Overview

overview

10

Static

static

3

26b519786c...94.exe

windows7-x64

10

26b519786c...94.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    80s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-02-2025 20:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26b519786c62293ca6fa12347a66228efb4de2eaade2609f69d34a821f0cf594.exe

  • Size

    261KB

  • MD5

    fac1cc5f820141ec14629225eb9a49f1

  • SHA1

    3ad4a0edcd74605ce8cbb346e559038de0b76820

  • SHA256

    26b519786c62293ca6fa12347a66228efb4de2eaade2609f69d34a821f0cf594

  • SHA512

    3aa77b5b2a9e279329dd6de391af445c6f295e764f2a86a0fb5ec5024a10467c25dc1f1b0d54af12f9ec8faa2b710a8ce7185969ca2139103e2b2fd78e9462a9

  • SSDEEP

    6144:FrSwniqL48g03KvWiNx7/3n0u8Z0E0U0Y7O1wmYwL:h1niqL48gwKOi7n0u8Z0E0jaC/

Score
8/10
persistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 11 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3400
    • C:\Users\Admin\AppData\Local\Temp\26b519786c62293ca6fa12347a66228efb4de2eaade2609f69d34a821f0cf594.exe
      "C:\Users\Admin\AppData\Local\Temp\26b519786c62293ca6fa12347a66228efb4de2eaade2609f69d34a821f0cf594.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4532
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1556
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3760
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3532
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4692
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3776
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1236
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4000
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:836
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4556
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:1972
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3044
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3400
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3228
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4224
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2552
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4672
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1080
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1668
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2644
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4468
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4320
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4504
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:464
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4944
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:1152
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:232
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1264
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3732
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4764
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
      PID:2660
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:3100
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:4492
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:3504
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:3624
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:1120
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:3696
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:3380
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:2384
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:1636
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:3904
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:2908
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:1052
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:532
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:2364
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:3568
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:1492
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:4208
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:3088
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:1672
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:4392
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:1492
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:1852
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:1896
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:1256
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:5080
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:4024
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:4908
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:4064
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:1548
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:4716
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:5116
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:3188
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:5040
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:1660
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:3568
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:4776
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:3756
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:4524
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:1904

                                                                                  Network

                                                                                  MITRE ATT&CK Enterprise v15

                                                                                  Replay Monitor

                                                                                  Loading Replay Monitor...

                                                                                  Downloads

                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                    Filesize

                                                                                    2KB

                                                                                    MD5

                                                                                    0d7c781edad5f3fe45721d0c2458895f

                                                                                    SHA1

                                                                                    b265b59a49941faa9b00e87992fa170e5f755761

                                                                                    SHA256

                                                                                    7fa445e82888e52dda736ecf53ad1cc5b086146d55a9795c75a4da5f53be82e9

                                                                                    SHA512

                                                                                    bb8ff6dbeaafafce3750a40c2bdccea9f04f8ea3fd963a627d4f56f927121452d6be2b49d8e4aecbcb4c8e8d8cc059a21fbf72cd6141ea6cbd87d327d3b1d271

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{0623ff40-e8c2-4b6b-b59a-e39210661a20}\0.0.filtertrie.intermediate.txt
                                                                                    Filesize

                                                                                    28KB

                                                                                    MD5

                                                                                    ab6db363a3fc9e4af2864079fd88032d

                                                                                    SHA1

                                                                                    aa52099313fd6290cd6e57d37551d63cd96dbe45

                                                                                    SHA256

                                                                                    373bb433c2908af2e3de58ede2087642814564560d007e61748cdb48d4e9da3f

                                                                                    SHA512

                                                                                    d3d13d17df96705d0de119ad0f8380bfe6b7bc44c618e2fcd0233061a0ab15beae44d38c48a880121b35f90f56c1529e5f4cf1a19acb9e2cbba5d1c402c749c0

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{0623ff40-e8c2-4b6b-b59a-e39210661a20}\0.1.filtertrie.intermediate.txt
                                                                                    Filesize

                                                                                    5B

                                                                                    MD5

                                                                                    34bd1dfb9f72cf4f86e6df6da0a9e49a

                                                                                    SHA1

                                                                                    5f96d66f33c81c0b10df2128d3860e3cb7e89563

                                                                                    SHA256

                                                                                    8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c

                                                                                    SHA512

                                                                                    e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{0623ff40-e8c2-4b6b-b59a-e39210661a20}\0.2.filtertrie.intermediate.txt
                                                                                    Filesize

                                                                                    5B

                                                                                    MD5

                                                                                    c204e9faaf8565ad333828beff2d786e

                                                                                    SHA1

                                                                                    7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1

                                                                                    SHA256

                                                                                    d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f

                                                                                    SHA512

                                                                                    e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{0623ff40-e8c2-4b6b-b59a-e39210661a20}\Apps.ft
                                                                                    Filesize

                                                                                    38KB

                                                                                    MD5

                                                                                    84ac0c242b77b8fc326db0a5926b089e

                                                                                    SHA1

                                                                                    cc6b367ae8eb38561de01813b7d542067fb2318f

                                                                                    SHA256

                                                                                    b1557167a6df424f8b28aabd31d1b7e8a469dd50d2ae4cbbd43afd8f9c62cf92

                                                                                    SHA512

                                                                                    8f63084bd5a270b7b05e80454d26127b69bcb98ec93d9fad58d77203934f46b677a3aaf20f29e73dcd7035deb61f4c0aa3b10acbc4c0fc210632c1d74f705d2f

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{0623ff40-e8c2-4b6b-b59a-e39210661a20}\Apps.index
                                                                                    Filesize

                                                                                    1.0MB

                                                                                    MD5

                                                                                    f4514c93191e0efc0f61036e4ebb341a

                                                                                    SHA1

                                                                                    c80478e9a734790c18584f67a43518aa4a7dcf58

                                                                                    SHA256

                                                                                    43da4fa5f62affe399ceaac2d489b7cde610963a48e72d445bebe6f2c63a3600

                                                                                    SHA512

                                                                                    8aecb3491767e040a52f351908004db2c8f2f083397744585c2832212ec8aa288d3492be941a48b04774e16b43672ab167209776cbdef6692fef684fc54666a6

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133843855924505210.txt
                                                                                    Filesize

                                                                                    75KB

                                                                                    MD5

                                                                                    7a75f6d5a34b9ba5bcf9b33ba0e0f9dd

                                                                                    SHA1

                                                                                    0b0334ea3611f5587206e89aa9b7fe723acea029

                                                                                    SHA256

                                                                                    f17cb153482f075e61c8c3d173cee6fbcccbe9890d58aad4baeeff4b59259762

                                                                                    SHA512

                                                                                    2ae5389956b40f4ea4cc2b1b6ed156a16ce055c9ccef84fb308b7766da9f7d0d4b850c08eb2a212ba2bb7cc8dd0ad65c50a308036673c948cf43da5ab1835964

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\8PKTZ3BC\microsoft.windows[1].xml
                                                                                    Filesize

                                                                                    97B

                                                                                    MD5

                                                                                    77cc82955ce893463f41601027f87ac2

                                                                                    SHA1

                                                                                    735452540cbaec9e70d0e63c0d8433a3ea230678

                                                                                    SHA256

                                                                                    9be9016f70328b4742f54c3a3bb7387bccd76210084593015a42972593d48a34

                                                                                    SHA512

                                                                                    0b060b863f9ec90c3c9e3bac05111f0a793c570b443af6a982df027d13f4377c4b50662c7cbd7e1862fdd985410a08895b45eb80d86a95a950bdc7a4ba727ac8

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\8PKTZ3BC\microsoft.windows[1].xml
                                                                                    Filesize

                                                                                    191B

                                                                                    MD5

                                                                                    2e47c99c915a0b530c3cab1560a6c28e

                                                                                    SHA1

                                                                                    1f42f1f113051248a26127de872095ee5ea6ff5c

                                                                                    SHA256

                                                                                    e11a9dd74651964f14d450a9730d31571d578aa8fd7cfe29d13b847e1339330e

                                                                                    SHA512

                                                                                    3130b028648ed8f9675a116c95f5432960e0ac760d84f392154e4ec7db62f1940d73a319705b0481af1e14f738fbdb9c4f5377cec8eb62ef153716aa258dcc51

                                                                                    Download Submit

                                                                                  • memory/836-28-0x0000000004A00000-0x0000000004A01000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/1120-1226-0x0000028DEF200000-0x0000028DEF300000-memory.dmp

                                                                                    Filesize

                                                                                    1024KB

                                                                                    Download

                                                                                  • memory/1120-1227-0x0000028DEF200000-0x0000028DEF300000-memory.dmp

                                                                                    Filesize

                                                                                    1024KB

                                                                                    Download

                                                                                  • memory/1120-1230-0x0000028DEFFE0000-0x0000028DF0000000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/1120-1250-0x0000028DF06B0000-0x0000028DF06D0000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/1120-1238-0x0000028DEFFA0000-0x0000028DEFFC0000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/1120-1225-0x0000028DEF200000-0x0000028DEF300000-memory.dmp

                                                                                    Filesize

                                                                                    1024KB

                                                                                    Download

                                                                                  • memory/1152-925-0x0000000003EA0000-0x0000000003EA1000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/1264-929-0x000001869B300000-0x000001869B400000-memory.dmp

                                                                                    Filesize

                                                                                    1024KB

                                                                                    Download

                                                                                  • memory/1264-956-0x000001869C790000-0x000001869C7B0000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/1264-944-0x000001869C380000-0x000001869C3A0000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/1264-927-0x000001869B300000-0x000001869B400000-memory.dmp

                                                                                    Filesize

                                                                                    1024KB

                                                                                    Download

                                                                                  • memory/1264-932-0x000001869C3C0000-0x000001869C3E0000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/1264-928-0x000001869B300000-0x000001869B400000-memory.dmp

                                                                                    Filesize

                                                                                    1024KB

                                                                                    Download

                                                                                  • memory/1668-499-0x000002A7E6E20000-0x000002A7E6F20000-memory.dmp

                                                                                    Filesize

                                                                                    1024KB

                                                                                    Download

                                                                                  • memory/1668-530-0x000002A7E8350000-0x000002A7E8370000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/1668-517-0x000002A7E7F40000-0x000002A7E7F60000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/1668-504-0x000002A7E7F80000-0x000002A7E7FA0000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/1668-500-0x000002A7E6E20000-0x000002A7E6F20000-memory.dmp

                                                                                    Filesize

                                                                                    1024KB

                                                                                    Download

                                                                                  • memory/1972-205-0x0000000002B40000-0x0000000002B41000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/2552-347-0x000001C8FA600000-0x000001C8FA700000-memory.dmp

                                                                                    Filesize

                                                                                    1024KB

                                                                                    Download

                                                                                  • memory/2552-352-0x000001C8FB760000-0x000001C8FB780000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/2552-365-0x000001C8FB720000-0x000001C8FB740000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/2552-378-0x000001C8FBB30000-0x000001C8FBB50000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/2552-348-0x000001C8FA600000-0x000001C8FA700000-memory.dmp

                                                                                    Filesize

                                                                                    1024KB

                                                                                    Download

                                                                                  • memory/2644-643-0x0000000003F00000-0x0000000003F01000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/2660-1077-0x0000025198A00000-0x0000025198B00000-memory.dmp

                                                                                    Filesize

                                                                                    1024KB

                                                                                    Download

                                                                                  • memory/2660-1109-0x0000025199F00000-0x0000025199F20000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/2660-1090-0x00000251998F0000-0x0000025199910000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/2660-1080-0x0000025199930000-0x0000025199950000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/2660-1076-0x0000025198A00000-0x0000025198B00000-memory.dmp

                                                                                    Filesize

                                                                                    1024KB

                                                                                    Download

                                                                                  • memory/3228-345-0x0000000004150000-0x0000000004151000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/3400-233-0x00000184CC7D0000-0x00000184CC7F0000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/3400-209-0x00000184CB300000-0x00000184CB400000-memory.dmp

                                                                                    Filesize

                                                                                    1024KB

                                                                                    Download

                                                                                  • memory/3400-0-0x00000000026C0000-0x0000000002710000-memory.dmp

                                                                                    Filesize

                                                                                    320KB

                                                                                    Download

                                                                                  • memory/3400-4-0x00000000026C0000-0x0000000002710000-memory.dmp

                                                                                    Filesize

                                                                                    320KB

                                                                                    Download

                                                                                  • memory/3400-3-0x0000000000970000-0x0000000000971000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/3400-6-0x00000000026C0000-0x0000000002710000-memory.dmp

                                                                                    Filesize

                                                                                    320KB

                                                                                    Download

                                                                                  • memory/3400-7-0x0000000000950000-0x0000000000951000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/3400-222-0x00000184CC3C0000-0x00000184CC3E0000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/3400-1-0x00000000026C0000-0x0000000002710000-memory.dmp

                                                                                    Filesize

                                                                                    320KB

                                                                                    Download

                                                                                  • memory/3400-207-0x00000184CB300000-0x00000184CB400000-memory.dmp

                                                                                    Filesize

                                                                                    1024KB

                                                                                    Download

                                                                                  • memory/3400-212-0x00000184CC400000-0x00000184CC420000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/3504-1223-0x0000000003440000-0x0000000003441000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/3732-1074-0x0000000004CB0000-0x0000000004CB1000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/3760-51-0x00000252B4CE0000-0x00000252B4D00000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/3760-29-0x00000252B3E00000-0x00000252B3F00000-memory.dmp

                                                                                    Filesize

                                                                                    1024KB

                                                                                    Download

                                                                                  • memory/3760-34-0x00000252B4910000-0x00000252B4930000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/3760-37-0x00000252B48D0000-0x00000252B48F0000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/4320-649-0x0000023597A80000-0x0000023597AA0000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/4320-661-0x0000023597A40000-0x0000023597A60000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/4320-681-0x0000023597E50000-0x0000023597E70000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/4504-787-0x0000000004BB0000-0x0000000004BB1000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/4532-8-0x00007FF979470000-0x00007FF979665000-memory.dmp

                                                                                    Filesize

                                                                                    2.0MB

                                                                                    Download

                                                                                  • memory/4532-2-0x00007FF979470000-0x00007FF979665000-memory.dmp

                                                                                    Filesize

                                                                                    2.0MB

                                                                                    Download

                                                                                  • memory/4672-497-0x0000000002210000-0x0000000002211000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/4944-804-0x0000021C8CE80000-0x0000021C8CEA0000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/4944-815-0x0000021C8D290000-0x0000021C8D2B0000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/4944-794-0x0000021C8CEC0000-0x0000021C8CEE0000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                    Download

                                                                                  • memory/4944-790-0x0000021C8BD60000-0x0000021C8BE60000-memory.dmp

                                                                                    Filesize

                                                                                    1024KB

                                                                                    Download