43cdd1fdeedb20cde7d01e43ec5d034597011596d6295dff387088fdf4da5c64

Analysis

max time kernel
20s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15/08/2023, 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb7c46d8fb0b2a564cff559b29b318f6_mafia_JC.exe
Size

3.2MB
MD5

fb7c46d8fb0b2a564cff559b29b318f6
SHA1

d25457134f66b2ffa612ea12e66220e0b2ae741f
SHA256

43cdd1fdeedb20cde7d01e43ec5d034597011596d6295dff387088fdf4da5c64
SHA512

8f7dd542cb7d2b54849a7d8fc4ff610ac7e494b3ee1a525e15e221b1fa51824b9474d328d8c967c64903ef4bc0142a73e6fad9a1daf77ff3b3f41f0eeb347c4e
SSDEEP

49152:A9yiCJ5rFwnANZGEXep+9TxFegOSDAmosh3ANkTTl9px0MXCTSxcfzk:/J5rFwnApezgOS9V3AMjpxnClk

Score

8^/10

persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Active Setup\Installed Components	WerFault.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Active Setup\Installed Components	WerFault.exe

Enumerates connected drives 3 TTPs 6 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe
File opened (read-only)	\??\D:	WerFault.exe
File opened (read-only)	\??\F:	WerFault.exe
File opened (read-only)	\??\D:	WerFault.exe
File opened (read-only)	\??\F:	WerFault.exe

Program crash 40 IoCs

pid	pid_target	Process	procid_target
4232	4628	WerFault.exe	84
3948	3256	WerFault.exe	94
4248	468	WerFault.exe	103
4068	3692	WerFault.exe	101
4380	3496	WerFault.exe	112
3512	3572	WerFault.exe	110
4164	1124	WerFault.exe	121
3892	3716	WerFault.exe	118
3172	4068	WerFault.exe	129
1328	4812	WerFault.exe	127
3040	5104	WerFault.exe	137
4084	2380	WerFault.exe	135
1636	4404	WerFault.exe	145
4960	3976	WerFault.exe	143
1648	4864	WerFault.exe	151
1816	3336	WerFault.exe	158
4100	5104	WerFault.exe	156
2512	4596	WerFault.exe	166
4692	4108	WerFault.exe	164
4948	3172	WerFault.exe	172
3412	3996	WerFault.exe	177
3908	3872	WerFault.exe	179
4044	3692	WerFault.exe	185
4016	1232	WerFault.exe	192
3372	4180	WerFault.exe	190
3692	1972	WerFault.exe	200
4300	4548	WerFault.exe	198
4960	1904	WerFault.exe	208
1124	3592	WerFault.exe	206
2844	4872	WerFault.exe	216
3564	3180	WerFault.exe	214
3964	644	WerFault.exe	222
3864	2376	WerFault.exe	229
3352	4756	WerFault.exe	227
232	4244	WerFault.exe	235
2852	2148	WerFault.exe	242
3844	3116	WerFault.exe	240
1336	1396	WerFault.exe	248
4672	3088	WerFault.exe	255
1112	1144	WerFault.exe	253

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	Process not Found

Modifies registry class 39 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	WerFault.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	WerFault.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	WerFault.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{39BD82A1-E84C-4150-B584-4BB3500CAA63}	WerFault.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	WerFault.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	WerFault.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	WerFault.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	WerFault.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	WerFault.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	WerFault.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	WerFault.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000	WerFault.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	WerFault.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	WerFault.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{88C019A3-0D8D-4F9C-88E0-5837F7F9A776}	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN"	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	WerFault.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	WerFault.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000	WerFault.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	WerFault.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{420E2114-750A-4858-A11A-569DAD48F23F}	WerFault.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	WerFault.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4628	explorer.exe
Token: SeCreatePagefilePrivilege	4628	explorer.exe
Token: SeShutdownPrivilege	4628	explorer.exe
Token: SeCreatePagefilePrivilege	4628	explorer.exe
Token: SeShutdownPrivilege	4628	explorer.exe
Token: SeCreatePagefilePrivilege	4628	explorer.exe
Token: SeShutdownPrivilege	4628	explorer.exe
Token: SeCreatePagefilePrivilege	4628	explorer.exe
Token: SeShutdownPrivilege	4628	explorer.exe
Token: SeCreatePagefilePrivilege	4628	explorer.exe
Token: SeShutdownPrivilege	4628	explorer.exe
Token: SeCreatePagefilePrivilege	4628	explorer.exe
Token: SeShutdownPrivilege	4628	explorer.exe
Token: SeCreatePagefilePrivilege	4628	explorer.exe
Token: SeShutdownPrivilege	4628	explorer.exe
Token: SeCreatePagefilePrivilege	4628	explorer.exe
Token: SeShutdownPrivilege	4628	explorer.exe
Token: SeCreatePagefilePrivilege	4628	explorer.exe
Token: SeShutdownPrivilege	4628	explorer.exe
Token: SeCreatePagefilePrivilege	4628	explorer.exe
Token: SeShutdownPrivilege	4628	explorer.exe
Token: SeCreatePagefilePrivilege	4628	explorer.exe
Token: SeShutdownPrivilege	4628	explorer.exe
Token: SeCreatePagefilePrivilege	4628	explorer.exe
Token: SeShutdownPrivilege	4628	explorer.exe
Token: SeCreatePagefilePrivilege	4628	explorer.exe
Token: SeShutdownPrivilege	4628	explorer.exe
Token: SeCreatePagefilePrivilege	4628	explorer.exe
Token: SeShutdownPrivilege	4628	explorer.exe
Token: SeCreatePagefilePrivilege	4628	explorer.exe
Token: SeShutdownPrivilege	4628	explorer.exe
Token: SeCreatePagefilePrivilege	4628	explorer.exe
Token: SeShutdownPrivilege	3256	WerFault.exe
Token: SeCreatePagefilePrivilege	3256	WerFault.exe
Token: SeShutdownPrivilege	3256	WerFault.exe
Token: SeCreatePagefilePrivilege	3256	WerFault.exe
Token: SeShutdownPrivilege	3256	WerFault.exe
Token: SeCreatePagefilePrivilege	3256	WerFault.exe
Token: SeShutdownPrivilege	3256	WerFault.exe
Token: SeCreatePagefilePrivilege	3256	WerFault.exe
Token: SeShutdownPrivilege	3256	WerFault.exe
Token: SeCreatePagefilePrivilege	3256	WerFault.exe
Token: SeShutdownPrivilege	3256	WerFault.exe
Token: SeCreatePagefilePrivilege	3256	WerFault.exe
Token: SeShutdownPrivilege	3256	WerFault.exe
Token: SeCreatePagefilePrivilege	3256	WerFault.exe
Token: SeShutdownPrivilege	3256	WerFault.exe
Token: SeCreatePagefilePrivilege	3256	WerFault.exe
Token: SeShutdownPrivilege	3256	WerFault.exe
Token: SeCreatePagefilePrivilege	3256	WerFault.exe
Token: SeShutdownPrivilege	3256	WerFault.exe
Token: SeCreatePagefilePrivilege	3256	WerFault.exe
Token: SeShutdownPrivilege	3256	WerFault.exe
Token: SeCreatePagefilePrivilege	3256	WerFault.exe
Token: SeShutdownPrivilege	3256	WerFault.exe
Token: SeCreatePagefilePrivilege	3256	WerFault.exe
Token: SeShutdownPrivilege	3256	WerFault.exe
Token: SeCreatePagefilePrivilege	3256	WerFault.exe
Token: SeShutdownPrivilege	3692	WerFault.exe
Token: SeCreatePagefilePrivilege	3692	WerFault.exe
Token: SeShutdownPrivilege	3692	WerFault.exe
Token: SeCreatePagefilePrivilege	3692	WerFault.exe
Token: SeShutdownPrivilege	3692	WerFault.exe
Token: SeCreatePagefilePrivilege	3692	WerFault.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe

Suspicious use of SendNotifyMessage 43 IoCs

pid	Process
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
4628	explorer.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3256	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe
3692	WerFault.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4948	StartMenuExperienceHost.exe
4344	StartMenuExperienceHost.exe
3816	StartMenuExperienceHost.exe
468	Process not Found

C:\Users\Admin\AppData\Local\Temp\fb7c46d8fb0b2a564cff559b29b318f6_mafia_JC.exe
"C:\Users\Admin\AppData\Local\Temp\fb7c46d8fb0b2a564cff559b29b318f6_mafia_JC.exe"
1⤵
PID:4804

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4628
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4628 -s 6236
  2⤵
  - Program crash
  PID:4232

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4948

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 460 -p 4628 -ip 4628
1⤵
PID:5076

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3256
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3256 -s 6108
  2⤵
  - Program crash
  PID:3948

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4344

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 420 -p 3256 -ip 3256
1⤵
PID:3624

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3692
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3692 -s 7456
  2⤵
  - Program crash
  PID:4068

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3816

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:468
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 468 -s 3676
  2⤵
  - Program crash
  PID:4248

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 428 -p 468 -ip 468
1⤵
PID:3472

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 428 -p 3692 -ip 3692
1⤵
PID:4228

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3572
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3572 -s 7428
  2⤵
  - Program crash
  PID:3512

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4832

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3496
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3496 -s 3564
  2⤵
  - Program crash
  PID:4380

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 580 -p 3496 -ip 3496
1⤵
PID:2172

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 540 -p 3572 -ip 3572
1⤵
PID:2736

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3716
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3716 -s 6136
  2⤵
  - Program crash
  PID:3892

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4692

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1124
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1124 -s 3576
  2⤵
  - Program crash
  PID:4164

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 488 -p 1124 -ip 1124
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3256

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 548 -p 3716 -ip 3716
1⤵
PID:3420

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4812
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4812 -s 7412
  2⤵
  - Program crash
  PID:1328

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:948

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4068
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4068 -s 3568
  2⤵
  - Program crash
  PID:3172

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 492 -p 4068 -ip 4068
1⤵
PID:1836

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 572 -p 4812 -ip 4812
1⤵
PID:2556

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2380
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2380 -s 7292
  2⤵
  - Program crash
  PID:4084

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4252

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5104
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5104 -s 3560
  2⤵
  - Program crash
  PID:3040

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 560 -p 5104 -ip 5104
1⤵
PID:4068

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 572 -p 2380 -ip 2380
1⤵
PID:4440

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3976
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3976 -s 7352
  2⤵
  - Program crash
  PID:4960

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4080

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4404
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4404 -s 3584
  2⤵
  - Program crash
  PID:1636

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 492 -p 4404 -ip 4404
1⤵
PID:4212

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 500 -p 3976 -ip 3976
1⤵
PID:224

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4864
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4864 -s 4736
  2⤵
  - Program crash
  PID:1648

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4660

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 560 -p 4864 -ip 4864
1⤵
PID:1396

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5104
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5104 -s 3412
  2⤵
  - Program crash
  PID:4100

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3724

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3336
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3336 -s 3584
  2⤵
  - Program crash
  PID:1816

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 580 -p 3336 -ip 3336
1⤵
PID:1168

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 548 -p 5104 -ip 5104
1⤵
PID:1660

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4108
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4108 -s 7528
  2⤵
  - Program crash
  PID:4692

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3776

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4596
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4596 -s 3560
  2⤵
  - Program crash
  PID:2512

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 500 -p 4596 -ip 4596
1⤵
PID:3664

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 556 -p 4108 -ip 4108
1⤵
PID:4212

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3172
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3172 -s 6076
  2⤵
  - Program crash
  PID:4948

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4320

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 536 -p 3172 -ip 3172
1⤵
PID:4304

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3996
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3996 -s 1144
  2⤵
  - Program crash
  PID:3412

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3860

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3872
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3872 -s 3592
  2⤵
  - Program crash
  PID:3908

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 572 -p 3872 -ip 3872
1⤵
PID:3636

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 536 -p 3996 -ip 3996
1⤵
PID:1124

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3692
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3692 -s 6104
  2⤵
  - Program crash
  PID:4044

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3748

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 496 -p 3692 -ip 3692
1⤵
PID:3852

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4180
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4180 -s 5852
  2⤵
  - Program crash
  PID:3372

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2216

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1232
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1232 -s 2544
  2⤵
  - Program crash
  PID:4016

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 496 -p 1232 -ip 1232
1⤵
PID:1212

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 536 -p 4180 -ip 4180
1⤵
PID:3176

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4548
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4548 -s 1144
  2⤵
  - Program crash
  PID:4300

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3384

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1972
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1972 -s 3556
  2⤵
  - Modifies Installed Components in the registry
  - Enumerates connected drives
  - Program crash
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3692

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 428 -p 1972 -ip 1972
1⤵
PID:1148

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 572 -p 4548 -ip 4548
1⤵
PID:3948

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3592
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3592 -s 7376
  2⤵
  - Program crash
  PID:1124

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2380

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1904
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1904 -s 3564
  2⤵
  - Program crash
  PID:4960

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 492 -p 1904 -ip 1904
1⤵
PID:4248

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 556 -p 3592 -ip 3592
1⤵
PID:3920

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3180
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3180 -s 4612
  2⤵
  - Program crash
  PID:3564

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2728

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4872
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4872 -s 3620
  2⤵
  - Program crash
  PID:2844

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 544 -p 4872 -ip 4872
1⤵
PID:3136

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 572 -p 3180 -ip 3180
1⤵
PID:4080

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:644
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 644 -s 5912
  2⤵
  - Program crash
  PID:3964

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2972

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 540 -p 644 -ip 644
1⤵
PID:3804

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4756
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4756 -s 4420
  2⤵
  - Program crash
  PID:3352

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1136

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2376
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2376 -s 3612
  2⤵
  - Program crash
  PID:3864

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 596 -p 2376 -ip 2376
1⤵
PID:4664

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 480 -p 4756 -ip 4756
1⤵
PID:3812

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4244
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4244 -s 6188
  2⤵
  - Program crash
  PID:232

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1968

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 428 -p 4244 -ip 4244
1⤵
PID:1508

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3116
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3116 -s 7808
  2⤵
  - Program crash
  PID:3844

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4476

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2148
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2148 -s 3864
  2⤵
  - Program crash
  PID:2852

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 432 -p 2148 -ip 2148
1⤵
PID:400

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 600 -p 3116 -ip 3116
1⤵
PID:3880

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1396
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1396 -s 6148
  2⤵
  - Program crash
  PID:1336

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5088

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 548 -p 1396 -ip 1396
1⤵
PID:1096

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1144
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1144 -s 3408
  2⤵
  - Program crash
  PID:1112

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:736

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3088
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3088 -s 3540
  2⤵
  - Program crash
  PID:4672

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 568 -p 3088 -ip 3088
1⤵
PID:4316

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 544 -p 1144 -ip 1144
1⤵
PID:4044

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63

Filesize
1KB

MD5
a8aa1c60d38c789a67a56dbc3d648f65

SHA1
7e599999f77cff90f3d310d98ba64617ff7bc94b

SHA256
5439433c8562a4ccaa0f46bff247912e496dbcaee4a90e760320c321c067304b

SHA512
9466d8644bb11ad63942ffd43ee1b72241379a48b82e083960f627f32cf40943d209c5744e2eec810147547f853b6d678d88fceffffb74340ea2a9e19568d2f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63

Filesize
404B

MD5
d403a61327aa268244fd19c1ba701c8b

SHA1
810de3a60900193d93e81eb6b1777bde8792ef85

SHA256
f473dd1bf4dc364d7d9e5273321714aa387f583e395bd7f2b377711e7388b13c

SHA512
768b0e57d9507b3900fde3b6c3fc0f98b28b7a800115c160227698c4603494d85d74f2eb6ffdcbb9227295bf0efd56c1720e7917875dd4bcb9196729300a7ab5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
191B

MD5
06219c4601c2f0107e46d804cded78bd

SHA1
e7648957b029d709ba26130ee63757c4ed3e8eb2

SHA256
1770113ba2f313135fcb4c9b37f46e250e0189dafe7b922be03896e05a3e9a3b

SHA512
ae87f78a85b0ae4adb17fc36759f6142671233365aafebadadf462c4e57764bf0d1ad3052a820e0c8b07d1117d85a1711b47418bec95ada4e4763225c988542a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
memory/468-153-0x0000018FFB300000-0x0000018FFB320000-memory.dmp

Filesize
128KB

Download
memory/468-150-0x0000018FFAC60000-0x0000018FFAC80000-memory.dmp

Filesize
128KB

Download
memory/468-148-0x0000018FFACA0000-0x0000018FFACC0000-memory.dmp

Filesize
128KB

Download
memory/1124-196-0x0000023C42070000-0x0000023C42090000-memory.dmp

Filesize
128KB

Download
memory/1124-194-0x0000023C41C60000-0x0000023C41C80000-memory.dmp

Filesize
128KB

Download
memory/1124-191-0x0000023C41CA0000-0x0000023C41CC0000-memory.dmp

Filesize
128KB

Download
memory/1144-476-0x0000000004480000-0x0000000004481000-memory.dmp

Filesize
4KB

Download
memory/1232-347-0x000001C35B8A0000-0x000001C35B8C0000-memory.dmp

Filesize
128KB

Download
memory/1232-344-0x000001C35B8E0000-0x000001C35B900000-memory.dmp

Filesize
128KB

Download
memory/1232-349-0x000001C35BF40000-0x000001C35BF60000-memory.dmp

Filesize
128KB

Download
memory/1904-397-0x000002D4BAD20000-0x000002D4BAD40000-memory.dmp

Filesize
128KB

Download
memory/1904-394-0x000002D4BA880000-0x000002D4BA8A0000-memory.dmp

Filesize
128KB

Download
memory/1904-390-0x000002D4BA8C0000-0x000002D4BA8E0000-memory.dmp

Filesize
128KB

Download
memory/1972-367-0x0000013B6AE60000-0x0000013B6AE80000-memory.dmp

Filesize
128KB

Download
memory/1972-369-0x0000013B6AE20000-0x0000013B6AE40000-memory.dmp

Filesize
128KB

Download
memory/1972-372-0x0000013B6B230000-0x0000013B6B250000-memory.dmp

Filesize
128KB

Download
memory/2148-455-0x00000249C23E0000-0x00000249C2400000-memory.dmp

Filesize
128KB

Download
memory/2148-460-0x00000249C27F0000-0x00000249C2810000-memory.dmp

Filesize
128KB

Download
memory/2148-458-0x00000249C23A0000-0x00000249C23C0000-memory.dmp

Filesize
128KB

Download
memory/2376-434-0x000001ED6AA20000-0x000001ED6AA40000-memory.dmp

Filesize
128KB

Download
memory/2376-436-0x000001ED6A7D0000-0x000001ED6A7F0000-memory.dmp

Filesize
128KB

Download
memory/2376-438-0x000001ED6AE70000-0x000001ED6AE90000-memory.dmp

Filesize
128KB

Download
memory/2380-222-0x00000000045D0000-0x00000000045D1000-memory.dmp

Filesize
4KB

Download
memory/3088-486-0x000002025A3B0000-0x000002025A3D0000-memory.dmp

Filesize
128KB

Download
memory/3088-483-0x000002025A3F0000-0x000002025A410000-memory.dmp

Filesize
128KB

Download
memory/3116-448-0x0000000004180000-0x0000000004181000-memory.dmp

Filesize
4KB

Download
memory/3180-406-0x0000000004BD0000-0x0000000004BD1000-memory.dmp

Filesize
4KB

Download
memory/3336-276-0x0000024AC3D00000-0x0000024AC3D20000-memory.dmp

Filesize
128KB

Download
memory/3336-281-0x0000024AC4160000-0x0000024AC4180000-memory.dmp

Filesize
128KB

Download
memory/3336-278-0x0000024AC39C0000-0x0000024AC39E0000-memory.dmp

Filesize
128KB

Download
memory/3496-173-0x000002B81A620000-0x000002B81A640000-memory.dmp

Filesize
128KB

Download
memory/3496-170-0x000002B81A660000-0x000002B81A680000-memory.dmp

Filesize
128KB

Download
memory/3496-175-0x000002B81AA20000-0x000002B81AA40000-memory.dmp

Filesize
128KB

Download
memory/3496-180-0x000002B81A9E0000-0x000002B81AA00000-memory.dmp

Filesize
128KB

Download
memory/3572-162-0x0000000002D80000-0x0000000002D81000-memory.dmp

Filesize
4KB

Download
memory/3592-382-0x0000000004B10000-0x0000000004B11000-memory.dmp

Filesize
4KB

Download
memory/3692-141-0x0000000004D40000-0x0000000004D41000-memory.dmp

Filesize
4KB

Download
memory/3716-184-0x0000000003F40000-0x0000000003F41000-memory.dmp

Filesize
4KB

Download
memory/3872-325-0x0000026A7C780000-0x0000026A7C7A0000-memory.dmp

Filesize
128KB

Download
memory/3872-327-0x0000026A7CBF0000-0x0000026A7CC10000-memory.dmp

Filesize
128KB

Download
memory/3872-323-0x0000026A7C7C0000-0x0000026A7C7E0000-memory.dmp

Filesize
128KB

Download
memory/3976-244-0x0000000004A40000-0x0000000004A41000-memory.dmp

Filesize
4KB

Download
memory/3996-316-0x0000000004E80000-0x0000000004E81000-memory.dmp

Filesize
4KB

Download
memory/4068-215-0x00000239D3B20000-0x00000239D3B40000-memory.dmp

Filesize
128KB

Download
memory/4068-217-0x00000239D3F30000-0x00000239D3F50000-memory.dmp

Filesize
128KB

Download
memory/4068-211-0x00000239D3B60000-0x00000239D3B80000-memory.dmp

Filesize
128KB

Download
memory/4108-291-0x0000000004750000-0x0000000004751000-memory.dmp

Filesize
4KB

Download
memory/4180-336-0x0000000004510000-0x0000000004511000-memory.dmp

Filesize
4KB

Download
memory/4404-252-0x000001FBB29A0000-0x000001FBB29C0000-memory.dmp

Filesize
128KB

Download
memory/4404-255-0x000001FBB2960000-0x000001FBB2980000-memory.dmp

Filesize
128KB

Download
memory/4404-257-0x000001FBB2E00000-0x000001FBB2E20000-memory.dmp

Filesize
128KB

Download
memory/4548-359-0x0000000004760000-0x0000000004761000-memory.dmp

Filesize
4KB

Download
memory/4596-299-0x00000274855E0000-0x0000027485600000-memory.dmp

Filesize
128KB

Download
memory/4596-302-0x00000274855A0000-0x00000274855C0000-memory.dmp

Filesize
128KB

Download
memory/4596-305-0x0000027485CE0000-0x0000027485D00000-memory.dmp

Filesize
128KB

Download
memory/4756-426-0x00000000040A0000-0x00000000040A1000-memory.dmp

Filesize
4KB

Download
memory/4812-203-0x00000000037C0000-0x00000000037C1000-memory.dmp

Filesize
4KB

Download
memory/4872-419-0x000002814B0A0000-0x000002814B0C0000-memory.dmp

Filesize
128KB

Download
memory/4872-417-0x000002814AA80000-0x000002814AAA0000-memory.dmp

Filesize
128KB

Download
memory/4872-413-0x000002814AAC0000-0x000002814AAE0000-memory.dmp

Filesize
128KB

Download
memory/5104-269-0x0000000003470000-0x0000000003471000-memory.dmp

Filesize
4KB

Download
memory/5104-229-0x000001D238C00000-0x000001D238C20000-memory.dmp

Filesize
128KB

Download
memory/5104-233-0x000001D2389B0000-0x000001D2389D0000-memory.dmp

Filesize
128KB

Download
memory/5104-235-0x000001D238FC0000-0x000001D238FE0000-memory.dmp

Filesize
128KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads