Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
33s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
17/07/2023, 16:44
General
-
Target
984361c0d5cc5d_JC.exe
-
Size
3.4MB
-
MD5
984361c0d5cc5d3d3894fbf52c85aff1
-
SHA1
d9a5c83ef159e4393c5448aceb87d13454549567
-
SHA256
6469ebfcdf3fdf69e16a31bd9809276daf7c0d19352418f81996fa0b51c165a7
-
SHA512
24249baf9f084d7d336cc89a545fc8e9108024384ebc521a42dc9aace88ed42f948be23f83064f37190263be08ba0e2c385aa0005311ccf2f89ef1d7a310689f
-
SSDEEP
49152:G9yiCJ5rFwnANZGEXep+9TxFegOSDAmosh3ANkTTlriYOgRbBEK:1J5rFwnApezgOS9V3AM5iArj
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 7 IoCs
-
Enumerates connected drives 3 TTPs 14 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Program crash 32 IoCs
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 6 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\984361c0d5cc5d_JC.exe"C:\Users\Admin\AppData\Local\Temp\984361c0d5cc5d_JC.exe"1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1980 -s 60802⤵
- Program crash
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 444 -p 1980 -ip 19801⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2328 -s 58962⤵
- Program crash
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 500 -p 2328 -ip 23281⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3972 -s 58482⤵
- Program crash
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4124 -s 39802⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 500 -p 4124 -ip 41241⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 184 -p 3972 -ip 39721⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3528 -s 75802⤵
- Program crash
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1892 -s 35242⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 524 -p 1892 -ip 18921⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 412 -p 3528 -ip 35281⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4652 -s 60522⤵
- Program crash
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 532 -p 4652 -ip 46521⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3676 -s 59602⤵
- Program crash
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4208 -s 35922⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 184 -p 4208 -ip 42081⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 580 -p 3676 -ip 36761⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2708 -s 75602⤵
- Program crash
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4632 -s 35882⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 420 -p 4632 -ip 46321⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 580 -p 2708 -ip 27081⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4936 -s 60722⤵
- Program crash
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 492 -p 4936 -ip 49361⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3984 -s 50802⤵
- Program crash
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3928 -s 35482⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 584 -p 3928 -ip 39281⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 592 -p 3984 -ip 39841⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2340 -s 61522⤵
- Program crash
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2424 -s 35402⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 184 -p 2424 -ip 24241⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 568 -p 2340 -ip 23401⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2124 -s 74482⤵
- Program crash
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1392 -s 35882⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 484 -p 1392 -ip 13921⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 572 -p 2124 -ip 21241⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4528 -s 58442⤵
- Program crash
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 604 -p 4528 -ip 45281⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4076 -s 73882⤵
- Program crash
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4024 -s 35882⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 580 -p 4024 -ip 40241⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 500 -p 4076 -ip 40761⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 5004 -s 34642⤵
- Program crash
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1988 -s 36282⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 524 -p 1988 -ip 19881⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 552 -p 5004 -ip 50041⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4728 -s 75042⤵
- Program crash
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2928 -s 35802⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 596 -p 2928 -ip 29281⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 592 -p 4728 -ip 47281⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 752 -s 61282⤵
- Program crash
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 560 -p 752 -ip 7521⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4292 -s 35122⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 584 -p 4292 -ip 42921⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2676 -s 36042⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 492 -p 2676 -ip 26761⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4072 -s 35962⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 604 -p 4072 -ip 40721⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4156 -s 39482⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 604 -p 4156 -ip 41561⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2720 -s 35642⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 580 -p 2720 -ip 27201⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1392 -s 35482⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 532 -p 1392 -ip 13921⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD524be707e4f2d742566674eaa854b21bd
SHA18d7a5482daf3aca5fe913961a85acdc2ce86a53e
SHA256744917f62e796ac9b6004bec3b1cf73556944938614571ad540e501bbcf3a1ec
SHA512146d3868ddf2e18eb53a405eb99e6679ffeaf47f257a080ea87f983a218531b280f11dcf3c6546cd403ab3aa1deff0ed2e8552ecd7b53d980a1ca8b74b75be42
-
Filesize
471B
MD5c2074f204f8570d06776afc31aa2eb8a
SHA1f9cf192e00946114f397eb5b8cb06e775f0ff0de
SHA2565201aaa7d54fc211715a9c33276b5800f80dcfb81045367286c64b5305aaa655
SHA5125a6897acf7a3acdbe51f6e6724fe0790b632e794ddc92ab6770fdcef6f46c448785d0f371c1774a08c7b8752da5340be386c9e25ae51c97fc5de251029d1e7a0
-
Filesize
404B
MD544a3d1d77b5f58e00b884321ec25a8fb
SHA18fbc8d71a0ded6df0c3752ec056844c7c403a557
SHA2565b879f5c757bedf0777e85b3a348292caf97c721ed85d40cb5f66836f0265c9f
SHA512ff6b190e9f258012bec9515b7fd5ed6f63fb01999106c3913a2694433a7ed437aec5dfbaf556327375f0adc74c9bb1c7703bb07277f528497a5a523c3e4bacfc
-
Filesize
412B
MD5db860789d1e70eb7663fedaa734a2622
SHA18f8d2c7f81a15b08b73ffa760545fb92d4b3ad73
SHA25681e5aa7afaa353b98942250bac9d245c8815937556cb91c2d4a1c5339aa42192
SHA512f6825ead19a1949b3bbf6e187039ed2bb5692fcdc9c91512f422976747b3377b7d44d1ee419885147e49fbe44450cd2c7fe4dc2b0d3ad8e81071630776e8e090
-
Filesize
97B
MD5402e0c5b12db3a5ffb0bece9995d459b
SHA1f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2
SHA2566272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2
SHA5125caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2
-
Filesize
36KB
MD58aaad0f4eb7d3c65f81c6e6b496ba889
SHA1231237a501b9433c292991e4ec200b25c1589050
SHA256813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1
SHA5121a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62
-
Filesize
36KB
MD594b56d65a8b7f7253aeacac345d4b096
SHA17e11e248ae804d3647479a4fe5f03835a1eee4bc
SHA2560f312587a999305794730da6f2198c82a346e64211e2fb054256102ac70315be
SHA512538cc0c1b4dc66e8a3c6ca9a17ddac128441874248589bcc6c88b64ad7d3b93ff143867d6fad0002cbb4584e951d0e82441c350396e6d59b73207a3ffe0fc055
-
Filesize
75KB
MD522f39923e2942e5a02c3a5f91cefd45b
SHA1c33909cb5ae1ad55b18b38b6aedf79c5a2216e13
SHA25666457d8ac009ef25f44e676156bc058db582b2a3b431e2589435bb27477328c6
SHA51217a2afe32e74150e58080055f3e67d3d4892828d9df28905a0e67227055b61eeab2a4764acf0b701bc481568fac2ccb889b326379319723fae838f8ce09e94fd
-
Filesize
75KB
MD522f39923e2942e5a02c3a5f91cefd45b
SHA1c33909cb5ae1ad55b18b38b6aedf79c5a2216e13
SHA25666457d8ac009ef25f44e676156bc058db582b2a3b431e2589435bb27477328c6
SHA51217a2afe32e74150e58080055f3e67d3d4892828d9df28905a0e67227055b61eeab2a4764acf0b701bc481568fac2ccb889b326379319723fae838f8ce09e94fd
-
Filesize
97B
MD5402e0c5b12db3a5ffb0bece9995d459b
SHA1f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2
SHA2566272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2
SHA5125caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2
-
Filesize
97B
MD5402e0c5b12db3a5ffb0bece9995d459b
SHA1f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2
SHA2566272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2
SHA5125caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2
-
Filesize
97B
MD5402e0c5b12db3a5ffb0bece9995d459b
SHA1f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2
SHA2566272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2
SHA5125caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2
-
Filesize
97B
MD5402e0c5b12db3a5ffb0bece9995d459b
SHA1f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2
SHA2566272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2
SHA5125caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2
-
Filesize
97B
MD5402e0c5b12db3a5ffb0bece9995d459b
SHA1f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2
SHA2566272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2
SHA5125caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2
-
Filesize
97B
MD5402e0c5b12db3a5ffb0bece9995d459b
SHA1f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2
SHA2566272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2
SHA5125caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2
-
Filesize
97B
MD5402e0c5b12db3a5ffb0bece9995d459b
SHA1f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2
SHA2566272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2
SHA5125caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2
-
Filesize
97B
MD5402e0c5b12db3a5ffb0bece9995d459b
SHA1f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2
SHA2566272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2
SHA5125caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2
-
Filesize
97B
MD5402e0c5b12db3a5ffb0bece9995d459b
SHA1f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2
SHA2566272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2
SHA5125caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2
-
Filesize
97B
MD5402e0c5b12db3a5ffb0bece9995d459b
SHA1f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2
SHA2566272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2
SHA5125caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2
-
Filesize
97B
MD5402e0c5b12db3a5ffb0bece9995d459b
SHA1f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2
SHA2566272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2
SHA5125caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2
-
Filesize
97B
MD5402e0c5b12db3a5ffb0bece9995d459b
SHA1f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2
SHA2566272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2
SHA5125caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2
-
Filesize
97B
MD5402e0c5b12db3a5ffb0bece9995d459b
SHA1f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2
SHA2566272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2
SHA5125caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2
-
Filesize
97B
MD5402e0c5b12db3a5ffb0bece9995d459b
SHA1f0138de23eb90c99efb1d0b1bd0dac8f1e7102a2
SHA2566272b42676075c969ca60882f74e3c1711a3b6db824c9bb9b7f5b412e2131bc2
SHA5125caea684bcc1aa6b3ade82c94fbab992c65f3b543a999f1435c683ec785eab784e86940545cdc35641401f1ead5d28dddf5ccb34156a054c36b566fc8cbbe8f2
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
4KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
4KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
184KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
4KB
-
Filesize
4KB