Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
14/07/2024, 14:46
240714-r5ksyaxbqh 814/07/2024, 14:43
240714-r3y8jsvckq 814/07/2024, 14:37
240714-rznmmswhra 7Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
14/07/2024, 14:43
General
-
Target
https://ify.ac/1Ic5
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 25 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
-
Suspicious use of FindShellTrayWindow 43 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ify.ac/1Ic51⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaed8a46f8,0x7ffaed8a4708,0x7ffaed8a47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3632 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7132 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11726321321333308803,2717622453269578193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Desktop\setup_mEH7ebFdwZ.exe"C:\Users\Admin\Desktop\setup_mEH7ebFdwZ.exe"1⤵
-
C:\Users\Admin\AppData\Local\Temp\is-QI40U.tmp\setup_mEH7ebFdwZ.tmp"C:\Users\Admin\AppData\Local\Temp\is-QI40U.tmp\setup_mEH7ebFdwZ.tmp" /SL5="$E0276,5849669,56832,C:\Users\Admin\Desktop\setup_mEH7ebFdwZ.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /Delete /F /TN "cd_2_mp3-converter_7142"3⤵
-
-
C:\Users\Admin\AppData\Local\CD To MP3 Converter\cd2mp3converter32.exe"C:\Users\Admin\AppData\Local\CD To MP3 Converter\cd2mp3converter32.exe" 1759819519bc7de99fe09eb3d8ba567e3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 8844⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 8924⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 9564⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 10804⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 11204⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 11204⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 11044⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 11684⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 11164⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 9964⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 13284⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 15044⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 17244⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 9084⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 17324⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 19444⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 21004⤵
- Program crash
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/bboobies4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffaed8a46f8,0x7ffaed8a4708,0x7ffaed8a47185⤵
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 18364⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 21484⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 18284⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 18684⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 18884⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 17844⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 19164⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 20324⤵
- Program crash
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 2300 -ip 23001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 2300 -ip 23001⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.9MB
MD50fe58677998932ece058f23fdf28dae7
SHA16d0f9640026143a5d128eb021361ca163ce5c3f3
SHA2566071e75c7cce7ec1900d93ff08a1e3103bc5f42a72e7dc04fe8cb055d2b71cb1
SHA5125bed3f6678a54ab1933f24c45eac6c00187f4dc65553d5e04614a448c1c35631057037029d712db2aac2c2b280e96cc491a5e4afd9512311aceb9df0e110b831
-
Filesize
152B
MD5584971c8ba88c824fd51a05dddb45a98
SHA1b7c9489b4427652a9cdd754d1c1b6ac4034be421
SHA256e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307
SHA5125dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726
-
Filesize
152B
MD5b28ef7d9f6d74f055cc49876767c886c
SHA1d6b3267f36c340979f8fc3e012fdd02c468740bf
SHA256fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37
SHA512491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75
-
Filesize
211KB
MD5151fb811968eaf8efb840908b89dc9d4
SHA17ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA51283aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674
-
Filesize
312B
MD5389c52f0bf367691a57c433d6d500bd0
SHA13d5acd869cd6fdf156fac5d94f74194d5045c039
SHA256e21e95ecda15bbe75e087eb79ace925b2edcf1c2b46335f2371acf638398f6d8
SHA51211afea56688eb5dd86f3843edea4a6384323c762469a51f6fdf5860dfab4a7fd87bd95e07caf27eab8c5c4a11057cf66d7399fbca9f864576944446d89e80020
-
Filesize
216B
MD5a673c51faceedcad610a3209e2d29953
SHA1c5dcfabf0559fdfa3b3f8784d4e3444391d565a6
SHA256c213d1532549466679dc89323b7af97be30246f813e87c4b270cf88b1a8fa9ad
SHA512e91ca4d3e08115bda17c2167ff1796f9bf1cc02040df7abb7e79db9d737b41bce435216352c084564f1a066658ed358ac45271c7788c0f3685e4776b61d6b245
-
Filesize
384B
MD5e4b24b348efd126500ed92509362771a
SHA12d14abd974dd981b22ab63410b61b35fc0eb14ce
SHA256e08a5c737679ec833bf347a5baaf32e4ea4abb60ffea64635a83c51bbf411871
SHA51255d44b2ded9f265c9a285b882e6a1635a97ee3cf18aff9dc02e16142d45c4222cae3fe10bedd204e2617d3c38b32f76d581ef38b45d7a5f32a015132bfaea7d0
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
2KB
MD59599ff3d7a6e515333dd12ad1e588489
SHA146272416e33ac9239070f8cf95721d257a5f77f9
SHA256f94a601ae0e4da1dfb5a1b317d8fa187ed3a36c9064254000d33afd764e4c4c1
SHA512606d4686625810b2871b91bfdb8e05f73b1ca3d1b50f3c5e7ec4544c6ff045478225333077279d08c557f3e0277a930539d1c18e69245f0bae6d28ad5920be91
-
Filesize
2KB
MD5239d1c9e5e64e63059841c69489a19d4
SHA1f3190217a015d9715e1a6c4afab0a8fd5d6a0760
SHA2562051a66920e81d03e07bc7b2188d882c76312932e1923d140004ff1647eba0a6
SHA5122ecc7edfb8bb8d3ef1f44863374ae0cadeffdf0be0c0ada6bf891a1823b010955a70ea095e185682e1839fa9f237330539bbb181fdcddd9d926c91f4c92f3aae
-
Filesize
6KB
MD58572c2e558f9ea6d6823d2eaa75265c0
SHA1760b8666470ea81cdbb3aafa31bd001a7514520f
SHA256a9029dfb3b18cb64307f85b3a65f4ead9031834d925cf5b9321647140ed01903
SHA512413b4b5cb0b26a5192f964b6de81deee44336d4841b56abc43c3b52930e4e59690ac4a7b3cdccebde1ce38baca14c37ad7b213c208cba5a6cb03f2385a2606bb
-
Filesize
7KB
MD5c4348e3e4bb08fa16672893c6ec3f5c7
SHA15dcfa70d76d6c7d20cf7c3bbf6862113293ca39e
SHA2563cb797ad2cb5d6e397b99b5617fa352398cad2c4eebe94bcac793ae049c0bc8d
SHA5129f33f1bcc979e2d6e7cc6d0a665f62beb911e31e4c9a9712edb60966ce2d4c2b2b4aab392298ecfbbf3ec5b5a9fb064a33349371acee20c16431b5c429f1d8c3
-
Filesize
7KB
MD53a7a15ddd679eb989cdccb1db546573a
SHA193a030ded21724ba79ed3e789486da425e7ecf74
SHA256a54692489915799e96305df6ed10a0110e8c40dc0b39d06c877e39f77d94c8ea
SHA51283183dc142079158179b703e0a165174b0f0926e63cbc1858c91b5a5a04ac55fe5e8b8b069b5df5da0c1c72f8cbe7438321373ddc9d56e2040acaa8a7cc37855
-
Filesize
7KB
MD5373603f470068173fc4793af88449dca
SHA1f77fe506add20a4545efee1bc725bfcee7212ab9
SHA25608e6db43215fc09ac90973b1dd912d5bc4a8023874317a2b48a5545d0db0f3a3
SHA5123b4946896d528dcb06a1b51452fded756dae1b681018afe6a963dbb397f34e10fb0a3207363f5be569621d61c69d5f21f0b14628dcd61c0ae9aad5f23c04ee11
-
Filesize
7KB
MD565b8356f80eb4794d8482f2fa24b6e3f
SHA135de7dc337a5984138a4f3554510b0d8ef6644b2
SHA256368b613b2ba7414906156dbef387e1eb64a24792637b8f28f250e9b6066eb43a
SHA51293e6c3f056e34748e8d90b83a7b51ba42a151236722a00fcc5bee0343d3e410c5d03ac058c79b80be80d1f1e2381567e567f7e09eb90fdfb49a15df123769b6b
-
Filesize
7KB
MD5e399e668beb3dcfe0d16b9d99cfff01b
SHA191dcac5c497a809e6bec63c194d79ff8513ef3bf
SHA2568dfc8630872473236be12d3ab41e3f7c635df0d58375b9bb6a5769a570e8c80c
SHA512ca170946dc1e6da8041db78f4dd689119c2d78c0754f614bca6ed7d664a53147a1135c98a951709f78d8c4752b9eeec3278ca4bbc3163acc025b9f8e5cc24e7b
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
72B
MD5d7e9bc912191782635cf8082c228ff00
SHA1a05c055f283479734c9742ea8b1ee7388a4b7b11
SHA256fdbfd7a631f159e2b6a35a01a40ad230b594d0d6d86f4cc9380464732a29a6c6
SHA512e47acf9a5dc0232c5acb15b534b7edd1ac48834cf0e877971e0fc87794aa4ee8871e1cf60434601eeda8bb37a0c9a239616f8881021f19604bf7685049430b86
-
Filesize
48B
MD5d0f2bb3a393bf223119ede412c2d9fa0
SHA1b8c328349db8bdc80271c2ffac1d72e347b47a99
SHA2565e62e3363ef3cad7bfeb18bdb3bd6177b1bb55dcf84c3e65ea6b78009a606643
SHA5129d9e63b69a12121753977d1b3352998ca2f2f0119ecfa5e5165df71cf1a2a3d5b1b8b05f67e3b11e24522b85d22cc362a1c78df3c0cd8d8ccf60364002df07b3
-
Filesize
1KB
MD5b63a361f23d19e674de91d893ce0408d
SHA1f0bb543eb4e5dc046ae63915259e690cae4df211
SHA256e30bdf1281793f90623fe1270c822ce8c81571f040066a57ab60d6edd343a6bf
SHA512bc5034417bb88dea0fec0690e25e806c0cb9adbc6abd97cf3efb3e96ffe2f0ae519bb46a281b454c79ee1116efe88794fd35489f97d40e026e550f03f7f482b7
-
Filesize
1KB
MD5fe0c926011702e764c00b3856cc6ea4d
SHA11c414b7d914f1281178b1ca953e8941764185954
SHA256764ffb3565e559ac2d275086c5097e3251f62dff729b90d2dfcb5675ae9a856f
SHA512de897cfa716cae25fc2130d94a63f62bee6f57719befa79e2658a17e15702a1e127a7fc23423a0efd57d8a02cd02a2652ed9cc712ea1c44c8852928b3e2956b2
-
Filesize
540B
MD5c2b13bcfd38930421bba3187385dc68d
SHA1707f8278b4fca253fdfdefa3141743a23e4bb07e
SHA256623ee18b5d7455b3259697357a5290abae03fa8087555ee520fa5f9a1cfadf2b
SHA512676093c66d185837c6af582aa3441dd1ef2c4cc95cbf6c99964db8e6ce9f8052b4afeb53d5b63975b831fc8bd8ad719940d75febb0fd23d76eaad1b1bee2670d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD559b97f31ccbe4ce96f88d1d279689e9a
SHA1e648ff5e8aa3c820040a253e51eee8281b99b2cf
SHA256c968958171b4ea4142b384439b7f4179cabd2daa3ae01b00af6556f1417401b6
SHA512f3c6fcb5e50b6d0646eb73e74548f75470ee1324798643714433308b99f4ac461cde822c31d7731df61d678c82c254619091ba71b9dfc1b8876f31afeb3015f2
-
Filesize
12KB
MD5af71538da011a0ad4860342ea5032808
SHA11425d1f81b5f58b24404a3710cb1a32236f054c1
SHA2564422e12415e130259b999fbb8ac3bacc665b1ccf27aad1adb908c280a57dbde3
SHA5121e63c9324ce489434fda23a7b629052f222dd21084c48846cfd7d5f3d9fab0b602f669c8a1e266897095a260af655026023d7fad7e6e69bd7d577253648c3a9d
-
Filesize
2KB
MD5a69559718ab506675e907fe49deb71e9
SHA1bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA2562f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63
-
Filesize
694KB
MD5e1c26c323dd52cd731320cafc0d2bd89
SHA16d4b246cf638917954050b0b54af8912fc8458a2
SHA2562b59a5d1e0719242d3049602b0be47f55460f256991b35c130bc2ad7563d435b
SHA512b61122c6c73c03af13bf016d3ef98ef51f2e26f99285cb6cb6d23bb24288b5978275bbf8d5d0620e1e79dda0dc1a852599de79dfb1f0a79b960083118a311943
-
Filesize
5.8MB
MD57df8c70f29690a24559f0e1129c172f4
SHA13e5f90a4f543c2ed3f6f6dc2dbbf63bce57876fd
SHA2563c80016889913bb4727280d8deb7287b50837a2aff6815dfc7aef4c4e0831fce
SHA5123b19a37e3627b97172239092a48c055f6ca1a0cc6b401546083dc1a0a2b9e4aae4f49ec46a141fa70871d3c24b7ef229730cc08fd1847c190f3436006f63ae2f
-
Filesize
8.9MB
-
Filesize
8.9MB
-
Filesize
80KB