f4c34aa87aeb7ac70eda15070fb1bd7cb11ded73b053123caeb22ec3281888ca

Analysis

max time kernel
22s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2023 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4c34aa87aeb7ac70eda15070fb1bd7cb11ded73b053123caeb22ec3281888ca.exe
Size

2.9MB
MD5

9393038ef8247cf2e1fb96b28cf4439e
SHA1

d454bc1799e6cd2489d489ac06cbc9e52e1804e8
SHA256

f4c34aa87aeb7ac70eda15070fb1bd7cb11ded73b053123caeb22ec3281888ca
SHA512

090a96ba465d64a01441264d72ab0149c650aec68942424fcda57b56cc000ca6812848f97a84e7c574cc295da2467a39f5b6f57cb5cb3faacf189ef27f6adb3b
SSDEEP

49152:D7TvfU+8X9GrNOsva5RbKhF3ANkTTlhruffC82Y:Q+8X9G3vP3AMefC82Y

Score

8^/10

persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Enumerates connected drives 3 TTPs 6 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe

Program crash 39 IoCs

pid	pid_target	Process	procid_target
808	4752	WerFault.exe	87
4656	1792	WerFault.exe	99
3676	2952	WerFault.exe	97
5116	2044	WerFault.exe	106
1912	1452	WerFault.exe	114
3424	1428	WerFault.exe	112
3708	4588	WerFault.exe	123
4192	2052	WerFault.exe	121
2896	4468	WerFault.exe	129
1840	1320	WerFault.exe	136
1972	4212	WerFault.exe	134
884	2640	WerFault.exe	142
1668	3216	WerFault.exe	149
4816	5092	WerFault.exe	147
3256	4804	WerFault.exe	155
2204	4100	WerFault.exe	162
2608	4776	WerFault.exe	160
4072	2468	WerFault.exe	168
3000	436	WerFault.exe	175
4724	1720	WerFault.exe	173
3704	4960	WerFault.exe	183
2592	2684	WerFault.exe	181
5060	3600	WerFault.exe	191
4328	3728	WerFault.exe	189
1280	4584	WerFault.exe	199
4012	2396	WerFault.exe	197
3168	3304	WerFault.exe	207
2852	4160	WerFault.exe	205
1476	4888	WerFault.exe	213
3284	3720	WerFault.exe	220
548	1824	WerFault.exe	218
3572	1884	WerFault.exe	226
2928	3024	WerFault.exe	233
3000	2292	WerFault.exe	231
1320	436	WerFault.exe	240
2928	2248	WerFault.exe	239
1984	2916	WerFault.exe	249
3872	1516	WerFault.exe	247
1880	2684	WerFault.exe	255

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe

Modifies registry class 52 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{0E56DAC3-2989-4C10-8713-0DAD7911073E}	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{6A444539-8567-4188-AFF8-F635A8E99C12}	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{298435D5-DD49-42B1-B520-81CF8240C512}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4752	explorer.exe
Token: SeCreatePagefilePrivilege	4752	explorer.exe
Token: SeShutdownPrivilege	4752	explorer.exe
Token: SeCreatePagefilePrivilege	4752	explorer.exe
Token: SeShutdownPrivilege	4752	explorer.exe
Token: SeCreatePagefilePrivilege	4752	explorer.exe
Token: SeShutdownPrivilege	4752	explorer.exe
Token: SeCreatePagefilePrivilege	4752	explorer.exe
Token: SeShutdownPrivilege	4752	explorer.exe
Token: SeCreatePagefilePrivilege	4752	explorer.exe
Token: SeShutdownPrivilege	4752	explorer.exe
Token: SeCreatePagefilePrivilege	4752	explorer.exe
Token: SeShutdownPrivilege	4752	explorer.exe
Token: SeCreatePagefilePrivilege	4752	explorer.exe
Token: SeShutdownPrivilege	4752	explorer.exe
Token: SeCreatePagefilePrivilege	4752	explorer.exe
Token: SeShutdownPrivilege	4752	explorer.exe
Token: SeCreatePagefilePrivilege	4752	explorer.exe
Token: SeShutdownPrivilege	4752	explorer.exe
Token: SeCreatePagefilePrivilege	4752	explorer.exe
Token: SeShutdownPrivilege	4752	explorer.exe
Token: SeCreatePagefilePrivilege	4752	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2952	explorer.exe
Token: SeCreatePagefilePrivilege	2952	explorer.exe
Token: SeShutdownPrivilege	2044	explorer.exe
Token: SeCreatePagefilePrivilege	2044	explorer.exe
Token: SeShutdownPrivilege	2044	explorer.exe
Token: SeCreatePagefilePrivilege	2044	explorer.exe
Token: SeShutdownPrivilege	2044	explorer.exe
Token: SeCreatePagefilePrivilege	2044	explorer.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe

Suspicious use of SendNotifyMessage 45 IoCs

pid	Process
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
4752	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2952	explorer.exe
2044	explorer.exe
2044	explorer.exe
2044	explorer.exe
2044	explorer.exe
2044	explorer.exe
2044	explorer.exe
2044	explorer.exe
2044	explorer.exe
2044	explorer.exe
2044	explorer.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1612	StartMenuExperienceHost.exe
1156	StartMenuExperienceHost.exe
1792	SearchApp.exe

C:\Users\Admin\AppData\Local\Temp\f4c34aa87aeb7ac70eda15070fb1bd7cb11ded73b053123caeb22ec3281888ca.exe
"C:\Users\Admin\AppData\Local\Temp\f4c34aa87aeb7ac70eda15070fb1bd7cb11ded73b053123caeb22ec3281888ca.exe"
1⤵
PID:5088

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4752
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4752 -s 6112
  2⤵
  - Program crash
  PID:808

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 444 -p 4752 -ip 4752
1⤵
PID:3676

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2952
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2952 -s 7280
  2⤵
  - Program crash
  PID:3676

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1156

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1792
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1792 -s 3972
  2⤵
  - Program crash
  PID:4656

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 496 -p 1792 -ip 1792
1⤵
PID:412

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 508 -p 2952 -ip 2952
1⤵
PID:2772

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2044
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2044 -s 6164
  2⤵
  - Program crash
  PID:5116

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:724

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 368 -p 2044 -ip 2044
1⤵
PID:444

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1428
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1428 -s 7496
  2⤵
  - Program crash
  PID:3424

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2196

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1452
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1452 -s 3580
  2⤵
  - Program crash
  PID:1912

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 592 -p 1452 -ip 1452
1⤵
PID:3848

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 364 -p 1428 -ip 1428
1⤵
PID:1644

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2052
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2052 -s 5844
  2⤵
  - Program crash
  PID:4192

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2944

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4588
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4588 -s 3568
  2⤵
  - Program crash
  PID:3708

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 500 -p 4588 -ip 4588
1⤵
PID:3124

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 500 -p 2052 -ip 2052
1⤵
PID:2908

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4468
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4468 -s 6304
  2⤵
  - Program crash
  PID:2896

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:948

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 612 -p 4468 -ip 4468
1⤵
PID:1840

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4212
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4212 -s 7452
  2⤵
  - Program crash
  PID:1972

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:452

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1320
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1320 -s 3568
  2⤵
  - Program crash
  PID:1840

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 620 -p 1320 -ip 1320
1⤵
PID:4660

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 432 -p 4212 -ip 4212
1⤵
PID:3092

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2640
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2640 -s 6060
  2⤵
  - Program crash
  PID:884

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4584

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 480 -p 2640 -ip 2640
1⤵
PID:4000

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5092
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5092 -s 7424
  2⤵
  - Program crash
  PID:4816

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4164

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3216
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3216 -s 3564
  2⤵
  - Program crash
  PID:1668

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 496 -p 3216 -ip 3216
1⤵
PID:3944

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 496 -p 5092 -ip 5092
1⤵
PID:3188

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4804
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4804 -s 6020
  2⤵
  - Program crash
  PID:3256

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4236

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 520 -p 4804 -ip 4804
1⤵
PID:2052

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4776
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4776 -s 7480
  2⤵
  - Program crash
  PID:2608

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3880

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4100
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4100 -s 3616
  2⤵
  - Program crash
  PID:2204

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 544 -p 4100 -ip 4100
1⤵
PID:3968

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 448 -p 4776 -ip 4776
1⤵
PID:452

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2468
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2468 -s 6024
  2⤵
  - Program crash
  PID:4072

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4136

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 592 -p 2468 -ip 2468
1⤵
PID:2088

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1720
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1720 -s 4936
  2⤵
  - Program crash
  PID:4724

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2204

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:436
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 436 -s 3548
  2⤵
  - Program crash
  PID:3000

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 592 -p 436 -ip 436
1⤵
PID:552

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 568 -p 1720 -ip 1720
1⤵
PID:4476

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2684
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2684 -s 7408
  2⤵
  - Program crash
  PID:2592

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1612

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4960
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4960 -s 3592
  2⤵
  - Program crash
  PID:3704

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 448 -p 4960 -ip 4960
1⤵
PID:3500

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 604 -p 2684 -ip 2684
1⤵
PID:4376

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3728
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3728 -s 6260
  2⤵
  - Program crash
  PID:4328

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:436

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3600
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3600 -s 3568
  2⤵
  - Program crash
  PID:5060

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 480 -p 3600 -ip 3600
1⤵
PID:3444

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 432 -p 3728 -ip 3728
1⤵
PID:3268

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2396
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2396 -s 7356
  2⤵
  - Program crash
  PID:4012

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1884

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4584
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4584 -s 3592
  2⤵
  - Program crash
  PID:1280

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 560 -p 4584 -ip 4584
1⤵
PID:3256

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 604 -p 2396 -ip 2396
1⤵
PID:5012

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4160
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4160 -s 7476
  2⤵
  - Program crash
  PID:2852

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3268

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3304
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3304 -s 2600
  2⤵
  - Program crash
  PID:3168

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 396 -p 3304 -ip 3304
1⤵
PID:844

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 584 -p 4160 -ip 4160
1⤵
PID:3256

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4888
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4888 -s 6036
  2⤵
  - Program crash
  PID:1476

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1644

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 564 -p 4888 -ip 4888
1⤵
PID:4148

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1824
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1824 -s 7468
  2⤵
  - Program crash
  PID:548

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4608

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3720
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3720 -s 2684
  2⤵
  - Program crash
  PID:3284

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 396 -p 3720 -ip 3720
1⤵
PID:4368

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 492 -p 1824 -ip 1824
1⤵
PID:1924

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1884
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1884 -s 5892
  2⤵
  - Program crash
  PID:3572

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2656

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 568 -p 1884 -ip 1884
1⤵
PID:2484

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2292
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2292 -s 6084
  2⤵
  - Program crash
  PID:3000

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:532

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3024
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3024 -s 3560
  2⤵
  - Program crash
  PID:2928

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 356 -p 3024 -ip 3024
1⤵
PID:3504

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 592 -p 2292 -ip 2292
1⤵
PID:4212

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2248
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2248 -s 6688
  2⤵
  - Program crash
  PID:2928

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:436
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 436 -s 3956
  2⤵
  - Program crash
  PID:1320

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4448

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 560 -p 436 -ip 436
1⤵
PID:2684

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 492 -p 2248 -ip 2248
1⤵
PID:848

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1516
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1516 -s 7296
  2⤵
  - Program crash
  PID:3872

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:452

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2916
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2916 -s 3600
  2⤵
  - Program crash
  PID:1984

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 508 -p 2916 -ip 2916
1⤵
PID:764

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 396 -p 1516 -ip 1516
1⤵
PID:5076

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2684
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2684 -s 6076
  2⤵
  - Program crash
  PID:1880

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4788

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 596 -p 2684 -ip 2684
1⤵
PID:2644

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63

Filesize
1KB

MD5
516581c13994c7610e9baf3be548909b

SHA1
21e0edb2993d6764cf5e292511089565ae3445f0

SHA256
a77ac4115bf539d2979d13b895b2a3e2a307fdaef7a8217ea0d3e630481b3d02

SHA512
2fe3dade9175f4481f6e9d003a3dd39e63f7789936032a7fda4750bc14cb57563712e1053992928414c3ce3618876e86d5f2b2650599e2e612e383b960ba6708

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63

Filesize
404B

MD5
23d93a12b3ded5edd6f74fcce15a3194

SHA1
e0ff7c87ab6f7780ef225a187b887245bae4e19d

SHA256
c85ef49811963ab44b59c67d23c407bad34bb525a4f5fd446606071b4c7a4c3f

SHA512
8f756b141b818df8fcf1ee5459c7e28bd4228308801e47ab7b9b28661ee8309a1c5606954e8bb43ef3ee498bcba7431848dbb3e030cf2f26dea4bd3fc4bf2561

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
memory/436-310-0x000001C6CB180000-0x000001C6CB1A0000-memory.dmp

Filesize
128KB

Download
memory/436-312-0x000001C6CB140000-0x000001C6CB160000-memory.dmp

Filesize
128KB

Download
memory/436-314-0x000001C6CB550000-0x000001C6CB570000-memory.dmp

Filesize
128KB

Download
memory/436-156-0x00000242A1F60000-0x00000242A1F80000-memory.dmp

Filesize
128KB

Download
memory/436-154-0x00000242A18C0000-0x00000242A18E0000-memory.dmp

Filesize
128KB

Download
memory/436-152-0x00000242A1900000-0x00000242A1920000-memory.dmp

Filesize
128KB

Download
memory/1320-85-0x00000151A4FA0000-0x00000151A4FC0000-memory.dmp

Filesize
128KB

Download
memory/1320-88-0x00000151A4F60000-0x00000151A4F80000-memory.dmp

Filesize
128KB

Download
memory/1320-91-0x00000151A5400000-0x00000151A5420000-memory.dmp

Filesize
128KB

Download
memory/1428-30-0x0000000004220000-0x0000000004221000-memory.dmp

Filesize
4KB

Download
memory/1452-42-0x0000024AAE250000-0x0000024AAE270000-memory.dmp

Filesize
128KB

Download
memory/1452-38-0x0000024AAE290000-0x0000024AAE2B0000-memory.dmp

Filesize
128KB

Download
memory/1452-44-0x0000024AAE8F0000-0x0000024AAE910000-memory.dmp

Filesize
128KB

Download
memory/1516-332-0x0000000004E40000-0x0000000004E41000-memory.dmp

Filesize
4KB

Download
memory/1720-145-0x0000000004CE0000-0x0000000004CE1000-memory.dmp

Filesize
4KB

Download
memory/1792-16-0x00000124BA060000-0x00000124BA080000-memory.dmp

Filesize
128KB

Download
memory/1792-18-0x00000124BA470000-0x00000124BA490000-memory.dmp

Filesize
128KB

Download
memory/1792-14-0x00000124BA0A0000-0x00000124BA0C0000-memory.dmp

Filesize
128KB

Download
memory/1824-255-0x0000000004670000-0x0000000004671000-memory.dmp

Filesize
4KB

Download
memory/2052-53-0x0000000004820000-0x0000000004821000-memory.dmp

Filesize
4KB

Download
memory/2248-303-0x0000000004DF0000-0x0000000004DF1000-memory.dmp

Filesize
4KB

Download
memory/2292-279-0x0000000004220000-0x0000000004221000-memory.dmp

Filesize
4KB

Download
memory/2396-209-0x0000000004210000-0x0000000004211000-memory.dmp

Filesize
4KB

Download
memory/2684-168-0x0000000004840000-0x0000000004841000-memory.dmp

Filesize
4KB

Download
memory/2916-343-0x0000022C7EF00000-0x0000022C7EF20000-memory.dmp

Filesize
128KB

Download
memory/2916-340-0x0000022C7EF40000-0x0000022C7EF60000-memory.dmp

Filesize
128KB

Download
memory/2916-345-0x0000022C003C0000-0x0000022C003E0000-memory.dmp

Filesize
128KB

Download
memory/2952-7-0x0000000004BE0000-0x0000000004BE1000-memory.dmp

Filesize
4KB

Download
memory/3024-294-0x000001D534650000-0x000001D534670000-memory.dmp

Filesize
128KB

Download
memory/3024-291-0x000001D534200000-0x000001D534220000-memory.dmp

Filesize
128KB

Download
memory/3024-287-0x000001D534240000-0x000001D534260000-memory.dmp

Filesize
128KB

Download
memory/3216-110-0x0000021ACC900000-0x0000021ACC920000-memory.dmp

Filesize
128KB

Download
memory/3216-106-0x0000021ACC480000-0x0000021ACC4A0000-memory.dmp

Filesize
128KB

Download
memory/3216-108-0x0000021ACC440000-0x0000021ACC460000-memory.dmp

Filesize
128KB

Download
memory/3304-244-0x000001837BF20000-0x000001837BF40000-memory.dmp

Filesize
128KB

Download
memory/3304-239-0x000001837BB60000-0x000001837BB80000-memory.dmp

Filesize
128KB

Download
memory/3304-242-0x000001837BB20000-0x000001837BB40000-memory.dmp

Filesize
128KB

Download
memory/3600-204-0x0000018278F00000-0x0000018278F20000-memory.dmp

Filesize
128KB

Download
memory/3600-198-0x0000018278AA0000-0x0000018278AC0000-memory.dmp

Filesize
128KB

Download
memory/3600-201-0x0000018278A60000-0x0000018278A80000-memory.dmp

Filesize
128KB

Download
memory/3720-268-0x000001C4C0FA0000-0x000001C4C0FC0000-memory.dmp

Filesize
128KB

Download
memory/3720-263-0x000001C4C0BD0000-0x000001C4C0BF0000-memory.dmp

Filesize
128KB

Download
memory/3720-266-0x000001C4C0B90000-0x000001C4C0BB0000-memory.dmp

Filesize
128KB

Download
memory/3728-191-0x00000000042E0000-0x00000000042E1000-memory.dmp

Filesize
4KB

Download
memory/4100-128-0x000001B4D5D20000-0x000001B4D5D40000-memory.dmp

Filesize
128KB

Download
memory/4100-133-0x000001B4D6150000-0x000001B4D6170000-memory.dmp

Filesize
128KB

Download
memory/4100-131-0x000001B4D59E0000-0x000001B4D5A00000-memory.dmp

Filesize
128KB

Download
memory/4160-231-0x0000000004A00000-0x0000000004A01000-memory.dmp

Filesize
4KB

Download
memory/4212-77-0x0000000004D70000-0x0000000004D71000-memory.dmp

Filesize
4KB

Download
memory/4584-216-0x000002578E240000-0x000002578E260000-memory.dmp

Filesize
128KB

Download
memory/4584-218-0x000002578E200000-0x000002578E220000-memory.dmp

Filesize
128KB

Download
memory/4584-221-0x000002578E600000-0x000002578E620000-memory.dmp

Filesize
128KB

Download
memory/4588-67-0x000001B3C62A0000-0x000001B3C62C0000-memory.dmp

Filesize
128KB

Download
memory/4588-64-0x000001B3C5C80000-0x000001B3C5CA0000-memory.dmp

Filesize
128KB

Download
memory/4588-61-0x000001B3C5CC0000-0x000001B3C5CE0000-memory.dmp

Filesize
128KB

Download
memory/4776-121-0x00000000041C0000-0x00000000041C1000-memory.dmp

Filesize
4KB

Download
memory/4960-180-0x0000020D6AE20000-0x0000020D6AE40000-memory.dmp

Filesize
128KB

Download
memory/4960-178-0x0000020D6A960000-0x0000020D6A980000-memory.dmp

Filesize
128KB

Download
memory/4960-175-0x0000020D6A9B0000-0x0000020D6A9D0000-memory.dmp

Filesize
128KB

Download
memory/5092-98-0x0000000004040000-0x0000000004041000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads