Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

33d4421203...53.exe

windows7-x64

10

33d4421203...53.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    60s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 18:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33d44212038eff8013d649cae7aa9253.exe

  • Size

    174KB

  • MD5

    33d44212038eff8013d649cae7aa9253

  • SHA1

    2aeb195ebfde711b1301cc9e8d7f6e9ef3ad7d87

  • SHA256

    99c86fe1943b34d49b98f320082bcc9be8e9a0a24280ea5bdf839c724b2b8f86

  • SHA512

    9e56e49329da0057ff9229835c681a86769548389823824c701411cc9a05ed1971c88fe8723fd55d4b6727a06e9f7f9a9940971317381c758e35cfdbc75681cc

  • SSDEEP

    3072:c65j3B+CNfYzPvvZ88gCH+S5/946iRBbs7qe756xNcvCupCkkYbJKog6NSLkVF1H:cS2zvZ8z43wRBbsGky7zsVF1IL+tWB

Score
10/10
evasionpersistencespywarestealerupx

Malware Config

Signatures

  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Disables taskbar notifications via registry modification
    evasion
  • Modifies Installed Components in the registry 2 TTPs 8 IoCs
    persistence
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 16 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 3 IoCs
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 10 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\33d44212038eff8013d649cae7aa9253.exe
    "C:\Users\Admin\AppData\Local\Temp\33d44212038eff8013d649cae7aa9253.exe"
    1⤵
    • Modifies security service
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:4592
    • C:\Users\Admin\AppData\Local\Temp\33d44212038eff8013d649cae7aa9253.exe
      C:\Users\Admin\AppData\Local\Temp\33d44212038eff8013d649cae7aa9253.exe startC:\Users\Admin\AppData\Roaming\B342C\171A7.exe%C:\Users\Admin\AppData\Roaming\B342C
      2⤵
        PID:516
      • C:\Users\Admin\AppData\Local\Temp\33d44212038eff8013d649cae7aa9253.exe
        C:\Users\Admin\AppData\Local\Temp\33d44212038eff8013d649cae7aa9253.exe startC:\Program Files (x86)\2C435\lvvm.exe%C:\Program Files (x86)\2C435
        2⤵
          PID:3288
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3728
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2628
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4916
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1636
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4360
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3024
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of SendNotifyMessage
        PID:4480
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3320
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of SendNotifyMessage
        PID:1808
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4264
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4292
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:1656
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3476
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2364
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:2348
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4928
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:5108
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:2008
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:928
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:2832
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          PID:4108
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:2140
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:4100
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:2824
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:2836
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:3924
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:544
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:3940
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:3340
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:2180
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:3916
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                              PID:2724
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:4164
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:1460
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:2924
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:3600
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:756
                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                        1⤵
                                          PID:396
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:516
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:3960
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:3552
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:3892
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:1172
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:1796
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:2944
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:1004
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:3540
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:2160
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:4772
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:1372
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:3408
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:3600
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:4580
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:224
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:2668
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:4372
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:4988
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:3160
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:60
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:4100
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:956
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:3288
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:4132
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:1608
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:3568
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:952
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:3752
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:920
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:4152
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                        1⤵
                                                                                                          PID:1660
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:1064
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:2828
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:232
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                explorer.exe
                                                                                                                1⤵
                                                                                                                  PID:3332
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                  1⤵
                                                                                                                    PID:2232
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:1548
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:4164

                                                                                                                      Network

                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                      Replay Monitor

                                                                                                                      Loading Replay Monitor...

                                                                                                                      Downloads

                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BHN90SAO\microsoft.windows[1].xml
                                                                                                                        Filesize

                                                                                                                        97B

                                                                                                                        MD5

                                                                                                                        a49784c6007e88174d13fd2a1d1603c8

                                                                                                                        SHA1

                                                                                                                        96351722a846ad8a396b7cd3285ac30a8edf3768

                                                                                                                        SHA256

                                                                                                                        bf97a280596c60fa7130725b7426e7cd5ccfb759c909b5ef0b1575df2654ca91

                                                                                                                        SHA512

                                                                                                                        b0c5f6550c560e3bee33be9261bee95a006cd63a57d56b3a4b6c3c8f9ca2c6f222bfd2e8933e663f4b644457b48eb638160c8b9a6814b47a3fd4760f74f825ec

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Roaming\B342C\C435.342
                                                                                                                        Filesize

                                                                                                                        600B

                                                                                                                        MD5

                                                                                                                        89e64089b24a8dcdec239f6c55a09299

                                                                                                                        SHA1

                                                                                                                        22dcaf20c201300e770704cb8bdb0b170b96916c

                                                                                                                        SHA256

                                                                                                                        ea51729899a5d942c0b0b27b00b80c7682f716fd5b36167cc10b9260979e42bf

                                                                                                                        SHA512

                                                                                                                        9987d58f7607c3362a4764a59c0d94d8e7b5ff2c56fb0cf35b45c77840b34932bc3e3bb264becf7b89ebf7019b4c19ae2e2fb6bca936da50afee850df5901e6a

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Roaming\B342C\C435.342
                                                                                                                        Filesize

                                                                                                                        1KB

                                                                                                                        MD5

                                                                                                                        9ff3d90f0adade53e722e3a457fbd720

                                                                                                                        SHA1

                                                                                                                        debf5c7c135a558ab7c6df873ab6f5edfa8225ee

                                                                                                                        SHA256

                                                                                                                        29b9aa3725e7e841b9b08b98c88f32028fd1ff65ac3305b6c3e2e8e21cef655f

                                                                                                                        SHA512

                                                                                                                        74602d618da27278b36c9cbb55986b917776e0372fbf3f72764218bbd35b99fef0aa4ff1cf8d23e6d20c402d66c8f9acd0c0d17ff68541cdf24d1aaee3362a73

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Roaming\B342C\C435.342
                                                                                                                        Filesize

                                                                                                                        1KB

                                                                                                                        MD5

                                                                                                                        8356480b84e937ddd96d67b6ef84eba5

                                                                                                                        SHA1

                                                                                                                        4d9236749c3646785d42beae7901f74c9d83356b

                                                                                                                        SHA256

                                                                                                                        90025f0976cdcb537387418306ac00f37f706f0ce76742a5409b51bff43b10c7

                                                                                                                        SHA512

                                                                                                                        6b0448368e4aecc048014b728f4b060d3ddf5c46b225a7dbb3135a98c3a8cced853e14a1ede77ae757f22f99bee80704f97cdf5fb6be36eb9f07579b745653b6

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Roaming\B342C\C435.342
                                                                                                                        Filesize

                                                                                                                        996B

                                                                                                                        MD5

                                                                                                                        e9d65663b566e35f49d5e4c534607ae8

                                                                                                                        SHA1

                                                                                                                        b23bf9b53ca15b9777b505cdcdcd321fdef01b69

                                                                                                                        SHA256

                                                                                                                        f159ab196ced2c482a195c15552d44f95954aed8ec853b7e3eee69babbc6ceb8

                                                                                                                        SHA512

                                                                                                                        8fae122a002352811265171cc81bc79ce145f26336d51495ab489a43452b5c89e37c6e5ef99bb279b97025c581033653122f2242e51f93285033fa7c61bc9bab

                                                                                                                        Download Submit

                                                                                                                      • memory/396-440-0x00000240B3F30000-0x00000240B3F50000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/396-442-0x00000240B3EF0000-0x00000240B3F10000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/396-446-0x00000240B4540000-0x00000240B4560000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/516-452-0x0000000004050000-0x0000000004051000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/516-189-0x00000000007C0000-0x00000000008C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/516-14-0x00000000007C0000-0x00000000008C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/516-13-0x0000000000400000-0x0000000000452000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        328KB

                                                                                                                        Download

                                                                                                                      • memory/544-367-0x00000000022C0000-0x00000000022C1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/1636-200-0x0000000002810000-0x0000000002811000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/1656-249-0x00000000045A0000-0x00000000045A1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/1796-484-0x000002436FF80000-0x000002436FFA0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/1796-486-0x000002436FF40000-0x000002436FF60000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/1796-488-0x0000024370350000-0x0000024370370000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/1808-225-0x0000000004BA0000-0x0000000004BA1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/2008-295-0x0000000003660000-0x0000000003661000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/2180-392-0x0000000002C50000-0x0000000002C51000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/2348-272-0x0000000002B60000-0x0000000002B61000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/2364-256-0x000001E717D40000-0x000001E717D60000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2364-258-0x000001E717D00000-0x000001E717D20000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2364-260-0x000001E718100000-0x000001E718120000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2724-399-0x00000256C6E70000-0x00000256C6E90000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2724-401-0x00000256C6E30000-0x00000256C6E50000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2724-403-0x00000256C7240000-0x00000256C7260000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2824-343-0x0000000004A30000-0x0000000004A31000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/2832-305-0x000002B87D300000-0x000002B87D320000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2832-303-0x000002B87D340000-0x000002B87D360000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2832-307-0x000002B87D700000-0x000002B87D720000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2924-425-0x0000021AAF160000-0x0000021AAF180000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2924-421-0x0000021AAED50000-0x0000021AAED70000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2924-419-0x0000021AAED90000-0x0000021AAEDB0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2944-499-0x0000000004520000-0x0000000004521000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/3024-214-0x0000019D31D30000-0x0000019D31D50000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3024-207-0x0000019D31960000-0x0000019D31980000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3024-210-0x0000019D31920000-0x0000019D31940000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3288-88-0x0000000000400000-0x0000000000452000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        328KB

                                                                                                                        Download

                                                                                                                      • memory/3288-89-0x00000000004D0000-0x00000000005D0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/3288-87-0x0000000000400000-0x0000000000452000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        328KB

                                                                                                                        Download

                                                                                                                      • memory/3288-221-0x00000000004D0000-0x00000000005D0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/3340-379-0x00000200CA2E0000-0x00000200CA300000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3340-377-0x00000200C9ED0000-0x00000200C9EF0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3340-375-0x00000200C9F10000-0x00000200C9F30000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3552-460-0x00000173C5840000-0x00000173C5860000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3552-464-0x00000173C5C00000-0x00000173C5C20000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3552-462-0x00000173C5800000-0x00000173C5820000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3600-433-0x0000000004270000-0x0000000004271000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/3892-477-0x0000000004330000-0x0000000004331000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/3924-357-0x000001A336240000-0x000001A336260000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3924-351-0x000001A335E70000-0x000001A335E90000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3924-354-0x000001A335E30000-0x000001A335E50000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4100-329-0x0000020DE62D0000-0x0000020DE62F0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4100-327-0x0000020DE6310000-0x0000020DE6330000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4100-331-0x0000020DE68E0000-0x0000020DE6900000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4108-319-0x0000000002FF0000-0x0000000002FF1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/4164-412-0x0000000004D30000-0x0000000004D31000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/4292-233-0x0000028998640000-0x0000028998660000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4292-235-0x0000028998600000-0x0000028998620000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4292-237-0x0000028998A10000-0x0000028998A30000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4592-120-0x00000000004E0000-0x00000000005E0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4592-119-0x0000000000400000-0x0000000000452000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        328KB

                                                                                                                        Download

                                                                                                                      • memory/4592-365-0x0000000000400000-0x0000000000452000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        328KB

                                                                                                                        Download

                                                                                                                      • memory/4592-1-0x0000000000400000-0x0000000000452000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        328KB

                                                                                                                        Download

                                                                                                                      • memory/4592-198-0x0000000000400000-0x0000000000452000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        328KB

                                                                                                                        Download

                                                                                                                      • memory/4592-15-0x0000000000400000-0x0000000000452000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        328KB

                                                                                                                        Download

                                                                                                                      • memory/4592-2-0x00000000004E0000-0x00000000005E0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/5108-280-0x0000021B20B00000-0x0000021B20B20000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/5108-285-0x0000021B20ED0000-0x0000021B20EF0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/5108-282-0x0000021B207C0000-0x0000021B207E0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download