801b0b95527f98b1e5de4f92886e355ebe548c74257e736727c88c7507203b28

Analysis

max time kernel
96s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 11:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

StarRailBase.dll
Size

4KB
MD5

f1d1dbddc2ff603b0d58dd969e0a24a8
SHA1

4527b754718e9767ad0a1b4051544e23494ff511
SHA256

801b0b95527f98b1e5de4f92886e355ebe548c74257e736727c88c7507203b28
SHA512

2eb669ddcfafb1fdd973101b7575902ee2b82b40cb4836c0a84430d86672ceb9040139513b3d17c2cd5ab0d9dbc4f99df745ed461648a345cc13fbab1216eb1c
SSDEEP

48:qZITVmb0V3vYQ/qpUE474DMxdkCFZPSPeJeg:BTVmbK/mAsMxd3Ag

Score

9^/10

credential_access discovery persistence ransomware spyware stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Renames multiple (2081) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops desktop.ini file(s) 53 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	rundll32.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	rundll32.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\desktop.ini	rundll32.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	rundll32.exe
File opened for modification	C:\Users\Public\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	rundll32.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	rundll32.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini	rundll32.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini	rundll32.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\desktop.ini	rundll32.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	rundll32.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	rundll32.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini	rundll32.exe
File opened for modification	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	rundll32.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{9DB4C783-59A7-49D2-AEF3-CF54BA7248FA}	explorer.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	916	explorer.exe
Token: SeCreatePagefilePrivilege	916	explorer.exe
Token: SeShutdownPrivilege	916	explorer.exe
Token: SeCreatePagefilePrivilege	916	explorer.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\StarRailBase.dll,#1
1⤵
- Drops desktop.ini file(s)
PID:2856

C:\Windows\explorer.exe
explorer.exe
1⤵
- Boot or Logon Autostart Execution: Active Setup
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\Caches\{62CD919B-7E91-4D3F-AAEA-4A16BA66838E}.2.ver0x0000000000000001.db.k

Filesize
1KB

MD5
d9a05ae44a66235faeaa33a8a298a435

SHA1
5d8bd95d27a950abdfbd7f6ce1b59d47ef075c81

SHA256
47b7c5410a7d9793ee13eb44f90bce52972a2ac2cac28c252a10aea511ff1bbd

SHA512
d98373a2185a45cd37faa88a9530baf0da960218d93ed63204f18db59b664ce3af7a09d5c63cd4c1741f509d1c7ae8ec868ee59b97824361e2cfd99d70bdf698

Download Submit
C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db.k

Filesize
622KB

MD5
268d8b076ad540e2ddaf83d35fc7bf93

SHA1
dda42c56dfcf825569c9eb5b66b1690374a02f10

SHA256
5ac9913eb227662734c93525955878fad77381be83049a7d6b5f629e404ba497

SHA512
3a657cd22a2267acea7eb47f9f6aacc04bb869cff73ef4dea1067027e8f42dd1a1ffb53d41c91b7c753f3e2bb504f9015489b14e2a21afd453da7fb2c216a67f

Download Submit
C:\ProgramData\Package Cache\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}v48.108.8828\dotnet-host-6.0.27-win-x64.msi

Filesize
736KB

MD5
b8dfa6fb8b23e18e7c9910b737e5e53f

SHA1
fa77652dfbe1bfc3ec68186fc91d935c2b406611

SHA256
dcc08fcbb0d92f8e753f0cac4c286bba07c491c19bf9cbc14caee227261c4dd5

SHA512
aae4c579b28332a3c0a396828147ddf991775c09f19af5d70a733e4fff60f020b26c2908fdc9b4a984960aa65e6856864062bb327bd4b4b3fd8c9da94dd8052f

Download Submit
C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi

Filesize
180KB

MD5
45b9b8c55c85747392d5135d4ec36749

SHA1
2826a14806e71370ceadef6a9988730bb9168e71

SHA256
ca136670a0f3aa6c9ff7379a8aa4699ae5988809a87e6379a02a14be07133da7

SHA512
8fe72810a35ddf9023cb94c3c5d66978a2018d3b246fb7295f8b3a8538e10df4f37843bdce7a40248a4eeeb834b447a24a8892e114a4cae692a8c2158bd4ec93

Download Submit
C:\ProgramData\Package Cache\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}v56.64.8781\dotnet-runtime-7.0.16-win-x64.msi

Filesize
26.0MB

MD5
4151bc845ec0dbc7ad7f434bc0363703

SHA1
735573de4398041462987f90fb8c0be0408876f7

SHA256
af03aad300dcca8ad93c5865f4e9e5f8b652ce8774a2100b04859a7984dec0d7

SHA512
004ca15f01654c5697fa62d7f58642c11e4145b1c8c466fddef95c0be259f006ed79e1c122928c19efebbf7b7b973686bca1567b0130d20ed6d9d3a7cd1a1049

Download Submit
C:\ProgramData\Package Cache\{E634F316-BEB6-4FB3-A612-F7102F576165}v48.108.8836\windowsdesktop-runtime-6.0.27-win-x64.msi

Filesize
28.5MB

MD5
ca1cb4f4e9510b275a52dbe3722a9faa

SHA1
15f2712296db1ced7ce8883e20fcbfa840fc864c

SHA256
b6634629a05ed7da17e6e69c48963d68e3e9588c20ec1b4f5541c9b58e60c3e2

SHA512
bd2a59a02e0b27aa401fe5e4d567b0c64ad0f3f3746711ab874cb0d439f5958c06e0ba6aed0ab17b13d0c37cec3976675978fde2b9196a87fc5f9cfe3fc7a4e9

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USStmp.jtx

Filesize
3.0MB

MD5
fe838fdc9187fecab984bf9fddca91d5

SHA1
74adedeaa94d1f01af0c246e2f5679bf2887d961

SHA256
a0f872657acf4313cdcd01e65542fc80eb1358979582cdab395c289cc1e57419

SHA512
43d8a783d9510759e000282098ad43b12bdba4c27a302a5b6c24b122f47135d923ae2b5a910d5019f61c8f1d06f8b9cc08b48178c9e38f3f9b6c2f55e65e9f1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
3bb0a53ff8cede0182ed20ed0a55141f

SHA1
374eadf7d623b2fcbc65ffd209e3405ffff3b37d

SHA256
bcdad2b976a1345eb6a1063de65975eae4ac66e19c36357e271794b9459e16b8

SHA512
c425b92786de52c959440cdb34bde5375a6fbc86b37da63219ea6c7c052120a6f161b26ef1017a9e1c4546177483cffea4c5b27efebcfb6e8d265258c719b829

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
56cef51ac2c40850b350854b5be93527

SHA1
770e47c348f70e6a208ba012fbb67e9f08090873

SHA256
6a790c0100f2fd44ea69cc0896cadad590dde6b1bd0b1316ef76c362eae7a47e

SHA512
9560505d6a0543bc0c813de2c3c7421bbab6d370abd8cfc8a9f377da9b833d5623e314bfb995e8de0c753f538a3d3cf7149f9894d3a291485a5790f8d42ca8e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
9268428563de08599465d1d1a9d9eeac

SHA1
cdf9ae46fffb34818399e98eed8bb7f4b14f1574

SHA256
826f87dd93fde2e88f2ff03e81652944ce0d20f085a1d8d9910c793da7870eca

SHA512
8ded0b29be306352c45d6f278d24405e239c57827d5017787067dc537505ac0d75714f1d350dfe44ba0b62ff662c7f8297b2816d739fc72e83893a15f01de1ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index

Filesize
24B

MD5
40bc644c8a690c5f6288f4d1bc225c5d

SHA1
3f20619b26867bc63795c6be179f31c3793aefa2

SHA256
759be9ef7b429d7d9c9398230af8137fc50e807b1fafa49fb6c1235563fc7eb6

SHA512
0ed1582e177889beba1b7d62d37831698a013cf1be1398c2d5d4e31d9d685c20bd64ef4f37499c09dad3b14583fa60180bf43e43c823cbc93edb9830cd234db4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_0

Filesize
8KB

MD5
9dd947f5fff5a5aa448d23aaf30b2de1

SHA1
489036e2f487f5f36d269f5e55a26c33935d90fc

SHA256
6297d1fc0253cb715bc092c94292612f41ec81a5bdc6ee1ef626f3e4a15a25b1

SHA512
1075ed96b20b34ad412225b130e9d225ed38cafcd1e3a8316f66c6d7a9f04e7bdedc061c90d8d96204fa1aee749910913bab156ed386a9645a9e9de3b87518fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_1

Filesize
264KB

MD5
4d0f30ada4c7ecd7506256fbd22bd20d

SHA1
604dfcd5642201b8171f16d7da762501d7acbef2

SHA256
790bc36854d0fefc0382d41222c6c2c9f4c692b31aca72db17e11125f2301a09

SHA512
cd310b8165d62462b0079129df130411033fb7677bae5c70d12b46b759538086049a6f8d3f46e52c7784ed82a924f4332db797271b04241647fbd0479a6e2d19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_3

Filesize
8KB

MD5
32d0c4cd46d25fc368289c3bd96bd4cd

SHA1
1e5cad9038d031a104de8264f6fd23c89a67b8f5

SHA256
1ac13bf6c7c6f57fbe490923b6b7d0cc7f2a115444d48e47197b9adb6dab816f

SHA512
2ac455f14f6b6d932c2ef0ce3e72ba55c0c72a7da8da764a0812f55b4638e2d44fde1ae478f464869be48875d214b82e03a5bc7af3bfc05312669b3226ccee92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\winword.exe_Rules.xml

Filesize
332KB

MD5
1f8d56b88e824f76e1334d683d01beb5

SHA1
a8df3e84ae760d5d8ff8436a68e4e65f6afbebde

SHA256
04f9e246f0c34da2a94157d54ebbdfcd56959121c678c3bc86d336026b565e8a

SHA512
9e7b79b6c751cc9d1db4a0586257dfdc9276f573ec29943419f808d0ddaa00062577e9c5b6f816f9224f9c82641c656dc42765873384c4d861de43908babab56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\onenote.exe.db

Filesize
24KB

MD5
84a75c1853eb7e5023cd17d6f4cc602c

SHA1
6c709a005849b53ba3c10c28ae91dff3ec6366c7

SHA256
ec8eeec34bb3ee64108d84ea9a541773a0ea482e465f23f146f5e4a669e26065

SHA512
f822aa4b3fd2772533ccc3e0c6967e33a88b02d0a27b6d612dda72d26677d7f0507b44864e7b3de44d68ed6bea82f36a59ed66789cebf1e06720a80857a319a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini

Filesize
174B

MD5
10cd64ff6feca700bc3785dca79a4c9f

SHA1
8e5dc101aea4049109fb71dda9234476bf9908d2

SHA256
b7a2b57dc07d99db8206ddc5176e3996211f44943f446bfd54b1e77ca8427845

SHA512
36bfd3e1c1d757406ad98371dd51d97815d5f498215cfd28599ba2ce082c4cd791625de298ba0c5245acab0b6fb5f6a77f1010bc02957524362d14b44c43fa80

Download Submit
C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat

Filesize
8KB

MD5
ad653c52c4c6108843574d720b24eaa9

SHA1
6eedbe6b4f5b3d22c4840cbffc6b1e4cfe9d911d

SHA256
ad7959c3b88753b181e20e0c9a7ecbbd8ee632017ca6d1eb8427db9862735f0a

SHA512
f5a4df1abfd5f2167dc215332a7cdfb5f8e348ac4ca0988e102085d90832e565e5f2820c548638273436a9b81c7f08904b057afa7ba9f1f29c138d851477ac2d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___java_com_help.k

Filesize
36KB

MD5
31381e75a4d972a07289cd6d7fc40785

SHA1
316e922ed1948abfaaf5dfb4be2af9b6c831cfa5

SHA256
c25766abb191383e44176c67a89dfa6c116f468dbe69c415a604cb650f981648

SHA512
5165d5354f055793d6c872ea79ee5554f06e077883fd87826c271457ce35c0eb2169448b10ebfdd98631e0451ca507ed8ac8123b028ff65c7ca2ba98f09b706c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe

Filesize
36KB

MD5
d67468a8dccf719cd40a360881fbed45

SHA1
36440c795c47c27922f050e82d00d156466af1b5

SHA256
a9abc53d496d08f00a43a6da307cbc613c70086cdad4fe092821f15951e2b79c

SHA512
67c3971db52d88b6e6c7710963e05e779f24817654b20ea466a6f96a94aa7db91a971fcd487cf7d4578f7cb3d61375465a482293c143e73a91dc609ffb07fe30

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_VideoLAN Website_url

Filesize
36KB

MD5
70ed0df05bf24c4efde35f91bff3a54d

SHA1
8a4b95e27e510c73c9a92d9d34fda39e91ad9036

SHA256
96163c92134a843e46c23f415cf72c22cce853ea13aecc5156da5e3286b7d39f

SHA512
893b562e3b760d24fe4906c3c4de76284117e64186f5f6beabc40afd755cada6abf2f43b75bb75394b2e4916e3a098221c51e17332733cd75c4b42c80092e4d5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_vlc_exe

Filesize
36KB

MD5
a197fc65a2dd009b4c18ce750a0c2a3d

SHA1
e9dc494ddc186fee00e3ecb902665bf47823bad8

SHA256
e453e612db6382ad302157ffb0be7d5eeb053ea1ba79d51db52a81bf7f29ebdc

SHA512
208fbf4d8f4e5a19b23a6063b060ef8fc68bd144d57ef9b4772f5693c0621a3d85525cf5c24390370830fd2a93ef9a79113aa2f0613b41f4f932a2734c598655

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{cc2e8893-26a3-4169-b568-0a1ff84f10f2}\0.1.filtertrie.intermediate.txt

Filesize
5B

MD5
88ccb60981ad8892c7738b30d2d22f8e

SHA1
5840040fa6ad10097bfe78305f800edc3c4f607e

SHA256
705d866d9347a502a8e59ea6d4e0ab9ad7ed17f8189a6cadd6528f85213c14ff

SHA512
7fac51ff58199e3fce49a0de11c5f3e569f48af21b064bbaac38f94dd51e78a1e5715b137d95369d640374225e376af22a42dcc6d325ae45db6f1895a20e939a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{cc2e8893-26a3-4169-b568-0a1ff84f10f2}\0.2.filtertrie.intermediate.txt

Filesize
5B

MD5
fa9462eda77557614bb92e4c1977343a

SHA1
cc253d66057c28550b6825e1b53344b6fc470eea

SHA256
61bc9614aa237c633e049c1f9e22090d267f7414f6802267cce50b7616c0dd83

SHA512
3dab82163eebe8d4d67bad7c2b2d72bd25edc150fa66e849a77196ca23e5c18e0f517c4e8ba4b25348146ddc6dd16b7c5ecc4473a3bd11e734bcb85c6f152c21

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{cc2e8893-26a3-4169-b568-0a1ff84f10f2}\Apps.index

Filesize
1.0MB

MD5
dd7f36b564c284ebc482aac6162fcbff

SHA1
a0b26d1b4515032b9c41549f3f275e71e8afa91e

SHA256
59276ffee5d4c0a54d6a78deb64a4a5f6984b88f6471f4a9c0eb3ac30e7e3d8b

SHA512
b68c9bd8a3bd4798b30fa2ea4f20bb3d88533f63c1b04a6ec823d7c318728bc10f5f31719b4eca8e2447a08e8a7547f038fa9bcd23b492d6a38031c17e1bb6e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754149735590.txt

Filesize
77KB

MD5
04fba20fc42148d884d93298c1e7630f

SHA1
84ab8955e4d9ff985e1e55cc79d45f1783e5dbb5

SHA256
2596f18b97cabdce5e1bbcd33c8706a529eae7e57005a9e9dc0900735b68784e

SHA512
042f36a0453e493242e7d2c57a6882bc18de1662accac381f44443218a41d0362395aee84a05b61c550d8f5db25fb32d64fa03d3ca2017b04c9a897f847da4ba

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754678238458.txt

Filesize
47KB

MD5
75ca286b0c7191a0c924e4306bf92158

SHA1
2699f74bc6a824d2f58f7d22c3258246494c5118

SHA256
3227739acdd950134d1a2a7c13aa947f886fbb074be0d24bef8fb0e5ed05c6f8

SHA512
64f1f94572baa819e2b99725bcb41a70b18dd1cb1df5e44b8355d199fc5f36a5e76bfa4df105d5ca0930e784516fb52cae5a647c00c071582ccf444421e25f29

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670761945787825.txt

Filesize
63KB

MD5
cbd3f8b337168986596c831d1d4631c4

SHA1
c9b722e3188e5a26f9d682f211a2fbeacb57690b

SHA256
c02efeb50d49cb2fe636ce0aec113666fa94661b8e523a149ae269064cab8dcf

SHA512
795f6e2bf7b28b35ecdfc6c2933ad7df64ef5657eb9e993b2419d7dd685186ca77cca6d3b9c3004ce866aa54e747a987dca4b3d5bba84faaaca8095923196369

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670764554768979.txt

Filesize
74KB

MD5
ab053b493a23a75f5a2abb8921729f2f

SHA1
e7ad99f27b99815d4c4ec2b9b4721c089a6e7b66

SHA256
3c4a75786d4ad36bcf43ad1f0371a172d3db51bd33ec455781c561655e69a356

SHA512
61260f72b2e6ed1add5fca954a6c7392a4a479fd37ed668a5cf39fe8923c2c9da23d6b73d526a34a0ff1006159f2915b55808e7bbe8e58517f7712d305d95386

Download Submit
C:\Users\Admin\AppData\Local\Temp\wct4EC.tmp

Filesize
63KB

MD5
700891eef3b501d14a5bc7bd5afb4c60

SHA1
5f6bc9a7f2f3bb1a783f5b0d7cf60f97a4823740

SHA256
7eb77dd6bdc4968e13c36f1085a74cce5464a41f514cfcb0175ec461ef7c36b1

SHA512
1638b9ddac525402d321582c266189d74b2eba050d26432d47c6acb713610b90128b0497d13daf60714097672e7c11235415f4986c673a9644068eb0f36b1e9d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads