Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

8c41194220...18.exe

windows7-x64

8

8c41194220...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    59s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/08/2024, 22:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c41194220f8afd122158c697b916777_JaffaCakes118.exe

  • Size

    67KB

  • MD5

    8c41194220f8afd122158c697b916777

  • SHA1

    eea6c6a761f375883498f70acd556f731766a308

  • SHA256

    cac3ef9cc34aa1269274b3ca8ec771c65b522a52dd028596cd827ea15b3d36f9

  • SHA512

    a0a31b74f8321e634adfbaae08ccc9885e4cfdca633c98ff34af06650fba9e3a229f1a13565551789fa90f389384687c150b953fb3c47c10f5bb6c39a23bfbdc

  • SSDEEP

    1536:sMl64j3JedCYRug4xlk27jSljWPeCGKX7+/n6A01HQvSvtzt:dgWJpu/gkmPe7h01+u

Score
8/10
discoverypersistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 11 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c41194220f8afd122158c697b916777_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8c41194220f8afd122158c697b916777_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4852
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4856
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3244
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3880
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2120
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3964
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4148
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:772
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5036
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3960
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1172
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3956
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2712
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5080
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4876
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3012
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3092
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3924
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3612
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:748
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1152
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:316
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1456
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4320
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5092
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:732
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2692
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3608
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3260
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:3636
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:4456
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:3608
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:3444
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:1848
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:3636
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:3336
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:4144
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:4064
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:4408
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:5104
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:3540
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:2172
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:4760
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:1748
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:3932
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:2712
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:3488
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:4596
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:5044
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:4064
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:3476
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:3800
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:5096
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:4396
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:1748
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:2516
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:3744
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:3488
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:4064
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:3996
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:1928
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:4352
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:4988
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:4976
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:4540
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:3544
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:4980
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:2476
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:3220
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:4236
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:3132
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:4728
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:3668
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:2924
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:3260
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:3880
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:3012
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:4816
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:4424
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                        1⤵
                                                                                                          PID:1828

                                                                                                        Network

                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                        Replay Monitor

                                                                                                        Loading Replay Monitor...

                                                                                                        Downloads

                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                          Filesize

                                                                                                          471B

                                                                                                          MD5

                                                                                                          eaa327a444d7f3489550986d9fa94b4a

                                                                                                          SHA1

                                                                                                          894b0bc575dbb6c9ce2f0e866b7695728d7118e8

                                                                                                          SHA256

                                                                                                          98be7f507291fe723327a4eb2c88c13b4510099facdcd4c934aee3a2f7ec3d6f

                                                                                                          SHA512

                                                                                                          3de08cef116e376e58ce9a79226e8bba3e3cfc90272c2ce91b92a44a56c2e44fe7119f35a5c3b4977238948ec09233c6851a8e319471dd252f355252b9a0d661

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                          Filesize

                                                                                                          420B

                                                                                                          MD5

                                                                                                          6059bb5ef3ae7f97d1f5e2a1af7a0fe3

                                                                                                          SHA1

                                                                                                          dab92dda255d51a9d99de87aed8798e7f841f9f4

                                                                                                          SHA256

                                                                                                          510759f374ebe50e010a79dd9068ef52e733a1ddb6979da5693de9d8d97f97b3

                                                                                                          SHA512

                                                                                                          866e5798941ad7474c4228ba09890ef8ee0b2a07e6d4f517be65bd45b28e0aea21f198a5946959d88780108d12df1de13a49a0ddd1a989da054e8a2721ab0689

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                          Filesize

                                                                                                          2KB

                                                                                                          MD5

                                                                                                          14647d7a220997bf2e85027b5cab00ef

                                                                                                          SHA1

                                                                                                          ac4e1d8d2fb1da376c6d8085c095d2acf7557dd8

                                                                                                          SHA256

                                                                                                          ebfd692289b60946149b314842f393e9a0d417354a58e30e059bfd931983544c

                                                                                                          SHA512

                                                                                                          c71e0c5237f832be48079314473da1850148684a11e7b92e4f77e2f8d80782eedf93100435b002cac68fbfe61be1d12296e1d4c3d9234582e845b0eecb1dca9f

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133678894382009332.txt
                                                                                                          Filesize

                                                                                                          75KB

                                                                                                          MD5

                                                                                                          86f5703d924e20f9e8430cada8db9909

                                                                                                          SHA1

                                                                                                          8bfd87d28a4327f752e2d99d4d5f8beb5b7d29f8

                                                                                                          SHA256

                                                                                                          b60ae2b44392d0c55a139ffaab6e01055d3189a4eabb93379e206f9a02f8e8e0

                                                                                                          SHA512

                                                                                                          6a2249489986dd77b757eb24dafdffcfab2dc51cbee6deda9adbc9b4d7ff1d02e1d358430323213bf85296b34a530ce59e59afbecbae21ed3bb92edde8f1c384

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BL9O2ALU\microsoft.windows[1].xml
                                                                                                          Filesize

                                                                                                          96B

                                                                                                          MD5

                                                                                                          71e0980a20933bf598e12d709b1f1a5d

                                                                                                          SHA1

                                                                                                          3d6f67f9eff69f233b551cf8f07fa6800974dc5a

                                                                                                          SHA256

                                                                                                          4266cb485dd87059ba81a2bc515a3ef64d051827c11a9ef5a4307d665965142e

                                                                                                          SHA512

                                                                                                          051df6f8285a96da086e45a2a09fe9552c1577ccf1e6529975eb94c27578e95bb3701fde098721ed309db7de67cb837063d4a052d16613b554b5e51574b243ca

                                                                                                          Download Submit

                                                                                                        • memory/316-612-0x00000219A6B20000-0x00000219A6B40000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/316-624-0x00000219A6F20000-0x00000219A6F40000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/316-600-0x00000219A6B60000-0x00000219A6B80000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/316-595-0x00000219A5A00000-0x00000219A5B00000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/732-883-0x0000000002A60000-0x0000000002A61000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/748-593-0x00000000041A0000-0x00000000041A1000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/1456-737-0x00000000049D0000-0x00000000049D1000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/1848-1156-0x0000000004D10000-0x0000000004D11000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/2712-475-0x0000000004D10000-0x0000000004D11000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/3336-1159-0x0000026469900000-0x0000026469A00000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/3336-1158-0x0000026469900000-0x0000026469A00000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/3336-1163-0x000002646A9C0000-0x000002646A9E0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3336-1177-0x000002646A980000-0x000002646A9A0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3336-1195-0x000002646AD90000-0x000002646ADB0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3444-1014-0x000001EF17400000-0x000001EF17500000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/3444-1015-0x000001EF17400000-0x000001EF17500000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/3444-1018-0x000001EF18540000-0x000001EF18560000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3444-1027-0x000001EF18500000-0x000001EF18520000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3444-1040-0x000001EF18910000-0x000001EF18930000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3608-901-0x00000237244D0000-0x00000237244F0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3608-913-0x0000023724AE0000-0x0000023724B00000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3608-889-0x0000023724510000-0x0000023724530000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3608-885-0x0000023723600000-0x0000023723700000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/3880-11-0x0000000004060000-0x0000000004061000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/3956-329-0x0000022377D00000-0x0000022377E00000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/3956-364-0x0000022B7A230000-0x0000022B7A250000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3956-363-0x0000022B79E20000-0x0000022B79E40000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3956-332-0x0000022B79E60000-0x0000022B79E80000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3960-326-0x0000000004B70000-0x0000000004B71000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/3964-13-0x0000017AB9D00000-0x0000017AB9E00000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/3964-14-0x0000017AB9D00000-0x0000017AB9E00000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/3964-42-0x00000182BC1A0000-0x00000182BC1C0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3964-31-0x00000182BBB90000-0x00000182BBBB0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3964-17-0x00000182BBBD0000-0x00000182BBBF0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/4144-1308-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/4148-175-0x0000000004CB0000-0x0000000004CB1000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/4408-1315-0x000002345B3A0000-0x000002345B3C0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/4408-1312-0x000002345A240000-0x000002345A340000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/4456-1011-0x0000000004200000-0x0000000004201000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/4852-0-0x0000000000400000-0x000000000041B000-memory.dmp

                                                                                                          Filesize

                                                                                                          108KB

                                                                                                          Download

                                                                                                        • memory/4852-2-0x0000000000400000-0x000000000041B000-memory.dmp

                                                                                                          Filesize

                                                                                                          108KB

                                                                                                          Download

                                                                                                        • memory/4876-476-0x0000028223570000-0x0000028223670000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/4876-477-0x0000028223570000-0x0000028223670000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/4876-481-0x00000282244D0000-0x00000282244F0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/4876-498-0x0000028224AA0000-0x0000028224AC0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/4876-485-0x0000028224490000-0x00000282244B0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/5036-182-0x000001751ADD0000-0x000001751ADF0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/5036-202-0x000001751B3A0000-0x000001751B3C0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/5036-178-0x0000017519F00000-0x000001751A000000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/5036-191-0x000001751AD90000-0x000001751ADB0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/5092-776-0x000001314AE00000-0x000001314AE20000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/5092-763-0x000001314A960000-0x000001314A980000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/5092-739-0x0000013149840000-0x0000013149940000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/5092-740-0x0000013149840000-0x0000013149940000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/5092-744-0x000001314A9A0000-0x000001314A9C0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/5092-741-0x0000013149840000-0x0000013149940000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download