Overview

overview

8

Static

static

3

4de213fb10...65.exe

windows7-x64

8

4de213fb10...65.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    37s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2024, 04:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4de213fb1032fb77e376a42283be07dcca35f0f1e05cd90d5044a6708b612665.exe

  • Size

    3.0MB

  • MD5

    7fd26e43541737e7355d8121bfdc3eb4

  • SHA1

    d35b8f721c29de395083edc77712c145d1888d8e

  • SHA256

    4de213fb1032fb77e376a42283be07dcca35f0f1e05cd90d5044a6708b612665

  • SHA512

    ccc4ed35262f619cf23c035bdf137eb033d798a553ca329f800d3a1fdf945139f75a8fa0f4ada187c59cf5b6017fe2cb06d1935ee61c0be7d4279b2500969f04

  • SSDEEP

    49152:D7TvfU+8X9GrNOsva5RbKhF3ANkTTlqp930QXZjKZ0vLwZlRFn:Q+8X9G3vP3AMQWQJjy0qlRFn

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 8 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 16 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 10 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4de213fb1032fb77e376a42283be07dcca35f0f1e05cd90d5044a6708b612665.exe
    "C:\Users\Admin\AppData\Local\Temp\4de213fb1032fb77e376a42283be07dcca35f0f1e05cd90d5044a6708b612665.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2340
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1572
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3204
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1772
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1008
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3464
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4528
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3648
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:372
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3340
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1772
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2988
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4756
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3608
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4048
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3432
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4788
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4408
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4756
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1852
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Modifies registry class
    PID:4860
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:3056
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:4304
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:4232
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:2412
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:1552
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:3120
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:4000
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:4104
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:2764
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:2412
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:1092
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:2556
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:1696
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:4008
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:4204
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:3620
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:1600
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:1344
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4528
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:1108
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:4420
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:4676
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:4324
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:3184
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:3692
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:2620
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:384
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:3340
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:2416
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:4892
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:3424
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:372
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:4320
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:2260
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:5084
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:3620
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3880
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:5024
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:4004
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:4396
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:5096
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:3512
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:516
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:2844
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:4900
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:5072
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:2060
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:2092
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:2228
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:1376
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:4404
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                          1⤵
                                                                                                            PID:4036

                                                                                                          Network

                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                          Replay Monitor

                                                                                                          Loading Replay Monitor...

                                                                                                          Downloads

                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                            Filesize

                                                                                                            2KB

                                                                                                            MD5

                                                                                                            4313cb5002b468d7a54a376e76d90214

                                                                                                            SHA1

                                                                                                            55c71a06def811459ac259de049832e8c5b2b960

                                                                                                            SHA256

                                                                                                            f27ece993de3cf4a15a1354212893a6f4e5b86d07aeaa15da8be669ab6e6457d

                                                                                                            SHA512

                                                                                                            aa0f109d395b71a31d635e97501f274f93cee0075d619ba93db1730c7748f638ed8a0a99a657db99af3f12bc8538ea69e1307ee9b10d6671e9d61c46e4e0e91a

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133732666587353628.txt
                                                                                                            Filesize

                                                                                                            75KB

                                                                                                            MD5

                                                                                                            1365352aec6992e1f4e5499c2bb76c71

                                                                                                            SHA1

                                                                                                            5a482b32af4b31ce9d03b052f2fc3acef035d067

                                                                                                            SHA256

                                                                                                            fd7afac64c9b47d3e0f639391b6738e1f08736f55457b3b030433bc03e3a774c

                                                                                                            SHA512

                                                                                                            b45e24c5d4aab796d13ae1d84b61ad0cdc9cbe520a07143dd597ecfeca84d627b569dde5bf443feb1759e791bb835f1088842ec46c785605636673b30b21833d

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DGTT1KLJ\microsoft.windows[1].xml
                                                                                                            Filesize

                                                                                                            97B

                                                                                                            MD5

                                                                                                            dfc314c564e6dcc3d3d7f1d2cdf01ff5

                                                                                                            SHA1

                                                                                                            53a06942171b8047e4850e459554488280da265e

                                                                                                            SHA256

                                                                                                            56b9785b0255bd668bfdb7d6f789d1e54de550d567b85e52105893b8fbb45a08

                                                                                                            SHA512

                                                                                                            48688def79fffd15cd97505f73860552d7ad5069cd741214ca13225dd69eff4111338175bcb6fc9e1ed926f4bbc11b28865ab3df33aabf8bb7b8b68a0531f5f5

                                                                                                            Download Submit

                                                                                                          • memory/372-163-0x00000000040B0000-0x00000000040B1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/1092-1119-0x0000024A6CC40000-0x0000024A6CD40000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/1092-1118-0x0000024A6CC40000-0x0000024A6CD40000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/1552-834-0x00000249FEB70000-0x00000249FEB90000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/1552-830-0x00000249FDA20000-0x00000249FDB20000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/1552-846-0x00000249FEB30000-0x00000249FEB50000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/1552-866-0x00000249FEF40000-0x00000249FEF60000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/1772-190-0x00000169EC350000-0x00000169EC370000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/1772-171-0x00000169EBF80000-0x00000169EBFA0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/1772-167-0x00000169EAE20000-0x00000169EAF20000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/1772-181-0x00000169EBF40000-0x00000169EBF60000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/1852-588-0x0000022CA0720000-0x0000022CA0740000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/1852-566-0x0000022CA0360000-0x0000022CA0380000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/1852-562-0x0000022C9F200000-0x0000022C9F300000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/1852-561-0x0000022C9F200000-0x0000022C9F300000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/1852-577-0x0000022CA0320000-0x0000022CA0340000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/2340-165-0x0000000000400000-0x000000000059D000-memory.dmp

                                                                                                            Filesize

                                                                                                            1.6MB

                                                                                                            Download

                                                                                                          • memory/2340-2-0x0000000000400000-0x000000000059D000-memory.dmp

                                                                                                            Filesize

                                                                                                            1.6MB

                                                                                                            Download

                                                                                                          • memory/2340-797-0x0000000000400000-0x000000000059D000-memory.dmp

                                                                                                            Filesize

                                                                                                            1.6MB

                                                                                                            Download

                                                                                                          • memory/2340-1109-0x0000000000400000-0x000000000059D000-memory.dmp

                                                                                                            Filesize

                                                                                                            1.6MB

                                                                                                            Download

                                                                                                          • memory/2340-526-0x0000000000400000-0x000000000059D000-memory.dmp

                                                                                                            Filesize

                                                                                                            1.6MB

                                                                                                            Download

                                                                                                          • memory/2764-1116-0x0000000004550000-0x0000000004551000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/2988-302-0x0000000004BB0000-0x0000000004BB1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/3120-978-0x00000000024F0000-0x00000000024F1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/3464-5-0x00000000036E0000-0x00000000036E1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/3608-303-0x0000025399200000-0x0000025399300000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/3608-305-0x0000025399200000-0x0000025399300000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/3608-340-0x000002539A720000-0x000002539A740000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3608-308-0x000002539A360000-0x000002539A380000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3608-315-0x000002539A320000-0x000002539A340000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3648-6-0x0000022BACB00000-0x0000022BACC00000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/3648-11-0x0000022BADC60000-0x0000022BADC80000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3648-25-0x0000022BADC20000-0x0000022BADC40000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3648-42-0x0000022BAE020000-0x0000022BAE040000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4048-409-0x0000000003000000-0x0000000003001000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/4104-985-0x00000233D0370000-0x00000233D0390000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4104-979-0x00000233CF220000-0x00000233CF320000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4104-994-0x00000233D0330000-0x00000233D0350000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4104-1006-0x00000233D0740000-0x00000233D0760000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4232-827-0x0000000004210000-0x0000000004211000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/4304-716-0x000001862A780000-0x000001862A7A0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4304-695-0x000001862A370000-0x000001862A390000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4304-679-0x0000018629250000-0x0000018629350000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4304-684-0x000001862A3B0000-0x000001862A3D0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4408-560-0x00000000045E0000-0x00000000045E1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/4788-424-0x0000013E514D0000-0x0000013E514F0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4788-448-0x0000013E51AE0000-0x0000013E51B00000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4788-416-0x0000013E51510000-0x0000013E51530000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4788-412-0x0000013E50600000-0x0000013E50700000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4788-411-0x0000013E50600000-0x0000013E50700000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4860-677-0x0000000002A30000-0x0000000002A31000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download