Overview

overview

10

Static

static

3

justifican...ia.exe

windows7-x64

8

justifican...ia.exe

windows10-2004-x64

10

Capricorn4...er.ps1

windows7-x64

3

Capricorn4...er.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    26s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250211-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/02/2025, 06:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Capricorn46/Smaakager.ps1

  • Size

    52KB

  • MD5

    e887e59c0f45446f5708524edd22e09f

  • SHA1

    0530bfca5e7911c425be41d276e697042e102132

  • SHA256

    2887ac9e3835ee2197cde04ee649f98d6372e24b05668c69062026a612c43ea3

  • SHA512

    2f1bb8a9e30666c7a8703e13ebe2e3b26d53e1d0759c02ec18ef6531b2aa0fea84e358aa364dcac01f2b17639ddfd71b92122fded579b41bd0531121dd52faba

  • SSDEEP

    1536:znLKmKmnI7jcQzSM43GM8C460L3vZnNajdOqmP:znLjKm5QzSMuG3L3BnNZ1

Score
8/10
discoveryexecutionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 5 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Downloads MZ/PE file
  • Enumerates connected drives 3 TTPs 8 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Capricorn46\Smaakager.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1864
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1020
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2252
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1764
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2000
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3892
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4936
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4840
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4828
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4696
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4240
  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzM3MDJCNUQtOEQzRS00RkVFLUJCOEMtRUZFRUIwOEUyMzU5fSIgdXNlcmlkPSJ7RTk1M0Y1MjctNDdDMC00OTQ4LUEzMDgtMTgxQkJFQjQxRTlGfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7REYxODcwMUQtQ0QyMi00NzkyLUJEQTUtRTM4MEFCQTk3QkJFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODMyMzYiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NDI1MTE0ODAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MzY2MTY0Mzc4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
    1⤵
    • System Location Discovery: System Language Discovery
    • System Network Configuration Discovery: Internet Connection Discovery
    PID:536
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:1084
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:4712
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:716
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:2232
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:2064
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:4496
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:2356
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:4212
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:2760
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:4200
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3540
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:4372
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:4156
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:3448
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:4248
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:2460
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:3992
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:4124
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4360
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4380
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:1460
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:4764
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:3784
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:4416
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:848
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:996
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:2356
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:4136
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:2032
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:3436
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:2908
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:8
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:4488
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:3252
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:848
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:2460
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:3216
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:3672
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:3560
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:4056
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:1008
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:392
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:2064
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:3560
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:2912
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:4156
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:3068
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:1008
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:1636
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:844
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:2080
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                        1⤵
                                                                                                          PID:3312
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:2496

                                                                                                          Network

                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                          Replay Monitor

                                                                                                          Loading Replay Monitor...

                                                                                                          Downloads

                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                            Filesize

                                                                                                            2KB

                                                                                                            MD5

                                                                                                            30ac8d506d239d44cce7f6623a6051bc

                                                                                                            SHA1

                                                                                                            18792c590a42bd59bdb222a0f2c2d4cf5b619fa1

                                                                                                            SHA256

                                                                                                            6a83e3fb538f4faeba34eda4903ecf3137a092bbad9157ba48c016e154772cb5

                                                                                                            SHA512

                                                                                                            5b9adf568e880603b4663853bd50a56dc0d76cc06250d09c5a85519ea2f07fe23703bbc688bea7cb95a50b271ad1ae2e426fa47c189e3e1f2fb4094c7e5c4c93

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133839892550357085.txt
                                                                                                            Filesize

                                                                                                            74KB

                                                                                                            MD5

                                                                                                            92be2be0dc781d04e1d3b8aa927e8402

                                                                                                            SHA1

                                                                                                            e30037cee53e27d0438484a19291ddcd259efbf5

                                                                                                            SHA256

                                                                                                            403368417eb7a6ba207e1058d2a675353e69e3cdee39a602a2cc5c966bec3d58

                                                                                                            SHA512

                                                                                                            1079441be4b86901e5ceb66c0094bda5cc5a4ee41b7455be1269a7997b2e396e374670554bae103ed03e6ef6761a7ac18bf170bc09df0d49c2a7886b53417428

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\KTKQGAMA\microsoft.windows[1].xml
                                                                                                            Filesize

                                                                                                            96B

                                                                                                            MD5

                                                                                                            cdd17d555f9c1eadfd672360aa2c0e4f

                                                                                                            SHA1

                                                                                                            3b4a2f135ad7558b42d6b45b01f434f30f93e184

                                                                                                            SHA256

                                                                                                            f907be0dcfbdfb5866b9988b8aa8ced21d1671ba6774b352ae563ec26ec7d028

                                                                                                            SHA512

                                                                                                            a6d9e149358a730120b402a0b6cfec1f0883c9d37a4e1503e515a2dc37bbb2ce5edea74671e675afd2435307e3f82056bd748b7bc8efefd5a07f35927ab28b38

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mihbiafc.bf1.ps1
                                                                                                            Filesize

                                                                                                            60B

                                                                                                            MD5

                                                                                                            d17fe0a3f47be24a6453e9ef58c94641

                                                                                                            SHA1

                                                                                                            6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                            SHA256

                                                                                                            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                            SHA512

                                                                                                            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                            Download Submit

                                                                                                          • memory/716-328-0x00000000044B0000-0x00000000044B1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/996-1044-0x000001EC683D0000-0x000001EC683F0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/996-1028-0x000001EC67500000-0x000001EC67600000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/996-1027-0x000001EC67500000-0x000001EC67600000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/996-1064-0x000001EC689E0000-0x000001EC68A00000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/996-1032-0x000001EC68620000-0x000001EC68640000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/1008-1338-0x0000000004E20000-0x0000000004E21000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/1460-874-0x00000000043B0000-0x00000000043B1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/1864-14-0x00007FFCC9CD0000-0x00007FFCCA791000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.8MB

                                                                                                            Download

                                                                                                          • memory/1864-17-0x00000285FC670000-0x00000285FC694000-memory.dmp

                                                                                                            Filesize

                                                                                                            144KB

                                                                                                            Download

                                                                                                          • memory/1864-23-0x00007FFCC9CD0000-0x00007FFCCA791000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.8MB

                                                                                                            Download

                                                                                                          • memory/1864-21-0x00007FFCC9CD3000-0x00007FFCC9CD5000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/1864-20-0x00007FFCC9CD0000-0x00007FFCCA791000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.8MB

                                                                                                            Download

                                                                                                          • memory/1864-19-0x00007FFCC9CD0000-0x00007FFCCA791000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.8MB

                                                                                                            Download

                                                                                                          • memory/1864-16-0x00000285FC670000-0x00000285FC69A000-memory.dmp

                                                                                                            Filesize

                                                                                                            168KB

                                                                                                            Download

                                                                                                          • memory/1864-22-0x00007FFCC9CD0000-0x00007FFCCA791000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.8MB

                                                                                                            Download

                                                                                                          • memory/1864-15-0x00007FFCC9CD0000-0x00007FFCCA791000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.8MB

                                                                                                            Download

                                                                                                          • memory/1864-13-0x00007FFCC9CD0000-0x00007FFCCA791000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.8MB

                                                                                                            Download

                                                                                                          • memory/1864-12-0x00007FFCC9CD0000-0x00007FFCCA791000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.8MB

                                                                                                            Download

                                                                                                          • memory/1864-0-0x00007FFCC9CD3000-0x00007FFCC9CD5000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/1864-11-0x00007FFCC9CD0000-0x00007FFCCA791000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.8MB

                                                                                                            Download

                                                                                                          • memory/1864-1-0x00000285E3BA0000-0x00000285E3BC2000-memory.dmp

                                                                                                            Filesize

                                                                                                            136KB

                                                                                                            Download

                                                                                                          • memory/2064-1339-0x000002C75EA00000-0x000002C75EB00000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/2064-329-0x0000026878250000-0x0000026878350000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/2064-341-0x0000026879370000-0x0000026879390000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/2064-334-0x00000268793B0000-0x00000268793D0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/2064-352-0x0000026879780000-0x00000268797A0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/2460-755-0x0000000000ED0000-0x0000000000ED1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/2460-1197-0x00000000042A0000-0x00000000042A1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/3784-876-0x000001BE3FC40000-0x000001BE3FD40000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/3784-880-0x000001C641D90000-0x000001C641DB0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3784-890-0x000001C641D50000-0x000001C641D70000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3784-903-0x000001C642160000-0x000001C642180000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3784-875-0x000001BE3FC40000-0x000001BE3FD40000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/3892-27-0x00000000041E0000-0x00000000041E1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/4124-793-0x000001ECF4AE0000-0x000001ECF4B00000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4124-761-0x000001ECF4500000-0x000001ECF4520000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4124-776-0x000001ECF44C0000-0x000001ECF44E0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4124-758-0x000001ECF3600000-0x000001ECF3700000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4124-757-0x000001ECF3600000-0x000001ECF3700000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4124-756-0x000001ECF3600000-0x000001ECF3700000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4136-1203-0x00000235F7550000-0x00000235F7570000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4136-1234-0x00000235F7920000-0x00000235F7940000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4136-1199-0x00000235F6A00000-0x00000235F6B00000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4136-1211-0x00000235F7510000-0x00000235F7530000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4136-1198-0x00000235F6A00000-0x00000235F6B00000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4156-615-0x0000000004050000-0x0000000004051000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/4200-476-0x0000000002D10000-0x0000000002D11000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/4240-191-0x0000017D93100000-0x0000017D93200000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4240-195-0x0000017D94240000-0x0000017D94260000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4240-192-0x0000017D93100000-0x0000017D93200000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4240-202-0x0000017D94200000-0x0000017D94220000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4240-227-0x0000017D94600000-0x0000017D94620000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4248-616-0x0000015BF8250000-0x0000015BF8350000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4248-621-0x0000015BF95B0000-0x0000015BF95D0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4248-652-0x0000015BF9980000-0x0000015BF99A0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4248-635-0x0000015BF9570000-0x0000015BF9590000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4248-617-0x0000015BF8250000-0x0000015BF8350000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4372-479-0x000001F46C400000-0x000001F46C500000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4372-478-0x000001F46C400000-0x000001F46C500000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4372-480-0x000001F46C400000-0x000001F46C500000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4372-515-0x000001F46D910000-0x000001F46D930000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4372-491-0x000001F46D500000-0x000001F46D520000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4372-483-0x000001F46D540000-0x000001F46D560000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4416-1026-0x00000000049B0000-0x00000000049B1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/4828-188-0x00000000047E0000-0x00000000047E1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/4840-64-0x000001E0AA700000-0x000001E0AA720000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4840-41-0x000001E0AA300000-0x000001E0AA320000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4840-34-0x000001E0AA340000-0x000001E0AA360000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4840-30-0x000001E0A9200000-0x000001E0A9300000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4840-29-0x000001E0A9200000-0x000001E0A9300000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download