6f3d603dd54e8e568ab812261de70fdffb3f635cb77e152cf761cc34f179dc07

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
26/11/2023, 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f3d603dd54e8e568ab812261de70fdffb3f635cb77e152cf761cc34f179dc07.exe
Size

3.1MB
MD5

4a30b017cc719eeb4c068923774c5918
SHA1

3f14289c967593830d0721ab43234fcb5b7fd712
SHA256

6f3d603dd54e8e568ab812261de70fdffb3f635cb77e152cf761cc34f179dc07
SHA512

a8be64ec188483379d54cdc49bc15aa0067b005e77d411acd78ac23fa8c4ab2b9260a7c214a5b6d15069ffc673135a0d40dde42a7de199d2c8dcd6d6ae6dc2f1
SSDEEP

49152:H7TvfU+8X9GrNOsva5RbKhF3ANkTTlVga347Yxdt/3kjlFVD6tX:c+8X9G3vP3AMga3yYxLcNDGX

Score

8^/10

persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Active Setup\Installed Components	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Enumerates connected drives 3 TTPs 8 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe
File opened (read-only)	\??\D:	Process not Found
File opened (read-only)	\??\F:	Process not Found
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	explorer.exe

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3811856890-180006922-3689258494-1000\{524B111F-0BD7-4573-A72E-675FD1A01F4C}	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2156	explorer.exe
Token: SeCreatePagefilePrivilege	2156	explorer.exe
Token: SeShutdownPrivilege	2156	explorer.exe
Token: SeCreatePagefilePrivilege	2156	explorer.exe
Token: SeShutdownPrivilege	2156	explorer.exe
Token: SeCreatePagefilePrivilege	2156	explorer.exe
Token: SeShutdownPrivilege	2156	explorer.exe
Token: SeCreatePagefilePrivilege	2156	explorer.exe
Token: SeShutdownPrivilege	2156	explorer.exe
Token: SeCreatePagefilePrivilege	2156	explorer.exe
Token: SeShutdownPrivilege	2156	explorer.exe
Token: SeCreatePagefilePrivilege	2156	explorer.exe
Token: SeShutdownPrivilege	2156	explorer.exe
Token: SeCreatePagefilePrivilege	2156	explorer.exe
Token: SeShutdownPrivilege	2156	explorer.exe
Token: SeCreatePagefilePrivilege	2156	explorer.exe
Token: SeShutdownPrivilege	2156	explorer.exe
Token: SeCreatePagefilePrivilege	2156	explorer.exe
Token: SeShutdownPrivilege	5000	explorer.exe
Token: SeCreatePagefilePrivilege	5000	explorer.exe
Token: SeShutdownPrivilege	5000	explorer.exe
Token: SeCreatePagefilePrivilege	5000	explorer.exe
Token: SeShutdownPrivilege	5000	explorer.exe
Token: SeCreatePagefilePrivilege	5000	explorer.exe
Token: SeShutdownPrivilege	5000	explorer.exe
Token: SeCreatePagefilePrivilege	5000	explorer.exe
Token: SeShutdownPrivilege	5000	explorer.exe
Token: SeCreatePagefilePrivilege	5000	explorer.exe
Token: SeShutdownPrivilege	5000	explorer.exe
Token: SeCreatePagefilePrivilege	5000	explorer.exe
Token: SeShutdownPrivilege	5000	explorer.exe
Token: SeCreatePagefilePrivilege	5000	explorer.exe
Token: SeShutdownPrivilege	5000	explorer.exe
Token: SeCreatePagefilePrivilege	5000	explorer.exe
Token: SeShutdownPrivilege	5000	explorer.exe
Token: SeCreatePagefilePrivilege	5000	explorer.exe
Token: SeShutdownPrivilege	5000	explorer.exe
Token: SeCreatePagefilePrivilege	5000	explorer.exe
Token: SeShutdownPrivilege	5000	explorer.exe
Token: SeCreatePagefilePrivilege	5000	explorer.exe
Token: SeShutdownPrivilege	5000	explorer.exe
Token: SeCreatePagefilePrivilege	5000	explorer.exe
Token: SeShutdownPrivilege	5000	explorer.exe
Token: SeCreatePagefilePrivilege	5000	explorer.exe
Token: SeShutdownPrivilege	5000	explorer.exe
Token: SeCreatePagefilePrivilege	5000	explorer.exe
Token: SeShutdownPrivilege	5000	explorer.exe
Token: SeCreatePagefilePrivilege	5000	explorer.exe
Token: SeShutdownPrivilege	5000	explorer.exe
Token: SeCreatePagefilePrivilege	5000	explorer.exe
Token: SeShutdownPrivilege	5000	explorer.exe
Token: SeCreatePagefilePrivilege	5000	explorer.exe
Token: SeShutdownPrivilege	4644	explorer.exe
Token: SeCreatePagefilePrivilege	4644	explorer.exe
Token: SeShutdownPrivilege	4644	explorer.exe
Token: SeCreatePagefilePrivilege	4644	explorer.exe
Token: SeShutdownPrivilege	4644	explorer.exe
Token: SeCreatePagefilePrivilege	4644	explorer.exe
Token: SeShutdownPrivilege	4644	explorer.exe
Token: SeCreatePagefilePrivilege	4644	explorer.exe
Token: SeShutdownPrivilege	4644	explorer.exe
Token: SeCreatePagefilePrivilege	4644	explorer.exe
Token: SeShutdownPrivilege	4644	explorer.exe
Token: SeCreatePagefilePrivilege	4644	explorer.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
2156	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
5000	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
4644	explorer.exe
2468	Process not Found
2468	Process not Found
2468	Process not Found
2468	Process not Found
2468	Process not Found
2468	Process not Found

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
5116	StartMenuExperienceHost.exe
3396	StartMenuExperienceHost.exe
2972	SearchApp.exe
4996	StartMenuExperienceHost.exe
4608	SearchApp.exe
1420	StartMenuExperienceHost.exe
5068	SearchApp.exe
4036	StartMenuExperienceHost.exe
4116	SearchApp.exe
2564	SearchApp.exe
808	SearchApp.exe
3120	SearchApp.exe
3572	SearchApp.exe
4260	SearchApp.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\6f3d603dd54e8e568ab812261de70fdffb3f635cb77e152cf761cc34f179dc07.exe
"C:\Users\Admin\AppData\Local\Temp\6f3d603dd54e8e568ab812261de70fdffb3f635cb77e152cf761cc34f179dc07.exe"
1⤵
PID:116

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2156

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:5116

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5000

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3396

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:4644

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:4996

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4608

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2468

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:1420

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5068

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Checks SCSI registry key(s)
- Modifies registry class
PID:3960

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4036

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4116

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:808

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3120

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3572

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4260

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies registry class
PID:4116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
f3c1538ee2920a9de599fc7c484143db

SHA1
94a0f2328d1fd65517feeab72045e72ddad61ca2

SHA256
be658fa5464608af9f580cfaf721114d51aa53db5bd59605899548aeb2043f3a

SHA512
a1795b4698ad6115610fae0579317f4a5f244af239b8abe2e5a4477ddb2fa5efb5e8403edd8d6ae81017d74608661c27392557f14e5bdda6fdbbf6656c89f012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
7f5bcfb540d1ed37a52f4f1bc8ce5f0c

SHA1
b046f5073e46feb1bf8d295ea199f4fd62f7ec78

SHA256
c3d86f8cd177cd514b53a735091e9faf1c092c46e1ce333dcfa2488925422525

SHA512
23bea7cc0a771d52cd722925c652a65070b3d28c66b696e2536e04e9e3ed95c49e96cb492fa0c454ceb5c1e6a9b9623b2aac9ccd4fc5424da198b9cb678d5720

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml

Filesize
97B

MD5
d29cfa822a15eef844d4f05c7fb5aaf7

SHA1
f01670666dbc94107bf6a8579c67946946655962

SHA256
21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

SHA512
b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

Filesize
2KB

MD5
083f4ed0f03dfce3bfa8ac2485fe53d8

SHA1
e14fdc0f8f8b829dd75402cc52a1ee742a746cbf

SHA256
84a4c9fb8648d86a22d80f03477e014be4636ab6c3cbe18006751d1c817c2235

SHA512
122a427265c35344dd57c30dd22a9c233664cb00923d028aff75fd3bb2b51124947f7b6293f02a59d9b27ca2135b3b57010f68b5502fcbaccbba441e98dd7d03

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{2F519BF2-C697-59F8-8F6A-1E19509CE66B}

Filesize
36KB

MD5
8aaad0f4eb7d3c65f81c6e6b496ba889

SHA1
231237a501b9433c292991e4ec200b25c1589050

SHA256
813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

SHA512
1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_ControlPanel

Filesize
36KB

MD5
fb5f8866e1f4c9c1c7f4d377934ff4b2

SHA1
d0a329e387fb7bcba205364938417a67dbb4118a

SHA256
1649ec9493be27f76ae7304927d383f8a53dd3e41ea1678bacaff33120ea4170

SHA512
0fbe2843dfeab7373cde0643b20c073fdc2fcbefc5ae581fd1656c253dfa94e8bba4d348e95cc40d1e872456ecca894b462860aeac8b92cedb11a7cad634798c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml

Filesize
97B

MD5
d29cfa822a15eef844d4f05c7fb5aaf7

SHA1
f01670666dbc94107bf6a8579c67946946655962

SHA256
21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

SHA512
b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml

Filesize
97B

MD5
d29cfa822a15eef844d4f05c7fb5aaf7

SHA1
f01670666dbc94107bf6a8579c67946946655962

SHA256
21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

SHA512
b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml

Filesize
97B

MD5
d29cfa822a15eef844d4f05c7fb5aaf7

SHA1
f01670666dbc94107bf6a8579c67946946655962

SHA256
21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

SHA512
b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml

Filesize
97B

MD5
d29cfa822a15eef844d4f05c7fb5aaf7

SHA1
f01670666dbc94107bf6a8579c67946946655962

SHA256
21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

SHA512
b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml

Filesize
97B

MD5
d29cfa822a15eef844d4f05c7fb5aaf7

SHA1
f01670666dbc94107bf6a8579c67946946655962

SHA256
21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

SHA512
b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml

Filesize
97B

MD5
d29cfa822a15eef844d4f05c7fb5aaf7

SHA1
f01670666dbc94107bf6a8579c67946946655962

SHA256
21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

SHA512
b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml

Filesize
97B

MD5
d29cfa822a15eef844d4f05c7fb5aaf7

SHA1
f01670666dbc94107bf6a8579c67946946655962

SHA256
21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

SHA512
b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml

Filesize
97B

MD5
d29cfa822a15eef844d4f05c7fb5aaf7

SHA1
f01670666dbc94107bf6a8579c67946946655962

SHA256
21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

SHA512
b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

Download Submit
memory/808-136-0x0000023E809B0000-0x0000023E809D0000-memory.dmp

Filesize
128KB

Download
memory/808-133-0x0000023E803A0000-0x0000023E803C0000-memory.dmp

Filesize
128KB

Download
memory/808-131-0x0000023E803E0000-0x0000023E80400000-memory.dmp

Filesize
128KB

Download
memory/2468-54-0x0000000004690000-0x0000000004691000-memory.dmp

Filesize
4KB

Download
memory/2564-109-0x000001B4E9EC0000-0x000001B4E9EE0000-memory.dmp

Filesize
128KB

Download
memory/2564-105-0x000001B4E98E0000-0x000001B4E9900000-memory.dmp

Filesize
128KB

Download
memory/2564-107-0x000001B4E98A0000-0x000001B4E98C0000-memory.dmp

Filesize
128KB

Download
memory/2972-14-0x000001BBD43C0000-0x000001BBD43E0000-memory.dmp

Filesize
128KB

Download
memory/2972-18-0x000001BBD4790000-0x000001BBD47B0000-memory.dmp

Filesize
128KB

Download
memory/2972-16-0x000001BBD4380000-0x000001BBD43A0000-memory.dmp

Filesize
128KB

Download
memory/3120-152-0x00000190F56C0000-0x00000190F56E0000-memory.dmp

Filesize
128KB

Download
memory/3120-154-0x00000190F5660000-0x00000190F5680000-memory.dmp

Filesize
128KB

Download
memory/3120-156-0x00000190F5CC0000-0x00000190F5CE0000-memory.dmp

Filesize
128KB

Download
memory/3572-177-0x00000228B9B70000-0x00000228B9B90000-memory.dmp

Filesize
128KB

Download
memory/3572-173-0x00000228B97A0000-0x00000228B97C0000-memory.dmp

Filesize
128KB

Download
memory/3572-175-0x00000228B9760000-0x00000228B9780000-memory.dmp

Filesize
128KB

Download
memory/3960-332-0x00007FF84D320000-0x00007FF84D4C9000-memory.dmp

Filesize
1.7MB

Download
memory/4116-87-0x000002728D8A0000-0x000002728D8C0000-memory.dmp

Filesize
128KB

Download
memory/4116-85-0x000002728D280000-0x000002728D2A0000-memory.dmp

Filesize
128KB

Download
memory/4116-83-0x000002728D2C0000-0x000002728D2E0000-memory.dmp

Filesize
128KB

Download
memory/4260-202-0x000001C4CAB20000-0x000001C4CAB40000-memory.dmp

Filesize
128KB

Download
memory/4260-199-0x000001C4CAB60000-0x000001C4CAB80000-memory.dmp

Filesize
128KB

Download
memory/4260-206-0x000001C4CAF70000-0x000001C4CAF90000-memory.dmp

Filesize
128KB

Download
memory/4608-41-0x00000177C6740000-0x00000177C6760000-memory.dmp

Filesize
128KB

Download
memory/4608-39-0x00000177C6780000-0x00000177C67A0000-memory.dmp

Filesize
128KB

Download
memory/4608-44-0x00000177C6B50000-0x00000177C6B70000-memory.dmp

Filesize
128KB

Download
memory/4644-31-0x0000000004AC0000-0x0000000004AC1000-memory.dmp

Filesize
4KB

Download
memory/5000-7-0x0000000002D10000-0x0000000002D11000-memory.dmp

Filesize
4KB

Download
memory/5068-66-0x000001BBCC5A0000-0x000001BBCC5C0000-memory.dmp

Filesize
128KB

Download
memory/5068-64-0x000001BBCC190000-0x000001BBCC1B0000-memory.dmp

Filesize
128KB

Download
memory/5068-62-0x000001BBCC1D0000-0x000001BBCC1F0000-memory.dmp

Filesize
128KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads