Overview
overview
10Static
static
3Nexol/Nexol.exe
windows7-x64
6Nexol/Nexol.exe
windows10-2004-x64
10Nexol/Quadv.dll
windows7-x64
1Nexol/Quadv.dll
windows10-2004-x64
1Nexol/Xheu.dll
windows7-x64
1Nexol/Xheu.dll
windows10-2004-x64
1Nexol/aah32.dll
windows7-x64
1Nexol/aah32.dll
windows10-2004-x64
1Nexol/inject.dll
windows7-x64
1Nexol/inject.dll
windows10-2004-x64
1Nexol/version.dll
windows7-x64
1Nexol/version.dll
windows10-2004-x64
1Nexol/x64/Vsg32.dll
windows7-x64
1Nexol/x64/Vsg32.dll
windows10-2004-x64
1Nexol/x64/cfg.dll
windows7-x64
1Nexol/x64/cfg.dll
windows10-2004-x64
1Nexol/x64/x32d9.dll
windows7-x64
1Nexol/x64/x32d9.dll
windows10-2004-x64
1Nexol/x64/x64d3.dll
windows7-x64
1Nexol/x64/x64d3.dll
windows10-2004-x64
1Analysis
-
max time kernel
50s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
29/01/2025, 19:48
Static task
static1
Behavioral task
behavioral1
Sample
Nexol/Nexol.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
Nexol/Nexol.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Nexol/Quadv.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
Nexol/Quadv.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Nexol/Xheu.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral6
Sample
Nexol/Xheu.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Nexol/aah32.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
Nexol/aah32.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Nexol/inject.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral10
Sample
Nexol/inject.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Nexol/version.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
Nexol/version.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Nexol/x64/Vsg32.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral14
Sample
Nexol/x64/Vsg32.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Nexol/x64/cfg.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral16
Sample
Nexol/x64/cfg.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Nexol/x64/x32d9.dll
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral18
Sample
Nexol/x64/x32d9.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Nexol/x64/x64d3.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
Nexol/x64/x64d3.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
Nexol/Nexol.exe
-
Size
473KB
-
MD5
e7bb20054b7d3e33dd82f82ddc2e8b11
-
SHA1
8a2cd79e07948d2ea624010d7c7fb78ad249de02
-
SHA256
5b11c5df562c17c5f60e79b429ca8ed21c919b2615dfe45571fda92f261375cd
-
SHA512
11f20888be8aa7c1410bad7fe85ab90df852b9e6b465c2f634b2bebc5fdcbb21c0caea7fc4bcfb16ec77a8abd804267354e5c52d52c1e506b12d5ea65c819a43
-
SSDEEP
12288:npryC8zCrxmLFBWwvC/5h4RrSxVd5B1YVKw:nprygmI/34RUXw
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\A: wmplayer.exe File opened (read-only) \??\J: wmplayer.exe File opened (read-only) \??\M: wmplayer.exe File opened (read-only) \??\O: wmplayer.exe File opened (read-only) \??\P: wmplayer.exe File opened (read-only) \??\V: wmplayer.exe File opened (read-only) \??\Y: wmplayer.exe File opened (read-only) \??\I: wmplayer.exe File opened (read-only) \??\L: wmplayer.exe File opened (read-only) \??\Q: wmplayer.exe File opened (read-only) \??\S: wmplayer.exe File opened (read-only) \??\T: wmplayer.exe File opened (read-only) \??\W: wmplayer.exe File opened (read-only) \??\B: wmplayer.exe File opened (read-only) \??\E: wmplayer.exe File opened (read-only) \??\X: wmplayer.exe File opened (read-only) \??\G: wmplayer.exe File opened (read-only) \??\H: wmplayer.exe File opened (read-only) \??\K: wmplayer.exe File opened (read-only) \??\N: wmplayer.exe File opened (read-only) \??\R: wmplayer.exe File opened (read-only) \??\U: wmplayer.exe File opened (read-only) \??\Z: wmplayer.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2776 2936 WerFault.exe 29 -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Nexol.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmplayer.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2436 chrome.exe 2436 chrome.exe -
Suspicious use of AdjustPrivilegeToken 48 IoCs
description pid Process Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe Token: SeShutdownPrivilege 2436 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe 2436 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2936 wrote to memory of 2776 2936 Nexol.exe 30 PID 2936 wrote to memory of 2776 2936 Nexol.exe 30 PID 2936 wrote to memory of 2776 2936 Nexol.exe 30 PID 2936 wrote to memory of 2776 2936 Nexol.exe 30 PID 2436 wrote to memory of 2204 2436 chrome.exe 35 PID 2436 wrote to memory of 2204 2436 chrome.exe 35 PID 2436 wrote to memory of 2204 2436 chrome.exe 35 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1044 2436 chrome.exe 37 PID 2436 wrote to memory of 1272 2436 chrome.exe 38 PID 2436 wrote to memory of 1272 2436 chrome.exe 38 PID 2436 wrote to memory of 1272 2436 chrome.exe 38 PID 2436 wrote to memory of 2768 2436 chrome.exe 39 PID 2436 wrote to memory of 2768 2436 chrome.exe 39 PID 2436 wrote to memory of 2768 2436 chrome.exe 39 PID 2436 wrote to memory of 2768 2436 chrome.exe 39 PID 2436 wrote to memory of 2768 2436 chrome.exe 39 PID 2436 wrote to memory of 2768 2436 chrome.exe 39 PID 2436 wrote to memory of 2768 2436 chrome.exe 39 PID 2436 wrote to memory of 2768 2436 chrome.exe 39 PID 2436 wrote to memory of 2768 2436 chrome.exe 39 PID 2436 wrote to memory of 2768 2436 chrome.exe 39 PID 2436 wrote to memory of 2768 2436 chrome.exe 39 PID 2436 wrote to memory of 2768 2436 chrome.exe 39 PID 2436 wrote to memory of 2768 2436 chrome.exe 39 PID 2436 wrote to memory of 2768 2436 chrome.exe 39 PID 2436 wrote to memory of 2768 2436 chrome.exe 39
Processes
-
C:\Users\Admin\AppData\Local\Temp\Nexol\Nexol.exe"C:\Users\Admin\AppData\Local\Temp\Nexol\Nexol.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2936 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 1162⤵
- Program crash
PID:2776
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2708
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2436 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5e19758,0x7fef5e19768,0x7fef5e197782⤵PID:2204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1372,i,16170081581853217300,1055981231458832011,131072 /prefetch:22⤵PID:1044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1372,i,16170081581853217300,1055981231458832011,131072 /prefetch:82⤵PID:1272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1372,i,16170081581853217300,1055981231458832011,131072 /prefetch:82⤵PID:2768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1372,i,16170081581853217300,1055981231458832011,131072 /prefetch:12⤵PID:2252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1372,i,16170081581853217300,1055981231458832011,131072 /prefetch:12⤵PID:2268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1536 --field-trial-handle=1372,i,16170081581853217300,1055981231458832011,131072 /prefetch:22⤵PID:2492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3088 --field-trial-handle=1372,i,16170081581853217300,1055981231458832011,131072 /prefetch:12⤵PID:2292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 --field-trial-handle=1372,i,16170081581853217300,1055981231458832011,131072 /prefetch:82⤵PID:1688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3736 --field-trial-handle=1372,i,16170081581853217300,1055981231458832011,131072 /prefetch:12⤵PID:3008
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2964
-
C:\Program Files (x86)\Windows Media Player\wmplayer.exe"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:11⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:464
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
214KB
MD5ba958dfa97ba4abe328dce19c50cd19c
SHA1122405a9536dd824adcc446c3f0f3a971c94f1b1
SHA2563124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607
SHA512aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
363B
MD5c1633a7add5e5f96765a73ffa527c992
SHA10fcb86017fa843a2e0d462723772109dba2beebf
SHA2567fdd0462490929061d50fab8da4a85151ee5e54d6fb9e47ecab4d2eccb232d36
SHA512722a2f346c1f6c4a0e46e7adfe6dc178698763627051b324bb6f75ddf74c082cb94486a9deadccc7d7ae5f3e573d40eda2ef025dd6641fe0558c84c7c51a70b4
-
Filesize
5KB
MD524d601dc593f27ce394e8c5cdd4d9e6e
SHA1b8a4c23f7bb5532191f1b30026458fd2c38dd8a4
SHA256a6ffbbde6cb4aadcd33a5a1a5c5422ad077777eeafa7a19e661232d37349a23d
SHA512b0832d7d133b1d1baf4f7e94c3c85ddfee7bbeec9838656dd38d406ae1f667a113a275f705d59eb42e673eefb3005d65d643cfa71cef6a0067f9675ad4ffad6e
-
Filesize
6KB
MD5cf1cae5778746a36e0e0e4e2dac8a741
SHA11a3adcf5a2039c4603004e67f7b1b4ecbede1892
SHA256c9f4ee44d97736e5767ce7a1bae472db6d83ef0dd8dca2b9065b88dacd95c745
SHA5121d2ce0d1c99311c908909972cde3960557fa16992e32362aa344b7eaaf3d0ed509916af771504ead5cc53d590cf36bf5aa492eb18e9c17913e8c036d162cc48b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms~RFf76eb39.TMP
Filesize1KB
MD5a1fc5cca4dcf4fac24871aa255c98366
SHA152c602e2fb691920b0129bef538e15d01d9224fb
SHA256e8be2836e0cf7a423e65f29819b0bb63d715b872736dd514ae836d45d41e39fa
SHA51267293e1bb22a7512311b08ada261c70395169ce3a00499663f522cbeea1521d498ee27c16d51b063ea6760fb97b6983d9fdd4510115e6fa3dc2f1922738c0c0e