Overview

overview

8

Static

static

3

9d3e08381f...f0.exe

windows7-x64

7

9d3e08381f...f0.exe

windows10-2004-x64

7

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Seducers/P...32.ps1

windows7-x64

8

Seducers/P...32.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    56s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/04/2024, 12:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Seducers/Probant191/Transaktion232.ps1

  • Size

    58KB

  • MD5

    8f0b138615bc5232ec5e891ad22e0236

  • SHA1

    5bc489fae01667dcc0af2f94ab20826d73ab9dc5

  • SHA256

    38be5eab8bc0206325f3556e55419bc7a72c41f07ea437c10aa50337c2911d85

  • SHA512

    3696c371d06ab6887a58f49297fe09da2c57d4281026f3c8051c472a02714620169e31d6dc2fc68da2d46a537410cf03500cb274767f6c73a60c9d44470879cf

  • SSDEEP

    1536:Tpq7bJT3XlrSlur1MqtuzzsQf2r28j2VPxdRpkC4yWl:Tpg1THZuur/3QerRSVTRpkC4yWl

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 7 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 14 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Seducers\Probant191\Transaktion232.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1268
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "set /A 1^^0"
      2⤵
        PID:3052
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3000
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1796
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3812
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4440
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3872
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4760
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3392
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4220
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4056
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3908
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:2084
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2760
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2408
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:728
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2016
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4124
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1004
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:1988
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:1412
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:3876
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:1772
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:3444
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:216
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:4104
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:4696
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:2720
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:548
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:5028
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                              PID:1528
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:4256
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:2792
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:1000
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:2216
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:3420
                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                        1⤵
                                          PID:2120
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:2000
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:4608
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:3680
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:736
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:3336
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:3580
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:3884
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:4856
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:2400
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:3392
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:5000
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:3436
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:2692
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:860
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:2380
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:4576
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:5100
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:4760
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:2084
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:2796
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:3528
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:3752
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:3656
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:1012
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:4028
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:4416
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:2024
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:1564
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:3656
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:1936
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:4652

                                                                                                      Network

                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                      Replay Monitor

                                                                                                      Loading Replay Monitor...

                                                                                                      Downloads

                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                        Filesize

                                                                                                        471B

                                                                                                        MD5

                                                                                                        36d10a983ebc871949bcceb76145d82c

                                                                                                        SHA1

                                                                                                        17e003238da4d21e15992757e9c0887bddb3a2aa

                                                                                                        SHA256

                                                                                                        95e2cc6230ea402598d775dfa1fc56c352f907023935e631eef29d16947a14b4

                                                                                                        SHA512

                                                                                                        3a7e7153fe8158ce48084f74081ee503d7009a324c1d6563f5069ac7c39e62669f0de36b59d36ae2ef57f6bde0d2377e2bb461f2cf56a58aa6ecb7c4caaae83f

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                        Filesize

                                                                                                        412B

                                                                                                        MD5

                                                                                                        4047cff1295d010dc7211bf84dbdbfae

                                                                                                        SHA1

                                                                                                        84a22225b9b10035dd6a3ec219aa5163b23c3bec

                                                                                                        SHA256

                                                                                                        0658b4ebb5efc6785a4b0677dfdb274871ca3b3a031d5e88bfbbc5f091d98365

                                                                                                        SHA512

                                                                                                        359c1fcc9a8bb891b1d58f4c1bf8c5aea134de92e799e3068f145960a9b6f5e9972034b7c3d5b753e3197576930d37bdbf6775af4a177824a7c864816ae3d487

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                        Filesize

                                                                                                        2KB

                                                                                                        MD5

                                                                                                        06feaea9bc3a36eff77981ff2095c6ae

                                                                                                        SHA1

                                                                                                        121a550c3688721f4e546279684fc7bbf16a0c24

                                                                                                        SHA256

                                                                                                        75afb265510026456fc63a261b2e7a22a69daabfbebaaea8a48dda703319ce46

                                                                                                        SHA512

                                                                                                        5ed27b6cb710e4dfeda12fa1aa5aeee36a0a5a7922c19e3e946f036a524e0018f87206b80f3478b72e33ba24af5eda1ac785c155f0583fd7b3b72ec071075450

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\KERIKBO1\microsoft.windows[1].xml
                                                                                                        Filesize

                                                                                                        96B

                                                                                                        MD5

                                                                                                        974f0adc8b3b7f482be95139c92926e0

                                                                                                        SHA1

                                                                                                        635f5f7b6f1dda58dd4926f1600dce90652da52a

                                                                                                        SHA256

                                                                                                        fc71f9b009579b4f8c03f646fca98084ed6133d4f2acc4103ea39c366518c771

                                                                                                        SHA512

                                                                                                        27b57eec2e4da0c23cb6f7e173ac831a039c3c8a76dec063c8b23c2e1d90f2d52dc5916044a1cf09fd235439d28919d31e0eef3870374e682d1f07daac9960b2

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lhio2y2l.ijh.ps1
                                                                                                        Filesize

                                                                                                        60B

                                                                                                        MD5

                                                                                                        d17fe0a3f47be24a6453e9ef58c94641

                                                                                                        SHA1

                                                                                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                        SHA256

                                                                                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                        SHA512

                                                                                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                        Download Submit

                                                                                                      • memory/548-143-0x0000000004B00000-0x0000000004B01000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/728-71-0x0000000004030000-0x0000000004031000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/860-262-0x0000000003FB0000-0x0000000003FB1000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/1000-156-0x000002EFD8490000-0x000002EFD84B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/1000-158-0x000002EFD8450000-0x000002EFD8470000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/1000-160-0x000002EFD8A60000-0x000002EFD8A80000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/1012-310-0x0000000004D50000-0x0000000004D51000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/1268-21-0x00000297E5430000-0x00000297E5434000-memory.dmp

                                                                                                        Filesize

                                                                                                        16KB

                                                                                                        Download

                                                                                                      • memory/1268-13-0x00000297E3190000-0x00000297E31A0000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                        Download

                                                                                                      • memory/1268-22-0x00007FFD2A090000-0x00007FFD2AB51000-memory.dmp

                                                                                                        Filesize

                                                                                                        10.8MB

                                                                                                        Download

                                                                                                      • memory/1268-10-0x00007FFD2A090000-0x00007FFD2AB51000-memory.dmp

                                                                                                        Filesize

                                                                                                        10.8MB

                                                                                                        Download

                                                                                                      • memory/1268-20-0x00000297E3190000-0x00000297E31A0000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                        Download

                                                                                                      • memory/1268-0-0x00000297E5280000-0x00000297E52A2000-memory.dmp

                                                                                                        Filesize

                                                                                                        136KB

                                                                                                        Download

                                                                                                      • memory/1268-12-0x00000297E3190000-0x00000297E31A0000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                        Download

                                                                                                      • memory/1268-18-0x00000297E3190000-0x00000297E31A0000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                        Download

                                                                                                      • memory/1268-11-0x00000297E3190000-0x00000297E31A0000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                        Download

                                                                                                      • memory/1412-96-0x0000000004D90000-0x0000000004D91000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/1528-146-0x0000023A851B0000-0x0000023A851B8000-memory.dmp

                                                                                                        Filesize

                                                                                                        32KB

                                                                                                        Download

                                                                                                      • memory/1772-106-0x000001CB21120000-0x000001CB21140000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/1772-104-0x000001CB21160000-0x000001CB21180000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/1772-109-0x000001CB21530000-0x000001CB21550000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/2084-286-0x00000000042C0000-0x00000000042C1000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/2084-49-0x0000000004470000-0x0000000004471000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/2120-179-0x00000146032D0000-0x00000146032F0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/2120-181-0x0000014603290000-0x00000146032B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/2120-184-0x00000146038A0000-0x00000146038C0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/2216-171-0x0000000002A60000-0x0000000002A61000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/2400-241-0x0000000003FD0000-0x0000000003FD1000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/2408-56-0x000001B2DA760000-0x000001B2DA780000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/2408-60-0x000001B2DAB20000-0x000001B2DAB40000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/2408-58-0x000001B2DA720000-0x000001B2DA740000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/2720-130-0x0000016F3B020000-0x0000016F3B040000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/2720-132-0x0000016F3B420000-0x0000016F3B440000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/2720-128-0x0000016F3B060000-0x0000016F3B080000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/3336-207-0x000002C37ED20000-0x000002C37ED40000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/3336-204-0x000002C37E920000-0x000002C37E940000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/3336-203-0x000002C37E960000-0x000002C37E980000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/3528-294-0x000001FEE4F90000-0x000001FEE4FB0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/3528-296-0x000001FEE4F50000-0x000001FEE4F70000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/3528-298-0x000001FEE5360000-0x000001FEE5380000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/3580-218-0x0000000004BD0000-0x0000000004BD1000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/3656-339-0x00000000031C0000-0x00000000031C1000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/3680-195-0x0000000004A80000-0x0000000004A81000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/3908-39-0x000001BE6D5D0000-0x000001BE6D5F0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/3908-37-0x000001BE6D1C0000-0x000001BE6D1E0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/3908-35-0x000001BE6D200000-0x000001BE6D220000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4104-120-0x0000000004E60000-0x0000000004E61000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/4124-83-0x0000016951D00000-0x0000016951D20000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4124-79-0x0000016951730000-0x0000016951750000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4124-81-0x00000169516F0000-0x0000016951710000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4220-28-0x0000000002AF0000-0x0000000002AF1000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/4256-148-0x0000000002C20000-0x0000000002C21000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/4416-320-0x000001EE80930000-0x000001EE80950000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4416-318-0x000001EE80970000-0x000001EE80990000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4416-325-0x000001EE80D40000-0x000001EE80D60000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4576-270-0x000001FBDB040000-0x000001FBDB060000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4576-276-0x000001FBDB400000-0x000001FBDB420000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4576-273-0x000001FBDB000000-0x000001FBDB020000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4652-347-0x0000028057D00000-0x0000028057D20000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4652-350-0x00000280579B0000-0x00000280579D0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4652-352-0x00000280580C0000-0x00000280580E0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4856-230-0x000002151CAE0000-0x000002151CB00000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4856-228-0x000002151C4D0000-0x000002151C4F0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4856-226-0x000002151C510000-0x000002151C530000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/5000-254-0x000001B607600000-0x000001B607620000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/5000-251-0x000001B606FF0000-0x000001B607010000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/5000-249-0x000001B607030000-0x000001B607050000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download