3eeee0a7852eb79381d3f72ee22445fa9ae02935c3b4d2a9d93971bcfcc8ced5

Analysis

max time kernel
21s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2023, 11:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3eeee0a7852eb79381d3f72ee22445fa9ae02935c3b4d2a9d93971bcfcc8ced5.exe
Size

3.0MB
MD5

e812483c44e03a3f215d747c7c2cb4da
SHA1

541786205b3d445041f63cde764b9da693fe5412
SHA256

3eeee0a7852eb79381d3f72ee22445fa9ae02935c3b4d2a9d93971bcfcc8ced5
SHA512

497f6ec3f69f16c4d988179f8864a912905bf54ef8ea8436f7ab810547bd13bd0025df5c86a5f19d5134b85c06058329fc113ff08d6db9c6879d80a2ea02e0cc
SSDEEP

49152:H7TvfU+8X9GrNOsva5RbKhF3ANkTTlCAl1dhckhFTVF/74Jv:c+8X9G3vP3AMsAlZ1FUJv

Score

8^/10

persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	explorer.exe
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe
File opened (read-only)	\??\D:	explorer.exe

Program crash 40 IoCs

pid	pid_target	Process	procid_target
4052	564	WerFault.exe	85
3108	2788	WerFault.exe	97
3860	5020	WerFault.exe	95
2236	4460	WerFault.exe	106
1660	3240	WerFault.exe	104
3588	3616	WerFault.exe	115
1068	4404	WerFault.exe	112
2992	1172	WerFault.exe	121
1588	3612	WerFault.exe	128
3488	4792	WerFault.exe	126
3332	1968	WerFault.exe	136
5000	2392	WerFault.exe	134
2324	3368	WerFault.exe	144
4252	1592	WerFault.exe	142
3456	2312	WerFault.exe	152
900	1712	WerFault.exe	150
3164	3584	WerFault.exe	160
100	4548	WerFault.exe	158
1520	340	WerFault.exe	168
3532	1704	WerFault.exe	166
3536	3640	WerFault.exe	176
3568	4140	WerFault.exe	174
3684	3472	WerFault.exe	182
3140	3520	WerFault.exe	187
1576	1756	WerFault.exe	194
664	2452	WerFault.exe	192
1564	2928	WerFault.exe	200
2808	556	WerFault.exe	207
1084	2700	WerFault.exe	205
60	3208	WerFault.exe	215
4144	2936	WerFault.exe	213
3380	1524	WerFault.exe	221
1296	2340	WerFault.exe	228
1884	4420	WerFault.exe	226
1208	1588	WerFault.exe	236
1804	4812	WerFault.exe	234
1868	2200	WerFault.exe	244
4608	4272	WerFault.exe	242
1736	4436	WerFault.exe	252
4296	3348	WerFault.exe	250

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe

Modifies registry class 50 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{0214A36F-29C4-4F22-9F3F-75F53308F23F}	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{02E91A85-95FB-4E69-B17B-CF78ACCCC5DA}	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{E10F59EF-8E85-42AF-B5A5-54CF3E3C66D0}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache	SearchApp.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	564	explorer.exe
Token: SeCreatePagefilePrivilege	564	explorer.exe
Token: SeShutdownPrivilege	564	explorer.exe
Token: SeCreatePagefilePrivilege	564	explorer.exe
Token: SeShutdownPrivilege	564	explorer.exe
Token: SeCreatePagefilePrivilege	564	explorer.exe
Token: SeShutdownPrivilege	564	explorer.exe
Token: SeCreatePagefilePrivilege	564	explorer.exe
Token: SeShutdownPrivilege	564	explorer.exe
Token: SeCreatePagefilePrivilege	564	explorer.exe
Token: SeShutdownPrivilege	564	explorer.exe
Token: SeCreatePagefilePrivilege	564	explorer.exe
Token: SeShutdownPrivilege	564	explorer.exe
Token: SeCreatePagefilePrivilege	564	explorer.exe
Token: SeShutdownPrivilege	564	explorer.exe
Token: SeCreatePagefilePrivilege	564	explorer.exe
Token: SeShutdownPrivilege	564	explorer.exe
Token: SeCreatePagefilePrivilege	564	explorer.exe
Token: SeShutdownPrivilege	564	explorer.exe
Token: SeCreatePagefilePrivilege	564	explorer.exe
Token: SeShutdownPrivilege	564	explorer.exe
Token: SeCreatePagefilePrivilege	564	explorer.exe
Token: SeShutdownPrivilege	564	explorer.exe
Token: SeCreatePagefilePrivilege	564	explorer.exe
Token: SeShutdownPrivilege	564	explorer.exe
Token: SeCreatePagefilePrivilege	564	explorer.exe
Token: SeShutdownPrivilege	564	explorer.exe
Token: SeCreatePagefilePrivilege	564	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe
Token: SeShutdownPrivilege	5020	explorer.exe
Token: SeCreatePagefilePrivilege	5020	explorer.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe

Suspicious use of SendNotifyMessage 42 IoCs

pid	Process
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
564	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
5020	explorer.exe
3240	explorer.exe
3240	explorer.exe
3240	explorer.exe
3240	explorer.exe
3240	explorer.exe
3240	explorer.exe
3240	explorer.exe
3240	explorer.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3564	StartMenuExperienceHost.exe
4300	StartMenuExperienceHost.exe
2788	SearchApp.exe

C:\Users\Admin\AppData\Local\Temp\3eeee0a7852eb79381d3f72ee22445fa9ae02935c3b4d2a9d93971bcfcc8ced5.exe
"C:\Users\Admin\AppData\Local\Temp\3eeee0a7852eb79381d3f72ee22445fa9ae02935c3b4d2a9d93971bcfcc8ced5.exe"
1⤵
PID:1908

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:564
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 564 -s 6164
  2⤵
  - Program crash
  PID:4052

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3564

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 456 -p 564 -ip 564
1⤵
PID:1808

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5020
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5020 -s 7496
  2⤵
  - Program crash
  PID:3860

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4300

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2788
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2788 -s 3660
  2⤵
  - Program crash
  PID:3108

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 2788 -ip 2788
1⤵
PID:4416

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 548 -p 5020 -ip 5020
1⤵
PID:1824

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of SendNotifyMessage
PID:3240
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3240 -s 7376
  2⤵
  - Program crash
  PID:1660

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:856

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4460
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4460 -s 2700
  2⤵
  - Program crash
  PID:2236

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 484 -p 4460 -ip 4460
1⤵
PID:1292

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 484 -p 3240 -ip 3240
1⤵
PID:3520

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4404
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4404 -s 7540
  2⤵
  - Program crash
  PID:1068

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4260

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3616
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3616 -s 3536
  2⤵
  - Program crash
  PID:3588

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 516 -p 3616 -ip 3616
1⤵
PID:5064

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 548 -p 4404 -ip 4404
1⤵
PID:1564

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1172
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1172 -s 6116
  2⤵
  - Program crash
  PID:2992

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:180

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 568 -p 1172 -ip 1172
1⤵
PID:3164

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4792
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4792 -s 7424
  2⤵
  - Program crash
  PID:3488

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3564

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3612
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3612 -s 3568
  2⤵
  - Program crash
  PID:1588

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 404 -p 3612 -ip 3612
1⤵
PID:3960

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 544 -p 4792 -ip 4792
1⤵
PID:3332

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2392
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2392 -s 1036
  2⤵
  - Program crash
  PID:5000

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:988

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1968
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1968 -s 3540
  2⤵
  - Program crash
  PID:3332

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 620 -p 1968 -ip 1968
1⤵
PID:4876

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 484 -p 2392 -ip 2392
1⤵
PID:1984

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1592
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1592 -s 5816
  2⤵
  - Program crash
  PID:4252

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1340

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3368
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3368 -s 3584
  2⤵
  - Program crash
  PID:2324

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 628 -p 3368 -ip 3368
1⤵
PID:2104

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 576 -p 1592 -ip 1592
1⤵
PID:3276

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1712
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1712 -s 5792
  2⤵
  - Program crash
  PID:900

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3524

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2312
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2312 -s 3432
  2⤵
  - Program crash
  PID:3456

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 612 -p 2312 -ip 2312
1⤵
PID:3672

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 648 -p 1712 -ip 1712
1⤵
PID:3296

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4548
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4548 -s 5988
  2⤵
  - Program crash
  PID:100

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2272

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3584
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3584 -s 3584
  2⤵
  - Program crash
  PID:3164

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 404 -p 3584 -ip 3584
1⤵
PID:3808

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 644 -p 4548 -ip 4548
1⤵
PID:2104

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1704
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1704 -s 3756
  2⤵
  - Program crash
  PID:3532

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:888

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:340
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 340 -s 3564
  2⤵
  - Program crash
  PID:1520

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 552 -p 340 -ip 340
1⤵
PID:556

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 592 -p 1704 -ip 1704
1⤵
PID:3868

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4140
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4140 -s 1884
  2⤵
  - Program crash
  PID:3568

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1604

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3640
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3640 -s 3572
  2⤵
  - Program crash
  PID:3536

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 652 -p 3640 -ip 3640
1⤵
PID:4912

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 484 -p 4140 -ip 4140
1⤵
PID:1664

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3472
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3472 -s 5908
  2⤵
  - Program crash
  PID:3684

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4660

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 564 -p 3472 -ip 3472
1⤵
PID:1872

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3520
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3520 -s 5896
  2⤵
  - Program crash
  PID:3140

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3868

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 596 -p 3520 -ip 3520
1⤵
PID:3032

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2452
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2452 -s 7596
  2⤵
  - Program crash
  PID:664

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1588

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1756
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1756 -s 2880
  2⤵
  - Program crash
  PID:1576

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 616 -p 1756 -ip 1756
1⤵
PID:4272

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 636 -p 2452 -ip 2452
1⤵
PID:2220

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2928
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2928 -s 6240
  2⤵
  - Program crash
  PID:1564

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3140

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 640 -p 2928 -ip 2928
1⤵
PID:3888

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2700
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2700 -s 5960
  2⤵
  - Program crash
  PID:1084

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3736

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:556
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 556 -s 3604
  2⤵
  - Program crash
  PID:2808

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 564 -p 556 -ip 556
1⤵
PID:1112

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 660 -p 2700 -ip 2700
1⤵
PID:1524

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2936
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2936 -s 7580
  2⤵
  - Program crash
  PID:4144

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2496

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3208
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3208 -s 3572
  2⤵
  - Program crash
  PID:60

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 528 -p 3208 -ip 3208
1⤵
PID:3344

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 568 -p 2936 -ip 2936
1⤵
PID:788

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1524
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1524 -s 6004
  2⤵
  - Program crash
  PID:3380

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:460

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 564 -p 1524 -ip 1524
1⤵
PID:4320

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4420
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4420 -s 5832
  2⤵
  - Program crash
  PID:1884

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1556

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2340
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2340 -s 3544
  2⤵
  - Program crash
  PID:1296

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 532 -p 2340 -ip 2340
1⤵
PID:100

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 684 -p 4420 -ip 4420
1⤵
PID:1164

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4812
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4812 -s 7696
  2⤵
  - Program crash
  PID:1804

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:384

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1588
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1588 -s 3956
  2⤵
  - Program crash
  PID:1208

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 660 -p 1588 -ip 1588
1⤵
PID:5044

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 684 -p 4812 -ip 4812
1⤵
PID:4040

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4272
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4272 -s 7556
  2⤵
  - Program crash
  PID:4608

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3432

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2200
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2200 -s 3592
  2⤵
  - Program crash
  PID:1868

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 636 -p 2200 -ip 2200
1⤵
PID:3468

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 592 -p 4272 -ip 4272
1⤵
PID:1324

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3348
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3348 -s 7596
  2⤵
  - Program crash
  PID:4296

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1296

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4436
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4436 -s 2556
  2⤵
  - Program crash
  PID:1736

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 668 -p 4436 -ip 4436
1⤵
PID:2160

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 620 -p 3348 -ip 3348
1⤵
PID:228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63

Filesize
1KB

MD5
516581c13994c7610e9baf3be548909b

SHA1
21e0edb2993d6764cf5e292511089565ae3445f0

SHA256
a77ac4115bf539d2979d13b895b2a3e2a307fdaef7a8217ea0d3e630481b3d02

SHA512
2fe3dade9175f4481f6e9d003a3dd39e63f7789936032a7fda4750bc14cb57563712e1053992928414c3ce3618876e86d5f2b2650599e2e612e383b960ba6708

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63

Filesize
404B

MD5
381ae15ec0ba112a1b5522b6f0268447

SHA1
a7625582537ab45d1c5c27d2bffb2ae804924e41

SHA256
a3beb812f1b8044397e4f1dcff77ce7e457190ecdfdef4f7e5fb10c1dfe6c837

SHA512
552b1cda201d4cc0d3475d1f7960b3ce5a8c5798570508c472df87267166fb1f79efb0646197c1aa8d93d19bb9b407bc185481a7aa55005888e217d3e1d01824

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
memory/340-194-0x0000026774F00000-0x0000026774F20000-memory.dmp

Filesize
128KB

Download
memory/340-197-0x0000026774EC0000-0x0000026774EE0000-memory.dmp

Filesize
128KB

Download
memory/340-200-0x0000026775560000-0x0000026775580000-memory.dmp

Filesize
128KB

Download
memory/556-269-0x0000021177EC0000-0x0000021177EE0000-memory.dmp

Filesize
128KB

Download
memory/556-271-0x0000021178550000-0x0000021178570000-memory.dmp

Filesize
128KB

Download
memory/556-266-0x0000021177F40000-0x0000021177F60000-memory.dmp

Filesize
128KB

Download
memory/1588-339-0x0000029A7E240000-0x0000029A7E260000-memory.dmp

Filesize
128KB

Download
memory/1588-336-0x0000029A7E280000-0x0000029A7E2A0000-memory.dmp

Filesize
128KB

Download
memory/1588-341-0x0000029A7E6E0000-0x0000029A7E700000-memory.dmp

Filesize
128KB

Download
memory/1592-119-0x0000000004C10000-0x0000000004C11000-memory.dmp

Filesize
4KB

Download
memory/1704-186-0x0000000004CD0000-0x0000000004CD1000-memory.dmp

Filesize
4KB

Download
memory/1712-139-0x0000000004BD0000-0x0000000004BD1000-memory.dmp

Filesize
4KB

Download
memory/1756-248-0x000001C3F16A0000-0x000001C3F16C0000-memory.dmp

Filesize
128KB

Download
memory/1756-242-0x000001C3F12D0000-0x000001C3F12F0000-memory.dmp

Filesize
128KB

Download
memory/1756-244-0x000001C3F1290000-0x000001C3F12B0000-memory.dmp

Filesize
128KB

Download
memory/1968-107-0x0000024F553F0000-0x0000024F55410000-memory.dmp

Filesize
128KB

Download
memory/1968-113-0x0000024F557C0000-0x0000024F557E0000-memory.dmp

Filesize
128KB

Download
memory/1968-111-0x0000024F553B0000-0x0000024F553D0000-memory.dmp

Filesize
128KB

Download
memory/2200-364-0x00000296E6040000-0x00000296E6060000-memory.dmp

Filesize
128KB

Download
memory/2200-366-0x00000296E6500000-0x00000296E6520000-memory.dmp

Filesize
128KB

Download
memory/2200-361-0x00000296E6080000-0x00000296E60A0000-memory.dmp

Filesize
128KB

Download
memory/2312-147-0x000002A7E4E00000-0x000002A7E4E20000-memory.dmp

Filesize
128KB

Download
memory/2312-152-0x000002A7E5260000-0x000002A7E5280000-memory.dmp

Filesize
128KB

Download
memory/2312-150-0x000002A7E4BC0000-0x000002A7E4BE0000-memory.dmp

Filesize
128KB

Download
memory/2340-313-0x000001FA00B00000-0x000001FA00B20000-memory.dmp

Filesize
128KB

Download
memory/2340-318-0x000001FA00F30000-0x000001FA00F50000-memory.dmp

Filesize
128KB

Download
memory/2340-316-0x000001FA007C0000-0x000001FA007E0000-memory.dmp

Filesize
128KB

Download
memory/2392-99-0x0000000004E00000-0x0000000004E01000-memory.dmp

Filesize
4KB

Download
memory/2452-235-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/2700-258-0x0000000004E70000-0x0000000004E71000-memory.dmp

Filesize
4KB

Download
memory/2788-21-0x000002E944D40000-0x000002E944D60000-memory.dmp

Filesize
128KB

Download
memory/2788-16-0x000002E944730000-0x000002E944750000-memory.dmp

Filesize
128KB

Download
memory/2788-14-0x000002E944770000-0x000002E944790000-memory.dmp

Filesize
128KB

Download
memory/2936-282-0x0000000004D40000-0x0000000004D41000-memory.dmp

Filesize
4KB

Download
memory/3208-289-0x0000018C54EB0000-0x0000018C54ED0000-memory.dmp

Filesize
128KB

Download
memory/3208-292-0x0000018C54E60000-0x0000018C54E80000-memory.dmp

Filesize
128KB

Download
memory/3208-295-0x0000018C55500000-0x0000018C55520000-memory.dmp

Filesize
128KB

Download
memory/3240-29-0x00000000045A0000-0x00000000045A1000-memory.dmp

Filesize
4KB

Download
memory/3368-131-0x000001B076070000-0x000001B076090000-memory.dmp

Filesize
128KB

Download
memory/3368-129-0x000001B0759D0000-0x000001B0759F0000-memory.dmp

Filesize
128KB

Download
memory/3368-127-0x000001B075C20000-0x000001B075C40000-memory.dmp

Filesize
128KB

Download
memory/3584-174-0x000001FDC2150000-0x000001FDC2170000-memory.dmp

Filesize
128KB

Download
memory/3584-176-0x000001FDC2560000-0x000001FDC2580000-memory.dmp

Filesize
128KB

Download
memory/3584-170-0x000001FDC2190000-0x000001FDC21B0000-memory.dmp

Filesize
128KB

Download
memory/3612-84-0x000001E92F2B0000-0x000001E92F2D0000-memory.dmp

Filesize
128KB

Download
memory/3612-89-0x000001E92F920000-0x000001E92F940000-memory.dmp

Filesize
128KB

Download
memory/3612-87-0x000001E92F270000-0x000001E92F290000-memory.dmp

Filesize
128KB

Download
memory/3616-62-0x0000017003290000-0x00000170032B0000-memory.dmp

Filesize
128KB

Download
memory/3616-60-0x00000170032D0000-0x00000170032F0000-memory.dmp

Filesize
128KB

Download
memory/3616-66-0x00000170038A0000-0x00000170038C0000-memory.dmp

Filesize
128KB

Download
memory/3640-217-0x0000025DF18C0000-0x0000025DF18E0000-memory.dmp

Filesize
128KB

Download
memory/3640-222-0x0000025DF1CF0000-0x0000025DF1D10000-memory.dmp

Filesize
128KB

Download
memory/3640-220-0x0000025DF1860000-0x0000025DF1880000-memory.dmp

Filesize
128KB

Download
memory/4140-209-0x0000000004760000-0x0000000004761000-memory.dmp

Filesize
4KB

Download
memory/4272-354-0x0000000004290000-0x0000000004291000-memory.dmp

Filesize
4KB

Download
memory/4404-52-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/4420-305-0x0000000004C80000-0x0000000004C81000-memory.dmp

Filesize
4KB

Download
memory/4460-40-0x000001FE453C0000-0x000001FE453E0000-memory.dmp

Filesize
128KB

Download
memory/4460-37-0x000001FE45600000-0x000001FE45620000-memory.dmp

Filesize
128KB

Download
memory/4460-43-0x000001FE45A60000-0x000001FE45A80000-memory.dmp

Filesize
128KB

Download
memory/4548-162-0x00000000041E0000-0x00000000041E1000-memory.dmp

Filesize
4KB

Download
memory/4792-76-0x0000000004720000-0x0000000004721000-memory.dmp

Filesize
4KB

Download
memory/4812-328-0x0000000003ED0000-0x0000000003ED1000-memory.dmp

Filesize
4KB

Download
memory/5020-8-0x00000000045A0000-0x00000000045A1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads