Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

34971acb8e...82.exe

windows7-x64

8

34971acb8e...82.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    47s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/11/2023, 21:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34971acb8e5958c511dc35b9c4b3ec24e0dd7eaf58fb6b9fcd6387d6ce70d282.exe

  • Size

    2.7MB

  • MD5

    caad666952c4d1d64a0c4171eef543b2

  • SHA1

    56f1a89d9b723e45adbda1b6411d258d8354bd6d

  • SHA256

    34971acb8e5958c511dc35b9c4b3ec24e0dd7eaf58fb6b9fcd6387d6ce70d282

  • SHA512

    67578b422b06d8c504b57e4502f7e41850d9c85e397659d47c30df55fdf95332dc481837a763ac4f933b1fa0deb7cfed72938527129044bc84359dd0c6fe46ba

  • SSDEEP

    49152:H7TvfU+8X9GrNOsva5RbKhF3ANkTTlFe/GytsLi:c+8X9G3vP3AM/i6u

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 7 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 14 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\34971acb8e5958c511dc35b9c4b3ec24e0dd7eaf58fb6b9fcd6387d6ce70d282.exe
    "C:\Users\Admin\AppData\Local\Temp\34971acb8e5958c511dc35b9c4b3ec24e0dd7eaf58fb6b9fcd6387d6ce70d282.exe"
    1⤵
      PID:4248
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:5044
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4968
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:4788
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:3884
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:3504
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:1304
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
            • Modifies Internet Explorer settings
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:3740
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
            • Modifies Installed Components in the registry
            • Enumerates connected drives
            • Checks SCSI registry key(s)
            • Modifies registry class
            • Suspicious use of SendNotifyMessage
            PID:4820
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
            • Suspicious use of SetWindowsHookEx
            PID:5004
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
            • Modifies Internet Explorer settings
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:4480
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
            • Modifies Installed Components in the registry
            • Enumerates connected drives
            • Checks SCSI registry key(s)
            • Modifies registry class
            PID:1496
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:3096
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
            • Modifies Internet Explorer settings
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:3660
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:3732
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
              • Modifies registry class
              • Suspicious use of SetWindowsHookEx
              PID:4328
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:3900
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:1664
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:1768
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                    • Modifies Internet Explorer settings
                    • Modifies registry class
                    • Suspicious use of SetWindowsHookEx
                    PID:540
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                    • Modifies registry class
                    PID:4484
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:3676
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:1228
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:3120
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:4356
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                              PID:3700
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:3412
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:2564
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:4652
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:1500
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:2680
                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                        1⤵
                                          PID:4584
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:5112
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:3960
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:4552
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:1744
                                                • C:\Windows\system32\werfault.exe
                                                  werfault.exe /hc /shared Global\46b5dbffe95d4407809c7a3b53925181 /t 4092 /p 2432
                                                  1⤵
                                                    PID:1060
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:1768
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:1048
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3900
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies Installed Components in the registry
                                                      • Enumerates connected drives
                                                      • Checks SCSI registry key(s)
                                                      • Modifies registry class
                                                      PID:3732
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:2668
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:3952
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:740
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:4264
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:1060
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:3768
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:4856
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:1636
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:4092
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:2232
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:680
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3640
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:5020
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:4256
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:1504
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:4720
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:3608
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:2456
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:2384
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:184
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:2168
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:4116
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:224
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:2384

                                                                                                    Network

                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                    Replay Monitor

                                                                                                    Loading Replay Monitor...

                                                                                                    Downloads

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                      Filesize

                                                                                                      471B

                                                                                                      MD5

                                                                                                      a854c577fd52d32726cd2d82a6c402d1

                                                                                                      SHA1

                                                                                                      c59c412b0c8feb244b3d63a6c83ed673551f82b0

                                                                                                      SHA256

                                                                                                      e15768dcef473e64864fb1c91620f3511054ba63324e39878b69471528622fd8

                                                                                                      SHA512

                                                                                                      2bbf87fee4289714fe353fbae8c5f1952492ffc27fc0e060a5fc245d2a0221853e0614107231bb787f5642e2214bc95495a4cb95566b0bdadba96468423e5413

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                      Filesize

                                                                                                      412B

                                                                                                      MD5

                                                                                                      afc766b6be6f0d6d25ecbead1d865ba6

                                                                                                      SHA1

                                                                                                      96ea2a9225f5deac45acf4c480745fba494e1a1a

                                                                                                      SHA256

                                                                                                      91e3e07d92657e60197d7e128d887762d93b4efab2889efca538635c93a1e53b

                                                                                                      SHA512

                                                                                                      480cda2670854c87a4184801f2ddcefdc15fabf11d1f324215a1a6ea1a1c0dcd1f22272232b12fa15b15d9b11c9cda2525296f5a6d72a6c674424b4c60639ae9

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                      Filesize

                                                                                                      96B

                                                                                                      MD5

                                                                                                      5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                      SHA1

                                                                                                      debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                      SHA256

                                                                                                      84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                      SHA512

                                                                                                      14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                      Filesize

                                                                                                      96B

                                                                                                      MD5

                                                                                                      5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                      SHA1

                                                                                                      debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                      SHA256

                                                                                                      84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                      SHA512

                                                                                                      14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                      Filesize

                                                                                                      96B

                                                                                                      MD5

                                                                                                      5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                      SHA1

                                                                                                      debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                      SHA256

                                                                                                      84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                      SHA512

                                                                                                      14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                      Filesize

                                                                                                      96B

                                                                                                      MD5

                                                                                                      5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                      SHA1

                                                                                                      debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                      SHA256

                                                                                                      84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                      SHA512

                                                                                                      14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                      Filesize

                                                                                                      96B

                                                                                                      MD5

                                                                                                      5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                      SHA1

                                                                                                      debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                      SHA256

                                                                                                      84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                      SHA512

                                                                                                      14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                      Filesize

                                                                                                      96B

                                                                                                      MD5

                                                                                                      5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                      SHA1

                                                                                                      debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                      SHA256

                                                                                                      84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                      SHA512

                                                                                                      14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                      Filesize

                                                                                                      96B

                                                                                                      MD5

                                                                                                      5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                      SHA1

                                                                                                      debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                      SHA256

                                                                                                      84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                      SHA512

                                                                                                      14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                      Filesize

                                                                                                      96B

                                                                                                      MD5

                                                                                                      5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                      SHA1

                                                                                                      debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                      SHA256

                                                                                                      84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                      SHA512

                                                                                                      14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                      Filesize

                                                                                                      96B

                                                                                                      MD5

                                                                                                      5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                      SHA1

                                                                                                      debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                      SHA256

                                                                                                      84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                      SHA512

                                                                                                      14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                      Filesize

                                                                                                      96B

                                                                                                      MD5

                                                                                                      5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                      SHA1

                                                                                                      debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                      SHA256

                                                                                                      84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                      SHA512

                                                                                                      14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                      Download Submit

                                                                                                    • memory/540-85-0x000002B37EC80000-0x000002B37ECA0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/540-88-0x000002B37EC40000-0x000002B37EC60000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/540-92-0x000002B37F090000-0x000002B37F0B0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/680-209-0x0000000004420000-0x0000000004421000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/1060-163-0x00000000043F0000-0x00000000043F1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/1496-53-0x0000000004E70000-0x0000000004E71000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/1500-118-0x0000000004510000-0x0000000004511000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/1504-233-0x00000000048F0000-0x00000000048F1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/1636-186-0x00000000046C0000-0x00000000046C1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/1664-77-0x0000000004BD0000-0x0000000004BD1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/2232-194-0x0000023030990000-0x00000230309B0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/2232-200-0x0000023030D60000-0x0000023030D80000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/2232-196-0x0000023030950000-0x0000023030970000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/2384-269-0x000001F1DDCD0000-0x000001F1DDCF0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/2384-273-0x000001F1DE2A0000-0x000001F1DE2C0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/2384-271-0x000001F1DDC90000-0x000001F1DDCB0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3412-97-0x00000000048C0000-0x00000000048C1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/3504-8-0x0000000004B40000-0x0000000004B41000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/3608-261-0x0000000003EB0000-0x0000000003EB1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/3660-63-0x000002C2635C0000-0x000002C2635E0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3660-65-0x000002C263BD0000-0x000002C263BF0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3660-61-0x000002C263800000-0x000002C263820000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3740-15-0x0000028CE2980000-0x0000028CE29A0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3740-18-0x0000028CE2940000-0x0000028CE2960000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3740-21-0x0000028CE2D50000-0x0000028CE2D70000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4116-285-0x0000000004040000-0x0000000004041000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4256-244-0x0000024275DB0000-0x0000024275DD0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4256-247-0x00000242761C0000-0x00000242761E0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4256-242-0x0000024275DF0000-0x0000024275E10000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4480-44-0x0000020B575D0000-0x0000020B575F0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4480-38-0x0000020B57200000-0x0000020B57220000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4480-41-0x0000020B571C0000-0x0000020B571E0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4552-146-0x0000023FABB30000-0x0000023FABB50000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4552-148-0x0000023FABF40000-0x0000023FABF60000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4552-144-0x0000023FABB70000-0x0000023FABB90000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4584-129-0x000002B1DD620000-0x000002B1DD640000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4584-126-0x000002B1DD660000-0x000002B1DD680000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4584-133-0x000002B1DDA20000-0x000002B1DDA40000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4652-103-0x0000015823940000-0x0000015823960000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4652-106-0x0000015823900000-0x0000015823920000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4652-109-0x0000015823D00000-0x0000015823D20000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4820-31-0x0000000004430000-0x0000000004431000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4856-171-0x0000021E3A820000-0x0000021E3A840000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4856-174-0x0000021E3A5D0000-0x0000021E3A5F0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4856-176-0x0000021E3ABE0000-0x0000021E3AC00000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/5020-223-0x000001D90A050000-0x000001D90A070000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/5020-220-0x000001D909C40000-0x000001D909C60000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/5020-217-0x000001D909C80000-0x000001D909CA0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/5112-137-0x00000000045E0000-0x00000000045E1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download