769d9476e98512a75c4d8235b3f63a904918a67cece7aa592bcacf93f5c3be2e

Analysis

max time kernel
23s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
27-08-2023 15:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

769d9476e98512a75c4d8235b3f63a904918a67cece7aa592bcacf93f5c3be2e.exe
Size

3.2MB
MD5

758d83e0a7a683a9495ef0770831db2b
SHA1

5c252bfbbe34bfe9d88f07b4cce9c384bcee2cda
SHA256

769d9476e98512a75c4d8235b3f63a904918a67cece7aa592bcacf93f5c3be2e
SHA512

a947b36024a7dadbd73982fb5bc303b30c0f88538f376f9c5851b43ea9c7585db7b5c25fd00d25e2ed927647f42455f43dd72cf57816cc78c3dcd30b22d2aa4a
SSDEEP

49152:H7TvfU+8X9GrNOsva5RbKhF3ANkTTliGQa7GqDl7Zpoy7:c+8X9G3vP3AMzQheLo0

Score

8^/10

persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Active Setup\Installed Components	StartMenuExperienceHost.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Enumerates connected drives 3 TTPs 6 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe
File opened (read-only)	\??\D:	StartMenuExperienceHost.exe
File opened (read-only)	\??\F:	StartMenuExperienceHost.exe
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe

Program crash 40 IoCs

pid	pid_target	Process	procid_target
2672	1424	WerFault.exe	85
2688	792	WerFault.exe	95
3988	2236	WerFault.exe	104
3860	3792	WerFault.exe	101
4452	2608	WerFault.exe	110
3784	5052	WerFault.exe	118
4320	3704	WerFault.exe	116
4224	2320	WerFault.exe	125
3400	4480	WerFault.exe	131
3804	3972	WerFault.exe	138
4424	4780	WerFault.exe	136
3468	3612	WerFault.exe	147
3804	3208	WerFault.exe	144
4512	4980	WerFault.exe	156
3312	3384	WerFault.exe	153
2092	4228	WerFault.exe	165
4132	3940	WerFault.exe	162
1464	3984	WerFault.exe	171
2284	1332	WerFault.exe	179
4988	1972	WerFault.exe	177
1268	968	WerFault.exe	188
3560	3200	WerFault.exe	185
4948	4856	WerFault.exe	197
1300	1968	WerFault.exe	194
3668	796	WerFault.exe	203
4556	2688	WerFault.exe	211
3024	1664	WerFault.exe	209
4724	3096	WerFault.exe	217
2948	4144	WerFault.exe	225
1300	1124	WerFault.exe	223
1932	1260	WerFault.exe	233
1560	5104	WerFault.exe	231
4232	4988	WerFault.exe	241
3608	3804	WerFault.exe	239
2164	4764	WerFault.exe	249
4200	3648	WerFault.exe	247
3024	4748	WerFault.exe	257
4612	3192	WerFault.exe	255
2672	4428	WerFault.exe	265
1164	2680	WerFault.exe	263

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	StartMenuExperienceHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	StartMenuExperienceHost.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache	WerFault.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	StartMenuExperienceHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	StartMenuExperienceHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{1C386DEE-5903-4D08-9E70-8D2397F5C88F}	StartMenuExperienceHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000	StartMenuExperienceHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	StartMenuExperienceHost.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	StartMenuExperienceHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{CF73AA0F-7933-4BBB-88C1-828699DE8E7F}	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{5610E624-53B2-4F2D-9673-48D891509507}	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	StartMenuExperienceHost.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	StartMenuExperienceHost.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{256509DC-7469-4DAA-9A96-1161FCCA6F6B}	explorer.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1424	explorer.exe
Token: SeCreatePagefilePrivilege	1424	explorer.exe
Token: SeShutdownPrivilege	1424	explorer.exe
Token: SeCreatePagefilePrivilege	1424	explorer.exe
Token: SeShutdownPrivilege	1424	explorer.exe
Token: SeCreatePagefilePrivilege	1424	explorer.exe
Token: SeShutdownPrivilege	1424	explorer.exe
Token: SeCreatePagefilePrivilege	1424	explorer.exe
Token: SeShutdownPrivilege	1424	explorer.exe
Token: SeCreatePagefilePrivilege	1424	explorer.exe
Token: SeShutdownPrivilege	1424	explorer.exe
Token: SeCreatePagefilePrivilege	1424	explorer.exe
Token: SeShutdownPrivilege	1424	explorer.exe
Token: SeCreatePagefilePrivilege	1424	explorer.exe
Token: SeShutdownPrivilege	1424	explorer.exe
Token: SeCreatePagefilePrivilege	1424	explorer.exe
Token: SeShutdownPrivilege	1424	explorer.exe
Token: SeCreatePagefilePrivilege	1424	explorer.exe
Token: SeShutdownPrivilege	1424	explorer.exe
Token: SeCreatePagefilePrivilege	1424	explorer.exe
Token: SeShutdownPrivilege	792	explorer.exe
Token: SeCreatePagefilePrivilege	792	explorer.exe
Token: SeShutdownPrivilege	792	explorer.exe
Token: SeCreatePagefilePrivilege	792	explorer.exe
Token: SeShutdownPrivilege	792	explorer.exe
Token: SeCreatePagefilePrivilege	792	explorer.exe
Token: SeShutdownPrivilege	792	explorer.exe
Token: SeCreatePagefilePrivilege	792	explorer.exe
Token: SeShutdownPrivilege	792	explorer.exe
Token: SeCreatePagefilePrivilege	792	explorer.exe
Token: SeShutdownPrivilege	792	explorer.exe
Token: SeCreatePagefilePrivilege	792	explorer.exe
Token: SeShutdownPrivilege	792	explorer.exe
Token: SeCreatePagefilePrivilege	792	explorer.exe
Token: SeShutdownPrivilege	792	explorer.exe
Token: SeCreatePagefilePrivilege	792	explorer.exe
Token: SeShutdownPrivilege	792	explorer.exe
Token: SeCreatePagefilePrivilege	792	explorer.exe
Token: SeShutdownPrivilege	792	explorer.exe
Token: SeCreatePagefilePrivilege	792	explorer.exe
Token: SeShutdownPrivilege	792	explorer.exe
Token: SeCreatePagefilePrivilege	792	explorer.exe
Token: SeShutdownPrivilege	792	explorer.exe
Token: SeCreatePagefilePrivilege	792	explorer.exe
Token: SeShutdownPrivilege	3792	StartMenuExperienceHost.exe
Token: SeCreatePagefilePrivilege	3792	StartMenuExperienceHost.exe
Token: SeShutdownPrivilege	3792	StartMenuExperienceHost.exe
Token: SeCreatePagefilePrivilege	3792	StartMenuExperienceHost.exe
Token: SeShutdownPrivilege	3792	StartMenuExperienceHost.exe
Token: SeCreatePagefilePrivilege	3792	StartMenuExperienceHost.exe
Token: SeShutdownPrivilege	3792	StartMenuExperienceHost.exe
Token: SeCreatePagefilePrivilege	3792	StartMenuExperienceHost.exe
Token: SeShutdownPrivilege	3792	StartMenuExperienceHost.exe
Token: SeCreatePagefilePrivilege	3792	StartMenuExperienceHost.exe
Token: SeShutdownPrivilege	3792	StartMenuExperienceHost.exe
Token: SeCreatePagefilePrivilege	3792	StartMenuExperienceHost.exe
Token: SeShutdownPrivilege	3792	StartMenuExperienceHost.exe
Token: SeCreatePagefilePrivilege	3792	StartMenuExperienceHost.exe
Token: SeShutdownPrivilege	3792	StartMenuExperienceHost.exe
Token: SeCreatePagefilePrivilege	3792	StartMenuExperienceHost.exe
Token: SeShutdownPrivilege	3792	StartMenuExperienceHost.exe
Token: SeCreatePagefilePrivilege	3792	StartMenuExperienceHost.exe
Token: SeShutdownPrivilege	3792	StartMenuExperienceHost.exe
Token: SeCreatePagefilePrivilege	3792	StartMenuExperienceHost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe

Suspicious use of SendNotifyMessage 46 IoCs

pid	Process
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
1424	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
792	explorer.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe
3792	StartMenuExperienceHost.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2924	WerFault.exe
4764	StartMenuExperienceHost.exe
4040	StartMenuExperienceHost.exe
2236	SearchApp.exe

C:\Users\Admin\AppData\Local\Temp\769d9476e98512a75c4d8235b3f63a904918a67cece7aa592bcacf93f5c3be2e.exe
"C:\Users\Admin\AppData\Local\Temp\769d9476e98512a75c4d8235b3f63a904918a67cece7aa592bcacf93f5c3be2e.exe"
1⤵
PID:1812

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1424
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1424 -s 6164
  2⤵
  - Program crash
  PID:2672

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2924

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 448 -p 1424 -ip 1424
1⤵
PID:2380

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:792
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 792 -s 5980
  2⤵
  - Program crash
  PID:2688

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4764

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 440 -p 792 -ip 792
1⤵
PID:2972

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3792
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3792 -s 5864
  2⤵
  - Program crash
  PID:3860

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4040

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2236
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2236 -s 3592
  2⤵
  - Program crash
  PID:3988

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 532 -p 2236 -ip 2236
1⤵
PID:2980

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 428 -p 3792 -ip 3792
1⤵
PID:4408

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:2608
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2608 -s 5892
  2⤵
  - Program crash
  PID:4452

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4204

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 568 -p 2608 -ip 2608
1⤵
PID:4644

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3704
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3704 -s 7468
  2⤵
  - Program crash
  PID:4320

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1548

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5052
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5052 -s 3552
  2⤵
  - Program crash
  PID:3784

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 420 -p 5052 -ip 5052
1⤵
PID:2948

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 544 -p 3704 -ip 3704
1⤵
PID:856

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2320
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2320 -s 6016
  2⤵
  - Program crash
  PID:4224

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3208

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 524 -p 2320 -ip 2320
1⤵
PID:3560

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4480
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4480 -s 6012
  2⤵
  - Program crash
  PID:3400

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4868

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 520 -p 4480 -ip 4480
1⤵
PID:3668

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4780
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4780 -s 7584
  2⤵
  - Program crash
  PID:4424

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4040

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3972
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3972 -s 3552
  2⤵
  - Program crash
  PID:3804

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 424 -p 3972 -ip 3972
1⤵
PID:3912

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 424 -p 4780 -ip 4780
1⤵
PID:1060

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3208
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3208 -s 5740
  2⤵
  - Program crash
  PID:3804

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4240

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3612
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3612 -s 3576
  2⤵
  - Program crash
  PID:3468

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 424 -p 3612 -ip 3612
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 544 -p 3208 -ip 3208
1⤵
PID:784

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3384
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3384 -s 3372
  2⤵
  - Program crash
  PID:3312

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3760

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4980
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4980 -s 3624
  2⤵
  - Program crash
  PID:4512

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 572 -p 4980 -ip 4980
1⤵
PID:3856

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 528 -p 3384 -ip 3384
1⤵
PID:212

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3940
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3940 -s 7400
  2⤵
  - Program crash
  PID:4132

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3400

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4228
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4228 -s 3600
  2⤵
  - Program crash
  PID:2092

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 532 -p 4228 -ip 4228
1⤵
PID:3592

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 564 -p 3940 -ip 3940
1⤵
PID:1232

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3984
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3984 -s 5676
  2⤵
  - Program crash
  PID:1464

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4416

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 564 -p 3984 -ip 3984
1⤵
PID:4152

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1972
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1972 -s 7272
  2⤵
  - Program crash
  PID:4988

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2688

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1332
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1332 -s 3576
  2⤵
  - Program crash
  PID:2284

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 480 -p 1332 -ip 1332
1⤵
PID:3664

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 424 -p 1972 -ip 1972
1⤵
PID:868

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3200
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3200 -s 1948
  2⤵
  - Program crash
  PID:3560

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3608

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:968
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 968 -s 3568
  2⤵
  - Program crash
  PID:1268

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 504 -p 968 -ip 968
1⤵
PID:4932

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 564 -p 3200 -ip 3200
1⤵
PID:3884

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1968
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1968 -s 7640
  2⤵
  - Program crash
  PID:1300

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3792

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4856
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4856 -s 2932
  2⤵
  - Program crash
  PID:4948

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 576 -p 4856 -ip 4856
1⤵
PID:2252

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 572 -p 1968 -ip 1968
1⤵
PID:3332

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:796
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 796 -s 5952
  2⤵
  - Program crash
  PID:3668

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4128

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 520 -p 796 -ip 796
1⤵
PID:2964

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1664
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1664 -s 7436
  2⤵
  - Program crash
  PID:3024

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4252

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2688
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2688 -s 3564
  2⤵
  - Program crash
  PID:4556

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 592 -p 2688 -ip 2688
1⤵
PID:3380

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 488 -p 1664 -ip 1664
1⤵
PID:3664

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3096
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3096 -s 5992
  2⤵
  - Program crash
  PID:4724

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4368

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 528 -p 3096 -ip 3096
1⤵
PID:3008

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1124
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1124 -s 5976
  2⤵
  - Program crash
  PID:1300

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3312

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4144
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4144 -s 3616
  2⤵
  - Program crash
  PID:2948

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 576 -p 4144 -ip 4144
1⤵
PID:3296

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 596 -p 1124 -ip 1124
1⤵
PID:5032

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5104
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5104 -s 7584
  2⤵
  - Program crash
  PID:1560

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2168

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1260
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1260 -s 3580
  2⤵
  - Program crash
  PID:1932

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 544 -p 1260 -ip 1260
1⤵
PID:3856

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 420 -p 5104 -ip 5104
1⤵
PID:3280

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3804
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3804 -s 7684
  2⤵
  - Program crash
  PID:3608

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3480

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4988
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4988 -s 3516
  2⤵
  - Program crash
  PID:4232

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 528 -p 4988 -ip 4988
1⤵
PID:412

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 564 -p 3804 -ip 3804
1⤵
PID:3796

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3648
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3648 -s 7396
  2⤵
  - Program crash
  PID:4200

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1692

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4764
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4764 -s 3544
  2⤵
  - Program crash
  PID:2164

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 520 -p 4764 -ip 4764
1⤵
PID:452

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 556 -p 3648 -ip 3648
1⤵
PID:4624

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3192
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3192 -s 5820
  2⤵
  - Program crash
  PID:4612

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3872

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4748
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4748 -s 3584
  2⤵
  - Program crash
  PID:3024

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 580 -p 4748 -ip 4748
1⤵
PID:3956

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 424 -p 3192 -ip 3192
1⤵
PID:664

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2680
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2680 -s 6220
  2⤵
  - Program crash
  PID:1164

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:876

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4428
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4428 -s 3608
  2⤵
  - Program crash
  PID:2672

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 560 -p 4428 -ip 4428
1⤵
PID:2660

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 480 -p 2680 -ip 2680
1⤵
PID:4712

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63

Filesize
1KB

MD5
7e29d6af731e4c76cd85cf6ffe96ccdf

SHA1
fc578d2fd4e98240983d29b15cdadcbdf184f9ab

SHA256
e2e62bc3a34de7098f546612135ffc444368e2f6f4b072e04090065c3345426f

SHA512
7af640747e6562781299e30e9f5348b286b617a30177ee016280e60934c28163624e3b73e0f1116fc9e7f8511ca2fa3520e61215072b9c1fdf87bec81c583989

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63

Filesize
404B

MD5
6ed3cb716d11d1ef141883a0ae3a3abf

SHA1
ee98195c650910d0f11c0f665c8f870d6c8bc42f

SHA256
ab69ac092400f72800d92106b8e9029cb874ec3e5043461166e499b1cec37f6d

SHA512
dd6e56ff3dfd1f118341f03b841b2bd72ea10555777bb9fbd19a8d8cceef31fa042190740c101a0a0b9ded1dab45fc0e8732de484d07dae345171d6d2444482f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
memory/968-179-0x000001BA58D90000-0x000001BA58DB0000-memory.dmp

Filesize
128KB

Download
memory/968-175-0x000001BA58DD0000-0x000001BA58DF0000-memory.dmp

Filesize
128KB

Download
memory/968-181-0x000001BA591A0000-0x000001BA591C0000-memory.dmp

Filesize
128KB

Download
memory/1124-238-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/1260-271-0x000001B52E780000-0x000001B52E7A0000-memory.dmp

Filesize
128KB

Download
memory/1260-274-0x000001B52EB90000-0x000001B52EBB0000-memory.dmp

Filesize
128KB

Download
memory/1260-269-0x000001B52E7C0000-0x000001B52E7E0000-memory.dmp

Filesize
128KB

Download
memory/1332-158-0x000001FD10B50000-0x000001FD10B70000-memory.dmp

Filesize
128KB

Download
memory/1332-154-0x000001FD10740000-0x000001FD10760000-memory.dmp

Filesize
128KB

Download
memory/1332-152-0x000001FD10780000-0x000001FD107A0000-memory.dmp

Filesize
128KB

Download
memory/1664-215-0x00000000045D0000-0x00000000045D1000-memory.dmp

Filesize
4KB

Download
memory/1968-191-0x0000000004A80000-0x0000000004A81000-memory.dmp

Filesize
4KB

Download
memory/1972-144-0x0000000004560000-0x0000000004561000-memory.dmp

Filesize
4KB

Download
memory/2236-18-0x0000022463920000-0x0000022463940000-memory.dmp

Filesize
128KB

Download
memory/2236-20-0x0000022463DA0000-0x0000022463DC0000-memory.dmp

Filesize
128KB

Download
memory/2236-15-0x0000022463960000-0x0000022463980000-memory.dmp

Filesize
128KB

Download
memory/2680-348-0x0000000004530000-0x0000000004531000-memory.dmp

Filesize
4KB

Download
memory/2688-227-0x0000021EA8700000-0x0000021EA8720000-memory.dmp

Filesize
128KB

Download
memory/2688-225-0x0000021EA8060000-0x0000021EA8080000-memory.dmp

Filesize
128KB

Download
memory/2688-222-0x0000021EA80A0000-0x0000021EA80C0000-memory.dmp

Filesize
128KB

Download
memory/3192-324-0x0000000004C10000-0x0000000004C11000-memory.dmp

Filesize
4KB

Download
memory/3200-167-0x0000000004490000-0x0000000004491000-memory.dmp

Filesize
4KB

Download
memory/3208-75-0x0000000004180000-0x0000000004181000-memory.dmp

Filesize
4KB

Download
memory/3384-98-0x0000000004290000-0x0000000004291000-memory.dmp

Filesize
4KB

Download
memory/3612-82-0x00000169C6D10000-0x00000169C6D30000-memory.dmp

Filesize
128KB

Download
memory/3612-87-0x00000169C7370000-0x00000169C7390000-memory.dmp

Filesize
128KB

Download
memory/3612-85-0x00000169C6CD0000-0x00000169C6CF0000-memory.dmp

Filesize
128KB

Download
memory/3648-304-0x0000000004870000-0x0000000004871000-memory.dmp

Filesize
4KB

Download
memory/3704-32-0x0000000004140000-0x0000000004141000-memory.dmp

Filesize
4KB

Download
memory/3792-8-0x0000000004D70000-0x0000000004D71000-memory.dmp

Filesize
4KB

Download
memory/3804-281-0x0000000004580000-0x0000000004581000-memory.dmp

Filesize
4KB

Download
memory/3940-120-0x0000000004DA0000-0x0000000004DA1000-memory.dmp

Filesize
4KB

Download
memory/3972-67-0x000001706CFC0000-0x000001706CFE0000-memory.dmp

Filesize
128KB

Download
memory/3972-65-0x000001706CB20000-0x000001706CB40000-memory.dmp

Filesize
128KB

Download
memory/3972-62-0x000001706CB60000-0x000001706CB80000-memory.dmp

Filesize
128KB

Download
memory/4144-251-0x0000020E93BE0000-0x0000020E93C00000-memory.dmp

Filesize
128KB

Download
memory/4144-249-0x0000020E93740000-0x0000020E93760000-memory.dmp

Filesize
128KB

Download
memory/4144-246-0x0000020E93780000-0x0000020E937A0000-memory.dmp

Filesize
128KB

Download
memory/4228-133-0x0000019BA4C50000-0x0000019BA4C70000-memory.dmp

Filesize
128KB

Download
memory/4228-131-0x0000019BA4840000-0x0000019BA4860000-memory.dmp

Filesize
128KB

Download
memory/4228-128-0x0000019BA4880000-0x0000019BA48A0000-memory.dmp

Filesize
128KB

Download
memory/4428-359-0x0000025E135C0000-0x0000025E135E0000-memory.dmp

Filesize
128KB

Download
memory/4428-357-0x0000025E131B0000-0x0000025E131D0000-memory.dmp

Filesize
128KB

Download
memory/4428-355-0x0000025E131F0000-0x0000025E13210000-memory.dmp

Filesize
128KB

Download
memory/4748-334-0x000001490C120000-0x000001490C140000-memory.dmp

Filesize
128KB

Download
memory/4748-337-0x000001490C520000-0x000001490C540000-memory.dmp

Filesize
128KB

Download
memory/4748-332-0x000001490C160000-0x000001490C180000-memory.dmp

Filesize
128KB

Download
memory/4764-312-0x0000022AAC3C0000-0x0000022AAC3E0000-memory.dmp

Filesize
128KB

Download
memory/4764-317-0x0000022AAC790000-0x0000022AAC7B0000-memory.dmp

Filesize
128KB

Download
memory/4764-315-0x0000022AAC380000-0x0000022AAC3A0000-memory.dmp

Filesize
128KB

Download
memory/4780-54-0x0000000003EE0000-0x0000000003EE1000-memory.dmp

Filesize
4KB

Download
memory/4856-198-0x0000018D33320000-0x0000018D33340000-memory.dmp

Filesize
128KB

Download
memory/4856-204-0x0000018D33900000-0x0000018D33920000-memory.dmp

Filesize
128KB

Download
memory/4856-201-0x0000018D332E0000-0x0000018D33300000-memory.dmp

Filesize
128KB

Download
memory/4980-110-0x000001BE03930000-0x000001BE03950000-memory.dmp

Filesize
128KB

Download
memory/4980-108-0x000001BE03490000-0x000001BE034B0000-memory.dmp

Filesize
128KB

Download
memory/4980-105-0x000001BE034D0000-0x000001BE034F0000-memory.dmp

Filesize
128KB

Download
memory/4988-294-0x000001E83B110000-0x000001E83B130000-memory.dmp

Filesize
128KB

Download
memory/4988-292-0x000001E83AD00000-0x000001E83AD20000-memory.dmp

Filesize
128KB

Download
memory/4988-289-0x000001E83AD40000-0x000001E83AD60000-memory.dmp

Filesize
128KB

Download
memory/5052-44-0x000001D364930000-0x000001D364950000-memory.dmp

Filesize
128KB

Download
memory/5052-41-0x000001D364520000-0x000001D364540000-memory.dmp

Filesize
128KB

Download
memory/5052-39-0x000001D364560000-0x000001D364580000-memory.dmp

Filesize
128KB

Download
memory/5104-262-0x0000000004280000-0x0000000004281000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads