Overview

overview

10

Static

static

3

26976ba397...18.dll

windows7-x64

10

26976ba397...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    61s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-10-2024 22:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26976ba397f41991ffdeeff1031bf052_JaffaCakes118.dll

  • Size

    973KB

  • MD5

    26976ba397f41991ffdeeff1031bf052

  • SHA1

    a0978b28fd4ccba8529a9aab00bc370abb1508ff

  • SHA256

    9277022581a6a6565e4a1f7dd5b2c499cf62fd8e176450c0f4b2dca9fc70ce47

  • SHA512

    8665cefa87ce3698443d317e50a71f6baf45467cd1271b2799b49259c634ef742fb1ba95916f482012dd877dec452ea5efdd95c77008e6d5d37a1566034f40ac

  • SSDEEP

    24576:NIuIxBOQNcKv8RtflMQazYZPT29BL0qNsX90nn:i0+YZr2DR6Xg

Score
10/10
dridexbotnetpayloadpersistence

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 12 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\26976ba397f41991ffdeeff1031bf052_JaffaCakes118.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2588
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3084
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3336
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4268
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:788
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:5068
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1432
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1356
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4708
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3404
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1628
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4260
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3356
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1488
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1904
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2864
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1632
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3664
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4408
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4888
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1504
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:720
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2152
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2768
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1700
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3156
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:1132
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3540
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2332
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1056
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4932
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3492
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    PID:2064
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:2252
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:1512
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:2836
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:3648
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:5036
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:4240
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:3712
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:4412
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:4924
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:2356
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:1544
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:4680
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:544
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:3372
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:3712
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:4404
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:4904
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:2836
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:2644
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:1820
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:4796
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:4060
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:1132
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:5084
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:2980
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:1700
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:3448
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:5040
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:4404
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:5076
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:1092
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:4816
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:4888
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:4384
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:4832
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:1852
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:1056
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:5084
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:3336
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:4072
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:1040
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:1356
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:4024
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:3408
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:4156
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:1116
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:4760
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:2332
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:3216
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:4320
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:3116
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:2648
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:180
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:3816
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:4072
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:1476

                                                                                                                  Network

                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                  Replay Monitor

                                                                                                                  Loading Replay Monitor...

                                                                                                                  Downloads

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                    Filesize

                                                                                                                    2KB

                                                                                                                    MD5

                                                                                                                    b232811bdd17babe4dd952a6d46c9eb8

                                                                                                                    SHA1

                                                                                                                    fbe4df45802792c0ea1e0e7ad057fac5fa75d42a

                                                                                                                    SHA256

                                                                                                                    b9f0e99dad6babb6f416e9e5355e592f90181b7537f1f8a385523e788b496535

                                                                                                                    SHA512

                                                                                                                    22b60e018b64db67bde8086da3eee250002ee342e30e588d434992d763b59ce7612ace33ba6482907a0251dcdaf211ed7e2a7cc285e1f8d4cbb89cab05427c16

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133729248800561126.txt.~tmp
                                                                                                                    Filesize

                                                                                                                    75KB

                                                                                                                    MD5

                                                                                                                    dea3960653ae9cb1627a09a96cd5e0c9

                                                                                                                    SHA1

                                                                                                                    0ac96b97b98a8bec81a5a90ac4c0b16c244b6017

                                                                                                                    SHA256

                                                                                                                    33ee88f9beab75705c6a00fe48422bab7a67b8920b668071d5a74d51989e49f5

                                                                                                                    SHA512

                                                                                                                    168bcb69d6f306d537a4f607ec408af996fed447ea6f8e2d3e8e6fa99636e5b6a6d12d855976400754033b11785f7d0509b9ffe26c48239c942e668198ab45a8

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\2C1DWAXK\microsoft.windows[1].xml
                                                                                                                    Filesize

                                                                                                                    96B

                                                                                                                    MD5

                                                                                                                    e348d00fe7b19d8e8f6efc5cd8f3be59

                                                                                                                    SHA1

                                                                                                                    de85b87da07da2e4b4215ef312d318f1b329ca6e

                                                                                                                    SHA256

                                                                                                                    4ee26da36e3b7d5c9f14f2ed8d6c75c10434acec949dc6e550f176b9acb84dd7

                                                                                                                    SHA512

                                                                                                                    a0a9a671e08cb35904098426cf1b50a11d6a0c7be57f684f9808f5c953ac2732dd1f090c3d12260870056a1ee5f9097ad9872715c798fba196d7212a536afcbe

                                                                                                                    Download Submit

                                                                                                                  • memory/1132-1067-0x0000000004D50000-0x0000000004D51000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1356-20-0x0000016665F10000-0x0000016665F30000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1356-51-0x00000166664E0000-0x0000016666500000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1356-30-0x0000016665ED0000-0x0000016665EF0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1488-365-0x0000021FCF250000-0x0000021FCF270000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1488-334-0x0000021FCEE80000-0x0000021FCEEA0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1488-347-0x0000021FCEE40000-0x0000021FCEE60000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1504-767-0x0000000004C80000-0x0000000004C81000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1628-215-0x000001E286B00000-0x000001E286B20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1628-179-0x000001E285700000-0x000001E285800000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/1628-178-0x000001E285700000-0x000001E285800000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/1628-183-0x000001E286520000-0x000001E286540000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1628-193-0x000001E2861E0000-0x000001E286200000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1632-482-0x00000273A2940000-0x00000273A2960000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1632-490-0x00000273A2900000-0x00000273A2920000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1632-477-0x00000273A1800000-0x00000273A1900000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/1632-513-0x00000273A2D00000-0x00000273A2D20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1904-475-0x0000000003ED0000-0x0000000003ED1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/2152-770-0x0000024F29740000-0x0000024F29840000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/2152-781-0x0000024F2A650000-0x0000024F2A670000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2152-791-0x0000024F2AC60000-0x0000024F2AC80000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2152-768-0x0000024F29740000-0x0000024F29840000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/2152-773-0x0000024F2A690000-0x0000024F2A6B0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2332-1074-0x0000018229040000-0x0000018229060000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2332-1082-0x0000018229000000-0x0000018229020000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2588-8-0x0000000140000000-0x00000001400FC000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1008KB

                                                                                                                    Download

                                                                                                                  • memory/2588-1-0x0000000140000000-0x00000001400FC000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1008KB

                                                                                                                    Download

                                                                                                                  • memory/2588-0-0x0000000002AB0000-0x0000000002AB7000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    28KB

                                                                                                                    Download

                                                                                                                  • memory/2768-919-0x0000000003F10000-0x0000000003F11000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/3156-921-0x000001A182500000-0x000001A182600000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3156-925-0x000001A1832F0000-0x000001A183310000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3156-957-0x000001A1838C0000-0x000001A1838E0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3156-935-0x000001A1832B0000-0x000001A1832D0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3156-920-0x000001A182500000-0x000001A182600000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3156-922-0x000001A182500000-0x000001A182600000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3452-4-0x0000000002BE0000-0x0000000002BE1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/3452-9-0x0000000001280000-0x0000000001281000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/3452-6-0x00007FF9FABEA000-0x00007FF9FABEB000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/3664-614-0x0000000004200000-0x0000000004201000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/4260-326-0x0000000003FE0000-0x0000000003FE1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/4708-176-0x0000000004650000-0x0000000004651000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/4888-652-0x0000021245350000-0x0000021245370000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4888-615-0x0000020A42E20000-0x0000020A42F20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/4888-616-0x0000020A42E20000-0x0000020A42F20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/4888-620-0x0000021244F80000-0x0000021244FA0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4888-644-0x0000021244F40000-0x0000021244F60000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/5068-13-0x0000000004180000-0x0000000004181000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download