Analysis

  • max time kernel
    36s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-01-2024 20:26

General

  • Target

    6b64203a5d0b4968785bb42b23396818.dll

  • Size

    1000KB

  • MD5

    6b64203a5d0b4968785bb42b23396818

  • SHA1

    fd6d2a08195cfb8423b80901b97f949b566b5240

  • SHA256

    53c3c9f049896f4cd87cdf67f1cef8a68f76d5b47bb7e20b6b6ffb09e4746a9e

  • SHA512

    ddc86408f244d17fe749bfb0d09e5b524e9d33b9df77b5ce287527de919bb555d7c9ab4d0732da1f30434b687606f98d70c00b166271b8b8095b2db65f815a8e

  • SSDEEP

    24576:cQcu8pzbIPLMzjw09TI/OrRd0E1ORe39JaCHSG9:cxuW0PL4wOxNP2TG

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

  • Modifies Installed Components in the registry 2 TTPs 4 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates connected drives 3 TTPs 8 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 56 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6b64203a5d0b4968785bb42b23396818.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:884
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2600
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:840
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1492
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4012
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3228
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3492
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2572
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3296
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:1744
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:4764
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:4760
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:936
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:1532
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:1260
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:3460
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:2072
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:4184
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:2552
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:3660
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:2304
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                              PID:4756
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:948
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:4072
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:4528
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:3964
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:1100
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:4740
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:3688
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:3380
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:3544
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:4836
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:880
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:2368
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:3140
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:1280
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:3272
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:3932
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:5016
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:1836
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:4904
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:1604
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:1380
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:1480
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:4948
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:4800
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:924
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:812
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:1612
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:3668
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:1588
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:952
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:1376
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:2176
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:232
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:1384
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:544
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:4604
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:3152
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:2104
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:2080
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:4016
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:4364
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                1⤵
                                                                                                                  PID:2248
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:964
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                    1⤵
                                                                                                                      PID:4444
                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                      explorer.exe
                                                                                                                      1⤵
                                                                                                                        PID:1908

                                                                                                                      Network

                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                      Replay Monitor

                                                                                                                      Loading Replay Monitor...

                                                                                                                      Downloads

                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                                                        Filesize

                                                                                                                        471B

                                                                                                                        MD5

                                                                                                                        3b8fde193c931f3cc0805e72d4cf80de

                                                                                                                        SHA1

                                                                                                                        f566d1207610e226d037ebf8119aa8b9073a83ff

                                                                                                                        SHA256

                                                                                                                        d92cb21acc14615681641922bc48a5900c6e0e96e6ef538f5a55ac21c75ad486

                                                                                                                        SHA512

                                                                                                                        d07801e512452e748f6e834975df8b70c3ad8bafeb063371b6a96269f0cacf37828f1e45947eb849f0f84d376a338d78df7e77f689108a74befb33407bce8513

                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                                                        Filesize

                                                                                                                        412B

                                                                                                                        MD5

                                                                                                                        8e60d88d2ff3122f911e1bbef4c18c79

                                                                                                                        SHA1

                                                                                                                        495721064a5b94ec57adf62d4735c27ddc30b4c5

                                                                                                                        SHA256

                                                                                                                        be917dc353b09b3b42a2bef76d3a9c0a19a399c3a1cced4c9a8f88494ed19351

                                                                                                                        SHA512

                                                                                                                        aa631194b0909b6bbcceb639c6b26fbc7dce7568ed0c4f484a2333ef26208b62c81de441f0df4d4c588846a4fd8cf683c2735498e7ddf9b5438367d25fea1d38

                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\0A55C1OB\microsoft.windows[1].xml

                                                                                                                        Filesize

                                                                                                                        97B

                                                                                                                        MD5

                                                                                                                        291a3f3ebf21195c8af7c2f120ca4dfc

                                                                                                                        SHA1

                                                                                                                        1cade2dac000db3bca92e2daee371beffd2c0bee

                                                                                                                        SHA256

                                                                                                                        fbe32bda6ca669397ca6d02b329f235aee87a8f36b09a589548e969c19cb78de

                                                                                                                        SHA512

                                                                                                                        ed2dea282f97d25171e0e95fe718103e04e37f13a1edf79373af204ac344cdb9a0fca34d82e45d3475a9845ee92644a99a1c2733f8858fe384e3b6958331f287

                                                                                                                      • \??\PIPE\srvsvc

                                                                                                                        MD5

                                                                                                                        d41d8cd98f00b204e9800998ecf8427e

                                                                                                                        SHA1

                                                                                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                        SHA256

                                                                                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                        SHA512

                                                                                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                      • memory/880-195-0x00000000048B0000-0x00000000048B1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                      • memory/880-218-0x00007FFB68C20000-0x00007FFB68CDE000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        760KB

                                                                                                                      • memory/884-1-0x0000000140000000-0x0000000140101000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1.0MB

                                                                                                                      • memory/884-0-0x0000023793670000-0x0000023793677000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        28KB

                                                                                                                      • memory/884-8-0x0000000140000000-0x0000000140101000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1.0MB

                                                                                                                      • memory/924-272-0x00007FFB69850000-0x00007FFB69A45000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        2.0MB

                                                                                                                      • memory/924-297-0x00007FFB69850000-0x00007FFB69A45000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        2.0MB

                                                                                                                      • memory/924-295-0x00007FFB68C20000-0x00007FFB68CDE000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        760KB

                                                                                                                      • memory/1100-153-0x00000278ABC40000-0x00000278ABC60000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/1100-156-0x00000278ABC00000-0x00000278ABC20000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/1100-159-0x00000278AC0A0000-0x00000278AC0C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/1260-89-0x0000000004DA0000-0x0000000004DA1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                      • memory/1280-222-0x00000000049F0000-0x00000000049F1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                      • memory/1384-347-0x00007FFB69850000-0x00007FFB69A45000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        2.0MB

                                                                                                                      • memory/1384-367-0x00007FFB68C20000-0x00007FFB68CDE000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        760KB

                                                                                                                      • memory/1384-374-0x00007FFB69850000-0x00007FFB69A45000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        2.0MB

                                                                                                                      • memory/1532-74-0x000001DB3CE60000-0x000001DB3CE80000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/1532-77-0x000001DB3CE20000-0x000001DB3CE40000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/1532-80-0x000001DB3D220000-0x000001DB3D240000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/2072-97-0x0000018E538C0000-0x0000018E538E0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/2072-100-0x0000018E53880000-0x0000018E538A0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/2072-103-0x0000018E53EA0000-0x0000018E53EC0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/2572-28-0x0000017EE35C0000-0x0000017EE35E0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/2572-29-0x0000017EE39D0000-0x0000017EE39F0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/2572-26-0x0000017EE3600000-0x0000017EE3620000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/3140-203-0x0000022163D20000-0x0000022163D40000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/3140-209-0x00000221640F0000-0x0000022164110000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/3140-207-0x00000221639E0000-0x0000022163A00000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/3228-19-0x0000000004960000-0x0000000004961000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                      • memory/3296-42-0x0000000004A60000-0x0000000004A61000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                      • memory/3380-177-0x0000025BE7D40000-0x0000025BE7D60000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/3380-179-0x0000025BE7D00000-0x0000025BE7D20000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/3380-181-0x0000025BE81B0000-0x0000025BE81D0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/3444-9-0x0000000000E00000-0x0000000000E01000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                      • memory/3444-7-0x00007FFB68C7A000-0x00007FFB68C7B000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                      • memory/3444-4-0x0000000001080000-0x0000000001081000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                      • memory/3660-141-0x00007FFB69850000-0x00007FFB69A45000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        2.0MB

                                                                                                                      • memory/3660-139-0x00007FFB68C20000-0x00007FFB68CDE000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        760KB

                                                                                                                      • memory/3660-115-0x00007FFB69850000-0x00007FFB69A45000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        2.0MB

                                                                                                                      • memory/3660-114-0x0000000004A50000-0x0000000004A51000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                      • memory/3932-236-0x000002033FD00000-0x000002033FD20000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/3932-230-0x000002033F720000-0x000002033F740000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/3932-233-0x000002033F6E0000-0x000002033F700000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/4528-146-0x0000000004040000-0x0000000004041000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                      • memory/4740-169-0x0000000004210000-0x0000000004211000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                      • memory/4756-127-0x0000016D28180000-0x0000016D281A0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/4756-123-0x0000016D281C0000-0x0000016D281E0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/4756-130-0x0000016D28590000-0x0000016D285B0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/4760-66-0x00000000044F0000-0x00000000044F1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                      • memory/4764-56-0x00000285006A0000-0x00000285006C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/4764-53-0x0000028500290000-0x00000285002B0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/4764-50-0x00000285002D0000-0x00000285002F0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/4904-251-0x0000018F6B060000-0x0000018F6B080000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/4904-254-0x0000018F6B020000-0x0000018F6B040000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/4904-256-0x0000018F6B430000-0x0000018F6B450000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                      • memory/5016-243-0x0000000004E00000-0x0000000004E01000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB