Analysis
-
max time kernel
63s -
max time network
67s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
17/04/2024, 08:33
General
-
Target
Mes_Drivers_3.0.4.exe
-
Size
1.5MB
-
MD5
50a5e891da27e63d54e68511e48aa026
-
SHA1
87073d85a7ba420b15c8bb9a9e4adc64db2bcfef
-
SHA256
0788aaea249d92a84f70047efcacaa54c26320b439c490ba3ce00457955031d6
-
SHA512
6df8811e3e1f6a4110ca3b7c498af13898b46962a30888879180b2f11dda24344a1de4807663d46dd86f7ea11855d08137980cc85fe71e688d082f2f79994909
-
SSDEEP
24576:AfHFw5b9DOnFYrv+kjqipUompMEoNMDYSkbDknoI6JK+ZYtEi8ETtAM5B:sjFYrv+kjV45oeYSRnyJhOtEVcf5B
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory 30 IoCs
-
Drops file in Windows directory 1 IoCs
-
Executes dropped EXE 9 IoCs
-
Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 30 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Mes_Drivers_3.0.4.exe"C:\Users\Admin\AppData\Local\Temp\Mes_Drivers_3.0.4.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C START "" "C:\Users\Admin\AppData\Local\Temp\interface.lnk"2⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\interface.cmd" "3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mode.comMODE CON: COLS=76 LINES=154⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" VER "4⤵
-
-
C:\Windows\SysWOW64\findstr.exeFINDSTR /I /R /C:"version 5\.[0-1]\."4⤵
-
-
C:\Windows\SysWOW64\waitfor.exeWAITFOR unlock4⤵
-
-
C:\Windows\SysWOW64\waitfor.exeWAITFOR unlock4⤵
-
-
C:\Windows\SysWOW64\waitfor.exeWAITFOR unlock4⤵
-
-
C:\Windows\SysWOW64\waitfor.exeWAITFOR unlock4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\detection.exe"C:\Users\Admin\AppData\Local\Temp\detection.exe"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\curl_x64.exe"C:\Users\Admin\AppData\Local\Temp\curl_x64.exe" --connect-timeout 5 --max-time 20 --fail --silent --request GET "https://www.touslesdrivers.com/php/mes_drivers/version.php?v_version=3.0.4"3⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\WAITFOR.exeWAITFOR /S HFWVAPUN /SI unlock3⤵
-
-
C:\Windows\SysWOW64\SC.exeSC query Winmgmt3⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\WAITFOR.exeWAITFOR /S HFWVAPUN /SI unlock3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\detect_x64.exe"C:\Users\Admin\AppData\Local\Temp\detect_x64.exe" driverfiles 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*3⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Executes dropped EXE
- Checks SCSI registry key(s)
-
-
C:\Users\Admin\AppData\Local\Temp\detect_x64.exe"C:\Users\Admin\AppData\Local\Temp\detect_x64.exe" drivernodes 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*3⤵
- Drops file in System32 directory
- Executes dropped EXE
- Checks SCSI registry key(s)
-
-
C:\Users\Admin\AppData\Local\Temp\detect_x64.exe"C:\Users\Admin\AppData\Local\Temp\detect_x64.exe" hwids 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*3⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
-
C:\Users\Admin\AppData\Local\Temp\detect_x64.exe"C:\Users\Admin\AppData\Local\Temp\detect_x64.exe" stack 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*3⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
-
C:\Users\Admin\AppData\Local\Temp\detect_x64.exe"C:\Users\Admin\AppData\Local\Temp\detect_x64.exe" status 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*3⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
-
C:\Windows\SysWOW64\WAITFOR.exeWAITFOR /S HFWVAPUN /SI unlock3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\aes_x64.exe"C:\Users\Admin\AppData\Local\Temp\aes_x64.exe" -e -p anT^UpFuzpuC@lOvsoPVe2kiNTidaBo<zI]BeaRnU0ResFwAy@dEnuCkUd)hAzOh -o "C:\Users\Admin\AppData\Local\Temp\A37X02yG1KwL2b2Y\A37X02yG1KwL2b2Y" -3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\curl_x64.exe"C:\Users\Admin\AppData\Local\Temp\curl_x64.exe" --connect-timeout 5 --max-time 20 --fail --silent --request POST --form "v_configuration=<C:\Users\Admin\AppData\Local\Temp\A37X02yG1KwL2b2Y\A37X02yG1KwL2b2Y" "https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=A37X02yG1KwL2b2Y&v_version=3.0.4"3⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C START "" "http://www.touslesdrivers.com/index.php?v_page=31&v_id=A37X02yG1KwL2b2Y"3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.touslesdrivers.com/index.php?v_page=31&v_id=A37X02yG1KwL2b2Y4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff964d846f8,0x7ff964d84708,0x7ff964d847185⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:35⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5072 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7584 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8009968014254727897,12919731176172426764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:15⤵
-
-
-
-
C:\Windows\SysWOW64\WAITFOR.exeWAITFOR /S HFWVAPUN /SI unlock3⤵
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x404 0x3081⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5104aab1e178489256a1425b28119ec93
SHA10bcf8ad28df672c618cb832ba8de8f85bd858a6c
SHA256b92c19f079ef5948cb58654ce76f582a480a82cddc5083764ed7f1eac27b8d01
SHA512b4f930f87eb86497672f32eb7cc77548d8afb09ad9fdba0508f368d5710e3a75c44b1fd9f96c98c2f0bd08deb4afde28330b11cf23e456c92cc509d28677d2cf
-
Filesize
152B
MD5846ce533b9e20979bf1857f1afb61925
SHA14c6726618d10805940dba5e6cf849448b552bf68
SHA256b81574d678f49d36d874dc062a1291092ab94164b92f7e30d42d9c61cc0e77c3
SHA5128fb228fae89f063159dabc93871db205d836bdb4ec8f54a2f642bd0b1ac531eea0c21234a8ca75a0ae9a008d2399a9bf20a481f5d6a6eab53a533cd03aeaaa2c
-
Filesize
19KB
MD5a0461eb6e007528ea8b7323df5c141ce
SHA1dab62c0d8c6008c37cc53a4bb9c443f045627e45
SHA2566164562b9a07a0905239e44743e39aaaa0550f8471ff8f9622dcc68adc35f920
SHA512c009e132bb97eb4f964174aa196263959c6ca251eaa44a808c2e084b9566628a16f65f47f4e2ab1222c5231cd0054b88bec954bf0ebd8cca35112bff73ae5e8b
-
Filesize
65KB
MD5cea82a40bee9c98f8f81cb4f93ad312e
SHA1466b4dd07d8576ea73949fa6e4b53801674b95bf
SHA256582d18fe7f2032b5a43e1d40808c5faa5c00f32e7da963a2ec1be537b63faaa6
SHA5126a1fd3ed94e9fecd7c1a2eabb1dc96858b26866cbe4fa1b248b7df0c2d346afbbcbff228d0ff55b581735d2f6668d0db640227591334cf4d3e42e8b17eef6f99
-
Filesize
456B
MD550e395f795b651d7236f3e35c03f6ede
SHA14f6ca9c0487e9ed0a1561ec1099bb9bd731d0c8a
SHA2560565f7be6f6505fe8c74e4e970d9c0a3bb7317341e3eeae6a0e273d2a700e536
SHA512b8832e8114d7cde606e04f5fb4355e64a0b20daa098517eba81099aca332db11ced0c18b82dbda4f5da33bf6980224fcff4639f614cdde6f7b5d2ada532878e6
-
Filesize
2KB
MD5b4db2a3fd02d956941517399d5c04f34
SHA10e6d197c68a9f08478aefcd8bec049dc782b2d93
SHA256f065d8f77d2a8f145d8cbee62b221a7e9fac184599e66392b001e8cad84eddbb
SHA5126f3e12b68e50e375187f076a812c164180b84b61a65478fe6e91aea256e17d7f695439f995fe80957d716d1811354e431a6f7cb754c5740ac89eee287230c2fb
-
Filesize
10KB
MD576fc44fd1e90f521f3748ed35e32571f
SHA1ff8cbd603290844dc2fea5fa028ae65d79d8fe14
SHA256223e2d2db38cbc04ba8f0fb50860ee951ca59b9888b8404b3bbe0047ce6758a3
SHA51286282221b2bb0613cfe84588bb70e848ce3d93b0e7bce3c573b447bde746f473972721d098a5aa510bb15c706f54d4060a0addb6a9629aca7f470b2aa62d142b
-
Filesize
12KB
MD54466759ab166391c05537b229292e98a
SHA123d2016441e6d0495f9d8ec4d557d3557a4837aa
SHA2567ad4ee05eea0d83a4211317da97f7af43c6b0a53bd5e5de62f53aa7dd2049598
SHA512bc9b360a02bc8dda3a4572429d8ba68b0feb4d8984e3ad5b7e3f218f5f23337de520b6ba0cc39f4d883f053c9b58c03b35c1f5665728ad47ff0980d0cdb73acc
-
Filesize
6KB
MD51c639f9cab5b47d61a75f1cba82d7dea
SHA1de49e875a6cdb1c6f7cd69a0f3b19bc266b1ee53
SHA256da9be1ab12bcc87051d176d25dad6f83ff5f9b53f4156cc6325d2d02cba909f3
SHA5126aa6495b7a7ad4810fc562eadc5e7d6040f2ef3adbaff6ab5cf5ad64843e2e9086485d1231c41af2a02190a1f157a640618f6c877dd0425254e6078b848842d8
-
Filesize
7KB
MD5767a3db387a8fe8d50083e7e39b33ee8
SHA1d92de5c203ed2b9267c8a6eaa09ed9abcdf61214
SHA2567cacf318847ab6e2bd3fcca763ef74069332e8b58ab5acd82173367d6fd50137
SHA5127aadb7e2ce35f2049e2884a800b84d7a089c02cd52107e76fec38f4d6fd384d0d2498e3a1a5e72b544047edea2c556aeebb37b8fbcee6c32ae0d0792ce454a4e
-
Filesize
16KB
MD5d7ae67c9b8bed8cf4c1cea60c1d07c74
SHA1d922e1fac3bfb1fd27cf0582b65a5650c98606b5
SHA25698f0f1129c0e8f15f63fc1f46b084d2944ca75a0668e96883d763482f358d311
SHA512139556c7886e68d0da2984b10a680adfd93ccbc1b98656641349f2c1b49e2fe36f28c1beea28d0c03ed7ed07b2ad694a9f3a2c1af7b68f3215f979bafc97ee09
-
Filesize
5KB
MD58876ef924b90211efe36a8cc1bc910b6
SHA12c3437266c69bec2767be4785dcad0a48d787df6
SHA2564ef26b89e8aa1f3dbe3f9e10e982a592df0995c8b741cb0ed09528a9bd03db08
SHA5125558c6f2fa9e070e5b8aaca58b6bf9d7e74bd002d04f3e77de96964a882bbd3e923896dc3613103322b34270cad83eb8eaf8ef728cca6db7faafe27b24088636
-
Filesize
1KB
MD55fdee1aeedf52e52033daf0999210995
SHA177d24414ef3b6341101ccbe13b74add60504cc82
SHA25690ed6ed64861e4e5da68a0351528e746d78a12cb2a954f813bbe43b963a038a1
SHA5127e9ef7076ed216ae918a8b260776cf40471763a8350fc98c19ebc09fcd40edfb4e1f7a8873092f8bae9f6bbbb9fe4607dcf96407f5d0c852f8dff34c6976f2a6
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5c86aeb90205c49ae9702f84f95e6fcb8
SHA1f4e654b2dcc01fc8052119d33c721f71f5130206
SHA25607406dc17057b53b9d76bf2f56bbaf53c2255d23efc9d458eda3e136bee66c41
SHA5123f72a81768ebbc76526473fed6c0a606bd4dcd6f977b7aaf9da3fbd51412ed11c28de38d145330c54e63413e4e9f90bbddecc7fb3593f5b20c8b33aea9a5cfb0
-
Filesize
11KB
MD550ba9107256e29a4824adfb53f343ce9
SHA1dc695387444b8cfa718e9b76d4e9df558df066f2
SHA2567eef09ea279653a6c265aa9e75aa78a5779b25ae256fc6d23a0acc6c30447198
SHA5121e37963abd5f2d61702734b39fc57adb762d2807435aefd1e5ee298099d3b634c1a4b390802f43c7cf2d1a52791c180e73153c6d63909113ca0477905357d01b
-
Filesize
24KB
MD5208f728bf0a4e3fa2402f2d5ed8fb8df
SHA1db1498ac90eb1d403008f667db4e746501f5d3c3
SHA2569cc1553480433c7f91c59e3ac4c21646c589a2ceb6dad00adf41cbec622d01f6
SHA512d7b26dc0df5c11dd254c17fe446514cc1bbef951c3b299e62f10b1a8691579322399244903a39a883fe41242e057e4296b03acb538de170e71e18ae3b316bf5e
-
Filesize
151KB
MD5e5125d4651c008eba61d9fd3abd5ab31
SHA14a85e5d6ab73891832c9adaa4a70c1896773c279
SHA256874cb7a8513b781b25e176828fe8fe5ac73fa2fe29ea2aac5fe0eaad50e63f39
SHA51226ba2cecf7324e1c5fe46112c31523e2fabad8de34fe84ce3a9e3a63922b0f85d84982e7c6bae13d2e3cf65193f7a19a67a2fc80af5a78ef8cfe611fce1a9409
-
Filesize
840KB
MD5e80c8cb9887a7c9426d4e843dddb8a44
SHA1a04821e6d51f45b72a10bdbd3bb7e49de069ccd2
SHA2563df4725778c0351e8472a0f8e18caf4fa9b95c98e4f2d160a26c3749f9869568
SHA51241b4bd84336785d4da13b5653183bf2a405b918afad3acd934f253d23b1e00460173e36b2d65a61f77ef2b942dba735655fc5b4ec561c375896f5a010e053d33
-
Filesize
80KB
MD56a7ec375af8ba2e87ff7f23497e9944e
SHA1791fb650e9e27e9857b332f534a0ade1eae28be7
SHA25665c68fd55281a0a4598807ea83531a0cb0e4e79a8c5bf38e9637e776f72c3514
SHA512c6fa4ac94692ddb8d60c8ab40aa33b17e9d0800c802ee5d3c7d6f0db24c507638743287a274d7ec62fe568b6aa1c69932d52e74a50040720a89138cb5c8be7aa
-
Filesize
1.1MB
MD502ba1c44b6392f013a7aa0b91314f45a
SHA1724c1977101ecae88e4f104a8422b64bfec01a98
SHA2567fbe59195f5f6f45c8b38b12488a169fdcb3a272004dbaf44c9d92a60a3690cb
SHA51256bed935b028257e6eb485c555002f3e07e86788452cca0e28786098cc9254a7462b777a7a46ae6594911a73d786a6d15dee248f05a4c33a1bc749be071bcc3d
-
Filesize
2KB
MD5e0eb53551aca2acff814ddd7aca212e2
SHA1ee825c865d5abf244d6165ee838735f1ba05bfcb
SHA25611993a03f68a33500a3ce8fbeb3e3c2042a28299d04f39eed40147709e76ca79
SHA512ddde3d274b2ea8da0d645f88bd6b340902dca83e599ba0c7249953a7c1f2dd512f764802134a6efa1f48ca6cae23b78881569228f908dd0746abe3c46e95a348
-
Filesize
1KB
MD51841aeb853c3aa8c01587b41eecd5850
SHA1c06a7c6fc3f9600713edbf38d74a92d5de33cbc1
SHA25638d142ef16074cb6cf58ee69ff015c6f7c9130aefaebb9b06f1349ab999407c5
SHA512a64fd34ccff45d453fcb50470eea6621c6c1dd6dbcd4efaa9b0a39264961bf39c7bc5025cd11d73b2a5050cd8be525614d9529d57814c743a121f02aec1088fa
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
4KB
-
Filesize
2.6MB
-
Filesize
4KB
-
Filesize
1.6MB
-
Filesize
1.6MB