f5bb870207de9b33ff723362e20519b861394471b57e4ef22ff2a0169a641 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\4Kv5U5b1o3f[1].png
| MD5 | a81a5e7f71ae4153e6f888f1c92e5e11 |
| SHA1 | 39c3945c30abff65b372a7d8c691178ae9d9eee0 |
| SHA256 | 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e |
| SHA512 | 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat
| MD5 | 32e9b6772431239c0a35af6a6f95d6dc |
| SHA1 | 3dbbf23453af2a15739be893e196276e2785590d |
| SHA256 | 3f8aa10c0fd17362a9b20292b585a07737bd3da29ede9e56d5f06459f8c5071c |
| SHA512 | 88ea4266502be2858bc19f5f6c743de4af8336dbbbcd72132e7df9d56cd5ca13892642acb017e048e85574c31f8e5a48131ba4401dd5c8803df3f0d52fa2badc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfb5d2d96d665f23fde63835952b8024 |
| SHA1 | 0dcfc336a4e162527954c16b165b47376b8895dd |
| SHA256 | 6181f8628ca84750a2efa6ea4e8b5ef16d195126595d5dbed3150ee303376040 |
| SHA512 | bcbb8e3fabba68c15af43d971c427a0c9c0736fc2e1bce6ebd41b47b87077c311412c44ea8241d81d7e3342347b6469b3b65d76b4f8e7b3a5365df1b86554d3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a97b935ab4d3e004ce121be82867a20 |
| SHA1 | c81a74e2a93ac9235337c3dca47f7e50aa83a5c3 |
| SHA256 | 6e8130e683dc8e8f071aca5a7e072a993fb6bb4a2f4479852ec3ea92e37310e5 |
| SHA512 | 649da2175b7942823a028b6e46205f478b0d3a314d24b286d24d9c4e7f5215243cdfde664b0c1cd7679a629c0b505f4897187041ca69924a2d396350b02f8c1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04a79c705b3c81a6e84558f36d5018b4 |
| SHA1 | b1b0feaa814448bb812515cea6f691dfede3b7f3 |
| SHA256 | 89bb7bb76095c47034ce89e9818d0a39a9b5d3afd3be13174482fca6f53291ac |
| SHA512 | cbb34e870b56c0757cf557c49fbdfe4eab800cd326f93a5f06f8d2b9731108cabae12fc89c2ff1d0acea9ca17330302aed1898673d43d61945e5eed6590868a7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SFP4FJL1.txt
| MD5 | 4283068bdf1816c6d06aeb95d5e0a23b |
| SHA1 | 2df3da5c61c1ebe885b11728cdbd2ddde8ba3ee0 |
| SHA256 | 52012b1750d6fd5cd1c120bd6878bbfa354ca055f04f7300cadecd0273a3b364 |
| SHA512 | 230607021946bfd32ca1ce9350aecf7cec0f2a4602aadf1b519f6e3fa075336176c0ec0bb1ed6159b79975555457b882dfc4061bc9d870259e4206f6a943620b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61e4efad6260a4ad57e3e72782a95a28 |
| SHA1 | 6c591d9a9d0168c2a0d97130f2f00dc4e4dc5267 |
| SHA256 | 8f169db55f30042ed0fdc6bb389489b71f93fbfed904d7fab5913d3ec3a6026c |
| SHA512 | c442f90a0f46a32378496d35c8bcbced23b8c553bc032452ac500070db06920bbc4b1723a740e630f45cacec71901a615ecf0d6d2c65f5997d6665b6ba05a4fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fadc6ea7f1efc6fcc1808f3582c61ad1 |
| SHA1 | 70a6a24a5e66b021b3edc555f70bc8f5176a3bf0 |
| SHA256 | b6690ec7405a1011bf44fbc1f43977c1da486952376dc6f41727afe5b122f2c4 |
| SHA512 | d146d3c43471c26d2aaa6da7782b66e33a61ee7844ba9f487f6fc7210411945674045c909931831a6a1e7337557ef686545322b2cf72fc0e60b5f3137022cf60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a60a21431e20f9bf2098af942082ab53 |
| SHA1 | 09a21a45850b2b292043b2d853b1c325ac0c7217 |
| SHA256 | 3827d0d8edc23c46f1cddc64620b2c5f07d4c5b8a8aa2e451a2b94bf854e5389 |
| SHA512 | d49629f148a4c9d09dd5844d5b27750c9c11ff30623e9e30451190ebfaa8726360428d9f1786c2d33e34a7108d6b51e9117be5a89e75a9438c8830a8bc1776a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e108398911e427498ba166f1fb2652e4 |
| SHA1 | 19421380eca0dccf388a9dc045f7254e41c1dccb |
| SHA256 | bf986e7c9bc3c1ff230d001a7733fbbd368b2f0efd4c72307262c92852cc4fc2 |
| SHA512 | 3d65e9a0addf4791b76f39d59209a35c63650494c66517047b9a0522a391663fb75c53fe7f51e6f70bcc1e832fb8401d9a84b3e2669bd5756616548108f72ca6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a4961b0e73f364ce8dd1ed6cfd1632d |
| SHA1 | 9ffb16cf7d1b3f7beda3b44a96a4a685066ff662 |
| SHA256 | 8e898b04b8bc85eb2d331edc0e7d7ebffaa6ceeab5c7a1548b4ce3dd756a79cd |
| SHA512 | b9a7375de980ba614875b4fbba13a2a54b275538f886a852033dfebb08ac661cba569ce43e2ab3ee81cc348310579766b293f1fb5970e5c0059a2b3aa9604448 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e2b2c67203adcc309d0e7d552610288 |
| SHA1 | 3cff5e745f6aa1834fef53cfb4551b495028c75d |
| SHA256 | 00fb0999fce8df5b0f75f07ec610e48d51880b2b7a424c20cd279900f929eb8b |
| SHA512 | 8b620766a3e6f1004f76252ce8089f71e19f8c56a161a883505d3764f44eaed45e6641c9a64d33a9f4b4de300c5b16e6de1fd279c599dd9791a7f14d3b13e759 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7713cacf3065dcabc76cb29b07384b5b |
| SHA1 | d9b1539802ec1190cfec0f850c655dd5c4f6098c |
| SHA256 | ebd8b008828f1f85d6678b3859f5b8111efb351346c262b20cbe630f721be4d3 |
| SHA512 | 57f82ddfcb6131d3a390467bffc39ed9ce108415d4602a85a3f75a8eee8c0ea3e290b3accf9d78f82f0820fae4d389dd9e9dd78a850863d7bd03689357429d81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21227fb415562d996ca20735518ec081 |
| SHA1 | ebded1e2b0fe6454473f7acf18b80fc8bbbd7533 |
| SHA256 | 8d8feffa388b8cf4ea94b040835f4c066c90e6bc3fe6fee58a06b4e8f36a5a66 |
| SHA512 | df234c89664551e118e79f00553a2952671f606a04f7645f1dfe700c3727d2cfdfadca494040f94784dc5b2234d83a72ee4ea9fb5680963625422f871062a308 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | aa2e81f07abdde8847897006d73b770f |
| SHA1 | f0887c09c523b62c973dd9c9ca6caae256761499 |
| SHA256 | 4e85f121b205f3f12bca7c5b32a793f464faccec2ad1c294f84eb6bd7c6460c0 |
| SHA512 | f0733389b29bb6e6bea8a7670f20c27e62ba668cd4d00c706894590ef7cd80676d5ef2c2205bc04fa91d5a37bb830b2899e814fb82d1ac52ffb3e6c0443571e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4493a8e0340160e24534de2d92f2f2ba |
| SHA1 | e74b26fb182be9fcc342c35394e9820b4b4f3cc8 |
| SHA256 | 8e320aff727dcaa145defa08fe4a07550de9d59a6c34b039e818b719ae3929da |
| SHA512 | 6e7ece236ede8170ca97a793568e930795408152676dfdc843b9a3236cd9337adc14db2ec698d27b15c781f556b8cd52883ab3af4ba5a1bb1fa5ea87fd1243ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69d6edc8dc9fe08c9d4341b00a4855e3 |
| SHA1 | 8d11be6af6abe4eeddf905b2448e66457a3501c2 |
| SHA256 | 187d3cd5c100d721e96c84da4ba79b0dbeab6fe3e9ce7e1f2122e5b0bd0df2dc |
| SHA512 | 6f257ca475c5b7c25b4c54ef5722752a2ed5a431ec4ffe4ea9b93756822e193697a7b662e702f002e41c73bc26936726ee03ecf312443e6d5fa515518a15bde0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 188342e6674470c1b52209d7a08e31f4 |
| SHA1 | 9bb3da389c8dd42f1b76affeb9d94325ad65a0b9 |
| SHA256 | fe83ceb700145f87bbe76d3605ebea74af61e9545994521e072e843acc0cdaf0 |
| SHA512 | aeececb24e9c815f69e2513ef7f5015528cc53077057ed8ba6f71c62136c988d66573f2ac74c90cf9105ccda7a29b2ea6d7dbc3f425c625986283a47173653a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51c4097f716ca6600935febd65d0d2cf |
| SHA1 | f8862b46d2d7b9738e20a9ef986981903ba7144c |
| SHA256 | 4ea23bbe0538dab303588c5a646648e4cb285c422e7b025d5803653d0a790d15 |
| SHA512 | e8b034f07fdd2b1165a8427037ae676f2cff16ff38d7dde6624ccee733c0a31c6733bdb2e35c1a855fc1c3f6714faf82289288792ecce14b57312a017a8c7890 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d872cde27865f42e61d5f23902089e57 |
| SHA1 | 598fb0c499200a100f0aec00f5f6857bf8093c6b |
| SHA256 | 2161ead2e41dd9514ff877eb80188aa3d839e25d7d93e0e81d59d12e1f5976fd |
| SHA512 | 9569dde4f0460040c244bb17d0166c27edbdaefbda859570a5b3c78b732cffd3c33386786074bde7523f0faa64e86a8853e2c0a815f8fee290a83654370239fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | c27d51ab5c8490e4ed316cb17e173571 |
| SHA1 | f08a8b3c449522eb837e9eaf4e5f64a80bc0942f |
| SHA256 | 43b799080679d7bf1ea9b09c6e238cb6276b8b85701852582df16781d4af028e |
| SHA512 | 464121599609fbc507e51a53e8f1fc938efdd868ed2c6c471a7ba08745139a214a27d195c91e9ca76cdae65303a3f561aee5048d99e49290e22c25bc85df0714 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7954045f9a5cfbbf9f0c207ad5b56580 |
| SHA1 | a4877f99266670edd57a99bcdcf90f4608070a33 |
| SHA256 | a8b1edabd654b5ca6a6b7a2be4374bc3dc5eaf383f0fd9910fbb932eeadd1c26 |
| SHA512 | 00f671a4fc412919e7f79980d8bfa6b4b402331d8724b628b220d1d0b5558b3676999ac02482942d0cec42b08f4afebf967cb9a087a8ab796a3dab4004048ef2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a42c8f718f16e05992a17f92c343d24 |
| SHA1 | c42d07a6accb2849b57a0bb69d170b6694907f18 |
| SHA256 | 91ef1e18a92ac7925b5e9d5e263eb94adf2fa67419e287eb7242612e0c515262 |
| SHA512 | 7a37fb2bc6ba934bd0a3f1fb27f898bbf825d294387c4fc358017be79d97cb4abaf7b4028e8acfaaa6ff183aaae70c0b41c732212034046ad95d2355e9e897ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e3fa0472c587e7f5d59d55aa29c69ba |
| SHA1 | 1e6d0a00133fd4ca73abc86ced10df60ec6b62a0 |
| SHA256 | db9b5dfe1b352c8b95058507979820beae5f813e89f6e82d41d2932b2d76edf5 |
| SHA512 | 00911b33c6e6bdbaef593344a4682ec2f6ca29aae19b188fe1e673146816df17f3966f2a5b068dab347db51291af249427ea784e629db9934c0641451396b171 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 22:39
Reported
2024-06-13 22:45
Platform
win10-20240404-en
Max time kernel
299s
Max time network
300s
Command Line
"C:\Users\Admin\AppData\Local\Temp\2131d39b505eb5e1952282355f5169643bff280d45a473be5c2cc67ab27852b1.exe"
Signatures
Detected google phishing page
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2131d39b505eb5e1952282355f5169643bff280d45a473be5c2cc67ab27852b1.exe | N/A |
Drops file in Windows directory
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c980f49fe2bdda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "425099968" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{D199CA2F-476E-4064-9D79-D4E4F335DB9D} = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.facebook.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 5ecadba8e2bdda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2131d39b505eb5e1952282355f5169643bff280d45a473be5c2cc67ab27852b1.exe
"C:\Users\Admin\AppData\Local\Temp\2131d39b505eb5e1952282355f5169643bff280d45a473be5c2cc67ab27852b1.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.35:443 | facebook.com | tcp |
| GB | 163.70.151.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| GB | 163.70.151.35:443 | fbcdn.net | tcp |
| GB | 163.70.151.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| GB | 163.70.151.35:443 | fbsbx.com | tcp |
| GB | 163.70.151.35:443 | fbsbx.com | tcp |
| US | 8.8.8.8:53 | 25.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | watson.telemetry.microsoft.com | udp |
| US | 20.189.173.22:443 | watson.telemetry.microsoft.com | tcp |
| US | 20.189.173.22:443 | watson.telemetry.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 22.173.189.20.in-addr.arpa | udp |
| US | 20.189.173.22:443 | watson.telemetry.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | watson.telemetry.microsoft.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | watson.telemetry.microsoft.com | udp |
| US | 104.208.16.94:443 | watson.telemetry.microsoft.com | tcp |
| US | 8.8.8.8:53 | 50.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.16.208.104.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 104.208.16.94:443 | watson.telemetry.microsoft.com | tcp |
| US | 8.8.8.8:53 | 88.251.17.2.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 157.210.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
Files
memory/1596-16-0x000002307AF20000-0x000002307AF30000-memory.dmp
memory/1596-0-0x000002307AE20000-0x000002307AE30000-memory.dmp
memory/1596-35-0x00000230782F0000-0x00000230782F2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | d65ad243b64ece471e7c6daccdb58e06 |
| SHA1 | 65d0d8fcea400f3bbffc303a0e3ee8b20eadea3d |
| SHA256 | a9274379516ac2ca8f71e99c281f2c24a801fa1d6c872bf27d903b78123612d9 |
| SHA512 | ee51e2ffab1ca2d610f74d3c4492531ea6e7e03f1013914edc052693ce95d4ba64f80dddfd51a67fa54ea07702f32b129ab59f745275a2270caac8bd8ddc5524 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | a08991b3b3149042115bebb75a76ccc0 |
| SHA1 | 4f1a11c57b43422713fcb9c7af450a3a547ad11d |
| SHA256 | 827224a17beecdd911e49e0f09ab9665246f781744d1241545d6aefe2e67c788 |
| SHA512 | dc3f8319b0a7ab3e3a37447cdd60b3772bbb5e73cd44e9e58c2ad979dcd68f48f675c8a0a2626e9d3af5d4c664a9dcc52b786b69946236d8f89d12371d987fac |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 9623ba8bcf437459b35c95037f264e8a |
| SHA1 | 427702951e70a1bfd04169ef45d544bb747760c9 |
| SHA256 | 621c6912600bd3d47df2a081f7e98491b3b1f69995a121fba71d6c1d2780d9b3 |
| SHA512 | af672b24ae72967ef5b55f82c11ff8249fa520a74923c70a11db983827a95e03213e9207a91090ad5b05ae4af54db783e86ca10b59d19af8eca3a2bfe8d49e98 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_120148DF360AB0CA4DEE7F56782F4D54
| MD5 | 3b089ecb9db5851ef77daa436dbd2ce1 |
| SHA1 | c12996219ef9b65b6d4cafa5f701225d54ceb6c7 |
| SHA256 | d2d4e346a1977d9ff4a51278a2f39222ac4574988f6a9d88079dcb2adf869f3b |
| SHA512 | 2131241fa0abe453a033ebac4774aeffad4c86c064097a37864f99083c62db802e3bc30d94ee3ed5bf1fb9bd30af5e14482a09a7f7f43772acc9caae654d9623 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_120148DF360AB0CA4DEE7F56782F4D54
| MD5 | 3823f902540305efc41105899c1e0dc1 |
| SHA1 | 10a927d26e91caab97aba1447adee2208140b021 |
| SHA256 | 4380602945f843080a9bba25095077fbbdc030e226998858e360ce204b80836a |
| SHA512 | 140a566fccbe042b7461757b41571509dd70619138aec6c3591a29dbddb8c6584f27b6e84d21410ec343d78d3795dcc50b6509374bc7bf6064759acb177250e0 |
memory/1828-76-0x00000225D6800000-0x00000225D6900000-memory.dmp
memory/1828-75-0x00000225D6800000-0x00000225D6900000-memory.dmp
memory/4392-89-0x000001B00F200000-0x000001B00F300000-memory.dmp
memory/4392-90-0x000001B00F200000-0x000001B00F300000-memory.dmp
memory/3616-154-0x00000209D1280000-0x00000209D12A0000-memory.dmp
memory/3616-153-0x00000209D1140000-0x00000209D1160000-memory.dmp
memory/3616-197-0x00000209D1900000-0x00000209D1A00000-memory.dmp
memory/3616-305-0x00000209D2600000-0x00000209D2700000-memory.dmp
memory/3616-325-0x00000209D00D0000-0x00000209D00F0000-memory.dmp
memory/3616-357-0x00000209D0F80000-0x00000209D0F82000-memory.dmp
memory/3616-387-0x00000209D0D20000-0x00000209D0D40000-memory.dmp
memory/1596-396-0x0000023001A60000-0x0000023001A61000-memory.dmp
memory/1596-395-0x0000023001A50000-0x0000023001A51000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JYBLDLB4\4Kv5U5b1o3f[1].png
| MD5 | a81a5e7f71ae4153e6f888f1c92e5e11 |
| SHA1 | 39c3945c30abff65b372a7d8c691178ae9d9eee0 |
| SHA256 | 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e |
| SHA512 | 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69 |
memory/3616-408-0x00000209BF900000-0x00000209BF910000-memory.dmp
memory/3616-407-0x00000209D1FD0000-0x00000209D1FD2000-memory.dmp
memory/3616-406-0x00000209BF900000-0x00000209BF910000-memory.dmp
memory/3616-409-0x00000209D1FA0000-0x00000209D1FA2000-memory.dmp
memory/3616-405-0x00000209D1AF0000-0x00000209D1AF2000-memory.dmp
memory/3616-410-0x00000209BF900000-0x00000209BF910000-memory.dmp
memory/3616-411-0x00000209D1FE0000-0x00000209D1FE2000-memory.dmp
memory/3616-412-0x00000209BF900000-0x00000209BF910000-memory.dmp
memory/3616-416-0x00000209BF900000-0x00000209BF910000-memory.dmp
memory/3616-415-0x00000209D2EE0000-0x00000209D2EE2000-memory.dmp
memory/3616-414-0x00000209BF900000-0x00000209BF910000-memory.dmp
memory/3616-413-0x00000209D2ED0000-0x00000209D2ED2000-memory.dmp
memory/3616-417-0x00000209D31F0000-0x00000209D31F2000-memory.dmp
memory/3616-418-0x00000209BF900000-0x00000209BF910000-memory.dmp
memory/3616-419-0x00000209D3460000-0x00000209D3462000-memory.dmp
memory/3616-420-0x00000209BF900000-0x00000209BF910000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\MCB8GNCN\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |