Overview

overview

10

Static

static

3

5a7464bcc4...58.exe

windows7-x64

7

5a7464bcc4...58.exe

windows10-2004-x64

10

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Oplagringers.ps1

windows7-x64

3

Oplagringers.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    44s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/02/2025, 04:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Oplagringers.ps1

  • Size

    56KB

  • MD5

    172a2e725c31a9307f57fc521e7db52d

  • SHA1

    98fc978b17e9cbd62f0895c78b73b71ef4fdbe6c

  • SHA256

    2d21ee452d6ec7e69fba3feb7ac2f84e221291e6759b262ab2153012bf0d9b73

  • SHA512

    5ebf7f94006c3f3dab1e7096c29793b10284507f9324a47926c3b06a1e083a1e011235a60e53a7744f344f0ffdb755db8ebfbe91f8ceb21aabbdc16f7496649d

  • SSDEEP

    1536:NHVu3SIUVtXXibggDjQ7yKB/kZqaoClCpbODr:NHVuidVxibggAGKBsZqPMCKr

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 9 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 12 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Oplagringers.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:692
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4216
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1128
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2784
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2092
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3584
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3372
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1096
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1528
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:2040
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1532
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3040
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3592
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4972
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2360
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4216
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2956
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2108
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4184
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4816
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1104
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3000
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4628
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4212
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:3836
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:3376
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:1108
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:4172
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:3104
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:3620
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:2680
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:3944
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:4144
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:4760
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:4740
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:4616
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:4620
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:2840
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:2808
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:1096
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:4816
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:1176
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:3844
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:4072
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:3840
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:2144
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:4376
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:4780
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:4176
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:5112
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:4616
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:3956
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:3608
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:4776
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:2296
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:5000
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:1108
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:1960
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:2588
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:4852
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3088
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:3556
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:2216
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:1112
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:4552
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:4888
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:4948
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:3312
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:4576
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:4092
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:3240
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:4544
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:1108
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:4048
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:3024
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:3584
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:880
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:1404
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:2568
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:1860

                                                                                                                  Network

                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                  Replay Monitor

                                                                                                                  Loading Replay Monitor...

                                                                                                                  Downloads

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                    Filesize

                                                                                                                    2KB

                                                                                                                    MD5

                                                                                                                    71737d8424d99580db0ff8337e4c384b

                                                                                                                    SHA1

                                                                                                                    09db16ac340ee8b69ce37e181e88eeb3f2a5abc9

                                                                                                                    SHA256

                                                                                                                    45028180d734d2c77ccf4ce9e76246070d89719020540214e923bb475a6ef709

                                                                                                                    SHA512

                                                                                                                    ddf0657a9b329d24ba22e441a2e1cec79934f9ed5b0f6e8f8d9ef1fb2ed3783e63943560d44841fd67a019f3e5417671c0373608cc23c1b792cd93e730727e40

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133844112234604560.txt
                                                                                                                    Filesize

                                                                                                                    76KB

                                                                                                                    MD5

                                                                                                                    646f29fb26692f8dbc23a53f8569d1c6

                                                                                                                    SHA1

                                                                                                                    481c58672f0f0b4ec8b002b9202977291d29118d

                                                                                                                    SHA256

                                                                                                                    088f69fe3f70d401c884880940775f6e622b4d4e2f89dbde7f1de39c6b38344b

                                                                                                                    SHA512

                                                                                                                    d11430e781998d989b5ff21f1a8ffbdee33506d8f083e88351aad158cf021e921b451acdd89fda7842693131b0b43dba16e39af6d912b2c0d986dd45e7848718

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\UW3I337Z\microsoft.windows[1].xml
                                                                                                                    Filesize

                                                                                                                    97B

                                                                                                                    MD5

                                                                                                                    506fad66cfeb0e9c8eeb20d207386bfb

                                                                                                                    SHA1

                                                                                                                    5e64617a6e6faf5a01509e03f406d9af1e510720

                                                                                                                    SHA256

                                                                                                                    199b34a97a2a28ad7454329d812cd5334cd2e18f9a933d7acd6ea57ed39eb44d

                                                                                                                    SHA512

                                                                                                                    84e40b07552a4e2b71b635c7d1905bf3ed59899015c328bc474c869009d97b2fe4b967a2931f743db89ac3566ce4a88ea18ba25c50cf5778d8f28d6913d4363a

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2avxr1vs.ach.ps1
                                                                                                                    Filesize

                                                                                                                    60B

                                                                                                                    MD5

                                                                                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                    SHA1

                                                                                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                    SHA256

                                                                                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                    SHA512

                                                                                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                    Download Submit

                                                                                                                  • memory/692-20-0x00007FFF88E70000-0x00007FFF89931000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/692-21-0x00007FFF88E70000-0x00007FFF89931000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/692-15-0x00007FFF88E70000-0x00007FFF89931000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/692-17-0x0000019B25050000-0x0000019B25074000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    144KB

                                                                                                                    Download

                                                                                                                  • memory/692-16-0x0000019B25050000-0x0000019B2507A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    168KB

                                                                                                                    Download

                                                                                                                  • memory/692-19-0x00007FFF88E70000-0x00007FFF89931000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/692-13-0x00007FFF88E70000-0x00007FFF89931000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/692-12-0x00007FFF88E70000-0x00007FFF89931000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/692-11-0x00007FFF88E70000-0x00007FFF89931000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/692-0-0x00007FFF88E73000-0x00007FFF88E75000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    8KB

                                                                                                                    Download

                                                                                                                  • memory/692-14-0x00007FFF88E70000-0x00007FFF89931000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/692-10-0x0000019B22D60000-0x0000019B22D82000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    136KB

                                                                                                                    Download

                                                                                                                  • memory/1104-787-0x0000000004670000-0x0000000004671000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1108-1079-0x0000000004B90000-0x0000000004B91000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1528-195-0x00000165CD600000-0x00000165CD700000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/1528-194-0x00000165CD600000-0x00000165CD700000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/1528-219-0x0000016DCFAD0000-0x0000016DCFAF0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1528-207-0x0000016DCF3C0000-0x0000016DCF3E0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1528-199-0x0000016DCF700000-0x0000016DCF720000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2040-346-0x0000000004610000-0x0000000004611000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/2108-647-0x0000000003F70000-0x0000000003F71000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/2360-501-0x000002147A500000-0x000002147A520000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2360-514-0x000002147A4C0000-0x000002147A4E0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2360-527-0x000002147AAE0000-0x000002147AB00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2360-496-0x0000021479600000-0x0000021479700000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/2360-497-0x0000021479600000-0x0000021479700000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/2784-27-0x0000000004B20000-0x0000000004B21000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/2840-1508-0x00000223E31D0000-0x00000223E32D0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/2840-1510-0x00000223E31D0000-0x00000223E32D0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/2840-1509-0x00000223E31D0000-0x00000223E32D0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3040-347-0x0000013325D40000-0x0000013325E40000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3040-374-0x0000013327260000-0x0000013327280000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3040-348-0x0000013325D40000-0x0000013325E40000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3040-362-0x0000013326C50000-0x0000013326C70000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3040-352-0x0000013326C90000-0x0000013326CB0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3104-1091-0x000001AAAFF40000-0x000001AAAFF60000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3104-1087-0x000001AAAF920000-0x000001AAAF940000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3104-1081-0x000001AAAE780000-0x000001AAAE880000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3104-1080-0x000001AAAE780000-0x000001AAAE880000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3104-1085-0x000001AAAF960000-0x000001AAAF980000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3372-193-0x0000000004CF0000-0x0000000004CF1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/3376-954-0x000001B3A3FA0000-0x000001B3A3FC0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3376-938-0x000001B3A3100000-0x000001B3A3200000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3376-975-0x000001B3A45B0000-0x000001B3A45D0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3376-943-0x000001B3A3FE0000-0x000001B3A4000000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3376-939-0x000001B3A3100000-0x000001B3A3200000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3584-33-0x0000013ED4C40000-0x0000013ED4C60000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3584-28-0x0000013ED3B00000-0x0000013ED3C00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3584-29-0x0000013ED3B00000-0x0000013ED3C00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3584-42-0x0000013ED4C00000-0x0000013ED4C20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3584-55-0x0000013ED5000000-0x0000013ED5020000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3592-494-0x0000000004E70000-0x0000000004E71000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/3620-1221-0x0000000004E60000-0x0000000004E61000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/3944-1227-0x000001BE110D0000-0x000001BE110F0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3944-1258-0x000001BE114A0000-0x000001BE114C0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3944-1245-0x000001BE11090000-0x000001BE110B0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4144-1362-0x0000000004660000-0x0000000004661000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/4212-936-0x0000000004650000-0x0000000004651000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/4616-1506-0x0000000004360000-0x0000000004361000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/4628-817-0x00000151460A0000-0x00000151460C0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4628-805-0x0000015145A90000-0x0000015145AB0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4628-794-0x0000015145AD0000-0x0000015145AF0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4740-1369-0x000002E25D670000-0x000002E25D690000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4740-1366-0x000002E25C520000-0x000002E25C620000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/4740-1401-0x000002E25DA40000-0x000002E25DA60000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4740-1387-0x000002E25D630000-0x000002E25D650000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4816-651-0x000001D7DD800000-0x000001D7DD900000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/4816-678-0x000001D7DED10000-0x000001D7DED30000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4816-666-0x000001D7DE900000-0x000001D7DE920000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4816-654-0x000001D7DE940000-0x000001D7DE960000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download