Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Ziraat Ban...ji.exe

windows7-x64

7

Ziraat Ban...ji.exe

windows10-2004-x64

7

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Algoesthes...rs.ps1

windows7-x64

8

Algoesthes...rs.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    28s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/02/2024, 08:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Algoesthesiometer/Kvitteringer/Naaletrs.ps1

  • Size

    45KB

  • MD5

    134c07fce8184c599cb40754d2ae6db7

  • SHA1

    af5f44ed3b7ab716af0a5b683218f5ca96b0175c

  • SHA256

    a17d8d7ec7a761817970478b591b1b8e69d41119636067ce4d221e72b9ca058a

  • SHA512

    82c58aa95897217226a15674154b5c0a567962c60bd60ecdb98b486767391b05eaa2d03bcadcf6cf102aaa632f5bb2527af791b9e7049cde112107a3c874c221

  • SSDEEP

    768:L9FgRj8sOglYNISbpapSUGxX+V8k0R6ljVP1W2HXhqIwKjLdHmH1BsB7WHl4C+bK:L9FgRIgMtpapS0WRapM2HFZjFK/l4dK

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 4 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 8 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 58 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 57 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Algoesthesiometer\Kvitteringer\Naaletrs.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3092
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3344
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2172
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3048
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3788
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2384
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:4768
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4052
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:2348
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:2092
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:1504
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:5088
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:3772
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:4588
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:4920
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:4308
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:464
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:4968
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:984
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:1996
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:4068
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:3920
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:4512
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:4188
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:3656
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:1848
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:1068
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:2520
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:3972
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:1856
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:3548
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:3700
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:2504
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:3616
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:3024
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:3752
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:2504
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:4148
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:3736
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:2740
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:3880
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:4256
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:4972
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:4100
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:4248
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:1216
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:4384
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:1996
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:4148
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:1540
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:3804
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:4580
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:4108
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:4440
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:4244
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:2520
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:4372
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:2596
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:2124
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:3660
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:5040
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:3384
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                1⤵
                                                                                                                  PID:1584
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:4100
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                    1⤵
                                                                                                                      PID:3924

                                                                                                                    Network

                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                    Replay Monitor

                                                                                                                    Loading Replay Monitor...

                                                                                                                    Downloads

                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                      Filesize

                                                                                                                      471B

                                                                                                                      MD5

                                                                                                                      cefafa4a97db6e6ea94fadaacfa58e3a

                                                                                                                      SHA1

                                                                                                                      722a32ebeb2e6e0c00eb50ac8b963051653bcadb

                                                                                                                      SHA256

                                                                                                                      0c3ae65e24e85f43085515c6cda36d3a46e07fd1ac7cffca34ce325167e70e4a

                                                                                                                      SHA512

                                                                                                                      28a2eb83f0c7699e3f842dd05d2de37466a199543c741c4139135be126790674dc3d048aec98445fdc45b8ab8d2fd2aae0e59961ab59c4ea0b93fbe36781b0fc

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                      Filesize

                                                                                                                      412B

                                                                                                                      MD5

                                                                                                                      813d4a9dd7d0af9bed7bd6d5c6d3a2cc

                                                                                                                      SHA1

                                                                                                                      2b43788465a650c0f1348e297eb7f0270c6ff391

                                                                                                                      SHA256

                                                                                                                      058226167829119936fd605bee71968aed39910855d1bd094292862427773cd0

                                                                                                                      SHA512

                                                                                                                      bd2f76e8d4190349bd6f4f0329de178bdde3c7ec5e94257e31daf4bf22d78a7c0465ba3d16aba992365e10c1785274828e05ca3bbabd596225984c663a159d5e

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                      Filesize

                                                                                                                      2KB

                                                                                                                      MD5

                                                                                                                      043d84562df789cb109401d79fecb125

                                                                                                                      SHA1

                                                                                                                      738db7d4cba5a61123a59a1412d2401bb52c828c

                                                                                                                      SHA256

                                                                                                                      e61c7d7060690d5e16edb480a3d7fee391de851beb410235f0853c2f4476921b

                                                                                                                      SHA512

                                                                                                                      a3d1af47789b9b2f855707fcc9305cd4864a1d2a56f05be652974a985ce32bac5490d2231df62fa780eb2bc56bdc76d828df72a999c2e992c5414b8cb0bb62a5

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\2QRDRLTB\microsoft.windows[1].xml
                                                                                                                      Filesize

                                                                                                                      97B

                                                                                                                      MD5

                                                                                                                      04549d11a7b61537f1764f3bc366553b

                                                                                                                      SHA1

                                                                                                                      314c45d21da6573a30d864045fca8a51a5a32726

                                                                                                                      SHA256

                                                                                                                      1e2bc8a47c4283e3913c3b1f8f467dd891872ad6d757114a4d45876b6e790595

                                                                                                                      SHA512

                                                                                                                      69835e4409542b68cfc213cb157ff90584a6e4fe411ab968c06c21fe3e8c13181ace59274642e184d44d8e983a44f96d47b91f736577265d4e9de20dcaaa1b32

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wbmuu4ig.oaw.ps1
                                                                                                                      Filesize

                                                                                                                      60B

                                                                                                                      MD5

                                                                                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                      SHA1

                                                                                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                      SHA256

                                                                                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                      SHA512

                                                                                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                      Download Submit

                                                                                                                    • memory/464-87-0x0000000004220000-0x0000000004221000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/984-99-0x0000025476240000-0x0000025476260000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/984-97-0x0000025475DA0000-0x0000025475DC0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/984-95-0x0000025475DE0000-0x0000025475E00000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/1504-48-0x00000211AE4E0000-0x00000211AE500000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/1504-51-0x00000211AE4A0000-0x00000211AE4C0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/1504-55-0x00000211AEB40000-0x00000211AEB60000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/1540-297-0x0000000004040000-0x0000000004041000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/1584-370-0x000001C3FF260000-0x000001C3FF280000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/1584-375-0x000001C3FF8B0000-0x000001C3FF8D0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/1584-373-0x000001C3FF220000-0x000001C3FF240000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/1848-159-0x0000000004930000-0x0000000004931000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/1996-112-0x0000000004880000-0x0000000004881000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/2348-41-0x0000000004EA0000-0x0000000004EA1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/2384-32-0x0000011920D60000-0x0000011920D80000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/2384-34-0x0000011920D20000-0x0000011920D40000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/2504-195-0x0000023B0AF60000-0x0000023B0AF80000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/2504-198-0x0000023B0B370000-0x0000023B0B390000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/2504-191-0x0000023B0AFA0000-0x0000023B0AFC0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/2520-170-0x00000162C1C60000-0x00000162C1C80000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/2520-167-0x00000162C1CA0000-0x00000162C1CC0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/2520-173-0x00000162C2280000-0x00000162C22A0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3048-25-0x00000000044A0000-0x00000000044A1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/3092-10-0x00007FF9D2950000-0x00007FF9D3411000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      10.8MB

                                                                                                                      Download

                                                                                                                    • memory/3092-12-0x0000019C97440000-0x0000019C97450000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      Download

                                                                                                                    • memory/3092-6-0x0000019CB0480000-0x0000019CB04A2000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      136KB

                                                                                                                      Download

                                                                                                                    • memory/3092-14-0x0000019C97440000-0x0000019C97450000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      Download

                                                                                                                    • memory/3092-15-0x0000019C97440000-0x0000019C97450000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      Download

                                                                                                                    • memory/3092-11-0x0000019C97440000-0x0000019C97450000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      64KB

                                                                                                                      Download

                                                                                                                    • memory/3092-16-0x0000019CB0710000-0x0000019CB0714000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      16KB

                                                                                                                      Download

                                                                                                                    • memory/3092-21-0x00007FF9D2950000-0x00007FF9D3411000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      10.8MB

                                                                                                                      Download

                                                                                                                    • memory/3384-346-0x0000023E7F0C0000-0x0000023E7F0E0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3384-348-0x0000023E7F080000-0x0000023E7F0A0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3384-350-0x0000023E7F490000-0x0000023E7F4B0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3548-183-0x0000000004990000-0x0000000004991000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/3616-207-0x0000000004320000-0x0000000004321000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/3656-151-0x00000231F9730000-0x00000231F9750000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3656-147-0x00000231F8FE0000-0x00000231F9000000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3656-144-0x00000231F9320000-0x00000231F9340000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3660-339-0x00000000032B0000-0x00000000032B1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/3736-230-0x0000000004210000-0x0000000004211000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/3752-217-0x000001A483290000-0x000001A4832B0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3752-219-0x000001A483930000-0x000001A483950000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3752-214-0x000001A4832D0000-0x000001A4832F0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3880-238-0x000001D7F52C0000-0x000001D7F52E0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3880-241-0x000001D7F5280000-0x000001D7F52A0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3880-243-0x000001D7F5710000-0x000001D7F5730000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3920-126-0x00000258F2C40000-0x00000258F2C60000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3920-123-0x00000258F25A0000-0x00000258F25C0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3920-120-0x00000258F25E0000-0x00000258F2600000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4100-258-0x000001CC53A40000-0x000001CC53A60000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4100-262-0x000001CC53A00000-0x000001CC53A20000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4100-265-0x000001CC53E10000-0x000001CC53E30000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4100-362-0x00000000043E0000-0x00000000043E1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/4148-284-0x0000025A83490000-0x0000025A834B0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4148-287-0x0000025A83AA0000-0x0000025A83AC0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4148-282-0x0000025A834D0000-0x0000025A834F0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4244-318-0x0000000004120000-0x0000000004121000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/4256-251-0x00000000046C0000-0x00000000046C1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/4308-72-0x00000162B3660000-0x00000162B3680000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4308-74-0x00000162B3620000-0x00000162B3640000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4308-79-0x00000162B3A30000-0x00000162B3A50000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4372-336-0x000001C7F8270000-0x000001C7F8290000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4372-333-0x000001C7F8390000-0x000001C7F83B0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4372-329-0x000001C7F7F40000-0x000001C7F7F60000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4372-326-0x000001C7F7F80000-0x000001C7F7FA0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4384-274-0x0000000004380000-0x0000000004381000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/4512-136-0x0000000004C80000-0x0000000004C81000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/4580-311-0x000001234B020000-0x000001234B040000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4580-308-0x000001234AB80000-0x000001234ABA0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4580-305-0x000001234ABC0000-0x000001234ABE0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4588-64-0x0000000004030000-0x0000000004031000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download