0dd28a6667550ce48e392c27f941094cbb16ecfe5ebc57020459a6c0f1480fca

Analysis

max time kernel
146s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
12/10/2024, 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

scam2.cmd
Size

62B
MD5

8da489a756ab45ee9df60af27a23a06d
SHA1

c70e1fb9a8b73a7a2901e2bf659b46ea2e5f8ade
SHA256

0dd28a6667550ce48e392c27f941094cbb16ecfe5ebc57020459a6c0f1480fca
SHA512

8750ddba1390f17d1f88e476b24afbc36dd3494b185fd6db0295467a7d067b09f379dd5b6f43b0968ae44929f91edd3c32b334c2f48cfb9a3d70a6b6dd96d1f4

Score

1^/10

Malware Config

Signatures

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3672	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2936	2332	cmd.exe	78
PID 2332 wrote to memory of 2936	2332	cmd.exe	78
PID 2764 wrote to memory of 4296	2764	cmd.exe	83
PID 2764 wrote to memory of 4296	2764	cmd.exe	83
PID 788 wrote to memory of 4076	788	cmd.exe	88
PID 788 wrote to memory of 4076	788	cmd.exe	88
PID 4556 wrote to memory of 3560	4556	cmd.exe	91
PID 4556 wrote to memory of 3560	4556	cmd.exe	91
PID 5092 wrote to memory of 3596	5092	cmd.exe	94
PID 5092 wrote to memory of 3596	5092	cmd.exe	94
PID 3124 wrote to memory of 2668	3124	cmd.exe	97
PID 3124 wrote to memory of 2668	3124	cmd.exe	97
PID 2100 wrote to memory of 3956	2100	cmd.exe	100
PID 2100 wrote to memory of 3956	2100	cmd.exe	100
PID 2056 wrote to memory of 2552	2056	cmd.exe	103
PID 2056 wrote to memory of 2552	2056	cmd.exe	103
PID 1244 wrote to memory of 3580	1244	cmd.exe	106
PID 1244 wrote to memory of 3580	1244	cmd.exe	106
PID 2924 wrote to memory of 3844	2924	cmd.exe	109
PID 2924 wrote to memory of 3844	2924	cmd.exe	109
PID 3176 wrote to memory of 4504	3176	cmd.exe	112
PID 3176 wrote to memory of 4504	3176	cmd.exe	112
PID 4200 wrote to memory of 3584	4200	cmd.exe	115
PID 4200 wrote to memory of 3584	4200	cmd.exe	115
PID 4980 wrote to memory of 3004	4980	cmd.exe	118
PID 4980 wrote to memory of 3004	4980	cmd.exe	118
PID 3104 wrote to memory of 4368	3104	cmd.exe	121
PID 3104 wrote to memory of 4368	3104	cmd.exe	121
PID 3504 wrote to memory of 2228	3504	cmd.exe	124
PID 3504 wrote to memory of 2228	3504	cmd.exe	124
PID 4900 wrote to memory of 4684	4900	cmd.exe	127
PID 4900 wrote to memory of 4684	4900	cmd.exe	127
PID 4536 wrote to memory of 2428	4536	cmd.exe	130
PID 4536 wrote to memory of 2428	4536	cmd.exe	130
PID 2148 wrote to memory of 1324	2148	cmd.exe	133
PID 2148 wrote to memory of 1324	2148	cmd.exe	133
PID 4720 wrote to memory of 2732	4720	cmd.exe	136
PID 4720 wrote to memory of 2732	4720	cmd.exe	136
PID 1320 wrote to memory of 956	1320	cmd.exe	139
PID 1320 wrote to memory of 956	1320	cmd.exe	139
PID 4120 wrote to memory of 2788	4120	cmd.exe	142
PID 4120 wrote to memory of 2788	4120	cmd.exe	142
PID 4576 wrote to memory of 3760	4576	cmd.exe	145
PID 4576 wrote to memory of 3760	4576	cmd.exe	145
PID 2016 wrote to memory of 1188	2016	cmd.exe	148
PID 2016 wrote to memory of 1188	2016	cmd.exe	148
PID 4036 wrote to memory of 4664	4036	cmd.exe	151
PID 4036 wrote to memory of 4664	4036	cmd.exe	151
PID 3136 wrote to memory of 4592	3136	cmd.exe	154
PID 3136 wrote to memory of 4592	3136	cmd.exe	154
PID 4088 wrote to memory of 3220	4088	cmd.exe	157
PID 4088 wrote to memory of 3220	4088	cmd.exe	157
PID 3056 wrote to memory of 3492	3056	cmd.exe	160
PID 3056 wrote to memory of 3492	3056	cmd.exe	160
PID 2344 wrote to memory of 1240	2344	cmd.exe	163
PID 2344 wrote to memory of 1240	2344	cmd.exe	163
PID 1624 wrote to memory of 3328	1624	cmd.exe	166
PID 1624 wrote to memory of 3328	1624	cmd.exe	166
PID 3428 wrote to memory of 792	3428	cmd.exe	169
PID 3428 wrote to memory of 792	3428	cmd.exe	169
PID 2572 wrote to memory of 3124	2572	cmd.exe	172
PID 2572 wrote to memory of 3124	2572	cmd.exe	172
PID 2396 wrote to memory of 2248	2396	cmd.exe	175
PID 2396 wrote to memory of 2248	2396	cmd.exe	175

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\scam2.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:2936

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3700

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\scam2.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:4296

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:788
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:4076

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:3560

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:3596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:3124
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:2668

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:3956

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:2552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:3580

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:3844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:4504

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:4200
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:3584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:3004

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:3104
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:4368

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:2228

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:4684

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:2428

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:1324

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:2732

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:956

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:2788

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:3760

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:1188

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:4664

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:3136
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:4592

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:3220

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:3492

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:1240

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:3328

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:3428
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:792

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:3124

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:2248

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
PID:4596
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:3564

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
PID:2040
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:3556

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
PID:656
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:1572

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
PID:1448
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:4224

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
PID:2752
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:4996

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
PID:4980
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:4948

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
PID:1920
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:4972

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
PID:1112
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:4172

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
PID:3644
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:2660

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
PID:2936
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:4484

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\scam2.cmd" "
1⤵
PID:448
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:3640

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2400

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:1648
- C:\Windows\system32\shutdown.exe
  shutdown.exe /r /t 5 /c 'Get Scammed lmfao'
  2⤵
  PID:3576

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\5c8d555b-3e47-4e9a-b43b-299593bc60d2.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
0c71204dc7dd088aa8f1b279e29d7bf5

SHA1
475dbeb8589312574e6b5f3ca2913b8b80af155b

SHA256
28f655f695c0992c73fa7b02fca2c93b65aec5b8c82297e1be30ed9016eb54a1

SHA512
f10ec78286923446833e4f19900a790be0440885688fe273a811648de090a765ea82ef8ccc062987ec12285e0de608b803671d01358a18dd4504f90845169826

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
76fbe77cbc68f3bd5f0decad25775716

SHA1
2ebc2dea0b2224ea73fb5413d94ad38218122bf3

SHA256
8d59129db45c9f234318144380c9d167d89a9faa8e2a6aede9b5a3bcfdf650b6

SHA512
1a5d850914bd033defe42de3a333c2a7497927a07289258acd5ec08e973b4ed45030b0f299d6da5bac16ad607ed471b3db52a5c9676a532ecaa0836682618230

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads