Analysis
-
max time kernel
4s -
max time network
43s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
01-02-2024 23:02
General
-
Target
megafucked.bat
-
Size
304B
-
MD5
10a7c772a10a38861d29edc547e89baf
-
SHA1
78c4236fad8b3ec7fb30daa299026f367ab49d7c
-
SHA256
5ba794b1de35f21620e070af0ab24f67fc79201c101d8be3af8fb9b8a99864a0
-
SHA512
d447c307027cd9bb0ccd5681b36234464d326cfe51b26e7c9c044b7e1cab875569fb7805af2bd303ce587910f1e4e720d512de1d677feccfcd36f930f4fa2734
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions 1 TTPs 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 5 IoCs
-
Modifies Internet Explorer settings 1 TTPs 10 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 25 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\megafucked.bat"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\icacls.exeicacls C:\ /c /t /deny Admin:F2⤵
- Modifies file permissions
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff887859758,0x7ff887859768,0x7ff8878597783⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1896,i,14442618295660216396,1118855145271639063,131072 /prefetch:23⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1896,i,14442618295660216396,1118855145271639063,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1896,i,14442618295660216396,1118855145271639063,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1896,i,14442618295660216396,1118855145271639063,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1896,i,14442618295660216396,1118855145271639063,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4580 --field-trial-handle=1896,i,14442618295660216396,1118855145271639063,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3676 --field-trial-handle=1896,i,14442618295660216396,1118855145271639063,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1896,i,14442618295660216396,1118855145271639063,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4944 --field-trial-handle=1896,i,14442618295660216396,1118855145271639063,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5108 --field-trial-handle=1896,i,14442618295660216396,1118855145271639063,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1896,i,14442618295660216396,1118855145271639063,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1896,i,14442618295660216396,1118855145271639063,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5240 --field-trial-handle=1896,i,14442618295660216396,1118855145271639063,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1896,i,14442618295660216396,1118855145271639063,131072 /prefetch:83⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8875646f8,0x7ff887564708,0x7ff8875647183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,409315233327931508,11912351114779189999,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,409315233327931508,11912351114779189999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,409315233327931508,11912351114779189999,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2472 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,409315233327931508,11912351114779189999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,409315233327931508,11912351114779189999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,409315233327931508,11912351114779189999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,409315233327931508,11912351114779189999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,409315233327931508,11912351114779189999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,409315233327931508,11912351114779189999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:13⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4192 CREDAT:17410 /prefetch:23⤵
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4192 CREDAT:82948 /prefetch:23⤵
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"3⤵
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4968.0.462613861\2083675116" -parentBuildID 20221007134813 -prefsHandle 1796 -prefMapHandle 1788 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9a1fe88-9225-49ed-b2bc-636fb5c09be0} 4968 "\\.\pipe\gecko-crash-server-pipe.4968" 1888 24f3c1d2858 gpu4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4968.1.1150390727\270833053" -parentBuildID 20221007134813 -prefsHandle 2316 -prefMapHandle 2312 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a9f39b9-a198-42c0-949d-d97a7d43bdff} 4968 "\\.\pipe\gecko-crash-server-pipe.4968" 2328 24f3bd47358 socket4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4968.2.1897520705\722623433" -childID 1 -isForBrowser -prefsHandle 2900 -prefMapHandle 3244 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47502be7-572c-4f1b-be1d-08cd2059ae28} 4968 "\\.\pipe\gecko-crash-server-pipe.4968" 2912 24f3fa23058 tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4968.3.898976845\1918831969" -childID 2 -isForBrowser -prefsHandle 3504 -prefMapHandle 3500 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e8cdb4d-e0f3-44ef-95c7-72e7d72730d7} 4968 "\\.\pipe\gecko-crash-server-pipe.4968" 3516 24f3fbf0858 tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4968.4.810467281\1161051013" -childID 3 -isForBrowser -prefsHandle 3652 -prefMapHandle 3656 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41b95200-c3b0-4b3d-9daf-e7dbfc6d02cb} 4968 "\\.\pipe\gecko-crash-server-pipe.4968" 3640 24f3fbf0e58 tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4968.5.862747267\1568866176" -childID 4 -isForBrowser -prefsHandle 3844 -prefMapHandle 3848 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6075496-581f-4822-9cd9-5ddee789cb81} 4968 "\\.\pipe\gecko-crash-server-pipe.4968" 3836 24f3fbf3858 tab4⤵
-
-
-
-
C:\Windows\system32\userinit.exeuserinit2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE3⤵
- Modifies registry class
-
-
-
C:\Windows\explorer.exeexplorer2⤵
- Modifies registry class
-
-
C:\Windows\system32\icacls.exeicacls C:\ /c /t /deny Admin:F2⤵
- Modifies file permissions
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff887859758,0x7ff887859768,0x7ff8878597783⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1528,i,10552238229820266796,16902383227432703833,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1528,i,10552238229820266796,16902383227432703833,131072 /prefetch:23⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8875646f8,0x7ff887564708,0x7ff8875647183⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD588979a1699fde16b4c698f9cd10ee87e
SHA18a61fb3cde8d379bb8a461a7be8dc2e93b5ad2f4
SHA256d147732816cd1a5a493235680728ef3dd4fb9be1713d565f63d72c0cdbf1a898
SHA512fe0de028e0285c3dd5c4e37be64c6a5985ead36423345de1eeb6d3f5d961a3a811e14878e9d3c42de87744be3b5ed32d07a78e78ce5b0eca4edcb6d84333e3bd
-
Filesize
371B
MD528ffd7ad79c5e61570b5b0088c3665dc
SHA147337baea2b6d0c191d098e58eec93ae7cc767b1
SHA2562c5cbac864de3bdfc7667ec86eb20c186f438b4ce9ee1e4949aa2af8d5557069
SHA512f487609989dbee3eece163582d645c0b22bfa15c8b4644ac522ae521fbaf6c98b675d687b36a1fc2fb7b2eb8d942cb9e507287904c48893d688f4714769de7bb
-
Filesize
369B
MD54de17c456940c8b50eb28750eb4e202f
SHA15c5221a51c51cb6debc2ca5cf4179f044f761da5
SHA256bba1f68a402dc1a6e0cbcd38eb450c603cfb5367493fb2cb7d25c7999a54cefc
SHA51296920074c04941ee77ff964d524a61b6589176b37bd2fe09a775c62dfb87c880c218b4e24318b1456afbbfc3e07e1bd134217c3370f5440329a2224f8c70a2a3
-
Filesize
6KB
MD5d99fc873f036b74cefa6102d2f253948
SHA1aefd66fbf8d530b63a440bcb798504996bb11337
SHA2566d131cf432423ad355ba145f326e4431e03a921f8b2bcff194bd5a8ff7c158bb
SHA512b715de08cfd3c99e7113dedacf93d848c941c331013a3c294609e3a3ba70916db5570b618fed647bd704b589a0d8d9f86534d5faa398180288436b602091160f
-
Filesize
231KB
MD5b98080e56eabb58eba1fdf79fe7cc2a4
SHA13e695389a89f9e428d0a8936b59397bee346cc24
SHA256dcfb377459e8017cc83dd7dbc5c0f53548a913e14c7ce0c4eac17630870dae7b
SHA51231ebb1143c7d3b4c5b19ed5971b0e50fb764c8b88405b54fc576020a79ddd655a65565c877ba7e9c702414ca5b2beb2e2951681a8431407bd850253791eecf94
-
Filesize
231KB
MD54ffbd66f8c19730ffe06dbe4d95baad0
SHA168eec72a04442690d9ada25fe793b9df8a485a81
SHA2569cf708b23410c408b7fb45b72742d4744bd50df7f5dd86e075bf3ae0a466dc0e
SHA512e05c01bfa7a575829dfdeefa0ed603f4ebd7fb2d2d482a614406c36966a106657b3faedeabd8f96ced9656d3bc44c59ce95d7273a430ee738f08ad647329ab85
-
Filesize
114KB
MD5dac6d1d228fbc643f5268201c6abaa6d
SHA10f37a6aa966ac81ee50ab3fcdb80d660b2d9a726
SHA256ba5b698f0da6258f83f133467adfaf9ea2b92a53f6d0cb40ba795a4623d8ecc1
SHA51299ae58c80747888e92e1879881816dd30bfa611613e741fe6cd25491337cf2c128ed96eff995285d3720a9a2af183d7f158ebbf5989981c631559dfbda6c9c4b
-
Filesize
86B
MD5f732dbed9289177d15e236d0f8f2ddd3
SHA153f822af51b014bc3d4b575865d9c3ef0e4debde
SHA2562741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4
-
Filesize
152B
MD5011193d03a2492ca44f9a78bdfb8caa5
SHA171c9ead344657b55b635898851385b5de45c7604
SHA256d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0
SHA512239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD590821c891c7adf66da941f6533c8eb56
SHA155f3b287619ac1218663423d2c4e6fc313565d98
SHA256e1590f18cc5baf723407b05b1dd9e34e141d119e21f0d6ca2971e3a8fb597c63
SHA51281b8595e3e7612a00ca93a1e80e5303a591635a76d472d13a0a34fd1f3a98619ecf5a2f62b5b15563155a710f8086a0d563270063bddfc5ccc03a84830829555
-
Filesize
5KB
MD5be04786b7c2a141f6f686fd4f5e866b3
SHA186a335a32d0d888dc3b8c8811442fecc17d2231f
SHA256886aebfd8feecb67ba9adca470bf2096a18ddc2768fcd4c9f46b2b0a67ecb161
SHA512cc56a67ed669b9eaf10c6bab52f96466cdf887e716bf9fb409f5e0cbcc7bea2cffa1df57af6920c86c5cd330fa0ed758e1288d62b9fb0dc5fc4eb12c7b7581b1
-
Filesize
24KB
MD5f5b764fa779a5880b1fbe26496fe2448
SHA1aa46339e9208e7218fb66b15e62324eb1c0722e8
SHA25697de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d
SHA5125bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745
-
Filesize
10KB
MD5afa76012103aade9019a9f1a71599f62
SHA1f0ae076731c12cb50fa63d7f8eae7b79129ff347
SHA2563a4f35c1a4fa911e277791b82ba61dc14e9b8ac832861c4458be70edc8ab56c8
SHA51285ba43b55d8c1ccf89a35463cacef2f5a86e55feb9f0d8bac22e2c0b24f74038ca62566a2ac34a91b39027aa289f23eccf7f13f5ff06afd01f22fa13f30d291b
-
Filesize
271B
MD50fffcfda98dd692a538b540da4595ed4
SHA157d43f53218666ac32e433109a06d6956f24ee19
SHA256f2f6f35e2690dc9c884f5f62fb34862852886e958e56c0f3c46061215dc6e8a4
SHA5124efce7ac6c015dc343668b9e587219e574d7553a55542f3b2532cf74be71399ff04ecc236ea72fa255cd5f5c916926b1318b47b4fe1b35bf5a381a93f085512d